Thread: windows crashing please help!
View Single Post
Old 05-06-2007, 01:25 PM   #6 (permalink)
tjnguyen
Registered User
 
Join Date: May 2007
Posts: 31
OS: XP


Re: windows crashing please help!
ok here it is, im going to post the Hijackthis log file in my reply and ill attach the 2 other files because its really long and thought it would be easier for u to read it that way

"Thuan Nguyen" - 2007-05-06 2:14:49 Service Pack 2
ComboFix 07-05.07.1.V - Running from: "C:\Documents and Settings\Thuan Nguyen\Desktop\"


(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\wcpsu.exe
C:\WINDOWS\system32\wcpsvsu.exe
~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
Folders Quarantined:
C:\qoobox\purity\C\DOCUME~1
C:\qoobox\purity\C\DOCUME~1\THUANN~1
C:\qoobox\purity\C\DOCUME~1\THUANN~1\APPLIC~1
C:\qoobox\purity\C\DOCUME~1\THUANN~1\MYDOCU~1
C:\qoobox\purity\C\DOCUME~1\THUANN~1\APPLIC~1\MBOLS~1
C:\qoobox\purity\C\DOCUME~1\THUANN~1\APPLIC~1\RACLE~1
C:\qoobox\purity\C\DOCUME~1\THUANN~1\APPLIC~1\SSTEM3~1
C:\qoobox\purity\C\DOCUME~1\THUANN~1\APPLIC~1\STEM~1
C:\qoobox\purity\C\DOCUME~1\THUANN~1\APPLIC~1\TSKS~1
C:\qoobox\purity\C\DOCUME~1\THUANN~1\MYDOCU~1\ICROSO~1
C:\qoobox\purity\C\DOCUME~1\THUANN~1\MYDOCU~1\SMANTE~1
C:\qoobox\purity\C\Program Files\CROSOF~1
C:\qoobox\purity\C\Program Files\FNTS~1
C:\qoobox\purity\C\Program Files\MANTEC~1
C:\qoobox\purity\C\Program Files\MCROSO~1
C:\qoobox\purity\C\Program Files\SKS~1
C:\qoobox\purity\C\Program Files\Common Files\SKS~1
C:\qoobox\purity\C\Program Files\Common Files\SSTEM~1
C:\qoobox\purity\C\Program Files\Common Files\WNSXS~1
C:\qoobox\purity\C\Program Files\Common Files\YSTEM~1
C:\qoobox\purity\C\WINDOWS\PPATCH~1
C:\qoobox\purity\C\WINDOWS\RACLE~1
C:\qoobox\purity\C\WINDOWS\TSKS~1
C:\qoobox\purity\C\WINDOWS\WNSXS~1
C:\qoobox\purity\C\WINDOWS\system32\MANTEC~1
C:\qoobox\purity\C\WINDOWS\system32\MBOLS~1
C:\qoobox\purity\C\WINDOWS\system32\RACLE~1
C:\qoobox\purity\C\WINDOWS\system32\YMANTE~1
C:\qoobox\purity\C\WINDOWS\system32\YSTEM~1


((((((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_NETWORK_MONITOR


((((((((((((((((((((((((((((((( Files Created from 2007-04-06 to 2007-05-06 ))))))))))))))))))))))))))))))))))


2007-05-06 12:23 <DIR> d-------- C:\Deckard
2007-05-04 21:58 <DIR> d-------- C:\WINDOWS\LastGood
2007-05-04 21:16 12,291,078 --a------ C:\avg7qt(2).dat
2007-05-04 20:41 <DIR> d-------- C:\Program Files\Grisoft(2)
2007-05-04 20:41 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Grisoft(2)
2007-05-01 23:42 4,980,736 --a------ C:\DOCUME~1\THUANN~1\ntuser.dat
2007-04-19 17:48 <DIR> d-------- C:\Program Files\Xilisoft
2007-04-19 17:40 395,776 --a------ C:\WINDOWS\system32\libmplayer.dll
2007-04-19 17:40 262,144 --a------ C:\WINDOWS\system32\TomsMoComp_ff.dll
2007-04-19 17:40 2,255,360 --a------ C:\WINDOWS\system32\libavcodec.dll
2007-04-19 17:40 112,640 --a------ C:\WINDOWS\system32\libmpeg2_ff.dll
2007-04-19 17:40 <DIR> d-------- C:\Program Files\Cucusoft
2007-04-19 17:24 45,056 --a------ C:\WINDOWS\system32\WNASPI32.DLL
2007-04-19 17:24 16,512 --a------ C:\WINDOWS\system32\drivers\ASPI32.SYS
2007-04-19 16:55 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ahead
2007-04-19 16:02 <DIR> d-------- C:\DOCUME~1\THUANN~1\APPLIC~1\SlySoft
2007-04-19 16:01 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SlySoft
2007-04-19 15:58 <DIR> d-------- C:\Program Files\SlySoft
2007-04-19 14:37 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\DVD Shrink


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-05-06 17:02:36 -------- d-----w C:\DOCUME~1\THUANN~1\APPLIC~1.\WeatherStudio348
2007-05-05 01:16:08 -------- d-----w C:\Program Files\DAEMON Tools
2007-04-21 21:07:09 -------- d-----w C:\Program Files\LimeWire
2007-04-19 21:25:11 -------- d-----w C:\DOCUME~1\THUANN~1\APPLIC~1.\dvdcss
2007-04-19 20:02:30 -------- d-----w C:\DOCUME~1\THUANN~1\APPLIC~1.\SlySoft
2007-03-22 01:59:25 -------- d-----w C:\Program Files\Common Files\aolshare
2007-03-22 01:59:15 -------- d-----w C:\Program Files\Common Files\AOL
2007-03-22 01:56:43 -------- d-----w C:\Program Files\CCleaner
2007-03-17 13:43:01 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll
2007-03-08 22:39:00 51,733 ----a-w C:\WINDOWS\plugin1.dat
2007-03-08 15:36:28 577,536 ----a-w C:\WINDOWS\system32\user32.dll
2007-03-08 15:36:28 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll
2007-03-08 15:36:28 281,600 ----a-w C:\WINDOWS\system32\gdi32.dll
2007-03-08 13:47:48 1,843,584 ----a-w C:\WINDOWS\system32\win32k.sys


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
"{02478D38-C3F9-4efb-9B51-7695ECA05670}"="C:\Program Files\Yahoo!\Common\ycomp5_1_6_0.dll"
"{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}"="C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll"
"{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}"="C:\Program Files\FlashGet\jccatch.dll"
"{53707962-6F74-2D53-2644-206D7942484F}"="C:\PROGRA~1\SPYBOT~1\SDHelper.dll"
"{5CA3D70E-1895-11CF-8E15-001234567890}"="C:\WINDOWS\System32\DLA\DLASHX_W.DLL"
"{6F45AEA2-9C81-4832-8390-7134102B8DE5}"="C:\Program Files\WeatherStudio Desktop\bin\WeatherStudio Desktop.dll"
"{AA58ED58-01DD-4d91-8333-CF10577473F7}"="c:\program files\google\googletoolbar2.dll"
"{F156768E-81EF-470C-9057-481BA8380DBA}"="C:\Program Files\FlashGet\getflash.dll"
"{FFDD804F-A7F8-4395-93D2-66A85DA2BDAB}"="C:\Program Files\WeatherStudio348\bin\WeatherStudio348.dll"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"WeatherStudio Desktop"="\"C:\\Program Files\\WeatherStudio Desktop\\bin\\WeatherStudio Desktop.exe\""
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"IgfxTray"="C:\\WINDOWS\\system32\\igfxtray.exe"
"HotKeysCmds"="C:\\WINDOWS\\system32\\hkcmd.exe"
"Persistence"="C:\\WINDOWS\\system32\\igfxpers.exe"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"


HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages msv1_0\0\0
Security Packages kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages scecli\0\0

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\c:^documents and settings^all users^start menu^programs^startup^adobe reader speed launch.lnk
C:\PROGRA~1\Adobe\ACROBA~2.0\Reader\READER~1.EXE

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\c:^documents and settings^all users^start menu^programs^startup^america online 9.0 tray icon.lnk
C:\PROGRA~1\AMERIC~1.0\aoltray.exe -check

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\c:^documents and settings^all users^start menu^programs^startup^digital line detect.lnk
C:\PROGRA~1\DIGITA~1\DLG.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bgmonitor_{79662e04-7c6c-4d9f-84c7-88d8a56b10aa}
"C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\btcliveupdate
"C:\Program Files\LiveUpdate\LiveUpdate.exe" /autostart

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccapp
"C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\corel photo downloader
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe
C:\WINDOWS\system32\ctfmon.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\daemon tools
"C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dellsupport
"C:\Program Files\Dell Support\DSAgnt.exe" /startup

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla
C:\WINDOWS\System32\DLA\DLACTRLW.EXE

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dmxlauncher
C:\Program Files\Dell\Media Experience\DMXLauncher.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dropspam lifestyle
"C:\Program Files\dslifestyle\dslifestyle.exe"

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd
C:\WINDOWS\system32\hkcmd.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers
C:\WINDOWS\system32\igfxpers.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray
C:\WINDOWS\system32\igfxtray.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ipinsightlan 01
"C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ipinsightmonitor 01
"C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe"

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\isuspm startup
"C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\isusscheduler
"C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ituneshelper
"C:\Program Files\iTunes\iTunesHelper.exe"

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msgcenterexe
"C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe" -osboot

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mskdetectorexe
C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msmsgs
"C:\Program Files\Messenger\msmsgs.exe" /background

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nerofiltercheck
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\norton ghost 10.0
"C:\Program Files\Norton Ghost\Agent\GhostTray.exe"

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\quicktime task
"C:\Program Files\QuickTime\qttask.exe" -atboottime

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\soundmaxpnp
C:\Program Files\Analog Devices\Core\smax4pnp.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sunjavaupdatesched
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tkbellexe
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ybrowser
C:\Program Files\Yahoo!\browser\ybrwicon.exe


[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter HTTPFilter\0\0
LocalService Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService DnsCache\0\0
DcomLaunch DcomLaunch\0TermService\0\0
rpcss RpcSs\0\0
imgsvc StiSvc\0\0
termsvcs TermService\0\0
WudfServiceGroup WUDFSvc\0\0




*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_HTTPFILTER

********************************************************************

catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-05-06 02:16:25
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


********************************************************************

Completion time: 2007-05-06 2:16:33
C:\ComboFix-quarantined-files.txt ... 2007-05-06 02:16



Incident Status Location

Adware:Adware/Comet Not disinfected C:\Program Files\WeatherStudio348\bin\WeatherStudio348.dll
Adware:adware/commad Not disinfected Windows Registry
Adware:adware/sqwire Not disinfected Windows Registry
Adware:adware/seekmo Not disinfected Windows Registry
Adware:adware/dropspam Not disinfected Windows Registry
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Thuan Nguyen\Application Data\Mozilla\Firefox\Profiles\4n2rprq8.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Thuan Nguyen\Application Data\Mozilla\Firefox\Profiles\4n2rprq8.default\cookies.txt[.2o7.net/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Thuan Nguyen\Application Data\Mozilla\Firefox\Profiles\4n2rprq8.default\cookies.txt[.112.2o7.net/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Thuan Nguyen\Application Data\Mozilla\Firefox\Profiles\4n2rprq8.default\cookies.txt[.2o7.net/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Thuan Nguyen\Application Data\Mozilla\Firefox\Profiles\4n2rprq8.default\cookies.txt[.112.2o7.net/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Thuan Nguyen\Application Data\Mozilla\Firefox\Profiles\4n2rprq8.default\cookies.txt[.2o7.net/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Thuan Nguyen\Application Data\Mozilla\Firefox\Profiles\4n2rprq8.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Thuan Nguyen\Application Data\Mozilla\Firefox\Profiles\4n2rprq8.default\cookies.txt[.advertising.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Thuan Nguyen\Application Data\Mozilla\Firefox\Profiles\4n2rprq8.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Thuan Nguyen\Application Data\Mozilla\Firefox\Profiles\4n2rprq8.default\cookies.txt[.hitbox.com/]
Spyware:Cookie/AdDynamix Not disinfected C:\Documents and Settings\Thuan Nguyen\Application Data\Mozilla\Firefox\Profiles\4n2rprq8.default\cookies.txt[.ads.addynamix.com/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Thuan Nguyen\Application Data\Mozilla\Firefox\Profiles\4n2rprq8.default\cookies.txt[.statcounter.com/]
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Thuan Nguyen\Application Data\Mozilla\Firefox\Profiles\4n2rprq8.default\cookies.txt[.adrevolver.com/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Thuan Nguyen\Application Data\Mozilla\Firefox\Profiles\4n2rprq8.default\cookies.txt[.mediaplex.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Thuan Nguyen\Application Data\Mozilla\Firefox\Profiles\4n2rprq8.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Thuan Nguyen\Application Data\Mozilla\Firefox\Profiles\4n2rprq8.default\cookies.txt[www.burstbeacon.com/]
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Thuan Nguyen\Application Data\Mozilla\Firefox\Profiles\4n2rprq8.default\cookies.txt[.burstnet.com/]
Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\Thuan Nguyen\Application Data\Mozilla\Firefox\Profiles\4n2rprq8.default\cookies.txt[.tradedoubler.com/]
Spyware:Cookie/Findwhat Not disinfected C:\Documents and Settings\Thuan Nguyen\Application Data\Mozilla\Firefox\Profiles\4n2rprq8.default\cookies.txt[.findwhat.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Thuan Nguyen\Application Data\Mozilla\Firefox\Profiles\4n2rprq8.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Thuan Nguyen\Application Data\Mozilla\Firefox\Profiles\4n2rprq8.default\cookies.txt[.247realmedia.com/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Thuan Nguyen\Application Data\Mozilla\Firefox\Profiles\4n2rprq8.default\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Thuan Nguyen\Application Data\Mozilla\Firefox\Profiles\4n2rprq8.default\cookies.txt[.belnk.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Thuan Nguyen\Application Data\Mozilla\Firefox\Profiles\4n2rprq8.default\cookies.txt[.bs.serving-sys.com/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Thuan Nguyen\Application Data\Mozilla\Firefox\Profiles\4n2rprq8.default\cookies.txt[.com.com/]
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Thuan Nguyen\Application Data\Mozilla\Firefox\Profiles\4n2rprq8.default\cookies.txt[.dist.belnk.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Thuan Nguyen\Application Data\Mozilla\Firefox\Profiles\4n2rprq8.default\cookies.txt[.overture.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Thuan Nguyen\Application Data\Mozilla\Firefox\Profiles\4n2rprq8.default\cookies.txt[.perf.overture.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Thuan Nguyen\Application Data\Mozilla\Firefox\Profiles\4n2rprq8.default\cookies.txt[.questionmarket.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Thuan Nguyen\Application Data\Mozilla\Firefox\Profiles\4n2rprq8.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\Thuan Nguyen\Application Data\Mozilla\Firefox\Profiles\4n2rprq8.default\cookies.txt[.revenue.net/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Thuan Nguyen\Application Data\Mozilla\Firefox\Profiles\4n2rprq8.default\cookies.txt[.serving-sys.com/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Thuan Nguyen\Application Data\Mozilla\Firefox\Profiles\4n2rprq8.default\cookies.txt[.trafficmp.com/]
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Thuan Nguyen\Application Data\Mozilla\Firefox\Profiles\4n2rprq8.default\cookies.txt[.xiti.com/]
Spyware:Cookie/Humanclick Not disinfected C:\Documents and Settings\Thuan Nguyen\Application Data\Mozilla\Firefox\Profiles\4n2rprq8.default\cookies.txt[hc2.humanclick.com/]
Spyware:Cookie/Humanclick Not disinfected C:\Documents and Settings\Thuan Nguyen\Application Data\Mozilla\Firefox\Profiles\4n2rprq8.default\cookies.txt[hc2.humanclick.com/hc/24283736]
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Thuan Nguyen\Application Data\Mozilla\Firefox\Profiles\4n2rprq8.default\cookies.txt[searchportal.information.com/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Thuan Nguyen\Application Data\Mozilla\Firefox\Profiles\4n2rprq8.default\cookies.txt[server.iad.liveperson.net/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Thuan Nguyen\Application Data\Mozilla\Firefox\Profiles\4n2rprq8.default\cookies.txt[server.iad.liveperson.net/hc/27745790]
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Documents and Settings\Thuan Nguyen\Desktop\ComboFix.exe[ComboFixT\nircmd.exe]
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Documents and Settings\Thuan Nguyen\Local Settings\Application Data\Mozilla\Firefox\Profiles\4n2rprq8.default\Cache\7ED6F4AAd01[ComboFixT\nircmd.exe]
Adware:Adware/SaveNow Not disinfected C:\Program Files\DAEMON Tools\SetupDTSB.exe
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\WINDOWS\nircmd.exe
Adware:Adware/CommAd Not disinfected C:\WINDOWS\VGh1YW4gTmd1eWVu\p31Ysqb0nAxYyqpR.vbs


Logfile of HijackThis v1.99.1
Scan saved at 3:23:00 AM, on 5/6/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://dsl.sbc.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Common\ycomp5_1_6_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: (no name) - {6F45AEA2-9C81-4832-8390-7134102B8DE5} - C:\Program Files\WeatherStudio Desktop\bin\WeatherStudio Desktop.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O2 - BHO: (no name) - {FFDD804F-A7F8-4395-93D2-66A85DA2BDAB} - C:\Program Files\WeatherStudio348\bin\WeatherStudio348.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5_1_6_0.dll
O3 - Toolbar: WeatherStudio Toolbar - {15757333-2BCA-4B77-A807-D0955132F812} - C:\Program Files\WeatherStudio348\bin\WeatherStudio348.dll
O4 - HKLM\..\Run: [WeatherStudio Desktop] "C:\Program Files\WeatherStudio Desktop\bin\WeatherStudio Desktop.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE
Attached Files
File Type: txt Activescan.txt (18.0 KB, 3 views)
File Type: txt ComboFix.txt (11.9 KB, 1 views)
Last edited by Ried; 05-06-2007 at 07:29 PM.
tjnguyen is offline