Go Back   Cyber Tech Help Support Forums > Software > Malware Removal

Notices

Malware Removal Discussion about Trojans, viruses, hoaxes, firewalls, spyware, and general Security issues. If you suspect your PC is infected with a virus, trojan or spyware app please include any supporting documentation or logs

Reply
 
Topic Tools
  #1  
Old September 6th, 2008, 08:10 AM
blueray blueray is offline
New Member
 
Join Date: Sep 2008
Posts: 13
Heavily infected with malware + spyware. PLEASE HELP

Hey guys,
I have been constantly bugged with this malware program which pops up in my taskbar, the malware constantly alt-tabs me out of any full screen programs, such as PC games etc. Also, I am convinced that my computer is infected with spyware, as the speed of my computer has dramatically decreased recently. I have a HJT log, PLEASE TELL ME WHAT IS WRONG. Thank you.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:59:26, on 6/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Acer TV-FM\Kernel\TV\CLCapSvc.exe
C:\Program Files\Acer TV-FM\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\ThreatFire\TFService.exe
C:\Program Files\Acer TV-FM\Kernel\TV\CLSched.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\SysMonitor.exe
C:\WINDOWS\system32\SSCVIHOST.exe
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\Program Files\Acer\Acer eMode Management\AspireService.exe
C:\Program Files\Acer TV-FM\PCMService.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ThreatFire\TFTray.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\SSCVIHOST.exe
C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://seek.3721.com/srchasst.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.yahoo.com.cn
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://seek.3721.com/srchcust.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by OptusNet Cable
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = ;<local>
R3 - URLSearchHook: (no name) - {BB936323-19FA-4521-BA29-ECA6A121BC78} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe SSCVIHOST.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: RXResultTracker Class - {59879FA4-4790-461c-A1CC-4EC4DE4CA483} - C:\Program Files\RXToolBar\sfcont.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: QXK Olive - {A636CC73-F66B-4D1A-947D-39EE0CE1CEC3} - C:\WINDOWS\vanwxemgkrp.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: IE - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - C:\WINDOWS\downlo~1\CnsHook.dll
O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\PROGRA~1\FlashGet\getflash.dll
O2 - BHO: (no name) - {F44D8E66-7BB6-49BD-A924-5E0368C00FD1} - C:\Program Files\Video Add-on\isfmdl.dll (file missing)
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: RX Toolbar - {25D8BACF-3DE2-4B48-AE22-D659B8D835B0} - C:\Program Files\RXToolBar\RXToolBar.dll (file missing)
O3 - Toolbar: IE Custom Tools - {EFAF6EA3-615D-4F83-8748-2F7A576FCEA6} - C:\Program Files\Video Add-on\ictmdl.dll (file missing)
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\WINDOWS\system32\SysMonitor.exe
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
O4 - HKLM\..\Run: [AspireService] C:\Program Files\Acer\Acer eMode Management\AspireService.exe
O4 - HKLM\..\Run: [MediaSync] C:\Program Files\Acer\Acer eConsole\MediaSync.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer TV-FM\PCMService.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ImageItEncrypt] C:\WINDOWS\system32\ImageItEncrypt.exe
O4 - HKLM\..\Run: [helper.dll] C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\3721\helper.dll,Rundll32
O4 - HKLM\..\Run: [CnsMin] Rundll32.exe C:\WINDOWS\downlo~1\CnsMin.dll,Rundll32
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [320d18a1] rundll32.exe "C:\WINDOWS\system32\bviitlrx.dll",b
O4 - HKLM\..\Run: [ThreatFire] C:\Program Files\ThreatFire\TFTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [RRT-Auto] C:\RRT.exe auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [Yahoo Messengger] C:\WINDOWS\system32\SSCVIHOST.exe
O4 - HKLM\..\Policies\Explorer\Run: [none] C:\Program Files\Video ActiveX Object\pmsngr.exe
O4 - HKLM\..\Policies\Explorer\Run: [some] C:\Program Files\Video Add-on\icthis.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Yahoo Messengger] C:\WINDOWS\system32\SSCVIHOST.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Acer Empowering Technology.lnk = ?
O4 - Global Startup: Acer WLAN 11g USB Dongle.lnk = C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\System, DisableRegedit=1
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll
O9 - Extra button: Yahoo 1G mail - {507F9113-CD77-4866-BA92-0E86DA3D0B97} - http://cn.zs.yahoo.com/cnsbutton.htm...&btn=yahoomail (file missing)
O9 - Extra button: E bazar - {59BC54A2-56B3-44a0-93E5-432D58746E26} - http://adtaobao.allyes.com/main/adfc...allyesPara=816 (file missing)
O9 - Extra button: Yahoo Assistant - {5D73EE86-05F1-49ed-B850-E423120EC338} - http://cn.zs.yahoo.com/cnsbutton.htm...ns&btn=yassist (file missing)
O9 - Extra button: (no name) - {6354ABE6-05F1-49ed-B850-E423120EC338} - http://cn.widget.yahoo.com/index.htm?source=Cns (file missing)
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.topsoftwarefeed.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.topsoftwarefeed.com/redirect.php (file missing)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Instant Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - http://cn.zs.yahoo.com/cnsbutton.htm...s&btn=yahoomsg (file missing)
O9 - Extra button: (no name) - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://cn.zs.yahoo.com/cnsbutton.htm...cns&btn=repair (file missing)
O9 - Extra 'Tools' menuitem: Repair Browser - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://cn.zs.yahoo.com/cnsbutton.htm...cns&btn=repair (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://cn.zs.yahoo.com/cnsbutton.htm...=cns&btn=clean (file missing)
O9 - Extra 'Tools' menuitem: Clean Internet access record - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://cn.zs.yahoo.com/cnsbutton.htm...=cns&btn=clean (file missing)
O11 - Options group: [!CNS] Chinese keywords
O14 - IERESET.INF: START_PAGE_URL=http://www
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O18 - Filter hijack: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - C:\Program Files\RXToolBar\sfcont.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\__c00CA7F8.dat
O21 - SSODL: hirtellous - {fa19bd7e-50bc-4203-80ac-c4edc81ca9a3} - C:\WINDOWS\system32\nbbrhbd.dll (file missing)
O22 - SharedTaskScheduler: hirtellous - {fa19bd7e-50bc-4203-80ac-c4edc81ca9a3} - C:\WINDOWS\system32\nbbrhbd.dll (file missing)
O22 - SharedTaskScheduler: ineffulgent - {b585105c-0e84-4ef0-9c6a-fbe134a72945} - C:\WINDOWS\system32\ivrllc.dll
O23 - Service: Acer Media Server - Acer Inc. - C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer TV-FM\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer TV-FM\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer TV-FM\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: ThreatFire - PC Tools - C:\Program Files\ThreatFire\TFService.exe
Reply With Quote
  #2  
Old September 6th, 2008, 03:23 PM
Morfeasss Morfeasss is offline
CTH Subscriber
 
Join Date: Feb 2006
O/S: Windows XP Home
Location: Greece
Posts: 5,140
Hello blueray,

Quite a variety of infections along with an autorun infection. Before we begin with repairs though I would like to see another type of report.

Download OldTimer's OTViewIt from here to your desktop, then click OTViewIt.exe to start the scan.

When the display opens place a check next to:

Scan All Users

Then click the Run Scan button to start the scan. Once that completes a textbox will open - copy/paste those contents here for review please. The log can also be found on your desktop as OTViewIt.Txt.

Note - do not press any other buttons or make any other changes when running the scan.
Reply With Quote
  #3  
Old September 7th, 2008, 05:49 AM
blueray blueray is offline
New Member
 
Join Date: Sep 2008
Posts: 13
Thanks Morfeass,

I followed your instructions and this is the OTViewIt Log that came up after the scan:

OTViewIt logfile created on: 7/09/2008 2:47:06 PM - Run 2
OTViewIt by OldTimer - Version 1.0.1.8 Folder = C:\Downloads
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

447.48 Mb Total Physical Memory | 107.78 Mb Available Physical Memory | 24.09% Memory free
1.03 Gb Paging File | 0.63 Gb Available in Paging File | 61.16% Paging File free
Paging file location(s): C:\pagefile.sys 0 0;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 70.10 Gb Total Space | 37.26 Gb Free Space | 53.16% Space Free | Partition Type: NTFS
Drive D: | 71.12 Gb Total Space | 52.16 Gb Free Space | 73.34% Space Free | Partition Type: FAT32
Drive E: | 363.35 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: KEN
Current User Name: EmmaKate
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On

===== Processes - Non-Microsoft Only =====

[05/05/2006 07:53 AM | 00,438,272 | ---- | M] (Acer Inc.) - C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
[03/30/2006 01:53 PM | 00,028,672 | ---- | M] (Acer Inc.) - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
[03/30/2006 02:50 PM | 00,266,338 | ---- | M] () - C:\Program Files\Acer TV-FM\Kernel\TV\CLCapSvc.exe
[03/30/2006 02:50 PM | 01,073,152 | ---- | M] (Cyberlink) - C:\Program Files\Acer TV-FM\Kernel\CLML_NTService\CLMLServer.exe
[04/25/2008 08:52 AM | 00,066,880 | ---- | M] (PC Tools) - C:\Program Files\ThreatFire\TFService.exe
[03/30/2006 02:50 PM | 00,114,784 | ---- | M] () - C:\Program Files\Acer TV-FM\Kernel\TV\CLSched.exe
[07/24/2007 03:47 PM | 02,048,512 | RHS- | M] () - C:\WINDOWS\system32\SSCVIHOST.exe
[11/03/2004 01:24 PM | 00,032,768 | ---- | M] (Cyberlink Corp.) - C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
[04/19/2006 12:54 PM | 00,049,152 | ---- | M] ( ) - C:\WINDOWS\system32\SysMonitor.exe
[04/29/2006 09:43 AM | 00,401,408 | ---- | M] (Acer Inc.) - C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
[06/10/2006 05:24 AM | 00,110,592 | ---- | M] (Acer Inc.) - C:\Program Files\Acer\Acer eMode Management\AspireService.exe
[04/25/2008 08:52 AM | 00,259,392 | ---- | M] (PC Tools) - C:\Program Files\ThreatFire\TFTray.exe
[07/24/2007 03:47 PM | 02,048,512 | RHS- | M] () - C:\WINDOWS\system32\SSCVIHOST.exe
[11/17/2005 01:25 PM | 00,745,472 | ---- | M] (X-Micro Technology Corp.) - C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
[11/27/2001 08:10 AM | 00,106,560 | ---- | M] (WinZip Computing, Inc.) - C:\Program Files\WinZip\WZQKPICK.EXE
[09/11/2006 05:01 PM | 01,400,832 | ---- | M] (FlashGet.com) - C:\Program Files\FlashGet\flashget.exe

===== Win32 Services - Non-Microsoft Only =====

(Acer Media Server) Acer Media Server [Auto | Running]
[05/05/2006 07:53 AM | 00,438,272 | ---- | M] (Acer Inc.) - C:\Program Files\Acer\Acer eConsole\MediaServerService.exe

(AcerMemUsageCheckService) Memory Check Service [Auto | Running]
[03/30/2006 01:53 PM | 00,028,672 | ---- | M] (Acer Inc.) - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe

(CLCapSvc) CyberLink Background Capture Service (CBCS) [Auto | Running]
[03/30/2006 02:50 PM | 00,266,338 | ---- | M] () - C:\Program Files\Acer TV-FM\Kernel\TV\CLCapSvc.exe

(CLSched) CyberLink Task Scheduler (CTS) [Auto | Running]
[03/30/2006 02:50 PM | 00,114,784 | ---- | M] () - C:\Program Files\Acer TV-FM\Kernel\TV\CLSched.exe

(CyberLink Media Library Service) CyberLink Media Library Service [Auto | Running]
[03/30/2006 02:50 PM | 01,073,152 | ---- | M] (Cyberlink) - C:\Program Files\Acer TV-FM\Kernel\CLML_NTService\CLMLServer.exe

(ThreatFire) ThreatFire [Auto | Running]
[04/25/2008 08:52 AM | 00,066,880 | ---- | M] (PC Tools) - C:\Program Files\ThreatFire\TFService.exe

===== Driver Services - Non-Microsoft Only =====

(ACPISYS) ACPISYS [Auto | Running]
[05/17/2007 11:28 AM | 00,123,908 | ---- | M] () - C:\WINDOWS\system32\drivers\ACPISYS.sys

(Afc) PPdus ASPI Shell [On_Demand | Running]
[02/24/2005 07:58 AM | 00,011,776 | ---- | M] (Arcsoft, Inc.) - C:\WINDOWS\system32\drivers\afc.sys

(atksgt) atksgt [Auto | Running]
[12/20/2007 04:57 PM | 00,165,376 | ---- | M] () - C:\WINDOWS\system32\drivers\atksgt.sys

(CnsMinKP) CnsMinKP [Boot | Running]
[06/11/2007 03:55 PM | 00,055,128 | ---- | M] (国风因特软件(北京)有限公司) - C:\WINDOWS\system32\drivers\CnsMinKP.sys

(CnsStd) CnsStd [Auto | Running]
[02/01/2008 01:25 PM | 00,126,680 | ---- | M] (国风因特软件(北京)有限公司) - C:\WINDOWS\system32\drivers\CnsStd.sys

(DMSKSSRh) DMSKSSRh [On_Demand | Stopped]
File not found - C:\DOCUME~1\EmmaKate\LOCALS~1\Temp\DMSKSSRh.sys

(dtscsi) dtscsi [On_Demand | Running]
[12/04/2007 08:29 PM | 00,223,128 | ---- | M] () - C:\WINDOWS\system32\drivers\dtscsi.sys

(dump_wmimmc) dump_wmimmc [On_Demand | Stopped]
File not found - C:\Program Files\softnyx\GunboundWC\GameGuard\dump_wmimmc.sys

(HCW88AUD) Hauppauge WinTV 88x Audio Capture [System | Stopped]
[01/31/2006 09:05 AM | 00,011,970 | ---- | M] (Hauppauge Computer Works, Inc) - C:\WINDOWS\system32\drivers\hcw88aud.sys

(HCW88BDA) Hauppauge WinTV 88x DVB Tuner/Demod [On_Demand | Stopped]
[01/31/2006 09:05 AM | 00,138,816 | ---- | M] (Hauppauge Computer Works, Inc) - C:\WINDOWS\system32\drivers\hcw88bda.sys

(HCW88TSE) Hauppauge WinTV 88x MPEG/TS Capture [On_Demand | Stopped]
[01/31/2006 09:06 AM | 00,299,715 | ---- | M] (Hauppauge Computer Works, Inc) - C:\WINDOWS\system32\drivers\hcw88tse.sys

(HCW88TUNE) Hauppauge WinTV 88x Tuner [On_Demand | Stopped]
[01/31/2006 10:17 AM | 00,142,913 | ---- | M] (Hauppauge Computer Works, Inc.) - C:\WINDOWS\system32\drivers\hcw88tun.sys

(hcw88vid) Hauppauge WinTV 88x Video [On_Demand | Stopped]
[01/31/2006 09:04 AM | 00,494,144 | ---- | M] (Hauppauge Computer Works, Inc) - C:\WINDOWS\system32\drivers\hcw88vid.sys

(HCW88XBAR) Hauppauge WinTV 88x Crossbar [On_Demand | Stopped]
[01/31/2006 09:04 AM | 00,023,104 | ---- | M] (Hauppauge Computer Works, Inc.) - C:\WINDOWS\system32\drivers\hcw88bar.sys

(int15.sys) int15.sys [On_Demand | Running]
[01/14/2005 07:46 AM | 00,069,632 | ---- | M] () - C:\Acer\Empowering Technology\eRecovery\int15.sys

(lirsgt) lirsgt [Auto | Running]
[12/20/2007 04:57 PM | 00,018,048 | ---- | M] () - C:\WINDOWS\system32\drivers\lirsgt.sys

(LVHybrid) LVHybrid service [On_Demand | Stopped]
[05/16/2006 12:04 PM | 00,892,032 | ---- | M] (Animation Technologies Inc.) - C:\WINDOWS\system32\drivers\LVHybrid.sys

(ndndsglf) ndndsglf [Boot | Running]
[07/02/2008 09:09 PM | 00,048,128 | ---- | M] (北京三七二一科技有限公司) - C:\WINDOWS\system32\drivers\ndndsglf.sys

(NTIDrvr) Upper Class Filter Driver [On_Demand | Running]
[10/20/2005 02:16 PM | 00,006,144 | ---- | M] (NewTech Infosystems, Inc.) - C:\WINDOWS\system32\drivers\NTIDrvr.sys

(RTL8023xp) Realtek 10/100/1000 NIC Family all in one NDIS XP Driver [On_Demand | Running]
[06/14/2006 06:34 PM | 00,081,408 | ---- | M] (Realtek Semiconductor Corporation ) - C:\WINDOWS\system32\drivers\Rtnicxp.sys

(smserial) smserial [On_Demand | Stopped]
[06/06/2005 07:43 PM | 00,925,192 | ---- | M] (Motorola Inc.) - C:\WINDOWS\system32\drivers\smserial.sys

(sptd) sptd [Boot | Running]
[12/04/2007 05:46 PM | 00,642,560 | ---- | M] () - C:\WINDOWS\system32\drivers\sptd.sys

(TfFsMon) TfFsMon [Boot | Running]
[04/25/2008 08:52 AM | 00,051,520 | ---- | M] (PC Tools) - C:\WINDOWS\system32\drivers\TfFsMon.sys

(TfNetMon) TfNetMon [On_Demand | Running]
[04/25/2008 08:52 AM | 00,033,088 | ---- | M] (PC Tools) - C:\WINDOWS\system32\drivers\TfNetMon.sys

(TfSysMon) TfSysMon [Boot | Running]
[04/25/2008 08:52 AM | 00,038,208 | ---- | M] (PC Tools) - C:\WINDOWS\system32\drivers\TfSysMon.sys

(TIEHDUSB) TIEHDUSB [On_Demand | Stopped]
[02/04/2004 09:27 AM | 00,049,536 | ---- | M] (Texas Instruments Incorporated) - C:\WINDOWS\system32\drivers\tiehdusb.sys

(UBHelper) UBHelper [System | Running]
[12/18/2004 10:14 AM | 00,013,952 | ---- | M] () - C:\WINDOWS\System32\drivers\UBHelper.sys

(ZD1211BU(ZyDAS)) ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ZyDAS) [On_Demand | Stopped]
[10/29/2005 04:38 AM | 00,402,432 | ---- | M] (ZyDAS Technology Corporation) - C:\WINDOWS\system32\drivers\ZD1211BU.sys

(ZD1211U(ZyDAS)) ZyDAS ZD1211 IEEE 802.11b+g Wireless LAN Driver (USB)(ZyDAS) [On_Demand | Stopped]
[10/05/2005 08:38 AM | 00,280,064 | ---- | M] (ZyDAS Technology Corporation) - C:\WINDOWS\system32\drivers\ZD1211U.sys

(ZDPSp50) ZDPSp50 NDIS Protocol Driver [On_Demand | Running]
[10/26/2004 06:40 AM | 00,017,664 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) - C:\WINDOWS\system32\drivers\ZDPSp50.sys

(R2A) R2A [Disabled | Stopped]
File not found - C:\WINDOWS\system32a2.sys

========== Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"" = File not found
"320d18a1" = rundll32.exe "C:\WINDOWS\system32\bviitlrx.dll",b File not found
"Acer Empowering Technology Monitor" = C:\WINDOWS\system32\SysMonitor.exe [04/19/2006 12:54 PM | 00,049,152 | ---- | M] ( )
"AspireService" = C:\Program Files\Acer\Acer eMode Management\AspireService.exe [06/10/2006 05:24 AM | 00,110,592 | ---- | M] (Acer Inc.)
"ccApp" = "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [09/17/2005 05:27 PM | 00,052,848 | ---- | M] (Symantec Corporation)
"CnsMin" = Rundll32.exe C:\WINDOWS\downlo~1\CnsMin.dll,Rundll32 [12/14/2007 03:17 PM | 00,290,120 | ---- | M] ()
"eRecoveryService" = C:\Acer\Empowering Technology\eRecovery\eRAgent.exe [04/29/2006 09:43 AM | 00,401,408 | ---- | M] (Acer Inc.)
"helper.dll" = C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\3721\helper.dll,Rundll32 [10/19/2007 03:14 PM | 00,040,280 | ---- | M] (国风因特软件(北京)有限公司)
"ImageItEncrypt" = C:\WINDOWS\system32\ImageItEncrypt.exe [12/31/2005 07:02 AM | 00,040,960 | ---- | M] ()
"ISUSPM Startup" = C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup [06/16/2004 05:03 AM | 00,221,184 | ---- | M] (InstallShield Software Corporation)
"ISUSScheduler" = "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start [06/16/2004 05:03 AM | 00,081,920 | ---- | M] (InstallShield Software Corporation)
"iTunesHelper" = "C:\Program Files\iTunes\iTunesHelper.exe" [09/26/2007 02:42 PM | 00,267,064 | ---- | M] (Apple Inc.)
"LaunchApp" = Alaunch [03/14/2006 05:13 PM | 00,524,288 | ---- | M] (Acer Inc.)
"MediaSync" = C:\Program Files\Acer\Acer eConsole\MediaSync.exe [05/05/2006 07:55 AM | 00,425,984 | ---- | M] (Acer Inc.)
"MSPY2002" = C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC [08/04/2004 10:00 PM | 00,059,392 | ---- | M] ()
"ntiMUI" = C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe [05/12/2005 11:15 AM | 00,045,056 | ---- | M] ()
"PCMService" = "C:\Program Files\Acer TV-FM\PCMService.exe" [03/30/2006 02:50 PM | 00,143,360 | ---- | M] (CyberLink Corp.)
"QuickTime Task" = "C:\Program Files\QuickTime\qttask.exe" -atboottime [06/29/2007 06:24 AM | 00,286,720 | ---- | M] (Apple Inc.)
"RemoteControl" = "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [11/03/2004 01:24 PM | 00,032,768 | ---- | M] (Cyberlink Corp.)
"RRT-Auto" = C:\RRT.exe auto File not found
"SiSPower" = Rundll32.exe SiSPower.dll,ModeAgent [07/13/2005 07:55 PM | 00,049,152 | ---- | M] (Silicon Integrated Systems Corporation)
"SMSERIAL" = sm56hlpr.exe [06/06/2005 07:40 PM | 00,544,768 | ---- | M] (Motorola Inc.)
"SoundMan" = SOUNDMAN.EXE [08/17/2005 07:39 AM | 00,090,112 | ---- | M] (Realtek Semiconductor Corp.)
"SunJavaUpdateSched" = C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [06/10/2008 04:27 AM | 00,144,784 | ---- | M] (Sun Microsystems, Inc.)
"ThreatFire" = C:\Program Files\ThreatFire\TFTray.exe [04/25/2008 08:52 AM | 00,259,392 | ---- | M] (PC Tools)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" = Reg Error: Value load does not exist or could not be read.
"run" = Reg Error: Value run does not exist or could not be read.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"PcSync" = C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog File not found
"Yahoo Messengger" = C:\WINDOWS\system32\SSCVIHOST.exe [07/24/2007 03:47 PM | 02,048,512 | RHS- | M] ()

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" =
"run" = Reg Error: Value run does not exist or could not be read.

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\Cur rentVersion\Run]
"Yahoo Messengger" = C:\WINDOWS\system32\SSCVIHOST.exe [07/24/2007 03:47 PM | 02,048,512 | RHS- | M] ()

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" =
"run" = Reg Error: Value run does not exist or could not be read.

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo Messengger" = C:\WINDOWS\system32\SSCVIHOST.exe [07/24/2007 03:47 PM | 02,048,512 | RHS- | M] ()

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" =
"run" = Reg Error: Value run does not exist or could not be read.

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" =
"run" = Reg Error: Value run does not exist or could not be read.

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" =
"run" = Reg Error: Value run does not exist or could not be read.

[HKEY_USERS\S-1-5-21-1891600551-3242204203-514493117-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PcSync" = C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog File not found
"Yahoo Messengger" = C:\WINDOWS\system32\SSCVIHOST.exe [07/24/2007 03:47 PM | 02,048,512 | RHS- | M] ()

[HKEY_USERS\S-1-5-21-1891600551-3242204203-514493117-1006\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" =
"run" = Reg Error: Value run does not exist or could not be read.

[HKEY_USERS\S-1-5-21-1891600551-3242204203-514493117-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg" = C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe File not found
"Yahoo Messengger" = C:\WINDOWS\system32\SSCVIHOST.exe [07/24/2007 03:47 PM | 02,048,512 | RHS- | M] ()

[HKEY_USERS\S-1-5-21-1891600551-3242204203-514493117-1009\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" =
"run" = Reg Error: Value run does not exist or could not be read.

========== Startup Folders ==========

[All Users Startup Folder - C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
[05/12/2006 06:00 AM | 00,045,056 | ---- | M] (Acer Inc.) - C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acer Empowering Technology.lnk = C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
[11/17/2005 01:25 PM | 00,745,472 | ---- | M] (X-Micro Technology Corp.) - C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acer WLAN 11g USB Dongle.lnk = C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
[12/14/2004 09:44 PM | 00,029,696 | ---- | M] (Adobe Systems Incorporated) - C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
[11/27/2001 08:10 AM | 00,106,560 | ---- | M] (WinZip Computing, Inc.) - C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE

[Default User Startup Folder - C:\Documents and Settings\Default User\Start Menu\Programs\Startup]

[EmmaKate Startup Folder - C:\Documents and Settings\EmmaKate\Start Menu\Programs\Startup]
[01/04/2007 08:33 PM | 00,225,280 | ---- | M] (Leader Technologies) - C:\Documents and Settings\EmmaKate\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe

[Guest Startup Folder - C:\Documents and Settings\Guest\Start Menu\Programs\Startup]

[Stella Startup Folder - C:\Documents and Settings\Stella\Start Menu\Programs\Startup]
Reply With Quote
  #4  
Old September 7th, 2008, 05:50 AM
blueray blueray is offline
New Member
 
Join Date: Sep 2008
Posts: 13
========== BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
HKLM CLSID: (AcroIEHlprObj Class) - [12/14/2004 06:56 PM | 00,063,136 | ---- | M] (Adobe Systems Incorporated) C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}]
HKLM CLSID: (IeCatch5 Class) - [05/16/2006 03:19 PM | 00,081,920 | ---- | M] (FlashGet) C:\Program Files\FlashGet\Jccatch.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{59879FA4-4790-461c-A1CC-4EC4DE4CA483}]
HKLM CLSID: (RXResultTracker Class) - File not found C:\Program Files\RXToolBar\sfcont.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
HKLM CLSID: (SSVHelper Class) - [06/10/2008 04:27 AM | 00,509,328 | ---- | M] (Sun Microsystems, Inc.) C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]
HKLM CLSID: (Reg Error: Key does not exist or could not be opened.) - File not found Reg Error: Key does not exist or could not be opened.

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{A636CC73-F66B-4D1A-947D-39EE0CE1CEC3}]
HKLM CLSID: (QXK Olive) - [09/06/2008 08:23 AM | 00,376,832 | ---- | M] () C:\WINDOWS\vanwxemgkrp.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{A8F38D8D-E480-4D52-B7A2-731BB6995FDD}]
HKLM CLSID: (CNavExtBho Class) - [02/05/2006 12:03 AM | 00,140,960 | ---- | M] (Symantec Corporation) C:\Program Files\Norton AntiVirus\NAVSHEXT.DLL

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{D157330A-9EF3-49F8-9A67-4141AC41ADD4}]
HKLM CLSID: (CnsHook Class) - [11/23/2007 08:13 AM | 00,081,240 | ---- | M] () C:\WINDOWS\downlo~1\CnsHook.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{F156768E-81EF-470C-9057-481BA8380DBA}]
HKLM CLSID: (gFlash Class) - [09/12/2006 10:50 AM | 00,126,976 | ---- | M] () C:\Program Files\FlashGet\getflash.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{F44D8E66-7BB6-49BD-A924-5E0368C00FD1}]
HKLM CLSID: (Reg Error: Value does not exist or could not be read.) - File not found C:\Program Files\Video Add-on\isfmdl.dll

========== Toolbars ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{25D8BACF-3DE2-4B48-AE22-D659B8D835B0}"
HKLM CLSID: (RX Toolbar) - File not found C:\Program Files\RXToolBar\RXToolBar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{C4069E3A-68F1-403E-B40E-20066696354B}"
HKLM CLSID: (Norton AntiVirus) - [02/05/2006 12:03 AM | 00,140,960 | ---- | M] (Symantec Corporation) C:\Program Files\Norton AntiVirus\NAVSHEXT.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{E0E899AB-F487-11D5-8D29-0050BA6940E3}"
HKLM CLSID: (FlashGet Bar) - [06/07/2005 11:06 AM | 00,086,016 | ---- | M] (Amaze Soft) C:\Program Files\FlashGet\fgiebar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{EFAF6EA3-615D-4F83-8748-2F7A576FCEA6}"
HKLM CLSID: (IE Custom Tools) - File not found C:\Program Files\Video Add-on\ictmdl.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{25D8BACF-3DE2-4B48-AE22-D659B8D835B0}"
HKLM CLSID: (RX Toolbar) - File not found C:\Program Files\RXToolBar\RXToolBar.dll

"{584AAC83-CDBD-4016-9518-96B5016BB0D3}"
HKLM CLSID: (Reg Error: Key does not exist or could not be opened.) - File not found Reg Error: Key does not exist or could not be opened.

"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"
HKLM CLSID: (Yahoo! Toolbar) - File not found Reg Error: Key does not exist or could not be opened.

"{EFAF6EA3-615D-4F83-8748-2F7A576FCEA6}"
HKLM CLSID: (IE Custom Tools) - File not found C:\Program Files\Video Add-on\ictmdl.dll

[HKEY_USERS\S-1-5-21-1891600551-3242204203-514493117-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{25D8BACF-3DE2-4B48-AE22-D659B8D835B0}"
HKLM CLSID: (RX Toolbar) - File not found C:\Program Files\RXToolBar\RXToolBar.dll

"{584AAC83-CDBD-4016-9518-96B5016BB0D3}"
HKLM CLSID: (Reg Error: Key does not exist or could not be opened.) - File not found Reg Error: Key does not exist or could not be opened.

"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"
HKLM CLSID: (Yahoo! Toolbar) - File not found Reg Error: Key does not exist or could not be opened.

"{EFAF6EA3-615D-4F83-8748-2F7A576FCEA6}"
HKLM CLSID: (IE Custom Tools) - File not found C:\Program Files\Video Add-on\ictmdl.dll

[HKEY_USERS\S-1-5-21-1891600551-3242204203-514493117-1009\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]

"{C4069E3A-68F1-403E-B40E-20066696354B}"
HKLM CLSID: (Norton AntiVirus) - [02/05/2006 12:03 AM | 00,140,960 | ---- | M] (Symantec Corporation) C:\Program Files\Norton AntiVirus\NAVSHEXT.DLL

[HKEY_USERS\S-1-5-21-1891600551-3242204203-514493117-1009\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"
HKLM CLSID: (Reg Error: Key does not exist or could not be opened.) - File not found Reg Error: Key does not exist or could not be opened.

"{584AAC83-CDBD-4016-9518-96B5016BB0D3}"
HKLM CLSID: (Reg Error: Key does not exist or could not be opened.) - File not found Reg Error: Key does not exist or could not be opened.

"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"
HKLM CLSID: (Yahoo! Toolbar) - File not found Reg Error: Key does not exist or could not be opened.

========== AppInit_Dlls ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls]
= C:\WINDOWS\system32\__c00CA7F8.dat
>C:\WINDOWS\system32\__c00CA7F8.dat - File not found C:\WINDOWS\system32\__c00CA7F8.dat

========== SSODL Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\ShellServiceObjectDelayLoad]
"hirtellous" = {fa19bd7e-50bc-4203-80ac-c4edc81ca9a3}
HKLM CLSID: (Reg Error: Value does not exist or could not be read.) - File not found C:\WINDOWS\system32\nbbrhbd.dll

========== Shell Execute Hooks ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\ShellExecuteHooks]
"{D157330A-9EF3-49F8-9A67-4141AC41ADD4}" =
HKLM CLSID: (CnsHook Class) - [11/23/2007 08:13 AM | 00,081,240 | ---- | M] () C:\WINDOWS\downlo~1\CnsHook.dll

========== Shared Task Scheduler ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\SharedTaskScheduler]

"{b585105c-0e84-4ef0-9c6a-fbe134a72945}" = ineffulgent
HKLM CLSID: (Reg Error: Value does not exist or could not be read.) - [11/25/2007 06:48 PM | 00,012,800 | --S- | M] () C:\WINDOWS\system32\ivrllc.dll

"{fa19bd7e-50bc-4203-80ac-c4edc81ca9a3}" = hirtellous
HKLM CLSID: (Reg Error: Value does not exist or could not be read.) - File not found C:\WINDOWS\system32\nbbrhbd.dll

========== HKLM Security Providers ==========

========== HKLM Winlogon Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell]
= Explorer.exe SSCVIHOST.exe
>Explorer.exe - [06/13/2007 08:23 PM | 01,033,216 | ---- | M] (Microsoft Corporation) C:\WINDOWS\explorer.exe
>SSCVIHOST.exe - [07/24/2007 03:47 PM | 02,048,512 | RHS- | M] () C:\WINDOWS\system32\SSCVIHOST.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit]
= C:\WINDOWS\system32\userinit.exe,
>C:\WINDOWS\system32\userinit.exe - [08/04/2004 10:00 PM | 00,024,576 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\userinit.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost]
= logonui.exe
>logonui.exe - [08/04/2004 10:00 PM | 00,514,560 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\logonui.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet]
= rundll32 shell32,Control_RunDLL "sysdm.cpl"
>rundll32 shell32 - [10/26/2007 01:34 PM | 08,460,288 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
>Control_RunDLL "sysdm.cpl" - [08/04/2004 10:00 PM | 00,298,496 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\sysdm.cpl

========== User's Winlogon Settings ==========

========== Winlogon Notify Settings ==========

========== Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\policies\Explorer]
"AllowLegacyWebView" = 1
"AllowUnhashedWebView" = 1
"NoCDBurning" = 0
"NoDriveTypeAutoRun" = 255

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\policies\Explorer\run]
"none" = C:\Program Files\Video ActiveX Object\pmsngr.exe File not found
"some" = C:\Program Files\Video Add-on\icthis.exe File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\policies\System]
"dontdisplaylastusername" = 0
"legalnoticecaption" =
"legalnoticetext" =
"shutdownwithoutlogon" = 1
"undockwithoutlogon" = 1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\policies\Explorer]
"NoDriveTypeAutoRun" = 255
"NofolderOptions" = 1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\policies\System]
"DisableTaskMgr" = 1
"DisableRegistryTools" = 1

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\Cur rentVersion\policies\Explorer]
"NoDriveTypeAutoRun" = 145
"NofolderOptions" = 1

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\Cur rentVersion\policies\System]
"DisableTaskMgr" = 1
"DisableRegistryTools" = 1

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\Explorer]
"NoDriveTypeAutoRun" = 145
"NofolderOptions" = 1

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\System]
"DisableTaskMgr" = 1
"DisableRegistryTools" = 1

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\Explorer]
"NoDriveTypeAutoRun" = 145

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\System]
Unable to open key or key not present!


[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\Explorer]
"NoDriveTypeAutoRun" = 145

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\System]
Unable to open key or key not present!


[HKEY_USERS\S-1-5-21-1891600551-3242204203-514493117-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer]
"NoDriveTypeAutoRun" = 255
"NofolderOptions" = 1

[HKEY_USERS\S-1-5-21-1891600551-3242204203-514493117-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System]
"DisableTaskMgr" = 1
"DisableRegistryTools" = 1

[HKEY_USERS\S-1-5-21-1891600551-3242204203-514493117-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer]
"NoDriveTypeAutoRun" = 145
"NofolderOptions" = 1

[HKEY_USERS\S-1-5-21-1891600551-3242204203-514493117-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System]
"DisableTaskMgr" = 1
"DisableRegistryTools" = 1

========== Lsa Authentication Packages ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\Lsa\\Authentication Packages]
= msv1_0,C:\WINDOWS\system32\vtuts.dll,
>C:\WINDOWS\system32\vtuts.dll - File not found C:\WINDOWS\system32\vtuts.dll

========== Lsa Security Packages ==========

========== Desktop Components ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"FriendlyName" = "My Current Home Page"
"Source" = "About:Home"
"SubscribedURL" = "About:Home"

========== Safeboot Options ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot]
"AlternateShell" = cmd.exe

========== Disabled MsConfig Items ==========
Unable to open key or key not present!


========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT [PATH=%PATH%;C:\PROGRA~1\COMMON~1\MUVEET~1\030625 | ]
[01/04/2008 08:08 PM | 00,000,050 | ---- | M] () C:\AUTOEXEC.BAT [ NTFS ]

autorun.inf [[autorun] | OPEN=不可思议的生物.EXE | ICON=不可思议的生物.EXE | ]
[01/07/2003 10:16 PM | 00,000,059 | RHS- | M] () D:\autorun.inf [ FAT32 ]

========== MountPoints2 ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Explorer\MountPoints2\{078870d7-5d35-11db-adf7-806d6172696f}\Shell]
"" = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Explorer\MountPoints2\{a993000a-94a3-11db-aef8-0019214493d0}\Shell]
"" = verb1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Explorer\MountPoints2\{be08fc6c-17ee-11dc-b07e-0019214493d0}\Shell]
"" = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Explorer\MountPoints2\{bfb1ce04-4425-11dd-b387-0019214493d0}\Shell]
"" = AutoRun

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Explorer\MountPoints2\{daf09bb2-3849-11db-ae2d-0016ec5ddcb6}\Shell]
"" = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Explorer\MountPoints2\{fa2819cc-e9b1-11dc-b277-0019214493d0}\Shell]
"" = Autorun

========== DNS Name Servers ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\Tcpip\Parameters\Adapters\{356F2DA8-626D-4202-B28A-9EAD68EB0776}]
Servers: | Description: Realtek RTL8169/8110 Family Gigabit Ethernet NIC

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\Tcpip\Parameters\Adapters\{9C0A31BF-47B1-404F-81D3-0609F7A57BA3}]
Servers: | Description:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\Tcpip\Parameters\Adapters\{FCF4D1B9-D04B-4EBE-BF69-4D7B4368EC6A}]
Servers: | Description: Realtek RTL8169/8110 Family Gigabit Ethernet NIC
Reply With Quote
  #5  
Old September 7th, 2008, 05:51 AM
blueray blueray is offline
New Member
 
Join Date: Sep 2008
Posts: 13
========== Hosts File ==========

HOSTS File = (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost



========== Files/Folders - Created Within 30 days ==========

[09/01/2008 06:27 PM | 00,069,632 | ---- | C] (Alvaro Redondo) - C:\WINDOWS\System32\ARFlatButton.ocx
[09/01/2008 06:27 PM | 00,081,920 | ---- | C] () - C:\WINDOWS\System32\GkSui20.EXE
[09/01/2008 06:27 PM | 00,102,400 | ---- | C] (Miguel Redondo) - C:\WINDOWS\System32\MRActLabel.ocx
[09/01/2008 06:27 PM | 00,131,072 | ---- | C] (Alvaro Redondo) - C:\WINDOWS\System32\ARButton.ocx
[09/01/2008 06:27 PM | 00,184,320 | ---- | C] (Alvaro Redondo) - C:\WINDOWS\System32\ARFrmExt.ocx
[09/01/2008 10:15 PM | 00,024,064 | ---- | C] () - C:\WINDOWS\System32\lpov32i.dll
[09/01/2008 10:16 PM | 00,024,064 | ---- | C] () - C:\WINDOWS\System32\cfax32i.dll
[09/06/2008 02:46 PM | 00,038,272 | ---- | C] () - C:\WINDOWS\System32\awtqQGvu.dll
[09/06/2008 02:46 PM | 00,038,272 | ---- | C] () - C:\WINDOWS\System32\jkkKdedC.dll
[08/16/2008 08:10 PM | 00,000,060 | ---- | C] () - C:\WINDOWS\wininit.ini
[09/06/2008 02:36 PM | 00,376,832 | ---- | C] () - C:\WINDOWS\vanwxemgkrp.dll
[09/06/2008 02:41 PM | 00,098,304 | ---- | C] () - C:\WINDOWS\edkx.exe
[09/06/2008 02:41 PM | 00,135,168 | ---- | C] () - C:\WINDOWS\sxmaokgf.exe
[09/06/2008 02:41 PM | 00,204,800 | ---- | C] () - C:\WINDOWS\gksraemq.dll
[09/06/2008 02:41 PM | 00,204,800 | ---- | C] () - C:\WINDOWS\xrdwbfgn.dll
[09/06/2008 02:41 PM | 00,233,472 | ---- | C] () - C:\WINDOWS\dgksvbpn.dll
[09/07/2008 01:46 PM | 00,000,354 | ---- | C] () - C:\WINDOWS\tasks\At1.job
[08/11/2008 06:39 PM | 00,041,072 | ---- | C] () - C:\Documents and Settings\EmmaKate\Application Data\GDIPFONTCACHEV1.DAT
[08/19/2008 09:54 PM | ---D | C] - C:\Documents and Settings\EmmaKate\My Documents\Battlefield 2
[08/29/2008 09:16 PM | 00,033,792 | ---- | C] () - C:\Documents and Settings\EmmaKate\My Documents\培华中文学校.doc
** - C:\Documents and Settings\EmmaKate\My Documents\??????.doc
[08/31/2008 04:10 PM | 11,388,416 | ---- | C] () - C:\Documents and Settings\EmmaKate\My Documents\Application Compatibility Toolkit.msi
[08/31/2008 08:23 PM | 00,022,016 | ---- | C] () - C:\Documents and Settings\EmmaKate\My Documents\培华中文学校六年级作业.doc
** - C:\Documents and Settings\EmmaKate\My Documents\???????????.doc
[09/01/2008 08:12 PM | 00,022,016 | ---- | C] () - C:\Documents and Settings\EmmaKate\My Documents\speech Diving.doc
[09/06/2008 04:53 PM | ---D | C] - C:\Documents and Settings\EmmaKate\My Documents\Random Files
[08/19/2008 05:12 PM | 00,001,840 | ---- | C] () - C:\Documents and Settings\All Users\Desktop\Age of Empires III.lnk
[08/19/2008 09:55 PM | 00,001,765 | ---- | C] () - C:\Documents and Settings\All Users\Desktop\Battlefield 2.lnk
[08/19/2008 09:55 PM | 00,001,787 | ---- | C] () - C:\Documents and Settings\All Users\Desktop\Play BF2 Online Now!.lnk
[08/17/2008 01:05 PM | 00,000,672 | ---- | C] () - C:\Documents and Settings\EmmaKate\Desktop\Audacity.lnk
[09/06/2008 04:59 PM | 00,001,776 | ---- | C] () - C:\Documents and Settings\EmmaKate\Desktop\HijackThis.lnk
[08/22/2008 12:51 AM | ---D | C] - C:\Program Files\Common Files\EasyInfo
[08/12/2008 04:43 PM | ---D | C] - C:\Program Files\zMUD
[08/17/2008 01:05 PM | ---D | C] - C:\Program Files\Audacity
[09/01/2008 05:52 PM | ---D | C] - C:\Program Files\Microsoft Application Compatibility Toolkit 5
[09/06/2008 04:59 PM | ---D | C] - C:\Program Files\Trend Micro

========== Files - Modified Within 30 days ==========

[09/01/2008 01:35 PM | 00,000,244 | -H-- | M] () - C:\sqmnoopt16.sqm
[09/01/2008 01:35 PM | 00,000,268 | -H-- | M] () - C:\sqmdata16.sqm
[09/02/2008 03:07 PM | 00,000,244 | -H-- | M] () - C:\sqmnoopt17.sqm
[09/02/2008 03:07 PM | 00,000,268 | -H-- | M] () - C:\sqmdata17.sqm
[09/05/2008 03:42 PM | 00,000,244 | -H-- | M] () - C:\sqmnoopt19.sqm
[09/05/2008 03:42 PM | 00,000,268 | -H-- | M] () - C:\sqmdata19.sqm
[09/05/2008 07:30 PM | 00,000,244 | -H-- | M] () - C:\sqmnoopt00.sqm
[09/05/2008 07:30 PM | 00,000,268 | -H-- | M] () - C:\sqmdata00.sqm
[09/05/2008 08:17 AM | 00,000,244 | -H-- | M] () - C:\sqmnoopt18.sqm
[09/05/2008 08:17 AM | 00,000,268 | -H-- | M] () - C:\sqmdata18.sqm
[09/06/2008 06:52 AM | 00,000,244 | -H-- | M] () - C:\sqmnoopt01.sqm
[09/06/2008 06:52 AM | 00,000,268 | -H-- | M] () - C:\sqmdata01.sqm
[09/06/2008 08:58 AM | 00,000,244 | -H-- | M] () - C:\sqmnoopt02.sqm
[09/06/2008 08:58 AM | 00,000,268 | -H-- | M] () - C:\sqmdata02.sqm
[09/07/2008 01:43 PM | 46,929,1008 | -HS- | M] () - C:\hiberfil.sys
[09/07/2008 02:41 PM | 00,000,244 | -H-- | M] () - C:\sqmnoopt03.sqm
[09/07/2008 02:41 PM | 00,000,268 | -H-- | M] () - C:\sqmdata03.sqm
[11 C:\WINDOWS\System32\*.tmp files]
[08/19/2008 07:10 PM | 00,176,264 | ---- | M] () - C:\WINDOWS\System32\FNTCACHE.DAT
[08/19/2008 09:35 PM | 00,041,072 | ---- | M] () - C:\WINDOWS\System32\GDIPFONTCACHEV1.DAT
[09/01/2008 05:53 PM | 00,063,484 | ---- | M] () - C:\WINDOWS\System32\perfc009.dat
[09/01/2008 05:53 PM | 00,403,976 | ---- | M] () - C:\WINDOWS\System32\perfh009.dat
[09/01/2008 05:53 PM | 00,474,018 | ---- | M] () - C:\WINDOWS\System32\PerfStringBackup.INI
[09/01/2008 10:15 PM | 00,024,064 | ---- | M] () - C:\WINDOWS\System32\lpov32i.dll
[09/01/2008 10:16 PM | 00,024,064 | ---- | M] () - C:\WINDOWS\System32\cfax32i.dll
[09/06/2008 02:46 PM | 00,038,272 | ---- | M] () - C:\WINDOWS\System32\awtqQGvu.dll
[09/06/2008 02:46 PM | 00,038,272 | ---- | M] () - C:\WINDOWS\System32\jkkKdedC.dll
[09/06/2008 06:57 AM | 00,000,664 | ---- | M] () - C:\WINDOWS\System32\d3d9caps.dat
[09/07/2008 02:41 PM | 00,001,158 | ---- | M] () - C:\WINDOWS\System32\wpa.dbl
[1 C:\WINDOWS\*.tmp files]
[08/16/2008 08:10 PM | 00,000,060 | ---- | M] () - C:\WINDOWS\wininit.ini
[09/06/2008 08:23 AM | 00,098,304 | ---- | M] () - C:\WINDOWS\edkx.exe
[09/06/2008 08:23 AM | 00,135,168 | ---- | M] () - C:\WINDOWS\sxmaokgf.exe
[09/06/2008 08:23 AM | 00,204,800 | ---- | M] () - C:\WINDOWS\gksraemq.dll
[09/06/2008 08:23 AM | 00,204,800 | ---- | M] () - C:\WINDOWS\xrdwbfgn.dll
[09/06/2008 08:23 AM | 00,233,472 | ---- | M] () - C:\WINDOWS\dgksvbpn.dll
[09/06/2008 08:23 AM | 00,376,832 | ---- | M] () - C:\WINDOWS\vanwxemgkrp.dll
[09/07/2008 01:43 PM | 00,002,048 | --S- | M] () - C:\WINDOWS\bootstat.dat
[09/07/2008 02:42 PM | 00,054,156 | -H-- | M] () - C:\WINDOWS\QTFont.qfn
[09/01/2008 09:06 PM | 00,000,284 | ---- | M] () - C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[09/05/2008 08:00 PM | 00,000,536 | ---- | M] () - C:\WINDOWS\tasks\Norton AntiVirus - Run Full System Scan - EmmaKate.job
[09/07/2008 01:44 PM | 00,000,006 | -H-- | M] () - C:\WINDOWS\tasks\SA.DAT
[09/07/2008 02:00 PM | 00,000,358 | ---- | M] () - C:\WINDOWS\tasks\DM_Install_Program.job
[09/07/2008 02:42 PM | 00,000,354 | ---- | M] () - C:\WINDOWS\tasks\At1.job
[08/24/2008 10:47 AM | 00,041,072 | ---- | M] () - C:\Documents and Settings\EmmaKate\Application Data\GDIPFONTCACHEV1.DAT
[08/25/2008 09:40 PM | 00,038,912 | -HS- | M] () - C:\Documents and Settings\EmmaKate\My Documents\Thumbs.db
@Alternate Data Stream - 0 bytes -> %UserProfile%\My Documents\Thumbs.db:encryptable
[08/29/2008 09:16 PM | 00,033,792 | ---- | M] () - C:\Documents and Settings\EmmaKate\My Documents\培华中文学校.doc
** - C:\Documents and Settings\EmmaKate\My Documents\??????.doc
[08/31/2008 04:10 PM | 11,388,416 | ---- | M] () - C:\Documents and Settings\EmmaKate\My Documents\Application Compatibility Toolkit.msi
[08/31/2008 08:23 PM | 00,022,016 | ---- | M] () - C:\Documents and Settings\EmmaKate\My Documents\培华中文学校六年级作业.doc
** - C:\Documents and Settings\EmmaKate\My Documents\???????????.doc
[09/06/2008 09:30 PM | 00,000,634 | ---- | M] () - C:\Documents and Settings\EmmaKate\My Documents\My Sharing Folders.lnk
[09/06/2008 10:10 PM | 00,022,016 | ---- | M] () - C:\Documents and Settings\EmmaKate\My Documents\speech Diving.doc
[08/19/2008 05:12 PM | 00,001,840 | ---- | M] () - C:\Documents and Settings\All Users\Desktop\Age of Empires III.lnk
[08/19/2008 09:55 PM | 00,001,765 | ---- | M] () - C:\Documents and Settings\All Users\Desktop\Battlefield 2.lnk
[08/19/2008 09:55 PM | 00,001,787 | ---- | M] () - C:\Documents and Settings\All Users\Desktop\Play BF2 Online Now!.lnk
[08/17/2008 01:05 PM | 00,000,672 | ---- | M] () - C:\Documents and Settings\EmmaKate\Desktop\Audacity.lnk
[09/06/2008 04:59 PM | 00,001,776 | ---- | M] () - C:\Documents and Settings\EmmaKate\Desktop\HijackThis.lnk
Reply With Quote
  #6  
Old September 8th, 2008, 03:06 PM
Morfeasss Morfeasss is offline
CTH Subscriber
 
Join Date: Feb 2006
O/S: Windows XP Home
Location: Greece
Posts: 5,140
Hello,

Let's begin with this tool.

Please download

SDFix.exe from here and save it to your desktop.

When you have done this, please boot into Safe Mode (Reboot and at startup start tapping the F8 key).

Doubleclick SDFix.exe and click Install. It will create a folder under your C drive named SDFix (C:\SDFix). Navigate to C:\SDFix and doubleclick on RunThis.bat to start the script.

Type Y to begin the script. It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot. When you hit any key, your computer will reboot. Your system will take longer that normal to restart as the fixtool will be running and removing files.

When your desktop loads, the utility will complete the removal and display Finished. Press any key again to end the script and load your desktop icons. Finally open the SDFix folder on your desktop and copy and paste the contents of Report.txt back in this thread.

Note: Do NOT use the msconfig option to boot into Safe Mode, if you can't boot into Safe Mode by tapping the F8 key, just post back here and let me know.

Please post back the SDFix report, along with a fresh HijackThis log.

I would also like to see another kind of scan, download Silent Runners to your desktop. Run it, and post back here the log it creates. If your AV queries the script, allow it to run. It's not malicious. It will create a file named Startup Programs, and will notify when the scan is complete. Copy the log from the Startup Programs file back here.
Reply With Quote
  #7  
Old September 8th, 2008, 03:53 PM
blueray blueray is offline
New Member
 
Join Date: Sep 2008
Posts: 13
Hey,

The SdFix report that I acquired after the process:

SDFix: Version 1.222
Run by EmmaKate on Tue 09/09/2008 at 00:32

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


Checking Files :

Trojan Files Found:

C:\WINDOWS\SYSTEM32\CFAX32I.DLL - Deleted
C:\WINDOWS\SYSTEM32\LPOV32I.DLL - Deleted
C:\WINDOWS\EDKX.EXE - Deleted
C:\DOCUME~1\EmmaKate\LOCALS~1\Temp\ac8zt2\edkx.exe - Deleted
C:\Program Files\3721\alliveex.dll - Deleted
C:\Program Files\3721\alrex.dll - Deleted
C:\Program Files\3721\autolive.dll - Deleted
C:\Program Files\3721\autolive.ini - Deleted
C:\Program Files\3721\autolvsw.ini - Deleted
C:\Program Files\3721\autolvup.cab - Deleted
C:\Program Files\3721\cns03.dat - Deleted
C:\Program Files\3721\cnsm.dll - Deleted
C:\Program Files\3721\CNSMIN.DAT - Deleted
C:\Program Files\3721\helper.dll - Deleted
C:\Program Files\3721\notifier.dll - Deleted
C:\Program Files\3721\scrblock.dll - Deleted
C:\Program Files\3721\windex.dat - Deleted
C:\Program Files\3721\winhex.dat - Deleted
C:\Program Files\3721\3721\AutoLive.dll - Deleted
C:\DOCUME~1\EmmaKate\LOCALS~1\Temp\sfsrv.exe.bat - Deleted
C:\DOCUME~1\EmmaKate\LOCALS~1\Temp\smchk.exe.bat - Deleted
C:\WINDOWS\vanwxemgkrp.dll - Deleted
C:\Documents and Settings\EmmaKate\Favorites\Online Security Test.url - Deleted
C:\DOCUME~1\EmmaKate\LOCALS~1\Temp\08.php.bat - Deleted
C:\DOCUME~1\EmmaKate\LOCALS~1\Temp\sfsrv.exe - Deleted
C:\WINDOWS\dgksvbpn.dll - Deleted
C:\WINDOWS\gksraemq.dll - Deleted
C:\WINDOWS\smdat32a.sys - Deleted
C:\WINDOWS\sxmaokgf.exe - Deleted
C:\WINDOWS\system32\autorun.ini - Deleted
C:\WINDOWS\system32\blastclnnn.exe - Deleted
C:\WINDOWS\system32\setting.ini - Deleted
C:\WINDOWS\system32\SSCVIHOST.exe - Deleted
C:\WINDOWS\xrdwbfgn.dll - Deleted



Folder C:\Documents and Settings\EmmaKate\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#w*w .redtube.com - Removed
Folder C:\Program Files\3721 - Removed


Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-09 00:42:53
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\sptd\Cfg]
"s0"=dword:de829952
"s1"=dword:756913f9
"s2"=dword:5e4a9495
"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:a6,35,b6,f8,57,ce,7e,e2,53,07,05,3d,62 ,d0,0b,a3,00,51,47,4b,48,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000 001]
"a0"=hex:20,01,00,00,07,6f,90,92,8c,a4,af,df,cb,b0 ,8d,27,99,3f,4d,e4,d9,..
"khjeh"=hex:48,4b,c7,9e,b6,9e,77,44,8d,8d,8d,4c,d8 ,dc,a0,30,d4,62,22,54,06,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000 001\0Jf40]
"khjeh"=hex:9c,95,40,90,a7,3b,40,6c,45,88,a9,3a,c4 ,78,8a,8b,83,fb,c4,37,19,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000 001\0Jf41]
"khjeh"=hex:06,c7,ad,2a,22,e9,a4,53,65,96,53,89,f5 ,33,99,33,75,06,c2,3f,52,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\s ptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:a6,35,b6,f8,57,ce,7e,e2,53,07,05,3d,62 ,d0,0b,a3,00,51,47,4b,48,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\s ptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,07,6f,90,92,8c,a4,af,df,cb,b0 ,8d,27,99,3f,4d,e4,d9,..
"khjeh"=hex:48,4b,c7,9e,b6,9e,77,44,8d,8d,8d,4c,d8 ,dc,a0,30,d4,62,22,54,06,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\s ptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\ 0Jf40]
"khjeh"=hex:9c,95,40,90,a7,3b,40,6c,45,88,a9,3a,c4 ,78,8a,8b,83,fb,c4,37,19,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\s ptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\ 0Jf41]
"khjeh"=hex:06,c7,ad,2a,22,e9,a4,53,65,96,53,89,f5 ,33,99,33,75,06,c2,3f,52,..

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\standard profile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\syste m32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Acer\\Acer eConsole\\MediaSync.exe"="C:\\Program Files\\Acer\\Acer eConsole\\MediaSync.exe:*:Enabled:Media Synchronizer"
"D:\\Program Files\\The Creative Assembly\\Rome - Total War\\RomeTW-BI.exe"="D:\\Program Files\\The Creative Assembly\\Rome - Total War\\RomeTW-BI.exe:*:Enabled:Rome: Total War - Barbarian Invasion"
"C:\\Program Files\\THQ\\Dawn of War - Dark Crusade\\DarkCrusade.exe"="C:\\Program Files\\THQ\\Dawn of War - Dark Crusade\\DarkCrusade.exe:*:EnabledarkCrusade"
"C:\\WINDOWS\\system32\\dplaysvr.exe"="C:\\WINDOWS \\system32\\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper"
"C:\\STRONGDL\\STC\\Stronghold Crusader.exe"="C:\\STRONGDL\\STC\\Stronghold Crusader.exe:*:Enabled:Stronghold Crusader"
"C:\\WINDOWS\\system32\\dpnsvr.exe"="C:\\WINDOWS\\ system32\\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server"
"D:\\Neo\\Cultures2\\Cultures2.exe"="D:\\Neo\\Cult ures2\\Cultures2.exe:*:Enabled:Cultures2"
"C:\\Program Files\\Microsoft Games\\Rise of Nations\\thrones.exe"="C:\\Program Files\\Microsoft Games\\Rise of Nations\\thrones.exe:*:Enabled:Rise of Nations"
"C:\\Games\\RedFaction\\RedFaction.exe"="C:\\Games \\RedFaction\\RedFaction.exe:*:Enabled:Red Faction Launcher"
"C:\\Games\\RedFaction\\RF.exe"="C:\\Games\\RedFac tion\\RF.exe:*:Enabled:Red Faction"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\DOCUME~1\\EmmaKate\\LOCALS~1\\Temp\\is-BLSI4.tmp\\101385.exe"="C:\\DOCUME~1\\EmmaKate\\LO CALS~1\\Temp\\is-BLSI4.tmp\\101385.exe:*:EnabledM"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"D:\\Program Files\\NWN\\nwmain.exe"="D:\\Program Files\\NWN\\nwmain.exe:*:Enabled:Neverwinter Nights"
"D:\\Program Files\\The Creative Assembly\\Rome - Total War\\RomeTW.exe"="D:\\Program Files\\The Creative Assembly\\Rome - Total War\\RomeTW.exe:*:Enabled:Rome: Total War"
"C:\\Program Files\\Kazaa\\kazaa.exe"="C:\\Program Files\\Kazaa\\kazaa.exe:*:Enabled:Kazaa"
"C:\\WINDOWS\\system32\\enprpwgh.exe"="C:\\WINDOWS \\system32\\enp"
"C:\\Program Files\\Warcraft 3\\Warcraft III.exe"="C:\\Program Files\\Warcraft 3\\Warcraft III.exe:*:Enabled:Warcraft III"
"C:\\WINDOWS\\system32\\nyxhvmgh.exe"="C:\\WINDOWS \\system32\\nyx"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\LucasArts\\Star Wars Jedi Knight Jedi Academy\\GameData\\jamp.exe"="C:\\Program Files\\LucasArts\\Star Wars Jedi Knight Jedi Academy\\GameData\\jamp.exe:*:Enabled:Jedi Academy MultiPlayer"
"C:\\Program Files\\BitDownload\\BitDownload.exe"="C:\\Program Files\\BitDownload\\BitDownload.exe:*:Enabled:Ware z3"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\StepMania CVS\\Program\\StepMania.exe"="C:\\Program Files\\StepMania CVS\\Program\\StepMania.exe:*:Enabled:StepMania"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\domainpr ofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\syste m32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

Remaining Files :


File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Sat 20 Nov 2004 26,112 A..H. --- "C:\WINDOWS\AcerDRV\InsD1211.exe"
Wed 16 Nov 2005 26,112 A..H. --- "C:\WINDOWS\AcerDRV\InsD1215.exe"
Mon 30 Aug 2004 44,032 A..H. --- "C:\WINDOWS\AcerDRV\rescan.exe"
Sat 20 Nov 2004 26,112 A..H. --- "C:\WINDOWS\system32\InsD1211.exe"
Wed 16 Nov 2005 26,112 A..H. --- "C:\WINDOWS\system32\InsD1215.exe"
Thu 7 Aug 2003 24,576 A..H. --- "C:\WINDOWS\system32\KCMDNIns.exe"
Thu 17 Nov 2005 24,576 A..HR --- "C:\WINDOWS\system32\Kill1211.exe"
Thu 20 Oct 2005 1,024 ...HR --- "C:\WINDOWS\system32\NTIBUN4.dll"
Thu 20 Oct 2005 1,024 ...HR --- "C:\WINDOWS\system32\NTICDMK7.dll"
Thu 20 Oct 2005 1,024 A..HR --- "C:\WINDOWS\system32\NTIFCD3.dll"
Thu 20 Oct 2005 1,024 A..HR --- "C:\WINDOWS\system32\NTIMP3.dll"
Thu 20 Oct 2005 1,024 A..HR --- "C:\WINDOWS\system32\NTIMPEG2.dll"
Fri 8 Aug 2003 24,576 A..H. --- "C:\WINDOWS\system32\reboot.exe"
Sat 20 Nov 2004 26,112 A..H. --- "C:\WINDOWS\system32\RemD1211.exe"
Wed 16 Nov 2005 26,112 A..H. --- "C:\WINDOWS\system32\RemD1215.exe"
Mon 30 Aug 2004 44,032 A..H. --- "C:\WINDOWS\system32\rescan.exe"
Thu 6 Dec 2007 182,442 ..SH. --- "C:\WINDOWS\system32\stutv.tmp"
Sun 2 Dec 2007 6,495 ..SH. --- "C:\WINDOWS\system32\stutv.bak1"
Sun 17 Feb 2008 176,411 ..SH. --- "C:\WINDOWS\system32\stutv.bak2"
Tue 24 Jul 2007 2,048,512 A.SHR --- "C:\Documents and Settings\All Users\Documents\SSCVIHOST.exe"
Wed 6 Feb 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Wed 5 Dec 2007 71,168 ..SH. --- "C:\Documents and Settings\Stella\Local Settings\Temp\dhpwlvfc.exe"
Tue 4 Dec 2007 71,168 ..SH. --- "C:\Documents and Settings\Stella\Local Settings\Temp\uyqmamfw.exe"
Thu 9 Nov 2006 20,480 A..H. --- "C:\Program Files\Nexon\Audition\Hshield\22dde3da.dll"
Thu 9 Nov 2006 20,480 A..H. --- "C:\Program Files\Nexon\Audition\Hshield\3c45a02.dll"
Sat 16 Aug 2008 8,933,416 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\1c63fcfe 5fe95719daaa919f32918ce2\BITAE.tmp"
Sat 16 Aug 2008 7,182,968 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\ef0a00a1 1b44725ed0ff48653c8191a6\BIT1.tmp"
Wed 7 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\fd026484 9c01086f3c6b505dc02dbd44\BIT1.tmp"
Reply With Quote
  #8  
Old September 8th, 2008, 04:02 PM
blueray blueray is offline
New Member
 
Join Date: Sep 2008
Posts: 13
And here is the SilentRunner Startup Program report that came out:
"Silent Runners.vbs", revision 58, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run \ {++}
"ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS]
"MsnMsgr" = ""C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background" [MS]
"PcSync" = "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog" [file not found]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run \ {++}
"LaunchApp" = "Alaunch" ["Acer Inc."]
"ntiMUI" = "C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [null data]
"RemoteControl" = ""C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"" ["Cyberlink Corp."]
"MSPY2002" = "C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC" [null data]
"SiSPower" = "Rundll32.exe SiSPower.dll,ModeAgent" [MS]
"SMSERIAL" = "sm56hlpr.exe" ["Motorola Inc."]
"Acer Empowering Technology Monitor" = "C:\WINDOWS\system32\SysMonitor.exe" [null data]
"eRecoveryService" = "C:\Acer\Empowering Technology\eRecovery\eRAgent.exe" ["Acer Inc."]
"AspireService" = "C:\Program Files\Acer\Acer eMode Management\AspireService.exe" ["Acer Inc."]
"MediaSync" = "C:\Program Files\Acer\Acer eConsole\MediaSync.exe" ["Acer Inc."]
"PCMService" = ""C:\Program Files\Acer TV-FM\PCMService.exe"" ["CyberLink Corp."]
"ccApp" = ""C:\Program Files\Common Files\Symantec Shared\ccApp.exe"" ["Symantec Corporation"]
"SoundMan" = "SOUNDMAN.EXE" ["Realtek Semiconductor Corp."]
"ImageItEncrypt" = "C:\WINDOWS\system32\ImageItEncrypt.exe" [null data]
"helper.dll" = "C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\3721\helper.dll,Rundll32" [MS]
"CnsMin" = "Rundll32.exe C:\WINDOWS\downlo~1\CnsMin.dll,Rundll32" [MS]
"ISUSPM Startup" = "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM .exe -startup" ["InstallShield Software Corporation"]
"ISUSScheduler" = ""C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start" ["InstallShield Software Corporation"]
"QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Inc."]
"iTunesHelper" = ""C:\Program Files\iTunes\iTunesHelper.exe"" ["Apple Inc."]
"320d18a1" = "rundll32.exe "C:\WINDOWS\system32\bviitlrx.dll",b" [MS]
"ThreatFire" = "C:\Program Files\ThreatFire\TFTray.exe" ["PC Tools"]
"SunJavaUpdateSched" = "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" ["Sun Microsystems, Inc."]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "AcroIEHlprObj Class"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}\(Default) = (no title provided)
-> {HKLM...CLSID} = "IeCatch5 Class"
\InProcServer32\(Default) = "C:\PROGRA~1\FlashGet\jccatch.dll" ["FlashGet"]
{59879FA4-4790-461c-A1CC-4EC4DE4CA483}\(Default) = (no title provided)
-> {HKLM...CLSID} = "RXResultTracker Class"
\InProcServer32\(Default) = "C:\Program Files\RXToolBar\sfcont.dll" [file not found]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
-> {HKLM...CLSID} = "SSVHelper Class"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll" ["Sun Microsystems, Inc."]
{9030D464-4C02-4ABF-8ECC-5164760863C6}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Windows Live Sign-in Helper"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll" [MS]
{A8F38D8D-E480-4D52-B7A2-731BB6995FDD}\(Default) = "NAV Helper"
-> {HKLM...CLSID} = "CNavExtBho Class"
\InProcServer32\(Default) = "C:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]
{D157330A-9EF3-49F8-9A67-4141AC41ADD4}\(Default) = "IE"
-> {HKLM...CLSID} = "CnsHook Class"
\InProcServer32\(Default) = "C:\WINDOWS\downlo~1\CnsHook.dll" ["******(**)****" (unwritable string)]
{F156768E-81EF-470C-9057-481BA8380DBA}\(Default) = (no title provided)
-> {HKLM...CLSID} = "gFlash Class"
\InProcServer32\(Default) = "C:\PROGRA~1\FlashGet\getflash.dll" [null data]
{F44D8E66-7BB6-49BD-A924-5E0368C00FD1}\(Default) = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Video Add-on\isfmdl.dll" [file not found]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Display Panning CPL Extension"
-> {HKLM...CLSID} = "Display Panning CPL Extension"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
"{E0D79304-84BE-11CE-9641-444553540000}" = "WinZip"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"]
"{E0D79305-84BE-11CE-9641-444553540000}" = "WinZip"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"]
"{E0D79306-84BE-11CE-9641-444553540000}" = "WinZip"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"]
"{E0D79307-84BE-11CE-9641-444553540000}" = "WinZip"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"]
"{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D}" = "Messenger Sharing Folders"
-> {HKLM...CLSID} = "My Sharing Folders"
\InProcServer32\(Default) = "C:\Program Files\Windows Live\Messenger\fsshext.8.5.1302.1018.dll" [MS]
"{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}" = "iTunes"
-> {HKLM...CLSID} = "iTunes"
\InProcServer32\(Default) = "C:\Program Files\iTunes\iTunesMiniPlayer.dll" ["Apple Inc."]
"{23170F69-40C1-278A-1000-000100020000}" = "7-Zip Shell Extension"
-> {HKLM...CLSID} = "7-Zip Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\7-Zip\7-zip.dll" ["Igor Pavlov"]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler"
-> {HKLM...CLSID} = "Outlook File Icon Extension"
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\OLKFSTUB.DLL" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\msohev.dll" [MS]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\SharedTaskScheduler\
<<!>> "{fa19bd7e-50bc-4203-80ac-c4edc81ca9a3}" = "hirtellous"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\system32\nbbrhbd.dll" [file not found]
<<!>> "{b585105c-0e84-4ef0-9c6a-fbe134a72945}" = "ineffulgent"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\system32\ivrllc.dll" [null data]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\ShellExecuteHooks\
<<!>> "{D157330A-9EF3-49F8-9A67-4141AC41ADD4}" = "*i" (unwritable string)
-> {HKLM...CLSID} = "CnsHook Class"
\InProcServer32\(Default) = "C:\WINDOWS\downlo~1\CnsHook.dll" ["******(**)****" (unwritable string)]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\She llServiceObjectDelayLoad\
"hirtellous" = "{fa19bd7e-50bc-4203-80ac-c4edc81ca9a3}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\system32\nbbrhbd.dll" [file not found]
"WPDShServiceObj" = "{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"
-> {HKLM...CLSID} = "WPDShServiceObj Class"
\InProcServer32\(Default) = "C:\WINDOWS\system32\WPDShServiceObj.dll" [MS]

HKLM\SYSTEM\CurrentControlSet\Control\Lsa\
<<!>> "Authentication Packages" = "msv1_0"|"C:\WINDOWS\system32\vtuts.dll"

HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\
<<!>> text/html\CLSID = "{2AB289AE-4B90-4281-B2AE-1F4BB034B647}"
-> {HKLM...CLSID} = "RXResultFilter Class"
\InProcServer32\(Default) = "C:\Program Files\RXToolBar\sfcont.dll" [file not found]

HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandler s\
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
-> {HKLM...CLSID} = "PDF Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]

HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandler s\
7-Zip\(Default) = "{23170F69-40C1-278A-1000-000100020000}"
-> {HKLM...CLSID} = "7-Zip Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\7-Zip\7-zip.dll" ["Igor Pavlov"]
Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{FAD61B3D-699D-49B2-BE16-7F82CB4C59CA}"
-> {HKLM...CLSID} = "IEContextMenu Class"
\InProcServer32\(Default) = "C:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"]

HKLM\SOFTWARE\Classes\Directory\shellex\ContextMen uHandlers\
7-Zip\(Default) = "{23170F69-40C1-278A-1000-000100020000}"
-> {HKLM...CLSID} = "7-Zip Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\7-Zip\7-zip.dll" ["Igor Pavlov"]
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"]

HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHa ndlers\
Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{FAD61B3D-699D-49B2-BE16-7F82CB4C59CA}"
-> {HKLM...CLSID} = "IEContextMenu Class"
\InProcServer32\(Default) = "C:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"]


Group Policies {policy setting}:
--------------------------------

Note: detected settings may not have any effect.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Pol icies\Explorer\

"AllowLegacyWebView" = (REG_DWORD) dword:0x00000001
{unrecognized setting}

"AllowUnhashedWebView" = (REG_DWORD) dword:0x00000001
{unrecognized setting}

"NoCDBurning" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Pol icies\System\

"shutdownwithoutlogon" = (REG_DWORD) dword:0x00000001
{Shutdown: Allow system to be shut down without having to log on}

"undockwithoutlogon" = (REG_DWORD) dword:0x00000001
{Devices: Allow undock without having to log on}


Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Exp lorer\ShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\WINDOWS\web\wallpaper\Bliss.bmp"

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\WINDOWS\web\wallpaper\Bliss.bmp"


Windows Portable Device AutoPlay Handlers
-----------------------------------------

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\AutoplayHandlers\Handlers\

ArcSoftVideoCameraArrival\
"Provider" = "NTI HomeVideo-Maker"
"ProgID" = "Shell.HWEventHandlerShellExecute"
"InitCmdLine" = "C:\PROGRA~1\NEWTEC~1\HOMEVI~1\showbiz.exe /capture"
HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExe cute\CLSID\(Default) = "{FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}"
-> {HKLM...CLSID} = "ShellExecute HW Event Handler"
\LocalServer32\(Default) = "rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" [MS]

iTunesBurnCDOnArrival\
"Provider" = "iTunes"
"InvokeProgID" = "iTunes.BurnCD"
"InvokeVerb" = "burn"
HKLM\SOFTWARE\Classes\iTunes.BurnCD\shell\burn\com mand\(Default) = ""C:\Program Files\iTunes\iTunes.exe" /AutoPlayBurn "%L"" ["Apple Inc."]

iTunesImportSongsOnArrival\
"Provider" = "iTunes"
"InvokeProgID" = "iTunes.ImportSongsOnCD"
"InvokeVerb" = "import"
HKLM\SOFTWARE\Classes\iTunes.ImportSongsOnCD\shell \import\command\(Default) = ""C:\Program Files\iTunes\iTunes.exe" /AutoPlayImportSongs "%L"" ["Apple Inc."]

iTunesPlaySongsOnArrival\
"Provider" = "iTunes"
"InvokeProgID" = "iTunes.PlaySongsOnCD"
"InvokeVerb" = "play"
HKLM\SOFTWARE\Classes\iTunes.PlaySongsOnCD\shell\p lay\command\(Default) = ""C:\Program Files\iTunes\iTunes.exe" /playCD "%L"" ["Apple Inc."]

iTunesShowSongsOnArrival\
"Provider" = "iTunes"
"InvokeProgID" = "iTunes.ShowSongsOnCD"
"InvokeVerb" = "showsongs"
HKLM\SOFTWARE\Classes\iTunes.ShowSongsOnCD\shell\s howsongs\command\(Default) = ""C:\Program Files\iTunes\iTunes.exe" /AutoPlayShowSongs "%L"" ["Apple Inc."]

MSWPDShellNamespaceHandler\
"Provider" = "@%SystemRoot%\System32\WPDShextRes.dll,-501"
"CLSID" = "{A55803CC-4D53-404c-8557-FD63DBA95D24}"
"InitCmdLine" = " "
-> {HKLM...CLSID} = "WPDShextAutoplay"
\LocalServer32\(Default) = "C:\WINDOWS\system32\WPDShextAutoplay.exe" [MS]

NTIBurner\
"Provider" = "NTI CD-Maker"
"InvokeProgID" = "NTIBurnerOpen"
"InvokeVerb" = "open"
HKLM\SOFTWARE\Classes\NTIBurnerOpen\shell\open\com mand\(Default) = ""C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\Cdmkr32.exe"" ["NewTech Infosystems, Inc."]

PDVDPlayCDAudioOnArrival\
"Provider" = "PowerDVD"
"InvokeProgID" = "AudioCD"
"InvokeVerb" = "PlayWithPowerDVD"
HKLM\SOFTWARE\Classes\AudioCD\shell\PlayWithPowerD VD\Command\(Default) = ""C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe" "%L"" ["CyberLink Corp."]

PDVDPlayDVDMovieOnArrival\
"Provider" = "PowerDVD"
"InvokeProgID" = "DVD"
"InvokeVerb" = "PlayWithPowerDVD"
HKLM\SOFTWARE\Classes\DVD\shell\PlayWithPowerDVD\C ommand\(Default) = ""C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe" "%L"" ["CyberLink Corp."]

PDVDPlayVCDMovieOnArrival\
"Provider" = "PowerDVD"
"InvokeProgID" = "VCD"
"InvokeVerb" = "PlayWithPowerDVD"
HKLM\SOFTWARE\Classes\VCD\shell\PlayWithPowerDVD\C ommand\(Default) = ""C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe" "%l"" ["CyberLink Corp."]

ShowBizCancelAutoPlay\
"Provider" = ""
"ProgID" = "ShowBizCancelAutoPlay.CancelAutoPlay"
HKLM\SOFTWARE\Classes\ShowBizCancelAutoPlay.Cancel AutoPlay\CLSID\(Default) = "{C730D06E-F984-421F-B71C-2E7144CFE10E}"
-> {HKLM...CLSID} = "ShowBiz Cancel AutoPlay"
\LocalServer32\(Default) = "CancelAutoPlay.exe" [file not found]


Startup items in "EmmaKate" & "All Users" startup folders:
----------------------------------------------------------

C:\Documents and Settings\EmmaKate\Start Menu\Programs\Startup
<<!>> "PowerReg Scheduler V3.exe" ["Leader Technologies"]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
"Acer Empowering Technology" -> shortcut to: "C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe" [null data]
"Acer WLAN 11g USB Dongle" -> shortcut to: "C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe" ["X-Micro Technology Corp."]
"Adobe Reader Speed Launch" -> shortcut to: "C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe" ["Adobe Systems Incorporated"]
"Microsoft Office" -> shortcut to: "C:\Program Files\Microsoft Office\Office10\OSA.EXE -b -l" [MS]
"WinZip Quick Pick" -> shortcut to: "C:\Program Files\WinZip\WZQKPICK.EXE" ["WinZip Computing, Inc."]


Enabled Scheduled Tasks:
------------------------

"AppleSoftwareUpdate" -> launches: "C:\Program Files\Apple Software Update\SoftwareUpdate.exe -task" ["Apple Inc."]
"At1" -> launches: "C:\WINDOWS\system32\blastclnnn.exe" [file not found]
"DM_Install_Program" -> launches: "C:\DOCUME~1\EmmaKate\LOCALS~1\Temp\is-BLSI4.tmp\101385.exe Startsetup" [file not found]
"Norton AntiVirus - Run Full System Scan - EmmaKate" -> launches: "C:\PROGRA~1\NORTON~1\Navw32.exe /TASK:"C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Tasks\mycomp.sca"" ["Symantec Corporation"]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Pa rameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Pa rameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 15
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05


Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{25D8BACF-3DE2-4B48-AE22-D659B8D835B0}"
-> {HKLM...CLSID} = "RX Toolbar"
\InProcServer32\(Default) = "C:\Program Files\RXToolBar\RXToolBar.dll" [file not found]
"{EFAF6EA3-615D-4F83-8748-2F7A576FCEA6}"
-> {HKLM...CLSID} = "IE Custom Tools"
\InProcServer32\(Default) = "C:\Program Files\Video Add-on\ictmdl.dll" [file not found]

HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\
"{C4069E3A-68F1-403E-B40E-20066696354B}" = "Norton AntiVirus"
-> {HKLM...CLSID} = "Norton AntiVirus"
\InProcServer32\(Default) = "C:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]
"{25D8BACF-3DE2-4B48-AE22-D659B8D835B0}" = "RXToolBar"
-> {HKLM...CLSID} = "RX Toolbar"
\InProcServer32\(Default) = "C:\Program Files\RXToolBar\RXToolBar.dll" [file not found]
"{EFAF6EA3-615D-4F83-8748-2F7A576FCEA6}" = (no title provided)
-> {HKLM...CLSID} = "IE Custom Tools"
\InProcServer32\(Default) = "C:\Program Files\Video Add-on\ictmdl.dll" [file not found]
"{E0E899AB-F487-11D5-8D29-0050BA6940E3}" = "FlashGet Bar"
-> {HKLM...CLSID} = "FlashGet Bar"
\InProcServer32\(Default) = "C:\PROGRA~1\FlashGet\fgiebar.dll" ["Amaze Soft"]

Explorer Bars

HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\

HKLM\SOFTWARE\Classes\CLSID\{EFAF6EA3-615D-4F83-8748-2F7A576FCEA6}\(Default) = "IE Custom Tools"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "C:\Program Files\Video Add-on\ictmdl.dll" [file not found]
Reply With Quote
  #9  
Old September 8th, 2008, 04:04 PM
blueray blueray is offline
New Member
 
Join Date: Sep 2008
Posts: 13
Extensions (Tools menu items, main toolbar menu buttons)

HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Console"
"CLSIDExtension" = "{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC}"
-> {HKLM...CLSID} = "Java Plug-in 1.6.0_07"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll" ["Sun Microsystems, Inc."]

{507F9113-CD77-4866-BA92-0E86DA3D0B97}\
"ButtonText" = "Yahoo 1G mail"
"Exec" = "http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomail" [file not found]

{59BC54A2-56B3-44A0-93E5-432D58746E26}\
"ButtonText" = "E bazar"
"Exec" = "http://adtaobao.allyes.com/main/adfclick?db=adtaobao&bid=138,140,18&cid=816,8,1&si d=5042&show=ignore&url=http://www.taobao.com/vertical/mall/pro.php?allyesPara=816" [file not found]

{5D73EE86-05F1-49ED-B850-E423120EC338}\
"ButtonText" = "Yahoo Assistant"
"Exec" = "http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yassist" [file not found]

{6354ABE6-05F1-49ED-B850-E423120EC338}\
"Exec" = "http://cn.widget.yahoo.com/index.htm?source=Cns" [file not found]

{D6E814A0-E0C5-11D4-8D29-0050BA6940E3}\
"ButtonText" = "FlashGet"
"MenuText" = "&FlashGet"
"Exec" = "C:\PROGRA~1\FlashGet\flashget.exe" ["FlashGet.com"]

{E2E2DD38-D088-4134-82B7-F2BA38496583}\
"MenuText" = "@xpsp3res.dll,-20001"
"Exec" = "%windir%\Network Diagnostic\xpnetdiag.exe" [MS]

{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96}\
"ButtonText" = "Instant Messenger"
"Exec" = "http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomsg" [file not found]

{ECF2E268-F28C-48D2-9AB7-8F69C11CCB71}\
"MenuText" = "Repair Browser"
"Exec" = "http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=repair" [file not found]

{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]

{FD00D911-7529-4084-9946-A29F1BDF4FE5}\
"MenuText" = "Clean Internet access record"
"Exec" = "http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=clean" [file not found]


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

Acer Media Server, Acer Media Server, ""C:\Program Files\Acer\Acer eConsole\MediaServerService.exe"" ["Acer Inc."]
Apple Mobile Device, Apple Mobile Device, ""C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe"" ["Apple, Inc."]
Automatic LiveUpdate Scheduler, Automatic LiveUpdate Scheduler, ""C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe"" ["Symantec Corporation"]
CyberLink Background Capture Service (CBCS), CLCapSvc, ""C:\Program Files\Acer TV-FM\Kernel\TV\CLCapSvc.exe"" [empty string]
CyberLink Media Library Service, CyberLink Media Library Service, ""C:\Program Files\Acer TV-FM\Kernel\CLML_NTService\CLMLServer.exe"" ["Cyberlink"]
CyberLink Task Scheduler (CTS), CLSched, ""C:\Program Files\Acer TV-FM\Kernel\TV\CLSched.exe"" [empty string]
iPod Service, iPod Service, ""C:\Program Files\iPod\bin\iPodService.exe"" ["Apple Inc."]
Machine Debug Manager, MDM, ""C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe"" [MS]
Memory Check Service, AcerMemUsageCheckService, "C:\Acer\Empowering Technology\ePerformance\MemCheck.exe" [null data]
Messenger Sharing Folders USN Journal Reader service, usnjsvc, ""C:\Program Files\Windows Live\Messenger\usnsvc.exe"" [MS]
Norton AntiVirus Auto-Protect Service, navapsvc, ""C:\Program Files\Norton AntiVirus\navapsvc.exe"" ["Symantec Corporation"]
Norton AntiVirus Firewall Monitor Service, NPFMntor, ""C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe"" ["Symantec Corporation"]
Norton Protection Center Service, NSCService, ""C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE"" ["Symantec Corporation"]
SPBBCSvc, SPBBCSvc, ""C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe"" ["Symantec Corporation"]
Symantec Core LC, Symantec Core LC, ""C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe"" ["Symantec Corporation"]
Symantec Event Manager, ccEvtMgr, ""C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"" ["Symantec Corporation"]
Symantec Network Drivers Service, SNDSrvc, ""C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe"" ["Symantec Corporation"]
Symantec Settings Manager, ccSetMgr, ""C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"" ["Symantec Corporation"]
ThreatFire, ThreatFire, "C:\Program Files\ThreatFire\TFService.exe service" ["PC Tools"]


Keyboard Driver Filters:
------------------------

HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E 96B-E325-11CE-BFC1-08002BE10318}\
"UpperFilters" = <<!>> "TfKbMon" ["PC Tools"]


Print Monitors:
---------------

HKLM\SYSTEM\CurrentControlSet\Control\Print\Monito rs\
BJ Language Monitor2\Driver = "CNBJMON2.DLL" [MS]
Microsoft Shared Fax Monitor\Driver = "FXSMON.DLL" [MS]


---------- (launch time: 2008-09-09 00:56:32)
<<!>>: Suspicious data at a malware launch point.

+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points, use the -supp parameter or answer "No" at the
first message box and "Yes" at the second message box.
---------- (total run time: 92 seconds, including 11 seconds for message boxes)
Reply With Quote
  #10  
Old September 8th, 2008, 04:15 PM
blueray blueray is offline
New Member
 
Join Date: Sep 2008
Posts: 13
The HJT log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:12:22, on 9/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Acer TV-FM\Kernel\TV\CLCapSvc.exe
C:\Program Files\Acer TV-FM\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\ThreatFire\TFService.exe
C:\Program Files\Acer TV-FM\Kernel\TV\CLSched.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\WINDOWS\system32\SysMonitor.exe
C:\Program Files\Acer\Acer eMode Management\AspireService.exe
C:\Program Files\Acer TV-FM\PCMService.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ThreatFire\TFTray.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
C:\Program Files\FlashGet\flashget.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://seek.3721.com/srchasst.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.yahoo.com.cn
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://seek.3721.com/srchcust.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by OptusNet Cable
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = ;<local>
R3 - URLSearchHook: (no name) - {BB936323-19FA-4521-BA29-ECA6A121BC78} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: RXResultTracker Class - {59879FA4-4790-461c-A1CC-4EC4DE4CA483} - C:\Program Files\RXToolBar\sfcont.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: IE - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - C:\WINDOWS\downlo~1\CnsHook.dll
O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\PROGRA~1\FlashGet\getflash.dll
O2 - BHO: (no name) - {F44D8E66-7BB6-49BD-A924-5E0368C00FD1} - C:\Program Files\Video Add-on\isfmdl.dll (file missing)
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: RX Toolbar - {25D8BACF-3DE2-4B48-AE22-D659B8D835B0} - C:\Program Files\RXToolBar\RXToolBar.dll (file missing)
O3 - Toolbar: IE Custom Tools - {EFAF6EA3-615D-4F83-8748-2F7A576FCEA6} - C:\Program Files\Video Add-on\ictmdl.dll (file missing)
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\WINDOWS\system32\SysMonitor.exe
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
O4 - HKLM\..\Run: [AspireService] C:\Program Files\Acer\Acer eMode Management\AspireService.exe
O4 - HKLM\..\Run: [MediaSync] C:\Program Files\Acer\Acer eConsole\MediaSync.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer TV-FM\PCMService.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ImageItEncrypt] C:\WINDOWS\system32\ImageItEncrypt.exe
O4 - HKLM\..\Run: [helper.dll] C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\3721\helper.dll,Rundll32
O4 - HKLM\..\Run: [CnsMin] Rundll32.exe C:\WINDOWS\downlo~1\CnsMin.dll,Rundll32
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [320d18a1] rundll32.exe "C:\WINDOWS\system32\bviitlrx.dll",b
O4 - HKLM\..\Run: [ThreatFire] C:\Program Files\ThreatFire\TFTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Acer Empowering Technology.lnk = ?
O4 - Global Startup: Acer WLAN 11g USB Dongle.lnk = C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll
O9 - Extra button: Yahoo 1G mail - {507F9113-CD77-4866-BA92-0E86DA3D0B97} - http://cn.zs.yahoo.com/cnsbutton.htm...&btn=yahoomail (file missing)
O9 - Extra button: E bazar - {59BC54A2-56B3-44a0-93E5-432D58746E26} - http://adtaobao.allyes.com/main/adfc...allyesPara=816 (file missing)
O9 - Extra button: Yahoo Assistant - {5D73EE86-05F1-49ed-B850-E423120EC338} - http://cn.zs.yahoo.com/cnsbutton.htm...ns&btn=yassist (file missing)
O9 - Extra button: (no name) - {6354ABE6-05F1-49ed-B850-E423120EC338} - http://cn.widget.yahoo.com/index.htm?source=Cns (file missing)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Instant Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - http://cn.zs.yahoo.com/cnsbutton.htm...s&btn=yahoomsg (file missing)
O9 - Extra button: (no name) - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://cn.zs.yahoo.com/cnsbutton.htm...cns&btn=repair (file missing)
O9 - Extra 'Tools' menuitem: Repair Browser - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://cn.zs.yahoo.com/cnsbutton.htm...cns&btn=repair (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://cn.zs.yahoo.com/cnsbutton.htm...=cns&btn=clean (file missing)
O9 - Extra 'Tools' menuitem: Clean Internet access record - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://cn.zs.yahoo.com/cnsbutton.htm...=cns&btn=clean (file missing)
O11 - Options group: [!CNS] Chinese keywords
O14 - IERESET.INF: START_PAGE_URL=http://www
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O18 - Filter hijack: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - C:\Program Files\RXToolBar\sfcont.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\__c00CA7F8.dat
O21 - SSODL: hirtellous - {fa19bd7e-50bc-4203-80ac-c4edc81ca9a3} - C:\WINDOWS\system32\nbbrhbd.dll (file missing)
O22 - SharedTaskScheduler: hirtellous - {fa19bd7e-50bc-4203-80ac-c4edc81ca9a3} - C:\WINDOWS\system32\nbbrhbd.dll (file missing)
O22 - SharedTaskScheduler: ineffulgent - {b585105c-0e84-4ef0-9c6a-fbe134a72945} - C:\WINDOWS\system32\ivrllc.dll
O23 - Service: Acer Media Server - Acer Inc. - C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer TV-FM\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer TV-FM\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer TV-FM\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: ThreatFire - PC Tools - C:\Program Files\ThreatFire\TFService.exe
Reply With Quote
  #11  
Old September 8th, 2008, 08:35 PM
Morfeasss Morfeasss is offline
CTH Subscriber
 
Join Date: Feb 2006
O/S: Windows XP Home
Location: Greece
Posts: 5,140
Very good,

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply along with a fresh HijackThis log.

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so.
~~~~~~~~~~~~~~~~``

Next download SmitfraudFix.zip.

Unzip it to your desktop and doubleclick on smitfraudfix.cmd.

Choose Option 1 and hit Enter to generate a report about the infected files. Please save the Log (it will save to C:\rapport.txt) and post it back here please.


Please post back the MBAM report and the report from SmitfraudFix along with a fresh HijackThis log and a new Silent Runners report.
Reply With Quote
  #12  
Old September 21st, 2008, 01:09 AM
blueray blueray is offline
New Member
 
Join Date: Sep 2008
Posts: 13
This is the HJT and MBAM log after the MBAM scan:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:08:40, on 21/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Acer TV-FM\Kernel\TV\CLCapSvc.exe
C:\Program Files\Acer TV-FM\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\ThreatFire\TFService.exe
C:\Program Files\Acer TV-FM\Kernel\TV\CLSched.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\SSCVIHOST.exe
C:\WINDOWS\system32\SysMonitor.exe
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\Program Files\Acer\Acer eMode Management\AspireService.exe
C:\Program Files\Acer TV-FM\PCMService.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ThreatFire\TFTray.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\SSCVIHOST.exe
C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://seek.3721.com/srchasst.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.yahoo.com.cn
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.yahoo.com.cn
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://seek.3721.com/srchcust.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by OptusNet Cable
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = ;<local>
R3 - URLSearchHook: (no name) - {BB936323-19FA-4521-BA29-ECA6A121BC78} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe SSCVIHOST.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: IE - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - C:\WINDOWS\downlo~1\CnsHook.dll
O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\PROGRA~1\FlashGet\getflash.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: RX Toolbar - {25D8BACF-3DE2-4B48-AE22-D659B8D835B0} - C:\Program Files\RXToolBar\RXToolBar.dll (file missing)
O3 - Toolbar: (no name) - {EFAF6EA3-615D-4F83-8748-2F7A576FCEA6} - (no file)
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\WINDOWS\system32\SysMonitor.exe
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
O4 - HKLM\..\Run: [AspireService] C:\Program Files\Acer\Acer eMode Management\AspireService.exe
O4 - HKLM\..\Run: [MediaSync] C:\Program Files\Acer\Acer eConsole\MediaSync.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer TV-FM\PCMService.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ImageItEncrypt] C:\WINDOWS\system32\ImageItEncrypt.exe
O4 - HKLM\..\Run: [helper.dll] C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\3721\helper.dll,Rundll32
O4 - HKLM\..\Run: [CnsMin] Rundll32.exe C:\WINDOWS\downlo~1\CnsMin.dll,Rundll32
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ThreatFire] C:\Program Files\ThreatFire\TFTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [Yahoo Messengger] C:\WINDOWS\system32\SSCVIHOST.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Yahoo Messengger] C:\WINDOWS\system32\SSCVIHOST.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Acer Empowering Technology.lnk = ?
O4 - Global Startup: Acer WLAN 11g USB Dongle.lnk = C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\System, DisableRegedit=1
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll
O9 - Extra button: Yahoo 1G mail - {507F9113-CD77-4866-BA92-0E86DA3D0B97} - http://cn.zs.yahoo.com/cnsbutton.htm...&btn=yahoomail (file missing)
O9 - Extra button: E bazar - {59BC54A2-56B3-44a0-93E5-432D58746E26} - http://adtaobao.allyes.com/main/adfc...allyesPara=816 (file missing)
O9 - Extra button: Yahoo Assistant - {5D73EE86-05F1-49ed-B850-E423120EC338} - http://cn.zs.yahoo.com/cnsbutton.htm...ns&btn=yassist (file missing)
O9 - Extra button: (no name) - {6354ABE6-05F1-49ed-B850-E423120EC338} - http://cn.widget.yahoo.com/index.htm?source=Cns (file missing)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Instant Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - http://cn.zs.yahoo.com/cnsbutton.htm...s&btn=yahoomsg (file missing)
O9 - Extra button: (no name) - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://cn.zs.yahoo.com/cnsbutton.htm...cns&btn=repair (file missing)
O9 - Extra 'Tools' menuitem: Repair Browser - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://cn.zs.yahoo.com/cnsbutton.htm...cns&btn=repair (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://cn.zs.yahoo.com/cnsbutton.htm...=cns&btn=clean (file missing)
O9 - Extra 'Tools' menuitem: Clean Internet access record - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://cn.zs.yahoo.com/cnsbutton.htm...=cns&btn=clean (file missing)
O11 - Options group: [!CNS] Chinese keywords
O14 - IERESET.INF: START_PAGE_URL=http://www
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O18 - Filter hijack: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - (no file)
O20 - AppInit_DLLs: C:\WINDOWS\system32\__c00CA7F8.dat
O21 - SSODL: hirtellous - {fa19bd7e-50bc-4203-80ac-c4edc81ca9a3} - C:\WINDOWS\system32\nbbrhbd.dll (file missing)
O22 - SharedTaskScheduler: hirtellous - {fa19bd7e-50bc-4203-80ac-c4edc81ca9a3} - C:\WINDOWS\system32\nbbrhbd.dll (file missing)
O23 - Service: Acer Media Server - Acer Inc. - C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer TV-FM\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer TV-FM\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer TV-FM\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: ThreatFire - PC Tools - C:\Program Files\ThreatFire\TFService.exe
Reply With Quote
  #13  
Old September 21st, 2008, 01:11 AM
blueray blueray is offline
New Member
 
Join Date: Sep 2008
Posts: 13
Malwarebytes' Anti-Malware 1.27
Database version: 1131
Windows 5.1.2600 Service Pack 2

9/09/2008 5:56:23 PM
mbam-log-2008-09-09 (17-56-23).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 71360
Time elapsed: 1 hour(s), 5 minute(s), 41 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 8
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 161

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\ivrllc.dll (Trojan.Zlob) -> Delete on reboot.

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{b585105c-0e84-4ef0-9c6a-fbe134a72945} (Trojan.Zlob.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\rxresult.rxresultfilter (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\rxresult.rxresultfilter.1 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2ab289ae-4b90-4281-b2ae-1f4bb034b647} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{efaf6ea3-615d-4f83-8748-2f7a576fcea6} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{f44d8e66-7bb6-49bd-a924-5e0368c00fd1} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{035C1836-0D78-DABC-F4A7-D5D0517EE1F9} (Rogue.MalwareWiped) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{f44d8e66-7bb6-49bd-a924-5e0368c00fd1} (Trojan.Zlob) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\SharedTaskScheduler\{b585105c-0e84-4ef0-9c6a-fbe134a72945} (Trojan.Zlob.H) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\acutbsou.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\uosbtuca.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\aqjylehp.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\phelyjqa.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\arncamjl.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ljmacnra.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\arqdrktp.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ptkrdqra.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\atgtvlas.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\salvtgta.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bfawxmml.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lmmxwafb.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bmmnkjdh.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hdjknmmb.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bmxmxlvu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\uvlxmxmb.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cbiygxnk.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\knxgyibc.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cbiytfli.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ilftyibc.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cikkdwnu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\unwdkkic.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cnvhuert.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\treuhvnc.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ctxelfks.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\skflextc.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cwlpawtq.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qtwaplwc.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dhsigjlc.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cljgishd.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\djrildud.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dudlirjd.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drhiicov.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vociihrd.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\enfapdsb.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bsdpafne.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fbmokjoo.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\oojkombf.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fgydltjp.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pjtldygf.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fhsieiod.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\doieishf.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fijhpjdr.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rdjphjif.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fnnjxwaa.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\aawxjnnf.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fqgxmxil.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lixmxgqf.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\frfkthkt.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tkhtkfrf.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fssbndnb.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bndnbssf.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fuyeuvoa.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\aovueyuf.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gahfnoyo.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\oyonfhag.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gedhuxbv.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vbxuhdeg.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ghyobynr.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rnyboyhg.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gspmlgve.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\evglmpsg.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hyvupqtv.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vtqpuvyh.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ibedmhjk.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kjhmdebi.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ifpnykjb.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bjkynpfi.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\iknonpnu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\unpnonki.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jbteivnu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\unvietbj.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\judaodac.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cadoaduj.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kgyhtcxd.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dxcthygk.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lkxyigax.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xagiyxkl.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lvubmikv.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vkimbuvl.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lyhifjlj.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jljfihyl.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mbmfsgqv.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vqgsfmbm.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mjbktllh.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hlltkbjm.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mjhoheas.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\saehohjm.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\napquowi.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\iwouqpan.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nesrsifr.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rfisrsen.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nmbwkrsx.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xsrkwbmn.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nufxmtrm.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mrtmxfun.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nukmtpid.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\diptmkun.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\otbptsco.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ocstpbto.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\oytarkqd.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dqkratyo.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\oyuuuhfi.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ifhuuuyo.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\peioxhmb.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bmhxoiep.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\prdssqgs.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sgqssdrp.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pwehivkw.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wkvihewp.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qefepkit.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tikpefeq.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qfbpnbyx.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xybnpbfq.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qhcliwgj.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jgwilchq.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qinmvdhs.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\shdvmniq.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qjokretr.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rterkojq.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rdtkmjxb.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bxjmktdr.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rhtcalqh.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hqlacthr.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rntrfnhk.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\khnfrtnr.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\shvsxwlo.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\olwxsvhs.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tlejndik.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kidnjelt.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tsghncxi.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ixcnhgst.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tvfeehly.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ylheefvt.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\txcawvtl.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ltvwacxt.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ummlktol.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lotklmmu.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\umqogljq.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qjlgoqmu.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vittrcvx.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xvcrttiv.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vlqlhpli.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ilphlqlv.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vxrfsgmd.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dmgsfrxv.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wmhybsvs.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\svsbyhmw.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xfgvafsh.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hsfavgfx.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xgwyyavt.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tvayywgx.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xipcffot.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\toffcpix.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xoxoqcvd.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dvcqoxox.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ivrllc.dll (Trojan.Zlob.H) -> Delete on reboot.
C:\Documents and Settings\EmmaKate\Local Settings\Temporary Internet Files\Content.IE5\KG3OT5HU\cntr[1].gif (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Stella\Local Settings\Temp\dhpwlvfc.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Stella\Local Settings\Temp\uyqmamfw.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Downloads\Keygen.RedTube.Movie.Ripper.3.1.0.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Reply With Quote
  #14  
Old September 21st, 2008, 01:12 AM
blueray blueray is offline
New Member
 
Join Date: Sep 2008
Posts: 13
Malwarebytes' Anti-Malware 1.27
Database version: 1131
Windows 5.1.2600 Service Pack 2

20/09/2008 2:12:39 PM
mbam-log-2008-09-20 (14-12-38).txt

Scan type: Quick Scan
Objects scanned: 68730
Time elapsed: 13 minute(s), 26 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 21
Registry Values Infected: 2
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 21

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\rxtoolbar.tbinfo (Adware.RXToolbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\rxtoolbar.tbinfo.1 (Adware.RXToolbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\RX ToolBar (Adware.RXToolbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\aldd (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\MS Juan (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\jkwslist (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Juan (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\VideoAXObject.Chl (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DomainServic e (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\CAC (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{59879fa4-4790-461c-a1cc-4ec4de4ca483} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{59879fa4-4790-461c-a1cc-4ec4de4ca483} (Adware.BHO) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\320d18a1 (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run\Yahoo Messengger (Worm.Sohanad) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Policies\Explorer\NoFolderOptions (Hijack.FolderOptions) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\awtqQGvu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jkkKdedC.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\__c001ADEE.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\__c00208B2.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\__c0021654.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\__c004716D.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\__c00617CB.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\__c006CB96.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\__c0099224.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\__c009F0A5.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\__c00AF090.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\__c00D094.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\__c00D7D20.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SSCVIHOST.exe (Worm.Sohanad) -> Delete on reboot.
C:\WINDOWS\Fonts\acrsecB.fon (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\acrsecI.fon (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ssqonkj.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\awoxxgij.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\glqdeqoc.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
Reply With Quote
  #15  
Old September 21st, 2008, 01:15 AM
blueray blueray is offline
New Member
 
Join Date: Sep 2008
Posts: 13
For some unknown reason, any cmd prompt that I run automatically closes and prevents the program from working. I suspect that it may be another trojan..
Reply With Quote
Reply

Bookmarks

Topic Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Topics
Topic Topic Starter Forum Replies Last Post
Malware, Spyware, Adware Infected jd6gun Windows 7 1 November 20th, 2011 08:11 PM
PLEASE HELP ME!! My laptop is heavily infected with virus. lana1016 Malware Removal 69 January 15th, 2010 10:55 PM
Heavily Infected Wyvern0013 Malware Removal 31 May 26th, 2009 08:34 PM
Heavily Infected With Virus!! Spyware, Adware, Trojan, Etc. lana1016 Malware Removal 29 May 6th, 2009 02:17 AM
online surfing infected by malware/spyware jojaporms Malware Removal 5 March 8th, 2007 12:10 PM


All times are GMT +1. The time now is 06:31 PM.