I downloaded a program called Foxy and installed it. It came with a Trojan. I uninstalled it now and I scan my computer with AVG and this and deleted all the infected trojans. But, when I restart the computer, this shows up. I want to get rid of this. Also, are there any other problems? I need step by step instructions. Thanks My Hijackthis log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 下午 03:53:35, on 2008/11/1 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16735) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\svchost.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\SOUNDMAN.EXE C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\WINDOWS\ALCWZRD.EXE C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\PROGRA~1\SYMANT~1\VPTray.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis3a.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe C:\Program Files\D-Link\AirPlus G\AirGCFG.exe C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe C:\Program Files\D-Link\D-Link Wireless G DWA-110\AirGCFG.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBVP.EXE C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live 登入小幫手 - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [CJIMETIPSYNC] C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\CHANGJIE\CINTLCFG.EXE /CJIMETIPSync O4 - HKLM\..\Run: [PHIMETIPSYNC] C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\PHONETIC\TINTLCFG.EXE /PHIMETIPSync O4 - HKLM\..\Run: [pdfFactory Pro Dispatcher v3] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis3a.exe" /source=HKLM O4 - HKLM\..\Run: [FinePrint Dispatcher v5] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe" /source=HKLM O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe O4 - HKLM\..\Run: [D-Link D-Link Wireless G DWA-110] C:\Program Files\D-Link\D-Link Wireless G DWA-110\AirGCFG.exe O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [EPSON Stylus CX4900 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBVP.EXE /FU "C:\WINDOWS\TEMP\E_SC4.tmp" /EF "HKCU" O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [Windows] C:\WINDOWS\system32\helper.exe O4 - HKUS\S-1-5-19\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: 匯出至 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: 參考資料 - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .UVR: C:\Program Files\Internet Explorer\Plugins\NPUPano.dll O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} - http://messenger.zone.msn.com/binary/MJSS.cab69309.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-CA/a-UNO1/GAME_UNO1.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1202161555471 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1202161608268 O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://sindy66lin.spaces.live.com/PhotoUpload/MsnPUpld.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: avgrsstx.dll O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: GhostStartService - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- End of file - 10145 bytes
fixed the image above: Combo fix log: (Have chinese windows so chinese shows up) ComboFix 08-11-01.01 - jenny 2008-11-01 16:01:39.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.950.1.1028.18.472 [GMT -7:00] 執行位置: C:\Documents and Settings\jenny\桌面\Combo-Fix.exe * 成功創造新還原點 注意 - 這台電腦沒有安裝恢復控制台 !! . ((((((((((((((((((((((((( 2008-10-01 至 2008-11-01 的新的檔案 ))))))))))))))))))))))))))))))) . 2008-11-01 15:53 . 2008-11-01 15:53 <DIR> d-------- C:\Program Files\Trend Micro 2008-11-01 00:03 . 2008-11-01 01:32 <DIR> d--h----- C:\$AVG8.VAULT$ 2008-10-31 23:35 . 2008-11-01 13:39 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg 2008-10-31 23:35 . 2008-10-31 23:35 <DIR> d-------- C:\Program Files\AVG 2008-10-31 23:35 . 2008-10-31 23:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8 2008-10-31 23:35 . 2008-10-31 23:35 97,928 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys 2008-10-31 23:35 . 2008-10-31 23:35 76,040 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys 2008-10-31 23:35 . 2008-10-31 23:35 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll 2008-10-01 08:35 . 2008-10-01 08:53 <DIR> d-------- C:\WINDOWS\system32\CatRoot_bak . (((((((((((((((((((((((((((((((((((((((( 在三個月內被修改的檔案 )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-11-01 22:58 --------- d-----w C:\Program Files\Symantec AntiVirus 2008-11-01 08:46 --------- d-----w C:\Program Files\Yahoo! 2008-11-01 08:29 --------- d-----w C:\Program Files\Common Files\Real 2008-11-01 08:25 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-11-01 07:03 --------- d-----w C:\Program Files\Foxy 2008-10-18 05:37 --------- d-----w C:\Program Files\Ad-Aware SE Professional 2008-10-13 22:06 --------- d-----w C:\Documents and Settings\jenny\Application Data\EPSON 2008-10-01 05:40 --------- d-----w C:\Program Files\D-Link 2008-09-15 15:37 1,845,632 ----a-w C:\WINDOWS\system32\win32k.sys 2008-08-26 07:57 826,368 ----a-w C:\WINDOWS\system32\wininet.dll 2008-08-14 13:42 2,136,064 ----a-w C:\WINDOWS\system32\ntoskrnl.exe 2008-08-14 13:42 2,015,744 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe 2008-02-16 06:41 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat 2003-01-13 19:31 278,528 ------w C:\Program Files\internet explorer\plugins\PanoViewer.dll 1999-05-01 00:00 98,304 ------w C:\Program Files\internet explorer\plugins\UPjpeg.dll . ------- Sigcheck ------- 2007-10-30 09:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys 2008-06-20 03:44 360960 744e57c99232201ae98c49168b918f48 C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip.sys 2008-06-20 04:51 361600 9aefa14bd6b182d61e3119fa5f436d3d C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip.sys 2008-06-20 04:59 361600 ad978a1b783b5719720cff204b666c8e C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys 2004-08-04 05:00 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys 2007-10-30 10:20 360064 ed06c31200714e734118f9a47f5df5ce C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys 2008-04-13 12:20 361344 93ea8d04ec73a85db02eb8805988f733 C:\WINDOWS\SoftwareDistribution\Download\955997d3b16bb107db5044b5727c8498\tcpip.sys 2008-06-20 03:45 360320 2a5554fc5b1e04e131230e3ce035c3f9 C:\WINDOWS\system32\dllcache\tcpip.sys 2008-06-20 03:45 360320 073941d59ae065910064b728dee981ee C:\WINDOWS\system32\drivers\tcpip.sys . ((((((((((((((((((((((((((((((((((((( 重要登入點 )))))))))))))))))))))))))))))))))))))))))))))))))) . . *注意* 空白與合法缺省登錄將不會被顯示 REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360] "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184] "EPSON Stylus CX4900 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBVP.EXE" [2006-09-21 139264] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-02-09 68856] "Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-12-17 3810544] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952] "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-04-05 94208] "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-04-05 77824] "Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2005-04-05 114688] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2004-07-19 66680] "vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2004-08-12 124144] "CJIMETIPSYNC"="C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\CHANGJIE\CINTLCFG.EXE" [2007-03-22 66400] "PHIMETIPSYNC"="C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\PHONETIC\TINTLCFG.EXE" [2007-03-22 98656] "pdfFactory Pro Dispatcher v3"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis3a.exe" [2006-09-26 503808] "FinePrint Dispatcher v5"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe" [2006-09-26 503808] "GhostStartTrayApp"="C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe" [2002-09-13 94208] "Ulead AutoDetector v2"="C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe" [2004-11-26 90112] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] "D-Link AirPlus G"="C:\Program Files\D-Link\AirPlus G\AirGCFG.exe" [2004-07-09 1249280] "ANIWZCS2Service"="C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2007-01-19 49152] "D-Link D-Link Wireless G DWA-110"="C:\Program Files\D-Link\D-Link Wireless G DWA-110\AirGCFG.exe" [2007-05-04 1662976] "AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-10-31 1234712] "High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 C:\WINDOWS\system32\HdAShCut.exe] "SoundMan"="SOUNDMAN.EXE" [2006-07-21 C:\WINDOWS\SoundMan.exe] "AlcWzrd"="ALCWZRD.EXE" [2006-05-04 C:\WINDOWS\alcwzrd.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "C:\\Program Files\\NetMeeting\\conf.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "C:\\WINDOWS\\system32\\dpvsetup.exe"= "C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "C:\\Program Files\\Skype\\Phone\\Skype.exe"= "C:\\Program Files\\AVG\\AVG8\\avgemc.exe"= "C:\\Program Files\\AVG\\AVG8\\avgupd.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3738:TCP"= 3738:TCP:Foxy (192.168.1.129:3738) 3738 TCP "3738:UDP"= 3738:UDP:Foxy (192.168.1.129:3738) 3738 UDP R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-10-31 97928] R1 GhPciScan;GhostPciScanner;C:\Program Files\Symantec\Norton Ghost 2003\ghpciscan.sys [2002-08-14 5632] R2 avg8emc;AVG Free8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-10-31 875288] R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-10-31 231704] R2 AvgTdiX;AVG Free8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-10-31 76040] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{153d46cc-f32d-11dc-ae62-001485036dd0}] \Shell\AutoRun\command - WD_Windows_Tools\setup.exe *Newly Created Service* - PROCEXP90 . ‘計劃任務’ 文件夾 裡的內容 2008-11-01 C:\WINDOWS\Tasks\RegCure Program Check.job - D:\RegCure\RegCure.exe [2007-06-25 11:08] 2008-03-27 C:\WINDOWS\Tasks\RegCure.job - D:\RegCure\RegCure.exe [2007-06-25 11:08] . . ------- 而外的掃描 ------- . R0 -: HKCU-Main,Start Page = hxxp://www.sinami.com/ R1 -: HKCU-Internet Connection Wizard,ShellNext = iexplore R1 -: HKCU-SearchURL,(Default) = hxxp://tw.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://tw.search.yahoo.com O8 -: 匯出至 Microsoft Office Excel(&X) - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-11-01 16:03:09 Windows 5.1.2600 Service Pack 2 NTFS 掃描被隱藏的進程。。。 ... 掃描被隱藏的啟動組。。。 掃描被隱藏的文件。。。 掃描完成 被隱藏的檔案: 0 ************************************************************************** . 完成時間: 2008-11-01 16:04:33 ComboFix-quarantined-files.txt 2008-11-01 23:04:28 Pre-Run: 38,037,237,760 位元組可用 Post-Run: 38,133,538,816 位元組可用 138 --- E O F --- 2008-11-01 11:59:37
Hi Amuse 你会说中文吗?是不是住在中国呢? Haha... if you don't speak Chinese, ignore the above. If you do, then thank you for letting me practice my Chinese. So... if AVG deleted the trojan, then you should be all good. However, I see two problems: 1. The trojan AVG detects is in your System Restore folder, which you do not have to worry about. Simply turn off your system restore, then turn it back on to remove this detection. 2. You have two antiviruses; Symantec and AVG. This may cause conflicts and your system to slow down. It is recommended to keep only one of them. Best Regards
Hi cdavfrew, yes I speak Chinese but was born in Canada thanks for your help! system restore was already off, so i turned it on then off, then on again and it seems ok now. I like AVG better so I guess I'll keep it over Symantec.
Hey Amuse If I may, I will recommend Antivir Free over any antivirus. It has an excellent detection rate, uses less system resources than AVG, and has the credentials to prove it. Look here: http://www.av-comparatives.org/ http://www.virusbtn.com/news/2008/09_02 http://security.nl/artikel/22931/1/...ata,_Avira,_F-Secure_en_Norton_bovenaan.html) Besides, it has all the awards that AVG has (VB100, WestCoast labs Certified...etc) Best Regards
