Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected With Vbs:solow Worm


  • Please log in to reply
9 replies to this topic

#1 ahbean

ahbean

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:15 AM

Posted 03 May 2007 - 04:26 PM

I noticed that one of my file C:\.MS32DLL.dll.vbs sometimes suddenly appear and dissappear in my C drive, which is my main drive a couple of months back. Since i have Avast! antivirus installed, I was thinking that the .MS32DLL.dll.vbs wouldn't be a virus. I need some search on what .MS32DLL.dll file was, and i found some results. Some of them said that it is needed computer, some says its a virus of some kind. Only this morning my Avast antivirus scanner detected that this file is infected with a virus. I need a scheduled boot scanning to no avail and did all the stuffs in the preparation guide. Below is my Logfile, could someone help me out please? :thumbsup:

Logfile of HijackThis v1.99.1
Scan saved at 5:10:38 AM, on 5/4/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\USB Product Driver v2.27r011\shwicon.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\wscript.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\FlashGet\flashget.exe
C:\Program Files\Azureus\Azureus.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\HijackThis\HijackThis.exe

O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [ShowIcon_TOSHIBA_USB Product Driver v2.27r011] "C:\Program Files\USB Product Driver v2.27r011\shwicon.exe" -t"TOSHIBA\USB Product Driver v2.27r011"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [winboot] wscript.exe /E:vbs C:\WINDOWS\boot.ini
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [MS32DLL] C:\WINDOWS\.MS32DLL.dll.vbs
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: wampapache - Unknown owner - c:\wamp\apache2\bin\Apache.exe" -k runservice (file missing)
O23 - Service: wampmysqld - Unknown owner - c:\wamp\mysql\bin\mysqld-nt.exe

BC AdBot (Login to Remove)

 


#2 jurgenv

jurgenv

  • Members
  • 1,093 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:07:15 PM

Posted 04 May 2007 - 05:26 PM

* Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
  • Doubleclick the drweb-cureit.exe file and Allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, Click Options > Change settings
  • Choose the "Scan"-tab, remove the mark at "Heuristic analysis".
  • Back at the main window, mark the drives that you want to scan.
  • Select all drives. A red dot shows which drives have been chosen.
  • Click the green arrow at the right, and the scan will start.
  • Click 'Yes to all' if it asks if you want to cure/move the file.
  • When the scan has finished, look if you can click next icon next to the files found: Posted Image
  • If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
    Posted Image
    This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
  • After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.
  • Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web you saved previously in your next reply with a new hijackthis log.

Greets Jürgenv

Donation: Click me.

#3 ahbean

ahbean
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:15 AM

Posted 07 May 2007 - 03:45 AM

Thanks for the reply early jurgenv, and sorry for the late reply from me. I was having a road trip during that weekend. I did what you told me in your instructions except that i wasn't able to do
  • # When the scan has finished, look if you can click next icon next to the files found: IPB Image
Here's the DrWeb.csv that you wanted.
boot.ini;c:\windows;VBS.Generic.548;Will be cured after reboot.;
.MS32DLL.dll.vbs;C:\;VBS.Generic.548;Deleted.;
A0071738.ini;C:\System Volume Information\_restore{3A2D8E98-4DED-4344-9604-55150F605D9F}\RP133;VBS.Generic.548;Deleted.;
A0071739.inf;C:\System Volume Information\_restore{3A2D8E98-4DED-4344-9604-55150F605D9F}\RP133;VBS.Generic.548;Deleted.;
S0071642.Acl;C:\System Volume Information\_restore{3A2D8E98-4DED-4344-9604-55150F605D9F}\RP133;Modification of RPME.WByte;Moved.;
A0071944.ini;C:\System Volume Information\_restore{3A2D8E98-4DED-4344-9604-55150F605D9F}\RP136;VBS.Generic.548;Deleted.;
A0071946.inf;C:\System Volume Information\_restore{3A2D8E98-4DED-4344-9604-55150F605D9F}\RP136;VBS.Generic.548;Deleted.;
S0071962.Acl;C:\System Volume Information\_restore{3A2D8E98-4DED-4344-9604-55150F605D9F}\RP136;VBS.Generic.548;Deleted.;
A0072418.inf;C:\System Volume Information\_restore{3A2D8E98-4DED-4344-9604-55150F605D9F}\RP137;VBS.Generic.548;Deleted.;
A0072525.ini;C:\System Volume Information\_restore{3A2D8E98-4DED-4344-9604-55150F605D9F}\RP137;VBS.Generic.548;Deleted.;
A0072527.inf;C:\System Volume Information\_restore{3A2D8E98-4DED-4344-9604-55150F605D9F}\RP137;VBS.Generic.548;Deleted.;
A0072951.inf;C:\System Volume Information\_restore{3A2D8E98-4DED-4344-9604-55150F605D9F}\RP138;VBS.Generic.548;Deleted.;
A0073044.ini;C:\System Volume Information\_restore{3A2D8E98-4DED-4344-9604-55150F605D9F}\RP138;VBS.Generic.548;Deleted.;
A0073619.inf;C:\System Volume Information\_restore{3A2D8E98-4DED-4344-9604-55150F605D9F}\RP139;VBS.Generic.548;Deleted.;
A0073729.ini;C:\System Volume Information\_restore{3A2D8E98-4DED-4344-9604-55150F605D9F}\RP139;VBS.Generic.548;Deleted.;
A0074525.ini;C:\System Volume Information\_restore{3A2D8E98-4DED-4344-9604-55150F605D9F}\RP139;VBS.Generic.548;Deleted.;
A0074621.inf;C:\System Volume Information\_restore{3A2D8E98-4DED-4344-9604-55150F605D9F}\RP140;VBS.Generic.548;Deleted.;
A0074692.ini;C:\System Volume Information\_restore{3A2D8E98-4DED-4344-9604-55150F605D9F}\RP140;VBS.Generic.548;Deleted.;
A0074932.inf;C:\System Volume Information\_restore{3A2D8E98-4DED-4344-9604-55150F605D9F}\RP141;VBS.Generic.548;Deleted.;
A0074999.ini;C:\System Volume Information\_restore{3A2D8E98-4DED-4344-9604-55150F605D9F}\RP141;VBS.Generic.548;Deleted.;
A0075060.inf;C:\System Volume Information\_restore{3A2D8E98-4DED-4344-9604-55150F605D9F}\RP142;VBS.Generic.548;Deleted.;
A0075063.ini;C:\System Volume Information\_restore{3A2D8E98-4DED-4344-9604-55150F605D9F}\RP142;VBS.Generic.548;Deleted.;
A0075160.ini;C:\System Volume Information\_restore{3A2D8E98-4DED-4344-9604-55150F605D9F}\RP142;VBS.Generic.548;Deleted.;
A0075162.inf;C:\System Volume Information\_restore{3A2D8E98-4DED-4344-9604-55150F605D9F}\RP142;VBS.Generic.548;Deleted.;
A0075519.inf;C:\System Volume Information\_restore{3A2D8E98-4DED-4344-9604-55150F605D9F}\RP143;VBS.Generic.548;Deleted.;
A0075708.ini;C:\System Volume Information\_restore{3A2D8E98-4DED-4344-9604-55150F605D9F}\RP143;VBS.Generic.548;Deleted.;
A0076161.ini;C:\System Volume Information\_restore{3A2D8E98-4DED-4344-9604-55150F605D9F}\RP143;VBS.Generic.548;Deleted.;
A0076318.inf;C:\System Volume Information\_restore{3A2D8E98-4DED-4344-9604-55150F605D9F}\RP144;VBS.Generic.548;Deleted.;
A0076385.ini;C:\System Volume Information\_restore{3A2D8E98-4DED-4344-9604-55150F605D9F}\RP144;VBS.Generic.548;Deleted.;
A0076663.inf;C:\System Volume Information\_restore{3A2D8E98-4DED-4344-9604-55150F605D9F}\RP145;VBS.Generic.548;Deleted.;
A0076768.ini;C:\System Volume Information\_restore{3A2D8E98-4DED-4344-9604-55150F605D9F}\RP145;VBS.Generic.548;Deleted.;
A0076988.ini;C:\System Volume Information\_restore{3A2D8E98-4DED-4344-9604-55150F605D9F}\RP145;VBS.Generic.548;Deleted.;
A0076990.inf;C:\System Volume Information\_restore{3A2D8E98-4DED-4344-9604-55150F605D9F}\RP145;VBS.Generic.548;Deleted.;
A0077235.inf;C:\System Volume Information\_restore{3A2D8E98-4DED-4344-9604-55150F605D9F}\RP146;VBS.Generic.548;Deleted.;
A0077361.ini;C:\System Volume Information\_restore{3A2D8E98-4DED-4344-9604-55150F605D9F}\RP146;VBS.Generic.548;Deleted.;
A0078988.ini;C:\System Volume Information\_restore{3A2D8E98-4DED-4344-9604-55150F605D9F}\RP146;VBS.Generic.548;Deleted.;
A0079152.ini;C:\System Volume Information\_restore{3A2D8E98-4DED-4344-9604-55150F605D9F}\RP146;VBS.Generic.548;Deleted.;
A0079155.inf;C:\System Volume Information\_restore{3A2D8E98-4DED-4344-9604-55150F605D9F}\RP146;VBS.Generic.548;Deleted.;
A0079193.inf;C:\System Volume Information\_restore{3A2D8E98-4DED-4344-9604-55150F605D9F}\RP147;VBS.Generic.548;Deleted.;
A0079239.ini;C:\System Volume Information\_restore{3A2D8E98-4DED-4344-9604-55150F605D9F}\RP147;VBS.Generic.548;Deleted.;
A0079242.inf;C:\System Volume Information\_restore{3A2D8E98-4DED-4344-9604-55150F605D9F}\RP147;VBS.Generic.548;Deleted.;
A0079257.ini;C:\System Volume Information\_restore{3A2D8E98-4DED-4344-9604-55150F605D9F}\RP147;VBS.Generic.548;Deleted.;
A0079259.inf;C:\System Volume Information\_restore{3A2D8E98-4DED-4344-9604-55150F605D9F}\RP147;VBS.Generic.548;Deleted.;
A0079438.ini;C:\System Volume Information\_restore{3A2D8E98-4DED-4344-9604-55150F605D9F}\RP147;VBS.Generic.548;Deleted.;
A0079440.inf;C:\System Volume Information\_restore{3A2D8E98-4DED-4344-9604-55150F605D9F}\RP147;VBS.Generic.548;Deleted.;
A0079497.inf;C:\System Volume Information\_restore{3A2D8E98-4DED-4344-9604-55150F605D9F}\RP148;VBS.Generic.548;Deleted.;
A0079511.ini;C:\System Volume Information\_restore{3A2D8E98-4DED-4344-9604-55150F605D9F}\RP148;VBS.Generic.548;Deleted.;
A0079942.inf;C:\System Volume Information\_restore{3A2D8E98-4DED-4344-9604-55150F605D9F}\RP149;VBS.Generic.548;Deleted.;
A0080047.ini;C:\System Volume Information\_restore{3A2D8E98-4DED-4344-9604-55150F605D9F}\RP149;VBS.Generic.548;Deleted.;
A0080375.ini;C:\System Volume Information\_restore{3A2D8E98-4DED-4344-9604-55150F605D9F}\RP149;VBS.Generic.548;Deleted.;
A0080767.inf;C:\System Volume Information\_restore{3A2D8E98-4DED-4344-9604-55150F605D9F}\RP150;VBS.Generic.548;Deleted.;
A0080895.ini;C:\System Volume Information\_restore{3A2D8E98-4DED-4344-9604-55150F605D9F}\RP150;VBS.Generic.548;Deleted.;
A0081212.inf;C:\System Volume Information\_restore{3A2D8E98-4DED-4344-9604-55150F605D9F}\RP151;VBS.Generic.548;Deleted.;
A0081382.ini;C:\System Volume Information\_restore{3A2D8E98-4DED-4344-9604-55150F605D9F}\RP151;VBS.Generic.548;Deleted.;
A0082372.ini;C:\System Volume Information\_restore{3A2D8E98-4DED-4344-9604-55150F605D9F}\RP151;VBS.Generic.548;Deleted.;
A0082377.inf;C:\System Volume Information\_restore{3A2D8E98-4DED-4344-9604-55150F605D9F}\RP151;VBS.Generic.548;Deleted.;
A0082474.inf;C:\System Volume Information\_restore{3A2D8E98-4DED-4344-9604-55150F605D9F}\RP152;VBS.Generic.548;Deleted.;
A0082568.ini;C:\System Volume Information\_restore{3A2D8E98-4DED-4344-9604-55150F605D9F}\RP152;VBS.Generic.548;Deleted.;
A0082570.inf;C:\System Volume Information\_restore{3A2D8E98-4DED-4344-9604-55150F605D9F}\RP152;VBS.Generic.548;Deleted.;
A0082680.ini;C:\System Volume Information\_restore{3A2D8E98-4DED-4344-9604-55150F605D9F}\RP152;VBS.Generic.548;Deleted.;
A0082682.inf;C:\System Volume Information\_restore{3A2D8E98-4DED-4344-9604-55150F605D9F}\RP152;VBS.Generic.548;Deleted.;
A0083616.ini;C:\System Volume Information\_restore{3A2D8E98-4DED-4344-9604-55150F605D9F}\RP152;VBS.Generic.548;Deleted.;
A0083618.inf;C:\System Volume Information\_restore{3A2D8E98-4DED-4344-9604-55150F605D9F}\RP152;VBS.Generic.548;Deleted.;
A0083656.ini;C:\System Volume Information\_restore{3A2D8E98-4DED-4344-9604-55150F605D9F}\RP152;VBS.Generic.548;Deleted.;
A0083658.inf;C:\System Volume Information\_restore{3A2D8E98-4DED-4344-9604-55150F605D9F}\RP152;VBS.Generic.548;Deleted.;
A0083981.inf;C:\System Volume Information\_restore{3A2D8E98-4DED-4344-9604-55150F605D9F}\RP153;VBS.Generic.548;Deleted.;
A0084056.ini;C:\System Volume Information\_restore{3A2D8E98-4DED-4344-9604-55150F605D9F}\RP153;VBS.Generic.548;Deleted.;
A0084150.inf;C:\System Volume Information\_restore{3A2D8E98-4DED-4344-9604-55150F605D9F}\RP154;VBS.Generic.548;Deleted.;
A0084158.ini;C:\System Volume Information\_restore{3A2D8E98-4DED-4344-9604-55150F605D9F}\RP154;VBS.Generic.548;Deleted.;
A0084164.inf;C:\System Volume Information\_restore{3A2D8E98-4DED-4344-9604-55150F605D9F}\RP155;VBS.Generic.548;Deleted.;
A0084222.ini;C:\System Volume Information\_restore{3A2D8E98-4DED-4344-9604-55150F605D9F}\RP155;VBS.Generic.548;Deleted.;
A0084662.ini;C:\System Volume Information\_restore{3A2D8E98-4DED-4344-9604-55150F605D9F}\RP156;VBS.Generic.548;Deleted.;
A0084664.inf;C:\System Volume Information\_restore{3A2D8E98-4DED-4344-9604-55150F605D9F}\RP156;VBS.Generic.548;Deleted.;
A0085115.inf;C:\System Volume Information\_restore{3A2D8E98-4DED-4344-9604-55150F605D9F}\RP157;VBS.Generic.548;Deleted.;
A0085296.ini;C:\System Volume Information\_restore{3A2D8E98-4DED-4344-9604-55150F605D9F}\RP157;VBS.Generic.548;Deleted.;
A0085523.ini;C:\System Volume Information\_restore{3A2D8E98-4DED-4344-9604-55150F605D9F}\RP157;VBS.Generic.548;Deleted.;
A0085525.inf;C:\System Volume Information\_restore{3A2D8E98-4DED-4344-9604-55150F605D9F}\RP157;VBS.Generic.548;Deleted.;
A0085597.inf;C:\System Volume Information\_restore{3A2D8E98-4DED-4344-9604-55150F605D9F}\RP158;VBS.Generic.548;Deleted.;
A0085795.ini;C:\System Volume Information\_restore{3A2D8E98-4DED-4344-9604-55150F605D9F}\RP158;VBS.Generic.548;Deleted.;
A0085797.inf;C:\System Volume Information\_restore{3A2D8E98-4DED-4344-9604-55150F605D9F}\RP158;VBS.Generic.548;Deleted.;
A0086037.inf;C:\System Volume Information\_restore{3A2D8E98-4DED-4344-9604-55150F605D9F}\RP159;VBS.Generic.548;Deleted.;
A0086048.ini;C:\System Volume Information\_restore{3A2D8E98-4DED-4344-9604-55150F605D9F}\RP159;VBS.Generic.548;Deleted.;
A0086453.inf;C:\System Volume Information\_restore{3A2D8E98-4DED-4344-9604-55150F605D9F}\RP160;VBS.Generic.548;Deleted.;
A0086574.ini;C:\System Volume Information\_restore{3A2D8E98-4DED-4344-9604-55150F605D9F}\RP160;VBS.Generic.548;Deleted.;
A0086602.ini;C:\System Volume Information\_restore{3A2D8E98-4DED-4344-9604-55150F605D9F}\RP160;VBS.Generic.548;Deleted.;
A0086604.inf;C:\System Volume Information\_restore{3A2D8E98-4DED-4344-9604-55150F605D9F}\RP160;VBS.Generic.548;Deleted.;
A0086733.inf;C:\System Volume Information\_restore{3A2D8E98-4DED-4344-9604-55150F605D9F}\RP161;VBS.Generic.548;Deleted.;
A0086812.ini;C:\System Volume Information\_restore{3A2D8E98-4DED-4344-9604-55150F605D9F}\RP161;VBS.Generic.548;Deleted.;
A0086993.ini;C:\System Volume Information\_restore{3A2D8E98-4DED-4344-9604-55150F605D9F}\RP161;VBS.Generic.548;Deleted.;
A0086995.inf;C:\System Volume Information\_restore{3A2D8E98-4DED-4344-9604-55150F605D9F}\RP161;VBS.Generic.548;Deleted.;
A0087106.inf;C:\System Volume Information\_restore{3A2D8E98-4DED-4344-9604-55150F605D9F}\RP162;VBS.Generic.548;Deleted.;
A0087218.ini;C:\System Volume Information\_restore{3A2D8E98-4DED-4344-9604-55150F605D9F}\RP162;VBS.Generic.548;Deleted.;
A0087995.ini;C:\System Volume Information\_restore{3A2D8E98-4DED-4344-9604-55150F605D9F}\RP162;VBS.Generic.548;Deleted.;
A0088043.inf;C:\System Volume Information\_restore{3A2D8E98-4DED-4344-9604-55150F605D9F}\RP163;VBS.Generic.548;Deleted.;
A0088093.ini;C:\System Volume Information\_restore{3A2D8E98-4DED-4344-9604-55150F605D9F}\RP163;VBS.Generic.548;Deleted.;
A0088116.ini;C:\System Volume Information\_restore{3A2D8E98-4DED-4344-9604-55150F605D9F}\RP163;VBS.Generic.548;Deleted.;
A0088208.vbs;C:\System Volume Information\_restore{3A2D8E98-4DED-4344-9604-55150F605D9F}\RP163;VBS.Generic.548;Deleted.;
A0088453.ini;C:\System Volume Information\_restore{3A2D8E98-4DED-4344-9604-55150F605D9F}\RP164;VBS.Generic.548;Deleted.;
A0088454.vbs;C:\System Volume Information\_restore{3A2D8E98-4DED-4344-9604-55150F605D9F}\RP164;VBS.Generic.548;Deleted.;
A0088478.ini;C:\System Volume Information\_restore{3A2D8E98-4DED-4344-9604-55150F605D9F}\RP164;VBS.Generic.548;Deleted.;
A0088479.vbs;C:\System Volume Information\_restore{3A2D8E98-4DED-4344-9604-55150F605D9F}\RP164;VBS.Generic.548;Deleted.;
boot.ini;C:\WINDOWS;VBS.Generic.548;Will be cured after reboot.;
boot.ini;C:\WINDOWS;VBS.Generic.548;Will be cured after reboot.;
boot.ini;C:\WINDOWS;VBS.Generic.548;Will be cured after reboot.;
boot.ini;C:\WINDOWS;VBS.Generic.548;Will be cured after reboot.;
boot.ini;C:\WINDOWS;VBS.Generic.548;Will be cured after reboot.;
boot.ini;C:\WINDOWS;VBS.Generic.548;Will be cured after reboot.;
boot.ini;C:\WINDOWS;VBS.Generic.548;Will be cured after reboot.;
boot.ini;C:\WINDOWS;VBS.Generic.548;Will be cured after reboot.;











And here's the new Hijackthis log u wanted

Logfile of HijackThis v1.99.1
Scan saved at 4:38:02 PM, on 5/7/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\USB Product Driver v2.27r011\shwicon.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft Office\Office10\EXCEL.EXE
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\HijackThis\HijackThis.exe

O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [ShowIcon_TOSHIBA_USB Product Driver v2.27r011] "C:\Program Files\USB Product Driver v2.27r011\shwicon.exe" -t"TOSHIBA\USB Product Driver v2.27r011"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [winboot] wscript.exe /E:vbs C:\WINDOWS\boot.ini
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [MS32DLL] C:\WINDOWS\.MS32DLL.dll.vbs
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: wampapache - Unknown owner - c:\wamp\apache2\bin\Apache.exe" -k runservice (file missing)
O23 - Service: wampmysqld - Unknown owner - c:\wamp\mysql\bin\mysqld-nt.exe

#4 jurgenv

jurgenv

  • Members
  • 1,093 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:07:15 PM

Posted 07 May 2007 - 09:44 AM

* First download AVG Anti-Spyware 7.5 from HERE and save that file to your desktop.
This is a 30 day trial of the program
  • Once you have downloaded AVG Anti-Spyware 7.5, locate the icon on the desktop and double-click it to launch the set up program.
  • Once the setup is complete you will need run AVG Anti-Spyware 7.5 and update the definition files.
  • Run AVG Anti-Spyware
  • From the main AVG Anti-Spyware screen, click on Update, then click the Start update button.
  • After the update finishes (the status bar at the bottom will display "Update successful")
  • Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
  • Under "Reports
  • Select "Automatically generate report after every scan"
  • Un-Select "Only if threats were found"
[/list]Close AVG Anti-Spyware 7.5, Do Not run a scan just yet, we will shortly.

* If you do not already have Ad-Aware SE 1.06 installed, follow these download and setup instructions. Also check for updates:
Ad-Aware SE Setup
Again, do NOT run a scan yet.


* Next, please reboot your computer in Safe Mode by doing the following:
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
  • Instead of Windows loading as normal, a menu should appear
  • Select the first option, to run Windows in Safe Mode.
* Next, run Ad-aware and perform a full scan. Remove everything found.
  • Lauch AVG Anti-Spyware 7.5 by double-clicking the icon on your desktop.
  • Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
  • AVG Anti-Spyware 7.5 will now begin the scanning process, be patient this may take a little time.
    Once the scan is complete do the following:
  • If you have any infections you will prompted, then select "Apply all actions"
  • Next select the "Reports" icon at the top.
  • Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
* Restart your computer in normal mode.

* Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

* After that, post a new hijackthis log here with the report of AVG antispyware.
Greets Jürgenv

Donation: Click me.

#5 ahbean

ahbean
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:15 AM

Posted 07 May 2007 - 11:30 AM

Wow, found a lot of problems with my computer after using AVG. Did what u told me and here's the log for HijackThis

Logfile of HijackThis v1.99.1
Scan saved at 12:19:39 AM, on 5/8/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\USB Product Driver v2.27r011\shwicon.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\FlashGet\flashget.exe
C:\Program Files\HijackThis\HijackThis.exe

O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [ShowIcon_TOSHIBA_USB Product Driver v2.27r011] "C:\Program Files\USB Product Driver v2.27r011\shwicon.exe" -t"TOSHIBA\USB Product Driver v2.27r011"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [winboot] wscript.exe /E:vbs C:\WINDOWS\boot.ini
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [MS32DLL] C:\WINDOWS\.MS32DLL.dll.vbs
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: wampapache - Unknown owner - c:\wamp\apache2\bin\Apache.exe" -k runservice (file missing)
O23 - Service: wampmysqld - Unknown owner - c:\wamp\mysql\bin\mysqld-nt.exe









And also here's the log for AVG

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 12:13:54 AM 5/8/2007

+ Scan result:



:mozilla.106:C:\Documents and Settings\Alvin Chee\Application Data\Mozilla\Firefox\Profiles\dlg8bduu.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.107:C:\Documents and Settings\Alvin Chee\Application Data\Mozilla\Firefox\Profiles\dlg8bduu.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.108:C:\Documents and Settings\Alvin Chee\Application Data\Mozilla\Firefox\Profiles\dlg8bduu.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.109:C:\Documents and Settings\Alvin Chee\Application Data\Mozilla\Firefox\Profiles\dlg8bduu.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.713:C:\Documents and Settings\Alvin Chee\Application Data\Mozilla\Firefox\Profiles\dlg8bduu.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.839:C:\Documents and Settings\Alvin Chee\Application Data\Mozilla\Firefox\Profiles\dlg8bduu.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.240:C:\Documents and Settings\Alvin Chee\Application Data\Mozilla\Firefox\Profiles\dlg8bduu.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.241:C:\Documents and Settings\Alvin Chee\Application Data\Mozilla\Firefox\Profiles\dlg8bduu.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.242:C:\Documents and Settings\Alvin Chee\Application Data\Mozilla\Firefox\Profiles\dlg8bduu.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.243:C:\Documents and Settings\Alvin Chee\Application Data\Mozilla\Firefox\Profiles\dlg8bduu.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.815:C:\Documents and Settings\Alvin Chee\Application Data\Mozilla\Firefox\Profiles\dlg8bduu.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.816:C:\Documents and Settings\Alvin Chee\Application Data\Mozilla\Firefox\Profiles\dlg8bduu.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.718:C:\Documents and Settings\Alvin Chee\Application Data\Mozilla\Firefox\Profiles\dlg8bduu.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.719:C:\Documents and Settings\Alvin Chee\Application Data\Mozilla\Firefox\Profiles\dlg8bduu.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.236:C:\Documents and Settings\Alvin Chee\Application Data\Mozilla\Firefox\Profiles\dlg8bduu.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.652:C:\Documents and Settings\Alvin Chee\Application Data\Mozilla\Firefox\Profiles\dlg8bduu.default\cookies.txt -> TrackingCookie.Clickbank : Cleaned.
:mozilla.833:C:\Documents and Settings\Alvin Chee\Application Data\Mozilla\Firefox\Profiles\dlg8bduu.default\cookies.txt -> TrackingCookie.Clickhype : Cleaned.
C:\Documents and Settings\Alvin Chee\Cookies\alvin chee@ads.cnn[2].txt -> TrackingCookie.Cnn : Cleaned.
:mozilla.218:C:\Documents and Settings\Alvin Chee\Application Data\Mozilla\Firefox\Profiles\dlg8bduu.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.219:C:\Documents and Settings\Alvin Chee\Application Data\Mozilla\Firefox\Profiles\dlg8bduu.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.845:C:\Documents and Settings\Alvin Chee\Application Data\Mozilla\Firefox\Profiles\dlg8bduu.default\cookies.txt -> TrackingCookie.Cqcounter : Cleaned.
:mozilla.580:C:\Documents and Settings\Alvin Chee\Application Data\Mozilla\Firefox\Profiles\dlg8bduu.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.273:C:\Documents and Settings\Alvin Chee\Application Data\Mozilla\Firefox\Profiles\dlg8bduu.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.274:C:\Documents and Settings\Alvin Chee\Application Data\Mozilla\Firefox\Profiles\dlg8bduu.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.275:C:\Documents and Settings\Alvin Chee\Application Data\Mozilla\Firefox\Profiles\dlg8bduu.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.276:C:\Documents and Settings\Alvin Chee\Application Data\Mozilla\Firefox\Profiles\dlg8bduu.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.277:C:\Documents and Settings\Alvin Chee\Application Data\Mozilla\Firefox\Profiles\dlg8bduu.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.38:C:\Documents and Settings\Alvin Chee\Application Data\Mozilla\Firefox\Profiles\dlg8bduu.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.39:C:\Documents and Settings\Alvin Chee\Application Data\Mozilla\Firefox\Profiles\dlg8bduu.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
C:\Documents and Settings\Alvin Chee\Cookies\alvin chee@search.live[1].txt -> TrackingCookie.Live : Cleaned.
C:\Documents and Settings\Alvin Chee\Cookies\alvin chee@search.msn[1].txt -> TrackingCookie.Msn : Cleaned.
:mozilla.33:C:\Documents and Settings\Alvin Chee\Application Data\Mozilla\Firefox\Profiles\dlg8bduu.default\cookies.txt -> TrackingCookie.Netflame : Cleaned.
:mozilla.237:C:\Documents and Settings\Alvin Chee\Application Data\Mozilla\Firefox\Profiles\dlg8bduu.default\cookies.txt -> TrackingCookie.Paypal : Cleaned.
:mozilla.375:C:\Documents and Settings\Alvin Chee\Application Data\Mozilla\Firefox\Profiles\dlg8bduu.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.221:C:\Documents and Settings\Alvin Chee\Application Data\Mozilla\Firefox\Profiles\dlg8bduu.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.222:C:\Documents and Settings\Alvin Chee\Application Data\Mozilla\Firefox\Profiles\dlg8bduu.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.223:C:\Documents and Settings\Alvin Chee\Application Data\Mozilla\Firefox\Profiles\dlg8bduu.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.224:C:\Documents and Settings\Alvin Chee\Application Data\Mozilla\Firefox\Profiles\dlg8bduu.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.100:C:\Documents and Settings\Alvin Chee\Application Data\Mozilla\Firefox\Profiles\dlg8bduu.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.101:C:\Documents and Settings\Alvin Chee\Application Data\Mozilla\Firefox\Profiles\dlg8bduu.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.102:C:\Documents and Settings\Alvin Chee\Application Data\Mozilla\Firefox\Profiles\dlg8bduu.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.103:C:\Documents and Settings\Alvin Chee\Application Data\Mozilla\Firefox\Profiles\dlg8bduu.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.104:C:\Documents and Settings\Alvin Chee\Application Data\Mozilla\Firefox\Profiles\dlg8bduu.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.105:C:\Documents and Settings\Alvin Chee\Application Data\Mozilla\Firefox\Profiles\dlg8bduu.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.688:C:\Documents and Settings\Alvin Chee\Application Data\Mozilla\Firefox\Profiles\dlg8bduu.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.689:C:\Documents and Settings\Alvin Chee\Application Data\Mozilla\Firefox\Profiles\dlg8bduu.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned.
C:\Documents and Settings\Alvin Chee\Cookies\alvin chee@download.skype[2].txt -> TrackingCookie.Skype : Cleaned.
:mozilla.291:C:\Documents and Settings\Alvin Chee\Application Data\Mozilla\Firefox\Profiles\dlg8bduu.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.295:C:\Documents and Settings\Alvin Chee\Application Data\Mozilla\Firefox\Profiles\dlg8bduu.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.296:C:\Documents and Settings\Alvin Chee\Application Data\Mozilla\Firefox\Profiles\dlg8bduu.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.297:C:\Documents and Settings\Alvin Chee\Application Data\Mozilla\Firefox\Profiles\dlg8bduu.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.298:C:\Documents and Settings\Alvin Chee\Application Data\Mozilla\Firefox\Profiles\dlg8bduu.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.299:C:\Documents and Settings\Alvin Chee\Application Data\Mozilla\Firefox\Profiles\dlg8bduu.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.300:C:\Documents and Settings\Alvin Chee\Application Data\Mozilla\Firefox\Profiles\dlg8bduu.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.301:C:\Documents and Settings\Alvin Chee\Application Data\Mozilla\Firefox\Profiles\dlg8bduu.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.302:C:\Documents and Settings\Alvin Chee\Application Data\Mozilla\Firefox\Profiles\dlg8bduu.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.303:C:\Documents and Settings\Alvin Chee\Application Data\Mozilla\Firefox\Profiles\dlg8bduu.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.523:C:\Documents and Settings\Alvin Chee\Application Data\Mozilla\Firefox\Profiles\dlg8bduu.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.524:C:\Documents and Settings\Alvin Chee\Application Data\Mozilla\Firefox\Profiles\dlg8bduu.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.525:C:\Documents and Settings\Alvin Chee\Application Data\Mozilla\Firefox\Profiles\dlg8bduu.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.330:C:\Documents and Settings\Alvin Chee\Application Data\Mozilla\Firefox\Profiles\dlg8bduu.default\cookies.txt -> TrackingCookie.Toplist : Cleaned.
:mozilla.659:C:\Documents and Settings\Alvin Chee\Application Data\Mozilla\Firefox\Profiles\dlg8bduu.default\cookies.txt -> TrackingCookie.Yadro : Cleaned.
:mozilla.72:C:\Documents and Settings\Alvin Chee\Application Data\Mozilla\Firefox\Profiles\dlg8bduu.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.74:C:\Documents and Settings\Alvin Chee\Application Data\Mozilla\Firefox\Profiles\dlg8bduu.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.75:C:\Documents and Settings\Alvin Chee\Application Data\Mozilla\Firefox\Profiles\dlg8bduu.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.76:C:\Documents and Settings\Alvin Chee\Application Data\Mozilla\Firefox\Profiles\dlg8bduu.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.77:C:\Documents and Settings\Alvin Chee\Application Data\Mozilla\Firefox\Profiles\dlg8bduu.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.78:C:\Documents and Settings\Alvin Chee\Application Data\Mozilla\Firefox\Profiles\dlg8bduu.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.79:C:\Documents and Settings\Alvin Chee\Application Data\Mozilla\Firefox\Profiles\dlg8bduu.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.80:C:\Documents and Settings\Alvin Chee\Application Data\Mozilla\Firefox\Profiles\dlg8bduu.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.82:C:\Documents and Settings\Alvin Chee\Application Data\Mozilla\Firefox\Profiles\dlg8bduu.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.83:C:\Documents and Settings\Alvin Chee\Application Data\Mozilla\Firefox\Profiles\dlg8bduu.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.836:C:\Documents and Settings\Alvin Chee\Application Data\Mozilla\Firefox\Profiles\dlg8bduu.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.837:C:\Documents and Settings\Alvin Chee\Application Data\Mozilla\Firefox\Profiles\dlg8bduu.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
C:\.MS32DLL.dll.vbs -> Worm.Sasan.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3A2D8E98-4DED-4344-9604-55150F605D9F}\RP165\A0088589.vbs -> Worm.Sasan.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{3A2D8E98-4DED-4344-9604-55150F605D9F}\RP165\A0088662.ini -> Worm.Sasan.a : Cleaned with backup (quarantined).


::Report end



And also i noticed that when i startup my computer, windows prompted me that it cannot detect "c:\boot.ini". I wonder if its a problem.

#6 jurgenv

jurgenv

  • Members
  • 1,093 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:07:15 PM

Posted 07 May 2007 - 11:46 AM

* Please open hijackthis and put a check next to the following:

O4 - HKLM\..\Run: [MS32DLL] C:\WINDOWS\.MS32DLL.dll.vbs

* After you check the items you want to fix, close all browsers and windows, except for HijackThis, then click on the Fix Checked button on HijackThis.

* After that, check if you still got the message prompt.
Greets Jürgenv

Donation: Click me.

#7 ahbean

ahbean
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:15 AM

Posted 07 May 2007 - 04:24 PM

Thanks a million!!! Now my computer doesn't prompt me that msg anymore. I think the VBS:Solow worm is gone and some other unidentified malware as well. Thanks a lot!!

#8 jurgenv

jurgenv

  • Members
  • 1,093 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:07:15 PM

Posted 08 May 2007 - 10:41 AM

Below I have included a number of recommendations for how to protect your computer in order to prevent future malware infections. Please take these recommendations seriously; these few simple steps can stave off the vast majority of spyware problems. As happy as we at Bleepingcomputer are to help you, for your sake we would rather not have repeat customers. :thumbsup:

1) Please navigate to http://windowsupdate.microsoft.com and download all the "critical updates" for Windows. This can patch many of the security holes through which attackers can gain access to your computer.

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates , or get into the habit of checking for Windows updates regularly. I cannot stress enough how important this is.

2) In order to protect yourself against spyware, you should consider installing and running the following free programs:

Ad-Aware SE
A tutorial on using Ad-Aware to remove spyware from your computer may be found here.

Spybot-Search & Destroy
A tutorial on using Spybot to remove spyware from your computer may be found here. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features.

SpywareBlaster
A tutorial on using SpywareBlaster to prevent spyware from ever installing on your computer may be found here.

SpywareGuard
A tutorial on using SpywareGuard for realtime protection against spyware and hijackers may be found here.

Make sure to keep these programs up-to-date and to run them regularly, as this can prevent a great deal of spyware hassle.

3) Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in popup blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from here:
http://www.mozilla.org/products/firefox/

4) Also make sure to run your antivirus software regularly, and to keep it up-to-date.


Please also read Tony Klein's excellent article: How I got Infected in the First Place

Hopefully this should take care of your problems! Good luck. :D
Greets Jürgenv

Donation: Click me.

#9 ahbean

ahbean
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:15 AM

Posted 08 May 2007 - 03:03 PM

Thanks a lot for the advice. I do have all the programs that you recommended and I also use Firefox instead of IE. IE sux.. :thumbsup: However, i do not know why i still did get infected by that worm. I think its most probably due to the lack of updating my windows because I seldom restart my computer. But really, thanks for you help and your advices. Very much appreciated.

#10 jurgenv

jurgenv

  • Members
  • 1,093 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:07:15 PM

Posted 08 May 2007 - 03:04 PM

You're welcome.
Greets Jürgenv

Donation: Click me.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users