PDA

View Full Version : Logfile of HijackThis v1.99.1



matthujun
2006-11-08, 00:02
Hello , I'm back for the second time.. and I surely have messed up my comp realy bad =( I must say it was very stupid of me to try to open up a file that I should not have trusted, but I did. Please help,, I have some major memmory issues with these malware and I need to get rid of them asap. I have faith in you people =)

Here is my hjt log.

Logfile of HijackThis v1.99.1
Scan saved at 오후 4:58:23, on 2006-11-07
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ishost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\issearch.exe
C:\WINDOWS\system32\isnotify.exe
C:\WINDOWS\system32\ismini.exe
C:\Program Files\Cash-Back\cashback.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SPACE INTERNATIONAL\CDSpace 5\LCDPlyer.exe
C:\WINDOWS\system32\conime.exe
C:\WINDOWS\Integrator.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\hjt\HijackThis.exe

R3 - URLSearchHook: UrlSH Class - {00FE252A-86E6-47EB-9684-80E04CECBB76} - C:\Program Files\Cash-Back\csbkhm2.dll
O4 - HKLM\..\Run: [messenger.exe] c:\windows\messenger.exe
O4 - HKLM\..\Run: [cash-back] C:\Program Files\Cash-Back\cashback.exe
O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvhum.dll,startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Cdoa] "C:\PROGRA~1\Аdobe\regedit.exe" -vt yazb
O4 - HKCU\..\Run: [Tzgspz] C:\Program Files\М?crosoft.NET\eхplorer.exe
O4 - HKCU\..\Run: [o8pfJzFj] C:\WINDOWS\system32\o8pfJzFj.exe /WS
O4 - Startup: Hare.lnk = C:\Program Files\Dachshund Software\Hare\Hare.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: LCDPlayer.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: 플래쉬겟으로 모두 받기 - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: 플래쉬겟으로 받기 - C:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Good\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00001023-A15C-11D4-97A4-0050BF0FBE67} (NetmarbleStarter23 Class) - http://download.netmarble.com/web/nmstarter/NMStarter23.cab
O16 - DPF: {072039AB-2117-4ED5-A85F-9B9EB903E021} (NowStarter Control) - http://www.clubbox.co.kr/neo.fld/NowStarter.cab
O16 - DPF: {0AE0F5F9-8233-49A4-A3C8-004CE190787B} (BMSpeedCheck Control) -
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {27E4B2A9-D554-40DE-B6CD-F11E9B44FBD0} (SimFileControl Control) - http://simfile.chol.com/down/SimFileControl.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {2931566C-B8A6-46C5-BF4D-E6AB9251E953} (Nexon Package Manager Control) - http://file.nx.com/activex/public_new/nxpm.cab
O16 - DPF: {340CCF52-D65F-4A11-80B3-13DC23697B59} (BugsInstall Control) - http://player.bugs.co.kr/install/BugsInstall.cab
O16 - DPF: {43C5B905-62A9-454E-BD73-4E68ECFF52F4} (SayClub Image Upload Control) - http://dl.sayclub.com/sayclub/sayctl/imgpack.cab
O16 - DPF: {68253470-5D4F-4CDF-8D9C-353C14A2F013} (SVPorsche Control) - http://imgcdn.pandora.tv/pan_img/liveupdate/SVPorsche.cab
O16 - DPF: {6A2E758A-028B-46BB-A11D-0608AB5A4ED3} (DaumBGMCtrl Class) - http://listen.daum.net/52st/bgmplayer/Daum52stBGMPlayer.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {92E82FBB-DA00-41E0-ABFE-95482E21A4F6} (NMTransX Module) - http://download.netmarble.com/NMChatX/NMTransX.cab
O16 - DPF: {938527D1-CDB7-4147-998A-B20FCA5CC976} (Cdmcco Class) - http://cafeimg.hanmail.net/cab9_1/dmcc2.cab?Version=1,0,0,10
O16 - DPF: {9BED3AC7-E6D4-43E7-B8A1-1FA502F639E1} (XTools Control) - http://player.bugs.co.kr/install/XTools.cab
O16 - DPF: {9BF607E0-4CC1-4099-9A07-362C9E4FB090} (WStarter Control) - http://live.pdbox.co.kr:8057/WStarter.cab
O16 - DPF: {9C33ABEA-52B6-4895-85B0-E3BAB337EE3E} (Pull0PlayerX Control) - http://pullshot.pullbbang.com/images/Pull0Player.ocx
O16 - DPF: {A977FF0C-8757-4E76-8533-482F91946233} (Neowiz Login Control) - http://dl.sayclub.com/sayclub/sayctl/sayax.cab
O16 - DPF: {AB4ADC0F-2B4B-4B08-8B5C-CA4D6188A180} (P3Xfer Loader Class) - http://package.hyosungcdn.com/download/p3xset.cab
O16 - DPF: {AF11AA64-87A5-4146-AF3B-A7BD0F278485} (SBStarter Control) - http://download.soribada.com/down/Soribada/Setup/20060830/SBStart.CAB
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B9B38E70-EEF6-4E3A-AE84-DDE59A053B7C} (Daum ActiveX manager Class) - http://cafeimg.hanmail.net/cto/xman.cab?ver=1,2,2,0
O16 - DPF: {CA2F6781-BB01-4D6B-B2CB-6E6C06A004D2} (SystemInfo Class) - http://news.timentales.com/Activex/ClientSystemInfo.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: archenteric - {d7bdd42a-7e69-4bb8-aac3-d76ff65a3aa3} - C:\WINDOWS\system32\impgsje.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe

Thanks for all the help and support.

teacup61
2006-11-08, 01:55
Hello matthujun,

Welcome back to Safer Networking Forums :)

You should print out these instructions, or copy them to a Notepad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

Please download SmitfraudFix (http://siri.urz.free.fr/Fix/SmitfraudFix.zip) (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.

Please reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, a menu with options should appear;
Select the first option, to run Windows in Safe Mode, then press "Enter".
Choose your usual account.
Once in Safe Mode, open the SmitfraudFix folder again and double-click smitfraudfix.cmd
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart anyway into normal Windows. A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply.
The report can also be found at the root of the system drive, usually at C:\rapport.txt

1. Download this file - combofix.exe (http://download.bleepingcomputer.com/sUBs/combofix.exe)
2. Double click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply please, along with a new HijackThis log.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall.

Thanks,
tea

matthujun
2006-11-08, 02:50
I have cleaned up the things as you told me so,,, but i'm not sure i did it right.. please bear with me

anyways here's the things you've wanted

Logfile of HijackThis v1.99.1
Scan saved at 7:48:01 PM, on 11/7/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Cash-Back\cashback.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SPACE INTERNATIONAL\CDSpace 5\LCDPlyer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\hjt\HijackThis.exe

R3 - URLSearchHook: UrlSH Class - {00FE252A-86E6-47EB-9684-80E04CECBB76} - C:\Program Files\Cash-Back\csbkhm2.dll
O4 - HKLM\..\Run: [messenger.exe] c:\windows\messenger.exe
O4 - HKLM\..\Run: [cash-back] C:\Program Files\Cash-Back\cashback.exe
O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvhum.dll,startup
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: LCDPlayer.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Good\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00001023-A15C-11D4-97A4-0050BF0FBE67} (NetmarbleStarter23 Class) - http://download.netmarble.com/web/nmstarter/NMStarter23.cab
O16 - DPF: {072039AB-2117-4ED5-A85F-9B9EB903E021} (NowStarter Control) - http://www.clubbox.co.kr/neo.fld/NowStarter.cab
O16 - DPF: {0AE0F5F9-8233-49A4-A3C8-004CE190787B} (BMSpeedCheck Control) -
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {27E4B2A9-D554-40DE-B6CD-F11E9B44FBD0} (SimFileControl Control) - http://simfile.chol.com/down/SimFileControl.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {2931566C-B8A6-46C5-BF4D-E6AB9251E953} (Nexon Package Manager Control) - http://file.nx.com/activex/public_new/nxpm.cab
O16 - DPF: {340CCF52-D65F-4A11-80B3-13DC23697B59} (BugsInstall Control) - http://player.bugs.co.kr/install/BugsInstall.cab
O16 - DPF: {43C5B905-62A9-454E-BD73-4E68ECFF52F4} (SayClub Image Upload Control) - http://dl.sayclub.com/sayclub/sayctl/imgpack.cab
O16 - DPF: {68253470-5D4F-4CDF-8D9C-353C14A2F013} (SVPorsche Control) - http://imgcdn.pandora.tv/pan_img/liveupdate/SVPorsche.cab
O16 - DPF: {6A2E758A-028B-46BB-A11D-0608AB5A4ED3} (DaumBGMCtrl Class) - http://listen.daum.net/52st/bgmplayer/Daum52stBGMPlayer.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {92E82FBB-DA00-41E0-ABFE-95482E21A4F6} (NMTransX Module) - http://download.netmarble.com/NMChatX/NMTransX.cab
O16 - DPF: {938527D1-CDB7-4147-998A-B20FCA5CC976} (Cdmcco Class) - http://cafeimg.hanmail.net/cab9_1/dmcc2.cab?Version=1,0,0,10
O16 - DPF: {9BED3AC7-E6D4-43E7-B8A1-1FA502F639E1} (XTools Control) - http://player.bugs.co.kr/install/XTools.cab
O16 - DPF: {9BF607E0-4CC1-4099-9A07-362C9E4FB090} (WStarter Control) - http://live.pdbox.co.kr:8057/WStarter.cab
O16 - DPF: {9C33ABEA-52B6-4895-85B0-E3BAB337EE3E} (Pull0PlayerX Control) - http://pullshot.pullbbang.com/images/Pull0Player.ocx
O16 - DPF: {A977FF0C-8757-4E76-8533-482F91946233} (Neowiz Login Control) - http://dl.sayclub.com/sayclub/sayctl/sayax.cab
O16 - DPF: {AB4ADC0F-2B4B-4B08-8B5C-CA4D6188A180} (P3Xfer Loader Class) - http://package.hyosungcdn.com/download/p3xset.cab
O16 - DPF: {AF11AA64-87A5-4146-AF3B-A7BD0F278485} (SBStarter Control) - http://download.soribada.com/down/Soribada/Setup/20060830/SBStart.CAB
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B9B38E70-EEF6-4E3A-AE84-DDE59A053B7C} (Daum ActiveX manager Class) - http://cafeimg.hanmail.net/cto/xman.cab?ver=1,2,2,0
O16 - DPF: {CA2F6781-BB01-4D6B-B2CB-6E6C06A004D2} (SystemInfo Class) - http://news.timentales.com/Activex/ClientSystemInfo.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe

and attached ared the logfiles of the combofix and smit
Thanks alot.

teacup61
2006-11-08, 21:41
Hello,

You ran option#1 with SmitfraudFix. We needed to run option #2 :)

Please reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, a menu with options should appear;
Select the first option, to run Windows in Safe Mode, then press "Enter".
Choose your usual account.
Once in Safe Mode, open the SmitfraudFix folder again and double-click smitfraudfix.cmd
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart anyway into normal Windows. A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply along with a new HijackThis log.
The report can also be found at the root of the system drive, usually at C:\rapport.txt

Most probably you are dealing with the latest version of Vundo, which targets HijackThis so HijackThis doesn't show its related entries in a log.
Please navigate to your HijackThis folder. Rename your hijackthis.exe to analyse.exe
Reboot.

Please download VundoFix.exe (http://www.atribune.org/ccount/click.php?id=4) to your desktop. Double-click VundoFix.exe to run it. Click the Scan for Vundo button. Once it's done scanning, click the Remove Vundo button. You will receive a prompt asking if you want to remove the files, click YES Once you click yes, your desktop will go blank as it starts removing Vundo. When completed, it will prompt that it will reboot your computer, click OK. Please post the contents of C:\vundofix.txt and a new HiJackThis log.

Thanks,
tea

matthujun
2006-11-09, 05:19
done and done. However when I did the smit scan i was never prompted anything, andi'm sure this time i did the right option. But here is my logs

Logfile of HijackThis v1.99.1
Scan saved at 오후 10:14:06, on 2006-11-08
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\MsgSys.EXE
C:\Program Files\Cash-Back\cashback.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SPACE INTERNATIONAL\CDSpace 5\LCDPlyer.exe
C:\WINDOWS\system32\conime.exe
C:\WINDOWS\Integrator.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\svchost.exe
C:\sUBs\ComboFix.exe
C:\WINDOWS\system32\cmd.exe
C:\hjt\analyse.exe

R3 - URLSearchHook: UrlSH Class - {00FE252A-86E6-47EB-9684-80E04CECBB76} - C:\Program Files\Cash-Back\csbkhm2.dll
O2 - BHO: Ecbso Class - {031AE275-656A-407D-B6E0-6D08E78DE258} - C:\Program Files\Cash-Back\csbkhm2.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {39f25b12-74ff-4079-a51f-1d70f5b08b84} - C:\WINDOWS\system32\ixt2.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5BCC7EB7-BD76-C6A8-7F55-B9CE6FCBBCB6} - C:\WINDOWS\system32\ieifez.dll
O2 - BHO: (no name) - {73F1A7A4-D0E3-4E7F-876E-5E3FEB84CF6D} - C:\WINDOWS\system32\pmnlj.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: (no name) - {F18F04B0-9CF1-4b93-B004-77A288BEE28B} - C:\WINDOWS\system32\ovwfoqqa.dll
O2 - BHO: Ecbso2 Class - {FF0CDE9B-B3E6-4B89-987F-2816C7A81F1C} - C:\Program Files\Cash-Back\csbkhm2.dll
O4 - HKLM\..\Run: [messenger.exe] c:\windows\messenger.exe
O4 - HKLM\..\Run: [cash-back] C:\Program Files\Cash-Back\cashback.exe
O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvhum.dll,startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Cdoa] "C:\PROGRA~1\Аdobe\regedit.exe" -vt yazb
O4 - HKCU\..\Run: [Tzgspz] C:\Program Files\М?crosoft.NET\eхplorer.exe
O4 - HKCU\..\Run: [K0raFoGa] C:\WINDOWS\system32\K0raFoGa.exe /WS
O4 - Startup: Hare.lnk = C:\Program Files\Dachshund Software\Hare\Hare.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: LCDPlayer.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: 플래쉬겟으로 모두 받기 - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: 플래쉬겟으로 받기 - C:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Good\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00001023-A15C-11D4-97A4-0050BF0FBE67} (NetmarbleStarter23 Class) - http://download.netmarble.com/web/nmstarter/NMStarter23.cab
O16 - DPF: {072039AB-2117-4ED5-A85F-9B9EB903E021} (NowStarter Control) - http://www.clubbox.co.kr/neo.fld/NowStarter.cab
O16 - DPF: {0AE0F5F9-8233-49A4-A3C8-004CE190787B} (BMSpeedCheck Control) -
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {27E4B2A9-D554-40DE-B6CD-F11E9B44FBD0} (SimFileControl Control) - http://simfile.chol.com/down/SimFileControl.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {2931566C-B8A6-46C5-BF4D-E6AB9251E953} (Nexon Package Manager Control) - http://file.nx.com/activex/public_new/nxpm.cab
O16 - DPF: {340CCF52-D65F-4A11-80B3-13DC23697B59} (BugsInstall Control) - http://player.bugs.co.kr/install/BugsInstall.cab
O16 - DPF: {43C5B905-62A9-454E-BD73-4E68ECFF52F4} (SayClub Image Upload Control) - http://dl.sayclub.com/sayclub/sayctl/imgpack.cab
O16 - DPF: {68253470-5D4F-4CDF-8D9C-353C14A2F013} (SVPorsche Control) - http://imgcdn.pandora.tv/pan_img/liveupdate/SVPorsche.cab
O16 - DPF: {6A2E758A-028B-46BB-A11D-0608AB5A4ED3} (DaumBGMCtrl Class) - http://listen.daum.net/52st/bgmplayer/Daum52stBGMPlayer.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {92E82FBB-DA00-41E0-ABFE-95482E21A4F6} (NMTransX Module) - http://download.netmarble.com/NMChatX/NMTransX.cab
O16 - DPF: {938527D1-CDB7-4147-998A-B20FCA5CC976} (Cdmcco Class) - http://cafeimg.hanmail.net/cab9_1/dmcc2.cab?Version=1,0,0,10
O16 - DPF: {9BED3AC7-E6D4-43E7-B8A1-1FA502F639E1} (XTools Control) - http://player.bugs.co.kr/install/XTools.cab
O16 - DPF: {9BF607E0-4CC1-4099-9A07-362C9E4FB090} (WStarter Control) - http://live.pdbox.co.kr:8057/WStarter.cab
O16 - DPF: {9C33ABEA-52B6-4895-85B0-E3BAB337EE3E} (Pull0PlayerX Control) - http://pullshot.pullbbang.com/images/Pull0Player.ocx
O16 - DPF: {A977FF0C-8757-4E76-8533-482F91946233} (Neowiz Login Control) - http://dl.sayclub.com/sayclub/sayctl/sayax.cab
O16 - DPF: {AB4ADC0F-2B4B-4B08-8B5C-CA4D6188A180} (P3Xfer Loader Class) - http://package.hyosungcdn.com/download/p3xset.cab
O16 - DPF: {AF11AA64-87A5-4146-AF3B-A7BD0F278485} (SBStarter Control) - http://download.soribada.com/down/Soribada/Setup/20060830/SBStart.CAB
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B9B38E70-EEF6-4E3A-AE84-DDE59A053B7C} (Daum ActiveX manager Class) - http://cafeimg.hanmail.net/cto/xman.cab?ver=1,2,2,0
O16 - DPF: {CA2F6781-BB01-4D6B-B2CB-6E6C06A004D2} (SystemInfo Class) - http://news.timentales.com/Activex/ClientSystemInfo.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe

Thanks for the patience and help

teacup61
2006-11-09, 17:44
Hello,

Let's try this one :

Download roguescanfix_setup (http://users.telenet.be/Beamerke/tools/roguescanfix_setup.exe).

Doubleclick roguescanfix_setup to install it.

After the installation, you will be prompted if you would like to run roguescanfix now. Click "YES" to start the tool.

When you start roguescanfix.bat you'll see a menu:
1. Run Roguescanfix
2. Run sharedtasksrem

Choose option 1 by typing "1".

Note: This tool needs internet connection because it downloads an additional file to let the tool work properly.
If your firewall gives an alert, allow it instead of blocking it.
In case you still get the message BFU.exe is not present, download BFU.zip from here (http://www.merijn.org/files/bfu.zip).
Unzip it and place BFU.exe in the c:\program files\roguescanfix-folder. Then doubleclick Roguescanfix.bat again.

The tool will uninstall some programs and delete related files and registrykeys.
When some files won't get deleted, it will ask you to reboot your system to delete the files after reboot.
Please make sure the uninstall of the programs are finished before you click Yes to reboot.

A textfile wil open. Place the contents of that file in your next reply, along with a new Hijackthis logfile.
(The textfile can also be found at c:\program files\roguescanfix\task.txt)

Thanks,
tea

matthujun
2006-11-09, 22:47
Done.

Here are the logfiles

Logfile of HijackThis v1.99.1
Scan saved at 오후 3:46:53, on 2006-11-09
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\Program Files\Cash-Back\cashback.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SPACE INTERNATIONAL\CDSpace 5\LCDPlyer.exe
C:\WINDOWS\system32\conime.exe
C:\WINDOWS\Integrator.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Azureus\Azureus.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\windows nt\accessories\wordpad.exe
C:\hjt\analyse.exe

R3 - URLSearchHook: UrlSH Class - {00FE252A-86E6-47EB-9684-80E04CECBB76} - C:\Program Files\Cash-Back\csbkhm2.dll
O2 - BHO: Ecbso Class - {031AE275-656A-407D-B6E0-6D08E78DE258} - C:\Program Files\Cash-Back\csbkhm2.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {39f25b12-74ff-4079-a51f-1d70f5b08b84} - C:\WINDOWS\system32\ixt2.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5BCC7EB7-BD76-C6A8-7F55-B9CE6FCBBCB6} - C:\WINDOWS\system32\ieifez.dll
O2 - BHO: (no name) - {73F1A7A4-D0E3-4E7F-876E-5E3FEB84CF6D} - C:\WINDOWS\system32\pmnlj.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: (no name) - {F18F04B0-9CF1-4b93-B004-77A288BEE28B} - C:\WINDOWS\system32\ovwfoqqa.dll (file missing)
O2 - BHO: Ecbso2 Class - {FF0CDE9B-B3E6-4B89-987F-2816C7A81F1C} - C:\Program Files\Cash-Back\csbkhm2.dll
O4 - HKLM\..\Run: [messenger.exe] c:\windows\messenger.exe
O4 - HKLM\..\Run: [cash-back] C:\Program Files\Cash-Back\cashback.exe
O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvhum.dll,startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Cdoa] "C:\PROGRA~1\Аdobe\regedit.exe" -vt yazb
O4 - HKCU\..\Run: [Tzgspz] C:\Program Files\М?crosoft.NET\eхplorer.exe
O4 - HKCU\..\Run: [K0raFoGa] C:\WINDOWS\system32\K0raFoGa.exe /WS
O4 - Startup: Hare.lnk = C:\Program Files\Dachshund Software\Hare\Hare.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: LCDPlayer.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: 플래쉬겟으로 모두 받기 - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: 플래쉬겟으로 받기 - C:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Good\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00001023-A15C-11D4-97A4-0050BF0FBE67} (NetmarbleStarter23 Class) - http://download.netmarble.com/web/nmstarter/NMStarter23.cab
O16 - DPF: {072039AB-2117-4ED5-A85F-9B9EB903E021} (NowStarter Control) - http://www.clubbox.co.kr/neo.fld/NowStarter.cab
O16 - DPF: {0AE0F5F9-8233-49A4-A3C8-004CE190787B} (BMSpeedCheck Control) -
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {27E4B2A9-D554-40DE-B6CD-F11E9B44FBD0} (SimFileControl Control) - http://simfile.chol.com/down/SimFileControl.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {2931566C-B8A6-46C5-BF4D-E6AB9251E953} (Nexon Package Manager Control) - http://file.nx.com/activex/public_new/nxpm.cab
O16 - DPF: {340CCF52-D65F-4A11-80B3-13DC23697B59} (BugsInstall Control) - http://player.bugs.co.kr/install/BugsInstall.cab
O16 - DPF: {43C5B905-62A9-454E-BD73-4E68ECFF52F4} (SayClub Image Upload Control) - http://dl.sayclub.com/sayclub/sayctl/imgpack.cab
O16 - DPF: {68253470-5D4F-4CDF-8D9C-353C14A2F013} (SVPorsche Control) - http://imgcdn.pandora.tv/pan_img/liveupdate/SVPorsche.cab
O16 - DPF: {6A2E758A-028B-46BB-A11D-0608AB5A4ED3} (DaumBGMCtrl Class) - http://listen.daum.net/52st/bgmplayer/Daum52stBGMPlayer.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {92E82FBB-DA00-41E0-ABFE-95482E21A4F6} (NMTransX Module) - http://download.netmarble.com/NMChatX/NMTransX.cab
O16 - DPF: {938527D1-CDB7-4147-998A-B20FCA5CC976} (Cdmcco Class) - http://cafeimg.hanmail.net/cab9_1/dmcc2.cab?Version=1,0,0,10
O16 - DPF: {9BED3AC7-E6D4-43E7-B8A1-1FA502F639E1} (XTools Control) - http://player.bugs.co.kr/install/XTools.cab
O16 - DPF: {9BF607E0-4CC1-4099-9A07-362C9E4FB090} (WStarter Control) - http://live.pdbox.co.kr:8057/WStarter.cab
O16 - DPF: {9C33ABEA-52B6-4895-85B0-E3BAB337EE3E} (Pull0PlayerX Control) - http://pullshot.pullbbang.com/images/Pull0Player.ocx
O16 - DPF: {A977FF0C-8757-4E76-8533-482F91946233} (Neowiz Login Control) - http://dl.sayclub.com/sayclub/sayctl/sayax.cab
O16 - DPF: {AB4ADC0F-2B4B-4B08-8B5C-CA4D6188A180} (P3Xfer Loader Class) - http://package.hyosungcdn.com/download/p3xset.cab
O16 - DPF: {AF11AA64-87A5-4146-AF3B-A7BD0F278485} (SBStarter Control) - http://download.soribada.com/down/Soribada/Setup/20060830/SBStart.CAB
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B9B38E70-EEF6-4E3A-AE84-DDE59A053B7C} (Daum ActiveX manager Class) - http://cafeimg.hanmail.net/cto/xman.cab?ver=1,2,2,0
O16 - DPF: {CA2F6781-BB01-4D6B-B2CB-6E6C06A004D2} (SystemInfo Class) - http://news.timentales.com/Activex/ClientSystemInfo.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe

and task.txt

Export SharedTaskScheduler key
------------------------------
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

teacup61
2006-11-10, 17:32
Hello,

Has your Norton AV expired? I see the services, but only one running process, for the definition updates. If this is the case, please install one of the following Anti Virus Programs. That will help enormously. :)

AVG (http://free.grisoft.com/freeweb.php/doc/2/), Avira (http://www.free-av.com/) OR Avast (http://www.avast.com/) are good FREE antivirus.
Never install more than one antivirus scanner or firewall on your system! Several together can give you problems and decrease the reliability of it seriously!

Look in Add/Remove Programs and remove Cash Back and Bargain Buddy, if present. Reboot afterwards.

Please download, install, and update AVG Anti-Spyware (formerly Ewido) (http://www.ewido.net/en/download/)


Load AVG Anti-Spyware and then click the Update tab at the top. Under Manual Update click Start update.
After the update finishes (the status bar at the bottom will display "Update successful")
Close ewido. Do not run it yet.


Please reboot your computer into Safe Mode. To boot into Safe Mode, please restart your computer. Tap F8 before Windows loads. Select Safe Mode on the screen that appears.

Please run HijackThis! and click "Scan." Place checks next to the following entries, if present:

R3 - URLSearchHook: UrlSH Class - {00FE252A-86E6-47EB-9684-80E04CECBB76} - C:\Program Files\Cash-Back\csbkhm2.dll
O2 - BHO: Ecbso Class - {031AE275-656A-407D-B6E0-6D08E78DE258} - C:\Program Files\Cash-Back\csbkhm2.dll
O2 - BHO: (no name) - {39f25b12-74ff-4079-a51f-1d70f5b08b84} - C:\WINDOWS\system32\ixt2.dll (file missing)
O2 - BHO: (no name) - {5BCC7EB7-BD76-C6A8-7F55-B9CE6FCBBCB6} - C:\WINDOWS\system32\ieifez.dll
O2 - BHO: (no name) - {73F1A7A4-D0E3-4E7F-876E-5E3FEB84CF6D} - C:\WINDOWS\system32\pmnlj.dll (file missing)
O2 - BHO: (no name) - {F18F04B0-9CF1-4b93-B004-77A288BEE28B} - C:\WINDOWS\system32\ovwfoqqa.dll (file missing)
O2 - BHO: Ecbso2 Class - {FF0CDE9B-B3E6-4B89-987F-2816C7A81F1C} - C:\Program Files\Cash-Back\csbkhm2.dll
O4 - HKLM\..\Run: [messenger.exe] c:\windows\messenger.exe
O4 - HKLM\..\Run: [cash-back] C:\Program Files\Cash-Back\cashback.exe
O4 - HKCU\..\Run: [Cdoa] "C:\PROGRA~1\?dobe\regedit.exe" -vt yazb
O4 - HKCU\..\Run: [Tzgspz] C:\Program Files\??crosoft.NET\e?plorer.exe
O4 - HKCU\..\Run: [K0raFoGa] C:\WINDOWS\system32\K0raFoGa.exe /WS

Close all browsers and other windows except for HijackThis!, and click "Fix Checked".

Navigate to and delete the following files/folders, if present:

C:\Program Files\Cash-Back<---this folder
C:\WINDOWS\system32\ieifez.dll
c:\windows\messenger.exe<----the file in this location only!
C:\WINDOWS\system32\K0raFoGa.exe


In Safe Mode, load AVG Anti-Spyware and click on the Scanner tab at the top and then click on Complete System Scan. This scan can take quite a while to run, so be prepared.
AVG Anti-Spyware will list any infections found on the left hand side. When the scan has finished, it will automatically set the recommended action. Click the Apply all actions button. AVG Anti-Spyware will display "All actions have been applied" on the right hand side.
Click on "Save Report", then "Save Report As". This will create a text file. Make sure you know where to find this file again (like on the Desktop).
Restart back into Normal Mode.


Please run ComboFix again and post the report, as well as the report from AVG and a new HijackThis log. How is it running? :)

Thanks,
tea

matthujun
2006-11-14, 00:00
sorry for the delay i wasn't able to be on my computer for a while

Here are the updated logfiles

Logfile of HijackThis v1.99.1
Scan saved at 오후 4:54:18, on 2006-11-13
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SPACE INTERNATIONAL\CDSpace 5\LCDPlyer.exe
C:\WINDOWS\Integrator.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\conime.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\hjt\analyse.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvhum.dll,startup
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Hare.lnk = C:\Program Files\Dachshund Software\Hare\Hare.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: LCDPlayer.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: 플래쉬겟으로 모두 받기 - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: 플래쉬겟으로 받기 - C:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Good\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00001023-A15C-11D4-97A4-0050BF0FBE67} (NetmarbleStarter23 Class) - http://download.netmarble.com/web/nmstarter/NMStarter23.cab
O16 - DPF: {072039AB-2117-4ED5-A85F-9B9EB903E021} (NowStarter Control) - http://www.clubbox.co.kr/neo.fld/NowStarter.cab
O16 - DPF: {0AE0F5F9-8233-49A4-A3C8-004CE190787B} (BMSpeedCheck Control) -
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {27E4B2A9-D554-40DE-B6CD-F11E9B44FBD0} (SimFileControl Control) - http://simfile.chol.com/down/SimFileControl.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {2931566C-B8A6-46C5-BF4D-E6AB9251E953} (Nexon Package Manager Control) - http://file.nx.com/activex/public_new/nxpm.cab
O16 - DPF: {340CCF52-D65F-4A11-80B3-13DC23697B59} (BugsInstall Control) - http://player.bugs.co.kr/install/BugsInstall.cab
O16 - DPF: {43C5B905-62A9-454E-BD73-4E68ECFF52F4} (SayClub Image Upload Control) - http://dl.sayclub.com/sayclub/sayctl/imgpack.cab
O16 - DPF: {68253470-5D4F-4CDF-8D9C-353C14A2F013} (SVPorsche Control) - http://imgcdn.pandora.tv/pan_img/liveupdate/SVPorsche.cab
O16 - DPF: {6A2E758A-028B-46BB-A11D-0608AB5A4ED3} (DaumBGMCtrl Class) - http://listen.daum.net/52st/bgmplayer/Daum52stBGMPlayer.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {92E82FBB-DA00-41E0-ABFE-95482E21A4F6} (NMTransX Module) - http://download.netmarble.com/NMChatX/NMTransX.cab
O16 - DPF: {938527D1-CDB7-4147-998A-B20FCA5CC976} (Cdmcco Class) - http://cafeimg.hanmail.net/cab9_1/dmcc2.cab?Version=1,0,0,10
O16 - DPF: {9BED3AC7-E6D4-43E7-B8A1-1FA502F639E1} (XTools Control) - http://player.bugs.co.kr/install/XTools.cab
O16 - DPF: {9BF607E0-4CC1-4099-9A07-362C9E4FB090} (WStarter Control) - http://live.pdbox.co.kr:8057/WStarter.cab
O16 - DPF: {9C33ABEA-52B6-4895-85B0-E3BAB337EE3E} (Pull0PlayerX Control) - http://pullshot.pullbbang.com/images/Pull0Player.ocx
O16 - DPF: {A977FF0C-8757-4E76-8533-482F91946233} (Neowiz Login Control) - http://dl.sayclub.com/sayclub/sayctl/sayax.cab
O16 - DPF: {AB4ADC0F-2B4B-4B08-8B5C-CA4D6188A180} (P3Xfer Loader Class) - http://package.hyosungcdn.com/download/p3xset.cab
O16 - DPF: {AF11AA64-87A5-4146-AF3B-A7BD0F278485} (SBStarter Control) - http://download.soribada.com/down/Soribada/Setup/20060830/SBStart.CAB
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B9B38E70-EEF6-4E3A-AE84-DDE59A053B7C} (Daum ActiveX manager Class) - http://cafeimg.hanmail.net/cto/xman.cab?ver=1,2,2,0
O16 - DPF: {CA2F6781-BB01-4D6B-B2CB-6E6C06A004D2} (SystemInfo Class) - http://news.timentales.com/Activex/ClientSystemInfo.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe

matthujun
2006-11-14, 00:03
For my AVG report i saved a report that accidently ignored all of the threats instead of cleaning them. I did clean it properly again but i forgot to save it..

I don't know this might help but just in case i'll post it

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 오후 5:38:06 2006-11-10

+ Scan result:



C:\Program Files\Opera\c3nform..exe -> Adware.Agent : Ignored.
HKLM\SOFTWARE\Classes\CLSID\{052b12f7-86fa-4921-8482-26c42316b522} -> Adware.Generic : Ignored.
HKU\S-1-5-21-1547161642-1085031214-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{052B12F7-86FA-4921-8482-26C42316B522} -> Adware.Generic : Ignored.
C:\System Volume Information\_restore{C5DC6599-6CEC-4C84-B2A4-8F9EB335AA6B}\RP317\A0165407.dll -> Adware.PurityScan : Ignored.
C:\hjt\backups\backup-20061110-161527-924.dll -> Adware.PurityScan : Ignored.
C:\Program Files\DAEMON Tools\SetupDTSB.exe -> Adware.SaveNow : Ignored.
C:\Program Files\Common Files\Microsoft Shared\MSEnv\vers_man.exe.exe -> Backdoor.Agent.abc : Ignored.
C:\WINDOWS\Internet Logs\KMm.exe -> Downloader.Agent.aff : Ignored.
C:\WINDOWS\Resources\KTX.exe -> Downloader.Agent.aff : Ignored.
C:\WINDOWS\pss\E1M.exe -> Downloader.Agent.aff : Ignored.
C:\WINDOWS\data2.exe -> Downloader.Agent.ahh : Ignored.
C:\WINDOWS\nem220.dll_tobedeleted -> Downloader.Dyfuca : Ignored.
C:\Documents and Settings\matthujun\Local Settings\Temp\1d5jh.exe -> Downloader.Small : Ignored.
C:\Documents and Settings\matthujun\Local Settings\Temp\2aG.exe -> Downloader.Small : Ignored.
C:\Documents and Settings\matthujun\Local Settings\Temp\3Cl.exe -> Downloader.Small : Ignored.
C:\Documents and Settings\matthujun\Local Settings\Temp\9sNuMwn.exe -> Downloader.Small : Ignored.
C:\Documents and Settings\matthujun\Local Settings\Temp\CKE.exe -> Downloader.Small : Ignored.
C:\Documents and Settings\matthujun\Local Settings\Temp\EfQCDe5.exe -> Downloader.Small : Ignored.
C:\Documents and Settings\matthujun\Local Settings\Temp\GXNstA.exe -> Downloader.Small : Ignored.
C:\Documents and Settings\matthujun\Local Settings\Temp\Gy5U.exe -> Downloader.Small : Ignored.
C:\Documents and Settings\matthujun\Local Settings\Temp\HRaiVz8.exe -> Downloader.Small : Ignored.
C:\Documents and Settings\matthujun\Local Settings\Temp\J5K.exe -> Downloader.Small : Ignored.
C:\Documents and Settings\matthujun\Local Settings\Temp\J5b.exe -> Downloader.Small : Ignored.
C:\Documents and Settings\matthujun\Local Settings\Temp\MnXWGm.exe -> Downloader.Small : Ignored.
C:\Documents and Settings\matthujun\Local Settings\Temp\NAm.exe -> Downloader.Small : Ignored.
C:\Documents and Settings\matthujun\Local Settings\Temp\Qn8a19o.exe -> Downloader.Small : Ignored.
C:\Documents and Settings\matthujun\Local Settings\Temp\Rwc.exe -> Downloader.Small : Ignored.
C:\Documents and Settings\matthujun\Local Settings\Temp\TrxWclu.exe -> Downloader.Small : Ignored.
C:\Documents and Settings\matthujun\Local Settings\Temp\Yal.exe -> Downloader.Small : Ignored.
C:\Documents and Settings\matthujun\Local Settings\Temp\aF1s.exe -> Downloader.Small : Ignored.
C:\Documents and Settings\matthujun\Local Settings\Temp\f9k.exe -> Downloader.Small : Ignored.
C:\Documents and Settings\matthujun\Local Settings\Temp\jpy.exe -> Downloader.Small : Ignored.
C:\Documents and Settings\matthujun\Local Settings\Temp\mEy.exe -> Downloader.Small : Ignored.
C:\Documents and Settings\matthujun\Local Settings\Temp\te9.exe -> Downloader.Small : Ignored.
C:\Documents and Settings\matthujun\Local Settings\Temp\tmc.exe -> Downloader.Small : Ignored.
C:\Documents and Settings\matthujun\Local Settings\Temp\v65V4iV.exe -> Downloader.Small : Ignored.
C:\Documents and Settings\matthujun\Local Settings\Temp\vFwPP.exe -> Downloader.Small : Ignored.
C:\Documents and Settings\matthujun\Local Settings\Temp\vPe.exe -> Downloader.Small : Ignored.
C:\Documents and Settings\matthujun\Local Settings\Temp\wNe.exe -> Downloader.Small : Ignored.
C:\Documents and Settings\matthujun\Local Settings\Temp\x1G.exe -> Downloader.Small : Ignored.
C:\hjt\backups\backup-20060714-103550-200.dll -> Downloader.Small.ctp : Ignored.
C:\Downloads\PDFX3SA_LE.rar/PDFX3SA_LE.exe -> Dropper.Delf.yb : Ignored.
C:\Program Files\Internet Explorer\kyzewewet.html -> Hijacker.Small.jf : Ignored.
C:\Program Files\Online Services\howyt.html -> Hijacker.Small.jf : Ignored.
D:\hidden folder\Playboy - July 2006\Need.For.Speed.Carbon.Crack.exe -> Logger.Agent.pf : Ignored.
C:\Documents and Settings\matthujun\Local Settings\Application Data\Mozilla\Firefox\Profiles\o0guxhqx.default\Cache\B23E4567d01 -> Not-A-Virus.Downloader.Win32.WinFixer.o : Ignored.
C:\Documents and Settings\matthujun\Local Settings\Application Data\Mozilla\Firefox\Profiles\o0guxhqx.default\Cache\069CD5C0d01 -> Not-A-Virus.Downloader.Win32.WinFixer.q : Ignored.
:mozilla.218:C:\Documents and Settings\Good\Application Data\Mozilla\Firefox\Profiles\rb7fleja.default\cookies.txt -> TrackingCookie.247realmedia : Ignored.
:mozilla.230:C:\Documents and Settings\Good\Application Data\Mozilla\Firefox\Profiles\rb7fleja.default\cookies.txt -> TrackingCookie.247realmedia : Ignored.
:mozilla.233:C:\Documents and Settings\Good\Application Data\Mozilla\Firefox\Profiles\rb7fleja.default\cookies.txt -> TrackingCookie.247realmedia : Ignored.
:mozilla.112:C:\Documents and Settings\matthujun\Application Data\Mozilla\Firefox\Profiles\o0guxhqx.default\cookies.txt -> TrackingCookie.2o7 : Ignored.
:mozilla.113:C:\Documents and Settings\matthujun\Application Data\Mozilla\Firefox\Profiles\o0guxhqx.default\cookies.txt -> TrackingCookie.2o7 : Ignored.
:mozilla.307:C:\Documents and Settings\Good\Application Data\Mozilla\Firefox\Profiles\rb7fleja.default\cookies.txt -> TrackingCookie.2o7 : Ignored.
:mozilla.308:C:\Documents and Settings\Good\Application Data\Mozilla\Firefox\Profiles\rb7fleja.default\cookies.txt -> TrackingCookie.2o7 : Ignored.
:mozilla.309:C:\Documents and Settings\Good\Application Data\Mozilla\Firefox\Profiles\rb7fleja.default\cookies.txt -> TrackingCookie.2o7 : Ignored.
:mozilla.310:C:\Documents and Settings\Good\Application Data\Mozilla\Firefox\Profiles\rb7fleja.default\cookies.txt -> TrackingCookie.2o7 : Ignored.
:mozilla.311:C:\Documents and Settings\Good\Application Data\Mozilla\Firefox\Profiles\rb7fleja.default\cookies.txt -> TrackingCookie.2o7 : Ignored.
:mozilla.312:C:\Documents and Settings\Good\Application Data\Mozilla\Firefox\Profiles\rb7fleja.default\cookies.txt -> TrackingCookie.2o7 : Ignored.
:mozilla.372:C:\Documents and Settings\Good\Application Data\Mozilla\Firefox\Profiles\rb7fleja.default\cookies.txt -> TrackingCookie.2o7 : Ignored.
:mozilla.499:C:\Documents and Settings\Good\Application Data\Mozilla\Firefox\Profiles\rb7fleja.default\cookies.txt -> TrackingCookie.2o7 : Ignored.
:mozilla.512:C:\Documents and Settings\Good\Application Data\Mozilla\Firefox\Profiles\rb7fleja.default\cookies.txt -> TrackingCookie.2o7 : Ignored.
C:\Documents and Settings\matthujun\Cookies\matthujun@cbs.112.2o7[1].txt -> TrackingCookie.2o7 : Ignored.
C:\Documents and Settings\matthujun\Cookies\matthujun@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Ignored.
:mozilla.117:C:\Documents and Settings\Good\Application Data\Mozilla\Firefox\Profiles\rb7fleja.default\cookies.txt -> TrackingCookie.Adbrite : Ignored.
:mozilla.118:C:\Documents and Settings\Good\Application Data\Mozilla\Firefox\Profiles\rb7fleja.default\cookies.txt -> TrackingCookie.Adbrite : Ignored.
:mozilla.119:C:\Documents and Settings\Good\Application Data\Mozilla\Firefox\Profiles\rb7fleja.default\cookies.txt -> TrackingCookie.Adbrite : Ignored.
:mozilla.150:C:\Documents and Settings\matthujun\Application Data\Mozilla\Firefox\Profiles\o0guxhqx.default\cookies.txt -> TrackingCookie.Adbrite : Ignored.
:mozilla.151:C:\Documents and Settings\matthujun\Application Data\Mozilla\Firefox\Profiles\o0guxhqx.default\cookies.txt -> TrackingCookie.Adbrite : Ignored.
:mozilla.152:C:\Documents and Settings\matthujun\Application Data\Mozilla\Firefox\Profiles\o0guxhqx.default\cookies.txt -> TrackingCookie.Adbrite : Ignored.
:mozilla.153:C:\Documents and Settings\Good\Application Data\Mozilla\Firefox\Profiles\rb7fleja.default\cookies.txt -> TrackingCookie.Adbrite : Ignored.
:mozilla.154:C:\Documents and Settings\Good\Application Data\Mozilla\Firefox\Profiles\rb7fleja.default\cookies.txt -> TrackingCookie.Adbrite : Ignored.
:mozilla.120:C:\Documents and Settings\Good\Application Data\Mozilla\Firefox\Profiles\rb7fleja.default\cookies.txt -> TrackingCookie.Adjuggler : Ignored.
:mozilla.121:C:\Documents and Settings\Good\Application Data\Mozilla\Firefox\Profiles\rb7fleja.default\cookies.txt -> TrackingCookie.Adjuggler : Ignored.

matthujun
2006-11-14, 00:05
Continued

:mozilla.122:C:\Documents and Settings\Good\Application Data\Mozilla\Firefox\Profiles\rb7fleja.default\cookies.txt -> TrackingCookie.Adjuggler : Ignored.
:mozilla.208:C:\Documents and Settings\Good\Application Data\Mozilla\Firefox\Profiles\rb7fleja.default\cookies.txt -> TrackingCookie.Advertising : Ignored.
:mozilla.209:C:\Documents and Settings\Good\Application Data\Mozilla\Firefox\Profiles\rb7fleja.default\cookies.txt -> TrackingCookie.Advertising : Ignored.
:mozilla.210:C:\Documents and Settings\Good\Application Data\Mozilla\Firefox\Profiles\rb7fleja.default\cookies.txt -> TrackingCookie.Advertising : Ignored.
:mozilla.211:C:\Documents and Settings\Good\Application Data\Mozilla\Firefox\Profiles\rb7fleja.default\cookies.txt -> TrackingCookie.Advertising : Ignored.
C:\Documents and Settings\matthujun\Cookies\matthujun@advertising[1].txt -> TrackingCookie.Advertising : Ignored.
:mozilla.102:C:\Documents and Settings\matthujun\Application Data\Mozilla\Firefox\Profiles\o0guxhqx.default\cookies.txt -> TrackingCookie.Atdmt : Ignored.
:mozilla.91:C:\Documents and Settings\Good\Application Data\Mozilla\Firefox\Profiles\rb7fleja.default\cookies.txt -> TrackingCookie.Atdmt : Ignored.
C:\Documents and Settings\matthujun\Cookies\matthujun@atdmt[2].txt -> TrackingCookie.Atdmt : Ignored.
:mozilla.368:C:\Documents and Settings\Good\Application Data\Mozilla\Firefox\Profiles\rb7fleja.default\cookies.txt -> TrackingCookie.Burstnet : Ignored.
:mozilla.617:C:\Documents and Settings\Good\Application Data\Mozilla\Firefox\Profiles\rb7fleja.default\cookies.txt -> TrackingCookie.Burstnet : Ignored.
:mozilla.106:C:\Documents and Settings\matthujun\Application Data\Mozilla\Firefox\Profiles\o0guxhqx.default\cookies.txt -> TrackingCookie.Casalemedia : Ignored.
:mozilla.142:C:\Documents and Settings\Good\Application Data\Mozilla\Firefox\Profiles\rb7fleja.default\cookies.txt -> TrackingCookie.Casalemedia : Ignored.
:mozilla.143:C:\Documents and Settings\Good\Application Data\Mozilla\Firefox\Profiles\rb7fleja.default\cookies.txt -> TrackingCookie.Casalemedia : Ignored.
:mozilla.144:C:\Documents and Settings\Good\Application Data\Mozilla\Firefox\Profiles\rb7fleja.default\cookies.txt -> TrackingCookie.Casalemedia : Ignored.
C:\Documents and Settings\matthujun\Cookies\matthujun@casalemedia[1].txt -> TrackingCookie.Casalemedia : Ignored.
C:\Documents and Settings\matthujun\Cookies\matthujun@centrport[1].txt -> TrackingCookie.Centrport : Ignored.
:mozilla.174:C:\Documents and Settings\matthujun\Application Data\Mozilla\Firefox\Profiles\o0guxhqx.default\cookies.txt -> TrackingCookie.Com : Ignored.
:mozilla.177:C:\Documents and Settings\Good\Application Data\Mozilla\Firefox\Profiles\rb7fleja.default\cookies.txt -> TrackingCookie.Com : Ignored.
:mozilla.100:C:\Documents and Settings\Good\Application Data\Mozilla\Firefox\Profiles\rb7fleja.default\cookies.txt -> TrackingCookie.Doubleclick : Ignored.
:mozilla.98:C:\Documents and Settings\matthujun\Application Data\Mozilla\Firefox\Profiles\o0guxhqx.default\cookies.txt -> TrackingCookie.Doubleclick : Ignored.
C:\Documents and Settings\matthujun\Cookies\matthujun@doubleclick[1].txt -> TrackingCookie.Doubleclick : Ignored.
:mozilla.93:C:\Documents and Settings\Good\Application Data\Mozilla\Firefox\Profiles\rb7fleja.default\cookies.txt -> TrackingCookie.Fastclick : Ignored.
:mozilla.95:C:\Documents and Settings\Good\Application Data\Mozilla\Firefox\Profiles\rb7fleja.default\cookies.txt -> TrackingCookie.Fastclick : Ignored.
:mozilla.96:C:\Documents and Settings\Good\Application Data\Mozilla\Firefox\Profiles\rb7fleja.default\cookies.txt -> TrackingCookie.Fastclick : Ignored.
:mozilla.97:C:\Documents and Settings\Good\Application Data\Mozilla\Firefox\Profiles\rb7fleja.default\cookies.txt -> TrackingCookie.Fastclick : Ignored.
:mozilla.98:C:\Documents and Settings\Good\Application Data\Mozilla\Firefox\Profiles\rb7fleja.default\cookies.txt -> TrackingCookie.Fastclick : Ignored.
:mozilla.99:C:\Documents and Settings\Good\Application Data\Mozilla\Firefox\Profiles\rb7fleja.default\cookies.txt -> TrackingCookie.Fastclick : Ignored.
:mozilla.7:C:\Documents and Settings\LocalService\Application Data\Mozilla\Firefox\Profiles\whft0o6e.default\cookies.txt -> TrackingCookie.Findwhat : Ignored.
:mozilla.10:C:\Documents and Settings\LocalService\Application Data\Mozilla\Firefox\Profiles\whft0o6e.default\cookies.txt -> TrackingCookie.Goclick : Ignored.
:mozilla.9:C:\Documents and Settings\LocalService\Application Data\Mozilla\Firefox\Profiles\whft0o6e.default\cookies.txt -> TrackingCookie.Goclick : Ignored.
:mozilla.623:C:\Documents and Settings\Good\Application Data\Mozilla\Firefox\Profiles\rb7fleja.default\cookies.txt -> TrackingCookie.Googleadservices : Ignored.
:mozilla.130:C:\Documents and Settings\matthujun\Application Data\Mozilla\Firefox\Profiles\o0guxhqx.default\cookies.txt -> TrackingCookie.Hitbox : Ignored.
:mozilla.131:C:\Documents and Settings\matthujun\Application Data\Mozilla\Firefox\Profiles\o0guxhqx.default\cookies.txt -> TrackingCookie.Hitbox : Ignored.
:mozilla.144:C:\Documents and Settings\matthujun\Application Data\Mozilla\Firefox\Profiles\o0guxhqx.default\cookies.txt -> TrackingCookie.Hitbox : Ignored.
:mozilla.155:C:\Documents and Settings\matthujun\Application Data\Mozilla\Firefox\Profiles\o0guxhqx.default\cookies.txt -> TrackingCookie.Hitbox : Ignored.
:mozilla.156:C:\Documents and Settings\matthujun\Application Data\Mozilla\Firefox\Profiles\o0guxhqx.default\cookies.txt -> TrackingCookie.Hitbox : Ignored.
:mozilla.180:C:\Documents and Settings\Good\Application Data\Mozilla\Firefox\Profiles\rb7fleja.default\cookies.txt -> TrackingCookie.Hitbox : Ignored.
:mozilla.181:C:\Documents and Settings\Good\Application Data\Mozilla\Firefox\Profiles\rb7fleja.default\cookies.txt -> TrackingCookie.Hitbox : Ignored.
:mozilla.182:C:\Documents and Settings\Good\Application Data\Mozilla\Firefox\Profiles\rb7fleja.default\cookies.txt -> TrackingCookie.Hitbox : Ignored.
C:\Documents and Settings\matthujun\Cookies\matthujun@ehg-winnercomm.hitbox[1].txt -> TrackingCookie.Hitbox : Ignored.
C:\Documents and Settings\matthujun\Cookies\matthujun@hitbox[2].txt -> TrackingCookie.Hitbox : Ignored.
:mozilla.451:C:\Documents and Settings\Good\Application Data\Mozilla\Firefox\Profiles\rb7fleja.default\cookies.txt -> TrackingCookie.Hotlog : Ignored.
:mozilla.101:C:\Documents and Settings\Good\Application Data\Mozilla\Firefox\Profiles\rb7fleja.default\cookies.txt -> TrackingCookie.Mediaplex : Ignored.
C:\Documents and Settings\matthujun\Cookies\matthujun@mediaplex[1].txt -> TrackingCookie.Mediaplex : Ignored.
:mozilla.32:C:\Documents and Settings\matthujun\Application Data\Mozilla\Firefox\Profiles\o0guxhqx.default\cookies.txt -> TrackingCookie.Overture : Ignored.
:mozilla.33:C:\Documents and Settings\matthujun\Application Data\Mozilla\Firefox\Profiles\o0guxhqx.default\cookies.txt -> TrackingCookie.Overture : Ignored.
:mozilla.34:C:\Documents and Settings\matthujun\Application Data\Mozilla\Firefox\Profiles\o0guxhqx.default\cookies.txt -> TrackingCookie.Overture : Ignored.
:mozilla.490:C:\Documents and Settings\Good\Application Data\Mozilla\Firefox\Profiles\rb7fleja.default\cookies.txt -> TrackingCookie.Overture : Ignored.
C:\Documents and Settings\matthujun\Cookies\matthujun@perf.overture[1].txt -> TrackingCookie.Overture : Ignored.
:mozilla.193:C:\Documents and Settings\Good\Application Data\Mozilla\Firefox\Profiles\rb7fleja.default\cookies.txt -> TrackingCookie.Pointroll : Ignored.
:mozilla.194:C:\Documents and Settings\Good\Application Data\Mozilla\Firefox\Profiles\rb7fleja.default\cookies.txt -> TrackingCookie.Pointroll : Ignored.
:mozilla.195:C:\Documents and Settings\Good\Application Data\Mozilla\Firefox\Profiles\rb7fleja.default\cookies.txt -> TrackingCookie.Pointroll : Ignored.
:mozilla.196:C:\Documents and Settings\Good\Application Data\Mozilla\Firefox\Profiles\rb7fleja.default\cookies.txt -> TrackingCookie.Pointroll : Ignored.
C:\Documents and Settings\Good\Cookies\good@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Ignored.
:mozilla.128:C:\Documents and Settings\Good\Application Data\Mozilla\Firefox\Profiles\rb7fleja.default\cookies.txt -> TrackingCookie.Questionmarket : Ignored.
:mozilla.129:C:\Documents and Settings\Good\Application Data\Mozilla\Firefox\Profiles\rb7fleja.default\cookies.txt -> TrackingCookie.Questionmarket : Ignored.
:mozilla.130:C:\Documents and Settings\Good\Application Data\Mozilla\Firefox\Profiles\rb7fleja.default\cookies.txt -> TrackingCookie.Questionmarket : Ignored.
C:\Documents and Settings\Good\Cookies\good@questionmarket[2].txt -> TrackingCookie.Questionmarket : Ignored.
C:\Documents and Settings\matthujun\Cookies\matthujun@questionmarket[1].txt -> TrackingCookie.Questionmarket : Ignored.
:mozilla.10:C:\Documents and Settings\matthujun\Application Data\Mozilla\Firefox\Profiles\o0guxhqx.default\cookies.txt -> TrackingCookie.Reliablestats : Ignored.
:mozilla.11:C:\Documents and Settings\matthujun\Application Data\Mozilla\Firefox\Profiles\o0guxhqx.default\cookies.txt -> TrackingCookie.Reliablestats : Ignored.
:mozilla.12:C:\Documents and Settings\matthujun\Application Data\Mozilla\Firefox\Profiles\o0guxhqx.default\cookies.txt -> TrackingCookie.Reliablestats : Ignored.
:mozilla.13:C:\Documents and Settings\matthujun\Application Data\Mozilla\Firefox\Profiles\o0guxhqx.default\cookies.txt -> TrackingCookie.Reliablestats : Ignored.
:mozilla.6:C:\Documents and Settings\matthujun\Application Data\Mozilla\Firefox\Profiles\o0guxhqx.default\cookies.txt -> TrackingCookie.Reliablestats : Ignored.
:mozilla.9:C:\Documents and Settings\matthujun\Application Data\Mozilla\Firefox\Profiles\o0guxhqx.default\cookies.txt -> TrackingCookie.Reliablestats : Ignored.
C:\Documents and Settings\matthujun\Cookies\matthujun@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Ignored.
:mozilla.318:C:\Documents and Settings\Good\Application Data\Mozilla\Firefox\Profiles\rb7fleja.default\cookies.txt -> TrackingCookie.Revenue : Ignored.
:mozilla.404:C:\Documents and Settings\Good\Application Data\Mozilla\Firefox\Profiles\rb7fleja.default\cookies.txt -> TrackingCookie.Ru4 : Ignored.
:mozilla.405:C:\Documents and Settings\Good\Application Data\Mozilla\Firefox\Profiles\rb7fleja.default\cookies.txt -> TrackingCookie.Ru4 : Ignored.
:mozilla.406:C:\Documents and Settings\Good\Application Data\Mozilla\Firefox\Profiles\rb7fleja.default\cookies.txt -> TrackingCookie.Ru4 : Ignored.
:mozilla.407:C:\Documents and Settings\Good\Application Data\Mozilla\Firefox\Profiles\rb7fleja.default\cookies.txt -> TrackingCookie.Ru4 : Ignored.
:mozilla.517:C:\Documents and Settings\Good\Application Data\Mozilla\Firefox\Profiles\rb7fleja.default\cookies.txt -> TrackingCookie.Serving-sys : Ignored.
:mozilla.518:C:\Documents and Settings\Good\Application Data\Mozilla\Firefox\Profiles\rb7fleja.default\cookies.txt -> TrackingCookie.Serving-sys : Ignored.
:mozilla.519:C:\Documents and Settings\Good\Application Data\Mozilla\Firefox\Profiles\rb7fleja.default\cookies.txt -> TrackingCookie.Serving-sys : Ignored.
:mozilla.520:C:\Documents and Settings\Good\Application Data\Mozilla\Firefox\Profiles\rb7fleja.default\cookies.txt -> TrackingCookie.Serving-sys : Ignored.
:mozilla.521:C:\Documents and Settings\Good\Application Data\Mozilla\Firefox\Profiles\rb7fleja.default\cookies.txt -> TrackingCookie.Serving-sys : Ignored.
C:\Documents and Settings\Good\Cookies\good@bs.serving-sys[1].txt -> TrackingCookie.Serving-sys : Ignored.
C:\Documents and Settings\Good\Cookies\good@serving-sys[2].txt -> TrackingCookie.Serving-sys : Ignored.
C:\Documents and Settings\matthujun\Cookies\matthujun@bs.serving-sys[1].txt -> TrackingCookie.Serving-sys : Ignored.
C:\Documents and Settings\matthujun\Cookies\matthujun@serving-sys[2].txt -> TrackingCookie.Serving-sys : Ignored.
:mozilla.11:C:\Documents and Settings\LocalService\Application Data\Mozilla\Firefox\Profiles\whft0o6e.default\cookies.txt -> TrackingCookie.Sitestat : Ignored.
:mozilla.12:C:\Documents and Settings\LocalService\Application Data\Mozilla\Firefox\Profiles\whft0o6e.default\cookies.txt -> TrackingCookie.Sitestat : Ignored.
:mozilla.600:C:\Documents and Settings\Good\Application Data\Mozilla\Firefox\Profiles\rb7fleja.default\cookies.txt -> TrackingCookie.Sitestat : Ignored.
:mozilla.601:C:\Documents and Settings\Good\Application Data\Mozilla\Firefox\Profiles\rb7fleja.default\cookies.txt -> TrackingCookie.Sitestat : Ignored.
C:\Documents and Settings\matthujun\Cookies\matthujun@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : Ignored.
:mozilla.530:C:\Documents and Settings\Good\Application Data\Mozilla\Firefox\Profiles\rb7fleja.default\cookies.txt -> TrackingCookie.Spylog : Ignored.
:mozilla.531:C:\Documents and Settings\Good\Application Data\Mozilla\Firefox\Profiles\rb7fleja.default\cookies.txt -> TrackingCookie.Statcounter : Ignored.
:mozilla.532:C:\Documents and Settings\Good\Application Data\Mozilla\Firefox\Profiles\rb7fleja.default\cookies.txt -> TrackingCookie.Statcounter : Ignored.
:mozilla.533:C:\Documents and Settings\Good\Application Data\Mozilla\Firefox\Profiles\rb7fleja.default\cookies.txt -> TrackingCookie.Statcounter : Ignored.
:mozilla.534:C:\Documents and Settings\Good\Application Data\Mozilla\Firefox\Profiles\rb7fleja.default\cookies.txt -> TrackingCookie.Statcounter : Ignored.
:mozilla.535:C:\Documents and Settings\Good\Application Data\Mozilla\Firefox\Profiles\rb7fleja.default\cookies.txt -> TrackingCookie.Statcounter : Ignored.
:mozilla.536:C:\Documents and Settings\Good\Application Data\Mozilla\Firefox\Profiles\rb7fleja.default\cookies.txt -> TrackingCookie.Statcounter : Ignored.
:mozilla.159:C:\Documents and Settings\matthujun\Application Data\Mozilla\Firefox\Profiles\o0guxhqx.default\cookies.txt -> TrackingCookie.Tacoda : Ignored.
:mozilla.160:C:\Documents and Settings\matthujun\Application Data\Mozilla\Firefox\Profiles\o0guxhqx.default\cookies.txt -> TrackingCookie.Tacoda : Ignored.
:mozilla.538:C:\Documents and Settings\Good\Application Data\Mozilla\Firefox\Profiles\rb7fleja.default\cookies.txt -> TrackingCookie.Tacoda : Ignored.
:mozilla.539:C:\Documents and Settings\Good\Application Data\Mozilla\Firefox\Profiles\rb7fleja.default\cookies.txt -> TrackingCookie.Tacoda : Ignored.
:mozilla.540:C:\Documents and Settings\Good\Application Data\Mozilla\Firefox\Profiles\rb7fleja.default\cookies.txt -> TrackingCookie.Tacoda : Ignored.
:mozilla.132:C:\Documents and Settings\Good\Application Data\Mozilla\Firefox\Profiles\rb7fleja.default\cookies.txt -> TrackingCookie.Tribalfusion : Ignored.
:mozilla.135:C:\Documents and Settings\Good\Application Data\Mozilla\Firefox\Profiles\rb7fleja.default\cookies.txt -> TrackingCookie.Tribalfusion : Ignored.
:mozilla.136:C:\Documents and Settings\Good\Application Data\Mozilla\Firefox\Profiles\rb7fleja.default\cookies.txt -> TrackingCookie.Tribalfusion : Ignored.
:mozilla.137:C:\Documents and Settings\Good\Application Data\Mozilla\Firefox\Profiles\rb7fleja.default\cookies.txt -> TrackingCookie.Tribalfusion : Ignored.
:mozilla.253:C:\Documents and Settings\Good\Application Data\Mozilla\Firefox\Profiles\rb7fleja.default\cookies.txt -> TrackingCookie.Valuead : Ignored.
:mozilla.254:C:\Documents and Settings\Good\Application Data\Mozilla\Firefox\Profiles\rb7fleja.default\cookies.txt -> TrackingCookie.Valuead : Ignored.
:mozilla.255:C:\Documents and Settings\Good\Application Data\Mozilla\Firefox\Profiles\rb7fleja.default\cookies.txt -> TrackingCookie.Valuead : Ignored.
:mozilla.256:C:\Documents and Settings\Good\Application Data\Mozilla\Firefox\Profiles\rb7fleja.default\cookies.txt -> TrackingCookie.Valuead : Ignored.
:mozilla.505:C:\Documents and Settings\Good\Application Data\Mozilla\Firefox\Profiles\rb7fleja.default\cookies.txt -> TrackingCookie.Valuead : Ignored.
:mozilla.506:C:\Documents and Settings\Good\Application Data\Mozilla\Firefox\Profiles\rb7fleja.default\cookies.txt -> TrackingCookie.Valuead : Ignored.
:mozilla.507:C:\Documents and Settings\Good\Application Data\Mozilla\Firefox\Profiles\rb7fleja.default\cookies.txt -> TrackingCookie.Valuead : Ignored.
:mozilla.508:C:\Documents and Settings\Good\Application Data\Mozilla\Firefox\Profiles\rb7fleja.default\cookies.txt -> TrackingCookie.Valuead : Ignored.
:mozilla.509:C:\Documents and Settings\Good\Application Data\Mozilla\Firefox\Profiles\rb7fleja.default\cookies.txt -> TrackingCookie.Valuead : Ignored.
C:\Documents and Settings\matthujun\Cookies\matthujun@valueclick[1].txt -> TrackingCookie.Valueclick : Ignored.
:mozilla.129:C:\Documents and Settings\matthujun\Application Data\Mozilla\Firefox\Profiles\o0guxhqx.default\cookies.txt -> TrackingCookie.Webtrendslive : Ignored.
:mozilla.564:C:\Documents and Settings\Good\Application Data\Mozilla\Firefox\Profiles\rb7fleja.default\cookies.txt -> TrackingCookie.Yadro : Ignored.
:mozilla.84:C:\Documents and Settings\Good\Application Data\Mozilla\Firefox\Profiles\rb7fleja.default\cookies.txt -> TrackingCookie.Yieldmanager : Ignored.
:mozilla.86:C:\Documents and Settings\Good\Application Data\Mozilla\Firefox\Profiles\rb7fleja.default\cookies.txt -> TrackingCookie.Yieldmanager : Ignored.
:mozilla.87:C:\Documents and Settings\Good\Application Data\Mozilla\Firefox\Profiles\rb7fleja.default\cookies.txt -> TrackingCookie.Yieldmanager : Ignored.
:mozilla.88:C:\Documents and Settings\Good\Application Data\Mozilla\Firefox\Profiles\rb7fleja.default\cookies.txt -> TrackingCookie.Yieldmanager : Ignored.
:mozilla.92:C:\Documents and Settings\Good\Application Data\Mozilla\Firefox\Profiles\rb7fleja.default\cookies.txt -> TrackingCookie.Yieldmanager : Ignored.
:mozilla.94:C:\Documents and Settings\Good\Application Data\Mozilla\Firefox\Profiles\rb7fleja.default\cookies.txt -> TrackingCookie.Yieldmanager : Ignored.
:mozilla.330:C:\Documents and Settings\Good\Application Data\Mozilla\Firefox\Profiles\rb7fleja.default\cookies.txt -> TrackingCookie.Zedo : Ignored.
:mozilla.331:C:\Documents and Settings\Good\Application Data\Mozilla\Firefox\Profiles\rb7fleja.default\cookies.txt -> TrackingCookie.Zedo : Ignored.
:mozilla.332:C:\Documents and Settings\Good\Application Data\Mozilla\Firefox\Profiles\rb7fleja.default\cookies.txt -> TrackingCookie.Zedo : Ignored.
C:\Downloads\PDFX3SA_LE.rar/crack.exe -> Trojan.Delf.DM : Ignored.
C:\WINDOWS\system32\ezsearch.dll -> Trojan.Kwmcore : Ignored.


::Report end

About the condition of my computer, there are no specific problems but my AVG continously tells me that i have a threat and its is kind of tedius to close the window everytime. But i'm sure theres lots of junk in my computer still..

thanks for the patience and help!

matthujun
2006-11-14, 00:06
P.S attachemtn of combofix

teacup61
2006-11-14, 03:38
Hello,

Rerun AVG and let it clean (quarantine) everything this time, rather than ignore. :)

Thanks,
tea

tashi
2006-11-20, 08:37
This topic has been closed to prevent others with similar issues posting in it.
If you need it re-opened please send me or your helper a private message (pm) and provide a link to the thread.

Applies only to the original topic starter.