View Full Version : My IE problem, please help!!!
yzhuan1
09-18-2007, 02:44 PM
Dear,
When I am using my IE, it will popup a window and say problem as follows:
dlbcserv.exe has encountered a problem and needs to close. We are sorry for the inconvenience.
Your PIN Number: 07095879419983
Could anyone help me? After using hijackthis to scan my computer, I get information as follows,
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:35:07 PM, on 9/18/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\cusrvc.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\WINDOWS\system32\NWTRAY.EXE
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\MMDiag.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Google\Google Pinyin\GooglePinyinDaemon.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
O2 - BHO: (no name) - (A?49E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: (no name) - ????0-31B7-401E-A518-A07C3DB8F777} - (no file)
O2 - BHO: (no name) - rsion - (no file)
O2 - BHO: (no name) - XA?3B121-5C4C-4450-9D1F-7B67085CC199} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\sw g.dll
O2 - BHO: (no name) - ˋ?497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE
O4 - HKLM\..\Run: [KeyAccess] C:\WINDOWS\keyacc32.exe
O4 - HKLM\..\Run: [RemotelyAnywhere GUI] "C:\Program Files\RemotelyAnywhere\RAGui.exe"
O4 - HKLM\..\Run: [NI.UWFX6_0001_N69M1503] "C:\Documents and Settings\Yan Zhuang\Local Settings\Temporary Internet Files\Content.IE5\6BEBA1EN\WinFixer2006FreeInstall [1].exe" -nag
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [AAWTray] C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Google IME Autoupdater] "C:\Program Files\Google\Google Pinyin\GooglePinyinDaemon.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: dlbcserv.lnk = C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - [url]http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab[/url]
O20 - Winlogon Notify: awtss - C:\WINDOWS\system32\awtss.dll (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Client Update Service for Novell (cusrvc) - Novell, Inc. - C:\WINDOWS\system32\cusrvc.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
Do you have a Dell Photo Printer attached to your machine?
Is your computer a Dell?
yzhuan1
09-18-2007, 04:43 PM
Yes, my compter is dell, it is connected with a dell printer.
I'm not going to get into the HJT log...too out of practice, still.
But the basic problem seems to be with the Dell printer drivers...you may want to try uninstalling and reinstalling it, with the latest version of the drivers.
yzhuan1
09-18-2007, 07:08 PM
Thanks for your help.
I try to uninstall the Dell photo printer 720, but I get error as follows,
The Dell photo printer 720 is currently in use, please wait until the printer hs finished printing and then uninstall.
But printer is idle.
Ajmukon
09-18-2007, 07:52 PM
go to
my computer/control panel/printers and faxes/dell photo printer 720
right click on ANY document and select "cancel"
if that fails (or nothing is in the queue) , try restarting the computer IN safe mode and uninstalling the drivers then
i think it is F4 to get to the boot menu...
(if this appears twice- blame browser)
yzhuan1
09-18-2007, 10:13 PM
thank you so much, I get it.
I will run my IE, see if I have solved the problem.
Budfred
09-18-2007, 10:42 PM
You also have malware, so the printer is not the only problem... Please do this:
1. Download this file - combofix.exe (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
2. Double click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall...
yzhuan1
09-19-2007, 03:18 PM
thank you so much, since the log file is two long, so a post it in two mails.
the first half is as follows:
ComboFix 07-09-18.4 - "Yan Zhuang" 2007-09-19 12:51:30.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.936.86.1033.18.104 [GMT -5:00]
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\DOCUME~1\YANZHU~1\APPLIC~1\macromedia\Flash Player\#SharedObjects\HKQCQ2M6\www.inter-focus.cn
C:\DOCUME~1\YANZHU~1\APPLIC~1\macromedia\Flash Player\#SharedObjects\HKQCQ2M6\www.inter-focus.cn\240180JP_Dark.swf\IFFLASHAD.sol
C:\DOCUME~1\YANZHU~1\APPLIC~1\macromedia\Flash Player\#SharedObjects\HKQCQ2M6\www.inter-focus.cn\240180JP_Dark_beta101.swf\IFFLASHAD.sol
C:\DOCUME~1\YANZHU~1\APPLIC~1\macromedia\Flash Player\#SharedObjects\HKQCQ2M6\www.inter-focus.cn\flashad-v5-stop_firstput_mute.swf\IFFLASHAD.sol
C:\DOCUME~1\YANZHU~1\APPLIC~1\macromedia\Flash Player\#SharedObjects\HKQCQ2M6\www.inter-focus.cn\IF240180JP_016.swf\IFFLASHAD.sol
C:\DOCUME~1\YANZHU~1\APPLIC~1\macromedia\Flash Player\#SharedObjects\HKQCQ2M6\www.inter-focus.cn\player_jp_new.swf\IFFLASHAD.sol
C:\DOCUME~1\YANZHU~1\APPLIC~1\macromedia\Flash Player\#SharedObjects\HKQCQ2M6\www.inter-focus.cn\SWF240180JP_015.swf\IFFLASHAD.sol
C:\DOCUME~1\YANZHU~1\APPLIC~1\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www .inter-focus.cn
C:\DOCUME~1\YANZHU~1\APPLIC~1\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www .inter-focus.cn\settings.sol
C:\WINDOWS\system32\bszip.dll
.
((((((((((((((((((((((((( Files Created from 2007-08-19 to 2007-09-19 )))))))))))))))))))))))))))))))
.
2007-09-19 12:50 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-09-18 20:03 <DIR> d-------- C:\Program Files\Dell 720
2007-09-18 20:03 <DIR> d-------- C:\Dell720
2007-09-18 19:45 <DIR> d-------- C:\Program Files\Dl_cats
2007-09-14 11:18 23,040 --a------ C:\WINDOWS\system32\dllcache\xrxwbtmp.dll
2007-09-14 11:18 17,408 --a------ C:\WINDOWS\system32\dllcache\xrxscnui.dll
2007-09-14 11:18 116,224 --a------ C:\WINDOWS\system32\dllcache\xrxwiadr.dll
2007-09-11 13:43 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-09-11 13:29 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-09-11 13:19 <DIR> d-------- C:\Program Files\Lavasoft
2007-09-11 12:42 <DIR> d-------- C:\ie-spyad_zo
2007-09-11 12:28 <DIR> d-------- C:\Program Files\SpywareBlaster
2007-09-11 12:25 <DIR> d-------- C:\Program Files\Sunbelt Software
2007-09-07 23:33 4,546 --a------ C:\WINDOWS\system32\tmp.reg
2007-09-07 23:11 <DIR> d-------- C:\VundoFix Backups
2007-09-07 22:36 <DIR> d-------- C:\Program Files\Trend Micro
2007-09-07 22:24 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-09-07 22:24 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-09-07 22:24 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2007-09-07 22:24 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-09-07 21:53 <DIR> d-------- C:\DOCUME~1\admin\APPLIC~1\Yahoo!
2007-09-07 21:51 <DIR> d-------- C:\DOCUME~1\admin\APPLIC~1\GTek
2007-09-07 21:50 <DIR> d-------- C:\DOCUME~1\admin\APPLIC~1\Real
2007-09-07 21:49 <DIR> d-------- C:\DOCUME~1\admin\APPLIC~1\Google
2007-09-07 17:13 <DIR> d-------- C:\DOCUME~1\YANZHU~1\DoctorWeb
2007-09-05 18:38 <DIR> d-------- C:\DOCUME~1\YANZHU~1\APPLIC~1\Internet Chess Club
2007-09-04 23:45 <DIR> d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\Yahoo!
2007-09-04 23:45 <DIR> d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\Google
2007-09-04 21:42 48,816 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2007-09-04 21:42 109,744 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-09-04 21:40 <DIR> d-------- C:\Program Files\Symantec AntiVirus
2007-09-04 21:40 <DIR> d-------- C:\Program Files\Symantec
2007-09-04 21:40 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2007-09-04 21:40 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
2007-08-31 15:50 <DIR> d-------- C:\YanThesis
yzhuan1
09-19-2007, 03:23 PM
This is the second part of the log file:
.
((( Find3M Report )
.
2007-09-17 17:51 2731 --a------ C:\WINDOWS\system32\drivers\fwdrv.err
2007-09-12 10:31 --------- d-------- C:\Program Files\BitComet
2007-09-12 10:25 --------- d-------- C:\Program Files\Google
2007-09-12 10:25 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
2007-09-11 08:37 --------- d-------- C:\Program Files\Yahoo!
2007-09-11 08:36 --------- d-------- C:\Program Files\Common Files\Scanner
2007-09-07 21:41 --------- d-------- C:\Program Files\Internet Chess Club
2007-09-07 19:40 --------- d-------- C:\Program Files\DellSupport
2007-08-31 15:52 --------- d-------- C:\DOCUME~1\YANZHU~1\APPLIC~1\WinEdt
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\dllcache\cdm.dll
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\dllcache\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\dllcache\wuauclt.exe
2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\dllcache\wucltui.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\dllcache\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\dllcache\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\dllcache\wups.dll
2007-07-19 01:59 3583488 --a------ C:\WINDOWS\system32\dllcache\mshtml.dll
2007-07-14 11:18 3350 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2007-07-12 18:31 765952 --a------ C:\WINDOWS\system32\dllcache\vgx.dll
2007-06-27 09:34 823808 --a------ C:\WINDOWS\system32\dllcache\wininet.dll
2007-06-27 09:34 671232 --a------ C:\WINDOWS\system32\dllcache\mstime.dll
2007-06-27 09:34 6058496 --------- C:\WINDOWS\system32\dllcache\ieframe.dll
2007-06-27 09:34 52224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-06-27 09:34 477696 --a------ C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-06-27 09:34 459264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-06-27 09:34 44544 --a------ C:\WINDOWS\system32\dllcache\iernonce.dll
2007-06-27 09:34 384512 --a------ C:\WINDOWS\system32\dllcache\iedkcs32.dll
2007-06-27 09:34 383488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-06-27 09:34 27648 --a------ C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-06-27 09:34 267776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll
2007-06-27 09:34 232960 --a------ C:\WINDOWS\system32\dllcache\webcheck.dll
2007-06-27 09:34 230400 --a------ C:\WINDOWS\system32\dllcache\ieaksie.dll
2007-06-27 09:34 193024 --a------ C:\WINDOWS\system32\dllcache\msrating.dll
2007-06-27 09:34 153088 --a------ C:\WINDOWS\system32\dllcache\ieakeng.dll
2007-06-27 09:34 132608 --a------ C:\WINDOWS\system32\dllcache\extmgr.dll
2007-06-27 09:34 124928 --a------ C:\WINDOWS\system32\dllcache\advpack.dll
2007-06-27 09:34 1152000 --a------ C:\WINDOWS\system32\dllcache\urlmon.dll
2007-06-27 09:34 105984 --a------ C:\WINDOWS\system32\dllcache\url.dll
2007-06-27 09:34 102400 --a------ C:\WINDOWS\system32\dllcache\occache.dll
2007-06-27 03:27 63488 --a------ C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-06-27 03:27 625152 --a------ C:\WINDOWS\system32\dllcache\iexplore.exe
2007-06-27 03:27 13824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-06-27 02:00 161792 --a------ C:\WINDOWS\system32\dllcache\ieakui.dll
2007-06-26 22:10 317440 --a------ C:\WINDOWS\system32\dllcache\unregmp2.exe
2007-06-26 01:08 1104896 --a------ C:\WINDOWS\system32\msxml3.dll
2007-06-26 01:08 1104896 --a------ C:\WINDOWS\system32\dllcache\msxml3.dll
2007-06-19 08:31 282112 --a------ C:\WINDOWS\system32\gdi32.dll
2007-06-19 08:31 282112 --a------ C:\WINDOWS\system32\dllcache\gdi32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"@"="" []
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-07-20 00:09]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-07-20 00:06]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-07-20 00:10]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-23 01:20 C:\WINDOWS\stsystra.exe]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-01-11 12:29]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 11:44]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 11:44]
"MimBoot"="C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe" [2006-01-18 14:00]
"MMTray"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2006-01-18 14:00]
"NWTRAY"="NWTRAY.EXE" [2002-03-12 12:37 C:\WINDOWS\system32\nwtray.exe]
"KeyAccess"="C:\WINDOWS\keyacc32.exe" [2004-03-20 14:00]
"RemotelyAnywhere GUI"="C:\Program Files\RemotelyAnywhere\RAGui.exe" []
"NI.UWFX6_0001_N69M1503"="C:\Documents and Settings\Yan Zhuang\Local Settings\Temporary Internet Files\Content.IE5\6BEBA1EN\WinFixer2006FreeInstall [1].exe" []
"MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [2005-07-12 19:05]
"UDC Integration"="" []
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-09-03 22:10]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-07-19 19:26]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2006-09-27 20:33]
"Corel Photo Downloader"="C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe" [2005-08-31 12:06]
"AAWTray"="C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe" []
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 04:25]
"Google IME Autoupdater"="C:\Program Files\Google\Google Pinyin\GooglePinyinDaemon.exe" [2007-08-29 03:26]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-19 18:48]
"combofix"="C:\WINDOWS\system32\cmd.exe" [2004-08-04 06:00]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:00]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2007-08-28 08:59]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 11:09]
[HKEY_USERS\.default\software\microsoft\windows\cur rentversion\runonce]
"RunNarrator"=Narrator.exe
C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\
Adobe Gamma Loader.exe.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-08-25 00:19:52]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 06:05:56]
QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2004-11-11 12:59:36]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"CompatibleRUPSecurity"=1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\system]
"DisableRegistryTools"=0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awtss]
C:\WINDOWS\system32\awtss.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\RAinit]
RAinit.dll 2005-04-18 14:24 10496 C:\WINDOWS\system32\RAinit.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=KATRACK.DLL
[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\lsa]
"Authentication Packages"= msv1_0 nwv1_0
R0 NICM;Novell InterService Communication Driver;C:\WINDOWS\system32\drivers\nicm.sys
R0 NWFILTER;Novell UNC Path Filter;C:\WINDOWS\system32\NetWare\nwfilter.sys
R2 cusrvc;Client Update Service for Novell;C:\WINDOWS\system32\cusrvc.exe
R2 NetwareWorkstation;Novell Client for Windows;C:\WINDOWS\system32\NetWare\nwfs.sys
R2 NWDHCP;Novell DHCP Inform Client;C:\WINDOWS\system32\NetWare\nwdhcp.sys
R2 RESMGR;Novell NetWare Resource Manager;C:\WINDOWS\system32\NetWare\resmgr.sys
R2 SRVLOC;Novell Service Location;C:\WINDOWS\system32\NetWare\srvloc.sys
R3 NWDNS;Novell DNS Name Space Service Provider;C:\WINDOWS\system32\NetWare\nwdns.sys
R3 NWHOST;Novell Host File Name Space Service Provider;C:\WINDOWS\system32\NetWare\NWHOST.sys
R3 NWSNS;Novell Simple Naming Services;C:\WINDOWS\system32\NetWare\NWSNS.sys
S2 NWSIPX32;Novell NetWare IPX/SPX Transport Interface;C:\WINDOWS\system32\NetWare\nwsipx32.sys
S2 RAInfo;RemotelyAnywhere Kernel Information Provider;\??\C:\Program Files\RemotelyAnywhere\RaInfo.sys
S3 NWSAP;Novell SAP Name Space Provider;C:\WINDOWS\system32\NetWare\NWSAP.sys
S3 NWSLP;Novell SLP Name Space Service Provider;C:\WINDOWS\system32\NetWare\nwslp.sys
.
Contents of the 'Scheduled Tasks' folder
"2006-01-16 22:48:28 C:\WINDOWS\Tasks\ISP signup reminder 1.job"
- C:\WINDOWS\system32\OOBE\oobebaln.exe
.
************************************************** ************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [url]http://www.gmer.net[/url]
Rootkit scan 2007-09-19 12:59:46
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
Budfred
09-19-2007, 10:56 PM
Looks like most of it is gone, but please run this scan to check for more:
Please download SmitfraudFix (http://siri.urz.free.fr/Fix/SmitfraudFix.zip) (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.
Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.
Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm (http://www.beyondlogic.org/consulting/processutil/processutil.htm)]
Also, when you post the log, let me know how your computer is doing...
yzhuan1
09-20-2007, 11:40 AM
Thanks, the report is as follows. Right now, there is no error coming out from IE. The problem is: When I open the computer, open the IE, first time will take about 17 seconds, after that, open IE will very fast.
SmitFraudFix v2.226
Scan done at 9:32:13.84, 09/20/2007 Thu
Run from C:\Documents and Settings\Yan Zhuang\Desktop\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is
Fix run in normal mode
换换换换换换换换换换换换 Process
换换换换换换换换换换换换 hosts
换换换换换换换换换换换换 C:\
换换换换换换换换换换换换 C:\WINDOWS
换换换换换换换换换换换换 C:\WINDOWS\system
换换换换换换换换换换换换 C:\WINDOWS\Web
换换换换换换换换换换换换 C:\WINDOWS\system32
换换换换换换换换换换换换 C:\WINDOWS\system32\LogFiles
换换换换换换换换换换换换 C:\Documents and Settings\Yan Zhuang
换换换换换换换换换换换换 C:\Documents and Settings\Yan Zhuang\Application Data
换换换换换换换换换换换换 Start Menu
换换换换换换换换换换换换 C:\DOCUME~1\YANZHU~1\FAVORI~1
换换换换换换换换换换换换 Desktop
换换换换换换换换换换换换 C:\Program Files
换换换换换换换换换换换换 Corrupted keys
换换换换换换换换换换换换 Desktop Components
换换换换换换换换换换换换 Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
换换换换换换换换换换换换 AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
换换换换换换换换换换换换 Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
换换换换换换换换换换换换 Rustock
换换换换换换换换换换换换 DNS
Description: Compact Wireless-G USB Network Adapter with SpeedBooster - Packet Scheduler Miniport
DNS Server Search Order: 74.134.1.180
DNS Server Search Order: 74.134.1.181
HKLM\SYSTEM\CCS\Services\Tcpip\..\{5B7D4A26-2058-4603-ADFA-A024F31D79D7}: DhcpNameServer=74.134.1.180 74.134.1.181
HKLM\SYSTEM\CS1\Services\Tcpip\..\{5B7D4A26-2058-4603-ADFA-A024F31D79D7}: DhcpNameServer=74.134.1.180 74.134.1.181
HKLM\SYSTEM\CS3\Services\Tcpip\..\{5B7D4A26-2058-4603-ADFA-A024F31D79D7}: DhcpNameServer=74.134.1.180 74.134.1.181
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=74.134.1.180 74.134.1.181
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=74.134.1.180 74.134.1.181
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=74.134.1.180 74.134.1.181
换换换换换换换换换换换换 Scanning for wininet.dll infection
换换换换换换换换换换换换 End
Budfred
09-20-2007, 10:24 PM
Okay, that didn't do it...
Try another couple of scans:
* Click here (http://support.f-secure.com/enu/home/ols.shtml) to use the F-Secure Online Scanner
Then click the Start Scanning button below.
You should get a notification (bar on top) to install the activeX. Click on it and select to install the ActiveX.
Once the ActiveX is installed, you should accept the License terms by clicking OK below to start the scan.
In case you are having problems with installing the ActiveX/starting the scan, please read here (http://support.f-secure.com/enu/home/ols-faq.shtml).
Click the Full System Scan button.
It will start to download scanner components and databases. This can take a while.
The main scan will start.
Once the scan finished scanning, click the Automatic cleaning (recommended) button
It could be possible that your firewall gives an alert - allow it, because that's a connection you establish to submit infected files to F-Secure.
The cleaning can take a while, so please be patient.
Then click the Show report button and copy and paste what's present under results in your next reply.
and then................
Download AVG Anti-Spyware from HERE (http://www.ewido.net/en/download/)
Install AVG Anti-Spyware
Double-click the icon on Desktop to launch AVG Anti-Spyware
You will need to update AVG Anti-Spyware to the latest definition files.
On the top of the main screen click Shield and then [active] to change it to inactive
On the top of the main screen click Update and then Start Update.
Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
Close ALL open Windows / Programs / Folders. Run AVG Anti-Spyware with it's updated definitions: (...it's important that all windows must be closed)
* Click Scanner and then the Scan tab
* Click Complete System Scan to begin scanning.
Once the scan is complete do the following:
* If you have any infections you will prompted, then select "Apply all actions"
* Once finished, click the Save report button, then click Save Report As and save it to your Desktop. (make sure to remember where you saved that file, this is important).
Close AVG Anti-Spyware and Reboot.
Post the logs in as many posts as it takes... If the AVG Anti-Spyware log is huge, don't bother to paste in all of the "cookies" that it will report...
yzhuan1
09-21-2007, 07:29 PM
Thanks so much, the result after F-Secure Online Scanner is al follows:
Result: 24 malware found
Tracking Cookie (spyware)
· System (Disinfected)
· System
· System
· System
· System
· System
· System
· System
· System
· System
· System
· System
· System
· System
· System
· System
· System
· System
· System
· System
· System
· System
· System
W32/Agent.AVVC.dropper (virus)
· C:\DOCUMENTS AND SETTINGS\YAN ZHUANG\DOCTORWEB\QUARANTINE\SEEKMOTBINSTALLER.EXE (Submitted)
yzhuan1
09-21-2007, 07:31 PM
The first half result of Avg anti-spyware is as follows:
--------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------
+ Created at: 5:13:10 PM 9/21/2007
+ Scan result:
C:\Documents and Settings\Yan Zhuang\DoctorWeb\Quarantine\SeekmoTBInstaller.exe -> Adware.Agent : Cleaned.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP532\A0048512.dll -> Adware.Companion : Cleaned.
:mozilla.87:C:\Documents and Settings\Yan Zhuang\Application Data\Mozilla\Firefox\Profiles\afd9uz8v.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.270:C:\Documents and Settings\Yan Zhuang\Application Data\Mozilla\Firefox\Profiles\afd9uz8v.default\coo kies.txt -> TrackingCookie.Aavalue : Cleaned.
:mozilla.271:C:\Documents and Settings\Yan Zhuang\Application Data\Mozilla\Firefox\Profiles\afd9uz8v.default\coo kies.txt -> TrackingCookie.Aavalue : Cleaned.
:mozilla.272:C:\Documents and Settings\Yan Zhuang\Application Data\Mozilla\Firefox\Profiles\afd9uz8v.default\coo kies.txt -> TrackingCookie.Aavalue : Cleaned.
:mozilla.273:C:\Documents and Settings\Yan Zhuang\Application Data\Mozilla\Firefox\Profiles\afd9uz8v.default\coo kies.txt -> TrackingCookie.Aavalue : Cleaned.
:mozilla.274:C:\Documents and Settings\Yan Zhuang\Application Data\Mozilla\Firefox\Profiles\afd9uz8v.default\coo kies.txt -> TrackingCookie.Aavalue : Cleaned.
:mozilla.275:C:\Documents and Settings\Yan Zhuang\Application Data\Mozilla\Firefox\Profiles\afd9uz8v.default\coo kies.txt -> TrackingCookie.Aavalue : Cleaned.
:mozilla.322:C:\Documents and Settings\Yan Zhuang\Application Data\Mozilla\Firefox\Profiles\afd9uz8v.default\coo kies.txt -> TrackingCookie.Aavalue : Cleaned.
:mozilla.321:C:\Documents and Settings\Yan Zhuang\Application Data\Mozilla\Firefox\Profiles\afd9uz8v.default\coo kies.txt -> TrackingCookie.Addynamix : Cleaned.
:mozilla.258:C:\Documents and Settings\Yan Zhuang\Application Data\Mozilla\Firefox\Profiles\afd9uz8v.default\coo kies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.340:C:\Documents and Settings\Yan Zhuang\Application Data\Mozilla\Firefox\Profiles\afd9uz8v.default\coo kies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.342:C:\Documents and Settings\Yan Zhuang\Application Data\Mozilla\Firefox\Profiles\afd9uz8v.default\coo kies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.345:C:\Documents and Settings\Yan Zhuang\Application Data\Mozilla\Firefox\Profiles\afd9uz8v.default\coo kies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.10:C:\Documents and Settings\Yan Zhuang\Application Data\Mozilla\Firefox\Profiles\afd9uz8v.default\coo kies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.70:C:\Documents and Settings\Yan Zhuang\Application Data\Mozilla\Firefox\Profiles\afd9uz8v.default\coo kies.txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.71:C:\Documents and Settings\Yan Zhuang\Application Data\Mozilla\Firefox\Profiles\afd9uz8v.default\coo kies.txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.72:C:\Documents and Settings\Yan Zhuang\Application Data\Mozilla\Firefox\Profiles\afd9uz8v.default\coo kies.txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.288:C:\Documents and Settings\Yan Zhuang\Application Data\Mozilla\Firefox\Profiles\afd9uz8v.default\coo kies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.289:C:\Documents and Settings\Yan Zhuang\Application Data\Mozilla\Firefox\Profiles\afd9uz8v.default\coo kies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.290:C:\Documents and Settings\Yan Zhuang\Application Data\Mozilla\Firefox\Profiles\afd9uz8v.default\coo kies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.291:C:\Documents and Settings\Yan Zhuang\Application Data\Mozilla\Firefox\Profiles\afd9uz8v.default\coo kies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.292:C:\Documents and Settings\Yan Zhuang\Application Data\Mozilla\Firefox\Profiles\afd9uz8v.default\coo kies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.341:C:\Documents and Settings\Yan Zhuang\Application Data\Mozilla\Firefox\Profiles\afd9uz8v.default\coo kies.txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\Yan Zhuang\Cookies\yan zhuang@techrepublic.com[1].txt -> TrackingCookie.Com : Cleaned.
:mozilla.29:C:\Documents and Settings\Yan Zhuang\Application Data\Mozilla\Firefox\Profiles\afd9uz8v.default\coo kies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.100:C:\Documents and Settings\Yan Zhuang\Application Data\Mozilla\Firefox\Profiles\afd9uz8v.default\coo kies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.101:C:\Documents and Settings\Yan Zhuang\Application Data\Mozilla\Firefox\Profiles\afd9uz8v.default\coo kies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.99:C:\Documents and Settings\Yan Zhuang\Application Data\Mozilla\Firefox\Profiles\afd9uz8v.default\coo kies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.299:C:\Documents and Settings\Yan Zhuang\Application Data\Mozilla\Firefox\Profiles\afd9uz8v.default\coo kies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.319:C:\Documents and Settings\Yan Zhuang\Application Data\Mozilla\Firefox\Profiles\afd9uz8v.default\coo kies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.346:C:\Documents and Settings\Yan Zhuang\Application Data\Mozilla\Firefox\Profiles\afd9uz8v.default\coo kies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.343:C:\Documents and Settings\Yan Zhuang\Application Data\Mozilla\Firefox\Profiles\afd9uz8v.default\coo kies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.344:C:\Documents and Settings\Yan Zhuang\Application Data\Mozilla\Firefox\Profiles\afd9uz8v.default\coo kies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.282:C:\Documents and Settings\Yan Zhuang\Application Data\Mozilla\Firefox\Profiles\afd9uz8v.default\coo kies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.86:C:\Documents and Settings\Yan Zhuang\Application Data\Mozilla\Firefox\Profiles\afd9uz8v.default\coo kies.txt -> TrackingCookie.Liveperson : Cleaned.
yzhuan1
09-21-2007, 07:32 PM
The second half results of Avg Anti-spyware is as follows:
:mozilla.254:C:\Documents and Settings\Yan Zhuang\Application Data\Mozilla\Firefox\Profiles\afd9uz8v.default\coo kies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.259:C:\Documents and Settings\Yan Zhuang\Application Data\Mozilla\Firefox\Profiles\afd9uz8v.default\coo kies.txt -> TrackingCookie.Msn : Cleaned.
:mozilla.260:C:\Documents and Settings\Yan Zhuang\Application Data\Mozilla\Firefox\Profiles\afd9uz8v.default\coo kies.txt -> TrackingCookie.Msn : Cleaned.
:mozilla.261:C:\Documents and Settings\Yan Zhuang\Application Data\Mozilla\Firefox\Profiles\afd9uz8v.default\coo kies.txt -> TrackingCookie.Msn : Cleaned.
C:\Documents and Settings\Yan Zhuang\Cookies\yan zhuang@auto.search.msn[2].txt -> TrackingCookie.Msn : Cleaned.
:mozilla.114:C:\Documents and Settings\Yan Zhuang\Application Data\Mozilla\Firefox\Profiles\afd9uz8v.default\coo kies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.115:C:\Documents and Settings\Yan Zhuang\Application Data\Mozilla\Firefox\Profiles\afd9uz8v.default\coo kies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.42:C:\Documents and Settings\Yan Zhuang\Application Data\Mozilla\Firefox\Profiles\afd9uz8v.default\coo kies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.44:C:\Documents and Settings\Yan Zhuang\Application Data\Mozilla\Firefox\Profiles\afd9uz8v.default\coo kies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.45:C:\Documents and Settings\Yan Zhuang\Application Data\Mozilla\Firefox\Profiles\afd9uz8v.default\coo kies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.46:C:\Documents and Settings\Yan Zhuang\Application Data\Mozilla\Firefox\Profiles\afd9uz8v.default\coo kies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.47:C:\Documents and Settings\Yan Zhuang\Application Data\Mozilla\Firefox\Profiles\afd9uz8v.default\coo kies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.48:C:\Documents and Settings\Yan Zhuang\Application Data\Mozilla\Firefox\Profiles\afd9uz8v.default\coo kies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.49:C:\Documents and Settings\Yan Zhuang\Application Data\Mozilla\Firefox\Profiles\afd9uz8v.default\coo kies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.56:C:\Documents and Settings\Yan Zhuang\Application Data\Mozilla\Firefox\Profiles\afd9uz8v.default\coo kies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.57:C:\Documents and Settings\Yan Zhuang\Application Data\Mozilla\Firefox\Profiles\afd9uz8v.default\coo kies.txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\Yan Zhuang\Cookies\yan_zhuang@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.213:C:\Documents and Settings\Yan Zhuang\Application Data\Mozilla\Firefox\Profiles\afd9uz8v.default\coo kies.txt -> TrackingCookie.Real : Cleaned.
:mozilla.238:C:\Documents and Settings\Yan Zhuang\Application Data\Mozilla\Firefox\Profiles\afd9uz8v.default\coo kies.txt -> TrackingCookie.Real : Cleaned.
:mozilla.235:C:\Documents and Settings\Yan Zhuang\Application Data\Mozilla\Firefox\Profiles\afd9uz8v.default\coo kies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.236:C:\Documents and Settings\Yan Zhuang\Application Data\Mozilla\Firefox\Profiles\afd9uz8v.default\coo kies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.131:C:\Documents and Settings\Yan Zhuang\Application Data\Mozilla\Firefox\Profiles\afd9uz8v.default\coo kies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.132:C:\Documents and Settings\Yan Zhuang\Application Data\Mozilla\Firefox\Profiles\afd9uz8v.default\coo kies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.133:C:\Documents and Settings\Yan Zhuang\Application Data\Mozilla\Firefox\Profiles\afd9uz8v.default\coo kies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.134:C:\Documents and Settings\Yan Zhuang\Application Data\Mozilla\Firefox\Profiles\afd9uz8v.default\coo kies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.135:C:\Documents and Settings\Yan Zhuang\Application Data\Mozilla\Firefox\Profiles\afd9uz8v.default\coo kies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.265:C:\Documents and Settings\Yan Zhuang\Application Data\Mozilla\Firefox\Profiles\afd9uz8v.default\coo kies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.30:C:\Documents and Settings\Yan Zhuang\Application Data\Mozilla\Firefox\Profiles\afd9uz8v.default\coo kies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.287:C:\Documents and Settings\Yan Zhuang\Application Data\Mozilla\Firefox\Profiles\afd9uz8v.default\coo kies.txt -> TrackingCookie.Valueclick : Cleaned.
:mozilla.14:C:\Documents and Settings\Yan Zhuang\Application Data\Mozilla\Firefox\Profiles\afd9uz8v.default\coo kies.txt -> TrackingCookie.Webtrends : Cleaned.
:mozilla.23:C:\Documents and Settings\Yan Zhuang\Application Data\Mozilla\Firefox\Profiles\afd9uz8v.default\coo kies.txt -> TrackingCookie.Webtrends : Cleaned.
:mozilla.244:C:\Documents and Settings\Yan Zhuang\Application Data\Mozilla\Firefox\Profiles\afd9uz8v.default\coo kies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.276:C:\Documents and Settings\Yan Zhuang\Application Data\Mozilla\Firefox\Profiles\afd9uz8v.default\coo kies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.277:C:\Documents and Settings\Yan Zhuang\Application Data\Mozilla\Firefox\Profiles\afd9uz8v.default\coo kies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.280:C:\Documents and Settings\Yan Zhuang\Application Data\Mozilla\Firefox\Profiles\afd9uz8v.default\coo kies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.281:C:\Documents and Settings\Yan Zhuang\Application Data\Mozilla\Firefox\Profiles\afd9uz8v.default\coo kies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.283:C:\Documents and Settings\Yan Zhuang\Application Data\Mozilla\Firefox\Profiles\afd9uz8v.default\coo kies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.142:C:\Documents and Settings\Yan Zhuang\Application Data\Mozilla\Firefox\Profiles\afd9uz8v.default\coo kies.txt -> TrackingCookie.Zedo : Cleaned.
::Report end
Budfred
09-21-2007, 08:16 PM
Most of the AVG Anti-Spyware log is cookies, so not much there to be concerned about... It looks like F-Secure got some more junk... Please post a fresh HJT log after reboot and let me know how you system is running... If it is still rough, also please download a fresh copy of ComboFix and post a log from that...
yzhuan1
10-08-2007, 11:01 PM
Thank you so much, my computer ran well now.
Yan
Budfred
10-09-2007, 01:39 AM
It is quite possible for malware to hide and the scans I asked for might give a clue if there is any still there... Your choice... Either way:
Please consider using these ideas to help secure your computer. While there is no way to guarantee safety when you use a computer, these steps will make it much less likely that you will need to endure another infection. While we really like to help people, we would rather help you protect yourself so that you won't need that help in the future.
Please navigate to http://windowsupdate.microsoft.com and download all the "Critical Updates" for Windows. These will patch many of the security holes through which attackers can gain access to your computer. Your current versions appear to be outdated.
Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates or get into the habit of checking Windows Update regularly. They usually have security updates every month. You can set Windows to notify you of Updates so that you can choose, but only do this if you believe you are able to understand which ones are needed. This is a crucial security measuer.
As a minimum, you need at least an antivirus, firewall and some type of anti-spyware program.
Please consider installing and running some of the following programs; they are either free or have free versions of commercial programs:
Spybot-Search & Destroy (http://www.safer-networking.org/en/download)
A tutorial on using Spybot to remove spyware from your computer may be found here (http://www.bleepingcomputer.com/tutorials/tutorial43.html). Please also remember to enable Spybot's "Immunize" and "TeaTimer" features if you don't have the resident part of another anti-spyware program running.
SpywareBlaster (http://www.javacoolsoftware.com/spywareblaster.html)
A tutorial on using SpywareBlaster to prevent malware from ever installing on your computer may be found here (http://www.bleepingcomputer.com/tutorials/tutorial49.html).
SpywareGuard (http://www.javacoolsoftware.com/spywareguard.html)
A tutorial on using SpywareGuard for real-time protection against spyware and hijackers may be found here (http://www.bleepingcomputer.com/tutorials/tutorial50.html).
If you use Internet Explorer, it is a good idea to use IE-Spyad (http://www.spywarewarrior.com/uiuc/resource.htm) which provides protections against malicious websites.
Please keep these programs up-to-date and run them whenever you suspect a problem to prevent malware problems. A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall and scanning anti-spyware program at a time. Passive protectors, like SpywareBlaster and IE-Spyad can be run with any of them.
Note that there are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure are looking for anti-spyware programs, you can find out if it is a rogue here:
http://www.spywarewarrior.com/rogue_anti-spyware.htm
Please consider using an alternate browser. Mozilla's Firefox browser is a very good alternative. In addition to being generally more secure than Internet Explorer, it has a very good built-in popup blocker and add-ons, like NoScripts, can make it even more secure. Opera is another good option.
If you are interested, Firefox may be downloaded from here (http://www.mozilla.org/products/firefox/)
Opera is available here: http://www.opera.com/download/
For much more useful information, please also read Tony Klein's excellent article: How did I get infected in the first place (http://forums.spywareinfo.com/index.php?showtopic=60955)
Hopefully these steps will help to keep you error free. If you run into more difficulty, we will certainly do what we can to help. :)
vBulletin v3.6.1, Copyright ©2000-2012, Jelsoft Enterprises Ltd.