Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 


Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads
Reload this Page Help with HijackThis log
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read


Resolved HJT Threads Resolved spyware and popup issues.

 
Page 1 of 2 1 2
 
LinkBack Thread Tools
Old 01-13-2008, 04:14 PM   #1 (permalink)
Registered User
 
liuall2003's Avatar
 
Join Date: Jan 2008
Posts: 29
OS: Windows XP SP2


Help with HijackThis log
I scanned my computer with HijackThis and got this log. I need an experienced person to help me choose which files to fix and which to keep. Thanks in advance!
------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:12:56 PM, on 1/13/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\tcpsvcs.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\TweakRAM\TweakRAM.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\RoboTask\RoboTask.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
R3 - URLSearchHook: (no name) - {0A94B116-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Ask Toolbar - {F4D76F09-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [EverioService] "C:\Program Files\CyberLink\PCM4Everio\EverioService.exe"
O4 - HKLM\..\Run: [BM47e6e9f0] Rundll32.exe "C:\WINDOWS\system32\fblcqahq.dll",s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [TweakRAM] C:\Program Files\TweakRAM\TweakRAM.exe
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [RoboTask] C:\Program Files\RoboTask\RoboTask.exe
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Display All Images with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/228
O8 - Extra context menu item: Display Image with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/227
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IE7Pro\IE7Pro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IE7Pro\IE7Pro.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: PowerWord - {8DE0FCD4-5EB5-11D3-AD25-00002100131B} - C:\PROGRA~1\KINGSOFT\XDICT\ieplugin.DLL
O9 - Extra button: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files\PPLive\PPLive.exe
O9 - Extra 'Tools' menuitem: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files\PPLive\PPLive.exe
O9 - Extra button: Joyo - {C8CE29C5-7589-11D3-B81B-0080C8DC5DC8} - C:\PROGRA~1\KINGSOFT\XDICT\ieplugin.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ubisoft.com/dev/pa.../GSManager.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - http://www.snapfish.com/SnapfishActivia.cab
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.johannrain-softwareentwic...an8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1126738808781
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://crucial.com/controls/cpcScanner.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {D87BE747-157C-49BD-A392-A68B75A54947} (HotTeleClient Control) - http://www.hottelephone.com/HotTeleClient.CAB
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is...13/mcfscan.cab
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Unknown owner - C:\Program Files\Norton AntiVirus\navapsvc.exe (file missing)
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
O23 - Service: VideoAcceleratorEngine - Unknown owner - C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe (file missing)

--
End of file - 14274 bytes
liuall2003 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Sponsored Links
Old 01-16-2008, 12:41 PM   #2 (permalink)
Registered User
 
liuall2003's Avatar
 
Join Date: Jan 2008
Posts: 29
OS: Windows XP SP2


Re: Help with HijackThis log
Bump!
liuall2003 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 01-16-2008, 05:00 PM   #3 (permalink)
Manager, Security Center, TSF Academy; Analyst, Security Team
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 32,563
OS: 2000 Pro; XP Pro; XP Home


Re: Help with HijackThis log
Please do this:

Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges.
  1. Close all applications and windows.
  2. Double-click on dss.exe to run it, and follow the prompts.
  3. When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt <-this one will be minimized
  4. Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt here.
  5. Please attach extra.txt to your post.
To attach a file to a new post, simply
  1. Click the[Manage Attachments] button under Additional Options > Attach Files on the post composition page, and
  2. copy and paste the following into the "Upload File from your Computer" box:
    C:\Deckard\System Scanner\extra.txt
  3. Click Upload.

What DSS will do:
  • create a new System Restore point in Windows XP and Vista.
  • clean your Temporary Files, Downloaded Program Files, and Internet Cache Files, and also empty the Recycle Bin on all drives.
  • check some important areas of your system and produce a report for your analyst to review. DSS automatically runs HijackThis for you, but it will also install and place a shortcut to HijackThis on your desktop if you do not already have HijackThis installed.

---------------------------------------------------------------------------------------------

Also, please do this:

Open notepad and copy/paste the text in the quotebox below into it:

Quote:
type "C:\boot.ini">C:\look.txt
Start notepad C:\Look.txt
Save this as peek.bat Choose to "Save type as - All Files"
It should look like this:
Double click on peek.bat & allow it to run. A notepad file will open. Post the contents of that file in your next reply, and close the file.
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of ASAP since 2005
Proud Member of UNITE since 2006


Please do not ask for help via Private Message.
tetonbob is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 01-18-2008, 01:50 PM   #4 (permalink)
Registered User
 
liuall2003's Avatar
 
Join Date: Jan 2008
Posts: 29
OS: Windows XP SP2


Re: Help with HijackThis log
Thank you for your response, here is the log (main.txt) from the DSS scan:
------------------------
Deckard's System Scanner v20071014.68
Run by Yu on 2008-01-18 16:38:09
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 3 Restore Point(s) --
3: 2008-01-18 21:38:24 UTC - RP574 - Deckard's System Scanner Restore Point
2: 2008-01-17 22:07:43 UTC - RP573 - Installed ErrorDoctor
1: 2008-01-15 00:15:33 UTC - RP572 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 510 MiB (512 MiB recommended).


-- HijackThis (run as Yu.exe) --------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:41:27 PM, on 1/18/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\tcpsvcs.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\TweakRAM\TweakRAM.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\RoboTask\RoboTask.exe
C:\Documents and Settings\Yu\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Yu.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
R3 - URLSearchHook: (no name) - {0A94B116-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IE7Pro\IE7Pro.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Ask Search Assistant BHO - {0A94B111-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL
O2 - BHO: (no name) - {1515B906-999A-48F3-8BF4-B7EC61BF5B38} - C:\WINDOWS\system32\iiffdaa.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {6FA3C85E-3081-4522-9B7C-546F98C684F8} - C:\WINDOWS\system32\mljgf.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: {da19e03d-19ae-b168-d8d4-9783a2989868} - {8689892a-3879-4d8d-861b-ea91d30e91ad} - C:\WINDOWS\system32\ccctxifm.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: Ask Toolbar BHO - {F4D76F01-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Ask Toolbar - {F4D76F09-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [44d5da6c] rundll32.exe "C:\WINDOWS\system32\ltobyqlg.dll",b
O4 - HKLM\..\Run: [BM47e6e9f0] Rundll32.exe "C:\WINDOWS\system32\homaumat.dll",s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [TweakRAM] C:\Program Files\TweakRAM\TweakRAM.exe
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [RoboTask] C:\Program Files\RoboTask\RoboTask.exe
O4 - HKUS\S-1-5-21-1102261427-1399843325-129469713-1007\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Steven')
O4 - HKUS\S-1-5-21-1102261427-1399843325-129469713-1007\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup (User 'Steven')
O4 - HKUS\S-1-5-21-1102261427-1399843325-129469713-1007\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Steven')
O4 - HKUS\S-1-5-21-1102261427-1399843325-129469713-1007\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Steven')
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Default user')
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Display All Images with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/228
O8 - Extra context menu item: Display Image with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/227
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IE7Pro\IE7Pro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IE7Pro\IE7Pro.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: PowerWord - {8DE0FCD4-5EB5-11D3-AD25-00002100131B} - C:\PROGRA~1\KINGSOFT\XDICT\ieplugin.DLL
O9 - Extra button: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files\PPLive\PPLive.exe
O9 - Extra 'Tools' menuitem: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files\PPLive\PPLive.exe
O9 - Extra button: Joyo - {C8CE29C5-7589-11D3-B81B-0080C8DC5DC8} - C:\PROGRA~1\KINGSOFT\XDICT\ieplugin.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ubisoft.com/dev/pa.../GSManager.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - http://www.snapfish.com/SnapfishActivia.cab
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.johannrain-softwareentwic...an8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1126738808781
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://crucial.com/controls/cpcScanner.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {D87BE747-157C-49BD-A392-A68B75A54947} (HotTeleClient Control) - http://www.hottelephone.com/HotTeleClient.CAB
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is...13/mcfscan.cab
O20 - Winlogon Notify: iiffdaa - C:\WINDOWS\SYSTEM32\iiffdaa.dll
O20 - Winlogon Notify: winrvc32 - winrvc32.dll (file missing)
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Unknown owner - C:\Program Files\Norton AntiVirus\navapsvc.exe (file missing)
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
O23 - Service: VideoAcceleratorEngine - Unknown owner - C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe (file missing)

--
End of file - 16375 bytes

-- File Associations -----------------------------------------------------------

.bat - batfile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,71
.inf - inffile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,69
.ini - inifile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,69
.txt - txtfile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,70


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 HFCore - c:\windows\system32\drivers\hfcore.sys
R1 StarPortLite (StarPort Storage Controller (Lite)) - c:\windows\system32\drivers\starportlite.sys <Not Verified; Rocket Division Software; StarPort Storage Controller>
R2 MCSTRM - c:\windows\system32\drivers\mcstrm.sys <Not Verified; RealNetworks, Inc.; RealNetworks Virtual Path Manager® (32-bit)>
R3 Iviaspi (IVI ASPI Shell) - c:\windows\system32\drivers\iviaspi.sys <Not Verified; InterVideo, Inc.; InterVideo ASPI Shell>
R3 pcouffin (VSO Software pcouffin) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>

S2 sbbotdi - c:\progra~1\speedb~1\sbbotdi.sys (file missing)
S3 Ad-Watch Connect Filter (Ad-Watch Connect Kernel Filter) - c:\windows\system32\drivers\nsdriver.sys (file missing)
S3 DSproct - c:\program files\dellsupport\gtaction\triggers\dsproct.sys <Not Verified; Gteko Ltd.; processt>
S3 TIEHDUSB - c:\windows\system32\drivers\tiehdusb.sys <Not Verified; Texas Instruments Incorporated; Texas Instruments Incorporated Educational Handheld Device>
S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Bonjour Service (##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##) - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Computer, Inc.; Bonjour>
R2 ProtexisLicensing - c:\windows\system32\psiservice.exe <Not Verified; ; PSIService>

S2 navapsvc (Norton AntiVirus Auto-Protect Service) - "c:\program files\norton antivirus\navapsvc.exe" (file missing)
S2 RichVideo (Cyberlink RichVideo Service(CRVS)) - "c:\program files\cyberlink\shared files\richvideo.exe" <Not Verified; ; RichVideo Module>
S2 VideoAcceleratorEngine - c:\progra~1\speedb~1\videoacceleratorengine.exe -start -scm (file missing)
S3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-01-17 16:30:24 416 --ah---c- C:\WINDOWS\Tasks\User_Feed_Synchronization-{12BACCA3-FCCA-4B94-AE3C-64054BF14814}.job
2008-01-15 12:49:07 284 --a----c- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2007-12-18 and 2008-01-18 -----------------------------

2008-01-17 19:50:14 86592 --a------ C:\WINDOWS\system32\ltobyqlg.dll
2008-01-17 19:44:14 70208 --a------ C:\WINDOWS\system32\homaumat.dll
2008-01-17 19:39:27 77376 --a------ C:\WINDOWS\system32\ccctxifm.dll
2008-01-17 18:27:11 0 dr-h----- C:\Documents and Settings\Yu\Recent
2008-01-17 17:25:01 0 --a----c- C:\WINDOWS\system32\Ultra.dll
2008-01-17 17:07:45 0 d-------- C:\Program Files\SoftwareDoctor
2008-01-17 16:32:59 0 d-------- C:\Program Files\InControl
2008-01-16 19:12:24 86592 --a------ C:\WINDOWS\system32\pblblvym.dll
2008-01-16 1925 70208 --a------ C:\WINDOWS\system32\jvgjspnn.dll
2008-01-16 19:03:25 76864 --a------ C:\WINDOWS\system32\ifvvnsrd.dll
2008-01-16 15:51:50 0 d-------- C:\Documents and Settings\Yu\.housecall6.6
2008-01-15 18:00:45 70208 --a------ C:\WINDOWS\system32\difjgufb.dll
2008-01-15 17:58:08 79936 --a------ C:\WINDOWS\system32\sgpgiiml.dll
2008-01-14 20:04:54 0 dr-h----- C:\Documents and Settings\Jianmin\Recent
2008-01-14 19:11:55 89152 --a------ C:\WINDOWS\system32\mmdkdydj.dll
2008-01-14 19:05:52 77888 --a------ C:\WINDOWS\system32\rlpruteu.dll
2008-01-14 19:02:52 70208 --a------ C:\WINDOWS\system32\qwvwqmrq.dll
2008-01-14 16:20:20 0 d-------- C:\Documents and Settings\Jianmin\Application Data\Mozilla
2008-01-14 08:55:36 0 d-------- C:\Documents and Settings\Jianmin\Application Data\DAZ 3D
2008-01-13 19:03:20 79936 --a------ C:\WINDOWS\system32\jlfxuimn.dll
2008-01-13 19:00:20 70208 --a------ C:\WINDOWS\system32\fblcqahq.dll
2008-01-13 09:44:38 198144 -------c- C:\WINDOWS\system32\_psisdecd.dll
2008-01-13 09:43:30 44544 --a----c- C:\WINDOWS\system32\msxml4a.dll <Not Verified; Microsoft Corporation; Microsoft(R) MSXML 4.0 SP1>
2008-01-12 18:26:08 76864 --a------ C:\WINDOWS\system32\ixuqgylf.dll
2008-01-12 18:23:10 70208 --a------ C:\WINDOWS\system32\ukvnvget.dll
2008-01-11 18:28:59 70208 --a------ C:\WINDOWS\system32\iixofosk.dll
2008-01-11 18:20:29 70208 --a------ C:\WINDOWS\system32\fjcafose.dll
2008-01-11 16:51:40 0 d------c- C:\WINDOWS\system32\ActiveScan
2008-01-11 15:31:18 0 dr------- C:\Documents and Settings\Administrator.ALEX\Start Menu
2008-01-11 15:31:18 0 dr-h----- C:\Documents and Settings\Administrator.ALEX\SendTo
2008-01-11 15:31:18 0 dr-h----- C:\Documents and Settings\Administrator.ALEX\Recent
2008-01-11 15:31:18 0 d--h----- C:\Documents and Settings\Administrator.ALEX\PrintHood
2008-01-11 15:31:18 0 d--h----- C:\Documents and Settings\Administrator.ALEX\NetHood
2008-01-11 15:31:18 0 d-------- C:\Documents and Settings\Administrator.ALEX\Desktop
2008-01-11 15:31:18 0 d-------- C:\Documents and Settings\Administrator.ALEX\Application Data\Symantec
2008-01-11 15:31:18 0 d-------- C:\Documents and Settings\Administrator.ALEX\Application Data\Sun
2008-01-11 15:31:18 0 d-------- C:\Documents and Settings\Administrator.ALEX\Application Data\Jasc Software Inc
2008-01-11 15:31:18 0 d-------- C:\Documents and Settings\Administrator.ALEX\Application Data\Identities
2008-01-11 15:24:19 0 d--h----- C:\Documents and Settings\Administrator.ALEX\Templates
2008-01-11 15:24:19 0 dr------- C:\Documents and Settings\Administrator.ALEX\My Documents
2008-01-11 15:24:19 0 d--h----- C:\Documents and Settings\Administrator.ALEX\Local Settings
2008-01-11 15:24:19 0 dr------- C:\Documents and Settings\Administrator.ALEX\Favorites
2008-01-11 15:24:19 0 d--hs---- C:\Documents and Settings\Administrator.ALEX\Cookies
2008-01-11 15:24:19 0 dr-h----- C:\Documents and Settings\Administrator.ALEX\Application Data
2008-01-11 15:24:19 0 d---s---- C:\Documents and Settings\Administrator.ALEX\Application Data\Microsoft
2008-01-11 15:24:18 786432 --ah----- C:\Documents and Settings\Administrator.ALEX\NTUSER.DAT
2008-01-11 14:54:07 0 d-------- C:\Documents and Settings\Hong\Application Data\Yahoo!
2008-01-11 14:54:01 0 d-------- C:\Documents and Settings\Steven\Application Data\Yahoo!
2008-01-10 18:05:29 70208 --a----c- C:\WINDOWS\system32\spfwbwod.dll
2008-01-05 20:03:45 78912 --a----c- C:\WINDOWS\system32\ptigupsq.dll
2008-01-04 18:27:53 322935 --ahs--c- C:\WINDOWS\system32\fgjlm.ini2
2008-01-04 18:27:40 331264 --a----c- C:\WINDOWS\system32\mljgf.dll
2008-01-03 1938 0 d-------- C:\Documents and Settings\Jianmin\Application Data\MRTalk
2008-01-03 19:05:42 0 d-------- C:\Program Files\MediaRing
2008-01-03 17:27:13 481363 --ahs--c- C:\WINDOWS\system32\srutv.ini2
2008-01-03 17:27:06 328704 --a----c- C:\WINDOWS\system32\vturs.dll
2008-01-03 15:11:36 7009 --ahs--c- C:\WINDOWS\system32\rqtwa.ini2
2008-01-03 15:11:30 328704 --a----c- C:\WINDOWS\system32\awtqr.dll
2008-01-02 15:21:44 0 d-------- C:\Program Files\Enigma Software Group
2008-01-02 14:34:39 331776 -------c- C:\WINDOWS\system32\gebyy.dll
2008-01-01 15:04:40 327680 -------c- C:\WINDOWS\system32\awtsr.dll
2008-01-01 13:34:34 486347 --ahs--c- C:\WINDOWS\system32\qtstv.ini2
2008-01-01 13:34:26 327680 --a----c- C:\WINDOWS\system32\vtstq.dll
2008-01-01 10:33:38 7088 --ahs--c- C:\WINDOWS\system32\nnnmp.ini2
2008-01-01 10:33:29 327680 --a----c- C:\WINDOWS\system32\pmnnn.dll
2007-12-31 18:33:29 6784 --ahs--c- C:\WINDOWS\system32\stvwa.ini2
2007-12-31 18:33:23 328704 --a----c- C:\WINDOWS\system32\awvts.dll
2007-12-31 16:42:35 6589 --ahs--c- C:\WINDOWS\system32\kjllm.ini2
2007-12-31 16:42:25 328704 --a----c- C:\WINDOWS\system32\mlljk.dll
2007-12-31 14:01:53 328704 -------c- C:\WINDOWS\system32\vtsqo.dll
2007-12-31 13:11:16 481237 --ahs--c- C:\WINDOWS\system32\vybeg.ini2
2007-12-31 13:11:11 328704 --a----c- C:\WINDOWS\system32\gebyv.dll
2007-12-31 08:15:57 328704 -------c- C:\WINDOWS\system32\pmnnk.dll
2007-12-30 14:21:19 0 d-------- C:\Program Files\QuickTime
2007-12-30 14:19:13 0 d-------- C:\Program Files\Apple Software Update
2007-12-30 14:19:12 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple
2007-12-29 21:02:27 328192 -------c- C:\WINDOWS\system32\mlljg.dll
2007-12-29 19:08:47 327680 -------c- C:\WINDOWS\system32\geebx.dll
2007-12-29 18:54:39 6709 --ahs--c- C:\WINDOWS\system32\ddeeg.ini2
2007-12-29 18:54:30 328192 --a----c- C:\WINDOWS\system32\geedd.dll
2007-12-29 17:57:53 328192 -------c- C:\WINDOWS\system32\awvvw.dll
2007-12-29 16:07:06 0 d-------- C:\Documents and Settings\Yu\Application Data\Yahoo!
2007-12-29 1622 10368 -------c- C:\WINDOWS\system32\drivers\iviaspi.sys <Not Verified; InterVideo, Inc.; InterVideo ASPI Shell>
2007-12-29 16:04:11 10368 --a----c- C:\WINDOWS\system32\iviaspi.sys <Not Verified; InterVideo, Inc.; InterVideo ASPI Shell>
2007-12-28 17:27:29 481493 --ahs--c- C:\WINDOWS\system32\pqtss.ini2
2007-12-28 17:27:19 341504 --a----c- C:\WINDOWS\system32\sstqp.dll
2007-12-28 15:14:05 482513 --ahs--c- C:\WINDOWS\system32\nqtss.ini2
2007-12-28 15:13:57 341504 --a----c- C:\WINDOWS\system32\sstqn.dll
2007-12-28 12:25:03 6769 --ahs--c- C:\WINDOWS\system32\jlkkj.ini2
2007-12-28 12:03:46 6769 --ahs--c- C:\WINDOWS\system32\gjkkj.ini2
2007-12-28 12:03:39 341504 --a----c- C:\WINDOWS\system32\jkkjg.dll
2007-12-28 10:57:55 0 d------c- C:\WINDOWS\system32\Dell
2007-12-28 08:20:18 6854 --ahs--c- C:\WINDOWS\system32\hjjlm.ini2
2007-12-28 08:20:09 341504 --a----c- C:\WINDOWS\system32\mljjh.dll
2007-12-27 19:38:41 329728 -------c- C:\WINDOWS\system32\geedc.dll
2007-12-27 15:56:07 494315 --ahs--c- C:\WINDOWS\system32\jjkmp.ini2
2007-12-27 15:55:49 329728 --a----c- C:\WINDOWS\system32\pmkjj.dll
2007-12-27 14:41:19 6649 --ahs--c- C:\WINDOWS\system32\mnnmp.ini2
2007-12-27 14:41:07 329728 --a----c- C:\WINDOWS\system32\pmnnm.dll
2007-12-26 17:35:01 80448 --a------ C:\WINDOWS\system32\obgdbsoy.dll
2007-12-26 16:53:24 336896 -------c- C:\WINDOWS\system32\ssqro.dll
2007-12-26 16:16:19 80448 --a------ C:\WINDOWS\system32\odvsmjgg.dll
2007-12-25 15:11:53 321536 --a----c- C:\WINDOWS\system32\geedb.dll
2007-12-25 14:07:33 327680 -------c- C:\WINDOWS\system32\ddayy.dll
2007-12-23 18:05:21 78912 --a------ C:\WINDOWS\system32\ppnknywu.dll
2007-12-23 13:17:24 0 d-------- C:\Documents and Settings\Steven\Application Data\Grisoft
2007-12-23 13:03:45 0 d-------- C:\Documents and Settings\Yu\Application Data\Grisoft
2007-12-22 20:28:18 0 d-------- C:\Program Files\CA Yahoo! Anti-Spy
2007-12-22 20:20:35 0 d-------- C:\Documents and Settings\Jianmin\Application Data\Yahoo!
2007-12-22 18:24:34 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-12-22 18:04:21 78400 --a------ C:\WINDOWS\system32\tklvawpe.dll
2007-12-19 14:39:25 0 d-------- C:\Program Files\Opera 9.5 beta


-- Find3M Report ---------------------------------------------------------------

2008-01-18 16:15:34 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-01-17 15:47:05 0 d-------- C:\Program Files\PPLive
2008-01-13 10:44:51 0 d-------- C:\Documents and Settings\Yu\Application Data\CyberLink
2008-01-13 09:41:58 0 d-------- C:\Program Files\CyberLink
2008-01-11 16:34:52 0 d-------- C:\Program Files\Trend Micro
2008-01-05 15:27:30 0 d-------- C:\Documents and Settings\Yu\Application Data\Image Zone Express
2008-01-02 16:40:09 0 d-------- C:\Program Files\JetAudio
2007-12-30 15:09:25 0 d-------- C:\Program Files\Need3Space
2007-12-29 15:45:54 0 d-------- C:\Documents and Settings\Yu\Application Data\Vso
2007-12-28 10:57:56 0 d-------- C:\Program Files\Dell
2007-12-27 12:27:39 0 d-------- C:\Documents and Settings\Yu\Application Data\Adobe
2007-12-26 17:35:48 0 d-------- C:\Program Files\Smart Install Maker
2007-12-26 17:35:25 0 d-------- C:\Program Files\project dogwaffle
2007-12-25 13:20:43 0 d-------- C:\Program Files\Best Buy Rhapsody
2007-12-24 15:57:46 0 d-------- C:\Program Files\Google
2007-12-23 17:28:22 0 dr------- C:\Program Files\Aston
2007-12-21 19:44:36 0 d-------- C:\Program Files\Opera
2007-12-19 14:39:35 0 d-------- C:\Documents and Settings\Yu\Application Data\Opera
2007-12-16 15:30:56 4 --a----c- C:\WINDOWS\system32\4F25D9
2007-12-16 15:19:59 0 d-------- C:\Documents and Settings\Yu\Application Data\uTorrent
2007-12-13 18:33:18 0 d-------- C:\Program Files\AnVir Task Manager
2007-12-11 17:27:34 0 d------c- C:\Program Files\Common Files
2007-12-11 17:27:34 0 d------c- C:\Program Files\Common Files\Bcgsoft
2007-12-10 17:29:46 35840 -------c- C:\WINDOWS\system32\iiffdaa.dll
2007-12-10 14:28:58 432635 --ahs--c- C:\WINDOWS\system32\ybeeg.ini2
2007-12-09 18:25:24 698 --ahs--c- C:\WINDOWS\system32\egjlm.ini2
2007-12-09 18:25:11 973 --ahs--c- C:\WINDOWS\system32\rqstv.ini2
2007-12-09 18:25:11 452 --ahs--c- C:\WINDOWS\system32\npqss.ini2
2007-12-09 18:25:06 7198 --ahs--c- C:\WINDOWS\system32\kjkmp.ini2
2007-12-08 16:52:46 336992 --a----c- C:\WINDOWS\system32\vtsqr.dll
2007-12-08 14:40:18 34 --a------ C:\Documents and Settings\Yu\Application Data\pcouffin.log
2007-12-08 14:40:02 47360 --a------ C:\Documents and Settings\Yu\Application Data\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
2007-12-08 14:40:02 1144 --a------ C:\Documents and Settings\Yu\Application Data\pcouffin.inf
2007-12-08 14:40:02 7176 --a------ C:\Documents and Settings\Yu\Application Data\pcouffin.cat
2007-12-08 14:40:02 81920 --a------ C:\Documents and Settings\Yu\Application Data\ezpinst.exe
2007-12-08 14:40:00 0 d-------- C:\Program Files\Plato DVD Copy
2007-12-08 13:43:48 336992 --a----c- C:\WINDOWS\system32\mljge.dll
2007-12-08 11:47:11 336992 --a----c- C:\WINDOWS\system32\ssqpn.dll
2007-12-08 07:41:51 336992 --a----c- C:\WINDOWS\system32\pmkjk.dll
2007-12-07 18:23:27 339552 -------c- C:\WINDOWS\system32\pmnli.dll
2007-12-06 13:30:20 22528 --a----c- C:\WINDOWS\system32\wineak32.dll
2007-12-05 18:26:05 0 d-------- C:\Program Files\Java
2007-12-04 16:47:03 0 d-------- C:\Program Files\CA
2007-12-04 16:47:03 0 d-------- C:\Program Files\CA(3)
2007-12-04 16:47:02 0 d-------- C:\Program Files\Microsoft Silverlight
2007-12-04 16:46:43 0 d-------- C:\Program Files\Thoosje Sidebar V2.3
2007-11-29 19:22:46 0 d-------- C:\Program Files\DAP
2007-11-29 17:04:58 0 d-------- C:\Documents and Settings\Yu\Application Data\Corel
2007-11-29 17:00:39 0 d-------- C:\Program Files\Corel
2007-11-28 15:07:39 0 d-------- C:\Documents and Settings\Yu\Application Data\DemoCreator
2007-11-28 14:52:19 0 d-------- C:\Program Files\Wondershare
2007-11-26 17:12:00 0 d-------- C:\Documents and Settings\Yu\Application Data\Mp3tag
2007-11-26 17:09:27 0 d-------- C:\Program Files\Mp3tag
2007-11-26 14:36:18 0 d-------- C:\Documents and Settings\Yu\Application Data\Real
2007-11-24 12:16:49 0 d-------- C:\Program Files\Digital Photo Navigator 1.5
2007-11-24 12:14:53 0 d-------- C:\Program Files\IE7Pro
2007-11-24 12:14:47 0 d-------- C:\Documents and Settings\Yu\Application Data\IE7Pro
2007-11-23 1148 0 d-------- C:\Program Files\Sandisk
2007-11-23 11:01:18 0 d-------- C:\Program Files\Real


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1515B906-999A-48F3-8BF4-B7EC61BF5B38}]
12/10/2007 05:29 PM 35840 -----c--- C:\WINDOWS\system32\iiffdaa.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6FA3C85E-3081-4522-9B7C-546F98C684F8}]
01/04/2008 06:27 PM 331264 --a--c--- C:\WINDOWS\system32\mljgf.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8689892a-3879-4d8d-861b-ea91d30e91ad}]
01/17/2008 07:39 PM 77376 --a------ C:\WINDOWS\system32\ccctxifm.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [07/15/2006 05:29 PM]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [10/14/2004 07:42 PM]
"mmtask"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe" [01/17/2006 12:03 PM]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [02/16/2005 04:15 PM]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [07/27/2004 04:50 PM]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [09/20/2005 09:35 AM]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [09/20/2005 09:36 AM]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [09/20/2005 09:32 AM]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [05/11/2005 10:12 PM]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [12/06/2004 01:05 AM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [05/11/2007 02:06 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [09/25/2007 01:11 AM]
"cctray"="C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe" [12/01/2007 05:00 PM]
"CAVRID"="C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe" [12/01/2007 05:00 PM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [12/11/2007 10:56 AM]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [03/09/2007 10:09 AM]
"44d5da6c"="C:\WINDOWS\system32\ltobyqlg.dll" [01/17/2008 07:50 PM]
"BM47e6e9f0"="C:\WINDOWS\system32\homaumat.dll" [01/17/2008 07:44 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 05:00 AM]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [03/15/2007 10:09 AM]
"TweakRAM"="C:\Program Files\TweakRAM\TweakRAM.exe" [09/15/2007 05:52 AM]
"RoboForm"="C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [10/01/2007 01:59 PM]
"RoboTask"="C:\Program Files\RoboTask\RoboTask.exe" [09/25/2007 03:05 PM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"AllowLegacyWebView"=1 (0x1)
"AllowUnhashedWebView"=1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{1515B906-999A-48F3-8BF4-B7EC61BF5B38}"= C:\WINDOWS\system32\iiffdaa.dll [12/10/2007 05:29 PM 35840]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iiffdaa]
iiffdaa.dll 12/10/2007 05:29 PM 35840 C:\WINDOWS\system32\iiffdaa.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winrvc32]
winrvc32.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\mljgf.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc p2psvc p2pimsvc p2pgasvc PNRPSvc




-- End of Deckard's System Scanner: finished at 2008-01-18 16:43:22 ------------

The extra.txt is attached and the results from the peek.bat is below:


----------------------------------------------------------------
-------------------------------------------------------------

[boot loader]
timeout=3
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
Attached Files
File Type: txt extra.txt (34.9 KB, 3 views)
liuall2003 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 01-18-2008, 05:17 PM   #5 (permalink)
Manager, Security Center, TSF Academy; Analyst, Security Team
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 32,563
OS: 2000 Pro; XP Pro; XP Home


Re: Help with HijackThis log
This machine does not have the Windows XP Recovery Console installed.

The Windows recovery console will allow you to boot up into a special recovery mode that allows us to help you in the case that your computer has a problem after an attempted removal of malware.

With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal.

---------------------------------------------------------------------------------------------

Before beginning the steps below, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

---------------------------------------------------------------------------------------------

Please do this:
  1. Download ComboFix from one of these locations:

    Link 1
    Link 2
    Link 3

    * IMPORTANT !!! Place combofix.exe on your Desktop

  2. Go to Microsoft's website => http://support.microsoft.com/kb/310994
    Select the download that's appropriate for your Operating System

    In your case, it is:

    Microsoft Windows XP Home Edition Service Pack 2



  3. Download the file & save it as it's originally named, next to ComboFix.exe.
  4. Now close all open windows and programs, then drag the setup package onto ComboFix.exe and drop it as indicated in the image below.


  5. Follow the prompts to start ComboFix (type 1 and press Enter) and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console.
  6. ComboFix will now automatically install the Windows Recovery Console onto your computer, which will show up as a new option when you start your computer. Do not select the Windows Recovery Console option when you start your computer unless requested to by a helper.
  7. When complete, a log named CF_RC.txt will open. Please post the contents of that log.

    Please do not reboot your machine until we have reviewed the log.
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of ASAP since 2005
Proud Member of UNITE since 2006


Please do not ask for help via Private Message.
tetonbob is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 01-19-2008, 09:31 AM   #6 (permalink)
Registered User
 
liuall2003's Avatar
 
Join Date: Jan 2008
Posts: 29
OS: Windows XP SP2


Re: Help with HijackThis log
I followed the directions exactly but kept getting the error message:

The instruction at "0x7c9111de" reference memory at "0x00200064". The memory could not be "read".

Click OK to terminate the program
liuall2003 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 01-19-2008, 09:45 AM   #7 (permalink)
Manager, Security Center, TSF Academy; Analyst, Security Team
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 32,563
OS: 2000 Pro; XP Pro; XP Home


Re: Help with HijackThis log
Please verify the size of ComboFix.exe to be ~1.5MB and that you downloaded it from one of the above links
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of ASAP since 2005
Proud Member of UNITE since 2006


Please do not ask for help via Private Message.
Last edited by tetonbob; 01-19-2008 at 09:47 AM.
tetonbob is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 01-19-2008, 09:46 AM   #8 (permalink)
Registered User
 
liuall2003's Avatar
 
Join Date: Jan 2008
Posts: 29
OS: Windows XP SP2


Re: Help with HijackThis log
Its size 1.47MB and the size on disk is 1.48MB I downloaded it from link one above.
Last edited by liuall2003; 01-19-2008 at 09:49 AM.
liuall2003 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 01-19-2008, 09:48 AM   #9 (permalink)
Manager, Security Center, TSF Academy; Analyst, Security Team
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 32,563
OS: 2000 Pro; XP Pro; XP Home


Re: Help with HijackThis log
Size is right.

I'm going to have to look into that. I'll be back as soon as I can.
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of ASAP since 2005
Proud Member of UNITE since 2006


Please do not ask for help via Private Message.
tetonbob is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 01-19-2008, 09:58 AM   #10 (permalink)
Manager, Security Center, TSF Academy; Analyst, Security Team
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 32,563
OS: 2000 Pro; XP Pro; XP Home


Re: Help with HijackThis log
Disconnect from the internet.

Disable your AntiVirus (usually via a right click on the system tray icon)

Try again to drag and drop the setup package onto ComboFix.exe
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of ASAP since 2005
Proud Member of UNITE since 2006


Please do not ask for help via Private Message.
tetonbob is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 01-19-2008, 10:10 AM   #11 (permalink)
Registered User
 
liuall2003's Avatar
 
Join Date: Jan 2008
Posts: 29
OS: Windows XP SP2


Re: Help with HijackThis log
No luck, the same error popped up. I forgot to mention that the window header for the error message said something like this: Application Error swreg.cfexe


I also noticed that after I closed my antivirus (CA antivirus) and disconnected from the internet, the process svchost.exe run by Network Service was using up 100% of my CPU for quite a long time.
by the way, I have two processes named svchost.exe run both by Network Service one running at 8,220K (this one was at 100% CPU usage) and the other at 5,200K.
Last edited by liuall2003; 01-19-2008 at 10:13 AM.
liuall2003 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 01-19-2008, 10:17 AM   #12 (permalink)
Manager, Security Center, TSF Academy; Analyst, Security Team
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 32,563
OS: 2000 Pro; XP Pro; XP Home


Re: Help with HijackThis log
Thanks for the extra info. We're going to take a different approach.

Restart your computer and boot into Safe Mode by tapping the F8 key repeatedly until a menu shows up (and choose Safe Mode from the list). In some systems, this may be the F5 key, so try that if F8 doesn't work. Login on your usual account.


Double click on ComboFix.exe to run it. Follow the prompts. Type 1, and press Enter to run ComboFix.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

ComboFix should reboot your machine. Restart in normal mode, and allow ComboFix to finish it's routine. Post the log produced.
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of ASAP since 2005
Proud Member of UNITE since 2006


Please do not ask for help via Private Message.
tetonbob is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 01-19-2008, 10:20 AM   #13 (permalink)
Registered User
 
liuall2003's Avatar
 
Join Date: Jan 2008
Posts: 29
OS: Windows XP SP2


Re: Help with HijackThis log
I may not respond to the post for a while as I have to leave to run some errands, thank you for staying with me. I will follow the directions and post the log as soon as I get back.
liuall2003 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 01-20-2008, 08:10 AM   #14 (permalink)
Registered User
 
liuall2003's Avatar
 
Join Date: Jan 2008
Posts: 29
OS: Windows XP SP2


Re: Help with HijackThis log
ComboFix 08-01-18.5 - Yu 2008-01-20 10:39:27.1 - NTFSx86 MINIMAL
Running from: C:\Documents and Settings\Yu\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\WINDOWS\cookies.ini
C:\WINDOWS\search_res.txt
C:\WINDOWS\system32\awtqr.dll
C:\WINDOWS\system32\awtsr.dll
C:\WINDOWS\system32\awvts.dll
C:\WINDOWS\system32\awvvw.dll
C:\WINDOWS\system32\bdeeg.ini
C:\WINDOWS\system32\blmjxggc.ini
C:\WINDOWS\system32\bszip.dll
C:\WINDOWS\system32\ccctxifm.dll
C:\WINDOWS\system32\ddayy.dll
C:\WINDOWS\system32\ddeeg.ini
C:\WINDOWS\system32\ddeeg.ini2
C:\WINDOWS\system32\difjgufb.dll
C:\WINDOWS\system32\dkmnvxyc.ini
C:\WINDOWS\system32\egjlm.ini
C:\WINDOWS\system32\egjlm.ini2
C:\WINDOWS\system32\fblcqahq.dll
C:\WINDOWS\system32\fgjlm.ini
C:\WINDOWS\system32\fgjlm.ini2
C:\WINDOWS\system32\fjcafose.dll
C:\WINDOWS\system32\gebyv.dll
C:\WINDOWS\system32\gebyy.dll
C:\WINDOWS\system32\geebx.dll
C:\WINDOWS\system32\geedb.dll
C:\WINDOWS\system32\geedc.dll
C:\WINDOWS\system32\geedd.dll
C:\WINDOWS\system32\gjkkj.ini
C:\WINDOWS\system32\gjkkj.ini2
C:\WINDOWS\system32\glqybotl.ini
C:\WINDOWS\system32\hjjlm.ini
C:\WINDOWS\system32\hjjlm.ini2
C:\WINDOWS\system32\homaumat.dll
C:\WINDOWS\system32\hyyfaawm.ini
C:\WINDOWS\system32\ifvvnsrd.dll
C:\WINDOWS\system32\iiffdaa.dll
C:\WINDOWS\system32\iixofosk.dll
C:\WINDOWS\system32\ixuqgylf.dll
C:\WINDOWS\system32\jdydkdmm.ini
C:\WINDOWS\system32\jjkmp.ini
C:\WINDOWS\system32\jjkmp.ini2
C:\WINDOWS\system32\jkkjg.dll
C:\WINDOWS\system32\jlfxuimn.dll
C:\WINDOWS\system32\jlkkj.ini
C:\WINDOWS\system32\jlkkj.ini2
C:\WINDOWS\system32\jvgjspnn.dll
C:\WINDOWS\system32\jxisynuu.ini
C:\WINDOWS\system32\kjkmp.ini
C:\WINDOWS\system32\kjkmp.ini2
C:\WINDOWS\system32\kjllm.ini
C:\WINDOWS\system32\kjllm.ini2
C:\WINDOWS\system32\lcotrdek.dll
C:\WINDOWS\system32\lhynuggp.ini
C:\WINDOWS\system32\lximrmyu.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mljge.dll
C:\WINDOWS\system32\mljgf.dll
C:\WINDOWS\system32\mljjh.dll
C:\WINDOWS\system32\mlljg.dll
C:\WINDOWS\system32\mlljk.dll
C:\WINDOWS\system32\mmdkdydj.dll
C:\WINDOWS\system32\mnnmp.ini
C:\WINDOWS\system32\mnnmp.ini2
C:\WINDOWS\system32\mwxhpjkb.dll
C:\WINDOWS\system32\myvlblbp.ini
C:\WINDOWS\system32\nnnmp.ini
C:\WINDOWS\system32\nnnmp.ini2
C:\WINDOWS\system32\npqss.ini
C:\WINDOWS\system32\npqss.ini2
C:\WINDOWS\system32\nqtss.ini
C:\WINDOWS\system32\nqtss.ini2
C:\WINDOWS\system32\oadecbyl.ini
C:\WINDOWS\system32\obgdbsoy.dll
C:\WINDOWS\system32\odvsmjgg.dll
C:\WINDOWS\system32\patqlfjw.ini
C:\WINDOWS\system32\pblblvym.dll
C:\WINDOWS\system32\pmkjj.dll
C:\WINDOWS\system32\pmkjk.dll
C:\WINDOWS\system32\pmnli.dll
C:\WINDOWS\system32\pmnnk.dll
C:\WINDOWS\system32\pmnnm.dll
C:\WINDOWS\system32\pmnnn.dll
C:\WINDOWS\system32\ppnknywu.dll
C:\WINDOWS\system32\pqtss.ini
C:\WINDOWS\system32\pqtss.ini2
C:\WINDOWS\system32\ptigupsq.dll
C:\WINDOWS\system32\qtstv.ini
C:\WINDOWS\system32\qtstv.ini2
C:\WINDOWS\system32\qwvwqmrq.dll
C:\WINDOWS\system32\rlpruteu.dll
C:\WINDOWS\system32\rqstv.ini
C:\WINDOWS\system32\rqstv.ini2
C:\WINDOWS\system32\rqtwa.ini
C:\WINDOWS\system32\rqtwa.ini2
C:\WINDOWS\system32\sgpgiiml.dll
C:\WINDOWS\system32\spfwbwod.dll
C:\WINDOWS\system32\srutv.ini
C:\WINDOWS\system32\srutv.ini2
C:\WINDOWS\system32\ssqpn.dll
C:\WINDOWS\system32\ssqro.dll
C:\WINDOWS\system32\sstqn.dll
C:\WINDOWS\system32\sstqp.dll
C:\WINDOWS\system32\stvwa.ini
C:\WINDOWS\system32\stvwa.ini2
C:\WINDOWS\system32\syvcgrjc.ini
C:\WINDOWS\system32\tklvawpe.dll
C:\WINDOWS\system32\tvhswaxo.ini
C:\WINDOWS\system32\tyhlcegq.ini
C:\WINDOWS\system32\ukvnvget.dll
C:\WINDOWS\system32\Ultra.dll
C:\WINDOWS\system32\uymrmixl.ini
C:\WINDOWS\system32\vtsqo.dll
C:\WINDOWS\system32\vtsqr.dll
C:\WINDOWS\system32\vtstq.dll
C:\WINDOWS\system32\vturs.dll
C:\WINDOWS\system32\vybeg.ini
C:\WINDOWS\system32\vybeg.ini2
C:\WINDOWS\system32\wuejbgyv.dll
C:\WINDOWS\system32\ybeeg.ini
C:\WINDOWS\system32\ybeeg.ini2

.
((((((((((((((((((((((((( Files Created from 2007-12-20 to 2008-01-20 )))))))))))))))))))))))))))))))
.

2008-01-19 12:22 . 2000-08-31 08:00 51,200 --a--c--- C:\WINDOWS\NirCmd.exe
2008-01-18 16:37 . 2008-01-18 16:37 <DIR> d-------- C:\Deckard
2008-01-17 16:32 . 2008-01-19 13:52 <DIR> d-------- C:\Program Files\InControl
2008-01-16 15:54 . 2008-01-16 15:52 102,664 --a--c--- C:\WINDOWS\system32\drivers\tmcomm.sys
2008-01-16 15:51 . 2008-01-16 17:35 <DIR> d-------- C:\Documents and Settings\Yu\.housecall6.6
2008-01-14 08:55 . 2008-01-14 08:55 <DIR> d-------- C:\Documents and Settings\Jianmin\Application Data\DAZ 3D
2008-01-13 09:44 . 2006-06-04 15:48 198,144 -----c--- C:\WINDOWS\system32\_psisdecd.dll
2008-01-13 09:43 . 2006-06-04 15:48 44,544 --a--c--- C:\WINDOWS\system32\msxml4a.dll
2008-01-11 16:51 . 2008-01-11 17:05 <DIR> d----c--- C:\WINDOWS\system32\ActiveScan
2008-01-11 16:51 . 2008-01-11 16:51 30,590 --a--c--- C:\WINDOWS\system32\pavas.ico
2008-01-11 16:51 . 2008-01-11 16:51 2,550 --a--c--- C:\WINDOWS\system32\Uninstall.ico
2008-01-11 16:51 . 2008-01-11 16:51 1,406 --a--c--- C:\WINDOWS\system32\Help.ico
2008-01-11 15:31 . 2008-01-11 15:31 <DIR> d-------- C:\Documents and Settings\Administrator.ALEX\Application Data\Symantec
2008-01-11 15:31 . 2008-01-11 15:31 <DIR> d-------- C:\Documents and Settings\Administrator.ALEX\Application Data\Jasc Software Inc
2008-01-11 14:54 . 2008-01-11 14:54 <DIR> d-------- C:\Documents and Settings\Steven\Application Data\Yahoo!
2008-01-11 14:54 . 2008-01-11 14:54 <DIR> d-------- C:\Documents and Settings\Hong\Application Data\Yahoo!
2008-01-10 18:05 . 2008-01-19 21:15 15,592 --a--c--- C:\WINDOWS\BM47e6e9f0.xml
2008-01-10 18:05 . 2008-01-20 10:32 22 --a--c--- C:\WINDOWS\pskt.ini
2008-01-03 19:06 . 2008-01-11 14:54 <DIR> d-------- C:\Documents and Settings\Jianmin\Application Data\MRTalk
2008-01-03 19:05 . 2008-01-03 19:37 <DIR> d-------- C:\Program Files\MediaRing
2008-01-02 15:21 . 2008-01-02 15:24 <DIR> d-------- C:\Program Files\Enigma Software Group
2007-12-30 14:21 . 2007-12-30 14:23 <DIR> d-------- C:\Program Files\QuickTime
2007-12-30 14:19 . 2007-12-30 14:19 <DIR> d-------- C:\Program Files\Apple Software Update
2007-12-30 14:19 . 2007-12-30 14:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2007-12-29 16:07 . 2007-12-29 16:07 <DIR> d-------- C:\Documents and Settings\Yu\Application Data\Yahoo!
2007-12-29 16:06 . 2005-09-20 17:27 10,368 -----c--- C:\WINDOWS\system32\drivers\iviaspi.sys
2007-12-29 16:04 . 2005-09-20 17:27 10,368 --a--c--- C:\WINDOWS\system32\iviaspi.sys
2007-12-28 12:24 . 2007-12-28 12:24 341,504 -----c--- C:\WINDOWS\system32\jkklj.dll_tobedeleted
2007-12-28 10:57 . 2007-12-28 10:57 <DIR> d----c--- C:\WINDOWS\system32\Dell
2007-12-23 13:17 . 2007-12-23 13:17 <DIR> d-------- C:\Documents and Settings\Steven\Application Data\Grisoft
2007-12-23 13:03 . 2007-12-23 13:03 <DIR> d-------- C:\Documents and Settings\Yu\Application Data\Grisoft
2007-12-22 20:28 . 2007-12-27 09:55 <DIR> d-------- C:\Program Files\CA Yahoo! Anti-Spy
2007-12-22 20:20 . 2007-12-22 20:20 <DIR> d-------- C:\Documents and Settings\Jianmin\Application Data\Yahoo!
2007-12-22 18:24 . 2007-12-22 18:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-20 01:13 --------- d-----w C:\Program Files\PPLive
2008-01-18 21:15 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-17 23:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-17 21:54 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-01-14 16:25 --------- d-----w C:\Documents and Settings\Jianmin\Application Data\Image Zone Express
2008-01-13 15:44 --------- d-----w C:\Documents and Settings\Yu\Application Data\CyberLink
2008-01-13 14:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\Cyberlink
2008-01-13 14:41 --------- d-----w C:\Program Files\CyberLink
2008-01-11 21:34 --------- d-----w C:\Program Files\Trend Micro
2008-01-05 20:27 --------- d-----w C:\Documents and Settings\Yu\Application Data\Image Zone Express
2008-01-02 21:40 --------- d-----w C:\Program Files\JetAudio
2007-12-31 19:41 --------- d-----w C:\Documents and Settings\Steven\Application Data\Apple Computer
2007-12-30 20:09 --------- d-----w C:\Program Files\Need3Space
2007-12-30 19:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-12-29 20:45 --------- d-----w C:\Documents and Settings\Yu\Application Data\Vso
2007-12-28 15:57 --------- d-----w C:\Program Files\Dell
2007-12-27 20:45 85,760 -c--a-w C:\WINDOWS\system32\drivers\StarPortLite.sys
2007-12-26 22:35 --------- d-----w C:\Program Files\Smart Install Maker
2007-12-26 22:35 --------- d-----w C:\Program Files\project dogwaffle
2007-12-25 18:20 --------- d-----w C:\Program Files\Best Buy Rhapsody
2007-12-24 21:04 --------- d-----w C:\Program Files\Opera 9.5 beta
2007-12-24 20:57 --------- d-----w C:\Program Files\Google
2007-12-23 22:28 --------- d-----r C:\Program Files\Aston
2007-12-23 01:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2007-12-22 00:44 --------- d-----w C:\Program Files\Opera
2007-12-16 20:19 --------- d-----w C:\Documents and Settings\Yu\Application Data\uTorrent
2007-12-13 23:33 --------- d-----w C:\Program Files\AnVir Task Manager
2007-12-13 16:18 --------- d-----w C:\Documents and Settings\Jianmin\Application Data\U3
2007-12-11 22:27 --------- dc----w C:\Program Files\Common Files\Bcgsoft
2007-12-10 23:54 --------- d-----w C:\Documents and Settings\Steven\Application Data\Vso
2007-12-08 19:40 81,920 ----a-w C:\Documents and Settings\Yu\Application Data\ezpinst.exe
2007-12-08 19:40 47,360 -c--a-w C:\WINDOWS\system32\drivers\pcouffin.sys
2007-12-08 19:40 47,360 ----a-w C:\Documents and Settings\Yu\Application Data\pcouffin.sys
2007-12-08 19:40 --------- d-----w C:\Program Files\Plato DVD Copy
2007-12-05 23:26 --------- d-----w C:\Program Files\Java
2007-12-04 21:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\CA
2007-12-04 21:47 --------- d-----w C:\Program Files\Microsoft Silverlight
2007-12-04 21:47 --------- d-----w C:\Program Files\CA(3)
2007-12-04 21:47 --------- d-----w C:\Program Files\CA
2007-12-04 21:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\CA(3)
2007-12-04 21:46 --------- d-----w C:\Program Files\Thoosje Sidebar V2.3
2007-12-01 22:00 32,528 -c--a-w C:\WINDOWS\system32\drivers\vetmonnt.sys
2007-12-01 22:00 26,640 -c--a-w C:\WINDOWS\system32\drivers\vet-filt.sys
2007-12-01 22:00 21,648 -c--a-w C:\WINDOWS\system32\drivers\vetfddnt.sys
2007-12-01 22:00 21,392 -c--a-w C:\WINDOWS\system32\drivers\vet-rec.sys
2007-12-01 21:51 879,832 ----a-w C:\WINDOWS\system32\drivers\vetefile.sys
2007-12-01 21:51 108,360 ----a-w C:\WINDOWS\system32\drivers\veteboot.sys
2007-11-30 00:22 --------- d-----w C:\Program Files\DAP
2007-11-29 22:04 --------- d-----w C:\Documents and Settings\Yu\Application Data\Corel
2007-11-29 22:00 --------- d-----w C:\Program Files\Corel
2007-11-29 22:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Corel
2007-11-29 01:14 --------- d-----w C:\Documents and Settings\Hong\Application Data\IE7Pro
2007-11-28 20:07 --------- d-----w C:\Documents and Settings\Yu\Application Data\DemoCreator
2007-11-28 19:52 --------- d-----w C:\Program Files\Wondershare
2007-11-26 22:12 --------- d-----w C:\Documents and Settings\Yu\Application Data\Mp3tag
2007-11-26 22:09 --------- d-----w C:\Program Files\Mp3tag
2007-11-26 19:50 8,413 -c--a-w C:\WINDOWS\system32\drivers\mcstrm.sys
2007-11-24 17:16 --------- d-----w C:\Program Files\Digital Photo Navigator 1.5
2007-11-24 17:16 --------- d-----w C:\Documents and Settings\Steven\Application Data\CyberLink
2007-11-24 17:14 --------- d-----w C:\Program Files\IE7Pro
2007-11-24 17:14 --------- d-----w C:\Documents and Settings\Yu\Application Data\IE7Pro
2007-11-24 17:14 --------- d-----w C:\Documents and Settings\Jianmin\Application Data\IE7Pro
2007-11-23 16:06 --------- d-----w C:\Program Files\Sandisk
2007-11-23 16:01 --------- d-----w C:\Program Files\Real
2007-10-25 22:23 63 ----a-w C:\Documents and Settings\Yu\ip.cmd
2007-05-10 23:08 62,904 ----a-w C:\Documents and Settings\Yu\Application Data\GDIPFONTCACHEV1.DAT
2006-06-27 13:25 19,818 ----a-w C:\Documents and Settings\Yu\unins000.dat
2006-04-22 21:41 62,120 ----a-w C:\Documents and Settings\Jianmin\Application Data\GDIPFONTCACHEV1.DAT
2005-10-23 22:19 184,808 ----a-w C:\Documents and Settings\Yu\Application Data\shb.dat
2001-09-03 16:21 309,453 -csha-w C:\WINDOWS\rsx.exe
2007-03-11 15:28 56 -csh--r C:\WINDOWS\system32\1ED3989CB5.sys
2007-03-11 15:28 2,516 -csha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00 15360]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 10:09 460784]
"TweakRAM"="C:\Program Files\TweakRAM\TweakRAM.exe" [2007-09-15 05:52 1209856]
"RoboForm"="C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2007-10-01 13:59 144448]
"RoboTask"="C:\Program Files\RoboTask\RoboTask.exe" [2007-09-25 15:05 1183144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-07-15 17:29 180269]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 19:42 1404928]
"mmtask"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe" [2006-01-17 12:03 53248]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 16:15 81920]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 16:50 221184]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-09-20 09:35 94208]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-09-20 09:36 114688]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-09-20 09:32 77824]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 22:12 49152]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-06 01:05 127035]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 02:06 40048]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"cctray"="C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe" [2007-12-01 17:00 177416]
"CAVRID"="C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe" [2007-12-01 17:00 230928]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-12-11 10:56 286720]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 10:09 63712]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2005-09-26 19:34 169984]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-15 17:09 68856]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"AllowLegacyWebView"= 1 (0x1)
"AllowUnhashedWebView"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="logonui.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winrvc32]
winrvc32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc

.
Contents of the 'Scheduled Tasks' folder
"2008-01-15 17:49:07 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-01-20 15:31:46 C:\WINDOWS\Tasks\User_Feed_Synchronization-{12BACCA3-FCCA-4B94-AE3C-64054BF14814}.job"
- C:\WINDOWS\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-20 10:59:37
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-20 11:05:58 - machine was rebooted [Yu]
ComboFix-quarantined-files.txt 2008-01-20 16:05:53
.
2008-01-08 23:42:11 --- E O F ---
liuall2003 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 01-20-2008, 08:19 AM   #15 (permalink)
Manager, Security Center, TSF Academy; Analyst, Security Team
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 32,563
OS: 2000 Pro; XP Pro; XP Home


Re: Help with HijackThis log
Please now try the drag and drop of the Recovery Console package.

Post the resulting log, and do not reboot the machine until I've reviewed that log.
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of ASAP since 2005
Proud Member of UNITE since 2006


Please do not ask for help via Private Message.
tetonbob is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 01-20-2008, 02:04 PM   #16 (permalink)
Registered User
 
liuall2003's Avatar
 
Join Date: Jan 2008
Posts: 29
OS: Windows XP SP2


Re: Help with HijackThis log
wow... still no luck, the exact same message. Although, my computer is now running much much faster and I've stopped getting random popups when using IE7.
liuall2003 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 01-20-2008, 02:06 PM   #17 (permalink)
Manager, Security Center, TSF Academy; Analyst, Security Team
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 32,563
OS: 2000 Pro; XP Pro; XP Home


Re: Help with HijackThis log
Please post a new HijackThis log.
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of ASAP since 2005
Proud Member of UNITE since 2006


Please do not ask for help via Private Message.
tetonbob is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 01-20-2008, 02:08 PM   #18 (permalink)
Registered User
 
liuall2003's Avatar
 
Join Date: Jan 2008
Posts: 29
OS: Windows XP SP2


Re: Help with HijackThis log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:08:23 PM, on 1/20/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\tcpsvcs.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\TweakRAM\TweakRAM.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\RoboTask\RoboTask.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
R3 - URLSearchHook: (no name) - {0A94B116-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IE7Pro\IE7Pro.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Ask Search Assistant BHO - {0A94B111-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: Ask Toolbar BHO - {F4D76F01-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Ask Toolbar - {F4D76F09-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [TweakRAM] C:\Program Files\TweakRAM\TweakRAM.exe
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [RoboTask] C:\Program Files\RoboTask\RoboTask.exe
O4 - HKUS\S-1-5-21-1102261427-1399843325-129469713-1009\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Jianmin')
O4 - HKUS\S-1-5-21-1102261427-1399843325-129469713-1009\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Jianmin')
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Default user')
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Display All Images with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/228
O8 - Extra context menu item: Display Image with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/227
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IE7Pro\IE7Pro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IE7Pro\IE7Pro.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: PowerWord - {8DE0FCD4-5EB5-11D3-AD25-00002100131B} - C:\PROGRA~1\KINGSOFT\XDICT\ieplugin.DLL
O9 - Extra button: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files\PPLive\PPLive.exe
O9 - Extra 'Tools' menuitem: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files\PPLive\PPLive.exe
O9 - Extra button: Joyo - {C8CE29C5-7589-11D3-B81B-0080C8DC5DC8} - C:\PROGRA~1\KINGSOFT\XDICT\ieplugin.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} - http://gamingzone.ubisoft.com/dev/pa.../GSManager.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - http://www.snapfish.com/SnapfishActivia.cab
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.johannrain-softwareentwic...an8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1126738808781
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} - http://crucial.com/controls/cpcScanner.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {D87BE747-157C-49BD-A392-A68B75A54947} (HotTeleClient Control) - http://www.hottelephone.com/HotTeleClient.CAB
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is...13/mcfscan.cab
O20 - Winlogon Notify: winrvc32 - winrvc32.dll (file missing)
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Unknown owner - C:\Program Files\Norton AntiVirus\navapsvc.exe (file missing)
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
O23 - Service: VideoAcceleratorEngine - Unknown owner - C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe (file missing)

--
End of file - 14995 bytes
liuall2003 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 01-20-2008, 02:17 PM   #19 (permalink)
Manager, Security Center, TSF Academy; Analyst, Security Team
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 32,563
OS: 2000 Pro; XP Pro; XP Home


Re: Help with HijackThis log
Something, quite possibly one of your protection applications, is preventing the drag and drop. This next step might not work, don't fret if it does not.


Disconnect from the internet.

Disable your AntiVirus, usually via a right click on the System tray icon.

Open notepad and copy/paste the text in the quotebox below into it:

Quote:
Killall::

File::
C:\WINDOWS\system32\jkklj.dll_tobedeleted

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winrvc32]
Save this as CScript.txt




Refering to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you, C:\ComboFix.txt. Post that log in your next reply.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

---------------------------------------------------------------------------------------------

Ensure your protection applications are re-enabled.

Also post a new HijackThis log if the above step was successful.
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of ASAP since 2005
Proud Member of UNITE since 2006


Please do not ask for help via Private Message.
tetonbob is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 01-20-2008, 02:22 PM   #20 (permalink)
Registered User
 
liuall2003's Avatar
 
Join Date: Jan 2008
Posts: 29
OS: Windows XP SP2


Re: Help with HijackThis log
Sorry, the same message popped up again.
wait let me try again.
Nope, still same message.
Last edited by liuall2003; 01-20-2008 at 02:25 PM.
liuall2003 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
 
Page 1 of 2 1 2

« Previous Thread | Next Thread »

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT -7. The time now is 12:29 PM.

Contact Us - Tech Support Forum - Archive - Privacy Statement - Top


Copyright 2001 - 2009, Tech Support Forum
Home Tips Plus | Outdoor Basecamp | Automotive Support Forum

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84