Solve : Trojan. Agent?

Hello, Sometime ago i was attacked with a trojan.agent. after scanning it with MBAM and deleted the File. It always returns after Deletion.. Am new to this, so i just followed the steps and will hopefully hear from you soon.


LOGS:

1. MBAM

Windows 5.1.2600 Service Pack 3

10/29/2009 3:31:53 AM
mbam-log-2009-10-29 (03-31-53).txt

Scan type: Quick Scan
Objects scanned: 136300
Time elapsed: 18 minute(s), 34 second(s)

Memory Processes INFECTED: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\taskman (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


2. SUPERSPY anti-SPYWARE

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 10/29/2009 at 04:37 AM

Application VERSION : 4.29.1004

Core Rules Database Version : 4204
Trace Rules Database Version: 2112

Scan type : Complete Scan
Total Scan Time : 01:24:32

Memory items scanned : 527
Memory threats detected : 0
Registry items scanned : 5936
Registry threats detected : 0
File items scanned : 75749
File threats detected : 53

Adware.Tracking Cookie
C:\Documents and Settings\Acer\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Acer\Cookies\[emailprotected][2].txt
C:\Documents and Settings\Acer\Cookies\[emailprotected][3].txt
C:\Documents and Settings\Acer\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Acer\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Acer\Cookies\[emailprotected][2].txt
C:\Documents and Settings\Acer\Cookies\[emailprotected][2].txt
C:\Documents and Settings\Acer\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Acer\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Acer\Cookies\[emailprotected][2].txt
C:\Documents and Settings\Acer\Cookies\[emailprotected][3].txt
C:\Documents and Settings\Acer\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Acer\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Acer\Cookies\[emailprotected][2].txt
C:\Documents and Settings\Acer\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Acer\Cookies\[emailprotected][2].txt
C:\Documents and Settings\Acer\Cookies\[emailprotected][2].txt
C:\Documents and Settings\Acer\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Acer\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Acer\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Acer\Cookies\[emailprotected][2].txt
C:\Documents and Settings\Acer\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Acer\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Acer\Cookies\[emailprotected][3].txt
C:\Documents and Settings\Acer\Cookies\[emailprotected][2].txt
C:\Documents and Settings\Acer\Cookies\[emailprotected][2].txt
C:\Documents and Settings\Acer\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Acer\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Acer\Cookies\[emailprotected][1].txt

Trojan.Agent/Gen
C:\DOCUMENTS AND SETTINGS\MATTHEW\LOCAL SETTINGS\TEMP\ALTD5.TMP
C:\DOCUMENTS AND SETTINGS\MATTHEW\LOCAL SETTINGS\TEMP\DCQ40.TMP
C:\DOCUMENTS AND SETTINGS\MATTHEW\LOCAL SETTINGS\TEMP\DED3F.TMP
C:\DOCUMENTS AND SETTINGS\MATTHEW\LOCAL SETTINGS\TEMP\FQL15.TMP
C:\DOCUMENTS AND SETTINGS\MATTHEW\LOCAL SETTINGS\TEMP\FUI22.TMP
C:\DOCUMENTS AND SETTINGS\MATTHEW\LOCAL SETTINGS\TEMP\GJR25.TMP
C:\DOCUMENTS AND SETTINGS\MATTHEW\LOCAL SETTINGS\TEMP\HWE24.TMP
C:\DOCUMENTS AND SETTINGS\MATTHEW\LOCAL SETTINGS\TEMP\IKB1C.TMP
C:\DOCUMENTS AND SETTINGS\MATTHEW\LOCAL SETTINGS\TEMP\ILB3F.TMP
C:\DOCUMENTS AND SETTINGS\MATTHEW\LOCAL SETTINGS\TEMP\KUJF5.TMP
C:\DOCUMENTS AND SETTINGS\MATTHEW\LOCAL SETTINGS\TEMP\LQU15F.TMP
C:\DOCUMENTS AND SETTINGS\MATTHEW\LOCAL SETTINGS\TEMP\MDX9D.TMP
C:\DOCUMENTS AND SETTINGS\MATTHEW\LOCAL SETTINGS\TEMP\OCTF3.TMP
C:\DOCUMENTS AND SETTINGS\MATTHEW\LOCAL SETTINGS\TEMP\PBBF9.TMP
C:\DOCUMENTS AND SETTINGS\MATTHEW\LOCAL SETTINGS\TEMP\RHE75.TMP
C:\DOCUMENTS AND SETTINGS\MATTHEW\LOCAL SETTINGS\TEMP\RKN20.TMP
C:\DOCUMENTS AND SETTINGS\MATTHEW\LOCAL SETTINGS\TEMP\RWA208.TMP
C:\DOCUMENTS AND SETTINGS\MATTHEW\LOCAL SETTINGS\TEMP\SAY74.TMP
C:\DOCUMENTS AND SETTINGS\MATTHEW\LOCAL SETTINGS\TEMP\TFB23.TMP
C:\DOCUMENTS AND SETTINGS\MATTHEW\LOCAL SETTINGS\TEMP\YFNF7.TMP
C:\DOCUMENTS AND SETTINGS\MATTHEW\LOCAL SETTINGS\TEMP\YFZF8.TMP
C:\DOCUMENTS AND SETTINGS\MATTHEW\LOCAL SETTINGS\TEMP\YOJ51.TMP
C:\DOCUMENTS AND SETTINGS\MATTHEW\LOCAL SETTINGS\TEMP\ZJY21.TMP
C:\DOCUMENTS AND SETTINGS\MATTHEW\LOCAL SETTINGS\TEMP\ZRS1D.TMP

3. HJT

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:12:30 AM, on 10/29/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot MODE: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\SxgTkBar.exe
D:\Misc. Files\Daemon Tools\daemon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Google\Update\1.2.183.7\GoogleCrashHandler.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Program Filies\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Pando Networks\Media Booster\PMB.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\DOCUME~1\Matthew\LOCALS~1\Temp\RtkBtMnt.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
D:\Program Filies\Alchol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\IPOD\bin\iPodService.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer PROVIDED by Yahoo!
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SxgTkBar] SxgTkBar.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "D:\Misc. Files\Daemon Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "D:\Program Filies\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [PC Suite Tray] "D:\Program Filies\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "D:\Program Filies\Alchol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1237542231359
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1237542731937
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate1c9c8a96e69b27e) (gupdate1c9c8a96e69b27e) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - D:\Program Filies\Alchol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 10910 bytes




Thanks in advance.. hope to hear from anyone soon.. Having this Trojan is sure tiresome..