PDA

View Full Version : help me !!!!!!!!!!!!!!!!!!! SOS :: system warning



noobiez
2006-12-16, 18:52
sry to disturb but my pc pop up a system warning saying that my computer may be infected by harmful or unwanted software!!!

how to remove this annoying pop up ???

before this my pc already infected by system critical saying that there are virus activities in my pc. Then i use the symantec guidance to remove it using symantec antivirus corporate version and Ad-aware SE pro. And it was a successful step (risky if my brother know about it)

after that the pop up i mention above came out of nowhere n then all my software start to act UNNORMALLY........

Example the search explorer gone (picture below) then my symantec antivirus real time scanner cannot load during start up...........

as u know im juz a kid (beginner) really sry if i doesnt understand what u are trying the say........ if can pls say it very detail n detail

for those who willing to help me i would like to say thousand of thanks to u, god will bless u

noobiez
2006-12-17, 04:03
i have download a HijackThis.exe from this forum and i try to run it. Below is the LOG files that had been scanned by HJT.

Pls i need volunteer to help me with this problem. I will appreciate your help.....


Logfile of HijackThis v1.99.1
Scan saved at 9:56:38, on 17/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\ISHOST.EXE
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ismini.exe
C:\WINDOWS\system32\Tablet.exe
C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Azureus\Azureus.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ntvdm.exe
C:\WINDOWS\explorer.exe
E:\Lecherng\Installer\PortableFirefox\App\firefox\firefox.exe
E:\Lecherng\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?.home=ytie
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: (no name) - {67270207-b9ee-4d26-9270-860fdb060ca1} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - (no file)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file)
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvgaz.dll,startup
O4 - HKCU\..\Run: [AWMON] "C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\RunServices: [HLL Data Parameter] hllcxpa.exe
O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Program Files\MP3 Player Utilities 4.00\AMVConverter\grab.html
O8 - Extra context menu item: Add to Media Manager... - C:\Program Files\MP3 Player Utilities 4.00\MediaManager\grab.html
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {24311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cab
O16 - DPF: {33331111-1111-1111-1111-611111193457} - file://c:\ex.cab
O16 - DPF: {33331111-1111-1111-1111-611111193458} - file://c:\ex.cab
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1107921377046
O16 - DPF: {70EE0AA4-5A3A-4052-8FFA-2EEDA43F7942} (Innotive Cibrowser Control 1.1) - http://202.71.104.89/ibrowser/cibrowser_1_1_1_130.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Filter: text/html - (no CLSID) - (no file)
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: winowl32 - C:\WINDOWS\SYSTEM32\winowl32.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe (file missing)
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~2.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Unknown owner - C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\navapsvc.exe (file missing)
O23 - Service: Norton Unerase Protection (NProtectService) - Unknown owner - C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\AdvTools\NPROTECT.EXE (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: SAVScan - Unknown owner - C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\SAVScan.exe (file missing)
O23 - Service: ScriptBlocking Service (SBService) - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe (file missing)
O23 - Service: PC Tools Spyware Doctor (SDhelper) - Unknown owner - C:\Program Files\Spyware Doctor\sdhelp.exe (file missing)
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe (file missing)
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O23 - Service: USB Driver (Windows Configuration Loader) - Unknown owner - -netsvcs, (file missing)



*SRY if i didnt reply it ASAP because i will be going out 4 this week. But i will try to reply anyone who willing to help me* Thank you and Merry Christmas and Happy New Year

teacup61
2006-12-19, 06:28
Hello noobiez,

Welcome to Safer Networking Forums :)

You should print out these instructions, or copy them to a Notepad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

Please download SmitfraudFix (http://siri.urz.free.fr/Fix/SmitfraudFix.zip) (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.

Please reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key;
Instead of Windows loading as normal, a menu with options should appear;
Select the first option, to run Windows in Safe Mode, then press "Enter".
Choose your usual account.
Once in Safe Mode, open the SmitfraudFix folder again and double-click smitfraudfix.cmd
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart anyway into normal Windows. A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply along with a new HijackThis log.
The report can also be found at the root of the system drive, usually at C:\rapport.txt

Please let me know if you have any questions.

Regards,
tea

noobiez
2006-12-22, 11:55
thx very much for your consult

here is the fresh copy of a HJT and Smitfraud report

HJT....................

Logfile of HijackThis v1.99.1
Scan saved at 5:50:52, on 22/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
E:\Lecherng\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?.home=ytie
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - (no file)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file)
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvgaz.dll,startup
O4 - HKCU\..\Run: [AWMON] "C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\RunServices: [HLL Data Parameter] hllcxpa.exe
O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Program Files\MP3 Player Utilities 4.00\AMVConverter\grab.html
O8 - Extra context menu item: Add to Media Manager... - C:\Program Files\MP3 Player Utilities 4.00\MediaManager\grab.html
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {24311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cab
O16 - DPF: {33331111-1111-1111-1111-611111193457} - file://c:\ex.cab
O16 - DPF: {33331111-1111-1111-1111-611111193458} - file://c:\ex.cab
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1107921377046
O16 - DPF: {70EE0AA4-5A3A-4052-8FFA-2EEDA43F7942} (Innotive Cibrowser Control 1.1) - http://202.71.104.89/ibrowser/cibrowser_1_1_1_130.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Filter: text/html - (no CLSID) - (no file)
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: winowl32 - C:\WINDOWS\SYSTEM32\winowl32.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe (file missing)
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~2.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Unknown owner - C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\navapsvc.exe (file missing)
O23 - Service: Norton Unerase Protection (NProtectService) - Unknown owner - C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\AdvTools\NPROTECT.EXE (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: SAVScan - Unknown owner - C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\SAVScan.exe (file missing)
O23 - Service: ScriptBlocking Service (SBService) - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe (file missing)
O23 - Service: PC Tools Spyware Doctor (SDhelper) - Unknown owner - C:\Program Files\Spyware Doctor\sdhelp.exe (file missing)
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe (file missing)
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O23 - Service: USB Driver (Windows Configuration Loader) - Unknown owner - -netsvcs, (file missing)


Smitfraud......................................

SmitFraudFix v2.131

Scan done at 17:45:39,48, 22/12/2006
Run from C:\Documents and Settings\Yong\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{9cc1c589-4b22-4dae-8e12-4c3b5fa12b3f}"="gloomily"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{9d635a36-6b3c-4146-8625-f3aaf507bbf8}"="flammei"


»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\WINDOWS\system32\ishost.exe Deleted
C:\WINDOWS\system32\ismini.exe Deleted

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End


By the way do my computer still have trojan inside ????
If have, pls help me to remove those trojan from my computer.
Your help will i appreciate. MERRY CHRISTMAS

noobiez
2006-12-22, 17:04
after i did what u have asked me to do, i restart my computer. THen suddenly there is a pop up in the toolbar of the windows showing that

'security warning your computer may be infected with harmful or unwanted software!'

what should i do to get rid of this pop up
please help me!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

teacup61
2006-12-22, 17:55
Hello,

Yes, I'm sure you are! :eek: You have quite a bit of garbage in there. It'll take a few posts to get rid of it.

Please disable Ad-Watch, as it may hinder the removal of some HijackThis entries. You can re-enable it after your computer is clean.

To disable Ad-Watch:

1. Right click on the Ad-Watch icon in the system tray and select "Restore Ad-Watch".
2. At the bottom of the screen there will be two checkable items called "Active" and "Automatic".
Active: Switches Monitoring On or Off without closing
Automatic: Switches Automatic Blocking On or Off
3. Uncheck (red X) both items.

Please download, install, and update AVG Anti-Spyware (formerly Ewido) (http://www.ewido.net/en/download/)


Load AVG Anti-Spyware and then click the Update tab at the top. Under Manual Update click Start update.
After the update finishes (the status bar at the bottom will display "Update successful")
Close AVG. Do not run it yet.


Please reboot your computer into Safe Mode. To boot into Safe Mode, please restart your computer. Tap F8 before Windows loads. Select Safe Mode on the screen that appears.

Please run HijackThis! and click "Scan." Place checks next to the following entries, if present:

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - (no file)
O2 - BHO: (no name) - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - (no file)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file)
O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvgaz.dll,startup
O4 - HKCU\..\RunServices: [HLL Data Parameter] hllcxpa.exe
O16 - DPF: {24311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cab
O16 - DPF: {33331111-1111-1111-1111-611111193457} - file://c:\ex.cab
O16 - DPF: {33331111-1111-1111-1111-611111193458} - file://c:\ex.cab
O18 - Filter: text/html - (no CLSID) - (no file)
O20 - Winlogon Notify: winowl32 - C:\WINDOWS\SYSTEM32\winowl32.dll

Close all browsers and other windows except for HijackThis!, and click "Fix Checked".

Navigate to and delete the following:

C:\WINDOWS\system32\drvgaz.dll
C:\WINDOWS\SYSTEM32\winowl32.dll

You'll have to search for this one to delete it :

hllcxpa.exe


In Safe Mode, load AVG Anti-Spyware and click on the Scanner tab at the top and then click on Complete System Scan. This scan can take quite a while to run, so be prepared.
AVG Anti-Spyware will list any infections found on the left hand side. When the scan has finished, it will automatically set the recommended action. Click the Apply all actions button. AVG Anti-Spyware will display "All actions have been applied" on the right hand side.
Click on "Save Report", then "Save Report As". This will create a text file. Make sure you know where to find this file again (like on the Desktop).
Restart back into Normal Mode.


In your reply, please post the report from AVG and a new HijackThis log. Please also let me know how your computer is running. :)

Thanks,
tea

noobiez
2006-12-23, 07:53
hey thanks man! So far the annoying pop up didn't show up again once i reboot or start up. My computer, so far didn't crash while working (GoOd NewS)

but there is a problem when follow your instruction:

as i had mention above my windows search toolbar failed to work properly. So i had to skip one of your step :

navigate and delete hllcxpa.exe

is there any software on the internet that i can use to find this file????

and here is a fresh copy of AVG report and Hijack this log

AVG report_________________________________________________

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 1:40:36 23/12/2006

+ Scan result:



HKLM\SOFTWARE\Classes\Interface\{06CA2DA3-3A44-4FC7-8FD9-246C0F53407C} -> Adware.CoolWebSearch : No action taken.
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\OPP2PSBS\sideb[1].exe -> Adware.EliteBar : No action taken.
HKU\S-1-5-21-299502267-436374069-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{67270207-B9EE-4D26-9270-860FDB060CA1} -> Adware.Generic : No action taken.
E:\Lecherng\backups\backup-20061223-113112-436.inf -> Adware.MediaTickets : No action taken.
HKU\.DEFAULT\Software\New.net -> Adware.NewDotNet : No action taken.
HKU\S-1-5-18\Software\New.net -> Adware.NewDotNet : No action taken.
C:\WINDOWS\system32\procia.exe -> Dialer.InstantAccess.f : No action taken.
C:\WINDOWS\Temp\win312.tmp.exe -> Downloader.PurityScan.dc : No action taken.
C:\Documents and Settings\Yong\Local Settings\Temporary Internet Files\Content.IE5\STA1GHS1\l11[1].exe -> Downloader.Zlob.bfb : No action taken.
C:\Program Files\Common Files\{F88B23C1-044C-1033-0511-05081502003c}\system.dll -> Logger.Delf.mk : No action taken.
C:\RECYCLER\S-1-5-21-299502267-436374069-839522115-1003\Dc4.dll -> Not-A-Virus.Hoax.Win32.Renos.gi : No action taken.
C:\WINDOWS\Temp\mst1BE.tmp -> Not-A-Virus.Hoax.Win32.Renos.gi : No action taken.
C:\WINDOWS\Temp\mst22A.tmp -> Not-A-Virus.Hoax.Win32.Renos.gi : No action taken.
C:\WINDOWS\Temp\mst311.tmp -> Not-A-Virus.Hoax.Win32.Renos.gi : No action taken.
C:\WINDOWS\Temp\mstB42.tmp -> Not-A-Virus.Hoax.Win32.Renos.gi : No action taken.
C:\WINDOWS\system32\drvdew.dll -> Not-A-Virus.Hoax.Win32.Renos.gi : No action taken.
C:\WINDOWS\system32\drvgux.dll -> Not-A-Virus.Hoax.Win32.Renos.gi : No action taken.
C:\WINDOWS\system32\drvran.dll -> Not-A-Virus.Hoax.Win32.Renos.gi : No action taken.
:mozilla.109:E:\Lecherng\Installer\PortableFirefox\Data\profile\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.23:C:\Documents and Settings\Yong\Application Data\Mozilla\Firefox\Profiles\4su75w03.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.24:C:\Documents and Settings\Yong\Application Data\Mozilla\Firefox\Profiles\4su75w03.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.29:E:\Lecherng\Installer\PortableFirefox\Data\profile\cookies.txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.30:E:\Lecherng\Installer\PortableFirefox\Data\profile\cookies.txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.31:E:\Lecherng\Installer\PortableFirefox\Data\profile\cookies.txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.36:E:\Lecherng\Installer\PortableFirefox\Data\profile\cookies.txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.37:E:\Lecherng\Installer\PortableFirefox\Data\profile\cookies.txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.40:E:\Lecherng\Installer\PortableFirefox\Data\profile\cookies.txt -> TrackingCookie.Adbrite : No action taken.
C:\Documents and Settings\Yong\Cookies\yong@adbrite[2].txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.80:E:\Lecherng\Installer\PortableFirefox\Data\profile\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.81:E:\Lecherng\Installer\PortableFirefox\Data\profile\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.22:C:\Documents and Settings\Yong\Application Data\Mozilla\Firefox\Profiles\4su75w03.default\cookies.txt -> TrackingCookie.Clickhype : No action taken.
:mozilla.35:E:\Lecherng\Installer\PortableFirefox\Data\profile\cookies.txt -> TrackingCookie.Clickhype : No action taken.
:mozilla.39:E:\Lecherng\Installer\PortableFirefox\Data\profile\cookies.txt -> TrackingCookie.Clickhype : No action taken.
C:\Documents and Settings\Yong\Cookies\yong@com[1].txt -> TrackingCookie.Com : No action taken.
:mozilla.10:E:\Lecherng\Installer\PortableFirefox\Data\profile\cookies.txt -> TrackingCookie.Doubleclick : No action taken.
:mozilla.69:E:\Lecherng\Installer\PortableFirefox\Data\profile\cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.115:E:\Lecherng\Installer\PortableFirefox\Data\profile\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.73:E:\Lecherng\Installer\PortableFirefox\Data\profile\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.74:E:\Lecherng\Installer\PortableFirefox\Data\profile\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.33:C:\Documents and Settings\Yong\Application Data\Mozilla\Firefox\Profiles\4su75w03.default\cookies.txt -> TrackingCookie.Ivwbox : No action taken.
:mozilla.82:E:\Lecherng\Installer\PortableFirefox\Data\profile\cookies.txt -> TrackingCookie.Mediaplex : No action taken.
:mozilla.50:E:\Lecherng\Installer\PortableFirefox\Data\profile\cookies.txt -> TrackingCookie.Paycounter : No action taken.
:mozilla.75:E:\Lecherng\Installer\PortableFirefox\Data\profile\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.76:E:\Lecherng\Installer\PortableFirefox\Data\profile\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.77:E:\Lecherng\Installer\PortableFirefox\Data\profile\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.78:E:\Lecherng\Installer\PortableFirefox\Data\profile\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.79:E:\Lecherng\Installer\PortableFirefox\Data\profile\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.24:E:\Lecherng\Installer\PortableFirefox\Data\profile\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.25:E:\Lecherng\Installer\PortableFirefox\Data\profile\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.26:E:\Lecherng\Installer\PortableFirefox\Data\profile\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.27:E:\Lecherng\Installer\PortableFirefox\Data\profile\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.32:E:\Lecherng\Installer\PortableFirefox\Data\profile\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.33:E:\Lecherng\Installer\PortableFirefox\Data\profile\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.34:E:\Lecherng\Installer\PortableFirefox\Data\profile\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.41:E:\Lecherng\Installer\PortableFirefox\Data\profile\cookies.txt -> TrackingCookie.Zedo : No action taken.
:mozilla.42:E:\Lecherng\Installer\PortableFirefox\Data\profile\cookies.txt -> TrackingCookie.Zedo : No action taken.
:mozilla.43:E:\Lecherng\Installer\PortableFirefox\Data\profile\cookies.txt -> TrackingCookie.Zedo : No action taken.
:mozilla.44:E:\Lecherng\Installer\PortableFirefox\Data\profile\cookies.txt -> TrackingCookie.Zedo : No action taken.
:mozilla.45:E:\Lecherng\Installer\PortableFirefox\Data\profile\cookies.txt -> TrackingCookie.Zedo : No action taken.
F:\Emulator GameZS\TGB Dual\devices\tbr_dll.dll -> Trojan.Gologger.10.d : No action taken.


::Report end


HijackThis log___________________________________________

Logfile of HijackThis v1.99.1
Scan saved at 12:12:26, on 23/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
E:\Lecherng\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?.home=ytie
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Program Files\MP3 Player Utilities 4.00\AMVConverter\grab.html
O8 - Extra context menu item: Add to Media Manager... - C:\Program Files\MP3 Player Utilities 4.00\MediaManager\grab.html
O8 - Extra context menu item: Download All by FlashGet - C:\PROGRA~1\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\PROGRA~1\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1107921377046
O16 - DPF: {70EE0AA4-5A3A-4052-8FFA-2EEDA43F7942} (Innotive Cibrowser Control 1.1) - http://202.71.104.89/ibrowser/cibrowser_1_1_1_130.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: winowl32 - winowl32.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe (file missing)
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~2.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Unknown owner - C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\navapsvc.exe (file missing)
O23 - Service: Norton Unerase Protection (NProtectService) - Unknown owner - C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\AdvTools\NPROTECT.EXE (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: SAVScan - Unknown owner - C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\SAVScan.exe (file missing)
O23 - Service: ScriptBlocking Service (SBService) - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe (file missing)
O23 - Service: PC Tools Spyware Doctor (SDhelper) - Unknown owner - C:\Program Files\Spyware Doctor\sdhelp.exe (file missing)
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe (file missing)
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O23 - Service: USB Driver (Windows Configuration Loader) - Unknown owner - -netsvcs, (file missing)



thanks a lot man!!!!
By the way do u know how to fix the missing windows search toolbar???
i think i had accidentally deleted some files that cause this search toolbar to work unproperly (p.s u can refer to the picture in the first reply)

And do my computer still has trojan or any virus inside???

teacup61
2006-12-23, 17:55
Hello,

Please open AVG. Click on the settings tab at the top, then apply all actions, and choose clean (quarantine). The run AVG again so it can clean all that stuff it found. ;) Post a new HijackThis log after, please.

If you have your XP disk you can replace the system files you deleted using the System File Checker.

Click Start> Run and type (or copy and paste) sfc /scannow. Follow the prompts, and be ready with your disk if it asks for it.

Let me know how that comes out. :)

Thanks,
tea

noobiez
2006-12-24, 18:13
tea, u r such a great guy:bigthumb: . So far my computer run smoothly (without crashing/ lagging while working)

here is the fresh copy of HJT log and AVG antispy report

HJT log-----------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 11:00:06, on 24/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe
E:\Lecherng\Installer\PortableFirefox\App\firefox\firefox.exe
C:\Program Files\Azureus\Azureus.exe
E:\Lecherng\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?.home=ytie
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvgaz.dll,startup
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\RunServices: [HLL Data Parameter] hllcxpa.exe
O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Program Files\MP3 Player Utilities 4.00\AMVConverter\grab.html
O8 - Extra context menu item: Add to Media Manager... - C:\Program Files\MP3 Player Utilities 4.00\MediaManager\grab.html
O8 - Extra context menu item: Download All by FlashGet - C:\PROGRA~1\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\PROGRA~1\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1107921377046
O16 - DPF: {70EE0AA4-5A3A-4052-8FFA-2EEDA43F7942} (Innotive Cibrowser Control 1.1) - http://202.71.104.89/ibrowser/cibrowser_1_1_1_130.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: winowl32 - winowl32.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe (file missing)
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Unknown owner - C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\navapsvc.exe (file missing)
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Unknown owner - C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\AdvTools\NPROTECT.EXE (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: SAVScan - Unknown owner - C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\SAVScan.exe (file missing)
O23 - Service: ScriptBlocking Service (SBService) - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe (file missing)
O23 - Service: PC Tools Spyware Doctor (SDhelper) - Unknown owner - C:\Program Files\Spyware Doctor\sdhelp.exe (file missing)
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe (file missing)
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O23 - Service: USB Driver (Windows Configuration Loader) - Unknown owner - -netsvcs, (file missing)


AVG antispy--------------------------------------------------------

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 10:59:07 24/12/2006

+ Scan result:



C:\System Volume Information\_restore{F4279069-103C-4908-8178-860A2AD2C150}\RP10\A0001859.dll -> Not-A-Virus.Hoax.Win32.Renos.gi : No action taken.
C:\WINDOWS\Temp\mst1BE.tmp -> Not-A-Virus.Hoax.Win32.Renos.gi : No action taken.
C:\WINDOWS\Temp\mst22A.tmp -> Not-A-Virus.Hoax.Win32.Renos.gi : No action taken.
C:\WINDOWS\Temp\mst311.tmp -> Not-A-Virus.Hoax.Win32.Renos.gi : No action taken.
C:\WINDOWS\Temp\mstB42.tmp -> Not-A-Virus.Hoax.Win32.Renos.gi : No action taken.
C:\WINDOWS\system32\drvdew.dll -> Not-A-Virus.Hoax.Win32.Renos.gi : No action taken.
C:\WINDOWS\system32\drvgux.dll -> Not-A-Virus.Hoax.Win32.Renos.gi : No action taken.
C:\WINDOWS\system32\drvran.dll -> Not-A-Virus.Hoax.Win32.Renos.gi : No action taken.
:mozilla.66:E:\Lecherng\Installer\PortableFirefox\Data\profile\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.67:E:\Lecherng\Installer\PortableFirefox\Data\profile\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.24:C:\Documents and Settings\Yong\Application Data\Mozilla\Firefox\Profiles\4su75w03.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.50:E:\Lecherng\Installer\PortableFirefox\Data\profile\cookies.txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.52:E:\Lecherng\Installer\PortableFirefox\Data\profile\cookies.txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.53:E:\Lecherng\Installer\PortableFirefox\Data\profile\cookies.txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.56:E:\Lecherng\Installer\PortableFirefox\Data\profile\cookies.txt -> TrackingCookie.Adbrite : No action taken.
C:\Documents and Settings\Yong\Cookies\yong@adbrite[2].txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.34:E:\Lecherng\Installer\PortableFirefox\Data\profile\cookies.txt -> TrackingCookie.Atdmt : No action taken.
:mozilla.54:E:\Lecherng\Installer\PortableFirefox\Data\profile\cookies.txt -> TrackingCookie.Clickhype : No action taken.
:mozilla.55:E:\Lecherng\Installer\PortableFirefox\Data\profile\cookies.txt -> TrackingCookie.Clickhype : No action taken.
:mozilla.27:E:\Lecherng\Installer\PortableFirefox\Data\profile\cookies.txt -> TrackingCookie.Com : No action taken.
:mozilla.30:E:\Lecherng\Installer\PortableFirefox\Data\profile\cookies.txt -> TrackingCookie.Doubleclick : No action taken.
:mozilla.95:E:\Lecherng\Installer\PortableFirefox\Data\profile\cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.96:E:\Lecherng\Installer\PortableFirefox\Data\profile\cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.33:C:\Documents and Settings\Yong\Application Data\Mozilla\Firefox\Profiles\4su75w03.default\cookies.txt -> TrackingCookie.Ivwbox : No action taken.
:mozilla.73:E:\Lecherng\Installer\PortableFirefox\Data\profile\cookies.txt -> TrackingCookie.Mediaplex : No action taken.
:mozilla.35:E:\Lecherng\Installer\PortableFirefox\Data\profile\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.36:E:\Lecherng\Installer\PortableFirefox\Data\profile\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.37:E:\Lecherng\Installer\PortableFirefox\Data\profile\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.38:E:\Lecherng\Installer\PortableFirefox\Data\profile\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.39:E:\Lecherng\Installer\PortableFirefox\Data\profile\cookies.txt -> TrackingCookie.Ru4 : No action taken.
:mozilla.40:E:\Lecherng\Installer\PortableFirefox\Data\profile\cookies.txt -> TrackingCookie.Ru4 : No action taken.
:mozilla.41:E:\Lecherng\Installer\PortableFirefox\Data\profile\cookies.txt -> TrackingCookie.Ru4 : No action taken.
:mozilla.42:E:\Lecherng\Installer\PortableFirefox\Data\profile\cookies.txt -> TrackingCookie.Ru4 : No action taken.
:mozilla.19:E:\Lecherng\Installer\PortableFirefox\Data\profile\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.20:E:\Lecherng\Installer\PortableFirefox\Data\profile\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.21:E:\Lecherng\Installer\PortableFirefox\Data\profile\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.22:E:\Lecherng\Installer\PortableFirefox\Data\profile\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.23:E:\Lecherng\Installer\PortableFirefox\Data\profile\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.59:E:\Lecherng\Installer\PortableFirefox\Data\profile\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.61:E:\Lecherng\Installer\PortableFirefox\Data\profile\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.62:E:\Lecherng\Installer\PortableFirefox\Data\profile\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.63:E:\Lecherng\Installer\PortableFirefox\Data\profile\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.48:E:\Lecherng\Installer\PortableFirefox\Data\profile\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.49:E:\Lecherng\Installer\PortableFirefox\Data\profile\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.77:E:\Lecherng\Installer\PortableFirefox\Data\profile\cookies.txt -> TrackingCookie.Zedo : No action taken.
:mozilla.78:E:\Lecherng\Installer\PortableFirefox\Data\profile\cookies.txt -> TrackingCookie.Zedo : No action taken.
:mozilla.79:E:\Lecherng\Installer\PortableFirefox\Data\profile\cookies.txt -> TrackingCookie.Zedo : No action taken.


::Report end



-------------------------------------------------------------------

I'm sorry to say that i didn't have XP disk. So can i search the missing windows files in the internet??? or there is other way to restore back those files???

I'm very sorry. I didn't want to disturb u during this Christmas Season. But, i need to fix this things until it is correc again.

I'm really sorry!!:sad:

teacup61
2006-12-25, 05:18
No reason to be sorry. :)

Did you set AVG to clean those? I see it says "no action taken" again. They really have to be removed.:spider:

Do you know the exact files that are missing? If so, then you have a good chance of finding them at Microsoft to download.

noobiez
2006-12-25, 07:00
hi teacup61 :)

later i ll try to run the AVG antspy again n delete all threads.

about the missing files, i think is not a big problem for now. But i ll try to fix it in future. Do think it will cause my computer to work unnormally?

thanks again! :bigthumb:

tashi
2007-01-04, 01:29
How is it going noobiez. :)

tashi
2007-01-09, 02:43
This topic has been closed to prevent others with similar issues posting in it.
If you need it re-opened please send me or your helper a private message (pm) and provide a link to the thread.

Applies only to the original topic starter.