Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 


Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads
Reload this Page Help i can't open Hikackthis
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read


Resolved HJT Threads Resolved spyware and popup issues.

 
Page 1 of 2 1 2
 
LinkBack Thread Tools
Old 10-02-2008, 09:01 PM   #1 (permalink)
Registered User
 
Join Date: Oct 2008
Posts: 21
OS: xp service pack 3


Help i can't open Hikackthis
please help!! i can't open my task manager so i downloaded hijackthis but i can't get it to run. what do i do??
bluebunny876 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here

Old 11-25-2008, 08:41 PM   #2 (permalink)
Analyst, Security Team
 
Billy O'Neal's Avatar
 
Join Date: Aug 2008
Location: Northfield, Ohio, United States
Posts: 1,690
OS: XPSP3, Vista Ultimate SP1, Ubuntu Server


Re: Help i can't open Hikackthis
Hello, bluebunny876
Welcome to TSF

My name is Billy O'Neal and I will be helping you. (Billy or Bill is fine, if you like.)
Please give me some time to look over your computer's log(s).
Please take note of the following:
  • In the meantime, please refrain from making any changes to your computer.
  • Also, even if things appear to be running better, there is no guarantee that everything is finished. Please continue to check this forum post in order to ensure we get your system completely clean. We do not want to clean you part-way up, only to have the system re-infect itself. :)
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Finally, please reply using the button in the lower left hand corner of your screen.
  • Old topics are closed after 3 days with no reply, and working topics are closed after 5 days. If for any reason you cannot complete instructions within that time, that's fine, just put a post here so that I know you're still here. We get a lot of people who simply leave, and if there is no contact for that amount of time I will have to assume you have "vanished" .
We need to run a Scan with DDS
  1. Please download DDS, and save it to your desktop, from one of the following mirrors:
  2. Disable any type of "Script Blockers" or "Script Protection" installed on your system.
  3. Double click on your desktop.
  4. If prompted by any script blocking tools, please allow any actions taken by DDS.
  5. When prompted to preform an Optional Scan, please select
  6. Two reports will open. Please reply with the generated reports:
    • DDS.txt <-- Copy and paste into your next post
    • Attach.txt <-- Attach to your next post

We need to scan for rootkits with GMER
  1. Please download gmer.zip and save to your desktop.
  2. Unzip/extract the file to its own folder. (Click here for information on how to do this if not sure. Win 2000 users click here.)
  3. When you have done this, disconnect from the Internet and close all running programs.
    Note: There is a small chance this application may crash your computer so save any work you have open.
  4. Double-click on Gmer.exe to start the program.
  5. Allow the gmer.sys driver to load if asked.
  6. If it gives you a warning at program start about rootkit activity and asks if you want to run a scan...click NO.
  7. Click on "Settings", then check the first five settings:
    • System Protection and Tracing
    • Processes
    • Save created processes to the log
    • Drivers
    • Save loaded drivers to the log
  8. You will be prompted to restart your computer. Please do so.
  9. Run Gmer again and click on the Rootkit tab.
  10. Look at the right hand side (under Files) and uncheck all drives with the exception of your C drive.
  11. Make sure all other boxes on the right of the screen are checked, EXCEPT for "Show All".
    Important! Please do not select the "Show all" checkbox during the scan.
  12. Click on the "Scan" and wait for the scan to finish.
    • Note: Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan.
  13. When completed, click on the Copy button and right-click on your Desktop, choose "New" > Text document. Once the file is created, open it and right-click again and choose Paste or Ctrl+V. Save the file as gmer.txt and copy the information in your next reply.
  14. Note: If you have any problems, try running GMER in Safe Mode

In your next reply, please include the following:
  • DDS.txt
  • Attach.txt
  • GMER's Log


Billy3
__________________
If I fail to reply for more than 24 hours, please feel free to send me a PM. Don't want you to be overlooked

Not problems like "What is beauty".. 'cause that would fall under the purview of your conundrums of philosophy.....
Billy O'Neal is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-26-2008, 11:40 PM   #3 (permalink)
Registered User
 
Join Date: Oct 2008
Posts: 21
OS: xp service pack 3


Re: Help i can't open Hikackthis
Hi thank you for responding to my post. You said not to change anything on my computer but i have already deleted hijackthis. but i still ran the scans.

DDS (Version 1.0) - NTFSx86
Run by Li Chen at 18:40:13.60 on 11/26/2008 Wed
Microsoft Windows XP Professional 5.1.2600.3.936.86.1033.18.1014.235 [GMT -5:00]

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\StormII\stormliv.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\maxw.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe -k netservice
C:\WINDOWS\system32\setch.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\WINDOWS\system32\dla\DLACTRLW.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\toshiba\ivp\ism\pinger.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\TOSHIBA\ConfigFree\CFWAN.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\WINDOWS\V0400Mon.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\WINDOWS\system32\conime.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
C:\Program Files\Creative\Shared Files\CTSched.exe
C:\Documents and Settings\Li Chen\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe
C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\QQ\QQ.exe
C:\Program Files\QQ\TXPlatform.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Li Chen\Desktop\dds.scr

============== Psuedo HJT Report ===============

uStart Page = hxxp://kankan.xunlei.com/?id=55
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://class.caiyi8.com/1.asp
uInternet Connection Wizard,ShellNext = hxxp://www.toshibadirect.com/dpdstart
mSearchAssistant = hxxp://bar.baidu.com/sobar/defaultsearch.html
mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\windows\system32\sovhst.exe
BHO: {01443AEC-0FD1-40fd-9C87-E93D1494C233} - c:\program files\thunder network\thunder1\comdlls\TDAtOnce_Now.dll
BHO: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {29CF293A-1E7D-4069-9E11-E39698D0AF95} - c:\program files\tencent\qqtoolbar\IEBar.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - c:\program files\avg\avg8\avgssie.dll
BHO: {5CA3D70E-1895-11CF-8E15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: {86C510E9-97EF-4749-914F-0280247BE3A6} - c:\windows\VirtualDNS.dll
BHO: {889D2FEB-5411-4565-8998-1DD2C5261283} - c:\program files\thunder network\thunder1\comdlls\xunleiBHO_Now.dll
BHO: {ACDC15CD-B675-4C7C-86E9-CA92F2DF2896} - c:\program files\thunder network\gougoutoolbar\GougouToolBarHelper_now.dll
TB: {29CF293A-1E7D-4069-9E11-E39698D0AF95} - c:\program files\tencent\qqtoolbar\IEBar.dll
TB: {D0943516-5076-4020-A3B5-AEFAF26AB263} - c:\program files\veoh networks\veoh\plugins\reg\VeohToolbar.dll
TB: {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - c:\program files\veoh networks\veohwebplayer\VeohIEToolbar.dll
TB: {D5DC8911-DCD3-49CE-AE95-8AD512F2D280} - c:\program files\thunder network\gougoutoolbar\GougouToolBar.1.0.0.20.(810).dll
uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\toscdspd.exe
uRun: [<NO NAME>]
uRun: [Sony Ericsson PC Suite] "c:\program files\sony ericsson\sony ericsson pc suite\SEPCSuite.exe" /systray /nologon
uRun: [CreativeTaskScheduler] "c:\program files\creative\shared files\CTSched.exe" /logon
uRun: [SansaDispatch] c:\documents and settings\li chen\application data\sandisk\sansa updater\SansaDispatch.exe
uRun: [Aim6]
uRun: [VeohPlugin] "c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe"
mRun: [TFncKy] TFncKy.exe
mRun: [TDispVol] TDispVol.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [THotkey] c:\program files\toshiba\toshiba applet\thotkey.exe
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [NDSTray.exe] NDSTray.exe
mRun: [Tvs] c:\program files\toshiba\tvs\TvsTray.exe
mRun: [TPSMain] TPSMain.exe
mRun: [PadTouch] c:\program files\toshiba\touch and launch\PadExe.exe
mRun: [SmoothView] c:\program files\toshiba\toshiba zooming utility\SmoothView.exe
mRun: [dla] c:\windows\system32\dla\DLACTRLW.exe
mRun: [Pinger] c:\toshiba\ivp\ism\pinger.exe
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [CFSServ.exe] CFSServ.exe -NoClient
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [IMEKRMIG6.1] c:\windows\ime\imkr6_1\IMEKRMIG.EXE
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [miniqqlive] "c:\program files\tencent\qqlive\MiniQQLive.exe"
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.0\apps\apdproxy.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [QuickTime Task] "c:\program files\stormii\codec\qttask.exe" -atboottime
mRun: [V0400Mon.exe] c:\windows\V0400Mon.exe
mRun: [SysArp] c:\windows\system32\cache\SysArp.exe
mRun: [weiai] c:\windows\system32\weiai.exe
mRun: [BJCFD] c:\program files\broadjump\client foundation\CFD.exe
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [SafeTest] c:\windows\system32\SafeTest.exe
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
dRun: [MINIFLASHGET] "c:\program files\flashget network\flashget mini\FlashGetMini.exe" /minimize
mExplorerRun: [dlnjjbdfa] c:\windows\system\llwzjy080923.exe
mExplorerRun: [kub12] kub12.exe
mExplorerRun: [lljyn_df] c:\windows\system\lljyn081010.exe
mExplorerRun: [nmzy_df] c:\windows\system\zyndle081023.exe
mExplorerRun: [mainyust] c:\windows\system32\inf\svchoct.exe c:\windows\wftadfi16_081019a.dll tan16d
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ramasst.lnk - c:\windows\system32\RAMASST.exe
uPolicies-explorer: NoActiveDesktop = 0 (0x0)
IE: &ê1ó?3???Dy·????? - c:\program files\qq\qqdownload\geturl.htm
IE: &ê1ó?3???Dy·?????è?2?á′?ó - c:\program files\qq\qqdownload\getAllurl.htm
IE: Add to QQ Customized Emoticons - c:\program files\qq\africa2003\AddEmotion.htm
IE: Add to QQ Customized Panel - c:\program files\qq\africa2003\AddPanel.htm
IE: Add to QQ Emotions - c:\program files\qq\africa2003\AddEmotion.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Send picture by MMS - c:\program files\qq\africa2003\SendMMS.htm
IE: Send Picture with QQ MMS - c:\program files\qq\africa2003\SendMMS.htm
IE: Upload to QQ Network Hard Disk - c:\program files\qq\africa2003\AddToNetDisk.htm
IE: ìí?óμ?QQ±í?é - c:\program files\qq\africa2003\AddEmotion.htm
IE: 使用迅雷下载 - c:\program files\thunder network\thunder1\program\GetUrl.htm
IE: 使用迅雷下载全部链接 - c:\program files\thunder network\thunder1\program\GetAllUrl.htm
IE: 添加到QQ表情 - c:\program files\qq\AddEmotion.htm
IE: {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - c:\program files\thunder network\thunder1\Thunder.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - c:\program files\thunder network\thunder1\Thunder.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: KuGoo - {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} - c:\windows\system32\KuGoo3DownXControl.ocx
Handler: KuGoo3 - {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} - c:\windows\system32\KuGoo3DownXControl.ocx
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: lensch.dll,avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SSODL: ggwkyxvu.dll - {E0F3526A-4165-4589-80CD-50B6FBAC3BDA} - c:\windows\system32\ggwkyxvu.dll
SSODL: qhmbutbw.dll - {2CB77746-8ECC-40ca-8217-10CA8BE5EFC8} - c:\windows\system32\qhmbutbw.dll
SSODL: dvqldmhd.dll - {93A892AF-3614-47b5-A2A6-77C56CE05288} - c:\windows\system32\ocnlyjlh.dll
SSODL: byysrhsy.dll - {AF976DCD-754F-4ac2-BE49-951DC7AA57D2} - c:\windows\system32\byysrhsy.dll
SSODL: mvmekzzy.dll - {93A892AF-3614-47b5-A2A6-77C56CE05288} - c:\windows\system32\ocnlyjlh.dll
SSODL: wupssh.dll - {EA4D8F95-8F2E-4658-A234-E8F4C9AC21C5} - c:\windows\system32\wupssh.dll
SSODL: ksuserfy.dll - {C4C78494-4D05-4614-8CF2-03F1C4276C8A} - c:\windows\system32\ksuserfy.dll
SSODL: rbwfmscx.dll - {BB4E3499-0132-4d3f-849A-2BE1B26D84E1} - c:\windows\system32\rbwfmscx.dll
SSODL: ihfiirje.dll - {21BE5FDF-D4CB-4850-AD99-21E68B50BF3F} - c:\windows\system32\xkdskefl.dll
SSODL: pyqoqpox.dll - {7A6DF30E-D0F2-446f-B4F0-BF4232D60E07} - c:\windows\system32\wnzpofzc.dll
SSODL: sqwadfqy.dll - {65056902-6E7B-4bd7-95BA-688DB5FA5BEB} - c:\windows\system32\qlrqiger.dll
SSODL: gjslmzgs.dll - {93A892AF-3614-47b5-A2A6-77C56CE05288} - c:\windows\system32\ocnlyjlh.dll
SSODL: msdjmxkt.dll - {432BDC7C-DE5B-43f4-AA81-E7F8AFB0182D} - c:\windows\system32\sjwdggfx.dll
SSODL: xkdskefl.dll - {21BE5FDF-D4CB-4850-AD99-21E68B50BF3F} - c:\windows\system32\xkdskefl.dll
SSODL: ghecrifz.dll - {65056902-6E7B-4bd7-95BA-688DB5FA5BEB} - c:\windows\system32\qlrqiger.dll
SSODL: rfhvrpqr.dll - {7A6DF30E-D0F2-446f-B4F0-BF4232D60E07} - c:\windows\system32\wnzpofzc.dll
SSODL: ldwkinaz.dll - {D3112B69-A745-4805-874E-ABD480EA1299} - c:\windows\system32\ldwkinaz.dll
SSODL: ocnlyjlh.dll - {93A892AF-3614-47b5-A2A6-77C56CE05288} - c:\windows\system32\ocnlyjlh.dll
SSODL: sjwdggfx.dll - {432BDC7C-DE5B-43f4-AA81-E7F8AFB0182D} - c:\windows\system32\sjwdggfx.dll
SSODL: pzqmkury.dll - {DC6ED3B4-D07A-4f04-9D41-0E6701C0BD09} - c:\windows\system32\pzqmkury.dll
SSODL: tyhfarko.dll - {434FA69C-5F0A-42e1-82B8-10AF2C8E53C6} - c:\windows\system32\tyhfarko.dll
SSODL: srevmqiv.dll - {E560642D-A32D-432c-9E7E-9A135CC37E0F} - c:\windows\system32\srevmqiv.dll
SSODL: qlrqiger.dll - {65056902-6E7B-4bd7-95BA-688DB5FA5BEB} - c:\windows\system32\qlrqiger.dll
SSODL: wnzpofzc.dll - {7A6DF30E-D0F2-446f-B4F0-BF4232D60E07} - c:\windows\system32\wnzpofzc.dll
STS: {44e670f2-d57b-4815-a576-955d17dbbf2d} - c:\windows\system32\eeuydc.dll
SEH: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: {E0F3526A-4165-4589-80CD-50B6FBAC3BDA} - c:\windows\system32\ggwkyxvu.dll
SEH: {2CB77746-8ECC-40ca-8217-10CA8BE5EFC8} - c:\windows\system32\qhmbutbw.dll
SEH: {93A892AF-3614-47b5-A2A6-77C56CE05288} - c:\windows\system32\ocnlyjlh.dll
SEH: {AF976DCD-754F-4ac2-BE49-951DC7AA57D2} - c:\windows\system32\byysrhsy.dll
SEH: {EA4D8F95-8F2E-4658-A234-E8F4C9AC21C5} - c:\windows\system32\wupssh.dll
SEH: {C4C78494-4D05-4614-8CF2-03F1C4276C8A} - c:\windows\system32\ksuserfy.dll
SEH: {BB4E3499-0132-4d3f-849A-2BE1B26D84E1} - c:\windows\system32\rbwfmscx.dll
SEH: {21BE5FDF-D4CB-4850-AD99-21E68B50BF3F} - c:\windows\system32\xkdskefl.dll
SEH: {7A6DF30E-D0F2-446f-B4F0-BF4232D60E07} - c:\windows\system32\wnzpofzc.dll
SEH: {65056902-6E7B-4bd7-95BA-688DB5FA5BEB} - c:\windows\system32\qlrqiger.dll
SEH: {432BDC7C-DE5B-43f4-AA81-E7F8AFB0182D} - c:\windows\system32\sjwdggfx.dll
SEH: {D3112B69-A745-4805-874E-ABD480EA1299} - c:\windows\system32\ldwkinaz.dll
SEH: {DC6ED3B4-D07A-4f04-9D41-0E6701C0BD09} - c:\windows\system32\pzqmkury.dll
SEH: {434FA69C-5F0A-42e1-82B8-10AF2C8E53C6} - c:\windows\system32\tyhfarko.dll
SEH: {E560642D-A32D-432c-9E7E-9A135CC37E0F} - c:\windows\system32\srevmqiv.dll

============= SERVICES / DRIVERS ===============

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2008-10-1 28544]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-10-31 97928]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-10-31 231704]
R2 ccosm;Contrl Center of Storm Media;c:\program files\stormii\stormliv.exe /asservice [2008-3-11 473184]
R2 maxw;maxw.;c:\windows\system32\maxw.exe [2008-9-28 22016]
R2 Services;Interent Explorer Services;c:\windows\system32\svchost.exe -k netservice [2006-2-15 14336]
R2 setch;setch .;c:\windows\system32\setch.exe [2008-9-24 21504]
R2 SVKP;SVKP;\??\c:\windows\system32\SVKP.sys [2008-10-12 2368]
R2 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\viewpoint\common\ViewpointService.exe" [2007-10-7 24652]
R2 Windows8;Install Bits Tools;c:\windows\system32\svchost.exe -k netsvcs [2006-2-15 14336]
R3 npf;npf;c:\windows\system32\drivers\npf.sys [2008-9-22 42512]
S2 E3809;E3809;c:\windows\system32\E3809.exe [2008-10-12 97280]
S2 Extensible Authentication;Extensible Authentication;c:\windows\system32\meinv.exe []
S2 Hooking;SSDT HOOK;\??\c:\windows\system32\drivers\GTHOOK.sys []
S2 imbs;imbs;c:\windows\system32\imbs.exe []
S2 inetifo;inetifo;c:\windows\system32\inetif.exe []
S2 kernel32;kernel32;c:\windows\system32\KERNEL32.exe []
S2 loveting;loveting;c:\windows\system32\loveting.exe []
S2 Made in China DDoS;Windows China Driver;c:\windows\system32\223.exe []
S2 mfc42;mfc42;c:\windows\mfc42.exe []
S2 Mscoress;NT LM Security Support Providers;c:\windows\system32\Mscoress.exe []
S2 Nationalv1013;National Instruments Domain Service;c:\windows\system32\svcfjps.exe []
S2 nbs;nbs;c:\windows\system32\nbs.exe []
S2 nbss;nbss;c:\windows\system32\nbss.exe []
S2 pangu;pan;c:\windows\system32\885.exe []
S2 RemoteStorage;Windows Accounts Driver;c:\windows\system32\fyddos.exe []
S2 RiSing1KaKa;RiSing1 KaKa Driver;c:\windows\system32\RiSing1.exe []
S2 RiSingKaKa;RiSing KaKa Driver;c:\windows\system32\RiSing.exe []
S2 Spm;Spm.;c:\windows\system32\Spm.exe []
S2 svcname;display;c:\windows\system32\zhe.exe []
S2 Ting;Ting;c:\windows\system32\Ting.exe []
S2 woaini;woaini;c:\windows\system32\aiting.exe []
S2 wycl;wycl;c:\windows\system32\wycl.exe []
S3 2ADWYPW;NBC0EKLIWVIR;\??\c:\windows\F8FXP.txt []
S3 69LV4;R9KXKHAIEO;\??\c:\windows\JQP7535488.txt []
S3 D4OJRAUG;BZ5Z4ALC78B0;\??\c:\windows\IVCV2FGSX.txt []
S3 DGVRN5Q;GRZXP;\??\c:\windows\WK162SG4TOR.txt []
S3 FDK6K;GEGM45;\??\c:\windows\PO11XVADV9M0.txt []
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2007-12-13 13352]
S3 IXJQ2WQ7D;HBUBH;\??\c:\windows\SNFF7NMPY.txt []
S3 MGBEL4X3T;XBZDUJ;\??\c:\windows\3LBUMZB4JY.txt []
S3 msIffei;msIffei;c:\windows\system32\drivers\msIffei.sys []
S3 OL4NR0;046C13A;\??\c:\windows\NH7FX.txt []
S3 OXIOEI4EQ5OH;J5WZQANF1K;\??\c:\windows\U2KAIUYKXNT.txt []
S3 PPI4ECB1F;I52LC3JYK4;\??\c:\windows\GE8N4.txt []
S3 RESSDT;RESSDT;\??\c:\windows\system32\ssdtti.sys []
S3 s217bus;Sony Ericsson Device 217 driver (WDM);c:\windows\system32\drivers\s217bus.sys [2008-5-27 83496]
S3 s217mdfl;Sony Ericsson Device 217 USB WMC Modem Filter;c:\windows\system32\drivers\s217mdfl.sys [2008-5-27 15016]
S3 s217mdm;Sony Ericsson Device 217 USB WMC Modem Driver;c:\windows\system32\drivers\s217mdm.sys [2008-5-27 109992]
S3 s217mgmt;Sony Ericsson Device 217 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s217mgmt.sys [2008-5-27 103976]
S3 s217nd5;Sony Ericsson Device 217 USB Ethernet Emulation SEMC217 (NDIS);c:\windows\system32\drivers\s217nd5.sys [2008-5-27 24872]
S3 s217obex;Sony Ericsson Device 217 USB WMC OBEX Interface;c:\windows\system32\drivers\s217obex.sys [2008-5-27 100008]
S3 s217unic;Sony Ericsson Device 217 USB Ethernet Emulation SEMC217 (WDM);c:\windows\system32\drivers\s217unic.sys [2008-5-27 105896]
S3 S37SGL051GCQ;P24QP2;\??\c:\windows\N3NB8.txt []
S3 se59bus;Sony Ericsson Device 089 driver (WDM);c:\windows\system32\drivers\se59bus.sys [2007-12-2 61536]
S3 se59mdfl;Sony Ericsson Device 089 USB WMC Modem Filter;c:\windows\system32\drivers\se59mdfl.sys [2007-12-9 9360]
S3 se59mdm;Sony Ericsson Device 089 USB WMC Modem Driver;c:\windows\system32\drivers\se59mdm.sys [2007-12-9 97088]
S3 se59mgmt;Sony Ericsson Device 089 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\se59mgmt.sys [2007-12-9 88624]
S3 se59nd5;Sony Ericsson Device 089 USB Ethernet Emulation SEMC59 (NDIS);c:\windows\system32\drivers\se59nd5.sys [2007-12-9 18704]
S3 se59obex;Sony Ericsson Device 089 USB WMC OBEX Interface;c:\windows\system32\drivers\se59obex.sys [2007-12-9 86432]
S3 se59unic;Sony Ericsson Device 089 USB Ethernet Emulation SEMC59 (WDM);c:\windows\system32\drivers\se59unic.sys [2007-12-9 90800]
S3 TesSafe;TesSafe;\??\c:\windows\system32\TesSafe.sys [2008-1-7 10240]
S3 TKP;TKP;\??\c:\windows\system32\drivers\153b []
S3 VF0400Afx;VF0400 Audio FX;c:\windows\system32\drivers\V0400Afx.sys [2008-9-20 142656]
S3 VF0400Vfx;VF0400 Video FX;c:\windows\system32\drivers\V0400VFx.sys [2008-9-20 7424]
S3 VF0400Vid;Live! Cam Notebook Pro (VF0400);c:\windows\system32\drivers\V0400Vid.sys [2008-9-20 166720]
S3 VZDZE1MKRDJT;JFLSONLZBK9;\??\c:\windows\4RYJQ8.txt []
S3 W700bus;Sony Ericsson W700 Driver driver (WDM);c:\windows\system32\drivers\W700bus.sys [2007-12-9 61536]
S3 W700mdfl;Sony Ericsson W700 USB WMC Modem Filter;c:\windows\system32\drivers\W700mdfl.sys [2007-12-9 9264]
S3 W700mdm;Sony Ericsson W700 USB WMC Modem Driver;c:\windows\system32\drivers\W700mdm.sys [2007-12-9 97056]
S3 W700mgmt;Sony Ericsson W700 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\W700mgmt.sys [2007-12-9 88560]
S3 W700obex;Sony Ericsson W700 USB WMC OBEX Interface;c:\windows\system32\drivers\W700obex.sys [2007-12-9 86368]
S3 WWP0YSCPNVCM;GBRWJMWDO;\??\c:\windows\NB6JW5I1VJTK.txt []

============== File Associations ===============

chm.file="hh.exe" %1
txtfile=c:\windows\notepad.exe %1

=============== Created Last 30 ================

2008-11-23 23:44 163,256 a------- C:\np-mswmp.dll
2008-11-23 01:38 98 a------- c:\windows\WirelessFTP.INI
2008-11-20 00:59 119,808 ---sh--- c:\windows\system32\Windows8t.dll
2008-11-16 07:30 <DIR> --d----- C:\TDDOWNLOAD
2008-11-12 23:38 <DIR> --d----- c:\program files\MSXML 4.0
2008-11-12 22:56 455,296 -c------ c:\windows\system32\dllcache\mrxsmb.sys
2008-11-12 22:55 1,106,944 -c------ c:\windows\system32\dllcache\msxml3.dll
2008-11-10 02:16 <DIR> --d----- c:\program files\baidu
2008-11-09 01:05 <DIR> --d----- c:\docume~1\alluse~1\applic~1\acccore
2008-11-09 01:04 <DIR> --d----- c:\program files\AIM6
2008-11-09 00:41 <DIR> --d----- c:\program files\common files\Software Update Utility
2008-11-07 02:06 <DIR> --d----- c:\docume~1\lichen~1\applic~1\SanDisk
2008-11-04 22:45 389,120 a------- c:\windows\system32\tmplljydf1.exe
2008-11-01 22:33 389,120 a------- c:\windows\system32\tmplljydf2.exe
2008-10-31 22:51 10,520 a------- c:\windows\system32\avgrsstx.dll
2008-10-31 22:51 97,928 a------- c:\windows\system32\drivers\avgldx86.sys
2008-10-31 22:51 <DIR> --d----- c:\windows\system32\drivers\Avg
2008-10-30 04:33 54,156 a---h--- c:\windows\QTFont.qfn
2008-10-30 04:33 1,409 a------- c:\windows\QTFont.for
2008-10-29 22:10 <DIR> --d-h--- c:\windows\system32\pp56.exe
2008-10-29 22:00 53 a------- c:\windows\sysqq.dat

==================== Find3M ====================

2008-11-26 18:01 <DIR> --d----- c:\program files\QQ
2008-11-26 16:19 102,400 ----h--- c:\windows\system32\FF72C.exe
2008-11-26 02:46 <DIR> --dsh--- c:\docume~1\alluse~1\applic~1\thunder_vod_cache
2008-11-19 02:20 <DIR> --d----- c:\program files\SightSpeed
2008-11-16 07:39 <DIR> --d----- c:\program files\Thunder Network
2008-11-12 23:58 <DIR> --d----- c:\docume~1\lichen~1\applic~1\Move Networks
2008-11-09 01:11 <DIR> --d----- c:\program files\Veoh Networks
2008-11-09 01:05 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Viewpoint
2008-11-09 01:04 <DIR> --d----- c:\program files\common files\AOL
2008-10-31 23:47 <DIR> --d----- c:\program files\QQPlayer
2008-10-31 23:45 <DIR> --d----- c:\docume~1\lichen~1\applic~1\Tencent
2008-10-31 22:51 <DIR> --d----- c:\docume~1\alluse~1\applic~1\avg8
2008-10-24 22:36 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Protexis
2008-10-24 01:48 <DIR> --d----- c:\program files\Tencent
2008-10-22 21:46 4,303,520 a------- c:\windows\FunshionInstall_C12991.exe
2008-10-21 02:17 35,682 a------- c:\windows\system32\info.dat
2008-10-16 14:06 268,648 a------- c:\windows\system32\mucltui.dll
2008-10-16 14:06 208,744 a------- c:\windows\system32\muweb.dll
2008-10-15 22:01 <DIR> --d----- c:\program files\ZARASOFT
2008-10-15 21:53 2,350,553 a------- c:\windows\FunshionInstall_C11580.exe
2008-10-13 22:19 <DIR> --d----- c:\docume~1\lichen~1\applic~1\BITS
2008-10-13 18:03 4,301,608 a------- c:\windows\uusee_dazhong1_setup_72.exe
2008-10-12 21:43 97,280 a------- c:\windows\system32\E3809.exe
2008-10-12 21:43 97,280 a------- c:\windows\system32\00A0D.exe
2008-10-12 07:09 2,368 a------- c:\windows\system32\SVKP.sys
2008-10-12 01:19 <DIR> --d----- c:\program files\FlashGet Network
2008-10-04 02:57 552,960 a------- c:\windows\system32\thundet.exe
2008-10-01 22:42 <DIR> --d----- c:\program files\Panda Security
2008-10-01 22:35 <DIR> --d----- c:\program files\WildTangent
2008-10-01 22:04 <DIR> --d----- c:\docume~1\alluse~1\applic~1\BVRP Software
2008-09-30 16:43 1,286,152 a------- c:\windows\system32\msxml4.dll
2008-09-28 03:52 22,016 ---sh--- c:\windows\system32\maxw.exe
2008-09-27 23:14 <DIR> --d--r-- c:\program files\QQDownload
2008-09-27 09:19 6,144 a------- c:\windows\system32\hm21001.exe
2008-09-25 23:48 155,995 a------- c:\windows\java\packages\9RL7JDJV.ZIP
2008-09-25 23:48 2,232 a------- c:\windows\java\packages\data\R1NLNF7D.DAT
2008-09-25 23:48 2,678 a------- c:\windows\java\packages\data\49BX3ZLN.DAT
2008-09-25 23:48 2,678 a------- c:\windows\java\packages\data\2EDBJ3XJ.DAT
2008-09-25 23:48 2,678 a------- c:\windows\java\packages\data\PVXNH7J7.DAT
2008-09-25 23:48 2,678 a------- c:\windows\java\packages\data\JJZNXBB7.DAT
2008-09-25 23:48 2,678 a------- c:\windows\java\packages\data\QPZ3N7DR.DAT
2008-09-24 04:54 21,504 ---sh--- c:\windows\system32\setch.exe
2008-09-22 02:15 244,336 a------- c:\windows\system32\wpcap.dll
2008-09-22 02:15 88,696 a------- c:\windows\system32\packet.dll
2008-09-22 02:15 68,224 a------- c:\windows\system32\wanpacket.dll
2008-09-15 07:12 1,846,400 a------- c:\windows\system32\win32k.sys
2008-09-09 20:14 1,307,648 a------- c:\windows\system32\msxml6.dll
2008-09-06 22:57 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Thunder Network
2008-09-04 12:15 1,106,944 a------- c:\windows\system32\msxml3.dll
2008-08-28 02:04 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Creative
2008-08-28 01:59 <DIR> --d----- c:\docume~1\alluse~1\applic~1\EyePowerGames
2008-08-03 02:14 <DIR> --d-h--- c:\docume~1\lichen~1\applic~1\ijjigame
2008-07-11 22:09 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Lavasoft
2008-07-07 23:59 <DIR> --d----- c:\docume~1\lichen~1\applic~1\Sibelius Software
2008-07-07 23:54 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Musicnotes
2008-06-15 23:57 <DIR> --d----- c:\docume~1\lichen~1\applic~1\QQMusicUpdate
2008-06-11 01:53 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Tencent
2008-06-05 15:15 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Storm
2008-05-28 23:01 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Sony Ericsson
2008-05-27 22:49 <DIR> --d----- c:\docume~1\lichen~1\applic~1\Sony
2008-05-27 22:49 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Sony
2008-05-24 03:11 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Grisoft
2008-04-28 22:35 <DIR> --d----- c:\docume~1\alluse~1\applic~1\WildTangent
2008-04-19 15:44 <DIR> --d----- c:\docume~1\lichen~1\applic~1\Teleca
2008-03-29 04:11 <DIR> --d----- c:\docume~1\lichen~1\applic~1\MSNInstaller
2008-03-25 15:54 <DIR> --d----- c:\docume~1\lichen~1\applic~1\QQ
2008-03-25 15:54 <DIR> --d----- c:\docume~1\lichen~1\applic~1\QQUpdate
2008-01-24 10:45 <DIR> --d----- c:\docume~1\lichen~1\applic~1\Application Data
2007-12-15 00:52 <DIR> --d----- c:\docume~1\lichen~1\applic~1\Sony Setup
2007-12-05 03:34 <DIR> --d----- c:\docume~1\lichen~1\applic~1\AdobeAUM
2007-12-02 13:37 <DIR> --d----- c:\docume~1\lichen~1\applic~1\Sony Ericsson
2007-08-20 01:29 <DIR> --d----- c:\docume~1\lichen~1\applic~1\Otto
2007-08-20 01:29 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Otto
2007-08-13 01:19 <DIR> --d----- c:\docume~1\lichen~1\applic~1\Sony Corporation
2007-06-11 02:11 <DIR> --d----- c:\docume~1\lichen~1\applic~1\Magic Academy
2007-06-06 23:26 <DIR> --d----- c:\docume~1\alluse~1\applic~1\JollyBear
2007-05-27 10:01 <DIR> --d----- c:\docume~1\lichen~1\applic~1\.Torrent Swapper
2007-05-17 00:34 <DIR> --d----- c:\docume~1\alluse~1\applic~1\McAfee.com
2007-05-16 03:30 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Intel
2007-05-16 03:30 <DIR> --d----- c:\docume~1\lichen~1\applic~1\Intel
2007-05-16 02:04 <DIR> --d----- c:\docume~1\lichen~1\applic~1\Viewpoint
2006-02-16 04:55 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Pure Networks

============= FINISH: 18:40:52.51 ===============
bluebunny876 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-26-2008, 11:55 PM   #4 (permalink)
Registered User
 
Join Date: Oct 2008
Posts: 21
OS: xp service pack 3


Re: Help i can't open Hikackthis
here is the attachment
Attached Files
File Type: txt Attach.txt (18.0 KB, 0 views)
bluebunny876 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-27-2008, 12:03 AM   #5 (permalink)
Registered User
 
Join Date: Oct 2008
Posts: 21
OS: xp service pack 3


Re: Help i can't open Hikackthis
for some reason i can't post the gmer log so i tried it to this post but that didn't work either????
bluebunny876 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-27-2008, 01:39 AM   #6 (permalink)
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
 
sUBs's Avatar
 
Join Date: May 2005
Posts: 24,480
OS: N/A


Re: Help i can't open Hikackthis
Zip it & then attach it.
sUBs is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-28-2008, 09:29 PM   #7 (permalink)
Registered User
 
Join Date: Oct 2008
Posts: 21
OS: xp service pack 3


Re: Help i can't open Hikackthis
How do i zip it.
bluebunny876 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-28-2008, 11:47 PM   #8 (permalink)
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
 
sUBs's Avatar
 
Join Date: May 2005
Posts: 24,480
OS: N/A


Re: Help i can't open Hikackthis
Right click on file & select "Send to > Compressed Zip Folder"
It shall create a zipped file next to it
sUBs is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-29-2008, 05:23 PM   #9 (permalink)
Analyst, Security Team
 
Billy O'Neal's Avatar
 
Join Date: Aug 2008
Location: Northfield, Ohio, United States
Posts: 1,690
OS: XPSP3, Vista Ultimate SP1, Ubuntu Server


Re: Help i can't open Hikackthis
Thanks sUBs.... Do you want this one or ???

Billy3
__________________
If I fail to reply for more than 24 hours, please feel free to send me a PM. Don't want you to be overlooked

Not problems like "What is beauty".. 'cause that would fall under the purview of your conundrums of philosophy.....
Billy O'Neal is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-30-2008, 08:55 AM   #10 (permalink)
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
 
sUBs's Avatar
 
Join Date: May 2005
Posts: 24,480
OS: N/A


Re: Help i can't open Hikackthis
Not really. But since you haven't replied to the user, let's not keep the user waiting.



Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/comb...o-use-combofix

Post the log from ComboFix when you've accomplished that.
sUBs is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-30-2008, 01:38 PM   #11 (permalink)
Analyst, Security Team
 
Billy O'Neal's Avatar
 
Join Date: Aug 2008
Location: Northfield, Ohio, United States
Posts: 1,690
OS: XPSP3, Vista Ultimate SP1, Ubuntu Server


Re: Help i can't open Hikackthis
Hello, bluebunny876
Sorry for any confusion. Please follow the instructions posted by sUBs above :)

Billy3
__________________
If I fail to reply for more than 24 hours, please feel free to send me a PM. Don't want you to be overlooked

Not problems like "What is beauty".. 'cause that would fall under the purview of your conundrums of philosophy.....
Billy O'Neal is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 12-01-2008, 09:46 PM   #12 (permalink)
Registered User
 
Join Date: Oct 2008
Posts: 21
OS: xp service pack 3


Re: Help i can't open Hikackthis
Thanks for your help. The problem was fixed when i ran the scan here is the results:


ComboFix 08-12-01.01 - Li Chen 2008-12-01 23:26:19.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.936.86.1033.18.470 [GMT -5:00]
执行位置: c:\documents and settings\Li Chen\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Li Chen\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
* 成功创造新还原点
.

((((((((((((((((((((((((((((((((((((((( 被删除的档案 )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\bot.txt
c:\documents and settings\All Users\jjdf32.ini
c:\documents and settings\All Users\lljydf16.ini
c:\documents and settings\All Users\lljyndf16.ini
c:\documents and settings\All Users\lljyndf32.ini
c:\documents and settings\All Users\zyndf16.ini
c:\documents and settings\All Users\zyndf32.ini
c:\documents and settings\Li Chen\Application Data\BITS
c:\documents and settings\Li Chen\Application Data\BITS\BITS.ini
c:\documents and settings\Li Chen\Application Data\BITS\DHTTable.dat
c:\documents and settings\Li Chen\Application Data\BITS\ProxyList.ini
c:\documents and settings\Li Chen\Application Data\BITS\UPnP.ini
c:\documents and settings\Li Chen\Favorites\Online Security Test.url
c:\documents and settings\Li Chen\Favorites\Privacy Protector.url
c:\documents and settings\Li Chen\Favorites\Spyware&Malware Protection.url
c:\documents and settings\Li Chen\Local Settings\Application Data\baidu
c:\documents and settings\Li Chen\Local Settings\Temporary Internet Files\ijjistarter_verinfo.dat
c:\documents and settings\LocalService\Application Data\BITS
c:\documents and settings\LocalService\Application Data\BITS\BITS.ini
c:\documents and settings\LocalService\Application Data\BITS\UPnP.ini
c:\program files\baidu
c:\program files\Baidu\bar\baidubar.dll
c:\program files\FlashGet Network
c:\program files\FlashGet Network\FlashGet Mini\dat\FlashGetMini.xml
c:\program files\FlashGet Network\FlashGet Mini\dat\FlvDetector.ini
c:\program files\FlashGet Network\FlashGet Mini\dat\taskdb.xml
c:\program files\FlashGet Network\FlashGet Mini\FlashGetFlvdetector.htm
c:\program files\FlashGet Network\FlashGet Mini\GetAllUrl.htm
c:\program files\FlashGet Network\FlashGet Mini\GetUrl.htm
c:\program files\FlashGet Network\FlashGet Mini\pup.dat
c:\program files\video activex access
c:\windows\struct~.ini
c:\windows\sysqq.dat
c:\windows\system\zyndld32081012.dll
c:\windows\system\zyndld32081012jt.dll
c:\windows\system32\0539680A4E.dll
c:\windows\system32\admshare.dat
c:\windows\system32\Cache
c:\windows\system32\Cache\SysArp.exe
c:\windows\system32\dfajj32tmp0.exe
c:\windows\system32\dfajj32tmp1.exe
c:\windows\system32\discard.ini
c:\windows\system32\drivers\npf.sys
c:\windows\system32\Fsevisys.sys
c:\windows\system32\iexp_log.txt
c:\windows\system32\inf\svchoct.exe
c:\windows\system32\ksuserfy.nls
c:\windows\system32\mywfhit.ini
c:\windows\system32\mywfhit.ini.tmp
c:\windows\system32\pac.txt
c:\windows\system32\packet.dll
c:\windows\system32\RecordIni.ini
c:\windows\system32\Scrax.dll
c:\windows\system32\SSup.dll
c:\windows\system32\sys05002.add
c:\windows\system32\SysDown.vxd
c:\windows\system32\thundet.exe
c:\windows\system32\tmpacj0.exe
c:\windows\system32\tmplljydf1.exe
c:\windows\system32\tmplljydf2.exe
c:\windows\system32\tmplljydf3.exe
c:\windows\system32\tmplljydf4.exe
c:\windows\system32\tmpzydf0.exe
c:\windows\system32\tmpzydf2.exe
c:\windows\system32\tmpzydf3.exe
c:\windows\system32\wanpacket.dll
c:\windows\system32\wpcap.dll
c:\windows\system32\xxxz23.ini
c:\windows\tawisys.ini

.
((((((((((((((((((((((((((((((((((((((( 驱动/服务 )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_KERNEL32
-------\Legacy_MADE_IN_CHINA_DDOS
-------\Legacy_MFC42
-------\Legacy_NPF
-------\Legacy_REMOTESTORAGE
-------\Legacy_RESSDT
-------\Legacy_SERVICES
-------\Legacy_SVCNAME
-------\Legacy_TESSAFE
-------\Service_kernel32
-------\Service_Made in China DDoS
-------\Service_mfc42
-------\Service_msIffei
-------\Service_npf
-------\Service_RemoteStorage
-------\Service_RESSDT
-------\Service_Services
-------\Service_svcname
-------\Service_TesSafe


((((((((((((((((((((((((( 2008-11-02 至 2008-12-02 的新的档案 )))))))))))))))))))))))))))))))
.

2008-11-28 01:26 . 2008-11-28 01:51 <DIR> d-------- c:\windows\system32\Tencent
2008-11-27 00:49 . 2008-11-27 00:50 204,800 ---h----- C:\temv.exe
2008-11-26 18:42 . 2008-11-26 19:29 345 --a------ c:\windows\gmer.ini
2008-11-23 23:44 . 2008-08-12 17:41 163,256 --a------ C:\np-mswmp.dll
2008-11-23 01:38 . 2008-11-23 01:38 98 --a------ c:\windows\WirelessFTP.INI
2008-11-20 00:59 . 2008-11-20 00:59 119,808 ---hs---- c:\windows\system32\Windows8t.dll
2008-11-16 07:30 . 2008-11-23 23:42 <DIR> d-------- C:\TDDOWNLOAD
2008-11-12 23:38 . 2008-11-12 23:38 <DIR> d-------- c:\program files\MSXML 4.0
2008-11-12 22:56 . 2008-10-24 06:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-12 22:55 . 2008-09-04 12:15 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll
2008-11-09 01:06 . 2008-11-09 01:06 <DIR> d-------- c:\documents and settings\Li Chen\Application Data\acccore
2008-11-09 01:05 . 2008-11-09 01:05 <DIR> d-------- c:\documents and settings\All Users\Application Data\acccore
2008-11-09 01:04 . 2008-11-09 01:06 <DIR> d-------- c:\program files\AIM6
2008-11-09 00:41 . 2008-11-09 00:41 <DIR> d-------- c:\program files\Common Files\Software Update Utility
2008-11-07 02:06 . 2008-11-07 02:06 <DIR> d-------- c:\documents and settings\Li Chen\Application Data\SanDisk

.
(((((((((((((((((((((((((((((((((((((((( 在三个月内被修改的档案 ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-02 03:51 --------- d-----w c:\program files\QQ
2008-12-01 14:05 4,224 ----a-w c:\windows\system32\drivers\beep.sys
2008-12-01 06:39 --------- d-sh--w c:\documents and settings\All Users\Application Data\thunder_vod_cache
2008-11-23 12:10 3,564 ---ha-w C:\aaw7boot.cmd
2008-11-19 07:20 --------- d-----w c:\program files\SightSpeed
2008-11-17 05:48 --------- d-----w c:\documents and settings\Li Chen\Application Data\toshiba
2008-11-16 12:39 --------- d-----w c:\program files\Thunder Network
2008-11-13 04:58 --------- d-----w c:\documents and settings\Li Chen\Application Data\Move Networks
2008-11-13 04:52 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-11-09 06:11 --------- d-----w c:\program files\Veoh Networks
2008-11-09 06:05 --------- d-----w c:\documents and settings\All Users\Application Data\Viewpoint
2008-11-09 06:04 --------- d-----w c:\program files\Common Files\AOL
2008-11-01 04:47 --------- d-----w c:\program files\QQPlayer
2008-11-01 04:45 --------- d-----w c:\documents and settings\Li Chen\Application Data\Tencent
2008-11-01 03:51 97,928 ----a-w c:\windows\system32\drivers\avgldx86.sys
2008-11-01 03:51 --------- d-----w c:\documents and settings\All Users\Application Data\avg8
2008-10-26 19:50 --------- d-----w c:\windows\system32\config\systemprofile\Application Data\Tencent
2008-10-25 03:36 --------- d-----w c:\documents and settings\All Users\Application Data\Protexis
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-24 06:48 --------- d-----w c:\program files\Tencent
2008-10-24 06:46 --------- d-----w c:\documents and settings\All Users\Application Data\AOL Downloads
2008-10-23 02:46 4,303,520 ----a-w c:\windows\FunshionInstall_C12991.exe
2008-10-23 02:40 --------- d-----w c:\program files\Microsoft Silverlight
2008-10-16 03:01 --------- d-----w c:\program files\ZARASOFT
2008-10-16 02:53 2,350,553 ----a-w c:\windows\FunshionInstall_C11580.exe
2008-10-13 23:03 4,301,608 ----a-w c:\windows\uusee_dazhong1_setup_72.exe
2008-10-13 19:43 --------- d--h--w c:\program files\InstallShield Installation Information
2008-10-12 06:18 --------- d-----w c:\documents and settings\LocalService\Application Data\DivX
2008-10-03 03:17 --------- d-----w c:\documents and settings\LocalService\Application Data\Tencent
2008-10-02 03:42 --------- d-----w c:\program files\Panda Security
2008-10-02 03:35 --------- d-----w c:\program files\WildTangent
2008-10-02 03:04 --------- d-----w c:\documents and settings\All Users\Application Data\BVRP Software
2008-09-10 07:00 1,724,416 ----a-w C:\gdiplus.dll
2007-11-04 00:32 0 -c--a-w c:\documents and settings\Li Chen\Application Data\wklnhst.dat
2007-08-21 17:20 251 ----a-w c:\program files\wt3d.ini
.

((((((((((((((((((((((((((((((((((((( 重要登入点 ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*注意* 空白与合法缺省登录将不会被显示
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ACDC15CD-B675-4C7C-86E9-CA92F2DF2896}]
2008-11-10 16:35 77824 --a------ c:\program files\Thunder Network\GouGouToolbar\GougouToolBarHelper_now.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D5DC8911-DCD3-49CE-AE95-8AD512F2D280}"= "c:\program files\Thunder Network\GouGouToolbar\GougouToolBar.1.0.0.20.(810).dll" [2008-11-12 647168]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2004-12-30 65536]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2008-02-20 356352]
"CreativeTaskScheduler"="c:\program files\Creative\Shared Files\CTSched.exe" [2006-11-17 53341]
"SansaDispatch"="c:\documents and settings\Li Chen\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe" [2008-11-07 79872]
"VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2008-10-09 3502840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-11-28 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-11-28 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-11-28 118784]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"THotkey"="c:\program files\Toshiba\Toshiba Applet\thotkey.exe" [2006-01-05 352256]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2005-12-16 82009]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-12-16 761945]
"Tvs"="c:\program files\Toshiba\Tvs\TvsTray.exe" [2005-11-30 73728]
"SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-04-26 122880]
"dla"="c:\windows\system32\dla\DLACTRLW.exe" [2005-10-06 122940]
"Pinger"="c:\toshiba\ivp\ism\pinger.exe" [2005-03-17 151552]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 667718]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 602182]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-05-31 185896]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-10 208952]
"IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-10 44032]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-10 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 57344]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"QuickTime Task"="c:\program files\StormII\Codec\qttask.exe" [2008-03-28 413696]
"V0400Mon.exe"="c:\windows\V0400Mon.exe" [2007-08-23 28672]
"BJCFD"="c:\program files\BroadJump\Client Foundation\CFD.exe" [2002-09-10 368706]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-11-27 1261336]
"TFncKy"="TFncKy.exe" [BU]
"TDispVol"="TDispVol.exe" [2005-03-11 c:\windows\system32\TDispVol.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2005-10-15 c:\windows\agrsmmsg.exe]
"NDSTray.exe"="NDSTray.exe" [BU]
"TPSMain"="TPSMain.exe" [2005-06-01 c:\windows\system32\TPSMain.exe]
"CFSServ.exe"="CFSServ.exe" [BU]
"RTHDCPL"="RTHDCPL.EXE" [2005-12-09 c:\windows\RTHDCPL.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 437160]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2005-12-07 1744896]
RAMASST.lnk - c:\windows\system32\RAMASST.exe [2006-02-15 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msvideo7"= STV680tg.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\修复工具.exe]
"Debugger"=ntsd -d

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"=
"c:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= c:\\TOSHIBA\\IVP\\ISM\\pinger.exe
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Ares\\Ares.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\QQ\\Africa2003\\QzoneMusic.exe"=
"c:\\Program Files\\Sony Ericsson\\Update Service\\Update Service.exe"=
"c:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Tencent\\QQGAME\\QQGameDl.exe"=
"c:\\Program Files\\QQ\\QQ.exe"=
"c:\\Program Files\\QQ\\Qzone\\Qzone.exe"=
"c:\\Program Files\\QQ\\QzoneMusic.exe"=
"c:\\Program Files\\QQ\\QQPet\\QQPetAgent.exe"=
"c:\\Program Files\\QQ\\QQUpdateCenter.exe"=
"c:\\Program Files\\QQ\\QQPet\\QQPenguin\\QQPenguin.EXE"=
"c:\\Program Files\\KuGou\\KuGou2008\\KuGoo.exe"=
"c:\\Program Files\\StormII\\Storm.exe"=
"c:\\Program Files\\StormII\\stormliv.exe"=
"c:\\Program Files\\Sony Ericsson\\Sony Ericsson Media Manager 1.0\\MediaManager.exe"=
"c:\\Program Files\\QQ\\QQMusic.exe"=
"c:\\Program Files\\Tencent\\TT\\bin\\TTraveler.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Tencent\\QQPinyin\\QQPYConfig.exe"=
"c:\\Program Files\\Tencent\\QQPinyin\\QQPYLiveup.exe"=
"c:\\Program Files\\Tencent\\QQPinyin\\QQDeskUpdate.exe"=
"c:\\Program Files\\QQPlayer\\QQDeskUpdate.exe"=
"c:\\Program Files\\QQPlayer\\QQPlayer.exe"=
"c:\\Program Files\\Tencent\\TT\\bin\\TTLiveUpdate.exe"=
"c:\\Program Files\\Tencent\\TT\\bin\\QQDeskUpdate.exe"=
"c:\\Program Files\\Tencent\\TT\\bin\\TTCrashReport.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=
"c:\\Program Files\\Thunder Network\\Thunder1\\Program\\Thunder5.exe"=
"c:\\Program Files\\SightSpeed\\SightSpeed.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"53262:TCP"= 53262:TCP:*:Disabled:SolidNetworkManager
"53262:UDP"= 53262:UDP:*:Disabled:SolidNetworkManager

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2008-10-01 28544]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-10-31 97928]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-10-31 231704]
R2 ccosm;Contrl Center of Storm Media;c:\program files\StormII\stormliv.exe /asservice [2008-03-11 473184]
R2 maxw;maxw.;c:\windows\system32\maxw.exe [2008-09-28 22016]
R2 setch;setch .;c:\windows\system32\setch.exe [2008-09-24 21504]
R2 SVKP;SVKP;\??\c:\windows\system32\SVKP.sys [2008-10-12 2368]
R2 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\Viewpoint\Common\ViewpointService.exe" [2007-10-07 24652]
R2 Windows8;Install Bits Tools;c:\windows\System32\svchost.exe -k netsvcs [2006-02-15 14336]
R3 VF0400Afx;VF0400 Audio FX;c:\windows\system32\Drivers\V0400Afx.sys [2008-09-20 142656]
R3 VF0400Vfx;VF0400 Video FX;c:\windows\system32\DRIVERS\V0400VFx.sys [2008-09-20 7424]
R3 VF0400Vid;Live! Cam Notebook Pro (VF0400);c:\windows\system32\DRIVERS\V0400Vid.sys [2008-09-20 166720]
S2 E3809;E3809;c:\windows\system32\E3809.exe [2008-10-12 97280]
S2 Extensible Authentication;Extensible Authentication;c:\windows\system32\meinv.exe []
S2 Hooking;SSDT HOOK;\??\c:\windows\system32\drivers\GTHOOK.sys []
S2 imbs;imbs;c:\windows\system32\imbs.exe []
S2 inetifo;inetifo;c:\windows\system32\inetif.exe []
S2 loveting;loveting;c:\windows\system32\loveting.exe []
S2 Mscoress;NT LM Security Support Providers;c:\windows\system32\Mscoress.exe []
S2 Nationalv1013;National Instruments Domain Service;c:\windows\system32\svcfjps.exe []
S2 nbs;nbs;c:\windows\system32\nbs.exe []
S2 nbss;nbss;c:\windows\system32\nbss.exe []
S2 pangu;pan;c:\windows\system32\885.exe []
S2 RiSing1KaKa;RiSing1 KaKa Driver;c:\windows\system32\RiSing1.exe []
S2 RiSingKaKa;RiSing KaKa Driver;c:\windows\system32\RiSing.exe []
S2 Spm;Spm.;c:\windows\system32\Spm.exe []
S2 Ting;Ting;c:\windows\system32\Ting.exe []
S2 woaini;woaini;c:\windows\system32\aiting.exe []
S2 wycl;wycl;c:\windows\system32\wycl.exe []
S3 2ADWYPW;NBC0EKLIWVIR;\??\c:\windows\F8FXP.txt []
S3 69LV4;R9KXKHAIEO;\??\c:\windows\JQP7535488.txt []
S3 D4OJRAUG;BZ5Z4ALC78B0;\??\c:\windows\IVCV2FGSX.txt []
S3 DGVRN5Q;GRZXP;\??\c:\windows\WK162SG4TOR.txt []
S3 FDK6K;GEGM45;\??\c:\windows\PO11XVADV9M0.txt []
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2007-12-13 13352]
S3 IXJQ2WQ7D;HBUBH;\??\c:\windows\SNFF7NMPY.txt []
S3 MGBEL4X3T;XBZDUJ;\??\c:\windows\3LBUMZB4JY.txt []
S3 OL4NR0;046C13A;\??\c:\windows\NH7FX.txt []
S3 OXIOEI4EQ5OH;J5WZQANF1K;\??\c:\windows\U2KAIUYKXNT.txt []
S3 PPI4ECB1F;I52LC3JYK4;\??\c:\windows\GE8N4.txt []
S3 s217bus;Sony Ericsson Device 217 driver (WDM);c:\windows\system32\DRIVERS\s217bus.sys [2008-05-27 83496]
S3 s217mdfl;Sony Ericsson Device 217 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s217mdfl.sys [2008-05-27 15016]
S3 s217mdm;Sony Ericsson Device 217 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s217mdm.sys [2008-05-27 109992]
S3 s217mgmt;Sony Ericsson Device 217 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s217mgmt.sys [2008-05-27 103976]
S3 s217nd5;Sony Ericsson Device 217 USB Ethernet Emulation SEMC217 (NDIS);c:\windows\system32\DRIVERS\s217nd5.sys [2008-05-27 24872]
S3 s217obex;Sony Ericsson Device 217 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s217obex.sys [2008-05-27 100008]
S3 s217unic;Sony Ericsson Device 217 USB Ethernet Emulation SEMC217 (WDM);c:\windows\system32\DRIVERS\s217unic.sys [2008-05-27 105896]
S3 S37SGL051GCQ;P24QP2;\??\c:\windows\N3NB8.txt []
S3 se59bus;Sony Ericsson Device 089 driver (WDM);c:\windows\system32\DRIVERS\se59bus.sys [2007-12-02 61536]
S3 se59mdfl;Sony Ericsson Device 089 USB WMC Modem Filter;c:\windows\system32\DRIVERS\se59mdfl.sys [2007-12-09 9360]
S3 se59mdm;Sony Ericsson Device 089 USB WMC Modem Driver;c:\windows\system32\DRIVERS\se59mdm.sys [2007-12-09 97088]
S3 se59mgmt;Sony Ericsson Device 089 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\se59mgmt.sys [2007-12-09 88624]
S3 se59nd5;Sony Ericsson Device 089 USB Ethernet Emulation SEMC59 (NDIS);c:\windows\system32\DRIVERS\se59nd5.sys [2007-12-09 18704]
S3 se59obex;Sony Ericsson Device 089 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\se59obex.sys [2007-12-09 86432]
S3 se59unic;Sony Ericsson Device 089 USB Ethernet Emulation SEMC59 (WDM);c:\windows\system32\DRIVERS\se59unic.sys [2007-12-09 90800]
S3 TKP;TKP;\??\c:\windows\system32\DRIVERS\153b []
S3 VZDZE1MKRDJT;JFLSONLZBK9;\??\c:\windows\4RYJQ8.txt []
S3 W700bus;Sony Ericsson W700 Driver driver (WDM);c:\windows\system32\DRIVERS\W700bus.sys [2007-12-09 61536]
S3 W700mdfl;Sony Ericsson W700 USB WMC Modem Filter;c:\windows\system32\DRIVERS\W700mdfl.sys [2007-12-09 9264]
S3 W700mdm;Sony Ericsson W700 USB WMC Modem Driver;c:\windows\system32\DRIVERS\W700mdm.sys [2007-12-09 97056]
S3 W700mgmt;Sony Ericsson W700 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\W700mgmt.sys [2007-12-09 88560]
S3 W700obex;Sony Ericsson W700 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\W700obex.sys [2007-12-09 86368]
S3 WWP0YSCPNVCM;GBRWJMWDO;\??\c:\windows\NB6JW5I1VJTK.txt []

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
netservice REG_MULTI_SZ Services

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Windows8

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5e395ca1-4b4c-11dc-a3db-0018de0cec03}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Aim6 - (no file)
HKLM-Run-PadTouch - c:\program files\TOSHIBA\Touch and Launch\PadExe.exe
HKLM-Run-miniqqlive - c:\program files\Tencent\QQLive\MiniQQLive.exe
HKLM-Run-SysArp - c:\windows\system32\Cache\SysArp.exe
HKLM-Run-weiai - c:\windows\system32\weiai.exe
HKLM-Run-SafeTest - c:\windows\system32\SafeTest.exe
HKU-Default-Run-MINIFLASHGET - c:\program files\FlashGet Network\FlashGet Mini\FlashGetMini.exe
HKLM-Explorer_Run-dlnjjbdfa - c:\windows\system\llwzjy080923.exe
HKLM-Explorer_Run-lljyn_df - c:\windows\system\lljyn081010.exe
HKLM-Explorer_Run-nmzy_df - c:\windows\system\zyndle081023.exe
HKLM-Explorer_Run-kub12 - kub12.exe


.
------- 而外的扫描 -------
.
FireFox -: Profile - c:\documents and settings\Li Chen\Application Data\Mozilla\Firefox\Profiles\14d4qz4i.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.yahoo.com/?.home=ytff
FF -: plugin - c:\documents and settings\Li Chen\Application Data\Mozilla\Firefox\Profiles\14d4qz4i.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071101000055.dll
FF -: plugin - c:\documents and settings\Li Chen\Application Data\Mozilla\Firefox\Profiles\14d4qz4i.default\extensions\SolidStateION@solidstatenetworks.com\plugins\npssn.dll
FF -: plugin - c:\program files\Common Files\Thunder Network\KanKan\npDapCtrlFirefox.2.0.587.11.(850).dll
FF -: plugin - c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.1.0.30716.0.dll
FF -: plugin - c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npdnu.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npmusicn.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npViewpoint_.dll
FF -: plugin - c:\program files\StormII\Codec\Plugins\nppl3260.dll
FF -: plugin - c:\program files\StormII\Codec\Plugins\npqtplugin.dll
FF -: plugin - c:\program files\StormII\Codec\Plugins\npqtplugin2.dll
FF -: plugin - c:\program files\StormII\Codec\Plugins\npqtplugin3.dll
FF -: plugin - c:\program files\StormII\Codec\Plugins\npqtplugin4.dll
FF -: plugin - c:\program files\StormII\Codec\Plugins\npqtplugin5.dll
FF -: plugin - c:\program files\StormII\Codec\Plugins\npqtplugin6.dll
FF -: plugin - c:\program files\StormII\Codec\Plugins\nprpjplug.dll
FF -: plugin - c:\program files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll
FF -: plugin - c:\program files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll
FF -: plugin - c:\program files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll
FF -: plugin - c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF -: plugin - c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint_03050024.dll
.
.
------- 文件类型 -------
.
chm.file="hh.exe" %1
txtfile=c:\windows\notepad.exe %1
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-01 23:36:41
Windows 5.1.2600 Service Pack 3 NTFS

扫描被隐藏的进程。。。 ...

扫描被隐藏的启动组。。。

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
SafeTest = c:\windows\system32\SafeTest.exe?????????? ???c:\windows\system32\SafeTest.exe?????????? ???c:\windows\system32\SafeTest.exe??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

扫描被隐藏的文件。。。

扫描完成
被隐藏的档案: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\2ADWYPW]
"ImagePath"="\??\c:\windows\F8FXP.txt"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\69LV4]
"ImagePath"="\??\c:\windows\JQP7535488.txt"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\D4OJRAUG]
"ImagePath"="\??\c:\windows\IVCV2FGSX.txt"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\DGVRN5Q]
"ImagePath"="\??\c:\windows\WK162SG4TOR.txt"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FDK6K]
"ImagePath"="\??\c:\windows\PO11XVADV9M0.txt"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IXJQ2WQ7D]
"ImagePath"="\??\c:\windows\SNFF7NMPY.txt"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MGBEL4X3T]
"ImagePath"="\??\c:\windows\3LBUMZB4JY.txt"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\OL4NR0]
"ImagePath"="\??\c:\windows\NH7FX.txt"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\OXIOEI4EQ5OH]
"ImagePath"="\??\c:\windows\U2KAIUYKXNT.txt"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PPI4ECB1F]
"ImagePath"="\??\c:\windows\GE8N4.txt"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\S37SGL051GCQ]
"ImagePath"="\??\c:\windows\N3NB8.txt"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TKP]
"ImagePath"="\??\c:\windows\system32\DRIVERS\153b"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\VZDZE1MKRDJT]
"ImagePath"="\??\c:\windows\4RYJQ8.txt"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WWP0YSCPNVCM]
"ImagePath"="\??\c:\windows\NB6JW5I1VJTK.txt"
.
------------------------ 其他运行进程 ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\StormII\stormliv.exe
c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe
c:\windows\system32\DVDRAMSV.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\toshiba\IVP\swupdate\swupdtmr.exe
c:\program files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\conime.exe
c:\program files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
c:\program files\TOSHIBA\ConfigFree\NDSTray.exe
c:\program files\Synaptics\SynTP\Toshiba.exe
c:\windows\ehome\ehmsas.exe
c:\windows\system32\TPSBattM.exe
c:\program files\TOSHIBA\ConfigFree\CFWAN.exe
c:\program files\TOSHIBA\ConfigFree\CFSServ.exe
c:\progra~1\Intel\Wireless\Bin\Dot1XCfg.exe
c:\program files\TOSHIBA\Bluetooth Toshiba Stack\TosA2dp.exe
c:\program files\TOSHIBA\Bluetooth Toshiba Stack\TosBtHSP.exe
.
**************************************************************************
.
完成时间: 2008-12-01 23:42:25 - 电脑已重新启动
ComboFix-quarantined-files.txt 2008-12-02 04:42:15

Pre-Run: 95,145,553,920 bytes free
Post-Run: 97,382,113,280 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

461 --- E O F --- 2008-11-13 04:52:44



i have attached the gemr scan log as well.
Attached Files
File Type: zip gmer.zip (351.0 KB, 0 views)
bluebunny876 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 12-01-2008, 10:26 PM   #13 (permalink)
Analyst, Security Team
 
Billy O'Neal's Avatar
 
Join Date: Aug 2008
Location: Northfield, Ohio, United States
Posts: 1,690
OS: XPSP3, Vista Ultimate SP1, Ubuntu Server


Re: Help i can't open Hikackthis
Hello, bluebunny876
Wow there's a lot of stuff in there :P

It appears we may need to restore some data from a windows installation disk. Do you have your windows disk?

When you preform these instructions, ComboFix will ask to upload a file. Please ensure that it uploads correctly.

Do you recognise a "GouGouToolbar"?

We need to re-run ComboFix with some additonal directives.
  1. Please disable any running anti-virus programs.
    If you are unsure how to do this, see this topic: http://www.bleepingcomputer.com/forums/topic114351.html
  2. Close any open browsers.
  3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  4. Open notepad and copy/paste the text in the quotebox below into it:
    Code:
    http://www.techsupportforum.com/security-center/hijackthis-log-help/298349-help-i-can-t-open-hikackthis.html
EXTRA::
collect::[54]
C:\temv.exe
c:\windows\system32\maxw.exe
c:\windows\system32\setch.exe
c:\windows\system32\SVKP.sys
c:\windows\system32\E3809.exe
suspect::[54]
c:\program files\Thunder Network\GouGouToolbar\GougouToolBarHelper_now.dll
C:\gdiplus.dll
folder::
c:\Program Files\QQ
registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\QQ\\QQ.exe"=-
"c:\\Program Files\\QQ\\Qzone\\Qzone.exe"=-
"c:\\Program Files\\QQ\\QzoneMusic.exe"=-
"c:\\Program Files\\QQ\\QQPet\\QQPetAgent.exe"=-
"c:\\Program Files\\QQ\\QQUpdateCenter.exe"=-
"c:\\Program Files\\QQ\\QQPet\\QQPenguin\\QQPenguin.EXE"=-
"c:\\Program Files\\QQ\\Africa2003\\QzoneMusic.exe"=-
chm.file="hh.exe" %1
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\修复工具.exe]
driver::
maxw
setch
SVKP
Windows8
E3809
Extensible Authentication
Hooking
imbs
inetifo
loveting
Mscoress
Nationalv1013
nbs
nbss
pangu
RiSing1KaKa
RiSingKaKa
Spm
Ting
woaini
wycl
2ADWYPW
69LV4
D4OJRAUG
DGVRN5Q
FDK6K
IXJQ2WQ7D
MGBEL4X3T
OL4NR0;046C13A
OXIOEI4EQ5OH
PPI4ECB1F
S37SGL051GCQ
TKP
VZDZE1MKRDJT
WWP0YSCPNVCM
NetSvc::
Windows8
ROOTKIT::
c:\windows\system32\meinv.exe
c:\windows\system32\drivers\GTHOOK.sys
c:\windows\system32\imbs.exe
c:\windows\system32\inetif.exe
c:\windows\system32\loveting.exe
c:\windows\system32\Mscoress.exe
c:\windows\system32\svcfjps.exe
c:\windows\system32\nbs.exe
c:\windows\system32\nbss.exe
c:\windows\system32\885.exe
c:\windows\system32\RiSing1.exe
c:\windows\system32\RiSing.exe
c:\windows\system32\Spm.exe
c:\windows\system32\Ting.exe
c:\windows\system32\aiting.exe
c:\windows\system32\wycl.exe
c:\windows\F8FXP.txt
c:\windows\JQP7535488.txt
c:\windows\IVCV2FGSX.txt
c:\windows\WK162SG4TOR.txt
c:\windows\PO11XVADV9M0.txt
c:\windows\SNFF7NMPY.txt
c:\windows\3LBUMZB4JY.txt
c:\windows\NH7FX.txt
c:\windows\U2KAIUYKXNT.txt
c:\windows\GE8N4.txt
c:\windows\N3NB8.txt
c:\windows\system32\DRIVERS\153b
c:\windows\4RYJQ8.txt
c:\windows\NB6JW5I1VJTK.txt
file::
c:\documents and settings\Li Chen\Application Data\wklnhst.dat
c:\program files\wt3d.ini
  5. Save this as CFScript.txt, in the same location as ComboFix.exe

  6. Refering to the picture above, drag CFScript into ComboFix.exe
  7. When finished, it shall produce a log for you at "C:\ComboFix.txt". Please copy and paste that report here.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

In your next reply, please include the following:
  • ComboFix.txt

Billy3
__________________
If I fail to reply for more than 24 hours, please feel free to send me a PM. Don't want you to be overlooked

Not problems like "What is beauty".. 'cause that would fall under the purview of your conundrums of philosophy.....
Billy O'Neal is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 12-02-2008, 12:55 AM   #14 (permalink)
Registered User
 
Join Date: Oct 2008
Posts: 21
OS: xp service pack 3


Re: Help i can't open Hikackthis
will it be a problem if i don't have my windowd Disk ?
bluebunny876 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 12-02-2008, 03:28 PM   #15 (permalink)
Analyst, Security Team
 
Billy O'Neal's Avatar
 
Join Date: Aug 2008
Location: Northfield, Ohio, United States
Posts: 1,690
OS: XPSP3, Vista Ultimate SP1, Ubuntu Server


Re: Help i can't open Hikackthis
No, but it would have been nice :P.

Please run the Cfscript and we'll go from there :)

Billy3
__________________
If I fail to reply for more than 24 hours, please feel free to send me a PM. Don't want you to be overlooked

Not problems like "What is beauty".. 'cause that would fall under the purview of your conundrums of philosophy.....
Billy O'Neal is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 12-03-2008, 10:50 AM   #16 (permalink)
Registered User
 
Join Date: Oct 2008
Posts: 21
OS: xp service pack 3


Re: Help i can't open Hikackthis
This is another long one :-) ... i won't fit in the blog so i had to attach it...yeah..there's a lot of stuff on my computer.
Attached Files
File Type: txt combofix.txt (1.08 MB, 4 views)
bluebunny876 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 12-03-2008, 09:36 PM   #17 (permalink)
Registered User
 
Join Date: Oct 2008
Posts: 21
OS: xp service pack 3


Re: Help i can't open Hikackthis
i program that was deleted..can i reinstall it??
bluebunny876 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 12-03-2008, 10:11 PM   #18 (permalink)
Analyst, Security Team
 
Billy O'Neal's Avatar
 
Join Date: Aug 2008
Location: Northfield, Ohio, United States
Posts: 1,690
OS: XPSP3, Vista Ultimate SP1, Ubuntu Server


Re: Help i can't open Hikackthis
Hello, bluebunny876
We need to re-run ComboFix with some additonal directives.
  1. Please disable any running anti-virus programs.
    If you are unsure how to do this, see this topic: http://www.bleepingcomputer.com/forums/topic114351.html
  2. Close any open browsers.
  3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  4. Open notepad and copy/paste the text in the quotebox below into it:
    Code:
    http://www.techsupportforum.com/security-center/hijackthis-log-help/298349-help-i-can-t-open-hikackthis.html#post1836358
suspect::[54]
c:\program files\Thunder Network\GouGouToolbar\GougouToolBarHelper_now.dll
file::
c:\windows\system32\FF72C.exe
registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ÐÞ¸´¹¤¾ß.exe]
driver::
OL4NR0
firefox::
FF -: plugin - c:\documents and settings\Li Chen\Application Data\Mozilla\Firefox\Profiles\14d4qz4i.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071101000055.dll
FF -: plugin - c:\documents and settings\Li Chen\Application Data\Mozilla\Firefox\Profiles\14d4qz4i.default\extensions\SolidStateION@solidstatenetworks.com\plugins\npssn.dll
  5. Save this as CFScript.txt, in the same location as ComboFix.exe

  6. Refering to the picture above, drag CFScript into ComboFix.exe
  7. When finished, it shall produce a log for you at "C:\ComboFix.txt". Please copy and paste that report here.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

In your next reply, please include the following:
  • ComboFix.txt

Billy3
__________________
If I fail to reply for more than 24 hours, please feel free to send me a PM. Don't want you to be overlooked

Not problems like "What is beauty".. 'cause that would fall under the purview of your conundrums of philosophy.....
Billy O'Neal is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 12-03-2008, 10:13 PM   #19 (permalink)
Analyst, Security Team
 
Billy O'Neal's Avatar
 
Join Date: Aug 2008
Location: Northfield, Ohio, United States
Posts: 1,690
OS: XPSP3, Vista Ultimate SP1, Ubuntu Server


Re: Help i can't open Hikackthis
Quote:
i program that was deleted..can i reinstall it??
Which program?

Billy3
__________________
If I fail to reply for more than 24 hours, please feel free to send me a PM. Don't want you to be overlooked

Not problems like "What is beauty".. 'cause that would fall under the purview of your conundrums of philosophy.....
Billy O'Neal is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 12-03-2008, 10:29 PM   #20 (permalink)
Registered User
 
Join Date: Oct 2008
Posts: 21
OS: xp service pack 3


Re: Help i can't open Hikackthis
the program QQ was deleted... it's a messenger program..like aim
bluebunny876 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
 
Page 1 of 2 1 2

« Previous Thread | Next Thread »

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT -7. The time now is 07:52 AM.

Contact Us - Tech Support Forum - Archive - Privacy Statement - Top


Copyright 2001 - 2009, Tech Support Forum
Home Tips Plus | Outdoor Basecamp | Automotive Support Forum

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85