help to stop google redirect.... 1

cheungjc · May 26, 2007

Every time I use google to search the links found are redirected to other sites. Ususally, I back out from those site two times and on the third time, I will get to the link that I want to get to. Anyone else had similar experiences? I am including a log file from hijackthis and I hope somebody could help me to fix the problem. Thanks.

Logfile of HijackThis v1.99.1
Scan saved at 7:17:45 PM, on 5/25/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe

N3 - Netscape 7: user_pref("browser.startup.homepage", "

http://www.netscape.com");

(C:\Documents and Settings\JCheung\Application Data\Mozilla\Profiles\default\nh4az22g.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CPROGRA%7E1%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\JCheung\Application Data\Mozilla\Profiles\default\nh4az22g.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) -

https://activatemydsl.verizon.net/sdcCommon/download/tgctlcm.cab

O16 - DPF: {86A88967-7A20-11D2-8EDA-00600818EDB1} (ParallelGraphics Cortona Control) -

http://www.parallelgraphics.com/bin/cortvrml.cab

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} -

http://download.games.yahoo.com/games/web_games/popcap/insaniquarium/popcaploader_v6.cab

O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} -

http://download.abacast.com/download/files/abasetup162.cab

O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

pechenegs · May 26, 2007

you don't appear to have a firewall, even if you have a router you still need a software frewall, downlaod the one from the link below!

Comodo firewall. Sign up it's free!

http://www.personalfirewall.trustix.com/

Threads on comodo!

http://www.wilderssecurity.com/forumdisplay.php?f=31

Download ComboFix from http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe"]Here[/URL] or Here to your Desktop.

Reboot to Safe mode:

Restart your computer and begin tapping the F8 key on your keyboard just before Windows starts to load. If done right a Windows Advanced Options menu will appear. Select the Safe Mode option and press Enter.

Perform the following actions in Safe Mode.

Double click combofix.exe and follow the prompts.
When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply

Note: Do not mouseclick combofix's window while its running. That may cause it to stall

Download AVG Anti-Spyware

http://www.ewido.net/en/

* Once you have downloaded AVG Anti-spyware, locate the icon on the desktop and double-click it to launch the set up program.
* Once the setup is complete you will need run AVG and update the definition files.
* On the main screen select the icon "Update" then select the "Update now" link.
* Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
* Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
* Once in the Settings screen click on "Recommended actions" and then select "Delete"
* Under "Reports"
* Select "Automatically generate report after every scan"
* Un-Select "Only if threats were found"

Close AVG Anti-Spyware. Anti-spyware, Do NOT run a scan yet. We will do that later in safe mode.

* Click here to download ATF Cleaner by Atribune and save it to your desktop.

http://majorgeeks.com/ATF_Cleaner_d4949.html

* Double-click ATF-Cleaner.exe to run the program.
* Under Main choose: Select All
* Click the Empty Selected button.
o If you use Firefox:
+ Click Firefox at the top and choose: Select All
+ Click the Empty Selected button.
+ NOTE: If you would like to keep your saved passwords, please click No at the prompt.
o If you use Opera:
+ Click Opera at the top and choose: Select All
+ Click the Empty Selected button.
+ NOTE: If you would like to keep your saved passwords, please click No at the prompt.
* Click Exit on the Main menu to close the program.

* Click here for info on how to boot to safe mode if you don't already know
how.

http://service1.symantec.com/SUPPOR...2001052409420406?OpenDocument&src=sec_doc_nam

* Now copy these instructions to notepad and save them to your desktop. You
will need them to refer to in safe mode.

* Restart your computer into safe mode now. Perform the following steps in
safe mode:

have hijack this fix these entries. close all browsers and programmes before
clicking FIX.

O16 - DPF: {86A88967-7A20-11D2-8EDA-00600818EDB1} (ParallelGraphics Cortona Control) -

http://www.parallelgraphics.com/bin/cortvrml.cab

Run AVG Anti-Spyware!

# IMPORTANT: Do not open any other windows or programs while AVG is scanning as it may interfere with the scanning process:
# Launch AVG Anti-spyware by double-clicking the icon on your desktop.
# Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
# AVG will now begin the scanning process. Be patient this may take a little time.
Once the scan is complete do the following:
# If you have any infections you will prompted, then select "Apply all actions"
# Next select the "Reports" icon at the top.
# Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
# Close AVG and reboot your system back into Normal Mode.

Note: this is a stand alone, it doesn't install to start/programmes.

Download Mwav,

http://www.spywareinfo.dk/download/mwav.exe

double click on it and it will extract to C:\kaspersky. Click
on the kaspersky folder and click on Kavupd, a black dos window will open
and it will update the programme for you, be patient it will take 5-10
minutes to download the new definitions. Once it's updated, click on mwavscan
to launch the programme.

Use the defaults of:

Memory
startup folders
Registry
system folders
services

Choose drive , all drives and, click scan all files
and then click scan/clean. After it finishes scanning and cleaning post
the log here with a new hijack this log.

Note: this is a very thorough scanner, it might take anything up to an hour
or more, depending on how many drives you have and how badly infected your
pc is.

Highlight the portion of the scan that lists infected items and hold
CTRL + C to Copy then paste it here. The whole log with be extremely
big so there is no way to copy the whole thing. I just need the
infected items list.

Post a new hijack this, the combo log, the Mwav scan log and the AVg antispware log!

Member of ASAP Alliance of Security Analysis Professionals

under the name khazars

adam144 · May 26, 2007

Yeah I got the same problem. Go into my forum post called "google and yahooo problems" and compare our hijackthis reports, see if u can see any unusual familiar files.

cheungjc · May 26, 2007

This is my Combofix log:
"JCheung" - 2007-05-26 21:11:01 Service Pack 2 [SAFE MODE]
ComboFix 07-05.26.3.V - Running from: "C:\download\hijack-help\"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

"C:\WINDOWS\system32\regsvr32.dll"
"C:\WINDOWS\system32\kdccl.exe"

((((((((((((((((((((((((((((((( Files Created from 2007-04-26 to 2007-05-26 ))))))))))))))))))))))))))))))))))

2007-05-25 18:39 <DIR> d-------- C:\Program Files\InterMute

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-05-25 22:39:24 -------- d-----w C:\DOCUME~1\JCheung\APPLIC~1\Registry Cleaner
2007-05-06 22:49:43 -------- d-----w C:\DOCUME~1\JCheung\APPLIC~1\U3
2007-04-20 21:16:21 -------- d-----w C:\Program Files\Browser Hijack Recover
2007-04-19 21:55:18 -------- d-----w C:\Program Files\ABBYY FineReader 4.0 Sprint
2004-08-04 04:56:52 93,184 --sh--r C:\WINDOWS\caoserver.exe

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [2003-05-15 01:47]
{53707962-6F74-2D53-2644-206D7942484F}=C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 01:04]
{5CA3D70E-1895-11CF-8E15-001234567890}=C:\WINDOWS\system32\dla\tfswshx.dll [2003-02-07 01:03]
{AA58ED58-01DD-4d91-8333-CF10577473F7}=c:\program files\google\googletoolbar3.dll [2007-01-20 00:55]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2007-04-23 21:18]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2004-07-01 11:57]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-11-12 19:56]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-02-06 20:45]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Software Updater.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\KODAK Software Updater.lnk
backup=C:\WINDOWS\pss\KODAK Software Updater.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\A Verizon App]
C:\PROGRA~1\VERIZO~1\HELPSU~1\VERIZO~1.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
C:\Program Files\AIM\aim.exe -cnetwait.odl

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
"C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
C:\WINDOWS\system32\dla\tfswctrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DW4]
"C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
"C:\Program Files\Google\Google Talk\googletalk.exe" /autostart

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Internet Sweeper]
C:\WINDOWS\system32\SWEEPER.EXE /Q

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
%systemroot%\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge]
C:\PROGRA~1\VERIZO~1\HELPSU~1\SMARTB~1\MotiveSB.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\MSMSGS.EXE" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OSS]
C:\windows\system32\rlvknlg.exe -boot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Phase One Media Reader]
C:\PROGRA~1\PHASEO~1\CAPTUR~1\DCIMImp.exe /noscan /CheckAutoStart

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PopUpStopperFreeEdition]
"C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PPHIDPAD]
C:\WINPENJR\Win32\pphidpad.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealPlayer]
"C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Samsung Common SM]
"C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe" /autorun

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
"C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Smapp]
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SupportAnyPC]
"C:\DOCUME~1\JCheung\LOCALS~1\Temp\winvnc.exe" -servicehelper

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
"C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VerizonServicepoint.exe]
C:\Program Files\Verizon\Servicepoint\VerizonServicepoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]
VTTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe

Contents of the 'Scheduled Tasks' folder
2007-05-25 02:24:18 C:\WINDOWS\tasks\Symantec NetDetect.job

********************************************************************

catchme 0.3.681 W2K/XP/Vista - userland rootkit detector by Gmer,

http://www.gmer.net

Rootkit scan 2007-05-26 21:15:38
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

********************************************************************

Completion time: 2007-05-26 21:16:36 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-05-26 21:16

--- E O F ---
This is my HijackThis log:
Logfile of HijackThis v1.99.1
Scan saved at 9:19:45 PM, on 5/26/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HijackThis\HijackThis.exe

N3 - Netscape 7: user_pref("browser.startup.homepage", "

http://www.netscape.com");

(C:\Documents and Settings\JCheung\Application Data\Mozilla\Profiles\default\nh4az22g.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CPROGRA%7E1%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\JCheung\Application Data\Mozilla\Profiles\default\nh4az22g.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) -

https://activatemydsl.verizon.net/sdcCommon/download/tgctlcm.cab

O16 - DPF: {86A88967-7A20-11D2-8EDA-00600818EDB1} (ParallelGraphics Cortona Control) -

http://www.parallelgraphics.com/bin/cortvrml.cab

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} -

http://download.games.yahoo.com/games/web_games/popcap/insaniquarium/popcaploader_v6.cab

O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} -

http://download.abacast.com/download/files/abasetup162.cab

O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

Should I wait for you to look at this two log files first before I perform the other steps. Please advice what I should do next. Thanks.

Joe C

pechenegs · May 27, 2007

no, do the other steps and then post those logs and a new hijack this log!

Make sure to get a firewall and anti virus installed as this will protect you!

Member of ASAP Alliance of Security Analysis Professionals

under the name khazars

cheungjc · May 27, 2007

Thanks, I had installed the firewall and the following are log files, I hope you can help me to fix the problems, Thank you again:

1. Combofix log:
"JCheung" - 2007-05-26 21:11:01 Service Pack 2 [SAFE MODE]
ComboFix 07-05.26.3.V - Running from: "C:\download\hijack-help\"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

"C:\WINDOWS\system32\regsvr32.dll"
"C:\WINDOWS\system32\kdccl.exe"

((((((((((((((((((((((((((((((( Files Created from 2007-04-26 to 2007-05-26 ))))))))))))))))))))))))))))))))))

2007-05-25 18:39 <DIR> d-------- C:\Program Files\InterMute

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-05-25 22:39:24 -------- d-----w C:\DOCUME~1\JCheung\APPLIC~1\Registry Cleaner
2007-05-06 22:49:43 -------- d-----w C:\DOCUME~1\JCheung\APPLIC~1\U3
2007-04-20 21:16:21 -------- d-----w C:\Program Files\Browser Hijack Recover
2007-04-19 21:55:18 -------- d-----w C:\Program Files\ABBYY FineReader 4.0 Sprint
2004-08-04 04:56:52 93,184 --sh--r C:\WINDOWS\caoserver.exe

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [2003-05-15 01:47]
{53707962-6F74-2D53-2644-206D7942484F}=C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 01:04]
{5CA3D70E-1895-11CF-8E15-001234567890}=C:\WINDOWS\system32\dla\tfswshx.dll [2003-02-07 01:03]
{AA58ED58-01DD-4d91-8333-CF10577473F7}=c:\program files\google\googletoolbar3.dll [2007-01-20 00:55]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2007-04-23 21:18]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2004-07-01 11:57]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-11-12 19:56]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-02-06 20:45]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Software Updater.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\KODAK Software Updater.lnk
backup=C:\WINDOWS\pss\KODAK Software Updater.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\A Verizon App]
C:\PROGRA~1\VERIZO~1\HELPSU~1\VERIZO~1.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
C:\Program Files\AIM\aim.exe -cnetwait.odl

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
"C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
C:\WINDOWS\system32\dla\tfswctrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DW4]
"C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
"C:\Program Files\Google\Google Talk\googletalk.exe" /autostart

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Internet Sweeper]
C:\WINDOWS\system32\SWEEPER.EXE /Q

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
%systemroot%\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge]
C:\PROGRA~1\VERIZO~1\HELPSU~1\SMARTB~1\MotiveSB.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\MSMSGS.EXE" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OSS]
C:\windows\system32\rlvknlg.exe -boot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Phase One Media Reader]
C:\PROGRA~1\PHASEO~1\CAPTUR~1\DCIMImp.exe /noscan /CheckAutoStart

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PopUpStopperFreeEdition]
"C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PPHIDPAD]
C:\WINPENJR\Win32\pphidpad.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealPlayer]
"C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Samsung Common SM]
"C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe" /autorun

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
"C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Smapp]
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SupportAnyPC]
"C:\DOCUME~1\JCheung\LOCALS~1\Temp\winvnc.exe" -servicehelper

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
"C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VerizonServicepoint.exe]
C:\Program Files\Verizon\Servicepoint\VerizonServicepoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]
VTTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe

Contents of the 'Scheduled Tasks' folder
2007-05-25 02:24:18 C:\WINDOWS\tasks\Symantec NetDetect.job

********************************************************************

catchme 0.3.681 W2K/XP/Vista - userland rootkit detector by Gmer,

http://www.gmer.net

Rootkit scan 2007-05-26 21:15:38
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

********************************************************************

Completion time: 2007-05-26 21:16:36 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-05-26 21:16

--- E O F ---
2) MWAV log file:

Sat May 26 23:26:36 2007 => C:\Documents and Settings\JCheung\Favorites\hifi\ ? ? ? ? ? - ? ? ? w w w . 5 5 3 5 . n e t .url possibly infected and removed by background antivirus package!
Sat May 26 23:26:40 2007 => Result: ERROR!!! File C:\Documents and Settings\JCheung\Favorites\hifi\ ? ? ? ? ? - ? ? ? w w w . 5 5 3 5 . n e t .url: Scanning Failure!!!
Sat May 26 23:26:40 2007 => C:\Documents and Settings\JCheung\Favorites\hifi\ ? ? ? ? ? - ? ? ? w w w . 5 5 3 5 . n e t .url possibly infected and removed by background antivirus package!
Sat May 26 23:26:40 2007 => File C:\Documents and Settings\JCheung\Favorites\hifi\ ? ? ? ? ? - ? ? ? w w w . 5 5 3 5 . n e t .url infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.

Sat May 26 23:26:55 2007 => Scanning File C:\Documents and Settings\JCheung\Favorites\Media\Gomerry.com ???????????--VCD,DVD,CD,??OK,??,???,??,???,??.url
Sat May 26 23:26:55 2007 => C:\Documents and Settings\JCheung\Favorites\Media\Gomerry.com ???????????--VCD,DVD,CD,??OK,??,???,??,???,??.url possibly infected and removed by background antivirus package!
Sat May 26 23:26:55 2007 => Result: ERROR!!! File C:\Documents and Settings\JCheung\Favorites\Media\Gomerry.com ???????????--VCD,DVD,CD,??OK,??,???,??,???,??.url: Scanning Failure!!!
Sat May 26 23:26:55 2007 => C:\Documents and Settings\JCheung\Favorites\Media\Gomerry.com ???????????--VCD,DVD,CD,??OK,??,???,??,???,??.url possibly infected and removed by background antivirus package!
Sat May 26 23:26:55 2007 => File C:\Documents and Settings\JCheung\Favorites\Media\Gomerry.com ???????????--VCD,DVD,CD,??OK,??,???,??,???,??.url infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.

Sat May 26 23:26:55 2007 => Scanning File C:\Documents and Settings\JCheung\Favorites\Media\TVBT ???? ??&??????BT-MO??,?????? ?????????BT????????? - powered by Discuz!.url
Sat May 26 23:26:55 2007 => C:\Documents and Settings\JCheung\Favorites\Media\TVBT ???? ??&??????BT-MO??,?????? ?????????BT????????? - powered by Discuz!.url possibly infected and removed by background antivirus package!
Sat May 26 23:26:55 2007 => Result: ERROR!!! File C:\Documents and Settings\JCheung\Favorites\Media\TVBT ???? ??&??????BT-MO??,?????? ?????????BT????????? - powered by Discuz!.url: Scanning Failure!!!
Sat May 26 23:26:55 2007 => C:\Documents and Settings\JCheung\Favorites\Media\TVBT ???? ??&??????BT-MO??,?????? ?????????BT????????? - powered by Discuz!.url possibly infected and removed by background antivirus package!
Sat May 26 23:26:55 2007 => File C:\Documents and Settings\JCheung\Favorites\Media\TVBT ???? ??&??????BT-MO??,?????? ?????????BT????????? - powered by Discuz!.url infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.

Sat May 26 23:27:39 2007 => Scanning File C:\Documents and Settings\JCheung\Recent\[TVBT][?·?]Summary?x?W????? ?W??[659MB]][MPEG][encode by kaya].mpg.lnk
Sat May 26 23:27:39 2007 => C:\Documents and Settings\JCheung\Recent\[TVBT][?·?]Summary?x?W????? ?W??[659MB]][MPEG][encode by kaya].mpg.lnk possibly infected and removed by background antivirus package!
Sat May 26 23:27:39 2007 => Result: ERROR!!! File C:\Documents and Settings\JCheung\Recent\[TVBT][?·?]Summary?x?W????? ?W??[659MB]][MPEG][encode by kaya].mpg.lnk: Scanning Failure!!!
Sat May 26 23:27:39 2007 => C:\Documents and Settings\JCheung\Recent\[TVBT][?·?]Summary?x?W????? ?W??[659MB]][MPEG][encode by kaya].mpg.lnk possibly infected and removed by background antivirus package!
Sat May 26 23:27:39 2007 => File C:\Documents and Settings\JCheung\Recent\[TVBT][?·?]Summary?x?W????? ?W??[659MB]][MPEG][encode by kaya].mpg.lnk infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.

y 27 00:04:53 2007 => Scanning File C:\QooBox\Quarantine\C\WINDOWS\system32\kdccl.exe.vir
Sun May 27 00:04:53 2007 => File C:\QooBox\Quarantine\C\WINDOWS\system32\kdccl.exe.vir infected by "Packed.Win32.PolyCrypt.b" Virus. Action Taken: File Renamed.

Sun May 27 00:04:53 2007 => Scanning File C:\QooBox\Quarantine\C\WINDOWS\system32\REGSVR32.DLL.vir
Sun May 27 00:04:54 2007 => Scanning Folder: C:\QooBox\Quarantine\Registry_backups\*.*
Sun May 27 00:04:54 2007 => Scanning File C:\QooBox\Quarantine\Registry_backups\winlogon.reg.cf

Sun May 27 00:07:24 2007 => File C:\System Volume Information\_restore{F6EA1961-1545-48E7-A842-AC3C6DA344ED}\RP546\A0073315.exe infected by "Trojan.Win32.DNSChanger.iv" Virus. Action Taken: File Deleted.

Sun May 27 00:07:24 2007 => Scanning File C:\System Volume Information\_restore{F6EA1961-1545-48E7-A842-AC3C6DA344ED}\RP546\A0073317.exe
Sun May 27 00:07:25 2007 => File C:\System Volume Information\_restore{F6EA1961-1545-48E7-A842-AC3C6DA344ED}\RP546\A0073317.exe infected by "Trojan.Win32.DNSChanger.iv" Virus. Action Taken: File Deleted.

Sun May 27 00:09:33 2007 => File C:\System Volume Information\_restore{F6EA1961-1545-48E7-A842-AC3C6DA344ED}\RP568\A0076899.exe infected by "Packed.Win32.PolyCrypt.b" Virus. Action Taken: File Renamed.

Sat May 26 23:17:26 2007 => ERROR!!! Invalid Entry System32\Drivers\Pcouffin.sys in SYSTEM\CurrentControlSet\Services\Pcouffin...

Sat May 26 23:17:26 2007 => ERROR!!! Invalid Entry System32\Drivers\Pcouffin.sys in SYSTEM\CurrentControlSet\Services\Pcouffin...

Sat May 26 23:17:43 2007 => ERROR!!! ScanFile fails for C:\WINDOWS\SchedLgU.Txt

Sat May 26 23:17:45 2007 => ERROR!!! ScanFile fails for C:\WINDOWS\wiadebug.log
Sat May 26 23:17:45 2007 => Scanning File C:\WINDOWS\wiaservc.log
Sat May 26 23:17:45 2007 => ERROR!!! ScanFile fails for C:\WINDOWS\wiaservc.log
Sat May 26 23:17:45 2007 => Scanning File C:\WINDOWS\win.ini
Sat May 26 23:17:45 2007 => Scanning File C:\WINDOWS\Winamp.ini
Sat May 26 23:17:45 2007 => Scanning File C:\WINDOWS\Windows Update.log
Sat May 26 23:17:45 2007 => Scanning File C:\WINDOWS\WindowsShell.Manifest
Sat May 26 23:17:45 2007 => Scanning File C:\WINDOWS\WindowsUpdate.log
Sat May 26 23:17:45 2007 => ERROR!!! ScanFile fails for C:\WINDOWS\WindowsUpdate.log

at May 26 23:21:04 2007 => ERROR!!! ScanFile fails for C:\DOCUME~1\ALLUSE~1\APPLIC~1\Grisoft\Avg7Data\avg7log.log

at May 26 23:24:14 2007 => ERROR!!! ScanFile fails for C:\Documents and Settings\JCheung\Application Data\Microsoft\Office\Recent\??? kkau.doc.LNK

Sat May 26 23:26:12 2007 => ERROR!!! ScanFile fails for C:\DOCUME~1\JCheung\Cookies\index.dat

Sat May 26 23:26:30 2007 => ERROR!!! ScanFile fails for C:\Documents and Settings\JCheung\Favorites\Bible-Church\??????????? E.F.C.C.-Kong Fok Church.url
Sat May 26 23:26:30 2007 => Scanning File C:\Documents and Settings\JCheung\Favorites\Bible-Church\? ? ? ? ?.url
Sat May 26 23:26:30 2007 => ERROR!!! ScanFile fails for C:\Documents and Settings\JCheung\Favorites\Bible-Church\? ? ? ? ?.url
Sat May 26 23:26:30 2007 => Scanning File C:\Documents and Settings\JCheung\Favorites\Bible-Church\??????? - ????????.url
Sat May 26 23:26:30 2007 => ERROR!!! ScanFile fails for C:\Documents and Settings\JCheung\Favorites\Bible-Church\??????? - ????????.url
Sat May 26 23:26:30 2007 => Scanning File C:\Documents and Settings\JCheung\Favorites\Bible-Church\?????????-???????07?sermon-jn07.url
Sat May 26 23:26:30 2007 => ERROR!!! ScanFile fails for C:\Documents and Settings\JCheung\Favorites\Bible-Church\?????????-???????07?sermon-jn07.url
Sat May 26 23:26:30 2007 => Scanning File C:\Documents and Settings\JCheung\Favorites\Bible-Church\????? Gospel on_line(Westminster COF, Bible Studies, Sermons ,Hermeneutics) in Big5 Chinese.url
Sat May 26 23:26:30 2007 => ERROR!!! ScanFile fails for C:\Documents and Settings\JCheung\Favorites\Bible-Church\????? Gospel on_line(Westminster COF, Bible Studies, Sermons ,Hermeneutics) in Big5 Chinese.url
Sat May 26 23:26:30 2007 => Scanning File C:\Documents and Settings\JCheung\Favorites\Bible-Church\???????? Chinese Gospel Broadcasting Center ??????????? Production and Resource Center.url
Sat May 26 23:26:30 2007 => ERROR!!! ScanFile fails for C:\Documents and Settings\JCheung\Favorites\Bible-Church\???????? Chinese Gospel Broadcasting Center ??????????? Production and Resource Center.url

Sat May 26 23:26:34 2007 => ERROR!!! ScanFile fails for C:\Documents and Settings\JCheung\Favorites\hifi\I Want DIY???.url
Sat May 26 23:26:34 2007 => Scanning Folder: C:\Documents and Settings\JCheung\Favorites\hifi\japanese-drama\*.*
Sat May 26 23:26:34 2007 => Scanning File C:\Documents and Settings\JCheung\Favorites\hifi\japanese-drama\The World According to the Mac Geek.url
Sat May 26 23:26:34 2007 => Scanning File C:\Documents and Settings\JCheung\Favorites\hifi\Jesus Christ Superstar (1973) Ted Neeley, Carl Anderson, Yvonne Elliman, Norman Jewison.url
Sat May 26 23:26:34 2007 => Scanning File C:\Documents and Settings\JCheung\Favorites\hifi\Jesus Christ Superstar - Rottentomatoes.com - Comparison Shop.url
Sat May 26 23:26:34 2007 => Scanning File C:\Documents and Settings\JCheung\Favorites\hifi\jpo at chello.se.url
Sat May 26 23:26:34 2007 => Scanning File C:\Documents and Settings\JCheung\Favorites\hifi\JPO Speakerbuilding Linklist.url
Sat May 26 23:26:34 2007 => Scanning File C:\Documents and Settings\JCheung\Favorites\hifi\JPO's SpeakerBuilding LinkList. On the Web since 1997!.url
Sat May 26 23:26:34 2007 => Scanning File C:\Documents and Settings\JCheung\Favorites\hifi\Linkwitz Lab - Loudspeaker Design.url
Sat May 26 23:26:35 2007 => Scanning File C:\Documents and Settings\JCheung\Favorites\hifi\LS 3-5a???.url
Sat May 26 23:26:35 2007 => ERROR!!! ScanFile fails for C:\Documents and Settings\JCheung\Favorites\hifi\LS 3-5a???.url

Sat May 26 23:26:36 2007 => C:\Documents and Settings\JCheung\Favorites\hifi\ ? ? ? ? ? - ? ? ? w w w . 5 5 3 5 . n e t .url possibly infected and removed by background antivirus package!
Sat May 26 23:26:40 2007 => Result: ERROR!!! File C:\Documents and Settings\JCheung\Favorites\hifi\ ? ? ? ? ? - ? ? ? w w w . 5 5 3 5 . n e t .url: Scanning Failure!!!
Sat May 26 23:26:40 2007 => C:\Documents and Settings\JCheung\Favorites\hifi\ ? ? ? ? ? - ? ? ? w w w . 5 5 3 5 . n e t .url possibly infected and removed by background antivirus package!
Sat May 26 23:26:40 2007 => File C:\Documents and Settings\JCheung\Favorites\hifi\ ? ? ? ? ? - ? ? ? w w w . 5 5 3 5 . n e t .url infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.

Sat May 26 23:26:40 2007 => Scanning File C:\Documents and Settings\JCheung\Favorites\hifi\????-DIY???????????????????????????????? ???? DIY-???.url
Sat May 26 23:26:40 2007 => ERROR!!! ScanFile fails for C:\Documents and Settings\JCheung\Favorites\hifi\????-DIY???????????????????????????????? ???? DIY-???.url
Sat May 26 23:26:40 2007 => Scanning File C:\Documents and Settings\JCheung\Favorites\hifi\??????.url
Sat May 26 23:26:40 2007 => ERROR!!! ScanFile fails for C:\Documents and Settings\JCheung\Favorites\hifi\??????.url
Sat May 26 23:26:40 2007 => Scanning File C:\Documents and Settings\JCheung\Favorites\hifi\??????.url
Sat May 26 23:26:40 2007 => ERROR!!! ScanFile fails for C:\Documents and Settings\JCheung\Favorites\hifi\??????.url
Sat May 26 23:26:40 2007 => Scanning File C:\Documents and Settings\JCheung\Favorites\hifi\??????.url
Sat May 26 23:26:40 2007 => ERROR!!! ScanFile fails for C:\Documents and Settings\JCheung\Favorites\hifi\??????.url
Sat May 26 23:26:40 2007 => Scanning File C:\Documents and Settings\JCheung\Favorites\hifi\??????.url
Sat May 26 23:26:40 2007 => ERROR!!! ScanFile fails for C:\Documents and Settings\JCheung\Favorites\hifi\??????.url
Sat May 26 23:26:40 2007 => Scanning File C:\Documents and Settings\JCheung\Favorites\hifi\????????.url
Sat May 26 23:26:40 2007 => ERROR!!! ScanFile fails for C:\Documents and Settings\JCheung\Favorites\hifi\????????.url
Sat May 26 23:26:40 2007 => Scanning File C:\Documents and Settings\JCheung\Favorites\hifi\??Hi-Fi??????.url
Sat May 26 23:26:40 2007 => ERROR!!! ScanFile fails for C:\Documents and Settings\JCheung\Favorites\hifi\??Hi-Fi??????.url

Sat May 26 23:26:40 2007 => ERROR!!! ScanFile fails for C:\Documents and Settings\JCheung\Favorites\HongKong\hong kong map ????.url
Sat May 26 23:26:40 2007 => Scanning File C:\Documents and Settings\JCheung\Favorites\HongKong\???? Centamap.url
Sat May 26 23:26:40 2007 => ERROR!!! ScanFile fails for C:\Documents and Settings\JCheung\Favorites\HongKong\???? Centamap.url

Sat May 26 23:26:54 2007 => ERROR!!! ScanFile fails for C:\Documents and Settings\JCheung\Favorites\Media\BT??? - YYcaF????(?????) - ???YYJtc - YYcaF???????(^__^).url
Sat May 26 23:26:54 2007 => Scanning File C:\Documents and Settings\JCheung\Favorites\Media\Burn DVD Movie Software, DVD Burner Burn DVD Movie Free Download.url
Sat May 26 23:26:54 2007 => Scanning File C:\Documents and Settings\JCheung\Favorites\Media\Call China For Free.url
Sat May 26 23:26:55 2007 => Scanning File C:\Documents and Settings\JCheung\Favorites\Media\Gomerry.com ???????????--VCD,DVD,CD,??OK,??,???,??,???,??.url
Sat May 26 23:26:55 2007 => C:\Documents and Settings\JCheung\Favorites\Media\Gomerry.com ???????????--VCD,DVD,CD,??OK,??,???,??,???,??.url possibly infected and removed by background antivirus package!
Sat May 26 23:26:55 2007 => Result: ERROR!!! File C:\Documents and Settings\JCheung\Favorites\Media\Gomerry.com ???????????--VCD,DVD,CD,??OK,??,???,??,???,??.url: Scanning Failure!!!
Sat May 26 23:26:55 2007 => C:\Documents and Settings\JCheung\Favorites\Media\Gomerry.com ???????????--VCD,DVD,CD,??OK,??,???,??,???,??.url possibly infected and removed by background antivirus package!
Sat May 26 23:26:55 2007 => File C:\Documents and Settings\JCheung\Favorites\Media\Gomerry.com ???????????--VCD,DVD,CD,??OK,??,???,??,???,??.url infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.

Sat May 26 23:26:55 2007 => Scanning File C:\Documents and Settings\JCheung\Favorites\Media\Hong Kong Times.url
Sat May 26 23:26:55 2007 => Scanning File C:\Documents and Settings\JCheung\Favorites\Media\IDSAM.COM ??????.url
Sat May 26 23:26:55 2007 => ERROR!!! ScanFile fails for C:\Documents and Settings\JCheung\Favorites\Media\IDSAM.COM ??????.url
Sat May 26 23:26:55 2007 => Scanning File C:\Documents and Settings\JCheung\Favorites\Media\Shutterfly Develop, Print & Share Digital Photos Create Photo Gifts Online.url
Sat May 26 23:26:55 2007 => Scanning File C:\Documents and Settings\JCheung\Favorites\Media\TVBT ???? ??&??????BT-MO??,?????? ?????????BT????????? - powered by Discuz!.url
Sat May 26 23:26:55 2007 => C:\Documents and Settings\JCheung\Favorites\Media\TVBT ???? ??&??????BT-MO??,?????? ?????????BT????????? - powered by Discuz!.url possibly infected and removed by background antivirus package!
Sat May 26 23:26:55 2007 => Result: ERROR!!! File C:\Documents and Settings\JCheung\Favorites\Media\TVBT ???? ??&??????BT-MO??,?????? ?????????BT????????? - powered by Discuz!.url: Scanning Failure!!!
Sat May 26 23:26:55 2007 => C:\Documents and Settings\JCheung\Favorites\Media\TVBT ???? ??&??????BT-MO??,?????? ?????????BT????????? - powered by Discuz!.url possibly infected and removed by background antivirus package!
Sat May 26 23:26:55 2007 => File C:\Documents and Settings\JCheung\Favorites\Media\TVBT ???? ??&??????BT-MO??,?????? ?????????BT????????? - powered by Discuz!.url infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.

Sat May 26 23:26:55 2007 => Scanning File C:\Documents and Settings\JCheung\Favorites\Media\World News.url
Sat May 26 23:26:55 2007 => Scanning File C:\Documents and Settings\JCheung\Favorites\Michael Jackson Dance Moves Moonwalk Steps to Learn.url
Sat May 26 23:26:55 2007 => Scanning File C:\Documents and Settings\JCheung\Favorites\Motif 6-7-8 BTM Getting Started.url
Sat May 26 23:26:55 2007 => Scanning File C:\Documents and Settings\JCheung\Favorites\MSN Hotmail - New Message.url
Sat May 26 23:26:55 2007 => Scanning File C:\Documents and Settings\JCheung\Favorites\MSN Hotmail - Reply.url
Sat May 26 23:26:55 2007 => Scanning File C:\Documents and Settings\JCheung\Favorites\MSN.com.url
Sat May 26 23:26:55 2007 => Scanning File C:\Documents and Settings\JCheung\Favorites\Music Copyrights - How To Copyright Music - Page 1.url
Sat May 26 23:26:55 2007 => Scanning File C:\Documents and Settings\JCheung\Favorites\Muzi.com ????.url
Sat May 26 23:26:55 2007 => ERROR!!! ScanFile fails for C:\Documents and Settings\JCheung\Favorites\Muzi.com ????.url

Sat May 26 23:26:56 2007 => ERROR!!! ScanFile fails for C:\Documents and Settings\JCheung\Favorites\?? Solutions ???(???)????? [Chong Kei Solutions Main Pageby Jackie Cho].url
Sat May 26 23:26:56 2007 => Scanning File C:\Documents and Settings\JCheung\Favorites\??????.url
Sat May 26 23:26:56 2007 => ERROR!!! ScanFile fails for C:\Documents and Settings\JCheung\Favorites\??????.url
Sat May 26 23:26:56 2007 => Scanning File C:\Documents and Settings\JCheung\Favorites\????.url
Sat May 26 23:26:56 2007 => ERROR!!! ScanFile fails for C:\Documents and Settings\JCheung\Favorites\????.url
Sat May 26 23:26:56 2007 => Scanning File C:\Documents and Settings\JCheung\Favorites\??????? Timway Hong Kong Search Engine Stars Japanese Female.url
Sat May 26 23:26:56 2007 => ERROR!!! ScanFile fails for C:\Documents and Settings\JCheung\Favorites\??????? Timway Hong Kong Search Engine Stars Japanese Female.url
Sat May 26 23:26:56 2007 => Scanning File C:\Documents and Settings\JCheung\Favorites\?????????--????.url
Sat May 26 23:26:56 2007 => ERROR!!! ScanFile fails for C:\Documents and Settings\JCheung\Favorites\?????????--????.url
Sat May 26 23:26:56 2007 => Scanning File C:\Documents and Settings\JCheung\Favorites\???????-?????.url
Sat May 26 23:26:56 2007 => ERROR!!! ScanFile fails for C:\Documents and Settings\JCheung\Favorites\???????-?????.url

Sat May 26 23:27:06 2007 => ERROR!!! ScanFile fails for C:\DOCUME~1\JCheung\LOCALS~1\APPLIC~1\MICROS~1\Windows\UsrClass.dat
Sat May 26 23:27:06 2007 => Scanning File C:\Documents and Settings\JCheung\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG
Sat May 26 23:27:06 2007 => ERROR!!! ScanFile fails for C:\DOCUME~1\JCheung\LOCALS~1\APPLIC~1\MICROS~1\Windows\USRCLA~1.LOG

Sat May 26 23:27:07 2007 => ERROR!!! ScanFile fails for C:\DOCUME~1\JCheung\LOCALS~1\History\History.IE5\index.dat

Sat May 26 23:27:13 2007 => ERROR!!! ScanFile fails for C:\DOCUME~1\JCheung\LOCALS~1\TEMPOR~1\Content.IE5\index.dat

Sat May 26 23:27:38 2007 => ERROR!!! ScanFile fails for C:\DOCUME~1\JCheung\ntuser.dat
Sat May 26 23:27:38 2007 => Scanning File C:\Documents and Settings\JCheung\NTUSER.DAT.LOG
Sat May 26 23:27:38 2007 => ERROR!!! ScanFile fails for C:\DOCUME~1\JCheung\NTUSER~1.LOG
Sat May 26 23:27:38 2007 => Scanning File C:\Documents and Settings\JCheung\ntuser.ini
Sat May 26 23:27:38 2007 => Scanning Folder: C:\Documents and Settings\JCheung\PrintHood\*.*
Sat May 26 23:27:38 2007 => Scanning Folder: C:\Documents and Settings\JCheung\Recent\*.*
Sat May 26 23:27:38 2007 => Scanning File C:\Documents and Settings\JCheung\Recent\04??????.lnk
Sat May 26 23:27:38 2007 => ERROR!!! ScanFile fails for C:\Documents and Settings\JCheung\Recent\04??????.lnk
Sat May 26 23:27:38 2007 => Scanning File C:\Documents and Settings\JCheung\Recent\04??????.torrent.lnk
Sat May 26 23:27:38 2007 => ERROR!!! ScanFile fails for C:\Documents and Settings\JCheung\Recent\04??????.torrent.lnk

Sat May 26 23:27:39 2007 => C:\Documents and Settings\JCheung\Recent\[TVBT][?·?]Summary?x?W????? ?W??[659MB]][MPEG][encode by kaya].mpg.lnk possibly infected and removed by background antivirus package!
Sat May 26 23:27:39 2007 => Result: ERROR!!! File C:\Documents and Settings\JCheung\Recent\[TVBT][?·?]Summary?x?W????? ?W??[659MB]][MPEG][encode by kaya].mpg.lnk: Scanning Failure!!!
Sat May 26 23:27:39 2007 => C:\Documents and Settings\JCheung\Recent\[TVBT][?·?]Summary?x?W????? ?W??[659MB]][MPEG][encode by kaya].mpg.lnk possibly infected and removed by background antivirus package!
Sat May 26 23:27:39 2007 => File C:\Documents and Settings\JCheung\Recent\[TVBT][?·?]Summary?x?W????? ?W??[659MB]][MPEG][encode by kaya].mpg.lnk infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.

Sat May 26 23:27:39 2007 => Scanning File C:\Documents and Settings\JCheung\Recent\??? kkau.doc.lnk
Sat May 26 23:27:39 2007 => ERROR!!! ScanFile fails for C:\Documents and Settings\JCheung\Recent\??? kkau.doc.lnk
Sat May 26 23:27:39 2007 => Scanning File C:\Documents and Settings\JCheung\Recent\????????.txt.lnk
Sat May 26 23:27:39 2007 => ERROR!!! ScanFile fails for C:\Documents and Settings\JCheung\Recent\????????.txt.lnk

Sat May 26 23:27:41 2007 => ERROR!!! ScanFile fails for C:\DOCUME~1\LOCALS~1\Cookies\index.dat

Sat May 26 23:27:41 2007 => ERROR!!! ScanFile fails for C:\DOCUME~1\LOCALS~1\LOCALS~1\APPLIC~1\MICROS~1\Windows\UsrClass.dat
Sat May 26 23:27:41 2007 => Scanning File C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG
Sat May 26 23:27:41 2007 => ERROR!!! ScanFile fails for C:\DOCUME~1\LOCALS~1\LOCALS~1\APPLIC~1\MICROS~1\Windows\USRCLA~1.LOG
Sat May 26 23:27:41 2007 => Scanning Folder: C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows Media\*.*
Sat May 26 23:27:41 2007 => Scanning Folder: C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows Media\9.0\*.*
Sat May 26 23:27:41 2007 => Scanning File C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows Media\9.0\WMSDKNS.DTD
Sat May 26 23:27:41 2007 => Scanning File C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows Media\9.0\WMSDKNS.XML
Sat May 26 23:27:41 2007 => Scanning File C:\Documents and Settings\LocalService\Local Settings\desktop.ini
Sat May 26 23:27:41 2007 => Scanning Folder: C:\Documents and Settings\LocalService\Local Settings\History\*.*
Sat May 26 23:27:41 2007 => Scanning File C:\Documents and Settings\LocalService\Local Settings\History\desktop.ini
Sat May 26 23:27:41 2007 => Scanning Folder: C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\*.*
Sat May 26 23:27:41 2007 => Scanning File C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\desktop.ini
Sat May 26 23:27:41 2007 => Scanning File C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat
Sat May 26 23:27:41 2007 => ERROR!!! ScanFile fails for C:\DOCUME~1\LOCALS~1\LOCALS~1\History\History.IE5\index.dat

Sat May 26 23:27:43 2007 => ERROR!!! ScanFile fails for C:\DOCUME~1\LOCALS~1\LOCALS~1\TEMPOR~1\Content.IE5\index.dat
Sat May 26 23:27:43 2007 => Scanning Folder: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\LA1QVWQD\*.*
Sat May 26 23:27:43 2007 => Scanning File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\LA1QVWQD\32E46DE281A68B9C33FC582D2569D[1].gif
Sat May 26 23:27:44 2007 => Scanning File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\LA1QVWQD\beta[1].gif
Sat May 26 23:27:44 2007 => Scanning File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\LA1QVWQD\blu[1].css
Sat May 26 23:27:44 2007 => Scanning File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\LA1QVWQD\buttons[1].gif
Sat May 26 23:27:44 2007 => Scanning File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\LA1QVWQD\C862E269EF7FB0E937CB02BB42EE3[1].jpg
Sat May 26 23:27:44 2007 => Scanning File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\LA1QVWQD\CA4TMZWD.swf
Sat May 26 23:27:44 2007 => Scanning File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\LA1QVWQD\CE75BE672427913326BEA48422[1].jpg
Sat May 26 23:27:44 2007 => Scanning File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\LA1QVWQD\D26A3E5AB94DE4CF5EC9C3CDB6EC82[1].jpg
Sat May 26 23:27:44 2007 => Scanning File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\LA1QVWQD\desktop.ini
Sat May 26 23:27:44 2007 => Scanning File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\LA1QVWQD\msft[1].gif
Sat May 26 23:27:44 2007 => Scanning File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\LA1QVWQD\t[1].gif
Sat May 26 23:27:44 2007 => Scanning File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\LA1QVWQD\t[2].gif
Sat May 26 23:27:44 2007 => Scanning File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\desktop.ini
Sat May 26 23:27:44 2007 => Scanning File C:\Documents and Settings\LocalService\NTUSER.DAT
Sat May 26 23:27:44 2007 => ERROR!!! ScanFile fails for C:\DOCUME~1\LOCALS~1\NTUSER.DAT
Sat May 26 23:27:44 2007 => Scanning File C:\Documents and Settings\LocalService\ntuser.dat.LOG
Sat May 26 23:27:44 2007 => ERROR!!! ScanFile fails for C:\DOCUME~1\LOCALS~1\NTUSER~1.LOG

Sat May 26 23:27:44 2007 => ERROR!!! ScanFile fails for C:\DOCUME~1\NETWOR~1\Cookies\index.dat
Sat May 26 23:27:44 2007 => Scanning Folder: C:\Documents and Settings\NetworkService\Local Settings\*.*
Sat May 26 23:27:44 2007 => Scanning Folder: C:\Documents and Settings\NetworkService\Local Settings\Application Data\*.*
Sat May 26 23:27:44 2007 => Scanning Folder: C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\*.*
Sat May 26 23:27:44 2007 => Scanning Folder: C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Credentials\*.*
Sat May 26 23:27:44 2007 => Scanning Folder: C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Credentials\S-1-5-20\*.*
Sat May 26 23:27:44 2007 => Scanning Folder: C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\*.*
Sat May 26 23:27:44 2007 => Scanning File C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat
Sat May 26 23:27:44 2007 => ERROR!!! ScanFile fails for C:\DOCUME~1\NETWOR~1\LOCALS~1\APPLIC~1\MICROS~1\Windows\UsrClass.dat
Sat May 26 23:27:44 2007 => Scanning File C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG
Sat May 26 23:27:44 2007 => ERROR!!! ScanFile fails for C:\DOCUME~1\NETWOR~1\LOCALS~1\APPLIC~1\MICROS~1\Windows\USRCLA~1.LOG
Sat May 26 23:27:44 2007 => Scanning File C:\Documents and Settings\NetworkService\Local Settings\desktop.ini
Sat May 26 23:27:44 2007 => Scanning Folder: C:\Documents and Settings\NetworkService\Local Settings\History\*.*
Sat May 26 23:27:44 2007 => Scanning File C:\Documents and Settings\NetworkService\Local Settings\History\desktop.ini
Sat May 26 23:27:44 2007 => Scanning Folder: C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\*.*
Sat May 26 23:27:44 2007 => Scanning File C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\desktop.ini
Sat May 26 23:27:44 2007 => Scanning File C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat
Sat May 26 23:27:44 2007 => ERROR!!! ScanFile fails for C:\DOCUME~1\NETWOR~1\LOCALS~1\History\History.IE5\index.dat
Sat May 26 23:27:44 2007 => Scanning Folder: C:\Documents and Settings\NetworkService\Local Settings\Temp\*.*
Sat May 26 23:27:44 2007 => Scanning Folder: C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\*.*
Sat May 26 23:27:44 2007 => Scanning Folder: C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\*.*
Sat May 26 23:27:44 2007 => Scanning File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini
Sat May 26 23:27:44 2007 => Scanning File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat
Sat May 26 23:27:44 2007 => ERROR!!! ScanFile fails for C:\DOCUME~1\NETWOR~1\LOCALS~1\TEMPOR~1\Content.IE5\index.dat
Sat May 26 23:27:44 2007 => Scanning File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\desktop.ini
Sat May 26 23:27:44 2007 => Scanning File C:\Documents and Settings\NetworkService\NTUSER.DAT
Sat May 26 23:27:44 2007 => ERROR!!! ScanFile fails for C:\DOCUME~1\NETWOR~1\NTUSER.DAT
Sat May 26 23:27:44 2007 => Scanning File C:\Documents and Settings\NetworkService\ntuser.dat.LOG
Sat May 26 23:27:45 2007 => ERROR!!! ScanFile fails for C:\DOCUME~1\NETWOR~1\NTUSER~1.LOG

Sat May 26 23:31:50 2007 => ERROR!!! ScanFile fails for C:\ida\??? kkau.doc

Sat May 26 23:32:41 2007 => ERROR!!! ScanFile fails for C:\JoeC\picture\2005HK-trip\2005??? 001.jpg
Sat May 26 23:32:41 2007 => Scanning File C:\JoeC\picture\2005HK-trip\2005??? 002.jpg
Sat May 26 23:32:41 2007 => ERROR!!! ScanFile fails for C:\JoeC\picture\2005HK-trip\2005??? 002.jpg
Sat May 26 23:32:41 2007 => Scanning File C:\JoeC\picture\2005HK-trip\2005??? 003.jpg
Sat May 26 23:32:41 2007 => ERROR!!! ScanFile fails for C:\JoeC\picture\2005HK-trip\2005??? 003.jpg
Sat May 26 23:32:41 2007 => Scanning File C:\JoeC\picture\2005HK-trip\2005??? 004.jpg
Sat May 26 23:32:41 2007 => ERROR!!! ScanFile fails for C:\JoeC\picture\2005HK-trip\2005??? 004.jpg
Sat May 26 23:32:41 2007 => Scanning File C:\JoeC\picture\2005HK-trip\2005??? 005.jpg
Sat May 26 23:32:41 2007 => ERROR!!! ScanFile fails for C:\JoeC\picture\2005HK-trip\2005??? 005.jpg
Sat May 26 23:32:41 2007 => Scanning File C:\JoeC\picture\2005HK-trip\2005??? 006.jpg
Sat May 26 23:32:41 2007 => ERROR!!! ScanFile fails for C:\JoeC\picture\2005HK-trip\2005??? 006.jpg
Sat May 26 23:32:41 2007 => Scanning File C:\JoeC\picture\2005HK-trip\2005??? 007.jpg
Sat May 26 23:32:41 2007 => ERROR!!! ScanFile fails for C:\JoeC\picture\2005HK-trip\2005??? 007.jpg
Sat May 26 23:32:41 2007 => Scanning File C:\JoeC\picture\2005HK-trip\2005??? 008.jpg
Sat May 26 23:32:41 2007 => ERROR!!! ScanFile fails for C:\JoeC\picture\2005HK-trip\2005??? 008.jpg
Sat May 26 23:32:41 2007 => Scanning File C:\JoeC\picture\2005HK-trip\2005??? 009.jpg
Sat May 26 23:32:41 2007 => ERROR!!! ScanFile fails for C:\JoeC\picture\2005HK-trip\2005??? 009.jpg

Sat May 26 23:32:42 2007 => ERROR!!! ScanFile fails for C:\JoeC\picture\2005HK-trip\??? 012.jpg

Sat May 26 23:40:58 2007 => ERROR!!! ScanFile fails for C:\Program Files\BitComet\Torrents\04??????.torrent
Sat May 26 23:40:58 2007 => Scanning File C:\Program Files\BitComet\Torrents\04??????.xml
Sat May 26 23:40:58 2007 => ERROR!!! ScanFile fails for C:\Program Files\BitComet\Torrents\04??????.xml

Sun May 27 00:09:37 2007 => ERROR!!! ScanFile fails for C:\SYSTEM~1\_RESTO~1\RP568\change.log

Sun May 27 00:27:11 2007 => ERROR!!! ScanFile fails for C:\WINDOWS\SchedLgU.Txt

Sun May 27 00:32:30 2007 => ERROR!!! ScanFile fails for C:\WINDOWS\SoftwareDistribution\ReportingEvents.log

Sun May 27 00:33:01 2007 => ERROR!!! ScanFile fails for C:\WINDOWS\system32\config\AppEvent.Evt
Sun May 27 00:33:01 2007 => Scanning File C:\WINDOWS\system32\config\COMREGDB.BAK [**]
Sun May 27 00:33:01 2007 => Scanning File C:\WINDOWS\system32\config\default
Sun May 27 00:33:01 2007 => ERROR!!! ScanFile fails for C:\WINDOWS\system32\config\default
Sun May 27 00:33:01 2007 => Scanning File C:\WINDOWS\system32\config\default.LOG
Sun May 27 00:33:01 2007 => ERROR!!! ScanFile fails for C:\WINDOWS\system32\config\default.LOG
Sun May 27 00:33:01 2007 => Scanning File C:\WINDOWS\system32\config\default.sav
Sun May 27 00:33:01 2007 => Scanning File C:\WINDOWS\system32\config\SAM
Sun May 27 00:33:01 2007 => ERROR!!! ScanFile fails for C:\WINDOWS\system32\config\SAM
Sun May 27 00:33:01 2007 => Scanning File C:\WINDOWS\system32\config\SAM.LOG
Sun May 27 00:33:01 2007 => ERROR!!! ScanFile fails for C:\WINDOWS\system32\config\SAM.LOG
Sun May 27 00:33:01 2007 => Scanning File C:\WINDOWS\system32\config\SecEvent.Evt
Sun May 27 00:33:01 2007 => ERROR!!! ScanFile fails for C:\WINDOWS\system32\config\SecEvent.Evt
Sun May 27 00:33:01 2007 => Scanning File C:\WINDOWS\system32\config\SECURITY
Sun May 27 00:33:01 2007 => ERROR!!! ScanFile fails for C:\WINDOWS\system32\config\SECURITY
Sun May 27 00:33:01 2007 => Scanning File C:\WINDOWS\system32\config\SECURITY.LOG
Sun May 27 00:33:01 2007 => ERROR!!! ScanFile fails for C:\WINDOWS\system32\config\SECURITY.LOG
Sun May 27 00:33:01 2007 => *** File C:\WINDOWS\system32\config\software having Size Restriction ***
Sun May 27 00:33:01 2007 => Scanning File C:\WINDOWS\system32\config\software [**]
Sun May 27 00:33:01 2007 => Scanning File C:\WINDOWS\system32\config\software.LOG
Sun May 27 00:33:01 2007 => ERROR!!! ScanFile fails for C:\WINDOWS\system32\config\software.LOG
Sun May 27 00:33:01 2007 => Scanning File C:\WINDOWS\system32\config\software.sav
Sun May 27 00:33:01 2007 => Scanning File C:\WINDOWS\system32\config\SysEvent.Evt
Sun May 27 00:33:01 2007 => ERROR!!! ScanFile fails for C:\WINDOWS\system32\config\SysEvent.Evt
Sun May 27 00:33:01 2007 => *** File C:\WINDOWS\system32\config\system having Size Restriction ***
Sun May 27 00:33:01 2007 => Scanning File C:\WINDOWS\system32\config\system [**]
Sun May 27 00:33:01 2007 => Scanning File C:\WINDOWS\system32\config\system.LOG
Sun May 27 00:33:01 2007 => ERROR!!! ScanFile fails for C:\WINDOWS\system32\config\system.LOG

Sun May 27 00:38:58 2007 => ERROR!!! ScanFile fails for C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR
Sun May 27 00:38:58 2007 => Scanning File C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP
Sun May 27 00:38:58 2007 => ERROR!!! ScanFile fails for C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP
Sun May 27 00:38:58 2007 => Scanning File C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER
Sun May 27 00:38:58 2007 => ERROR!!! ScanFile fails for C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER
Sun May 27 00:38:58 2007 => Scanning File C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP
Sun May 27 00:38:58 2007 => ERROR!!! ScanFile fails for C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP
Sun May 27 00:38:58 2007 => Scanning File C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP
Sun May 27 00:38:58 2007 => ERROR!!! ScanFile fails for C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP
Sun May 27 00:38:58 2007 => *** File C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA having Size Restriction ***
Sun May 27 00:38:58 2007 => Scanning File C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA [**]
Sun May 27 00:38:58 2007 => Scanning File C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP
Sun May 27 00:38:58 2007 => ERROR!!! ScanFile fails for C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP

Sun May 27 00:40:03 2007 => ERROR!!! ScanFile fails for C:\WINDOWS\wiadebug.log
Sun May 27 00:40:03 2007 => Scanning File C:\WINDOWS\wiaservc.log
Sun May 27 00:40:03 2007 => ERROR!!! ScanFile fails for C:\WINDOWS\wiaservc.log
Sun May 27 00:40:03 2007 => Scanning File C:\WINDOWS\win.ini
Sun May 27 00:40:03 2007 => Scanning File C:\WINDOWS\Winamp.ini
Sun May 27 00:40:03 2007 => Scanning File C:\WINDOWS\Windows Update.log
Sun May 27 00:40:03 2007 => Scanning File C:\WINDOWS\WindowsShell.Manifest
Sun May 27 00:40:03 2007 => Scanning File C:\WINDOWS\WindowsUpdate.log
Sun May 27 00:40:03 2007 => ERROR!!! ScanFile fails for C:\WINDOWS\WindowsUpdate.log

Sun May 27 00:40:14 2007 => ***** Scanning complete. *****

Sun May 27 00:40:14 2007 => Total Number of Files Scanned: 65484
Sun May 27 00:40:14 2007 => Total Number of Virus(es) Found: 8
Sun May 27 00:40:14 2007 => Total Number of Disinfected Files: 0
Sun May 27 00:40:14 2007 => Total Number of Files Renamed: 6
Sun May 27 00:40:14 2007 => Total Number of Deleted Files: 2
Sun May 27 00:40:14 2007 => Total Number of Errors: 13
Sun May 27 00:40:14 2007 => Time Elapsed: 01:22:58
Sun May 27 00:40:14 2007 => Virus Database Date: 2007/05/13
Sun May 27 00:40:14 2007 => Virus Database Count: 318294

Sun May 27 00:40:14 2007 => Scan Completed.

3) AVg antispware log
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 11:01:14 PM 5/26/2007

+ Scan result:

C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll -> Adware.Aws : Cleaned.
C:\System Volume Information\_restore{F6EA1961-1545-48E7-A842-AC3C6DA344ED}\RP550\A0074493.exe -> Adware.RK : Cleaned.
C:\System Volume Information\_restore{F6EA1961-1545-48E7-A842-AC3C6DA344ED}\RP550\A0074494.dll -> Adware.RK : Cleaned.
C:\Documents and Settings\JCheung\.jpi_cache\jar\1.0\loaderadv505.jar-39513502-24d7f3b9.zip/Matrix.class -> Downloader.OpenStream.c : Cleaned.
C:\! DVD Burning Programs - For Home Video\Nero 6.3.1.10\KeyGen\Keygen.exe -> Hijacker.Befins.b : Cleaned.
C:\! DVD Burning Programs - For Rented Movies\Nero 6.3.1.10\KeyGen\Keygen.exe -> Hijacker.Befins.b : Cleaned.
C:\download\nero\nero-new-version\Keygen.exe -> Hijacker.Befins.b : Cleaned.
C:\Documents and Settings\JCheung\.jpi_cache\jar\1.0\archive.jar-3fd29af8-41daf290.zip/Dummy.class -> Not-A-Virus.Exploit.ByteVerify : Cleaned.
C:\Documents and Settings\JCheung\.jpi_cache\jar\1.0\archive.jar-496d528d-506488c1.zip/Dummy.class -> Not-A-Virus.Exploit.ByteVerify : Cleaned.
C:\Documents and Settings\JCheung\.jpi_cache\jar\1.0\archive.jar-764869f5-6e0f4b88.zip/Dummy.class -> Not-A-Virus.Exploit.ByteVerify : Cleaned.
C:\Documents and Settings\JCheung\.jpi_cache\jar\1.0\archive.jar-7f153550-2f05a803.zip/Dummy.class -> Not-A-Virus.Exploit.ByteVerify : Cleaned.
C:\Documents and Settings\JCheung\.jpi_cache\jar\1.0\archive.jar-7f153550-5fd8f655.zip/Dummy.class -> Not-A-Virus.Exploit.ByteVerify : Cleaned.
C:\Documents and Settings\JCheung\.jpi_cache\jar\1.0\loaderadv505.jar-39513502-24d7f3b9.zip/Dummy.class -> Not-A-Virus.Exploit.ByteVerify : Cleaned.
C:\Documents and Settings\JCheung\.jpi_cache\jar\1.0\oldarchi.jar-6f6f4979-22c0e943.zip/Dummy.class -> Not-A-Virus.Exploit.ByteVerify : Cleaned.
:mozilla.10:C:\Documents and Settings\JCheung\Application Data\Mozilla\Profiles\default\nh4az22g.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.11:C:\Documents and Settings\JCheung\Application Data\Mozilla\Profiles\default\nh4az22g.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.11:C:\RECYCLER\NPROTECT\00023119.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.12:C:\Documents and Settings\JCheung\Application Data\Mozilla\Profiles\default\nh4az22g.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.12:C:\RECYCLER\NPROTECT\00023119.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.13:C:\Documents and Settings\JCheung\Application Data\Mozilla\Profiles\default\nh4az22g.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.13:C:\RECYCLER\NPROTECT\00023119.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.14:C:\Documents and Settings\JCheung\Application Data\Mozilla\Profiles\default\nh4az22g.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.15:C:\Documents and Settings\JCheung\Application Data\Mozilla\Profiles\default\nh4az22g.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.16:C:\Documents and Settings\JCheung\Application Data\Mozilla\Profiles\default\nh4az22g.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.6:C:\Documents and Settings\JCheung\Application Data\Mozilla\Profiles\default\nh4az22g.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.7:C:\Documents and Settings\JCheung\Application Data\Mozilla\Profiles\default\nh4az22g.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.8:C:\Documents and Settings\JCheung\Application Data\Mozilla\Profiles\default\nh4az22g.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.9:C:\Documents and Settings\JCheung\Application Data\Mozilla\Profiles\default\nh4az22g.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.26:C:\Documents and Settings\JCheung\Application Data\Mozilla\Profiles\default\nh4az22g.slt\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.27:C:\Documents and Settings\JCheung\Application Data\Mozilla\Profiles\default\nh4az22g.slt\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.28:C:\Documents and Settings\JCheung\Application Data\Mozilla\Profiles\default\nh4az22g.slt\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.29:C:\Documents and Settings\JCheung\Application Data\Mozilla\Profiles\default\nh4az22g.slt\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.30:C:\Documents and Settings\JCheung\Application Data\Mozilla\Profiles\default\nh4az22g.slt\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.31:C:\Documents and Settings\JCheung\Application Data\Mozilla\Profiles\default\nh4az22g.slt\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\JCheung\Cookies\jcheung@3.adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\JCheung\Cookies\jcheung@ads.adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.74:C:\Documents and Settings\JCheung\Application Data\Mozilla\Profiles\default\nh4az22g.slt\cookies.txt -> TrackingCookie.Clickzs : Cleaned.
:mozilla.75:C:\Documents and Settings\JCheung\Application Data\Mozilla\Profiles\default\nh4az22g.slt\cookies.txt -> TrackingCookie.Clickzs : Cleaned.
:mozilla.76:C:\Documents and Settings\JCheung\Application Data\Mozilla\Profiles\default\nh4az22g.slt\cookies.txt -> TrackingCookie.Clickzs : Cleaned.
:mozilla.77:C:\Documents and Settings\JCheung\Application Data\Mozilla\Profiles\default\nh4az22g.slt\cookies.txt -> TrackingCookie.Clickzs : Cleaned.
:mozilla.78:C:\Documents and Settings\JCheung\Application Data\Mozilla\Profiles\default\nh4az22g.slt\cookies.txt -> TrackingCookie.Clickzs : Cleaned.
:mozilla.79:C:\Documents and Settings\JCheung\Application Data\Mozilla\Profiles\default\nh4az22g.slt\cookies.txt -> TrackingCookie.Clickzs : Cleaned.
:mozilla.34:C:\Documents and Settings\JCheung\Application Data\Mozilla\Profiles\default\nh4az22g.slt\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
C:\Documents and Settings\JCheung\Cookies\jcheung@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.93:C:\Documents and Settings\JCheung\Application Data\Mozilla\Profiles\default\nh4az22g.slt\cookies.txt -> TrackingCookie.Fortunecity : Cleaned.
:mozilla.94:C:\Documents and Settings\JCheung\Application Data\Mozilla\Profiles\default\nh4az22g.slt\cookies.txt -> TrackingCookie.Fortunecity : Cleaned.
:mozilla.115:C:\Documents and Settings\JCheung\Application Data\Mozilla\Profiles\default\nh4az22g.slt\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.116:C:\Documents and Settings\JCheung\Application Data\Mozilla\Profiles\default\nh4az22g.slt\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.205:C:\Documents and Settings\JCheung\Application Data\Mozilla\Profiles\default\nh4az22g.slt\cookies.txt -> TrackingCookie.Information : Cleaned.
:mozilla.202:C:\Documents and Settings\JCheung\Application Data\Mozilla\Profiles\default\nh4az22g.slt\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.203:C:\Documents and Settings\JCheung\Application Data\Mozilla\Profiles\default\nh4az22g.slt\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.204:C:\Documents and Settings\JCheung\Application Data\Mozilla\Profiles\default\nh4az22g.slt\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.191:C:\Documents and Settings\JCheung\Application Data\Mozilla\Profiles\default\nh4az22g.slt\cookies.txt -> TrackingCookie.Masterstats : Cleaned.
:mozilla.137:C:\Documents and Settings\JCheung\Application Data\Mozilla\Profiles\default\nh4az22g.slt\cookies.txt -> TrackingCookie.Paycounter : Cleaned.
C:\Documents and Settings\JCheung\Cookies\jcheung@www.paypal[1].txt -> TrackingCookie.Paypal : Cleaned.
:mozilla.35:C:\Documents and Settings\JCheung\Application Data\Mozilla\Profiles\default\nh4az22g.slt\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.36:C:\Documents and Settings\JCheung\Application Data\Mozilla\Profiles\default\nh4az22g.slt\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.37:C:\Documents and Settings\JCheung\Application Data\Mozilla\Profiles\default\nh4az22g.slt\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.38:C:\Documents and Settings\JCheung\Application Data\Mozilla\Profiles\default\nh4az22g.slt\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.139:C:\Documents and Settings\JCheung\Application Data\Mozilla\Profiles\default\nh4az22g.slt\cookies.txt -> TrackingCookie.Qksrv : Cleaned.
:mozilla.140:C:\Documents and Settings\JCheung\Application Data\Mozilla\Profiles\default\nh4az22g.slt\cookies.txt -> TrackingCookie.Qksrv : Cleaned.
:mozilla.145:C:\Documents and Settings\JCheung\Application Data\Mozilla\Profiles\default\nh4az22g.slt\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.146:C:\Documents and Settings\JCheung\Application Data\Mozilla\Profiles\default\nh4az22g.slt\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.147:C:\Documents and Settings\JCheung\Application Data\Mozilla\Profiles\default\nh4az22g.slt\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.148:C:\Documents and Settings\JCheung\Application Data\Mozilla\Profiles\default\nh4az22g.slt\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.149:C:\Documents and Settings\JCheung\Application Data\Mozilla\Profiles\default\nh4az22g.slt\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.150:C:\Documents and Settings\JCheung\Application Data\Mozilla\Profiles\default\nh4az22g.slt\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.151:C:\Documents and Settings\JCheung\Application Data\Mozilla\Profiles\default\nh4az22g.slt\cookies.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.14:C:\RECYCLER\NPROTECT\00023119.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.15:C:\RECYCLER\NPROTECT\00023119.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.16:C:\RECYCLER\NPROTECT\00023119.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.85:C:\Documents and Settings\JCheung\Application Data\Mozilla\Profiles\default\nh4az22g.slt\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.156:C:\Documents and Settings\JCheung\Application Data\Mozilla\Profiles\default\nh4az22g.slt\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.157:C:\Documents and Settings\JCheung\Application Data\Mozilla\Profiles\default\nh4az22g.slt\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.158:C:\Documents and Settings\JCheung\Application Data\Mozilla\Profiles\default\nh4az22g.slt\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.159:C:\Documents and Settings\JCheung\Application Data\Mozilla\Profiles\default\nh4az22g.slt\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.51:C:\Documents and Settings\JCheung\Application Data\Mozilla\Profiles\default\nh4az22g.slt\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.54:C:\Documents and Settings\JCheung\Application Data\Mozilla\Profiles\default\nh4az22g.slt\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.55:C:\Documents and Settings\JCheung\Application Data\Mozilla\Profiles\default\nh4az22g.slt\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.56:C:\Documents and Settings\JCheung\Application Data\Mozilla\Profiles\default\nh4az22g.slt\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.57:C:\Documents and Settings\JCheung\Application Data\Mozilla\Profiles\default\nh4az22g.slt\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.58:C:\Documents and Settings\JCheung\Application Data\Mozilla\Profiles\default\nh4az22g.slt\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.59:C:\Documents and Settings\JCheung\Application Data\Mozilla\Profiles\default\nh4az22g.slt\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.60:C:\Documents and Settings\JCheung\Application Data\Mozilla\Profiles\default\nh4az22g.slt\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.61:C:\Documents and Settings\JCheung\Application Data\Mozilla\Profiles\default\nh4az22g.slt\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.62:C:\Documents and Settings\JCheung\Application Data\Mozilla\Profiles\default\nh4az22g.slt\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.63:C:\Documents and Settings\JCheung\Application Data\Mozilla\Profiles\default\nh4az22g.slt\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.64:C:\Documents and Settings\JCheung\Application Data\Mozilla\Profiles\default\nh4az22g.slt\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.65:C:\Documents and Settings\JCheung\Application Data\Mozilla\Profiles\default\nh4az22g.slt\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.66:C:\Documents and Settings\JCheung\Application Data\Mozilla\Profiles\default\nh4az22g.slt\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.67:C:\Documents and Settings\JCheung\Application Data\Mozilla\Profiles\default\nh4az22g.slt\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.68:C:\Documents and Settings\JCheung\Application Data\Mozilla\Profiles\default\nh4az22g.slt\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.69:C:\Documents and Settings\JCheung\Application Data\Mozilla\Profiles\default\nh4az22g.slt\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.70:C:\Documents and Settings\JCheung\Application Data\Mozilla\Profiles\default\nh4az22g.slt\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.71:C:\Documents and Settings\JCheung\Application Data\Mozilla\Profiles\default\nh4az22g.slt\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.72:C:\Documents and Settings\JCheung\Application Data\Mozilla\Profiles\default\nh4az22g.slt\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.73:C:\Documents and Settings\JCheung\Application Data\Mozilla\Profiles\default\nh4az22g.slt\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
C:\Documents and Settings\JCheung\Cookies\jcheung@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.164:C:\Documents and Settings\JCheung\Application Data\Mozilla\Profiles\default\nh4az22g.slt\cookies.txt -> TrackingCookie.Toplist : Cleaned.
:mozilla.165:C:\Documents and Settings\JCheung\Application Data\Mozilla\Profiles\default\nh4az22g.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.166:C:\Documents and Settings\JCheung\Application Data\Mozilla\Profiles\default\nh4az22g.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.179:C:\Documents and Settings\JCheung\Application Data\Mozilla\Profiles\default\nh4az22g.slt\cookies.txt -> TrackingCookie.Yadro : Cleaned.
:mozilla.180:C:\Documents and Settings\JCheung\Application Data\Mozilla\Profiles\default\nh4az22g.slt\cookies.txt -> TrackingCookie.Yadro : Cleaned.
:mozilla.184:C:\Documents and Settings\JCheung\Application Data\Mozilla\Profiles\default\nh4az22g.slt\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.

::Report end

4) HijackThis log:

Logfile of HijackThis v1.99.1
Scan saved at 6:12:10 PM, on 5/27/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HijackThis\HijackThis.exe

N3 - Netscape 7: user_pref("browser.startup.homepage", "

http://www.netscape.com");

(C:\Documents and Settings\JCheung\Application Data\Mozilla\Profiles\default\nh4az22g.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CPROGRA%7E1%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\JCheung\Application Data\Mozilla\Profiles\default\nh4az22g.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) -

https://activatemydsl.verizon.net/sdcCommon/download/tgctlcm.cab

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} -

http://download.games.yahoo.com/games/web_games/popcap/insaniquarium/popcaploader_v6.cab

O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} -

http://download.abacast.com/download/files/abasetup162.cab

O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\i

cheungjc · May 27, 2007

The following is the new HiJackThis log file:

Logfile of HijackThis v1.99.1
Scan saved at 6:12:10 PM, on 5/27/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HijackThis\HijackThis.exe

N3 - Netscape 7: user_pref("browser.startup.homepage", "

http://www.netscape.com");

(C:\Documents and Settings\JCheung\Application Data\Mozilla\Profiles\default\nh4az22g.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CPROGRA%7E1%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\JCheung\Application Data\Mozilla\Profiles\default\nh4az22g.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) -

https://activatemydsl.verizon.net/sdcCommon/download/tgctlcm.cab

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} -

http://download.games.yahoo.com/games/web_games/popcap/insaniquarium/popcaploader_v6.cab

O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} -

http://download.abacast.com/download/files/abasetup162.cab

O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

cheungjc · May 27, 2007

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 11:01:14 PM 5/26/2007

+ Scan result:

C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll -> Adware.Aws : Cleaned.
C:\System Volume Information\_restore{F6EA1961-1545-48E7-A842-AC3C6DA344ED}\RP550\A0074493.exe -> Adware.RK : Cleaned.
C:\System Volume Information\_restore{F6EA1961-1545-48E7-A842-AC3C6DA344ED}\RP550\A0074494.dll -> Adware.RK : Cleaned.
C:\Documents and Settings\JCheung\.jpi_cache\jar\1.0\loaderadv505.jar-39513502-24d7f3b9.zip/Matrix.class -> Downloader.OpenStream.c : Cleaned.
C:\! DVD Burning Programs - For Home Video\Nero 6.3.1.10\KeyGen\Keygen.exe -> Hijacker.Befins.b : Cleaned.
C:\! DVD Burning Programs - For Rented Movies\Nero 6.3.1.10\KeyGen\Keygen.exe -> Hijacker.Befins.b : Cleaned.
C:\download\nero\nero-new-version\Keygen.exe -> Hijacker.Befins.b : Cleaned.
C:\Documents and Settings\JCheung\.jpi_cache\jar\1.0\archive.jar-3fd29af8-41daf290.zip/Dummy.class -> Not-A-Virus.Exploit.ByteVerify : Cleaned.
C:\Documents and Settings\JCheung\.jpi_cache\jar\1.0\archive.jar-496d528d-506488c1.zip/Dummy.class -> Not-A-Virus.Exploit.ByteVerify : Cleaned.
C:\Documents and Settings\JCheung\.jpi_cache\jar\1.0\archive.jar-764869f5-6e0f4b88.zip/Dummy.class -> Not-A-Virus.Exploit.ByteVerify : Cleaned.
C:\Documents and Settings\JCheung\.jpi_cache\jar\1.0\archive.jar-7f153550-2f05a803.zip/Dummy.class -> Not-A-Virus.Exploit.ByteVerify : Cleaned.
C:\Documents and Settings\JCheung\.jpi_cache\jar\1.0\archive.jar-7f153550-5fd8f655.zip/Dummy.class -> Not-A-Virus.Exploit.ByteVerify : Cleaned.
C:\Documents and Settings\JCheung\.jpi_cache\jar\1.0\loaderadv505.jar-39513502-24d7f3b9.zip/Dummy.class -> Not-A-Virus.Exploit.ByteVerify : Cleaned.
C:\Documents and Settings\JCheung\.jpi_cache\jar\1.0\oldarchi.jar-6f6f4979-22c0e943.zip/Dummy.class -> Not-A-Virus.Exploit.ByteVerify : Cleaned.
:mozilla.10:C:\Documents and Settings\JCheung\Application Data\Mozilla\Profiles\default\nh4az22g.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.11:C:\Documents and Settings\JCheung\Application Data\Mozilla\Profiles\default\nh4az22g.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.11:C:\RECYCLER\NPROTECT\00023119.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.12:C:\Documents and Settings\JCheung\Application Data\Mozilla\Profiles\default\nh4az22g.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.12:C:\RECYCLER\NPROTECT\00023119.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.13:C:\Documents and Settings\JCheung\Application Data\Mozilla\Profiles\default\nh4az22g.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.13:C:\RECYCLER\NPROTECT\00023119.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.14:C:\Documents and Settings\JCheung\Application Data\Mozilla\Profiles\default\nh4az22g.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.15:C:\Documents and Settings\JCheung\Application Data\Mozilla\Profiles\default\nh4az22g.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.16:C:\Documents and Settings\JCheung\Application Data\Mozilla\Profiles\default\nh4az22g.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.6:C:\Documents and Settings\JCheung\Application Data\Mozilla\Profiles\default\nh4az22g.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.7:C:\Documents and Settings\JCheung\Application Data\Mozilla\Profiles\default\nh4az22g.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.8:C:\Documents and Settings\JCheung\Application Data\Mozilla\Profiles\default\nh4az22g.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.9:C:\Documents and Settings\JCheung\Application Data\Mozilla\Profiles\default\nh4az22g.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.26:C:\Documents and Settings\JCheung\Application Data\Mozilla\Profiles\default\nh4az22g.slt\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.27:C:\Documents and Settings\JCheung\Application Data\Mozilla\Profiles\default\nh4az22g.slt\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.28:C:\Documents and Settings\JCheung\Application Data\Mozilla\Profiles\default\nh4az22g.slt\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.29:C:\Documents and Settings\JCheung\Application Data\Mozilla\Profiles\default\nh4az22g.slt\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.30:C:\Documents and Settings\JCheung\Application Data\Mozilla\Profiles\default\nh4az22g.slt\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.31:C:\Documents and Settings\JCheung\Application Data\Mozilla\Profiles\default\nh4az22g.slt\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\JCheung\Cookies\jcheung@3.adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\JCheung\Cookies\jcheung@ads.adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.74:C:\Documents and Settings\JCheung\Application Data\Mozilla\Profiles\default\nh4az22g.slt\cookies.txt -> TrackingCookie.Clickzs : Cleaned.
:mozilla.75:C:\Documents and Settings\JCheung\Application Data\Mozilla\Profiles\default\nh4az22g.slt\cookies.txt -> TrackingCookie.Clickzs : Cleaned.
:mozilla.76:C:\Documents and Settings\JCheung\Application Data\Mozilla\Profiles\default\nh4az22g.slt\cookies.txt -> TrackingCookie.Clickzs : Cleaned.
:mozilla.77:C:\Documents and Settings\JCheung\Application Data\Mozilla\Profiles\default\nh4az22g.slt\cookies.txt -> TrackingCookie.Clickzs : Cleaned.
:mozilla.78:C:\Documents and Settings\JCheung\Application Data\Mozilla\Profiles\default\nh4az22g.slt\cookies.txt -> TrackingCookie.Clickzs : Cleaned.
:mozilla.79:C:\Documents and Settings\JCheung\Application Data\Mozilla\Profiles\default\nh4az22g.slt\cookies.txt -> TrackingCookie.Clickzs : Cleaned.
:mozilla.34:C:\Documents and Settings\JCheung\Application Data\Mozilla\Profiles\default\nh4az22g.slt\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
C:\Documents and Settings\JCheung\Cookies\jcheung@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.93:C:\Documents and Settings\JCheung\Application Data\Mozilla\Profiles\default\nh4az22g.slt\cookies.txt -> TrackingCookie.Fortunecity : Cleaned.
:mozilla.94:C:\Documents and Settings\JCheung\Application Data\Mozilla\Profiles\default\nh4az22g.slt\cookies.txt -> TrackingCookie.Fortunecity : Cleaned.
:mozilla.115:C:\Documents and Settings\JCheung\Application Data\Mozilla\Profiles\default\nh4az22g.slt\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.116:C:\Documents and Settings\JCheung\Application Data\Mozilla\Profiles\default\nh4az22g.slt\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.205:C:\Documents and Settings\JCheung\Application Data\Mozilla\Profiles\default\nh4az22g.slt\cookies.txt -> TrackingCookie.Information : Cleaned.
:mozilla.202:C:\Documents and Settings\JCheung\Application Data\Mozilla\Profiles\default\nh4az22g.slt\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.203:C:\Documents and Settings\JCheung\Application Data\Mozilla\Profiles\default\nh4az22g.slt\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.204:C:\Documents and Settings\JCheung\Application Data\Mozilla\Profiles\default\nh4az22g.slt\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.191:C:\Documents and Settings\JCheung\Application Data\Mozilla\Profiles\default\nh4az22g.slt\cookies.txt -> TrackingCookie.Masterstats : Cleaned.
:mozilla.137:C:\Documents and Settings\JCheung\Application Data\Mozilla\Profiles\default\nh4az22g.slt\cookies.txt -> TrackingCookie.Paycounter : Cleaned.
C:\Documents and Settings\JCheung\Cookies\jcheung@www.paypal[1].txt -> TrackingCookie.Paypal : Cleaned.
:mozilla.35:C:\Documents and Settings\JCheung\Application Data\Mozilla\Profiles\default\nh4az22g.slt\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.36:C:\Documents and Settings\JCheung\Application Data\Mozilla\Profiles\default\nh4az22g.slt\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.37:C:\Documents and Settings\JCheung\Application Data\Mozilla\Profiles\default\nh4az22g.slt\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.38:C:\Documents and Settings\JCheung\Application Data\Mozilla\Profiles\default\nh4az22g.slt\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.139:C:\Documents and Settings\JCheung\Application Data\Mozilla\Profiles\default\nh4az22g.slt\cookies.txt -> TrackingCookie.Qksrv : Cleaned.
:mozilla.140:C:\Documents and Settings\JCheung\Application Data\Mozilla\Profiles\default\nh4az22g.slt\cookies.txt -> TrackingCookie.Qksrv : Cleaned.
:mozilla.145:C:\Documents and Settings\JCheung\Application Data\Mozilla\Profiles\default\nh4az22g.slt\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.146:C:\Documents and Settings\JCheung\Application Data\Mozilla\Profiles\default\nh4az22g.slt\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.147:C:\Documents and Settings\JCheung\Application Data\Mozilla\Profiles\default\nh4az22g.slt\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.148:C:\Documents and Settings\JCheung\Application Data\Mozilla\Profiles\default\nh4az22g.slt\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.149:C:\Documents and Settings\JCheung\Application Data\Mozilla\Profiles\default\nh4az22g.slt\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.150:C:\Documents and Settings\JCheung\Application Data\Mozilla\Profiles\default\nh4az22g.slt\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.151:C:\Documents and Settings\JCheung\Application Data\Mozilla\Profiles\default\nh4az22g.slt\cookies.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.14:C:\RECYCLER\NPROTECT\00023119.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.15:C:\RECYCLER\NPROTECT\00023119.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.16:C:\RECYCLER\NPROTECT\00023119.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.85:C:\Documents and Settings\JCheung\Application Data\Mozilla\Profiles\default\nh4az22g.slt\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.156:C:\Documents and Settings\JCheung\Application Data\Mozilla\Profiles\default\nh4az22g.slt\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.157:C:\Documents and Settings\JCheung\Application Data\Mozilla\Profiles\default\nh4az22g.slt\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.158:C:\Documents and Settings\JCheung\Application Data\Mozilla\Profiles\default\nh4az22g.slt\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.159:C:\Documents and Settings\JCheung\Application Data\Mozilla\Profiles\default\nh4az22g.slt\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.51:C:\Documents and Settings\JCheung\Application Data\Mozilla\Profiles\default\nh4az22g.slt\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.54:C:\Documents and Settings\JCheung\Application Data\Mozilla\Profiles\default\nh4az22g.slt\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.55:C:\Documents and Settings\JCheung\Application Data\Mozilla\Profiles\default\nh4az22g.slt\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.56:C:\Documents and Settings\JCheung\Application Data\Mozilla\Profiles\default\nh4az22g.slt\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.57:C:\Documents and Settings\JCheung\Application Data\Mozilla\Profiles\default\nh4az22g.slt\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.58:C:\Documents and Settings\JCheung\Application Data\Mozilla\Profiles\default\nh4az22g.slt\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.59:C:\Documents and Settings\JCheung\Application Data\Mozilla\Profiles\default\nh4az22g.slt\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.60:C:\Documents and Settings\JCheung\Application Data\Mozilla\Profiles\default\nh4az22g.slt\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.61:C:\Documents and Settings\JCheung\Application Data\Mozilla\Profiles\default\nh4az22g.slt\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.62:C:\Documents and Settings\JCheung\Application Data\Mozilla\Profiles\default\nh4az22g.slt\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.63:C:\Documents and Settings\JCheung\Application Data\Mozilla\Profiles\default\nh4az22g.slt\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.64:C:\Documents and Settings\JCheung\Application Data\Mozilla\Profiles\default\nh4az22g.slt\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.65:C:\Documents and Settings\JCheung\Application Data\Mozilla\Profiles\default\nh4az22g.slt\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.66:C:\Documents and Settings\JCheung\Application Data\Mozilla\Profiles\default\nh4az22g.slt\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.67:C:\Documents and Settings\JCheung\Application Data\Mozilla\Profiles\default\nh4az22g.slt\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.68:C:\Documents and Settings\JCheung\Application Data\Mozilla\Profiles\default\nh4az22g.slt\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.69:C:\Documents and Settings\JCheung\Application Data\Mozilla\Profiles\default\nh4az22g.slt\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.70:C:\Documents and Settings\JCheung\Application Data\Mozilla\Profiles\default\nh4az22g.slt\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.71:C:\Documents and Settings\JCheung\Application Data\Mozilla\Profiles\default\nh4az22g.slt\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.72:C:\Documents and Settings\JCheung\Application Data\Mozilla\Profiles\default\nh4az22g.slt\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.73:C:\Documents and Settings\JCheung\Application Data\Mozilla\Profiles\default\nh4az22g.slt\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
C:\Documents and Settings\JCheung\Cookies\jcheung@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.164:C:\Documents and Settings\JCheung\Application Data\Mozilla\Profiles\default\nh4az22g.slt\cookies.txt -> TrackingCookie.Toplist : Cleaned.
:mozilla.165:C:\Documents and Settings\JCheung\Application Data\Mozilla\Profiles\default\nh4az22g.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.166:C:\Documents and Settings\JCheung\Application Data\Mozilla\Profiles\default\nh4az22g.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.179:C:\Documents and Settings\JCheung\Application Data\Mozilla\Profiles\default\nh4az22g.slt\cookies.txt -> TrackingCookie.Yadro : Cleaned.
:mozilla.180:C:\Documents and Settings\JCheung\Application Data\Mozilla\Profiles\default\nh4az22g.slt\cookies.txt -> TrackingCookie.Yadro : Cleaned.
:mozilla.184:C:\Documents and Settings\JCheung\Application Data\Mozilla\Profiles\default\nh4az22g.slt\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.

::Report end

pechenegs · May 28, 2007

go to this site and download these tools and once you get both
adaware Se 1.6 and spybot, update both of them.

Set adaware to do a full system scan and deselect, "search for neglible risk
entries". Click next to start the scan. Delete everything adaware finds.

reboot and now run spybot

Spybot: Search and destroy.

Delete what spybot finds marked in red. After updating spybot hit the
immunize button.

Download the Trial version of Superantispyware Pro (SAS):

http://www.superantispyware.com/supe....html?rid=3132

Once downloaded and installed update the defintions
and then run a full system scan quarantine what it finds!

* Double-click SUPERAntiSypware.exe and use the default settings for installation.
* An icon will be created on your desktop. Double-click that icon to launch the program.
* If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)

http://www.superantispyware.com/definitions.html

* Under "Configuration and Preferences", click the Preferences button.
* Click the Scanning Control tab.
* Under Scanner Options make sure the following are checked (leave all others unchecked):
o Close browsers before scanning.
o Scan for tracking cookies.
o Terminate memory threats before quarantining.
* Click the "Close" button to leave the control center screen.
* Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
* On the left, make sure you check C:\Fixed Drive.
* On the right, under "Complete Scan", choose Perform Complete Scan.
* Click "Next" to start the scan. Please be patient while it scans your computer.
* After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
* Make sure everything has a checkmark next to it and click "Next".
* A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
* If asked if you want to reboot, click "Yes".
* To retrieve the removal information after reboot, launch SUPERAntispyware again.
o Click Preferences, then click the Statistics/Logs tab.
o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
o If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
o Please copy and paste the Scan Log results in your next reply.
* Click Close to exit the program.

All tools can be downloaded at the link below and found on that page!

. SUPERAntiSpyware
. SpyBot search and destroy
. AdAware SE personal

http://www.majorgeeks.com/downloads31.html

Make sure your ActiveX controls are set as follows:

Go to Internet Options - Security - Internet, press 'default level', then OK.
Now press "Custom Level."

In the ActiveX section, set the first two options (Download signed and
unsigned ActiveX controls) to 'prompt', and 'Initialize and Script ActiveX
controls not marked as safe" to 'disable'.

Active X settings

http://www.compu-docs.com/activex.htm

Run ActiveScan online virus scan here

http://www.pandasoftware.com/products/activescan.htm

When the scan is finished, anything that it cannot clean have it delete it.
Make a note of the file location of anything that cannot be deleted so you
can delete it yourself.
- Save the results from the scan!

make sure autoclean is enabled on the scans

post another log, the panda scna log and the super log!

Member of ASAP Alliance of Security Analysis Professionals

under the name khazars

cheungjc · May 28, 2007

Please take a look to the 2 logs, I had manually deleted the "not disinfected" files from the panda scan file except the one in C:\recycler\nprotect\00023119.txt[.atwola.com/], because I can't find it. The other files are deleted in the recycle bin now, but the recycle bin has not empty yet.

The following is the panda scan log:

Incident Status Location

Adware:adware/cws Not disinfected C:\Documents and Settings\JCheung\Favorites\health
Spyware:Cookie/AdDynamix Not disinfected C:\Documents and Settings\JCheung\Cookies\jcheung@ads.addynamix[1].txt
Potentially unwanted tool:Application/Psshutdown.A Not disinfected C:\download\EPS_High-End_System_v1_test.wal[shutdown.exe]
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\download\hijack-help\ComboFix.exe[ComboFixT\nircmd.exe]
Potentially unwanted tool:Application/SystemDoctor2006 Not disinfected C:\Program Files\Spyware Doctor\swdsvc.exe
Spyware:Cookie/Atwola Not disinfected C:\RECYCLER\NPROTECT\00023119.txt[.atwola.com/]
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\WINDOWS\nircmd.exe The following is the SuperAntiSpyware log:
SUPERAntiSpyware Scan Log

http://www.superantispyware.com

Generated 05/28/2007 at 08:31 PM

Application Version : 3.8.1002

Core Rules Database Version : 3245
Trace Rules Database Version: 1256

Scan type : Complete Scan
Total Scan Time : 01:28:10

Memory items scanned : 329
Memory threats detected : 0
Registry items scanned : 5439
Registry threats detected : 0
File items scanned : 64463
File threats detected : 29

Adware.Tracking Cookie
C:\Documents and Settings\JCheung\Cookies\jcheung@members.tripod[1].txt
C:\Documents and Settings\JCheung\Cookies\jcheung@orange[1].txt
C:\Documents and Settings\JCheung\Cookies\jcheung@1698736[1].txt
C:\Documents and Settings\JCheung\Cookies\jcheung@m1.webstats.motigo[1].txt
C:\Documents and Settings\JCheung\Cookies\jcheung@orange-nl[1].txt
C:\Documents and Settings\JCheung\Cookies\jcheung@ad[1].txt
C:\Documents and Settings\JCheung\Cookies\jcheung@cgi-bin[2].txt
C:\Documents and Settings\JCheung\Cookies\jcheung@upspiral[2].txt
C:\Documents and Settings\JCheung\Cookies\jcheung@itxt.vibrantmedia[1].txt
C:\Documents and Settings\JCheung\Cookies\jcheung@atwola[1].txt
C:\Documents and Settings\JCheung\Cookies\jcheung@ads.adbrite[2].txt
C:\Documents and Settings\JCheung\Cookies\jcheung@cgi-bin[1].txt
C:\Documents and Settings\JCheung\Cookies\jcheung@www.dealtime[2].txt
C:\Documents and Settings\JCheung\Cookies\jcheung@adopt.specificclick[2].txt
C:\Documents and Settings\JCheung\Cookies\jcheung@sales.liveperson[2].txt
C:\Documents and Settings\JCheung\Cookies\jcheung@html[1].txt
C:\Documents and Settings\JCheung\Cookies\jcheung@partner2profit[1].txt
C:\Documents and Settings\JCheung\Cookies\jcheung@cpvfeed[2].txt
C:\Documents and Settings\JCheung\Cookies\jcheung@74613876[2].txt
C:\Documents and Settings\JCheung\Cookies\jcheung@www.upspiral[1].txt
C:\Documents and Settings\JCheung\Cookies\jcheung@qnsr[1].txt
C:\Documents and Settings\JCheung\Cookies\jcheung@3.adbrite[1].txt
C:\Documents and Settings\JCheung\Cookies\jcheung@gostats[2].txt
C:\Documents and Settings\JCheung\Cookies\jcheung@mediadetail[1].txt

Adware.WhenU
C:\Program Files\Common Files\WhenU

Registry Cleaner Trial
C:\Documents and Settings\JCheung\Application Data\Registry Cleaner\Backups\2007-04-19,21-48 40 859.zip
C:\Documents and Settings\JCheung\Application Data\Registry Cleaner\Backups
C:\Documents and Settings\JCheung\Application Data\Registry Cleaner\Regclean.ini
C:\Documents and Settings\JCheung\Application Data\Registry Cleaner

pechenegs · May 29, 2007

post another hijakc this log.

Hows' things running now any better?

Member of ASAP Alliance of Security Analysis Professionals

under the name khazars

cheungjc · May 29, 2007

Right now, Google is not redirecting now. thank you.
Right now, I have both AVG Anti-Spyware and SuperAntiSpyware in the system, should I take away one?
This is the hijack this log:

Logfile of HijackThis v1.99.1
Scan saved at 4:55:05 PM, on 5/29/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HijackThis\HijackThis.exe

N3 - Netscape 7: user_pref("browser.startup.homepage", "

http://www.netscape.com");

(C:\Documents and Settings\JCheung\Application Data\Mozilla\Profiles\default\nh4az22g.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CPROGRA%7E1%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\JCheung\Application Data\Mozilla\Profiles\default\nh4az22g.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) -

https://activatemydsl.verizon.net/sdcCommon/download/tgctlcm.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -

http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} -

http://download.games.yahoo.com/games/web_games/popcap/insaniquarium/popcaploader_v6.cab

O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} -

http://download.abacast.com/download/files/abasetup162.cab

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - Unknown owner - C:\Program Files\Spyware Doctor\swdsvc.exe (file missing)
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

pechenegs · May 29, 2007

no keep them both!

You should now turn off system restore to flush out the bad restore points and
then re-enable it and make a new clean restore point.

How to turn off system restore

http://service1.symantec.com/SUPPOR...2001111912274039?OpenDocument&src=sec_doc_nam

http://support.microsoft.com/default.aspx?scid=kb;[LN];310405

Here's some free tools to keep you from getting infected in the future.

To stop reinfection get spywareblaster from

http://www.javacoolsoftware.com/downloads.html

get the hosts file from here.Unzip it to a folder!

http://www.mvps.org/winhelp2002/hosts.htm

put it into : or click the mvps bat and it should do it for you!

Windows XP = C:\WINDOWS\SYSTEM32\DRIVERS\ETC
Windows 2K = C:\WINNT\SYSTEM32\DRIVERS\ETC
Win 98\ME = C:\WINDOWS

ie-spyad.Puts over 5000 sites in your restricted zone so you'll be protected

when you visit innocent-looking sites that aren't actually innocent at all.

http://www.spywarewarrior.com/uiuc/resource.htm

BoClean. Anti trojan and much more, Free from Comodo!

http://www.comodo.com/boclean/boclean.html

Spyware Terminator

http://www.spywareterminator.com/dnl/landing.aspx

In spyware terminator, click real time protection and tick the box to use
real time protection and tick all the boxes except file exceptions shield.
If your confident in using its advanced feature, click advanced and tick
the HIPS box.

If you want to install and uninstall programs it is best to
temporarily disable Spyware terminator and then re-enable it after you
have installed or uninstalled a program as it will create a lot of pop ups asking you do you wish this to happen!

Right click spyware terminator on the bottom right of your status bar and
choose exit.Then tick the box and that is spyware terminator disabled!

Use spybot's immunize button and use spywareblaster' enable
protection once you update it. you can put spybot's hosts file into
your own and lock it.

I would also suggest switching to Mozilla's firefox browser, it's safer, has
a built in pop up blocker, blocks cookies and adds. Mozilla Thunderbird is also a good
e-mail client.

http://www.mozilla.org/

Another good and free browser is Opera!

http://www.opera.com/

Read here to see how to tighten your security:

http://forums.techguy.org/t208517.html

A good overall guide for firewalls, anti-virus, and anti-trojans as well as
regular spyware cleaners.

http://www.firewallguide.com/anti-trojan.htm

Member of ASAP Alliance of Security Analysis Professionals

under the name khazars

Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

help to stop google redirect.... 1

cheungjc

Technical User

pechenegs

MIS

adam144

Technical User

cheungjc

Technical User

pechenegs

MIS

cheungjc

Technical User

cheungjc

Technical User

cheungjc

Technical User

pechenegs

MIS

cheungjc

Technical User

pechenegs

MIS

cheungjc

Technical User

pechenegs

MIS

Similar threads

Part and Inventory Search

Sponsor