Help - Search - Members - Calendar
Full Version: win32.trojan.downloader
Lavasoft Support Forums > Archived Topics > Archives: Resolved/Inactive Topics > Resolved/Inactive General Support Issues
lovebug513
Nov 6 2006, 08:12 AM
cant seem to delete this permanently....keep coming back

i cant seem to put log file from ad-aware
every time i copy and paste the log
and click post.... explorer close by itself.



Logfile of HijackThis v1.99.1
Scan saved at 10:57:14 PM, on 11/5/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\Internet Security\TMOAgent.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Trend Micro\Internet Security\PCClient.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Trend Micro\Internet Security\pccguide.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\lvhidsvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Lavasoft\AD-AWA~2\Ad-Watch.exe
C:\Program Files\802.11 Wireless LAN\USB 2.0 Adapter HW.32 V1.10\SiSWLSvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Trend Micro\Internet Security\Tmntsrv.exe
C:\Program Files\DU Meter\DUMETER.EXE
C:\Program Files\Trend Micro\Internet Security\tmproxy.exe
C:\Program Files\Trend Micro\Internet Security\PccPfw.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\!!!Downloads\HijackThis199.exe

R3 - URLSearchHook: (no name) - {EC709B81-586E-55B8-46E3-57C0DB5D5396} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {73364D99-1240-4dff-B12A-67E448373148} - C:\WINDOWS\system32\ipv6mons.dll
O2 - BHO: (no name) - {983443E1-740B-4EC3-AE9F-7CEF08DBF408} - C:\Program Files\WindowsUpdate\hozemod.dll (file missing)
O2 - BHO: Iconizer - {AA1A4F83-B4AC-4859-8C91-21DBE6C5625B} - C:\WINDOWS\system32\nodeipproc.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [TM Outbreak Agent] "C:\Program Files\Trend Micro\Internet Security\TMOAgent.exe" /run
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [PCClient.exe] "C:\Program Files\Trend Micro\Internet Security\PCClient.exe"
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security\pccguide.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AWMON] "C:\PROGRA~1\Lavasoft\AD-AWA~2\Ad-Watch.exe"
O4 - Startup: DU Meter (2).lnk = C:\Program Files\DU Meter\DUMETER.EXE
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Games\PartyPoker.net\partypokernet.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Games\PartyPoker.net\partypokernet.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Yahoo! Chess - http://download.games.yahoo.com/games/clients/y/ct2_x.cab
O16 - DPF: {072039AB-2117-4ED5-A85F-9B9EB903E021} (NowStarter Control) - http://www.clubbox.co.kr/neo.fld/NowStarter.cab
O16 - DPF: {4E52C32F-C143-4963-A758-2DB07703CB49} (YahooCS Class) - http://kr.memo.yahoo.com/CAB/YahooWCS.cab
O16 - DPF: {79419762-2D03-48F8-A63E-0544D95143DE} (AutoPatchOCX Control) - http://www.x2game.com/Control/AutoPatchOCX.cab
O16 - DPF: {F6E361B4-40F3-4C90-8A95-D95E0D8CBCD4} (MultiUpload Control) - http://www.clubbox.co.kr/neo.fld/MultiUpload.cab
O18 - Protocol: advert - {7DC356B2-7366-4F19-BF7A-4875F6AABEA0} - C:\WINDOWS\system32\nodeipproc.dll (file missing)
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WebCheck - C:\WINDOWS\system32\dksynth.dll (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple <a href="http://www.lavasoftsupport.com/?go=computer">Computer</a>, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Remote HID Service (LvHidSvc) - <a href="http://www.lavasoftsupport.com/philips">Philips</a> - C:\WINDOWS\System32\lvhidsvc.exe
O23 - Service: Trend Micro Personal Firewall (PccPfw) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Internet Security\PccPfw.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: SiS WirelessLan Service (SiSWLSvc) - Unknown owner - C:\Program Files\802.11 Wireless LAN\USB 2.0 Adapter HW.32 V1.10\SiSWLSvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Internet Security\Tmntsrv.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Internet Security\tmproxy.exe
lovebug513
Nov 6 2006, 08:22 AM
Ad-Aware SE Build 1.06r1
Logfile Created on:Sunday, November 05, 2006 10:38:25 PM
Using definitions file:SE1R130 02.11.2006
뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣?

References detected during the scan:
뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣?
MRU List(TAC index:0):31 total references
Possible Browser Hijack attempt(TAC index:3):14 total references
Win32.Trojan.Downloader(TAC index:10):1 total references
뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣?

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Ignore spanned files when scanning cab archives
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Block pop-ups aggressively
Set : Automatically select problematic objects in results lists
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Show splash screen
Set : Backup current definitions file before updating
Set : Play sound at scan completion if scan locates critical objects


11-5-2006 10:38:25 PM - Scan started. (Full System Scan)

MRU List Object Recognized!
Location: : C:\Documents and Settings\Kanga\Application Data\microsoft\office\recent
Description : list of recently opened documents using microsoft office


MRU List Object Recognized!
Location: : C:\Documents and Settings\Kanga\recent
Description : list of recently opened documents


MRU List Object Recognized!
Location: : S-1-5-21-1292428093-1220945662-839522115-1003\software\adobe\acrobat reader\6.0\avgeneral\crecentfiles
Description : list of recently used files in adobe reader


MRU List Object Recognized!
Location: : S-1-5-21-1292428093-1220945662-839522115-1003\software\google\navclient\1.1\history
Description : list of recently used search terms in the google toolbar


MRU List Object Recognized!
Location: : S-1-5-21-1292428093-1220945662-839522115-1003\software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d


MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d


MRU List Object Recognized!
Location: : S-1-5-21-1292428093-1220945662-839522115-1003\software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X


MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X


MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw


MRU List Object Recognized!
Location: : S-1-5-21-1292428093-1220945662-839522115-1003\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput


MRU List Object Recognized!
Location: : S-1-5-21-1292428093-1220945662-839522115-1003\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput


MRU List Object Recognized!
Location: : S-1-5-21-1292428093-1220945662-839522115-1003\software\microsoft\internet explorer
Description : last download directory used in microsoft internet explorer


MRU List Object Recognized!
Location: : S-1-5-21-1292428093-1220945662-839522115-1003\software\microsoft\internet explorer\main
Description : last save directory used in microsoft internet explorer


MRU List Object Recognized!
Location: : S-1-5-21-1292428093-1220945662-839522115-1003\software\microsoft\internet explorer\typedurls
Description : list of recently entered addresses in microsoft internet explorer


MRU List Object Recognized!
Location: : S-1-5-21-1292428093-1220945662-839522115-1003\software\microsoft\mediaplayer\player\recentfilelist
Description : list of recently used files in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-21-1292428093-1220945662-839522115-1003\software\microsoft\mediaplayer\player\recenturllist
Description : list of recently used web addresses in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-21-1292428093-1220945662-839522115-1003\software\microsoft\mediaplayer\player\settings
Description : last save as directory used in jasc paint shop pro


MRU List Object Recognized!
Location: : S-1-5-21-1292428093-1220945662-839522115-1003\software\microsoft\mediaplayer\player\settings
Description : last open directory used in jasc paint shop pro


MRU List Object Recognized!
Location: : S-1-5-21-1292428093-1220945662-839522115-1003\software\microsoft\mediaplayer\preferences
Description : last playlist index loaded in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-21-1292428093-1220945662-839522115-1003\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-21-1292428093-1220945662-839522115-1003\software\microsoft\microsoft management console\recent file list
Description : list of recent snap-ins used in the microsoft management console


MRU List Object Recognized!
Location: : S-1-5-21-1292428093-1220945662-839522115-1003\software\microsoft\search assistant\acmru
Description : list of recent search terms used with the search assistant


MRU List Object Recognized!
Location: : S-1-5-21-1292428093-1220945662-839522115-1003\software\microsoft\windows\currentversion\applets\regedit
Description : last key accessed using the microsoft registry editor


MRU List Object Recognized!
Location: : S-1-5-21-1292428093-1220945662-839522115-1003\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
Description : list of recent programs opened


MRU List Object Recognized!
Location: : S-1-5-21-1292428093-1220945662-839522115-1003\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
Description : list of recently saved files, stored according to file extension


MRU List Object Recognized!
Location: : S-1-5-21-1292428093-1220945662-839522115-1003\software\microsoft\windows\currentversion\explorer\recentdocs
Description : list of recent documents opened


MRU List Object Recognized!
Location: : S-1-5-21-1292428093-1220945662-839522115-1003\software\microsoft\windows\currentversion\explorer\runmru
Description : mru list for items opened in start | run


MRU List Object Recognized!
Location: : S-1-5-21-1292428093-1220945662-839522115-1003\software\realnetworks\realplayer\6.0\preferences
Description : list of recent skins in realplayer


MRU List Object Recognized!
Location: : S-1-5-21-1292428093-1220945662-839522115-1003\software\realnetworks\realplayer\6.0\preferences
Description : list of recent clips in realplayer


MRU List Object Recognized!
Location: : S-1-5-21-1292428093-1220945662-839522115-1003\software\microsoft\windows media\wmsdk\general
Description : windows media sdk


MRU List Object Recognized!
Location: : S-1-5-21-1292428093-1220945662-839522115-1003\software\winrar\dialogedithistory\extrpath
Description : winrar "extract-to" history
lovebug513
Nov 6 2006, 08:25 AM
Listing running processes
뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 544
ThreadCreationTime : 11-6-2006 6:35:55 AM
BasePriority : Normal


#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 592
ThreadCreationTime : 11-6-2006 6:35:59 AM
BasePriority : Normal


#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 620
ThreadCreationTime : 11-6-2006 6:36:01 AM
BasePriority : High


#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 668
ThreadCreationTime : 11-6-2006 6:36:04 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : ⓒ Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 680
ThreadCreationTime : 11-6-2006 6:36:04 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : ⓒ Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [ati2evxx.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 884
ThreadCreationTime : 11-6-2006 6:36:07 AM
BasePriority : Normal


#:7 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 900
ThreadCreationTime : 11-6-2006 6:36:07 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : ⓒ Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 996
ThreadCreationTime : 11-6-2006 6:36:08 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : ⓒ Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1084
ThreadCreationTime : 11-6-2006 6:36:09 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : ⓒ Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1160
ThreadCreationTime : 11-6-2006 6:36:09 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : ⓒ Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:11 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1268
ThreadCreationTime : 11-6-2006 6:36:09 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : ⓒ Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:12 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1360
ThreadCreationTime : 11-6-2006 6:36:11 AM
BasePriority : Normal
FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)
ProductVersion : 5.1.2600.2696
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : ⓒ Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:13 [ati2evxx.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1664
ThreadCreationTime : 11-6-2006 6:36:15 AM
BasePriority : Normal


#:14 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 1720
ThreadCreationTime : 11-6-2006 6:36:16 AM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : ⓒ Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:15 [tmoagent.exe]
FilePath : C:\Program Files\Trend Micro\Internet Security\
ProcessID : 1836
ThreadCreationTime : 11-6-2006 6:36:19 AM
BasePriority : Normal
FileVersion : 11.40.0.5015
ProductVersion : 11.40.0
ProductName : Trend Pc-cillin 11
CompanyName : Trend Micro Incorporated.
FileDescription : TrendMicro Outbreak agent
InternalName : TMOAgent
LegalCopyright : Copyright © 1995-2004 Trend Micro Incorporated. All rights reserved.
LegalTrademarks : Copyright © Trend Micro Incorporated.
OriginalFilename : TMOAgent.EXE

#:16 [smax4pnp.exe]
FilePath : C:\Program Files\Analog Devices\SoundMAX\
ProcessID : 1848
ThreadCreationTime : 11-6-2006 6:36:19 AM
BasePriority : Normal
FileVersion : 4, 0, 4, 11
ProductVersion : 4, 0, 4, 11
ProductName : SMax4PNP Application
CompanyName : Analog Devices, Inc.
FileDescription : SMax4PNP MFC Application
InternalName : SMax4PNP
LegalCopyright : Copyright © 2002-2003 Analog Devices
OriginalFilename : SMax4PNP.EXE

#:17 [pcclient.exe]
FilePath : C:\Program Files\Trend Micro\Internet Security\
ProcessID : 1908
ThreadCreationTime : 11-6-2006 6:36:19 AM
BasePriority : Normal
FileVersion : 11.40.0.5015
ProductVersion : 11.40.0
ProductName : Trend Pc-cillin 11
CompanyName : Trend Micro Incorporated.
FileDescription : PCClient
InternalName : PCClient
LegalCopyright : Copyright © 1995-2004 Trend Micro Incorporated. All rights reserved.
LegalTrademarks : Copyright © Trend Micro Incorporated.
OriginalFilename : PCClient

#:18 [guard.exe]
FilePath : C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\
ProcessID : 1904
ThreadCreationTime : 11-6-2006 6:36:19 AM
BasePriority : Normal
FileVersion : 7, 5, 0, 47
ProductVersion : 7, 5, 0, 47
ProductName : AVG Anti-Spyware
CompanyName : Anti-Malware Development a.s.
FileDescription : AVG Anti-Spyware guard
InternalName : AVG Anti-Spyware guard
LegalCopyright : Copyright ⓒ 2006 Anti-Malware Development a.s.
OriginalFilename : guard.exe

#:19 [pccguide.exe]
FilePath : C:\Program Files\Trend Micro\Internet Security\
ProcessID : 1928
ThreadCreationTime : 11-6-2006 6:36:21 AM
BasePriority : Normal
FileVersion : 11.40.0.5015
ProductVersion : 11.40.0
ProductName : Trend Pc-cillin 11
CompanyName : Trend Micro Incorporated.
FileDescription : PCCGuide
InternalName : PCCGuide
LegalCopyright : Copyright © 1995-2004 Trend Micro Incorporated. All rights reserved.
LegalTrademarks : Copyright © Trend Micro Incorporated.
OriginalFilename : PCCGuide

#:20 [atiptaxx.exe]
FilePath : C:\Program Files\ATI Technologies\ATI Control Panel\
ProcessID : 1956
ThreadCreationTime : 11-6-2006 6:36:21 AM
BasePriority : Normal
FileVersion : 6.14.10.5046
ProductVersion : 6.14.10.5046
ProductName : ATI Desktop Component
CompanyName : ATI Technologies, Inc.
FileDescription : ATI Desktop Control Panel
InternalName : Atiptaxx.exe
LegalCopyright : Copyright © 1998-2002 ATI Technologies Inc.
OriginalFilename : Atiptaxx.exe

#:21 [lvhidsvc.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 2012
ThreadCreationTime : 11-6-2006 6:36:23 AM
BasePriority : Normal
FileVersion : 1.9.0.450
ProductVersion : 1.9.0.450
ProductName : TV Card
CompanyName : Philips
FileDescription : TV Remote HID Service
InternalName : LVHIDSVC.EXE
OriginalFilename : LVHIDSVC.EXE

#:22 [ctfmon.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 2008
ThreadCreationTime : 11-6-2006 6:36:23 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
LegalCopyright : ⓒ Microsoft Corporation. All rights reserved.
OriginalFilename : CTFMON.EXE

#:23 [ad-watch.exe]
FilePath : C:\PROGRA~1\Lavasoft\AD-AWA~2\
ProcessID : 240
ThreadCreationTime : 11-6-2006 6:36:25 AM
BasePriority : Normal
FileVersion : 3.1.2.17
ProductVersion : 3.2
ProductName : Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Watch System Protector
InternalName : Ad-Watch.exe
LegalCopyright : 1999-2004 Team Lavasoft
OriginalFilename : Ad-Watch.exe

#:24 [siswlsvc.exe]
FilePath : C:\Program Files\802.11 Wireless LAN\USB 2.0 Adapter HW.32 V1.10\
ProcessID : 252
ThreadCreationTime : 11-6-2006 6:36:25 AM
BasePriority : Normal


#:25 [smagent.exe]
FilePath : C:\Program Files\Analog Devices\SoundMAX\
ProcessID : 308
ThreadCreationTime : 11-6-2006 6:36:26 AM
BasePriority : Normal
FileVersion : 3, 2, 6, 0
ProductVersion : 3, 2, 6, 0
ProductName : SoundMAX service agent
CompanyName : Analog Devices, Inc.
FileDescription : SoundMAX service agent component
InternalName : SMAgent
LegalCopyright : Copyright ⓒ 2002
OriginalFilename : SMAgent.exe

#:26 [tmntsrv.exe]
FilePath : C:\Program Files\Trend Micro\Internet Security\
ProcessID : 408
ThreadCreationTime : 11-6-2006 6:36:27 AM
BasePriority : Normal
FileVersion : 11.41.0.5021
ProductVersion : 11.41.0
ProductName : Trend Pc-cillin 11
CompanyName : Trend Micro Incorporated.
FileDescription : Tmntsrv
InternalName : Tmntsrv
LegalCopyright : Copyright © 1995-2004 Trend Micro Incorporated. All rights reserved.
LegalTrademarks : Copyright © Trend Micro Incorporated.
OriginalFilename : Tmntsrv.exe

#:27 [dumeter.exe]
FilePath : C:\Program Files\DU Meter\
ProcessID : 460
ThreadCreationTime : 11-6-2006 6:36:28 AM
BasePriority : Normal
FileVersion : 2.21
ProductVersion : 2.21 Build 016
ProductName : DU Meter 2.21
CompanyName : Hagel Technologies
FileDescription : DU Meter
InternalName : DUMeter
LegalCopyright : Copyright ⓒ 1997-99 Hagel Technologies
OriginalFilename : DUMETER.EXE

#:28 [tmproxy.exe]
FilePath : C:\Program Files\Trend Micro\Internet Security\
ProcessID : 376
ThreadCreationTime : 11-6-2006 6:36:32 AM
BasePriority : Normal
FileVersion : 11.40.0.5015
ProductVersion : 11.40.0
ProductName : Trend Pc-cillin 11
CompanyName : Trend Micro Incorporated.
FileDescription : TmProxy.exe
InternalName : TmProxy.exe
LegalCopyright : Copyright © 1995-2004 Trend Micro Incorporated. All rights reserved.
LegalTrademarks : Copyright © Trend Micro Incorporated.
OriginalFilename : TmProxy.exe

#:29 [pccpfw.exe]
FilePath : C:\Program Files\Trend Micro\Internet Security\
ProcessID : 1452
ThreadCreationTime : 11-6-2006 6:36:54 AM
BasePriority : Normal
FileVersion : 11.40.0.5015
ProductVersion : 11.40.0
ProductName : Trend Pc-cillin 11
CompanyName : Trend Micro Incorporated.
FileDescription : PCCPFW
InternalName : PCCPFW
LegalCopyright : Copyright © 1995-2004 Trend Micro Incorporated. All rights reserved.
LegalTrademarks : Copyright © Trend Micro Incorporated.
OriginalFilename : PCCPFW.exe

#:30 [alg.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 2180
ThreadCreationTime : 11-6-2006 6:37:23 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : ⓒ Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe

#:31 [wuauclt.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 2368
ThreadCreationTime : 11-6-2006 6:37:31 AM
BasePriority : Normal
FileVersion : 5.8.0.2469 built by: lab01_n(wmbla)
ProductVersion : 5.8.0.2469
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Automatic Updates
InternalName : wuauclt.exe
LegalCopyright : ⓒ Microsoft Corporation. All rights reserved.
OriginalFilename : wuauclt.exe

#:32 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Professional\
ProcessID : 2740
ThreadCreationTime : 11-6-2006 6:38:12 AM
BasePriority : Normal
FileVersion : 6.2.0.238
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright ⓒ Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣
New critical objects: 0
Objects found so far: 31


Started registry scan
뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣

Registry Scan result:
뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣
New critical objects: 0
Objects found so far: 31


Started deep registry scan
뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣

Deep registry scan result:
뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣
New critical objects: 0
Objects found so far: 31

Win32.Trojan.Downloader Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1292428093-1220945662-839522115-1003\software\microsoft\internet explorer\toolbar\Webbrowser
Value : {cbcc61fa-0221-4ccc-b409-cee865caca3a}
lovebug513
Nov 6 2006, 08:26 AM
Started Tracking Cookie scan
뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣


Tracking cookie scan result:
뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣
New critical objects: 0
Objects found so far: 32



Deep scanning and examining files (C:)
뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣

Disk Scan Result for C:\
뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣
New critical objects: 0
Objects found so far: 32


Deep scanning and examining files (D:)
뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣

Disk Scan Result for D:\
뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣
New critical objects: 0
Objects found so far: 32


Deep scanning and examining files (E:)
뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣

Disk Scan Result for E:\
뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣
New critical objects: 0
Objects found so far: 32


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣

Hosts file scan result:
뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣
1 entries scanned.
New critical objects:0
Objects found so far: 32



Possible Browser Hijack attempt Object Recognized!
Type : File
Data : 123 <a href="http://www.lavasoftsupport.com/?page=movie">movie</a> NAVER.url
TAC Rating : 10
Category : Misc
Comment : Problematic URL discovered: http://movie.naver.com/
Object : C:\Documents and Settings\Kanga\Favorites\



Possible Browser Hijack attempt Object Recognized!
Type : File
Data : 시네마천국 (영화&드라마).url
TAC Rating : 10
Category : Misc
Comment : Problematic URL discovered: http://cafe.naver.com/sambacgy.cafe?iframe...A%26boardtype=L
Object : C:\Documents and Settings\Kanga\Favorites\



Possible Browser Hijack attempt Object Recognized!
Type : File
Data : ! [왕자박스™] 네이버.url
TAC Rating : 10
Category : Misc
Comment : Problematic URL discovered: http://cafe.naver.com/wangja.cafe
Object : C:\Documents and Settings\Kanga\Favorites\Links\New Folder\



Possible Browser Hijack attempt Object Recognized!
Type : File
Data : !고전, 명작방 네이버 카페.url
TAC Rating : 10
Category : Misc
Comment : Problematic URL discovered: http://cafe.naver.com/classicsmasterpiece.cafe
Object : C:\Documents and Settings\Kanga\Favorites\Links\New Folder\



Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Daum 미디어다음.url
TAC Rating : 10
Category : Misc
Comment : Problematic URL discovered: http://cartoon.media.daum.net/uccmix/daumt...getkey2=7639799
Object : C:\Documents and Settings\Kanga\Favorites\연결\



Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Daum 카페 eBook Audiobook.url
TAC Rating : 10
Category : Misc
Comment : Problematic URL discovered: http://cafe.daum.net/ebookaudiobook
Object : C:\Documents and Settings\Kanga\Favorites\연결\



Possible Browser Hijack attempt Object Recognized!
Type : File
Data : CafeDaum - 문학소설 -.url
TAC Rating : 10
Category : Misc
Comment : Problematic URL discovered: http://cafe.daum.net/_c21_/mid?cateid=4
Object : C:\Documents and Settings\Kanga\Favorites\연결\Storyliner\



Possible Browser Hijack attempt Object Recognized!
Type : File
Data : CafeDaum - 최고카페 -.url
TAC Rating : 10
Category : Misc
Comment : Problematic URL discovered: http://cafe.daum.net/_c21_/sub?cateid=8B
Object : C:\Documents and Settings\Kanga\Favorites\연결\Storyliner\



Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Cyber Bookstore - 소설 - .url
TAC Rating : 10
Category : Misc
Comment : Problematic URL discovered: http://my.dreamwiz.com/rla79/frame.htm
Object : C:\Documents and Settings\Kanga\Favorites\연결\Storyliner\



Possible Browser Hijack attempt Object Recognized!
Type : File
Data : zDaum - 대한얼짱.url
TAC Rating : 10
Category : Misc
Comment : Problematic URL discovered: http://cafe.daum.net/facezzang123
Object : C:\Documents and Settings\Kanga\Favorites\연결\얼짱\



Possible Browser Hijack attempt Object Recognized!
Type : File
Data : zDaum - 블루문.url
TAC Rating : 10
Category : Misc
Comment : Problematic URL discovered: http://cafe.daum.net/jungmi0116
Object : C:\Documents and Settings\Kanga\Favorites\연결\얼짱\



Possible Browser Hijack attempt Object Recognized!
Type : File
Data : zDaum - 오대얼짱.url
TAC Rating : 10
Category : Misc
Comment : Problematic URL discovered: http://cafe.daum.net/5i
Object : C:\Documents and Settings\Kanga\Favorites\연결\얼짱\



Possible Browser Hijack attempt Object Recognized!
Type : File
Data : zDaum - 커플솔로.url
TAC Rating : 10
Category : Misc
Comment : Problematic URL discovered: http://cafe.daum.net/ycosmetic
Object : C:\Documents and Settings\Kanga\Favorites\연결\얼짱\




Performing conditional scans...
뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣

Conditional scan result:
뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣
New critical objects: 0
Objects found so far: 46

10:53:18 PM Scan Complete

Summary Of This Scan
뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣뻣
Total scanning time:00:14:53.281
Objects scanned:274936
Objects identified:14
Objects ignored:0
New critical objects:14
lovebug513
Nov 7 2006, 11:46 PM
fixed the problem...
pretty slow in response...
i had to go to other site for help...


one problem with ad-aware...
real time ad-watch keeping restoring the deleted win32.trojan.downloader.
i had to uninstall the ad-aware program...
and delete with other spyware program...
LS CalamityJane
Nov 12 2006, 05:06 PM
Hi ,

Apologies for the late reply, we've been quite swamped in here as you can probably see.

Are you still needing help?

I'm now subscribed to this topic so I will receive a notice from the board as soon as you reply, so I can be here much more quickly than it has taken to get to your new topic.

If you still need help, please post a fresh HijackThis log so I can see where you are at this point

You did have quite a few other problems showing on the HijackThis log.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
Invision Power Board © 2001-2010 Invision Power Services, Inc.