|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
| Resolved HJT Threads Resolved spyware and popup issues. |
|
|
LinkBack | Thread Tools |
09-03-2006, 10:30 PM
|
#1 (permalink) |
|
Registered User
Join Date: Sep 2006
Posts: 29
OS: XP
|
random desktop popups..help!
Well I have been getting these annoying popups, either i go on net or not i still get them, the weird thing is that i have 2 popup blockers and they dont do the trick..
Well here the hijackthis log: Logfile of HijackThis v1.99.1 Scan saved at 12:29:29 AM, on 04/09/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\Program Files\Trend Micro\PC-cillin 2002\Tmntsrv.exe C:\WINDOWS\system32\wdfmgr.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe C:\Program Files\Trend Micro\PC-cillin 2002\PCCPFW.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Trend Micro\PC-cillin 2002\Pop3trap.exe C:\Program Files\Trend Micro\PC-cillin 2002\pccguide.exe C:\Program Files\Trend Micro\PC-cillin 2002\PCCClient.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe C:\DOCUME~1\DAVID~1.WEI\LOCALS~1\Temp\serviceo.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe D:\Games\Steam\Steam.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\DOCUME~1\DAVID~1.WEI\LOCALS~1\Temp\AD1081.exe C:\DOCUME~1\DAVID~1.WEI\LOCALS~1\Temp\softbox.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\conime.exe C:\Program Files\Internet Explorer\iexplore.exe D:\Downloads\hijackthis\HijackThis.exe R3 - URLSearchHook: (no name) - {982CB676-38F0-4D9A-BB72-D9371ABE876E} - (no file) R3 - URLSearchHook: (no name) - {BAB1AC41-6FF7-4F2E-A04E-5C592CCFEA7D} - (no file) R3 - URLSearchHook: SrchHook Class - {EED92A43-CFCE-4548-BD73-B0A405470ED5} - C:\PROGRA~1\CNNIC\Cdn\iesrch.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: MonitorURL Class - {08A312BB-5409-49FC-9347-54BB7D069AC6} - (no file) O2 - BHO: SohuDAIEHelper - {0CA51D02-7739-43EA-8D9A-1E8AD4327B03} - (no file) O2 - BHO: AdPopup - {11F09AFD-75AD-4E51-AB43-E09E9351CE16} - C:\Program Files\Common Files\CPUSH\cpush.dll O2 - BHO: yPhtb - {33BBE430-0E42-4f12-B075-8D21ACB10DCB} - (no file) O2 - BHO: QQIEHelper - {54EBD53A-9BC1-480B-966A-843A333CA162} - C:\Program Files\Tencent\QQ\QQIEHelper.dll O2 - BHO: Macrosoft Class - {58DB541D-F15A-4e95-A5D9-5DF5EE13920C} - c:\windows\system32\winlogin.dll O2 - BHO: YDragSearch - {62EED7C6-9F02-42f9-B634-98E2899E147B} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL (file missing) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: sogou autolink - {8AB8528F-AC8B-416D-9B84-92D97729C195} - (no file) O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll O2 - BHO: OsbornTech Popup Blocker - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - C:\WINDOWS\system32\ms.dll O2 - BHO: IE - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - C:\WINDOWS\DOWNLO~1\CnsHook.dll O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\Pop3trap.exe" O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\pccguide.exe" O4 - HKLM\..\Run: [PCCClient.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\PCCClient.exe" O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [service] C:\DOCUME~1\DAVID~1.WEI\LOCALS~1\Temp\serviceo.exe O4 - HKLM\..\Run: [CnsMin] Rundll32.exe C:\WINDOWS\DOWNLO~1\CnsMin.dll,Rundll32 O4 - HKLM\..\Run: [helper.dll] C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\3721\helper.dll,Rundll32 O4 - HKLM\..\Run: [softbox] C:\WINDOWS\system32\softbox.exe O4 - HKLM\..\RunOnce: [CnsMinKP] rundll32.exe C:\WINDOWS\DOWNLO~1\KEEPMAIN.DLL,ReInstallKP O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1 O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe" O4 - Startup: 腾讯QQ.lnk = C:\Program Files\Tencent\QQ\QQ.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: 上传到QQ网络硬盘 - C:\Program Files\Tencent\QQ\AddToNetDisk.htm O8 - Extra context menu item: 添加到QQ自定义面板 - C:\Program Files\Tencent\QQ\AddPanel.htm O8 - Extra context menu item: 添加到QQ表情 - C:\Program Files\Tencent\QQ\AddEmotion.htm O8 - Extra context menu item: 用QQ彩信发送该图片 - C:\Program Files\Tencent\QQ\SendMMS.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Yahoo 1G mail - {507F9113-CD77-4866-BA92-0E86DA3D0B97} - http://cn.zs.yahoo.com/cnsbutton.htm...&btn=yahoomail (file missing) O9 - Extra button: E bazar - {59BC54A2-56B3-44a0-93E5-432D58746E26} - http://cn.zs.yahoo.com/cnsbutton.htm...cns&btn=taobao (file missing) O9 - Extra button: Yahoo Assistant - {5D73EE86-05F1-49ed-B850-E423120EC338} - http://cn.zs.yahoo.com/cnsbutton.htm...ns&btn=yassist (file missing) O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\QQ\QQ.EXE O9 - Extra 'Tools' menuitem: ìú??QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\QQ\QQ.EXE O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe O9 - Extra button: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - C:\Program Files\Tencent\QQ\QQIEHelper.dll O9 - Extra 'Tools' menuitem: QQì?2ê1¤??ì?éè?? - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - C:\Program Files\Tencent\QQ\QQIEHelper.dll O9 - Extra button: Instant Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - http://cn.zs.yahoo.com/cnsbutton.htm...s&btn=yahoomsg (file missing) O9 - Extra button: (no name) - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://cn.zs.yahoo.com/cnsbutton.htm...cns&btn=repair (file missing) O9 - Extra 'Tools' menuitem: Repair Browser - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://cn.zs.yahoo.com/cnsbutton.htm...cns&btn=repair (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: (no name) - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://cn.zs.yahoo.com/cnsbutton.htm...=cns&btn=clean (file missing) O9 - Extra 'Tools' menuitem: Clean Internet access record - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://cn.zs.yahoo.com/cnsbutton.htm...=cns&btn=clean (file missing) O10 - Unknown file in Winsock LSP: c:\windows\system32\quartz32.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\quartz32.dll O11 - Options group: [!CNS] Chinese keywords O14 - IERESET.INF: START_PAGE_URL=http://hispeed.rogers.com O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} (NPKCX Control) - http://nprotect.nefficient.com/Mir3/KeyCrypt/npkcx.cab O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is...41/mcfscan.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: WB - C:\PROGRA~1\OBJECT~1\WINDOW~1\fastload.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\system32\npkcsvc.exe O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: PC-cillin PersonalFirewall (PCCPFW) - Trend Micro Inc. - C:\Program Files\Trend Micro\PC-cillin 2002\PCCPFW.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing) O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Inc. - C:\Program Files\Trend Micro\PC-cillin 2002\Tmntsrv.exe hope you guys can help. Thank You! |
|
     |
| Important Information |
|
Join the #1 Tech Support Forum Today - It's Totally Free!
TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free. Join TechSupportforum.com Today - Click Here |
|
09-04-2006, 09:05 PM
|
#2 (permalink) |
|
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
Join Date: May 2005
Posts: 24,479
OS: N/A
|
Hello and Welcome. Please subscribe to this thread to get immediate notification of replies as soon as they are posted.
Please read this post completely before begining. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix. Note: You appear to know how to read Chinese. This webpage should be of help to you http://chetieq.iblog.com/post/654/22202 * * * * * * ADDITIONAL DOWNLOADS * * * * * * * * * * * * * * Please download ATF Cleaner - http://www.atribune.org/ccount/click.php?id=1 Download & save to Desktop, the file attached - RemCnsMin.zip Download Ewido Anti-Malware → http://www.ewido.net/en/download/
http://download.ewido.net/ewido-sign...ll-current.exe
* * * * * Download LSPFix.exe - http://www.greyknight17.com/spy/LSPFix.exe Instructions for using LSPFix
'UNPLUG'/DISCONNECT your computer from the Internet when you have finished downloading. It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence. * * * * * * FIXING ENTRIES WITH HIJACKTHIS * * * * * * * * * * Do a HijackThis scan & place a check next to these items and select "Fix checked": R3 - URLSearchHook: (no name) - {982CB676-38F0-4D9A-BB72-D9371ABE876E} - (no file) R3 - URLSearchHook: (no name) - {BAB1AC41-6FF7-4F2E-A04E-5C592CCFEA7D} - (no file) R3 - URLSearchHook: SrchHook Class - {EED92A43-CFCE-4548-BD73-B0A405470ED5} - C:\PROGRA~1\CNNIC\Cdn\iesrch.dll O2 - BHO: MonitorURL Class - {08A312BB-5409-49FC-9347-54BB7D069AC6} - (no file) O2 - BHO: SohuDAIEHelper - {0CA51D02-7739-43EA-8D9A-1E8AD4327B03} - (no file) O2 - BHO: AdPopup - {11F09AFD-75AD-4E51-AB43-E09E9351CE16} - C:\Program Files\Common Files\CPUSH\cpush.dll O2 - BHO: yPhtb - {33BBE430-0E42-4f12-B075-8D21ACB10DCB} - (no file) O2 - BHO: Macrosoft Class - {58DB541D-F15A-4e95-A5D9-5DF5EE13920C} - c:\windows\system32\winlogin.dll O2 - BHO: YDragSearch - {62EED7C6-9F02-42f9-B634-98E2899E147B} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL (file missing) O2 - BHO: sogou autolink - {8AB8528F-AC8B-416D-9B84-92D97729C195} - (no file) O2 - BHO: IE - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - C:\WINDOWS\DOWNLO~1\CnsHook.dll O4 - HKLM\..\Run: [service] C:\DOCUME~1\DAVID~1.WEI\LOCALS~1\Temp\serviceo.exe O4 - HKLM\..\Run: [CnsMin] Rundll32.exe C:\WINDOWS\DOWNLO~1\CnsMin.dll,Rundll32 O4 - HKLM\..\Run: [helper.dll] C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\3721\helper.dll,Rundll32 O4 - HKLM\..\Run: [softbox] C:\WINDOWS\system32\softbox.exe O4 - HKLM\..\RunOnce: [CnsMinKP] rundll32.exe C:\WINDOWS\DOWNLO~1\KEEPMAIN.DLL,ReInstallKP O11 - Options group: [!CNS] Chinese keywords * * * * * * RESTART WINDOWS IN SAFE MODE * * * * * * * * * * 1. Restart your computer 2. After hearing your computer beep once during startup, but before the Windows icon appears, press F8. 3. Instead of Windows loading as normal, a menu should appear 4. Select the option to run Windows in Safe Mode. * * * * * * UN-INSTALLING PROGRAMS * * * * * * * * * * * * * * Go to Start → Control Panel → Add or Remove Programs and uninstall the following programs:
* * * * * * DELETING FILES/FOLDERS * * * * * * * * * * * * * * * If you have not done so already, please enable the viewing of Hidden files From Windows Explorer, go to Tools → Folder Options → View tab.
* * * * * * Open RemCnsMin.zip & double click the file within. It shall produce a log for us * * * * * * PURGING TEMP FOLDERS * * * * * * * * * * * * * * * Double-click ATF-Cleaner.exe to run the program. Under Main choose: Select All Click the Empty Selected button. Click Exit on the Main menu to close the program. * * * * * * RUNNING ADDITIONAL SCANNERS * * * * * * * * * * * Run Ewido with it's updated definitions:(...it's important that all windows must be closed)
* * * * * * REBOOT TO NORMAL MODE * * * * * * * * * * * * * * Establish an internet connection & perform an online scan with Internet Explorer at http://www.kaspersky.com/service?chapter=161739400 Answer Yes, when prompted to install an ActiveX component.
* * * * * * CHECK LIST * * * * * * * * * * * * * * * * * * * * * In your next post, please include fresh logs from:
__________________
Question - what have you done for the community today? Last edited by sUBs; 09-07-2006 at 10:17 PM. |
|
|
|
|
09-05-2006, 02:11 PM
|
#3 (permalink) |
|
Registered User
Join Date: Sep 2006
Posts: 29
OS: XP
|
Hi again
Dont know how, but i lost internet connection on that computer. Now I'm using the other computer. my other computer's internet is working fine, just that one. Is there any steps i can do without internet connection?! |
|
|
|
|
09-05-2006, 02:14 PM
|
#4 (permalink) |
|
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
Join Date: May 2005
Posts: 24,479
OS: N/A
|
Have you done any of the steps? Try this ...
Go to Start → Run → paste in the single line command & click OK netsh winsock reset catalog
__________________
Question - what have you done for the community today? |
|
|
|
|
09-05-2006, 04:35 PM
|
#6 (permalink) |
|
Registered User
Join Date: Sep 2006
Posts: 29
OS: XP
|
the file that i cant delete is:
c:\windows\system32\quartz32.dll My computer's speed is slow now, takes forever to open "My Compter" and Internet Explorer........cant get the log for the RemCnsMin.bat and the online scan its just too laggy. had to restart my computer 3 times, the scan just stops at 8%.... well here the hijackthis log: Logfile of HijackThis v1.99.1 Scan saved at 6:27:21 PM, on 05/09/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Trend Micro\PC-cillin 2002\Pop3trap.exe C:\Program Files\Trend Micro\PC-cillin 2002\pccguide.exe C:\Program Files\Trend Micro\PC-cillin 2002\PCCClient.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe C:\Program Files\ewido anti-spyware 4.0\ewido.exe C:\Program Files\Common Files\UPDATE2\Update.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\ewido anti-spyware 4.0\guard.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe C:\WINDOWS\System32\nvsvc32.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Trend Micro\PC-cillin 2002\Tmntsrv.exe C:\WINDOWS\system32\wdfmgr.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\alg.exe C:\Program Files\Internet Explorer\iexplore.exe D:\Downloads\hijackthis\HijackThis.exe R3 - URLSearchHook: ???¢?úê? - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll (file missing) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: MyIEHelper Class - {16B770A0-0E87-4278-B748-2460D64A8386} - C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\IEHelper\IEHelper_5000.dll O2 - BHO: ???¢?úê? - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll (file missing) O2 - BHO: QQIEHelper - {54EBD53A-9BC1-480B-966A-843A333CA162} - C:\Program Files\Tencent\QQ\QQIEHelper.dll O2 - BHO: BHOImp Class - {70AFF2CB-9DA2-499C-8D15-900729FCE83D} - C:\WINDOWS\system32\YHBO.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: BandIE Class - {77FEF28E-EB96-44FF-B511-3185DEA48697} - C:\PROGRA~1\baidu\bar\baidubar.dll O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll O2 - BHO: isObject Class - {BE0B5843-553A-48C2-9A42-258A1D791AFC} - C:\PROGRA~1\pcast\hbcast.dll (file missing) O2 - BHO: Sun Java2 - {C61A70F3-505E-4B90-916F-627A8706B4BC} - c:\WINDOWS\system32\COMBoHEvent.dll O2 - BHO: OsbornTech Popup Blocker - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - C:\WINDOWS\system32\ms.dll O2 - BHO: QuickBtn - {D1BB7CF4-4463-4e91-88D7-ECC3CE0A13B7} - C:\Program Files\kuzhan\kuzhan.dll O2 - BHO: 51μ?o? - {D271A289-57EB-4D0E-9131-A0CD25D4D1F8} - C:\WINDOWS\system32\browsewmzero.dll O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll O3 - Toolbar: ???¢?úê? - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll (file missing) O3 - Toolbar: °ù?è3?????°? - {B580CF65-E151-49C3-B73F-70B13FCA8E86} - C:\PROGRA~1\baidu\bar\baidubar.dll O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\Pop3trap.exe" O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\pccguide.exe" O4 - HKLM\..\Run: [PCCClient.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\PCCClient.exe" O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized O4 - HKLM\..\Run: [Update] C:\Program Files\Common Files\UPDATE2\Update.exe O4 - HKLM\..\Run: [Desktop] C:\WINDOWS\system32\rundll32.exe "C:\Program Files\DeskAdTop\Run.dll" ,Rundll O4 - HKLM\..\Run: [RichMedia] C:\WINDOWS\system32\Rundll32.exe "C:\PROGRA~1\pcast\hbcast.dll",WaitWindows O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1 O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: 上传到QQ网络硬盘 - C:\Program Files\Tencent\QQ\AddToNetDisk.htm O8 - Extra context menu item: 添加到QQ自定义面板 - C:\Program Files\Tencent\QQ\AddPanel.htm O8 - Extra context menu item: 添加到QQ表情 - C:\Program Files\Tencent\QQ\AddEmotion.htm O8 - Extra context menu item: 添加到雅虎订阅(&Y) - res://C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yrss.dll/YRSSMENUEXT O8 - Extra context menu item: 用QQ彩信发送该图片 - C:\Program Files\Tencent\QQ\SendMMS.htm O8 - Extra context menu item: 雅虎搜索 - res://C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll/246 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: ?á??μ?o? - {1D901067-2529-4A9B-9B6B-7A1DB3A44CB5} - C:\Program Files\kuzhan\kuzhan.dll O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\QQ\QQ.EXE O9 - Extra 'Tools' menuitem: ìú??QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\QQ\QQ.EXE O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe O9 - Extra button: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - C:\Program Files\Tencent\QQ\QQIEHelper.dll O9 - Extra 'Tools' menuitem: QQì?2ê1¤??ì?éè?? - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - C:\Program Files\Tencent\QQ\QQIEHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://hispeed.rogers.com O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} (NPKCX Control) - http://nprotect.nefficient.com/Mir3/KeyCrypt/npkcx.cab O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is...41/mcfscan.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: WB - C:\PROGRA~1\OBJECT~1\WINDOW~1\fastload.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\system32\npkcsvc.exe O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: PC-cillin PersonalFirewall (PCCPFW) - Trend Micro Inc. - C:\Program Files\Trend Micro\PC-cillin 2002\PCCPFW.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing) O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Inc. - C:\Program Files\Trend Micro\PC-cillin 2002\Tmntsrv.exe ----------------------------------------------------------------------- now the ewido report: --------------------------------------------------------- ewido anti-spyware - Scan Report --------------------------------------------------------- + Created at: 5:34:40 PM 05/09/2006 + Scan result: C:\WINDOWS\system32\msplus.dll -> Adware.AdAgent : No action taken. C:\WINDOWS\system32\msplus1.dll -> Adware.AdAgent : No action taken. C:\WINDOWS\system32\msplus2.dll -> Adware.AdAgent : No action taken. C:\WINDOWS\system32\msplus3.dll -> Adware.AdAgent : No action taken. C:\WINDOWS\system32\msplus4.dll -> Adware.AdAgent : No action taken. C:\WINDOWS\system32\ext\dtsm.dll -> Adware.AdMedia : No action taken. C:\WINDOWS\system32\flash8.dll -> Adware.AdMedia : No action taken. D:\Downloads\hijackthis\backups\backup-20060905-164043-940.dll -> Adware.AdMedia : No action taken. C:\WINDOWS\system32\drivers\BDGuard.SYS -> Adware.Baidu : No action taken. C:\WINDOWS\system32\cns.exe -> Adware.Cdn : No action taken. HKLM\SOFTWARE\Classes\CLSID\{38928D50-8A48-44C2-945F-D2F23F771410} -> Adware.CnsMin : No action taken. HKLM\SOFTWARE\Classes\MimeFilter.AdFilter -> Adware.CnsMin : No action taken. HKLM\SOFTWARE\Classes\MimeFilter.AdFilter.1 -> Adware.CnsMin : No action taken. HKLM\SOFTWARE\Classes\MimeFilter.AdFilter\CLSID -> Adware.CnsMin : No action taken. HKLM\SOFTWARE\Classes\MimeFilter.AdFilter\CurVer -> Adware.CnsMin : No action taken. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{38928D50-8A48-44C2-945F-D2F23F771410} -> Adware.CnsMin : No action taken. HKU\S-1-5-21-842925246-1604221776-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{38928D50-8A48-44C2-945F-D2F23F771410} -> Adware.CnsMin : No action taken. C:\Program Files\pcast\hbcast.dll -> Adware.Hengbang : No action taken. C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\IEHelper\IEHelper_5000.dll -> Adware.IEHlpr : No action taken. C:\WINDOWS\system32\AdvSC.dll -> Adware.NewWeb : No action taken. C:\WINDOWS\system32\AdvSC32.dll -> Adware.NewWeb : No action taken. C:\WINDOWS\system32\AdvSC64.dll -> Adware.NewWeb : No action taken. C:\WINDOWS\system32\WinSC.dll -> Adware.NewWeb : No action taken. C:\WINDOWS\system32\WinSC64.dll -> Adware.NewWeb : No action taken. C:\WINDOWS\system32\quartz32.dll -> Adware.Roogoo : No action taken. [256] C:\WINDOWS\system32\quartz32.dll -> Adware.Roogoo : No action taken. [460] C:\WINDOWS\system32\quartz32.dll -> Adware.Roogoo : No action taken. C:\Program Files\DeskAdTop\DeskUn.exe -> Adware.WSearch : No action taken. C:\Program Files\DeskAdTop\Run.dll -> Adware.WSearch : No action taken. C:\Program Files\DeskAdTop\deskipn.dll -> Adware.WSearch : No action taken. D:\Downloads\hijackthis\backups\backup-20060905-164043-927.dll -> Adware.WSearch : No action taken. C:\Program Files\Common Files\Synacast\SynaLive\EvID4226Patch.exe -> Backdoor.Virkel.A : No action taken. C:\WINDOWS\system32\01SJHB05.exe -> Downloader.Agent.afm : No action taken. D:\System Volume Information\_restore{155801AE-AF20-439C-84A9-430FB708C3E4}\RP156\A0063315.exe -> Downloader.Agent.aph : No action taken. C:\WINDOWS\cnt.exe -> Dropper.Delf.zg : No action taken. ::Report end |
|
|
|
|
09-05-2006, 04:49 PM
|
#7 (permalink) | |||
|
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
Join Date: May 2005
Posts: 24,479
OS: N/A
|
Quote:
Quote:
This next part .. I cannot understand why you did notallow Ewido to disinfect/delete the files Quote:
I shall have fresh instructions for you
__________________
Question - what have you done for the community today? |
|||
|
|
|
|
09-05-2006, 05:03 PM
|
#8 (permalink) |
|
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
Join Date: May 2005
Posts: 24,479
OS: N/A
|
Do a HijackThis scan & place a check next to these items and select "Fix checked":
R3 - URLSearchHook: ?????£ˆ? - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll (file missing) O2 - BHO: ?????£ˆ? - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll (file missing) O2 - BHO: BandIE Class - {77FEF28E-EB96-44FF-B511-3185DEA48697} - C:\PROGRA~1\baidu\bar\baidubar.dll O2 - BHO: isObject Class - {BE0B5843-553A-48C2-9A42-258A1D791AFC} - C:\PROGRA~1\pcast\hbcast.dll (file missing) O2 - BHO: Sun Java2 - {C61A70F3-505E-4B90-916F-627A8706B4BC} - c:\WINDOWS\system32\COMBoHEvent.dll O2 - BHO: QuickBtn - {D1BB7CF4-4463-4e91-88D7-ECC3CE0A13B7} - C:\Program Files\kuzhan\kuzhan.dll O2 - BHO: 51æ?o? - {D271A289-57EB-4D0E-9131-A0CD25D4D1F8} - C:\WINDOWS\system32\browsewmzero.dll O3 - Toolbar: ?????£ˆ? - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll (file missing) O3 - Toolbar: ø—?Š3?????ø? - {B580CF65-E151-49C3-B73F-70B13FCA8E86} - C:\PROGRA~1\baidu\bar\baidubar.dll O4 - HKLM\..\Run: [Desktop] C:\WINDOWS\system32\rundll32.exe "C:\Program Files\DeskAdTop\Run.dll" ,Rundll O4 - HKLM\..\Run: [RichMedia] C:\WINDOWS\system32\Rundll32.exe "C:\PROGRA~1\pcast\hbcast.dll",WaitWindows O8 - Extra context menu item: ???????(&Y) - res://C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yrss.dll/YRSSMENUEXT O8 - Extra context menu item: ???? - res://C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll/246 O9 - Extra button: ? ??æ?o? - {1D901067-2529-4A9B-9B6B-7A1DB3A44CB5} - C:\Program Files\kuzhan\kuzhan.dll * * * * * * KILLBOX * * * * * * * * * * * * * * * * * * * * * * * Download KillBox v2.0.0.175.exe (it's important that you get version v2.0.0.175) http://www.greyknight17.com/spy/KillBox.exe Launch KillBox.exe & select the following options:
 Use your mouse to select all the filenames highlighted in blue & then right-click & select Copy
* Click the RED X button. * Click Yes at the Delete on Reboot prompt. * Click Yes at the 'Pending Operations prompt'. If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run TheKillbox, download and run - http://www.eudaemonia.me.uk/download...gfilesetup.exe . Then try Killbox again. * * * * * * RESTART WINDOWS IN SAFE MODE * * * * * * * * * * 1. Restart your computer 2. After hearing your computer beep once during startup, but before the Windows icon appears, press F8. 3. Instead of Windows loading as normal, a menu should appear 4. Select the option to run Windows in Safe Mode. * * * * * * UN-INSTALLING PROGRAMS * * * * * * * * * * * * * * Go to Start → Control Panel → Add or Remove Programs and uninstall the following programs:
* * * * * * DELETING FILES/FOLDERS * * * * * * * * * * * * * * * If you have not done so already, please enable the viewing of Hidden files From Windows Explorer, go to Tools → Folder Options → View tab.
* * * * * * Open RemCnsMin.zip & double click the file within. It shall produce a log for us * * * * * * Open notepad and copy and paste next present in the quotebox below in it: (don't forget to copy and paste REGEDIT4) Code:
REGEDIT4
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{38928D50-8A48-44C2-945F-D2F23F771410}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MimeFilter.AdFilter]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MimeFilter.AdFilter.1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MimeFilter.AdFilter\CLSID]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MimeFilter.AdFilter\CurVer]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{38928D50-8A48-44C2-945F-D2F23F771410}]
[-HKEY_USERS\S-1-5-21-842925246-1604221776-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{38928D50-8A48-44C2-945F-D2F23F771410}]
It should look like this:  Double click on fix.reg & allow it to merge into the registry * * * * * PURGING TEMP FOLDERS * * * * * * * * * * * * * * * Double-click ATF-Cleaner.exe to run the program. Under Main choose: Select All Click the Empty Selected button. Click Exit on the Main menu to close the program * * * * * * REBOOT TO NORMAL MODE * * * * * * * * * * * * * * Please perform an online scan using Internet Explorer at http://www.kaspersky.com/service?chapter=161739400 Answer Yes, when prompted to install an ActiveX component.
* * * * * * CHECK LIST * * * * * * * * * * * * * * * * * * * * * In your next post, please include fresh logs from:
__________________
Question - what have you done for the community today? |
|
|
|
|
09-05-2006, 08:40 PM
|
#9 (permalink) |
|
Registered User
Join Date: Sep 2006
Posts: 29
OS: XP
|
where do i find the remcnsin log
cuz i dont c it on the desktop when double click the file inside. only a black blank screen show up for a few sec then it said Done ... press any key to continue then i press a key n it shuts down. |
|
|
|
|
09-06-2006, 12:03 AM
|
#10 (permalink) |
|
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
Join Date: May 2005
Posts: 24,479
OS: N/A
|
If it says Done, that means no infected files awere found. We must have removed it the files during previous runs. If there's a log, it should be located at C:\sUBs.txt
Please show me a fresh HJT log & the report produced by the Kaspersky online scan
__________________
Question - what have you done for the community today? |
|
|
|
|
09-06-2006, 03:32 PM
|
#11 (permalink) |
|
Registered User
Join Date: Sep 2006
Posts: 29
OS: XP
|
Heres the hijackthis log:
Logfile of HijackThis v1.99.1 Scan saved at 5:20:24 PM, on 06/09/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Trend Micro\PC-cillin 2002\Pop3trap.exe C:\Program Files\Trend Micro\PC-cillin 2002\PCCClient.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\ewido anti-spyware 4.0\ewido.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\ewido anti-spyware 4.0\guard.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe D:\Games\Steam\Steam.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wdfmgr.exe c:\windows\system32\inetsrv\csrss.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe C:\Program Files\Trend Micro\PC-cillin 2002\PCCPFW.exe C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe C:\WINDOWS\System32\alg.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\千千静听\TTPlayer.exe C:\Program Files\Internet Explorer\iexplore.exe D:\Downloads\hijackthis\HijackThis.exe O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: MyIEHelper Class - {16B770A0-0E87-4278-B748-2460D64A8386} - C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\IEHelper\IEHelper_5000.dll O2 - BHO: QQIEHelper - {54EBD53A-9BC1-480B-966A-843A333CA162} - C:\Program Files\Tencent\QQ\QQIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll O2 - BHO: Sun Java2 - {C61A70F3-505E-4B90-916F-627A8706B4BC} - c:\WINDOWS\system32\COMBoHEvent.dll O2 - BHO: OsbornTech Popup Blocker - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - C:\WINDOWS\system32\ms.dll O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\Pop3trap.exe" O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\pccguide.exe" O4 - HKLM\..\Run: [PCCClient.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\PCCClient.exe" O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1 O4 - HKCU\..\Run: [Steam] D:\Games\Steam\Steam.exe -silent O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: 上传到QQ网络硬盘 - C:\Program Files\Tencent\QQ\AddToNetDisk.htm O8 - Extra context menu item: 添加到QQ自定义面板 - C:\Program Files\Tencent\QQ\AddPanel.htm O8 - Extra context menu item: 添加到QQ表情 - C:\Program Files\Tencent\QQ\AddEmotion.htm O8 - Extra context menu item: 用QQ彩信发送该图片 - C:\Program Files\Tencent\QQ\SendMMS.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\QQ\QQ.EXE O9 - Extra 'Tools' menuitem: ìú??QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\QQ\QQ.EXE O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe O9 - Extra button: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - C:\Program Files\Tencent\QQ\QQIEHelper.dll O9 - Extra 'Tools' menuitem: QQì?2ê1¤??ì?éè?? - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - C:\Program Files\Tencent\QQ\QQIEHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://hispeed.rogers.com O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} (NPKCX Control) - http://nprotect.nefficient.com/Mir3/KeyCrypt/npkcx.cab O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is...41/mcfscan.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: WB - C:\PROGRA~1\OBJECT~1\WINDOW~1\fastload.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\system32\npkcsvc.exe O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: PC-cillin PersonalFirewall (PCCPFW) - Trend Micro Inc. - C:\Program Files\Trend Micro\PC-cillin 2002\PCCPFW.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing) O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Inc. - C:\Program Files\Trend Micro\PC-cillin 2002\Tmntsrv.exe ------------------------------------------------------------------------ Heres the online scan log: Wednesday, September 06, 2006 5:16:37 PM Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600) Kaspersky Online Scanner version: 5.0.83.0 Kaspersky Anti-Virus database last update: 6/09/2006 Kaspersky Anti-Virus database records: 221402 Scan Settings Scan using the following antivirus database extended Scan Archives true Scan Mail Bases true Scan Target My Computer A:\ C:\ D:\ F:\ Scan Statistics Total number of scanned objects 64496 Number of viruses found 22 Number of infected objects 93 / 0 Number of suspicious objects 10 Duration of the scan process 00:56:18 Infected Object Name Virus Name Last Action C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\IEHelper\IEHelper_5000.dll Infected: not-a-virus:AdWare.Win32.IEHlpr.q skipped C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped C:\Documents and Settings\david\Local Settings\Temporary Internet Files\Content.IE5\81IVGPU7\Pyjjbxb[1].rar/pyjjbxb/Pyintav.bin Suspicious: Packed.Win32.PePatch.dk skipped C:\Documents and Settings\david\Local Settings\Temporary Internet Files\Content.IE5\81IVGPU7\Pyjjbxb[1].rar/pyjjbxb/PyjjV.ime Suspicious: Packed.Win32.PePatch.dk skipped C:\Documents and Settings\david\Local Settings\Temporary Internet Files\Content.IE5\81IVGPU7\Pyjjbxb[1].rar/Pyjj2207bxb_0526/PyjjV.ime Suspicious: Packed.Win32.PePatch.dk skipped C:\Documents and Settings\david\Local Settings\Temporary Internet Files\Content.IE5\81IVGPU7\Pyjjbxb[1].rar/Pyjj2207bxb_0526/Pyintav.bin Suspicious: Packed.Win32.PePatch.dk skipped C:\Documents and Settings\david\Local Settings\Temporary Internet Files\Content.IE5\81IVGPU7\Pyjjbxb[1].rar RAR: suspicious - 4 skipped C:\Documents and Settings\David.WEIBO-1SL7KE2A9\Cookies\index.dat Object is locked skipped C:\Documents and Settings\David.WEIBO-1SL7KE2A9\Local Settings\Application Data\ApplicationHistory\hpqgalry.exe.cf8dd223.ini.inuse Object is locked skipped C:\Documents and Settings\David.WEIBO-1SL7KE2A9\Local Settings\Application Data\HP\Digital Imaging\db\administrativeInfo.dbf Object is locked skipped C:\Documents and Settings\David.WEIBO-1SL7KE2A9\Local Settings\Application Data\HP\Digital Imaging\db\albumImagesTable.cdx Object is locked skipped C:\Documents and Settings\David.WEIBO-1SL7KE2A9\Local Settings\Application Data\HP\Digital Imaging\db\albumImagesTable.dbf Object is locked skipped C:\Documents and Settings\David.WEIBO-1SL7KE2A9\Local Settings\Application Data\HP\Digital Imaging\db\albumTable.cdx Object is locked skipped C:\Documents and Settings\David.WEIBO-1SL7KE2A9\Local Settings\Application Data\HP\Digital Imaging\db\albumTable.dbf Object is locked skipped C:\Documents and Settings\David.WEIBO-1SL7KE2A9\Local Settings\Application Data\HP\Digital Imaging\db\CB_Server_Errors.txt Object is locked skipped C:\Documents and Settings\David.WEIBO-1SL7KE2A9\Local Settings\Application Data\HP\Digital Imaging\db\EXIFTable.cdx Object is locked skipped C:\Documents and Settings\David.WEIBO-1SL7KE2A9\Local Settings\Application Data\HP\Digital Imaging\db\EXIFTable.dbf Object is locked skipped C:\Documents and Settings\David.WEIBO-1SL7KE2A9\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.cdx Object is locked skipped C:\Documents and Settings\David.WEIBO-1SL7KE2A9\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.dbf Object is locked skipped C:\Documents and Settings\David.WEIBO-1SL7KE2A9\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.fpt Object is locked skipped C:\Documents and Settings\David.WEIBO-1SL7KE2A9\Local Settings\Application Data\HP\Digital Imaging\db\keywordImagesTable.cdx Object is locked skipped C:\Documents and Settings\David.WEIBO-1SL7KE2A9\Local Settings\Application Data\HP\Digital Imaging\db\keywordImagesTable.dbf Object is locked skipped C:\Documents and Settings\David.WEIBO-1SL7KE2A9\Local Settings\Application Data\HP\Digital Imaging\db\keywordTable.cdx Object is locked skipped C:\Documents and Settings\David.WEIBO-1SL7KE2A9\Local Settings\Application Data\HP\Digital Imaging\db\keywordTable.dbf Object is locked skipped C:\Documents and Settings\David.WEIBO-1SL7KE2A9\Local Settings\Application Data\HP\Digital Imaging\db\managedFolderTable.dbf Object is locked skipped C:\Documents and Settings\David.WEIBO-1SL7KE2A9\Local Settings\Application Data\HP\Digital Imaging\db\pathnameTable.cdx Object is locked skipped C:\Documents and Settings\David.WEIBO-1SL7KE2A9\Local Settings\Application Data\HP\Digital Imaging\db\pathnameTable.dbf Object is locked skipped C:\Documents and Settings\David.WEIBO-1SL7KE2A9\Local Settings\Application Data\HP\Digital Imaging\db\ROFImagesTable.cdx Object is locked skipped C:\Documents and Settings\David.WEIBO-1SL7KE2A9\Local Settings\Application Data\HP\Digital Imaging\db\ROFImagesTable.dbf Object is locked skipped C:\Documents and Settings\David.WEIBO-1SL7KE2A9\Local Settings\Application Data\HP\Digital Imaging\db\ROFTable.cdx Object is locked skipped C:\Documents and Settings\David.WEIBO-1SL7KE2A9\Local Settings\Application Data\HP\Digital Imaging\db\ROFTable.dbf Object is locked skipped C:\Documents and Settings\David.WEIBO-1SL7KE2A9\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\David.WEIBO-1SL7KE2A9\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\David.WEIBO-1SL7KE2A9\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\David.WEIBO-1SL7KE2A9\Local Settings\History\History.IE5\MSHist012006090620060907\index.dat Object is locked skipped C:\Documents and Settings\David.WEIBO-1SL7KE2A9\Local Settings\Temp\hpodvd09.log Object is locked skipped C:\Documents and Settings\David.WEIBO-1SL7KE2A9\Local Settings\Temp\~DF26AA.tmp Object is locked skipped C:\Documents and Settings\David.WEIBO-1SL7KE2A9\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\David.WEIBO-1SL7KE2A9\Local Settings\Temporary Internet Files\Content.IE5\J06N8BPX\iebar[1].exe/stream/data0006 Infected: not-a-virus:AdWare.Win32.Dm.o skipped C:\Documents and Settings\David.WEIBO-1SL7KE2A9\Local Settings\Temporary Internet Files\Content.IE5\J06N8BPX\iebar[1].exe/stream/data0009 Infected: not-a-virus:AdWare.Win32.Dm.n skipped C:\Documents and Settings\David.WEIBO-1SL7KE2A9\Local Settings\Temporary Internet Files\Content.IE5\J06N8BPX\iebar[1].exe/stream/data0010 Infected: not-a-virus:AdWare.Win32.Dm.n skipped C:\Documents and Settings\David.WEIBO-1SL7KE2A9\Local Settings\Temporary Internet Files\Content.IE5\J06N8BPX\iebar[1].exe/stream Infected: not-a-virus:AdWare.Win32.Dm.n skipped C:\Documents and Settings\David.WEIBO-1SL7KE2A9\Local Settings\Temporary Internet Files\Content.IE5\J06N8BPX\iebar[1].exe NSIS: infected - 4 skipped C:\Documents and Settings\David.WEIBO-1SL7KE2A9\NTUSER.DAT Object is locked skipped C:\Documents and Settings\David.WEIBO-1SL7KE2A9\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService.NT AUTHORITY\Cookies\index.dat Object is locked skipped C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService.NT AUTHORITY\NTUSER.DAT Object is locked skipped C:\Documents and Settings\LocalService.NT AUTHORITY\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService.NT AUTHORITY\Cookies\index.dat Object is locked skipped C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\NetworkService.NT AUTHORITY\NTUSER.DAT Object is locked skipped C:\Documents and Settings\NetworkService.NT AUTHORITY\ntuser.dat.LOG Object is locked skipped C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\logs\access_log Object is locked skipped C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\logs\error.log Object is locked skipped C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\logs\error_log Object is locked skipped C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\logs\ssl_request_log Object is locked skipped C:\Program Files\Trend Micro\PC-cillin 2002\QUARANTINE\1B7.tmp Infected: Trojan-Clicker.Win32.VB.ol skipped C:\Program Files\Trend Micro\PC-cillin 2002\QUARANTINE\1B8.tmp Infected: Trojan-Clicker.Win32.VB.ol skipped C:\Program Files\Trend Micro\PC-cillin 2002\QUARANTINE\1B9.tmp Infected: Trojan-Clicker.Win32.VB.ol skipped C:\Program Files\Trend Micro\PC-cillin 2002\QUARANTINE\1BA.tmp Infected: Trojan-Clicker.Win32.VB.ol skipped C:\Program Files\Trend Micro\PC-cillin 2002\QUARANTINE\1BB.tmp Infected: Trojan-Clicker.Win32.VB.ol skipped C:\Program Files\Trend Micro\PC-cillin 2002\QUARANTINE\1C4.tmp Infected: not-a-virus:AdWare.Win32.WSearch.j skipped C:\Program Files\Trend Micro\PC-cillin 2002\QUARANTINE\1C5.tmp/WISE0006.BIN Infected: not-a-virus:AdWare.Win32.NewWeb.e skipped C:\Program Files\Trend Micro\PC-cillin 2002\QUARANTINE\1C5.tmp/WISE0007.BIN/stream/data0001 Infected: not-a-virus:AdWare.Win32.NewWeb.f skipped C:\Program Files\Trend Micro\PC-cillin 2002\QUARANTINE\1C5.tmp/WISE0007.BIN/stream Infected: not-a-virus:AdWare.Win32.NewWeb.f skipped C:\Program Files\Trend Micro\PC-cillin 2002\QUARANTINE\1C5.tmp/WISE0007.BIN Infected: not-a-virus:AdWare.Win32.NewWeb.f skipped C:\Program Files\Trend Micro\PC-cillin 2002\QUARANTINE\1C5.tmp WiseSFX: infected - 4 skipped C:\Program Files\Trend Micro\PC-cillin 2002\QUARANTINE\1C5.tmp CryptFF.b: infected - 4 skipped C:\Program Files\Trend Micro\PC-cillin 2002\QUARANTINE\1C8.tmp Infected: not-a-virus:AdWare.Win32.Agent.ae skipped C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped C:\System Volume Information\_restore{155801AE-AF20-439C-84A9-430FB708C3E4}\RP156\A0063316.dll Infected: not-a-virus:AdWare.Win32.AdMedia.e skipped C:\System Volume Information\_restore{155801AE-AF20-439C-84A9-430FB708C3E4}\RP157\A0063415.dll Infected: not-a-virus:AdWare.Win32.Dm.n skipped C:\System Volume Information\_restore{155801AE-AF20-439C-84A9-430FB708C3E4}\RP157\A0063431.dll Infected: not-a-virus:AdWare.Win32.WSearch.j skipped C:\System Volume Information\_restore{155801AE-AF20-439C-84A9-430FB708C3E4}\RP157\A0063432.dll Infected: not-a-virus:AdWare.Win32.WSearch.j skipped C:\System Volume Information\_restore{155801AE-AF20-439C-84A9-430FB708C3E4}\RP157\A0063492.exe Infected: not-a-virus:AdWare.Win32.WSearch.j skipped C:\System Volume Information\_restore{155801AE-AF20-439C-84A9-430FB708C3E4}\RP157\A0063494.exe Infected: Trojan-Downloader.Win32.Agent.afm skipped C:\System Volume Information\_restore{155801AE-AF20-439C-84A9-430FB708C3E4}\RP157\A0063530.dll Infected: not-a-virus:AdWare.Win32.AdAgent.d skipped C:\System Volume Information\_restore{155801AE-AF20-439C-84A9-430FB708C3E4}\RP158\A0064581.exe Infected: Trojan-Downloader.Win32.Agent.afm skipped C:\System Volume Information\_restore{155801AE-AF20-439C-84A9-430FB708C3E4}\RP158\A0064585.exe Infected: not-a-virus:AdWare.Win32.WSearch.j skipped C:\System Volume Information\_restore{155801AE-AF20-439C-84A9-430FB708C3E4}\RP159\A0064668.exe Infected: Trojan-Downloader.Win32.Agent.afm skipped C:\System Volume Information\_restore{155801AE-AF20-439C-84A9-430FB708C3E4}\RP159\A0064689.exe Infected: not-a-virus:AdWare.Win32.Dm.q skipped C:\System Volume Information\_restore{155801AE-AF20-439C-84A9-430FB708C3E4}\RP159\A0064700.exe Infected: Trojan-Downloader.Win32.Agent.afm skipped C:\System Volume Information\_restore{155801AE-AF20-439C-84A9-430FB708C3E4}\RP159\A0064708.exe Infected: not-a-virus:AdWare.Win32.Dm.n skipped C:\System Volume Information\_restore{155801AE-AF20-439C-84A9-430FB708C3E4}\RP159\A0064710.exe Infected: not-a-virus:AdWare.Win32.Dm.q skipped C:\System Volume Information\_restore{155801AE-AF20-439C-84A9-430FB708C3E4}\RP159\A0064714.exe Infected: not-a-virus:AdWare.Win32.Dm.q skipped C:\System Volume Information\_restore{155801AE-AF20-439C-84A9-430FB708C3E4}\RP159\A0064719.dll Infected: not-a-virus:AdWare.Win32.Dm.n skipped C:\System Volume Information\_restore{155801AE-AF20-439C-84A9-430FB708C3E4}\RP159\A0064720.exe Infected: not-a-virus:AdWare.Win32.Dm.n skipped C:\System Volume Information\_restore{155801AE-AF20-439C-84A9-430FB708C3E4}\RP159\A0064755.exe Infected: not-a-virus:AdWare.Win32.Dm.q skipped C:\System Volume Information\_restore{155801AE-AF20-439C-84A9-430FB708C3E4}\RP159\A0064770.exe Infected: Trojan-Downloader.Win32.Agent.afm skipped C:\System Volume Information\_restore{155801AE-AF20-439C-84A9-430FB708C3E4}\RP159\A0065757.exe Infected: not-a-virus:AdWare.Win32.Dm.q skipped C:\System Volume Information\_restore{155801AE-AF20-439C-84A9-430FB708C3E4}\RP159\A0066754.exe Infected: not-a-virus:AdWare.Win32.Dm.q skipped C:\System Volume Information\_restore{155801AE-AF20-439C-84A9-430FB708C3E4}\RP159\A0066784.exe Infected: not-a-virus:AdWare.Win32.Dm.q skipped C:\System Volume Information\_restore{155801AE-AF20-439C-84A9-430FB708C3E4}\RP159\A0066789.exe Infected: not-a-virus:AdWare.Win32.Dm.q skipped C:\System Volume Information\_restore{155801AE-AF20-439C-84A9-430FB708C3E4}\RP159\A0066793.exe Infected: Trojan-Downloader.Win32.Agent.afm skipped C:\System Volume Information\_restore{155801AE-AF20-439C-84A9-430FB708C3E4}\RP159\A0066799.dll Infected: not-a-virus:AdWare.Win32.Dm.n skipped C:\System Volume Information\_restore{155801AE-AF20-439C-84A9-430FB708C3E4}\RP159\A0066810.exe Infected: not-a-virus:AdWare.Win32.Dm.q skipped C:\System Volume Information\_restore{155801AE-AF20-439C-84A9-430FB708C3E4}\RP159\A0066843.dll Infected: not-a-virus:AdWare.Win32.Dm.o skipped C:\System Volume Information\_restore{155801AE-AF20-439C-84A9-430FB708C3E4}\RP159\A0066849.dll Infected: not-a-virus:AdWare.Win32.Dm.n skipped C:\System Volume Information\_restore{155801AE-AF20-439C-84A9-430FB708C3E4}\RP159\A0066850.exe Infected: Trojan-Downloader.Win32.Agent.afm skipped C:\System Volume Information\_restore{155801AE-AF20-439C-84A9-430FB708C3E4}\RP159\A0066904.dll Infected: not-a-virus:AdWare.Win32.Dm.o skipped C:\System Volume Information\_restore{155801AE-AF20-439C-84A9-430FB708C3E4}\RP159\A0066911.exe Infected: Trojan-Downloader.Win32.Agent.afm skipped C:\System Volume Information\_restore{155801AE-AF20-439C-84A9-430FB708C3E4}\RP159\A0066916.dll Infected: not-a-virus:AdWare.Win32.WSearch.j skipped C:\System Volume Information\_restore{155801AE-AF20-439C-84A9-430FB708C3E4}\RP159\A0066917.dll Infected: not-a-virus:AdWare.Win32.AdAgent.d skipped C:\System Volume Information\_restore{155801AE-AF20-439C-84A9-430FB708C3E4}\RP159\A0066918.dll Infected: not-a-virus:AdWare.Win32.Dm.p skipped C:\System Volume Information\_restore{155801AE-AF20-439C-84A9-430FB708C3E4}\RP159\A0067861.dll Infected: not-a-virus:AdWare.Win32.Dm.n skipped C:\System Volume Information\_restore{155801AE-AF20-439C-84A9-430FB708C3E4}\RP159\A0070911.dll Infected: not-a-virus:AdWare.Win32.Dm.o skipped C:\System Volume Information\_restore{155801AE-AF20-439C-84A9-430FB708C3E4}\RP159\A0070913.exe Infected: not-a-virus:AdWare.Win32.Dm.n skipped C:\System Volume Information\_restore{155801AE-AF20-439C-84A9-430FB708C3E4}\RP159\A0070914.exe Infected: not-a-virus:AdWare.Win32.Dm.n skipped C:\System Volume Information\_restore{155801AE-AF20-439C-84A9-430FB708C3E4}\RP159\A0070919.dll Infected: not-a-virus:AdWare.Win32.WSearch.j skipped C:\System Volume Information\_restore{155801AE-AF20-439C-84A9-430FB708C3E4}\RP159\A0070923.dll Infected: not-a-virus:AdWare.Win32.Dm.n skipped C:\System Volume Information\_restore{155801AE-AF20-439C-84A9-430FB708C3E4}\RP159\A0070962.exe Infected: not-a-virus:AdWare.Win32.WSearch.j skipped C:\System Volume Information\_restore{155801AE-AF20-439C-84A9-430FB708C3E4}\RP159\A0070965.dll Infected: not-a-virus:AdWare.Win32.AdAgent.e skipped C:\System Volume Information\_restore{155801AE-AF20-439C-84A9-430FB708C3E4}\RP159\A0071006.dll Infected: not-a-virus:AdWare.Win32.AdMedia.e skipped C:\System Volume Information\_restore{155801AE-AF20-439C-84A9-430FB708C3E4}\RP159\A0071511.exe Infected: Trojan-Dropper.Win32.Delf.zg skipped C:\System Volume Information\_restore{155801AE-AF20-439C-84A9-430FB708C3E4}\RP159\A0071512.exe Infected: Trojan-Downloader.Win32.Agent.afm skipped C:\System Volume Information\_restore{155801AE-AF20-439C-84A9-430FB708C3E4}\RP159\A0071513.dll Infected: not-a-virus:AdWare.Win32.AdAgent.d skipped C:\System Volume Information\_restore{155801AE-AF20-439C-84A9-430FB708C3E4}\RP159\A0071514.exe Infected: not-a-virus:AdWare.Win32.WSearch.j skipped C:\System Volume Information\_restore{155801AE-AF20-439C-84A9-430FB708C3E4}\RP159\A0071515.dll Infected: not-a-virus:AdWare.Win32.WSearch.j skipped C:\System Volume Information\_restore{155801AE-AF20-439C-84A9-430FB708C3E4}\RP159\A0071516.dll Infected: not-a-virus:AdWare.Win32.WSearch.j skipped C:\System Volume Information\_restore{155801AE-AF20-439C-84A9-430FB708C3E4}\RP159\A0071518.dll Infected: not-a-virus:AdWare.Win32.Hengbang.t skipped C:\System Volume Information\_restore{155801AE-AF20-439C-84A9-430FB708C3E4}\RP159\A0071519.dll Infected: not-a-virus:AdWare.Win32.NewWeb.b skipped C:\System Volume Information\_restore{155801AE-AF20-439C-84A9-430FB708C3E4}\RP159\A0071520.dll Infected: not-a-virus:AdWare.Win32.NewWeb.b skipped C:\System Volume Information\_restore{155801AE-AF20-439C-84A9-430FB708C3E4}\RP159\A0071521.dll Infected: not-a-virus:AdWare.Win32.NewWeb.b skipped C:\System Volume Information\_restore{155801AE-AF20-439C-84A9-430FB708C3E4}\RP159\A0071522.dll Infected: not-a-virus:AdWare.Win32.NewWeb.f skipped C:\System Volume Information\_restore{155801AE-AF20-439C-84A9-430FB708C3E4}\RP159\A0071523.dll Infected: not-a-virus:AdWare.Win32.NewWeb.f skipped C:\System Volume Information\_restore{155801AE-AF20-439C-84A9-430FB708C3E4}\RP159\A0071526.dll Infected: not-a-virus:AdWare.Win32.AdMedia.i skipped C:\System Volume Information\_restore{155801AE-AF20-439C-84A9-430FB708C3E4}\RP159\A0071527.dll Infected: not-a-virus:AdWare.Win32.AdMedia.i skipped C:\System Volume Information\_restore{155801AE-AF20-439C-84A9-430FB708C3E4}\RP159\A0071529.dll Infected: not-a-virus:AdWare.Win32.AdAgent.e skipped C:\System Volume Information\_restore{155801AE-AF20-439C-84A9-430FB708C3E4}\RP159\A0071530.dll Infected: not-a-virus:AdWare.Win32.AdAgent.e skipped C:\System Volume Information\_restore{155801AE-AF20-439C-84A9-430FB708C3E4}\RP159\A0071531.dll Infected: not-a-virus:AdWare.Win32.AdAgent.e skipped C:\System Volume Information\_restore{155801AE-AF20-439C-84A9-430FB708C3E4}\RP159\A0071532.dll Infected: not-a-virus:AdWare.Win32.AdAgent.e skipped C:\System Volume Information\_restore{155801AE-AF20-439C-84A9-430FB708C3E4}\RP159\A0071533.dll Infected: not-a-virus:AdWare.Win32.AdAgent.e skipped C:\System Volume Information\_restore{155801AE-AF20-439C-84A9-430FB708C3E4}\RP159\A0073738.dll Infected: Trojan-Clicker.Win32.BHO.f skipped C:\System Volume Information\_restore{155801AE-AF20-439C-84A9-430FB708C3E4}\RP162\change.log Object is locked skipped C:\System Volume Information\_restore{155801AE-AF20-439C-84A9-430FB708C3E4}\RP97\A0038930.exe Infected: not-a-virus:Downloader.Win32.Quyl.c skipped C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped C:\WINDOWS\SchedLgU.Txt Object is locked skipped C:\WINDOWS\setup11.exe/stream/data0002 Infected: not-a-virus:AdWare.Win32.Agent.ae skipped C:\WINDOWS\setup11.exe/stream Infected: not-a-virus:AdWare.Win32.Agent.ae skipped C:\WINDOWS\setup11.exe NSIS: infected - 2 skipped C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped C:\WINDOWS\Sti_Trace.log Object is locked skipped C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\AutoDownSrv_5021.exe Infected: Trojan-Downloader.Win32.Delf.awc skipped C:\WINDOWS\system32\config\default Object is locked skipped C:\WINDOWS\system32\config\default.LOG Object is locked skipped C:\WINDOWS\system32\config\SAM Object is locked skipped C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SECURITY Object is locked skipped C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped C:\WINDOWS\system32\config\software Object is locked skipped C:\WINDOWS\system32\config\software.LOG Object is locked skipped C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\system Object is locked skipped C:\WINDOWS\system32\config\system.LOG Object is locked skipped C:\WINDOWS\system32\h323log.txt Object is locked skipped C:\WINDOWS\system32\spshelldm.dll Infected: not-a-virus:AdWare.Win32.Dm.p skipped C:\WINDOWS\system32\SysMod\dbisam.lck Object is locked skipped C:\WINDOWS\system32\SysMod\DownFileList.blb Object is locked skipped C:\WINDOWS\system32\SysMod\DownFileList.dat Object is locked skipped C:\WINDOWS\system32\SysMod\DownFileList.idx Object is locked skipped C:\WINDOWS\system32\SysMod\ShareFileList.dat Object is locked skipped C:\WINDOWS\system32\SysMod\ShareFileList.idx Object is locked skipped C:\WINDOWS\system32\SysMod\Users.dat Object is locked skipped C:\WINDOWS\system32\SysMod\Users.idx Object is locked skipped C:\WINDOWS\system32\usmt\wmisys.dat Infected: Trojan-Downloader.Win32.Agent.afm skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped C:\WINDOWS\system32\wbem\wmipop.dll Infected: Trojan-Downloader.Win32.Agent.afm skipped C:\WINDOWS\system32\_nvidia_xxx_.log Object is locked skipped C:\WINDOWS\wiadebug.log Object is locked skipped C:\WINDOWS\wiaservc.log Object is locked skipped C:\WINDOWS\WindowsUpdate.log Object is locked skipped D:\System Volume Information\_restore{155801AE-AF20-439C-84A9-430FB708C3E4}\RP159\A0071517.dll Infected: not-a-virus:AdWare.Win32.WSearch.j skipped D:\System Volume Information\_restore{155801AE-AF20-439C-84A9-430FB708C3E4}\RP159\A0071528.dll Infected: not-a-virus:AdWare.Win32.AdMedia.e skipped D:\System Volume Information\_restore{155801AE-AF20-439C-84A9-430FB708C3E4}\RP162\change.log Object is locked skipped D:\Downloads\Pyjjbxb.rar/pyjjbxb/Pyintav.bin Suspicious: Packed.Win32.PePatch.dk skipped D:\Downloads\Pyjjbxb.rar/pyjjbxb/PyjjV.ime Suspicious: Packed.Win32.PePatch.dk skipped D:\Downloads\Pyjjbxb.rar/Pyjj2207bxb_0526/PyjjV.ime Suspicious: Packed.Win32.PePatch.dk skipped D:\Downloads\Pyjjbxb.rar/Pyjj2207bxb_0526/Pyintav.bin Suspicious: Packed.Win32.PePatch.dk skipped D:\Downloads\Pyjjbxb.rar RAR: suspicious - 4 skipped D:\Downloads\hijackthis\backups\backup-20060905-220551-157.dll Infected: Trojan-Clicker.Win32.BHO.f skipped D:\Games\Steam\SteamApps\winui.gcf Object is locked skipped D:\Games\Steam\Steam.log Object is locked skipped D:\Games\Steam\SteamLogs\SteamStats.log Object is locked skipped Scan process completed. Theres 4 programs in chinese that i dont recongize, i know alittle chinese but i never seen these 4 programs, i think they just auto install onto my computer. Theres files i cant find C:\Program Files\kuzhan\ C:\PROGRA~1\Yahoo!\ASSIST~1\ |
|
|
|
|
09-06-2006, 06:37 PM
|
#12 (permalink) |
|
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
Join Date: May 2005
Posts: 24,479
OS: N/A
|
Start HiJackThis & go to Config>Misc.Tools> Delete a file on reboot...
* * * * * * RESTART WINDOWS IN SAFE MODE * * * * * * * * * * 1. Restart your computer 2. After hearing your computer beep once during startup, but before the Windows icon appears, press F8. 3. Instead of Windows loading as normal, a menu should appear 4. Select the option to run Windows in Safe Mode. * * * * * * DELETING FILES/FOLDERS * * * * * * * * * * * * * * * If you have not done so already, please enable the viewing of Hidden files From Windows Explorer, go to Tools → Folder Options → View tab.
* * * * * * Return to Normal mode & download this file using either of these links http://download.bleepingcomputer.com/sUBs/combofix.exe http://www.techsupportforum.com/sectools/combofix.exe Double click on combofix.exe & follow the prompts. When finished, it shall produce a log for you. Post that log & a fresh HJT log in your next reply Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall Tell me how the machine behaves now
__________________
Question - what have you done for the community today? |
|
|
|
|
09-06-2006, 09:36 PM
|
#13 (permalink) |
|
Registered User
Join Date: Sep 2006
Posts: 29
OS: XP
|
There are files that i cant delete and find:
couldnt delete: C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\IEHelper\IEHelper_5000.dll couldnt find: C:\Documents and Settings\David.WEIBO-1SL7KE2A9\Local Settings\Temporary Internet Files\Content.IE5\J06N8BPX\iebar[1].exe C:\WINDOWS\system32\usmt\wmisys.dat C:\WINDOWS\system32\wbem\wmipop.dll Here the log from the combofix: David - 06-09-06 23:32:49.42 ComboFix 06.09.04BT - Running from: D:\Downloads Microsoft Windows XP [Version 5.1.2600] ((((((((((((((((((((((((((((((( Files Created from 2006-08-06 to 2006-09-06 )))))))))))))))))))))))))))))))))) 2006-09-06 23:30 566,844 --a------ C:\WINDOWS\system32\spshelldm.dll 2006-09-06 23:30 3,290 --a------ C:\WINDOWS\system32\nlenmac.dll 2006-09-06 23:30 1,836 --a------ C:\WINDOWS\dhcg.dll 2006-09-06 22:59 90,624 --a------ C:\WINDOWS\system32\ms.dll 2006-09-05 22:12 193,536 --a------ C:\WINDOWS\system32\COMBoHEvent.dll 2006-09-05 18:22 75,264 --a------ C:\WINDOWS\system32\COMEventHelper.dll 2006-09-05 08:54 0 --a------ C:\WINDOWS\ef26ev.dll 2006-09-04 22:20 324 --a------ C:\WINDOWS\system32\COMEventHelper.bat 2006-09-04 10:39 27 --a------ C:\WINDOWS\system32\SystemID.dll 2006-09-04 10:39 22 --a------ C:\WINDOWS\system32\C1C003E6.dll 2006-09-04 10:38 236,544 --a------ C:\WINDOWS\system32\COMAdEvent.dll 2006-09-04 00:04 <DIR> d-------- C:\WINDOWS\McAfee.com 2006-09-03 18:09 32,768 --------- C:\WINDOWS\system32\cns.dll 2006-09-03 18:00 3,184 --a------ C:\WINDOWS\system32\yptappm.dll 2006-09-03 18:00 102,400 --a------ C:\WINDOWS\system32\xresut.dll 2006-09-03 17:59 81,920 --a------ C:\WINDOWS\system32\ontwps.dll 2006-09-03 17:59 168 --a------ C:\WINDOWS\system32\fctmlu.dll 2006-09-03 17:55 38,912 --a------ C:\WINDOWS\system32\alxklt.dll 2006-09-03 17:54 47,104 --a------ C:\WINDOWS\system32\ppgaxea.dll 2006-08-24 10:26 147,100 --a------ C:\WINDOWS\system32\19.exe 2006-08-13 22:12 157,184 --a------ C:\WINDOWS\system32\SoundMix.dll (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2006-09-06 23:26 -------- d-------- C:\Program Files\FlashGet 2006-09-06 19:39 -------- d---s---- C:\Documents and Settings\David.WEIBO-1SL7KE2A9\Application Data\Microsoft 2006-09-06 15:59 -------- d-------- C:\Program Files\ewido anti-spyware 4.0 2006-09-05 22:25 -------- d-------- C:\Program Files\KooWo 2006-09-05 22:25 -------- d-------- C:\Program Files\Common Files 2006-09-05 16:31 -------- d-------- C:\Program Files\systems 2006-09-05 14:27 14848 --a------ C:\WINDOWS\system32\drivers\436734.sys 2006-09-05 01:04 -------- d-------- C:\Documents and Settings\David.WEIBO-1SL7KE2A9\Application Data\AdobeUM 2006-09-03 23:56 -------- d-------- C:\Program Files\RegClean 2006-09-03 23:35 -------- d-------- C:\Program Files\RegistryFix 2006-09-03 23:14 14848 --a------ C:\WINDOWS\system32\drivers\4172375.sys 2006-09-03 22:57 -------- d-------- C:\Program Files\Panicware 2006-09-03 21:37 -------- d-------- C:\Documents and Settings\David.WEIBO-1SL7KE2A9\Application Data\Lavasoft 2006-09-03 21:36 -------- d-------- C:\Program Files\Lavasoft 2006-09-03 20:50 -------- d-------- C:\Program Files\Internet Explorer 2006-09-03 20:49 76560 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys 2006-09-03 20:45 -------- d-------- C:\Program Files\Trend Micro 2006-09-03 18:56 14848 --a------ C:\WINDOWS\system32\drivers\481156.sys 2006-09-03 15:45 -------- d-------- C:\Documents and Settings\David.WEIBO-1SL7KE2A9\Application Data\Macromedia 2006-08-28 00:36 -------- d-------- C:\Program Files\QuickTime 2006-08-28 00:36 -------- d-------- C:\Documents and Settings\David.WEIBO-1SL7KE2A9\Application Data\Apple Computer 2006-08-22 22:26 -------- d-------- C:\Program Files\Amazing Photo Editor 2006-08-18 12:51 -------- d-------- C:\Program Files\Microsoft Office 2006-08-18 12:51 -------- d-------- C:\Program Files\Microsoft ActiveSync 2006-08-18 12:51 -------- d-------- C:\Program Files\Common Files\Microsoft Shared 2006-07-27 09:24 679424 --a------ C:\WINDOWS\system32\inetcomm.dll 2006-07-21 04:24 72704 --a------ C:\WINDOWS\system32\hlink.dll 2006-06-15 17:55 778240 --a------ C:\WINDOWS\system32\divx_xx0c.dll 2006-06-15 17:55 778240 --a------ C:\WINDOWS\system32\divx_xx07.dll 2006-06-15 17:55 761856 --a------ C:\WINDOWS\system32\divx_xx11.dll 2006-06-15 17:55 620180 --a------ C:\WINDOWS\system32\DivX.dll 2006-06-14 13:49 118784 --a------ C:\WINDOWS\system32\DivXCodecUpdateChecker.exe 2006-06-12 15:22 520192 --a------ C:\WINDOWS\system32\DivXsm.exe (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BigDogPath"="C:\\WINDOWS\\VM_STI.EXE VIMICRO USB PC Camera" "HPDJ Taskbar Utility"="C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\hpztsb12.exe" "NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup" "SoundMan"="SOUNDMAN.EXE" "Pop3trap.exe"="\"C:\\Program Files\\Trend Micro\\PC-cillin 2002\\Pop3trap.exe\"" "pccguide.exe"="\"C:\\Program Files\\Trend Micro\\PC-cillin 2002\\pccguide.exe\"" "PCCClient.exe"="\"C:\\Program Files\\Trend Micro\\PC-cillin 2002\\PCCClient.exe\"" "nwiz"="nwiz.exe /install" "NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvMcTray.dll,NvTaskbarInit" "nTrayFw"="C:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\bin\\nTrayFw.exe" "NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe" "TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot" "SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe" "HP Software Update"="\"C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe\"" "ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\"" "Adobe Photo Downloader"="\"C:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\"" "!ewido"="\"C:\\Program Files\\ewido anti-spyware 4.0\\ewido.exe\" /minimized" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL] "Installed"="1" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI] "NoChange"="1" "Installed"="1" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS] "Installed"="1" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background" "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe" "updateMgr"="\"C:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe\" AcRdB7_0_7 -reboot 1" "Steam"="D:\\Games\\Steam\\Steam.exe -silent" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run] "Galaxy"="rundll32.exe C:\\WINDOWS\\system32\\ppgaxea.dll,Su" "Power"="rundll32.exe C:\\WINDOWS\\system32\\alxklt.dll,Start" "popBlockHlp"="rundll32.exe C:\\WINDOWS\\system32\\wbem\\wmipop.dll,_S1" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] "dontdisplaylastusername"=dword:00000000 "legalnoticecaption"="" "legalnoticetext"="" "shutdownwithoutlogon"=dword:00000001 "undockwithoutlogon"=dword:00000001 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components] "DeskHtmlVersion"=dword:00000110 "DeskHtmlMinorVersion"=dword:00000005 "Settings"=dword:00000001 "GeneralFlags"=dword:00000001 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="My Current Home Page" "Flags"=dword:00000002 "Position"=hex:2c,00,00,00,e6,00,00,00,00,00,00,00,9a,03,00,00,42,03,00,00,00,\ 00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00 "CurrentState"=hex:04,00,00,40 "OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\ ff,ff,04,00,00,00 "RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\ 00,00,01,00,00,00 [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\\WINDOWS\\system32\\CTFMON.EXE" [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\\WINDOWS\\system32\\CTFMON.EXE" [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks] "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"="" "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="ewido anti-spyware 4.0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Microsoft Office.lnk] "path"="C:\\Documents and Settings\\All Users.WINDOWS\\Start Menu\\Programs\\Startup\\Microsoft Office.lnk" "backup"="C:\\WINDOWS\\pss\\Microsoft Office.lnkCommon Startup" "location"="Common Startup" "command"="C:\\PROGRA~1\\MICROS~2\\Office10\\OSA.EXE -b -l" "item"="Microsoft Office" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^David.WEIBO-1SL7KE2A9^Start Menu^Programs^Startup^腾讯QQ.lnk] "path"="C:\\Documents and Settings\\David.WEIBO-1SL7KE2A9\\Start Menu\\Programs\\Startup\\腾讯QQ.lnk" "backup"="C:\\WINDOWS\\pss\\腾讯QQ.lnkStartup" "location"="Startup" "command"="C:\\PROGRA~1\\Tencent\\QQ\\QQ.exe " "item"="腾讯QQ" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\!ewido] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="ewido" "hkey"="HKLM" "command"="\"C:\\Program Files\\ewido anti-spyware 4.0\\ewido.exe\" /minimized" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\PopUpStopperFreeEdition] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="PSFree" "hkey"="HKCU" "command"="\"C:\\PROGRA~1\\PANICW~1\\POP-UP~1\\PSFree.exe\"" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\QuickTime Task] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="qttask" "hkey"="HKLM" "command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\service] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="serviceo" "hkey"="HKLM" "command"="C:\\DOCUME~1\\DAVID~1.WEI\\LOCALS~1\\Temp\\serviceo.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\yassistse] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="yassistse" "hkey"="HKLM" "command"="\"C:\\PROGRA~1\\Yahoo!\\Assistant\\yassistse.exe\"" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\YLive.exe] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="YLive" "hkey"="HKLM" "command"="C:\\PROGRA~1\\Yahoo!\\ASSIST~1\\YLive.exe" "inimapping"="0" HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB Completion time: 06/09/2006 23:32:59.67 ComboFix.txt ComboFix2.txt Here the HJT log: Logfile of HijackThis v1.99.1 Scan saved at 11:34:06 PM, on 06/09/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Trend Micro\PC-cillin 2002\Pop3trap.exe C:\Program Files\Trend Micro\PC-cillin 2002\pccguide.exe C:\Program Files\Trend Micro\PC-cillin 2002\PCCClient.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe C:\Program Files\ewido anti-spyware 4.0\ewido.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\ewido anti-spyware 4.0\guard.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe C:\Program Files\Trend Micro\PC-cillin 2002\Tmntsrv.exe C:\WINDOWS\system32\wdfmgr.exe c:\windows\system32\inetsrv\csrss.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe C:\Program Files\Trend Micro\PC-cillin 2002\PCCPFW.exe C:\WINDOWS\System32\alg.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\FlashGet\flashget.exe C:\WINDOWS\system32\conime.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\PYINTAU.EXE D:\Downloads\hijackthis\HijackThis.exe O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: MyIEHelper Class - {16B770A0-0E87-4278-B748-2460D64A8386} - C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\IEHelper\IEHelper_5000.dll O2 - BHO: QQIEHelper - {54EBD53A-9BC1-480B-966A-843A333CA162} - C:\Program Files\Tencent\QQ\QQIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll O2 - BHO: Sun Java2 - {C61A70F3-505E-4B90-916F-627A8706B4BC} - c:\WINDOWS\system32\COMBoHEvent.dll O2 - BHO: OsbornTech Popup Blocker - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - C:\WINDOWS\system32\ms.dll O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\Pop3trap.exe" O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\pccguide.exe" O4 - HKLM\..\Run: [PCCClient.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\PCCClient.exe" O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1 O4 - HKCU\..\Run: [Steam] D:\Games\Steam\Steam.exe -silent O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: 上传到QQ网络硬盘 - C:\Program Files\Tencent\QQ\AddToNetDisk.htm O8 - Extra context menu item: 添加到QQ自定义面板 - C:\Program Files\Tencent\QQ\AddPanel.htm O8 - Extra context menu item: 添加到QQ表情 - C:\Program Files\Tencent\QQ\AddEmotion.htm O8 - Extra context menu item: 用QQ彩信发送该图片 - C:\Program Files\Tencent\QQ\SendMMS.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\QQ\QQ.EXE O9 - Extra 'Tools' menuitem: ìú??QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\QQ\QQ.EXE O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe O9 - Extra button: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - C:\Program Files\Tencent\QQ\QQIEHelper.dll O9 - Extra 'Tools' menuitem: QQì?2ê1¤??ì?éè?? - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - C:\Program Files\Tencent\QQ\QQIEHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://hispeed.rogers.com O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} (NPKCX Control) - http://nprotect.nefficient.com/Mir3/KeyCrypt/npkcx.cab O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is...41/mcfscan.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: WB - C:\PROGRA~1\OBJECT~1\WINDOW~1\fastload.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\system32\npkcsvc.exe O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: PC-cillin PersonalFirewall (PCCPFW) - Trend Micro Inc. - C:\Program Files\Trend Micro\PC-cillin 2002\PCCPFW.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing) O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Inc. - C:\Program Files\Trend Micro\PC-cillin 2002\Tmntsrv.exe My computer is still slow compare to before, n theres as much random pop ups as before but not desktop pop ups now. When ever i click back or click a link there would be pop ups...and my pop up blocker is on. |
|
|
|
|
09-07-2006, 03:35 AM
|
#14 (permalink) |
|
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
Join Date: May 2005
Posts: 24,479
OS: N/A
|
Generate an uninstall list
Launch HijackThis & go to Config > Misc Tools - Open Uninstall Manager Click the Save List button & post the the resultant log here. Please highlight any entries that looks suspicious to you If possible, translate the Chinese entries in there
__________________
Question - what have you done for the community today? |
|
|
|
|
09-07-2006, 02:52 PM
|
#15 (permalink) |
|
Registered User
Join Date: Sep 2006
Posts: 29
OS: XP
|
???¢?úê?
?′ò??ó?ó?ˉo?°? 2.2.0.4 ×à????ì? °ù?è3?????°? Ad-Aware SE Personal Adobe Reader 7.0.7 Adobe Shockwave Player Adobe? Photoshop? Album Starter Edition 3.0 AI - Series Amazing Photo Editor V5.8 Ares 1.9.0 AsusUpdate Athlon 64 Processor Driver BitComet 0.64 ccCommon Content Match Software D???KooWoLyrics(?á?ò?è′ê) DivX DivX Converter DivX Player EDAC ewido anti-spyware 4.0 FlashGet(JetCar) HighMAT Extension to Microsoft Windows XP CD Writing Wizard HijackThis 1.99.1 Hotfix for Windows Media Format SDK (KB902344) Hotfix for Windows XP (KB896344) HP Extended Capabilities 4.7 HP Image Zone 4.7 HP PSC & OfficeJet 4.7 HP Software Update J2SE Runtime Environment 5.0 Update 6 Kaspersky Online Scanner LiveUpdate 2.5 (Symantec Corporation) Macromedia Flash Player 8 Microsoft .NET Framework 1.1 Microsoft .NET Framework 2.0 Microsoft Base Smart Card Cryptographic Service Provider Package Microsoft Office XP Professional with FrontPage MIR3 - illusion client (remove only) MSN Messenger 7.5 MSN Music Assistant Nero OEM nProtect KeyCrypt NVDVD NVIDIA Drivers NVIDIA ForceWare Network Access Manager NVIDIA WDM Drivers PC-cillin 2002 Pop-Up Stopper Free Edition PPLive 1.1.0.7 QQ2005 ?yê?°? QuickTime RealPlayer Realtek AC'97 Audio Rich Media Cast Security Update for Microsoft .NET Framework 2.0 (KB917283) Security Update for Windows Media Player (KB911564) Security Update for Windows Media Player 10 (KB911565) Security Update for Windows Media Player 10 (KB917734) Security Update for Windows XP (KB890046) Security Update for Windows XP (KB893066) Security Update for Windows XP (KB893756) Security Update for Windows XP (KB896358) Security Update for Windows XP (KB896422) Security Update for Windows XP (KB896423) Security Update for Windows XP (KB896424) Security Update for Windows XP (KB896428) Security Update for Windows XP (KB899587) Security Update for Windows XP (KB899589) Security Update for Windows XP (KB899591) Security Update for Windows XP (KB900725) Security Update for Windows XP (KB901017) Security Update for Windows XP (KB901190) Security Update for Windows XP (KB901214) Security Update for Windows XP (KB902400) Security Update for Windows XP (KB904706) Security Update for Windows XP (KB905414) Security Update for Windows XP (KB905749) Security Update for Windows XP (KB905915) Security Update for Windows XP (KB908519) Security Update for Windows XP (KB908531) Security Update for Windows XP (KB911562) Security Update for Windows XP (KB911567) Security Update for Windows XP (KB911927) Security Update for Windows XP (KB912812) Security Update for Windows XP (KB912919) Security Update for Windows XP (KB913446) Security Update for Windows XP (KB913580) Security Update for Windows XP (KB914388) Security Update for Windows XP (KB914389) Security Update for Windows XP (KB916281) Security Update for Windows XP (KB917159) Security Update for Windows XP (KB917344) Security Update for Windows XP (KB917422) Security Update for Windows XP (KB917953) Security Update for Windows XP (KB918439) Security Update for Windows XP (KB918899) Security Update for Windows XP (KB920214) Security Update for Windows XP (KB920670) Security Update for Windows XP (KB920683) Security Update for Windows XP (KB921398) Security Update for Windows XP (KB921883) Security Update for Windows XP (KB922616) Spelling Dictionaries For Adobe Reader Package Steam Synacast Plug-in 1.1.0.7 Update for Windows XP (KB894391) Update for Windows XP (KB898461) Update for Windows XP (KB900485) Update for Windows XP (KB900930) Update for Windows XP (KB910437) Update for Windows XP (KB911280) Update for Windows XP (KB916595) WC3Banlist WindowBlinds Windows Genuine Advantage v1.3.0254.0 Windows Installer 3.1 (KB893803) Windows Media Connect Windows Media Format Runtime Windows Media Player 10 Windows XP Hotfix - KB873339 Windows XP Hotfix - KB885250 Windows XP Hotfix - KB885835 Windows XP Hotfix - KB885836 Windows XP Hotfix - KB885884 Windows XP Hotfix - KB886185 Windows XP Hotfix - KB887472 Windows XP Hotfix - KB887742 Windows XP Hotfix - KB887797 Windows XP Hotfix - KB888113 Windows XP Hotfix - KB888302 Windows XP Hotfix - KB890859 Windows XP Hotfix - KB891781 Windows XP Service Pack 2 WinPcap 3.1 WinRAR archiver the highlighted ones is the ones i dont no |
|
|
|
|
09-07-2006, 02:58 PM
|
#16 (permalink) | |
|
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
Join Date: May 2005
Posts: 24,479
OS: N/A
|
Quote:
Tell me about ?′ò??ó?ó?ˉo?°? 2.2.0.4. What is it?
__________________
Question - what have you done for the community today? |
|
|
|
|
|
09-07-2006, 03:04 PM
|
#19 (permalink) |
|
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
Join Date: May 2005
Posts: 24,479
OS: N/A
|
Start HJT & goto Config > Misc Tools - Open Uninstall Manager
From the box on the left, select each entry & look up the the uninstall command from the right :
__________________
Question - what have you done for the community today? Last edited by sUBs; 09-07-2006 at 03:06 PM. |
|
|
|
| Thread Tools | |
|
|
