okrhommn

Members

View Profile See their activity

Content Count
26
Joined
July 21, 2006
Last visited
April 28, 2007

Community Reputation

0 Neutral

About okrhommn

Rank
Member

Virus Burst

okrhommn replied to okrhommn's topic in Resolved/Inactive HijackThis Logs

Dears, I'm sorry, I cannot see any reply from yours, is it any problem of the internet? Can you send the reply again? Sorry for bothering you again, thank you very much!!
- April 1, 2007
- 30 replies
Virus Burst

okrhommn replied to okrhommn's topic in Resolved/Inactive HijackThis Logs

Comboscan.txt ComboScan v20070306.20 run by Sin on 2007-03-10 at 00:49:38 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- System Restore -------------------------------------------------------------- Successfully created ComboScan Restore Point. Performed disk cleanup. -- HijackThis (run as Sin.exe) ------------------------------------------------- Logfile of HijackThis v1.99.1 Scan saved at 0:50:44, on 2007-3-10 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\RunDll32.exe C:\WINDOWS\System32\hkcmd.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\VM_STI.EXE C:\Program Files\Java\jre1.6.0\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe C:\Program Files\IVT Corporation\IVT BlueSoleil\BlueSoleil.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\EPDOA-1-2\OAHotkey.EXE C:\Program Files\IVT Corporation\IVT BlueSoleil\BTNtService.exe C:\WINDOWS\System32\drivers\CDAC11BA.EXE C:\WINDOWS\system32\pctspk.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\Documents and Settings\Sin\æ¡Œé¢\comboscan.exe C:\WINDOWS\system32\wuauclt.exe C:\PROGRA~1\HIJACK~1\Sin.exe F3 - REG:win.ini: load=C:\PROGRA~1\UIupdater.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL (file missing) O4 - HKLM\..\Run: [iMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [bigDogPath] C:\WINDOWS\VM_STI.EXE KINSTONE USB PC Camera O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\PC-cillin 2004\pccguide.exe" O4 - HKLM\..\Run: [PCClient.exe] "C:\Program Files\Trend Micro\PC-cillin 2004\PCClient.exe" O4 - HKLM\..\Run: [TM Outbreak Agent] "C:\Program Files\Trend Micro\PC-cillin 2004\TMOAgent.exe" /run O4 - HKLM\..\Run: [internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe" O4 - HKLM\..\Run: [uIupdater] C:\PROGRA~1\UIupdater.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" O8 - Extra context menu item: åŒ¯å‡ºè‡³ Microsoft Excel(&X) - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java ä¸»æŽ§å° - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll O9 - Extra button: î‚•?ï¸½ç¬†ç¨‹? - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll O9 - Extra 'Tools' menuitem: î‚•?ï¸½ç¬†ç¨‹?... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {3AC7F64E-6154-47B0-82B5-764ED4077F77} (DataStorage Class) - http://txn.hkjc.com/BetSlip/object/HKJCSecKey.cab O16 - DPF: {5EC7C511-CD0F-42E6-830C-1BD9882F3458} (PowerPlayer Control) - http://download.ppstream.com/bin/powerplayer.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {9ADACAA6-533E-4383-AFA7-F0A66650B6D8} (VqqSpeedDlProxy Class) - http://im.qq.com/vqqsdl1230.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab34246.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\IVT BlueSoleil\BTNtService.exe O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe -- File Associations ----------------------------------------------------------- .bat - batfile - "%1" %* .chm - chm.file - "C:\WINDOWS\hh.exe" %1 .cmd - cmdfile - "%1" %* .com - comfile - "%1" %* .exe - exefile - "%1" %* .hlp - hlpfile - %SystemRoot%\System32\winhlp32.exe %1 .inf - inffile - %SystemRoot%\System32\NOTEPAD.EXE %1 .ini - inifile - %SystemRoot%\System32\NOTEPAD.EXE %1 .js - JSFile - %SystemRoot%\System32\WScript.exe "%1" %* .lnk - lnkfile - {00021401-0000-0000-C000-000000000046} .pif - piffile - "%1" %* .reg - regfile - regedit.exe "%1" .scr - AutoCADScriptFile - "C:\WINDOWS\notepad.exe" "%1" .txt - txtfile - %SystemRoot%\system32\NOTEPAD.EXE %1 .vbs - VBSFile - %SystemRoot%\System32\WScript.exe "%1" %* -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- 3R BlueletAudio (Bluetooth Audio Service) - C:\WINDOWS\system32\drivers\blueletaudio.sys 3R BT (Bluetooth PAN Network Adapter) - C:\WINDOWS\system32\drivers\BtNetDrv.sys 3S Btcsrusb (Bluetooth USB For Bluetooth Service) - C:\WINDOWS\system32\drivers\btcusb.sys 3R BTHidEnum (Bluetooth HID Enumerator) - C:\WINDOWS\system32\drivers\VBTEnum.sys 0R BTHidMgr (Bluetooth HID Manager Service) - C:\WINDOWS\system32\drivers\BTHidMgr.sys 3S BTNetFilter (Bluetooth Network Filter) - C:\WINDOWS\system32\drivers\BTNetFilter.sys 3S CCDECODE (Closed Caption Decoder) - C:\WINDOWS\system32\drivers\ccdecode.sys 2R CdaC15BA - C:\WINDOWS\system32\drivers\CDAC15BA.SYS 3R cmuda (C-Media WDM Audio Interface) - C:\WINDOWS\system32\drivers\cmuda.sys 1R FsVga - C:\WINDOWS\system32\drivers\fsvga.sys 3S hidusb (Microsoft HID Class Driver) - C:\WINDOWS\system32\drivers\hidusb.sys 3R ialm - C:\WINDOWS\system32\drivers\ialmnt5.sys 1R intelppm (Intel Processor Driver) - C:\WINDOWS\system32\drivers\intelppm.sys 3R LHidFlt2 (Logitech HID/USB Mouse Filter Driver) - C:\WINDOWS\system32\drivers\LHidFlt2.Sys 3R LHidUsb (Logitech USB Receiver device driver) - C:\WINDOWS\system32\drivers\LHidUsb.sys 3R LMouFlt2 (Logitech Mouse Class Filter Driver) - C:\WINDOWS\system32\drivers\LMouFlt2.Sys 3R mouhid (æ»‘é¼ HID é©…å‹•ç¨‹å¼) - C:\WINDOWS\system32\drivers\mouhid.sys 3S MSTEE (Microsoft Streaming Tee/Sink-to-Sink Converter) - C:\WINDOWS\system32\drivers\mstee.sys 3R ms_mpu401 (Microsoft MPU-401 MIDI UART Driver) - C:\WINDOWS\system32\drivers\msmpu401.sys 3R MxlW2k - C:\WINDOWS\system32\drivers\MxlW2k.sys 3S NABTSFEC (NABTS/FEC VBI Codec) - C:\WINDOWS\system32\drivers\nabtsfec.sys 3S NdisIP (Microsoft TV/Video Connection) - C:\WINDOWS\system32\drivers\ndisip.sys 2R npkcrypt - C:\Program Files\Tencent\QQ\npkcrypt.sys 1R prodrv06 (StarForce Protection Environment Driver v6) - C:\WINDOWS\system32\drivers\prodrv06.sys 0R prohlp02 (StarForce Protection Helper Driver v2) - C:\WINDOWS\system32\drivers\prohlp02.sys 0R prosync1 (StarForce Protection Synchronization Driver v1) - C:\WINDOWS\system32\drivers\prosync1.sys 3S Ptserli (PCTEL Serial Device Driver for INTEL) - C:\WINDOWS\system32\drivers\ptserli.sys 0R PxHelp20 - C:\WINDOWS\system32\drivers\pxhelp20.sys 3S QV2KUX (Casio Digital Camera) - C:\WINDOWS\system32\drivers\qv2kux.sys 3R ROOTMODEM (Microsoft Legacy Modem Driver) - C:\WINDOWS\system32\drivers\rootmdm.sys 3R rtl8139 (Realtek RTL8139/810x Family Fast Ethernet NIC NT Driver) - C:\WINDOWS\system32\drivers\R8139n51.sys 0R sfhlp01 (StarForce Protection Helper Driver) - C:\WINDOWS\system32\drivers\sfhlp01.sys 3S SLIP (BDA Slip De-Framer) - C:\WINDOWS\system32\drivers\slip.sys 3S streamip (BDA IPSink) - C:\WINDOWS\system32\drivers\streamip.sys 3S usbprint (Microsoft USB PRINTER Class) - C:\WINDOWS\system32\drivers\usbprint.sys 3S USBSTOR (USB Mass Storage Driver) - C:\WINDOWS\system32\drivers\usbstor.sys 2R V7 - C:\WINDOWS\system32\drivers\V7.SYS 3R VComm (Virtual Serial port driver) - C:\WINDOWS\system32\drivers\VComm.sys 3R VcommMgr (Bluetooth VComm Manager Service) - C:\WINDOWS\system32\drivers\VcommMgr.sys 0R Vmodem (XP Vmodem) - C:\WINDOWS\system32\drivers\vmodem.sys 0R Vpctcom (XP Vpctcom) - C:\WINDOWS\system32\drivers\vpctcom.sys 0R Vvoice (XP Vvoice) - C:\WINDOWS\system32\drivers\vvoice.sys 3S wceusbsh (Windows CE USB Serial Host Driver) - C:\WINDOWS\system32\drivers\wceusbsh.sys 1R WS2IFSL (Windows é€šè¨Šç«¯ 2.0 éž IFS æœå‹™æä¾›è€…æ”¯æ´ç’°å¢ƒ) - C:\WINDOWS\system32\drivers\ws2ifsl.sys 3S WSTCODEC (World Standard Teletext Codec) - C:\WINDOWS\system32\drivers\wstcodec.sys 3S ZSMC301b (KINSTONE USB PC Camera) - C:\WINDOWS\system32\drivers\usbVM31b.sys 3R {6080A529-897E-4629-A488-ABA0C29B635E} (Intel® Graphics Platform (SoftBIOS) Driver) - C:\WINDOWS\system32\drivers\ialmsbw.sys 3R {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} (Intel® Graphics Chipset (KCH) Driver) - C:\WINDOWS\system32\drivers\ialmkchw.sys -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- 3S aspnet_state (ASP.NET State Service) - C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe 2R BlueSoleil Hid Service - C:\Program Files\IVT Corporation\IVT BlueSoleil\BTNtService.exe 2R C-DillaCdaC11BA - C:\WINDOWS\System32\drivers\CDAC11BA.EXE 2S CLTNetCnService (Symantec Lic NetConnect service) - "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon 2R Pctspk (PCTEL Speaker Phone) - C:\WINDOWS\system32\pctspk.exe 2R UMWdf (Windows User Mode Driver Framework) - C:\WINDOWS\System32\wdfmgr.exe -- Files created between 2007-02-10 and 2007-03-10 ----------------------------- 2007-03-10 00:24:04 0 d-------- C:\SDFix 2007-03-10 00:21:19 0 d-------- C:\Program Files\Common Files\Java 2007-02-22 23:25:21 0 d-------- C:\TDdownload<TDDOWN~1> 2007-02-22 23:24:36 228 --a------ C:\WINDOWS\system32\cid_store.dat<CID_ST~1.DAT> 2007-02-22 23:24:27 0 d-------- C:\Program Files\Thunder Network<THUNDE~1> 2007-02-22 22:03:07 0 d-------- C:\NDS 2007-02-17 00:51:28 0 d-------- C:\Documents and Settings\All Users\Application Data\Tencent 2007-02-17 00:48:11 0 d-------- C:\Documents and Settings\Sin\Application Data\QQ 2007-02-17 00:45:42 0 d-------- C:\WINDOWS\system32\qqedit -- Find3M Report --------------------------------------------------------------- 2007-03-10 00:33:10 7680 --a------ C:\WINDOWS\system32\ismini.exe 2007-03-09 23:48:46 3246 --a------ C:\WINDOWS\system32\tmp.reg 2007-01-29 16:58:06 60416 -----n--- C:\WINDOWS\system32\tzchange.exe 2006-12-30 18:18:14 90112 --a------ C:\WINDOWS\vqqsdl10.exe 2006-12-30 18:17:16 619067 --a------ C:\WINDOWS\vqqsdl10.dll 2006-12-20 05:49:44 133632 --a------ C:\WINDOWS\system32\shsvcs.dll 2006-12-20 02:17:12 331776 --a------ C:\WINDOWS\system32\wiaservc.dll 2006-12-15 19:59:56 218540 --a------ C:\WINDOWS\system32\prfh0404.dat 2006-12-15 19:59:56 65764 --a------ C:\WINDOWS\system32\prfc0404.dat 2006-12-15 16:18:34 48156 --a------ C:\WINDOWS\system32\ISHOST.EXE 2006-12-13 23:01:34 19456 --a------ C:\WINDOWS\system32\olnohdw.dll 2006-12-13 22:58:20 1024 --a------ C:\tlkx.exe 2006-12-13 22:58:20 1024 --a------ C:\qnmbvrw.exe 2006-12-13 22:58:20 1024 --a------ C:\docc.exe 2006-12-13 22:58:14 1024 --a------ C:\dlvkpgg.exe -- Registry Dump --------------------------------------------------------------- [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe" "H/PC Connection Agent"="\"C:\\Program Files\\Microsoft ActiveSync\\WCESCOMM.EXE\"" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "IMJPMIG8.1"="C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32" "PHIME2002ASync"="C:\\WINDOWS\\System32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC" "PHIME2002A"="C:\\WINDOWS\\System32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName" "Cmaudio"="RunDll32 cmicnfg.cpl,CMICtrlWnd" "IgfxTray"="C:\\WINDOWS\\System32\\igfxtray.exe" "HotKeysCmds"="C:\\WINDOWS\\System32\\hkcmd.exe" "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime" "TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot" "BigDogPath"="C:\\WINDOWS\\VM_STI.EXE KINSTONE USB PC Camera" "pccguide.exe"="\"C:\\Program Files\\Trend Micro\\PC-cillin 2004\\pccguide.exe\"" "PCClient.exe"="\"C:\\Program Files\\Trend Micro\\PC-cillin 2004\\PCClient.exe\"" "TM Outbreak Agent"="\"C:\\Program Files\\Trend Micro\\PC-cillin 2004\\TMOAgent.exe\" /run" "Internet Optimizer"="\"C:\\Program Files\\Internet Optimizer\\optimize.exe\"" "UIupdater"="C:\\PROGRA~1\\UIupdater.exe" "SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0\\bin\\jusched.exe\"" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL] "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI] "Installed"="1" "NoChange"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS] "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^ã€Œé–‹å§‹ã€åŠŸèƒ½è¡¨^ç¨‹å¼é›†^å•Ÿå‹•^Microsoft Office.lnk] "path"="C:\\Documents and Settings\\All Users\\ã€Œé–‹å§‹ã€åŠŸèƒ½è¡¨\\ç¨‹å¼é›†\\å•Ÿå‹•\\Microsoft Office.lnk" "backup"="C:\\WINDOWS\\pss\\Microsoft Office.lnkCommon Startup" "location"="Common Startup" "command"="C:\\PROGRA~1\\MICROS~2\\Office10\\OSA.EXE -b -l" "item"="Microsoft Office" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="ccApp" "hkey"="HKLM" "command"="C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccRegVfy] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="ccRegVfy" "hkey"="HKLM" "command"="C:\\Program Files\\Common Files\\Symantec Shared\\ccRegVfy.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eZmmod] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="mmod" "hkey"="HKCU" "command"="C:\\PROGRA~1\\ezula\\mmod.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="InCD" "hkey"="HKLM" "command"="C:\\Program Files\\Ahead\\InCD\\InCD.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Utility] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Logi_MwX" "hkey"="HKLM" "command"="Logi_MwX.Exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mirabilis ICQ] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="ICQNet" "hkey"="HKLM" "command"="C:\\PROGRA~1\\ICQ\\ICQNet.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="msmsgs" "hkey"="HKCU" "command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="NeroCheck" "hkey"="HKLM" "command"="C:\\WINDOWS\\System32\\\\NeroCheck.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\New.net Startup] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="NEWDOT~2" "hkey"="HKLM" "command"="rundll32 C:\\PROGRA~1\\NEWDOT~1\\NEWDOT~2.DLL,NewDotNetStartup" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler] "{5f938c17-fbc7-4a3c-8526-85e5b1a1f762}"="astral" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{3EA18648-FAF6-490D-9C92-8FD729028A58}"="" [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "ctfmon.exe"="C:\\WINDOWS\\System32\\CTFMON.EXE" [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run] "ctfmon.exe"="C:\\WINDOWS\\System32\\CTFMON.EXE" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableRegistryTools"=dword:00000000 [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] LocalService REG_MULTI_SZ AlerterWebClientLmHostsRemoteRegistryupnphostSSDPSRV\ NetworkService REG_MULTI_SZ DnsCache\ rpcss REG_MULTI_SZ RpcSs\ imgsvc REG_MULTI_SZ StiSvc\ termsvcs REG_MULTI_SZ TermService\ HTTPFilter REG_MULTI_SZ HTTPFilter\ DcomLaunch REG_MULTI_SZ DcomLaunchTermService\ -- End of ComboScan: finished at 2007-03-10 at 00:51:09 ------------------------ Supplementary.txt ComboScan v20070306.20 run by Sin on 2007-03-10 at 00:49:38 Supplementary logfile - please post this as an attachment with your post. -------------------------------------------------------------------------------- -- System Information ---------------------------------------------------------- Microsoft Windows XP Professional (build 2600) SP 2.0 Architecture: X86; Language: Chinese CPU 0: Intel® Pentium® 4 CPU 2.40GHz Percentage of Memory in Use: 43% Physical Memory (total/avail): 503.48 MiB / 282.43 MiB Pagefile Memory (total/avail): 1228.03 MiB / 1059.22 MiB Virtual Memory (total/avail): 2047.88 MiB / 1984.36 MiB A: is Removable (No Media) C: is Fixed (FAT32) - 76.3 GiB total, 49.53 GiB free. D: is CDROM (No Media) E: is CDROM (No Media) -- Security Center ------------------------------------------------------------- AUOptions is scheduled to auto-install. Windows Internal Firewall is enabled. -- Environment Variables ------------------------------------------------------- ALLUSERSPROFILE=C:\Documents and Settings\All Users APPDATA=C:\Documents and Settings\Sin\Application Data CLIENTNAME=Console CommonProgramFiles=C:\Program Files\Common Files COMPUTERNAME=SIN-CD9T4F0RBW3 ComSpec=C:\WINDOWS\system32\cmd.exe FP_NO_HOST_CHECK=NO HOMEDRIVE=C: HOMEPATH=\Documents and Settings\Sin LOGONSERVER=\\SIN-CD9T4F0RBW3 NUMBER_OF_PROCESSORS=1 OS=Windows_NT Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Common Files\Autodesk Shared\;C:\Program Files\backburner 2\ PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH PROCESSOR_ARCHITECTURE=x86 PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 5, GenuineIntel PROCESSOR_LEVEL=15 PROCESSOR_REVISION=0205 ProgramFiles=C:\Program Files PROMPT=$P$G SESSIONNAME=Console SystemDrive=C: SystemRoot=C:\WINDOWS TEMP=C:\DOCUME~1\Sin\LOCALS~1\Temp TMP=C:\DOCUME~1\Sin\LOCALS~1\Temp USERDOMAIN=SIN-CD9T4F0RBW3 USERNAME=Sin USERPROFILE=C:\Documents and Settings\Sin windir=C:\WINDOWS -- User Profiles --------------------------------------------------------------- Sin (admin) Administrator (admin) -- Add/Remove Programs --------------------------------------------------------- --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0 --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf Ad-Aware SE Professional --> C:\PROGRA~1\LAVASOFT\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\LAVASOFT\AD-AWA~1\INSTALL.LOG Adobe Acrobat 5.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll" Adobe Atmosphere Player for Acrobat and Adobe Reader --> C:\WINDOWS\atmoUn.exe Adobe Photoshop Album 2.0 Starter Edition --> MsiExec.exe /I{11B569C2-4BF6-4ED0-9D17-A4273943CB24} Adobe Reader 7.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000} Adobe Reader Chinese Traditional Fonts --> MsiExec.exe /I{AC76BA86-7AD7-2448-5A64-7E8A45000001} Adobe Reader for Pocket PC 2.0 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{291A772C-FFB9-4681-B720-AB2A0A620896} AutoCAD 2004 --> MsiExec.exe /I{5783F2D7-0201-0409-0002-0060B0CE6BBA} Autodesk Express Viewer --> C:\PROGRA~1\Autodesk\AUTODE~1\Setup.exe /remove BitComet 0.68 --> C:\Program Files\BitComet\uninst.exe C-Media 3D Audio --> C:\WINDOWS\CMIUnInstall.exe Canon i255 --> C:\WINDOWS\System32\CNMCP52.exe "-PRINTERNAMECanon i255" "-HELPERDLLC:\BJPrinter\CNMWINDOWS\Canon i255 Installer\Inst2\cnmis.dll" "-RCDLLC:\BJPrinter\CNMWINDOWS\Canon i255 Installer\Inst2\cnmi0404.dll" Canon Utilities Easy-PhotoPrint --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Canon\Easy-PhotoPrint\Uninst.isu" -c"C:\Program Files\Canon\Easy-PhotoPrint\EZUNINST.DLL" Codec Pack - All In 1 6.0.1.3 --> C:\WINDOWS\iun6002.exe "C:\Program Files\Codec Pack - All In 1\irunin.ini" DVMatics DVD --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Mediamatics\DVDExpress\Uninst.isu" Easy-WebPrint --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Canon\Easy-WebPrint\Uninst.isu" Firepower Trial v0.95a for ppc2003_arm_xscale --> c:\Firepower_Trial\unins000.exe GMail Drive Shell Extension --> rundll32.exe C:\WINDOWS\System32\ShellExt\GMailFS.dll,Uninstall C:\WINDOWS\System32\ShellExt\GMailFS.inf HijackThis 1.99.1 --> C:\DOCUME~1\Sin\LOCALS~1\Temp\Rar$EX00.921\HijackThis.exe /uninstall ICQ --> C:\PROGRA~1\ICQ\ICQUninstall.EXE Intel® Extreme Graphics Driver --> RUNDLL32.EXE C:\WINDOWS\System32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2572 IVT BlueSoleil --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B9F499B8-D1F0-42FC-84BE-CC552123CCCB}\setup.exe" -l0x404 Java SE Runtime Environment 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000} Kinstone digital focus --> C:\PROGRA~1\KINSTO~1\UNWISE.EXE C:\PROGRA~1\KINSTO~1\INSTALL.LOG KINSTONE USB PC Camera --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime700\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{41E496B5-47F4-11D6-9BBB-00E0987BB2CD}\setup.exe" -l0x9 Logitech MouseWare 9.76 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5809E7CF-4DCF-11D4-9875-00105ACE7734}\setup.exe" -l0x404 -l0404 UNINSTALL Macromedia Flash Player 8 --> C:\WINDOWS\System32\Macromed\Flash\UninstFl.exe Macromedia Shockwave Player --> C:\WINDOWS\system32\MACROMED\SHOCKW~2\UNWISE.EXE C:\WINDOWS\system32\MACROMED\SHOCKW~2\INSTALL.LOG Microsoft ActiveSync 3.7 --> "C:\WINDOWS\ISUN0404.EXE" -f"C:\Program Files\Microsoft ActiveSync\DeIsL1.isu" -c"C:\Program Files\Microsoft ActiveSync\ceuninst.dll" Microsoft Data Access Components KB870669 --> C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf Microsoft Office XP Professional with FrontPage --> MsiExec.exe /I{90280404-6000-11D3-8CFE-0050048383C9} Microsoft Windows XP CD å¯«å…¥ç²¾éˆ HighMAT æ“´å…… --> MsiExec.exe /X{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F} Microsoft Windows ç†è¨˜æœ¬æª¢è¦–å™¨ --> MsiExec.exe /X{43DCF766-6838-4F9A-8C91-D92DA586DFA7} MSN Messenger 7.5 --> MsiExec.exe /I{68DF6432-03EF-11DA-BFBD-00065BBDC0B5} MUSICMATCH Jukebox --> C:\WINDOWS\IsUn0404.exe -f"C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\Uninst.isu" -cC:\PROGRA~1\MUSICM~1\MUSICM~1\unmatch.dll My Search Bar --> mshta res://C:\PROGRA~1\MyWay\myBar\1.bin\mybar.dll/101 Nero - Burning Rom --> MsiExec.exe /X{A4D7B764-4140-11D4-88EB-0050DA3579C0} Panda ActiveScan --> C:\WINDOWS\System32\ASUninst.exe Panda ActiveScan Power Mp3 Cutter(Mp3 Sound Cutter) 1.40 --> "C:\Program Files\Power Mp3 Cutter(Mp3 Sound Cutter)\unins000.exe" PowerDVD --> C:\WINDOWS\uninst.exe -f"C:\Program Files\CyberLink\PowerDVD\DeIsL1.isu" QuickTime --> C:\WINDOWS\unvise32qt.exe C:\WINDOWS\System32\QuickTime\Uninstall.log RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0 Realtek RTL8139/810x Fast Ethernet NIC Driver Setup --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{97AA0C55-AFAD-4126-B21C-F1318FB6DADA}\Setup.exe" -l0x404 REMOVE SafeCast Shared Components --> C:\Program Files\Common Files\Macrovision Shared\SafeCast\Install\CDAC13BA.EXE /uninstall Safety Alert 2006 --> C:\WINDOWS\system32\components\flx6.dll /del2 Shockwave --> C:\WINDOWS\system32\MACROMED\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\MACROMED\SHOCKW~1\Install.log Skype 1.1 --> "C:\Program Files\Skype\Phone\unins000.exe" Winamp (remove only) --> "C:\Program Files\Winamp\UninstWA.exe" Windows XP å®‰å…¨æ€§æ›´æ–° (KB890046) --> "C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe" Windows XP å®‰å…¨æ€§æ›´æ–° (KB893756) --> "C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe" Windows XP å®‰å…¨æ€§æ›´æ–° (KB896358) --> "C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe" Windows XP å®‰å…¨æ€§æ›´æ–° (KB896423) --> "C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe" Windows XP å®‰å…¨æ€§æ›´æ–° (KB896424) --> "C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe" Windows XP å®‰å…¨æ€§æ›´æ–° (KB896428) --> "C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe" Windows XP å®‰å…¨æ€§æ›´æ–° (KB899587) --> "C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe" Windows XP å®‰å…¨æ€§æ›´æ–° (KB899589) --> "C:\WINDOWS\$NtUninstallKB899589$\spuninst\spuninst.exe" Windows XP å®‰å…¨æ€§æ›´æ–° (KB899591) --> "C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe" Windows XP å®‰å…¨æ€§æ›´æ–° (KB900725) --> "C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe" Windows XP å®‰å…¨æ€§æ›´æ–° (KB901017) --> "C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe" Windows XP å®‰å…¨æ€§æ›´æ–° (KB901190) --> "C:\WINDOWS\$NtUninstallKB901190$\spuninst\spuninst.exe" Windows XP å®‰å…¨æ€§æ›´æ–° (KB901214) --> "C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe" Windows XP å®‰å…¨æ€§æ›´æ–° (KB902400) --> "C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe" Windows XP å®‰å…¨æ€§æ›´æ–° (KB904706) --> "C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe" Windows XP å®‰å…¨æ€§æ›´æ–° (KB905414) --> "C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe" Windows XP å®‰å…¨æ€§æ›´æ–° (KB905749) --> "C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe" Windows XP å®‰å…¨æ€§æ›´æ–° (KB908519) --> "C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe" Windows XP å®‰å…¨æ€§æ›´æ–° (KB911562) --> "C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe" Windows XP å®‰å…¨æ€§æ›´æ–° (KB911567) --> "C:\WINDOWS\$NtUninstallKB911567$\spuninst\spuninst.exe" Windows XP å®‰å…¨æ€§æ›´æ–° (KB911927) --> "C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe" Windows XP å®‰å…¨æ€§æ›´æ–° (KB912919) --> "C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe" Windows XP å®‰å…¨æ€§æ›´æ–° (KB913580) --> "C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe" Windows XP å®‰å…¨æ€§æ›´æ–° (KB914388) --> "C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe" Windows XP å®‰å…¨æ€§æ›´æ–° (KB914389) --> "C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe" Windows XP å®‰å…¨æ€§æ›´æ–° (KB917344) --> "C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe" Windows XP å®‰å…¨æ€§æ›´æ–° (KB917422) --> "C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe" Windows XP å®‰å…¨æ€§æ›´æ–° (KB917953) --> "C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe" Windows XP å®‰å…¨æ€§æ›´æ–° (KB918118) --> "C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe" Windows XP å®‰å…¨æ€§æ›´æ–° (KB918439) --> "C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe" Windows XP å®‰å…¨æ€§æ›´æ–° (KB918899) --> "C:\WINDOWS\$NtUninstallKB918899$\spuninst\spuninst.exe" Windows XP å®‰å…¨æ€§æ›´æ–° (KB919007) --> "C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe" Windows XP å®‰å…¨æ€§æ›´æ–° (KB920213) --> "C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe" Windows XP å®‰å…¨æ€§æ›´æ–° (KB920214) --> "C:\WINDOWS\$NtUninstallKB920214$\spuninst\spuninst.exe" Windows XP å®‰å…¨æ€§æ›´æ–° (KB920670) --> "C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe" Windows XP å®‰å…¨æ€§æ›´æ–° (KB920683) --> "C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe" Windows XP å®‰å…¨æ€§æ›´æ–° (KB920685) --> "C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe" Windows XP å®‰å…¨æ€§æ›´æ–° (KB921398) --> "C:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst.exe" Windows XP å®‰å…¨æ€§æ›´æ–° (KB921883) --> "C:\WINDOWS\$NtUninstallKB921883$\spuninst\spuninst.exe" Windows XP å®‰å…¨æ€§æ›´æ–° (KB922616) --> "C:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst.exe" Windows XP å®‰å…¨æ€§æ›´æ–° (KB922760) --> "C:\WINDOWS\$NtUninstallKB922760$\spuninst\spuninst.exe" Windows XP å®‰å…¨æ€§æ›´æ–° (KB922819) --> "C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe" Windows XP å®‰å…¨æ€§æ›´æ–° (KB923191) --> "C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe" Windows XP å®‰å…¨æ€§æ›´æ–° (KB923414) --> "C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe" Windows XP å®‰å…¨æ€§æ›´æ–° (KB923689) --> "C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe" Windows XP å®‰å…¨æ€§æ›´æ–° (KB923694) --> "C:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst.exe" Windows XP å®‰å…¨æ€§æ›´æ–° (KB923980) --> "C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe" Windows XP å®‰å…¨æ€§æ›´æ–° (KB924191) --> "C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe" Windows XP å®‰å…¨æ€§æ›´æ–° (KB924270) --> "C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe" Windows XP å®‰å…¨æ€§æ›´æ–° (KB924496) --> "C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe" Windows XP å®‰å…¨æ€§æ›´æ–° (KB924667) --> "C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe" Windows XP å®‰å…¨æ€§æ›´æ–° (KB925454) --> "C:\WINDOWS\$NtUninstallKB925454$\spuninst\spuninst.exe" Windows XP å®‰å…¨æ€§æ›´æ–° (KB925486) --> "C:\WINDOWS\$NtUninstallKB925486$\spuninst\spuninst.exe" Windows XP å®‰å…¨æ€§æ›´æ–° (KB926255) --> "C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe" Windows XP å®‰å…¨æ€§æ›´æ–° (KB926436) --> "C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe" Windows XP å®‰å…¨æ€§æ›´æ–° (KB927779) --> "C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe" Windows XP å®‰å…¨æ€§æ›´æ–° (KB927802) --> "C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe" Windows XP å®‰å…¨æ€§æ›´æ–° (KB928090) --> "C:\WINDOWS\$NtUninstallKB928090$\spuninst\spuninst.exe" Windows XP å®‰å…¨æ€§æ›´æ–° (KB928255) --> "C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe" Windows XP å®‰å…¨æ€§æ›´æ–° (KB928843) --> "C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe" Windows XP å®‰å…¨æ€§æ›´æ–° (KB929969) --> "C:\WINDOWS\$NtUninstallKB929969$\spuninst\spuninst.exe" Windows XP æ›´æ–° (KB894391) --> "C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe" Windows XP æ›´æ–° (KB898461) --> "C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe" Windows XP æ›´æ–° (KB900485) --> "C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe" Windows XP æ›´æ–° (KB908531) --> "C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe" Windows XP æ›´æ–° (KB910437) --> "C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe" Windows XP æ›´æ–° (KB911280) --> "C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe" Windows XP æ›´æ–° (KB916595) --> "C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe" Windows XP æ›´æ–° (KB920872) --> "C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe" Windows XP æ›´æ–° (KB922582) --> "C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe" Windows XP æ›´æ–° (KB931836) --> "C:\WINDOWS\$NtUninstallKB931836$\spuninst\spuninst.exe" WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe -- End of ComboScan: finished at 2007-03-10 at 00:51:09 ------------------------
- March 9, 2007
- 30 replies
Virus Burst

okrhommn replied to okrhommn's topic in Resolved/Inactive HijackThis Logs

i have then run the HijackThis which scan and fix many of the items. Here is the latest HijackThis Logfile: Logfile of HijackThis v1.99.1 Scan saved at 23:42:08, on 2007-3-9 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\IVT Corporation\IVT BlueSoleil\BTNtService.exe C:\WINDOWS\System32\drivers\CDAC11BA.EXE C:\WINDOWS\system32\pctspk.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\ISHOST.EXE C:\WINDOWS\system32\RunDll32.exe C:\WINDOWS\System32\hkcmd.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\VM_STI.EXE C:\WINDOWS\system32\ismini.exe C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe C:\Program Files\IVT Corporation\IVT BlueSoleil\BlueSoleil.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\EPDOA-1-2\OAHotkey.EXE C:\Documents and Settings\Sin\æ¡Œé¢\HJT.exe.exe F3 - REG:win.ini: load=C:\PROGRA~1\UIupdater.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL (file missing) O4 - HKLM\..\Run: [iMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [bigDogPath] C:\WINDOWS\VM_STI.EXE KINSTONE USB PC Camera O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\PC-cillin 2004\pccguide.exe" O4 - HKLM\..\Run: [PCClient.exe] "C:\Program Files\Trend Micro\PC-cillin 2004\PCClient.exe" O4 - HKLM\..\Run: [TM Outbreak Agent] "C:\Program Files\Trend Micro\PC-cillin 2004\TMOAgent.exe" /run O4 - HKLM\..\Run: [internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe" O4 - HKLM\..\Run: [uIupdater] C:\PROGRA~1\UIupdater.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" O8 - Extra context menu item: åŒ¯å‡ºè‡³ Microsoft Excel(&X) - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java î™ŠåŒ—î™¾ - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra button: î‚•?ï¸½ç¬†ç¨‹? - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll O9 - Extra 'Tools' menuitem: î‚•?ï¸½ç¬†ç¨‹?... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {3AC7F64E-6154-47B0-82B5-764ED4077F77} (DataStorage Class) - http://txn.hkjc.com/BetSlip/object/HKJCSecKey.cab O16 - DPF: {5EC7C511-CD0F-42E6-830C-1BD9882F3458} (PowerPlayer Control) - http://download.ppstream.com/bin/powerplayer.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {9ADACAA6-533E-4383-AFA7-F0A66650B6D8} (VqqSpeedDlProxy Class) - http://im.qq.com/vqqsdl1230.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab34246.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\IVT BlueSoleil\BTNtService.exe O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe Following is the rapport.txt created by SmitfraudFix: SmitFraudFix v2.132 Scan done at 23:48:44.07, 2007-03-09 æ˜ŸæœŸäº” Run from C:\Documents and Settings\Sin\æ¡Œé¢\SmitfraudFix OS: Microsoft Windows XP [ç‰ˆæœ¬ 5.1.2600] - Windows_NT The filesystem type is FAT32 Fix run in normal mode é™é™é™é™é™é™é™é™é™é™é™é™ C:\ é™é™é™é™é™é™é™é™é™é™é™é™ C:\WINDOWS é™é™é™é™é™é™é™é™é™é™é™é™ C:\WINDOWS\system é™é™é™é™é™é™é™é™é™é™é™é™ C:\WINDOWS\Web é™é™é™é™é™é™é™é™é™é™é™é™ C:\WINDOWS\system32 C:\WINDOWS\system32\ishost.exe FOUND ! C:\WINDOWS\system32\ismini.exe FOUND ! C:\WINDOWS\system32\olnohdw.dll FOUND ! C:\WINDOWS\system32\ot.ico FOUND ! C:\WINDOWS\system32\ts.ico FOUND ! C:\WINDOWS\system32\components\flx?.dll FOUND ! C:\WINDOWS\system32\components\flx??.dll FOUND ! C:\WINDOWS\system32\components\flx???.dll FOUND ! é™é™é™é™é™é™é™é™é™é™é™é™ C:\Documents and Settings\Sin é™é™é™é™é™é™é™é™é™é™é™é™ C:\Documents and Settings\Sin\Application Data é™é™é™é™é™é™é™é™é™é™é™é™ Start Menu é™é™é™é™é™é™é™é™é™é™é™é™ C:\DOCUME~1\SIN\FAVORI~1 é™é™é™é™é™é™é™é™é™é™é™é™ Desktop é™é™é™é™é™é™é™é™é™é™é™é™ C:\Program Files C:\Program Files\VirusBurster\ FOUND ! é™é™é™é™é™é™é™é™é™é™é™é™ Corrupted keys é™é™é™é™é™é™é™é™é™é™é™é™ Desktop Components [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="My Current Home Page" é™é™é™é™é™é™é™é™é™é™é™é™ Sharedtaskscheduler !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "{5f938c17-fbc7-4a3c-8526-85e5b1a1f762}"="astral" [HKEY_CLASSES_ROOT\CLSID\{5f938c17-fbc7-4a3c-8526-85e5b1a1f762}\InProcServer32] @="C:\WINDOWS\system32\olnohdw.dll" [HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{5f938c17-fbc7-4a3c-8526-85e5b1a1f762}\InProcServer32] @="C:\WINDOWS\system32\olnohdw.dll" é™é™é™é™é™é™é™é™é™é™é™é™ AppInit_DLLs !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="" é™é™é™é™é™é™é™é™é™é™é™é™ Winlogon.System !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "System"="" é™é™é™é™é™é™é™é™é™é™é™é™ pe386-msguard-lzx32 é™é™é™é™é™é™é™é™é™é™é™é™ Scanning wininet.dll infection é™é™é™é™é™é™é™é™é™é™é™é™ End
- March 9, 2007
- 30 replies
Virus Burst

okrhommn replied to okrhommn's topic in Resolved/Inactive HijackThis Logs

Sorry for late reply. i have sent ISHOST.EXE and ismini.exe to http://www.virustotal.com/en/indeex.html for a full scan. But i can't find the other three files from my computer. this is the scan report of ISHOST.EXE Antivirus Version Update Result AntiVir 7.3.1.41 03.09.2007 TR/Dldr.Zlob.AEV.2 Authentium 4.93.8 03.08.2007 W32/Downloader.AWVM Avast 4.7.936.0 03.09.2007 no virus found AVG 7.5.0.447 03.08.2007 Downloader.Zlob.GDD BitDefender 7.2 03.09.2007 Trojan.Zlob.2.Gen CAT-QuickHeal 9.00 03.08.2007 TrojanDownloader.Zlob.bfb ClamAV devel-20060426 03.09.2007 no virus found DrWeb 4.33 03.09.2007 Trojan.Popuper eSafe 7.0.14.0 03.08.2007 Win32.Zlob.bfb eTrust-Vet 30.6.3467 03.09.2007 Win32/Puper!generic Ewido 4.0 03.09.2007 Downloader.Zlob.bfb FileAdvisor 1 03.09.2007 no virus found Fortinet 2.85.0.0 03.09.2007 W32/Zlob.BFB!tr.dldr F-Prot 4.3.1.45 03.08.2007 W32/Downloader.AWVM F-Secure 6.70.13030.0 03.09.2007 Trojan-Downloader.Win32.Zlob.bfb Ikarus T3.1.1.3 03.09.2007 Trojan-Downloader.Win32.Zlob.bfb Kaspersky 4.0.2.24 03.09.2007 Trojan-Downloader.Win32.Zlob.bfb McAfee 4980 03.08.2007 no virus found Microsoft 1.2204 03.09.2007 TrojanDownloader:Win32/Zlob.gen NOD32v2 2105 03.09.2007 a variant of Win32/TrojanDownloader.Zlob.ANJ Norman 5.80.02 03.09.2007 W32/Zlob.YRB Panda 9.0.0.4 03.09.2007 Adware/SecurityError Prevx1 V2 03.09.2007 SpywareQuake Sophos 4.15.0 03.09.2007 no virus found Sunbelt 2.2.907.0 03.07.2007 Trojan-Downloader.Zlob.Media-Codec Symantec 10 03.09.2007 Trojan.Zlob TheHacker 6.1.6.073 03.09.2007 Trojan/Downloader.Zlob.bfb UNA 1.83 03.07.2007 TrojanDownloader.Win32.Zlob.8B78 VBA32 3.11.2 03.08.2007 Trojan.Popuper VirusBuster 4.3.19:9 03.09.2007 no virus found And it is the scan report of ismini.exe Antivirus Version Update Result AntiVir 7.3.1.41 03.09.2007 TR/Dldr.Zlob.AAZ.1 Authentium 4.93.8 03.08.2007 W32/Downloader.AWXP Avast 4.7.936.0 03.09.2007 Win32:Zlob-MW AVG 7.5.0.447 03.08.2007 Downloader.Zlob.GDY BitDefender 7.2 03.09.2007 Trojan.Downloader.Zlob.AEN CAT-QuickHeal 9.00 03.08.2007 TrojanDownloader.Zlob.bfb ClamAV devel-20060426 03.09.2007 no virus found DrWeb 4.33 03.09.2007 Trojan.Popuper eSafe 7.0.14.0 03.08.2007 Win32.Zlob.bfb eTrust-Vet 30.6.3467 03.09.2007 Win32/Puper!generic Ewido 4.0 03.09.2007 Downloader.Zlob.bfb FileAdvisor 1 03.09.2007 no virus found Fortinet 2.85.0.0 03.09.2007 W32/Zlob.BFB!tr.dldr F-Prot 4.3.1.45 03.08.2007 W32/Downloader.AWXP F-Secure 6.70.13030.0 03.09.2007 Trojan-Downloader.Win32.Zlob.bfb Ikarus T3.1.1.3 03.09.2007 Trojan-Downloader.Win32.Zlob.adt Kaspersky 4.0.2.24 03.09.2007 Trojan-Downloader.Win32.Zlob.bfb McAfee 4980 03.08.2007 no virus found Microsoft 1.2204 03.09.2007 TrojanDownloader:Win32/Zlob.gen NOD32v2 2105 03.09.2007 Win32/TrojanDownloader.Zlob.ANJ Norman 5.80.02 03.09.2007 W32/Zlob.ACZR Panda 9.0.0.4 03.09.2007 Adware/SecurityError Prevx1 V2 03.09.2007 SpywareQuake Sophos 4.15.0 03.09.2007 no virus found Sunbelt 2.2.907.0 03.07.2007 Trojan-Downloader.Zlob.Media-Codec Symantec 10 03.09.2007 Trojan.Zlob TheHacker 6.1.6.073 03.09.2007 Trojan/Downloader.Zlob.bfb UNA 1.83 03.07.2007 TrojanDownloader.Win32.Zlob.D377 VBA32 3.11.2 03.08.2007 MalwareScope.Downloader.Zlob.1 VirusBuster 4.3.19:9 03.08.2007 no virus found
- March 9, 2007
- 30 replies
Virus Burst

okrhommn replied to okrhommn's topic in Resolved/Inactive HijackThis Logs

Logfile of HijackThis v1.99.1 Scan saved at 23:55:28, on 2007-2-21 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\IVT Corporation\IVT BlueSoleil\BTNtService.exe C:\WINDOWS\System32\drivers\CDAC11BA.EXE C:\WINDOWS\system32\pctspk.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ISHOST.EXE C:\WINDOWS\system32\RunDll32.exe C:\WINDOWS\System32\hkcmd.exe C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\VM_STI.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Java\j2re1.4.2_03\bin\jucheck.exe C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe C:\Program Files\IVT Corporation\IVT BlueSoleil\BlueSoleil.exe C:\EPDOA-1-2\OAHotkey.EXE C:\WINDOWS\system32\ismini.exe C:\WINDOWS\system32\wscntfy.exe C:\Documents and Settings\Sin\桌面\HJT.exe.exe F3 - REG:win.ini: load=C:\PROGRA~1\UIupdater.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: QQIEHelper - {54EBD53A-9BC1-480B-966A-843A333CA162} - C:\Program Files\Tencent\QQ\QQIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL (file missing) O4 - HKLM\..\Run: [iMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [bigDogPath] C:\WINDOWS\VM_STI.EXE KINSTONE USB PC Camera O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\PC-cillin 2004\pccguide.exe" O4 - HKLM\..\Run: [PCClient.exe] "C:\Program Files\Trend Micro\PC-cillin 2004\PCClient.exe" O4 - HKLM\..\Run: [TM Outbreak Agent] "C:\Program Files\Trend Micro\PC-cillin 2004\TMOAgent.exe" /run O4 - HKLM\..\Run: [internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe" O4 - HKLM\..\Run: [5qe7h7m1] C:\WINDOWS\System32\5qe7h7m1.exe O4 - HKLM\..\Run: [uIupdater] C:\PROGRA~1\UIupdater.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" O4 - HKCU\..\Run: [WinFixer2006] "C:\Program Files\WinFixer_2006\uwfx6.exe" /scan O4 - HKCU\..\Run: [Kerne0223] C:\WINDOWS\System32\Kerne0223.exe O8 - Extra context menu item: 上?到QQ网?硬? - C:\Program Files\Tencent\QQ\AddToNetDisk.htm O8 - Extra context menu item: 上傳到QQ網路硬碟 - C:\Program Files\Tencent\QQ\AddToNetDisk.htm O8 - Extra context menu item: 匯出至 Microsoft Excel(&X) - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: 新增到QQ自定義面板 - C:\Program Files\Tencent\QQ\AddPanel.htm O8 - Extra context menu item: 新增到QQ表情 - C:\Program Files\Tencent\QQ\AddEmotion.htm O8 - Extra context menu item: 氝樓善QQ桶 - C:\Program Files\Tencent\QQ\AddEmotion.htm O8 - Extra context menu item: 氝樓善QQ赻隅砱醱啣 - C:\Program Files\Tencent\QQ\AddPanel.htm O8 - Extra context menu item: 添加到QQ自定?面板 - C:\Program Files\Tencent\QQ\AddPanel.htm O8 - Extra context menu item: 添加到QQ自定義面板 - C:\Program Files\Tencent\QQ\AddPanel.htm O8 - Extra context menu item: 添加到QQ自定義面版 - C:\Program Files\Tencent\QQ\AddPanel.htm O8 - Extra context menu item: 添加到QQ表情 - C:\Program Files\Tencent\QQ\AddEmotion.htm O8 - Extra context menu item: 用QQ MMS傳送該圖片 - C:\Program Files\Tencent\QQ\SendMMS.htm O8 - Extra context menu item: 用QQ彩信?送??片 - C:\Program Files\Tencent\QQ\SendMMS.htm O8 - Extra context menu item: 用QQ彩信傳送該圖片 - C:\Program Files\Tencent\QQ\SendMMS.htm O8 - Extra context menu item: 用QQ彩信發送該圖片 - C:\Program Files\Tencent\QQ\SendMMS.htm O8 - Extra context menu item: 蚚QQ粗陓楷冞蜆芞 - C:\Program Files\Tencent\QQ\SendMMS.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java 北 - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra button: ?︽笆程? - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll O9 - Extra 'Tools' menuitem: ?︽笆程?... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\QQ\QQ.EXE O9 - Extra 'Tools' menuitem: 乃癟QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\QQ\QQ.EXE O9 - Extra button: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - C:\Program Files\Tencent\QQ\QQIEHelper.dll O9 - Extra 'Tools' menuitem: QQ炫彩工具??置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - C:\Program Files\Tencent\QQ\QQIEHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {3AC7F64E-6154-47B0-82B5-764ED4077F77} (DataStorage Class) - http://txn.hkjc.com/BetSlip/object/HKJCSecKey.cab O16 - DPF: {5EC7C511-CD0F-42E6-830C-1BD9882F3458} (PowerPlayer Control) - http://download.ppstream.com/bin/powerplayer.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {9ADACAA6-533E-4383-AFA7-F0A66650B6D8} (VqqSpeedDlProxy Class) - http://im.qq.com/vqqsdl1230.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab34246.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\IVT BlueSoleil\BTNtService.exe O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
- February 25, 2007
- 30 replies
Virus Burst

okrhommn replied to okrhommn's topic in Resolved/Inactive HijackThis Logs

Logfile of HijackThis v1.99.1 Scan saved at 23:55:28, on 2007-2-21 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\IVT Corporation\IVT BlueSoleil\BTNtService.exe C:\WINDOWS\System32\drivers\CDAC11BA.EXE C:\WINDOWS\system32\pctspk.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ISHOST.EXE C:\WINDOWS\system32\RunDll32.exe C:\WINDOWS\System32\hkcmd.exe C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\VM_STI.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Java\j2re1.4.2_03\bin\jucheck.exe C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe C:\Program Files\IVT Corporation\IVT BlueSoleil\BlueSoleil.exe C:\EPDOA-1-2\OAHotkey.EXE C:\WINDOWS\system32\ismini.exe C:\WINDOWS\system32\wscntfy.exe C:\Documents and Settings\Sin\桌面\HJT.exe.exe F3 - REG:win.ini: load=C:\PROGRA~1\UIupdater.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: QQIEHelper - {54EBD53A-9BC1-480B-966A-843A333CA162} - C:\Program Files\Tencent\QQ\QQIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL (file missing) O4 - HKLM\..\Run: [iMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [bigDogPath] C:\WINDOWS\VM_STI.EXE KINSTONE USB PC Camera O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\PC-cillin 2004\pccguide.exe" O4 - HKLM\..\Run: [PCClient.exe] "C:\Program Files\Trend Micro\PC-cillin 2004\PCClient.exe" O4 - HKLM\..\Run: [TM Outbreak Agent] "C:\Program Files\Trend Micro\PC-cillin 2004\TMOAgent.exe" /run O4 - HKLM\..\Run: [internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe" O4 - HKLM\..\Run: [5qe7h7m1] C:\WINDOWS\System32\5qe7h7m1.exe O4 - HKLM\..\Run: [uIupdater] C:\PROGRA~1\UIupdater.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" O4 - HKCU\..\Run: [WinFixer2006] "C:\Program Files\WinFixer_2006\uwfx6.exe" /scan O4 - HKCU\..\Run: [Kerne0223] C:\WINDOWS\System32\Kerne0223.exe O8 - Extra context menu item: 上?到QQ网?硬? - C:\Program Files\Tencent\QQ\AddToNetDisk.htm O8 - Extra context menu item: 上傳到QQ網路硬碟 - C:\Program Files\Tencent\QQ\AddToNetDisk.htm O8 - Extra context menu item: 匯出至 Microsoft Excel(&X) - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: 新增到QQ自定義面板 - C:\Program Files\Tencent\QQ\AddPanel.htm O8 - Extra context menu item: 新增到QQ表情 - C:\Program Files\Tencent\QQ\AddEmotion.htm O8 - Extra context menu item: 氝樓善QQ桶 - C:\Program Files\Tencent\QQ\AddEmotion.htm O8 - Extra context menu item: 氝樓善QQ赻隅砱醱啣 - C:\Program Files\Tencent\QQ\AddPanel.htm O8 - Extra context menu item: 添加到QQ自定?面板 - C:\Program Files\Tencent\QQ\AddPanel.htm O8 - Extra context menu item: 添加到QQ自定義面板 - C:\Program Files\Tencent\QQ\AddPanel.htm O8 - Extra context menu item: 添加到QQ自定義面版 - C:\Program Files\Tencent\QQ\AddPanel.htm O8 - Extra context menu item: 添加到QQ表情 - C:\Program Files\Tencent\QQ\AddEmotion.htm O8 - Extra context menu item: 用QQ MMS傳送該圖片 - C:\Program Files\Tencent\QQ\SendMMS.htm O8 - Extra context menu item: 用QQ彩信?送??片 - C:\Program Files\Tencent\QQ\SendMMS.htm O8 - Extra context menu item: 用QQ彩信傳送該圖片 - C:\Program Files\Tencent\QQ\SendMMS.htm O8 - Extra context menu item: 用QQ彩信發送該圖片 - C:\Program Files\Tencent\QQ\SendMMS.htm O8 - Extra context menu item: 蚚QQ粗陓楷冞蜆芞 - C:\Program Files\Tencent\QQ\SendMMS.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java 北 - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra button: ?︽笆程? - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll O9 - Extra 'Tools' menuitem: ?︽笆程?... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\QQ\QQ.EXE O9 - Extra 'Tools' menuitem: 乃癟QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\QQ\QQ.EXE O9 - Extra button: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - C:\Program Files\Tencent\QQ\QQIEHelper.dll O9 - Extra 'Tools' menuitem: QQ炫彩工具??置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - C:\Program Files\Tencent\QQ\QQIEHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {3AC7F64E-6154-47B0-82B5-764ED4077F77} (DataStorage Class) - http://txn.hkjc.com/BetSlip/object/HKJCSecKey.cab O16 - DPF: {5EC7C511-CD0F-42E6-830C-1BD9882F3458} (PowerPlayer Control) - http://download.ppstream.com/bin/powerplayer.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {9ADACAA6-533E-4383-AFA7-F0A66650B6D8} (VqqSpeedDlProxy Class) - http://im.qq.com/vqqsdl1230.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab34246.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\IVT BlueSoleil\BTNtService.exe O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
- February 25, 2007
- 30 replies
Virus Burst

okrhommn replied to okrhommn's topic in Resolved/Inactive HijackThis Logs

Logfile of HijackThis v1.99.1 Scan saved at 23:55:28, on 2007-2-21 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\IVT Corporation\IVT BlueSoleil\BTNtService.exe C:\WINDOWS\System32\drivers\CDAC11BA.EXE C:\WINDOWS\system32\pctspk.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ISHOST.EXE C:\WINDOWS\system32\RunDll32.exe C:\WINDOWS\System32\hkcmd.exe C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\VM_STI.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Java\j2re1.4.2_03\bin\jucheck.exe C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe C:\Program Files\IVT Corporation\IVT BlueSoleil\BlueSoleil.exe C:\EPDOA-1-2\OAHotkey.EXE C:\WINDOWS\system32\ismini.exe C:\WINDOWS\system32\wscntfy.exe C:\Documents and Settings\Sin\桌面\HJT.exe.exe F3 - REG:win.ini: load=C:\PROGRA~1\UIupdater.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: QQIEHelper - {54EBD53A-9BC1-480B-966A-843A333CA162} - C:\Program Files\Tencent\QQ\QQIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL (file missing) O4 - HKLM\..\Run: [iMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [bigDogPath] C:\WINDOWS\VM_STI.EXE KINSTONE USB PC Camera O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\PC-cillin 2004\pccguide.exe" O4 - HKLM\..\Run: [PCClient.exe] "C:\Program Files\Trend Micro\PC-cillin 2004\PCClient.exe" O4 - HKLM\..\Run: [TM Outbreak Agent] "C:\Program Files\Trend Micro\PC-cillin 2004\TMOAgent.exe" /run O4 - HKLM\..\Run: [internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe" O4 - HKLM\..\Run: [5qe7h7m1] C:\WINDOWS\System32\5qe7h7m1.exe O4 - HKLM\..\Run: [uIupdater] C:\PROGRA~1\UIupdater.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" O4 - HKCU\..\Run: [WinFixer2006] "C:\Program Files\WinFixer_2006\uwfx6.exe" /scan O4 - HKCU\..\Run: [Kerne0223] C:\WINDOWS\System32\Kerne0223.exe O8 - Extra context menu item: 上?到QQ网?硬? - C:\Program Files\Tencent\QQ\AddToNetDisk.htm O8 - Extra context menu item: 上傳到QQ網路硬碟 - C:\Program Files\Tencent\QQ\AddToNetDisk.htm O8 - Extra context menu item: 匯出至 Microsoft Excel(&X) - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: 新增到QQ自定義面板 - C:\Program Files\Tencent\QQ\AddPanel.htm O8 - Extra context menu item: 新增到QQ表情 - C:\Program Files\Tencent\QQ\AddEmotion.htm O8 - Extra context menu item: 氝樓善QQ桶 - C:\Program Files\Tencent\QQ\AddEmotion.htm O8 - Extra context menu item: 氝樓善QQ赻隅砱醱啣 - C:\Program Files\Tencent\QQ\AddPanel.htm O8 - Extra context menu item: 添加到QQ自定?面板 - C:\Program Files\Tencent\QQ\AddPanel.htm O8 - Extra context menu item: 添加到QQ自定義面板 - C:\Program Files\Tencent\QQ\AddPanel.htm O8 - Extra context menu item: 添加到QQ自定義面版 - C:\Program Files\Tencent\QQ\AddPanel.htm O8 - Extra context menu item: 添加到QQ表情 - C:\Program Files\Tencent\QQ\AddEmotion.htm O8 - Extra context menu item: 用QQ MMS傳送該圖片 - C:\Program Files\Tencent\QQ\SendMMS.htm O8 - Extra context menu item: 用QQ彩信?送??片 - C:\Program Files\Tencent\QQ\SendMMS.htm O8 - Extra context menu item: 用QQ彩信傳送該圖片 - C:\Program Files\Tencent\QQ\SendMMS.htm O8 - Extra context menu item: 用QQ彩信發送該圖片 - C:\Program Files\Tencent\QQ\SendMMS.htm O8 - Extra context menu item: 蚚QQ粗陓楷冞蜆芞 - C:\Program Files\Tencent\QQ\SendMMS.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java 北 - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra button: ?︽笆程? - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll O9 - Extra 'Tools' menuitem: ?︽笆程?... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\QQ\QQ.EXE O9 - Extra 'Tools' menuitem: 乃癟QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\QQ\QQ.EXE O9 - Extra button: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - C:\Program Files\Tencent\QQ\QQIEHelper.dll O9 - Extra 'Tools' menuitem: QQ炫彩工具??置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - C:\Program Files\Tencent\QQ\QQIEHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {3AC7F64E-6154-47B0-82B5-764ED4077F77} (DataStorage Class) - http://txn.hkjc.com/BetSlip/object/HKJCSecKey.cab O16 - DPF: {5EC7C511-CD0F-42E6-830C-1BD9882F3458} (PowerPlayer Control) - http://download.ppstream.com/bin/powerplayer.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {9ADACAA6-533E-4383-AFA7-F0A66650B6D8} (VqqSpeedDlProxy Class) - http://im.qq.com/vqqsdl1230.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab34246.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\IVT BlueSoleil\BTNtService.exe O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
- February 21, 2007
- 30 replies
Virus Burst

okrhommn replied to okrhommn's topic in Resolved/Inactive HijackThis Logs

Logfile of HijackThis v1.99.1 Scan saved at 23:55:28, on 2007-2-21 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\IVT Corporation\IVT BlueSoleil\BTNtService.exe C:\WINDOWS\System32\drivers\CDAC11BA.EXE C:\WINDOWS\system32\pctspk.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ISHOST.EXE C:\WINDOWS\system32\RunDll32.exe C:\WINDOWS\System32\hkcmd.exe C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\VM_STI.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Java\j2re1.4.2_03\bin\jucheck.exe C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe C:\Program Files\IVT Corporation\IVT BlueSoleil\BlueSoleil.exe C:\EPDOA-1-2\OAHotkey.EXE C:\WINDOWS\system32\ismini.exe C:\WINDOWS\system32\wscntfy.exe C:\Documents and Settings\Sin\桌面\HJT.exe.exe F3 - REG:win.ini: load=C:\PROGRA~1\UIupdater.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: QQIEHelper - {54EBD53A-9BC1-480B-966A-843A333CA162} - C:\Program Files\Tencent\QQ\QQIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL (file missing) O4 - HKLM\..\Run: [iMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [bigDogPath] C:\WINDOWS\VM_STI.EXE KINSTONE USB PC Camera O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\PC-cillin 2004\pccguide.exe" O4 - HKLM\..\Run: [PCClient.exe] "C:\Program Files\Trend Micro\PC-cillin 2004\PCClient.exe" O4 - HKLM\..\Run: [TM Outbreak Agent] "C:\Program Files\Trend Micro\PC-cillin 2004\TMOAgent.exe" /run O4 - HKLM\..\Run: [internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe" O4 - HKLM\..\Run: [5qe7h7m1] C:\WINDOWS\System32\5qe7h7m1.exe O4 - HKLM\..\Run: [uIupdater] C:\PROGRA~1\UIupdater.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" O4 - HKCU\..\Run: [WinFixer2006] "C:\Program Files\WinFixer_2006\uwfx6.exe" /scan O4 - HKCU\..\Run: [Kerne0223] C:\WINDOWS\System32\Kerne0223.exe O8 - Extra context menu item: 上?到QQ网?硬? - C:\Program Files\Tencent\QQ\AddToNetDisk.htm O8 - Extra context menu item: 上傳到QQ網路硬碟 - C:\Program Files\Tencent\QQ\AddToNetDisk.htm O8 - Extra context menu item: 匯出至 Microsoft Excel(&X) - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: 新增到QQ自定義面板 - C:\Program Files\Tencent\QQ\AddPanel.htm O8 - Extra context menu item: 新增到QQ表情 - C:\Program Files\Tencent\QQ\AddEmotion.htm O8 - Extra context menu item: 氝樓善QQ桶 - C:\Program Files\Tencent\QQ\AddEmotion.htm O8 - Extra context menu item: 氝樓善QQ赻隅砱醱啣 - C:\Program Files\Tencent\QQ\AddPanel.htm O8 - Extra context menu item: 添加到QQ自定?面板 - C:\Program Files\Tencent\QQ\AddPanel.htm O8 - Extra context menu item: 添加到QQ自定義面板 - C:\Program Files\Tencent\QQ\AddPanel.htm O8 - Extra context menu item: 添加到QQ自定義面版 - C:\Program Files\Tencent\QQ\AddPanel.htm O8 - Extra context menu item: 添加到QQ表情 - C:\Program Files\Tencent\QQ\AddEmotion.htm O8 - Extra context menu item: 用QQ MMS傳送該圖片 - C:\Program Files\Tencent\QQ\SendMMS.htm O8 - Extra context menu item: 用QQ彩信?送??片 - C:\Program Files\Tencent\QQ\SendMMS.htm O8 - Extra context menu item: 用QQ彩信傳送該圖片 - C:\Program Files\Tencent\QQ\SendMMS.htm O8 - Extra context menu item: 用QQ彩信發送該圖片 - C:\Program Files\Tencent\QQ\SendMMS.htm O8 - Extra context menu item: 蚚QQ粗陓楷冞蜆芞 - C:\Program Files\Tencent\QQ\SendMMS.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java 北 - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra button: ?︽笆程? - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll O9 - Extra 'Tools' menuitem: ?︽笆程?... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\QQ\QQ.EXE O9 - Extra 'Tools' menuitem: 乃癟QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\QQ\QQ.EXE O9 - Extra button: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - C:\Program Files\Tencent\QQ\QQIEHelper.dll O9 - Extra 'Tools' menuitem: QQ炫彩工具??置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - C:\Program Files\Tencent\QQ\QQIEHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {3AC7F64E-6154-47B0-82B5-764ED4077F77} (DataStorage Class) - http://txn.hkjc.com/BetSlip/object/HKJCSecKey.cab O16 - DPF: {5EC7C511-CD0F-42E6-830C-1BD9882F3458} (PowerPlayer Control) - http://download.ppstream.com/bin/powerplayer.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {9ADACAA6-533E-4383-AFA7-F0A66650B6D8} (VqqSpeedDlProxy Class) - http://im.qq.com/vqqsdl1230.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab34246.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\IVT BlueSoleil\BTNtService.exe O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
- February 21, 2007
- 30 replies
Virus Burst

okrhommn replied to okrhommn's topic in Resolved/Inactive HijackThis Logs

Logfile of HijackThis v1.99.1 Scan saved at 23:55:28, on 2007-2-21 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\IVT Corporation\IVT BlueSoleil\BTNtService.exe C:\WINDOWS\System32\drivers\CDAC11BA.EXE C:\WINDOWS\system32\pctspk.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ISHOST.EXE C:\WINDOWS\system32\RunDll32.exe C:\WINDOWS\System32\hkcmd.exe C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\VM_STI.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Java\j2re1.4.2_03\bin\jucheck.exe C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe C:\Program Files\IVT Corporation\IVT BlueSoleil\BlueSoleil.exe C:\EPDOA-1-2\OAHotkey.EXE C:\WINDOWS\system32\ismini.exe C:\WINDOWS\system32\wscntfy.exe C:\Documents and Settings\Sin\桌面\HJT.exe.exe F3 - REG:win.ini: load=C:\PROGRA~1\UIupdater.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: QQIEHelper - {54EBD53A-9BC1-480B-966A-843A333CA162} - C:\Program Files\Tencent\QQ\QQIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL (file missing) O4 - HKLM\..\Run: [iMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [bigDogPath] C:\WINDOWS\VM_STI.EXE KINSTONE USB PC Camera O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\PC-cillin 2004\pccguide.exe" O4 - HKLM\..\Run: [PCClient.exe] "C:\Program Files\Trend Micro\PC-cillin 2004\PCClient.exe" O4 - HKLM\..\Run: [TM Outbreak Agent] "C:\Program Files\Trend Micro\PC-cillin 2004\TMOAgent.exe" /run O4 - HKLM\..\Run: [internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe" O4 - HKLM\..\Run: [5qe7h7m1] C:\WINDOWS\System32\5qe7h7m1.exe O4 - HKLM\..\Run: [uIupdater] C:\PROGRA~1\UIupdater.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" O4 - HKCU\..\Run: [WinFixer2006] "C:\Program Files\WinFixer_2006\uwfx6.exe" /scan O4 - HKCU\..\Run: [Kerne0223] C:\WINDOWS\System32\Kerne0223.exe O8 - Extra context menu item: 上?到QQ网?硬? - C:\Program Files\Tencent\QQ\AddToNetDisk.htm O8 - Extra context menu item: 上傳到QQ網路硬碟 - C:\Program Files\Tencent\QQ\AddToNetDisk.htm O8 - Extra context menu item: 匯出至 Microsoft Excel(&X) - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: 新增到QQ自定義面板 - C:\Program Files\Tencent\QQ\AddPanel.htm O8 - Extra context menu item: 新增到QQ表情 - C:\Program Files\Tencent\QQ\AddEmotion.htm O8 - Extra context menu item: 氝樓善QQ桶 - C:\Program Files\Tencent\QQ\AddEmotion.htm O8 - Extra context menu item: 氝樓善QQ赻隅砱醱啣 - C:\Program Files\Tencent\QQ\AddPanel.htm O8 - Extra context menu item: 添加到QQ自定?面板 - C:\Program Files\Tencent\QQ\AddPanel.htm O8 - Extra context menu item: 添加到QQ自定義面板 - C:\Program Files\Tencent\QQ\AddPanel.htm O8 - Extra context menu item: 添加到QQ自定義面版 - C:\Program Files\Tencent\QQ\AddPanel.htm O8 - Extra context menu item: 添加到QQ表情 - C:\Program Files\Tencent\QQ\AddEmotion.htm O8 - Extra context menu item: 用QQ MMS傳送該圖片 - C:\Program Files\Tencent\QQ\SendMMS.htm O8 - Extra context menu item: 用QQ彩信?送??片 - C:\Program Files\Tencent\QQ\SendMMS.htm O8 - Extra context menu item: 用QQ彩信傳送該圖片 - C:\Program Files\Tencent\QQ\SendMMS.htm O8 - Extra context menu item: 用QQ彩信發送該圖片 - C:\Program Files\Tencent\QQ\SendMMS.htm O8 - Extra context menu item: 蚚QQ粗陓楷冞蜆芞 - C:\Program Files\Tencent\QQ\SendMMS.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java 北 - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra button: ?︽笆程? - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll O9 - Extra 'Tools' menuitem: ?︽笆程?... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\QQ\QQ.EXE O9 - Extra 'Tools' menuitem: 乃癟QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\QQ\QQ.EXE O9 - Extra button: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - C:\Program Files\Tencent\QQ\QQIEHelper.dll O9 - Extra 'Tools' menuitem: QQ炫彩工具??置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - C:\Program Files\Tencent\QQ\QQIEHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {3AC7F64E-6154-47B0-82B5-764ED4077F77} (DataStorage Class) - http://txn.hkjc.com/BetSlip/object/HKJCSecKey.cab O16 - DPF: {5EC7C511-CD0F-42E6-830C-1BD9882F3458} (PowerPlayer Control) - http://download.ppstream.com/bin/powerplayer.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {9ADACAA6-533E-4383-AFA7-F0A66650B6D8} (VqqSpeedDlProxy Class) - http://im.qq.com/vqqsdl1230.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab34246.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\IVT BlueSoleil\BTNtService.exe O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
- February 21, 2007
- 30 replies
Virus Burst

okrhommn replied to okrhommn's topic in Resolved/Inactive HijackThis Logs

Logfile of HijackThis v1.99.1 Scan saved at 22:30:43, on 2007-2-21 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\IVT Corporation\IVT BlueSoleil\BTNtService.exe C:\WINDOWS\System32\drivers\CDAC11BA.EXE C:\WINDOWS\system32\pctspk.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ISHOST.EXE C:\WINDOWS\system32\RunDll32.exe C:\WINDOWS\System32\hkcmd.exe C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\VM_STI.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Java\j2re1.4.2_03\bin\jucheck.exe C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe C:\Program Files\IVT Corporation\IVT BlueSoleil\BlueSoleil.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\EPDOA-1-2\OAHotkey.EXE C:\WINDOWS\system32\ismini.exe C:\WINDOWS\system32\wscntfy.exe C:\Documents and Settings\Sin\桌面\HJT.exe.exe F3 - REG:win.ini: load=C:\PROGRA~1\UIupdater.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: QQIEHelper - {54EBD53A-9BC1-480B-966A-843A333CA162} - C:\Program Files\Tencent\QQ\QQIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL (file missing) O4 - HKLM\..\Run: [iMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [bigDogPath] C:\WINDOWS\VM_STI.EXE KINSTONE USB PC Camera O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\PC-cillin 2004\pccguide.exe" O4 - HKLM\..\Run: [PCClient.exe] "C:\Program Files\Trend Micro\PC-cillin 2004\PCClient.exe" O4 - HKLM\..\Run: [TM Outbreak Agent] "C:\Program Files\Trend Micro\PC-cillin 2004\TMOAgent.exe" /run O4 - HKLM\..\Run: [internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe" O4 - HKLM\..\Run: [5qe7h7m1] C:\WINDOWS\System32\5qe7h7m1.exe O4 - HKLM\..\Run: [zango] "c:\program files\zango\zango.exe" O4 - HKLM\..\Run: [spySpotter System Defender] C:\Program Files\SpySpotter3\Defender.exe -startup O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s O4 - HKLM\..\Run: [uIupdater] C:\PROGRA~1\UIupdater.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" O4 - HKCU\..\Run: [WinFixer2006] "C:\Program Files\WinFixer_2006\uwfx6.exe" /scan O4 - HKCU\..\Run: [Kerne0223] C:\WINDOWS\System32\Kerne0223.exe O8 - Extra context menu item: 上?到QQ网?硬? - C:\Program Files\Tencent\QQ\AddToNetDisk.htm O8 - Extra context menu item: 上傳到QQ網路硬碟 - C:\Program Files\Tencent\QQ\AddToNetDisk.htm O8 - Extra context menu item: 匯出至 Microsoft Excel(&X) - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: 新增到QQ自定義面板 - C:\Program Files\Tencent\QQ\AddPanel.htm O8 - Extra context menu item: 新增到QQ表情 - C:\Program Files\Tencent\QQ\AddEmotion.htm O8 - Extra context menu item: 氝樓善QQ桶 - C:\Program Files\Tencent\QQ\AddEmotion.htm O8 - Extra context menu item: 氝樓善QQ赻隅砱醱啣 - C:\Program Files\Tencent\QQ\AddPanel.htm O8 - Extra context menu item: 添加到QQ自定?面板 - C:\Program Files\Tencent\QQ\AddPanel.htm O8 - Extra context menu item: 添加到QQ自定義面板 - C:\Program Files\Tencent\QQ\AddPanel.htm O8 - Extra context menu item: 添加到QQ自定義面版 - C:\Program Files\Tencent\QQ\AddPanel.htm O8 - Extra context menu item: 添加到QQ表情 - C:\Program Files\Tencent\QQ\AddEmotion.htm O8 - Extra context menu item: 用QQ MMS傳送該圖片 - C:\Program Files\Tencent\QQ\SendMMS.htm O8 - Extra context menu item: 用QQ彩信?送??片 - C:\Program Files\Tencent\QQ\SendMMS.htm O8 - Extra context menu item: 用QQ彩信傳送該圖片 - C:\Program Files\Tencent\QQ\SendMMS.htm O8 - Extra context menu item: 用QQ彩信發送該圖片 - C:\Program Files\Tencent\QQ\SendMMS.htm O8 - Extra context menu item: 蚚QQ粗陓楷冞蜆芞 - C:\Program Files\Tencent\QQ\SendMMS.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java 北 - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra button: ?︽笆程? - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll O9 - Extra 'Tools' menuitem: ?︽笆程?... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\QQ\QQ.EXE O9 - Extra 'Tools' menuitem: 乃癟QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\QQ\QQ.EXE O9 - Extra button: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - C:\Program Files\Tencent\QQ\QQIEHelper.dll O9 - Extra 'Tools' menuitem: QQ炫彩工具??置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - C:\Program Files\Tencent\QQ\QQIEHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {3AC7F64E-6154-47B0-82B5-764ED4077F77} (DataStorage Class) - http://txn.hkjc.com/BetSlip/object/HKJCSecKey.cab O16 - DPF: {5EC7C511-CD0F-42E6-830C-1BD9882F3458} (PowerPlayer Control) - http://download.ppstream.com/bin/powerplayer.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {9ADACAA6-533E-4383-AFA7-F0A66650B6D8} (VqqSpeedDlProxy Class) - http://im.qq.com/vqqsdl1230.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab34246.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\IVT BlueSoleil\BTNtService.exe O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
- February 21, 2007
- 30 replies
Virus Burst

okrhommn replied to okrhommn's topic in Resolved/Inactive HijackThis Logs

Logfile of HijackThis v1.99.1 Scan saved at 22:30:43, on 2007-2-21 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\IVT Corporation\IVT BlueSoleil\BTNtService.exe C:\WINDOWS\System32\drivers\CDAC11BA.EXE C:\WINDOWS\system32\pctspk.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ISHOST.EXE C:\WINDOWS\system32\RunDll32.exe C:\WINDOWS\System32\hkcmd.exe C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\VM_STI.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Java\j2re1.4.2_03\bin\jucheck.exe C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe C:\Program Files\IVT Corporation\IVT BlueSoleil\BlueSoleil.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\EPDOA-1-2\OAHotkey.EXE C:\WINDOWS\system32\ismini.exe C:\WINDOWS\system32\wscntfy.exe C:\Documents and Settings\Sin\桌面\HJT.exe.exe F3 - REG:win.ini: load=C:\PROGRA~1\UIupdater.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: QQIEHelper - {54EBD53A-9BC1-480B-966A-843A333CA162} - C:\Program Files\Tencent\QQ\QQIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL (file missing) O4 - HKLM\..\Run: [iMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [bigDogPath] C:\WINDOWS\VM_STI.EXE KINSTONE USB PC Camera O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\PC-cillin 2004\pccguide.exe" O4 - HKLM\..\Run: [PCClient.exe] "C:\Program Files\Trend Micro\PC-cillin 2004\PCClient.exe" O4 - HKLM\..\Run: [TM Outbreak Agent] "C:\Program Files\Trend Micro\PC-cillin 2004\TMOAgent.exe" /run O4 - HKLM\..\Run: [internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe" O4 - HKLM\..\Run: [5qe7h7m1] C:\WINDOWS\System32\5qe7h7m1.exe O4 - HKLM\..\Run: [zango] "c:\program files\zango\zango.exe" O4 - HKLM\..\Run: [spySpotter System Defender] C:\Program Files\SpySpotter3\Defender.exe -startup O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s O4 - HKLM\..\Run: [uIupdater] C:\PROGRA~1\UIupdater.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" O4 - HKCU\..\Run: [WinFixer2006] "C:\Program Files\WinFixer_2006\uwfx6.exe" /scan O4 - HKCU\..\Run: [Kerne0223] C:\WINDOWS\System32\Kerne0223.exe O8 - Extra context menu item: 上?到QQ网?硬? - C:\Program Files\Tencent\QQ\AddToNetDisk.htm O8 - Extra context menu item: 上傳到QQ網路硬碟 - C:\Program Files\Tencent\QQ\AddToNetDisk.htm O8 - Extra context menu item: 匯出至 Microsoft Excel(&X) - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: 新增到QQ自定義面板 - C:\Program Files\Tencent\QQ\AddPanel.htm O8 - Extra context menu item: 新增到QQ表情 - C:\Program Files\Tencent\QQ\AddEmotion.htm O8 - Extra context menu item: 氝樓善QQ桶 - C:\Program Files\Tencent\QQ\AddEmotion.htm O8 - Extra context menu item: 氝樓善QQ赻隅砱醱啣 - C:\Program Files\Tencent\QQ\AddPanel.htm O8 - Extra context menu item: 添加到QQ自定?面板 - C:\Program Files\Tencent\QQ\AddPanel.htm O8 - Extra context menu item: 添加到QQ自定義面板 - C:\Program Files\Tencent\QQ\AddPanel.htm O8 - Extra context menu item: 添加到QQ自定義面版 - C:\Program Files\Tencent\QQ\AddPanel.htm O8 - Extra context menu item: 添加到QQ表情 - C:\Program Files\Tencent\QQ\AddEmotion.htm O8 - Extra context menu item: 用QQ MMS傳送該圖片 - C:\Program Files\Tencent\QQ\SendMMS.htm O8 - Extra context menu item: 用QQ彩信?送??片 - C:\Program Files\Tencent\QQ\SendMMS.htm O8 - Extra context menu item: 用QQ彩信傳送該圖片 - C:\Program Files\Tencent\QQ\SendMMS.htm O8 - Extra context menu item: 用QQ彩信發送該圖片 - C:\Program Files\Tencent\QQ\SendMMS.htm O8 - Extra context menu item: 蚚QQ粗陓楷冞蜆芞 - C:\Program Files\Tencent\QQ\SendMMS.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java 北 - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra button: ?︽笆程? - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll O9 - Extra 'Tools' menuitem: ?︽笆程?... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\QQ\QQ.EXE O9 - Extra 'Tools' menuitem: 乃癟QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\QQ\QQ.EXE O9 - Extra button: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - C:\Program Files\Tencent\QQ\QQIEHelper.dll O9 - Extra 'Tools' menuitem: QQ炫彩工具??置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - C:\Program Files\Tencent\QQ\QQIEHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {3AC7F64E-6154-47B0-82B5-764ED4077F77} (DataStorage Class) - http://txn.hkjc.com/BetSlip/object/HKJCSecKey.cab O16 - DPF: {5EC7C511-CD0F-42E6-830C-1BD9882F3458} (PowerPlayer Control) - http://download.ppstream.com/bin/powerplayer.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {9ADACAA6-533E-4383-AFA7-F0A66650B6D8} (VqqSpeedDlProxy Class) - http://im.qq.com/vqqsdl1230.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab34246.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\IVT BlueSoleil\BTNtService.exe O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
- February 21, 2007
- 30 replies
Virus Burst

okrhommn replied to okrhommn's topic in Resolved/Inactive HijackThis Logs

Logfile of HijackThis v1.99.1 Scan saved at 20:33:47, on 14/2/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\IVT Corporation\IVT BlueSoleil\BTNtService.exe C:\WINDOWS\System32\drivers\CDAC11BA.EXE C:\Program Files\Ahead\InCD\InCDsrv.exe C:\WINDOWS\system32\pctspk.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\ISHOST.EXE C:\WINDOWS\system32\RunDll32.exe C:\WINDOWS\System32\hkcmd.exe C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\VM_STI.EXE C:\WINDOWS\system32\ismini.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Java\j2re1.4.2_03\bin\jucheck.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe C:\Program Files\IVT Corporation\IVT BlueSoleil\BlueSoleil.exe C:\EPDOA-1-2\OAHotkey.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Sin\桌面\HJT.exe.exe F3 - REG:win.ini: load=C:\PROGRA~1\UIupdater.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\zh-tw\msntb.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL (file missing) O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\zh-tw\msntb.dll O4 - HKLM\..\Run: [iMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [bigDogPath] C:\WINDOWS\VM_STI.EXE KINSTONE USB PC Camera O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\PC-cillin 2004\pccguide.exe" O4 - HKLM\..\Run: [PCClient.exe] "C:\Program Files\Trend Micro\PC-cillin 2004\PCClient.exe" O4 - HKLM\..\Run: [TM Outbreak Agent] "C:\Program Files\Trend Micro\PC-cillin 2004\TMOAgent.exe" /run O4 - HKLM\..\Run: [internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe" O4 - HKLM\..\Run: [5qe7h7m1] C:\WINDOWS\System32\5qe7h7m1.exe O4 - HKLM\..\Run: [zango] "c:\program files\zango\zango.exe" O4 - HKLM\..\Run: [spySpotter System Defender] C:\Program Files\SpySpotter3\Defender.exe -startup O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s O4 - HKLM\..\Run: [uIupdater] C:\PROGRA~1\UIupdater.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" O4 - HKCU\..\Run: [WinFixer2006] "C:\Program Files\WinFixer_2006\uwfx6.exe" /scan O4 - HKCU\..\Run: [Error Safe] "C:\Program Files\Error Safe Free\ers.exe" /scan O4 - HKCU\..\Run: [Kerne0223] C:\WINDOWS\System32\Kerne0223.exe O8 - Extra context menu item: 匯出至 Microsoft Excel(&X) - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: 添加到QQ自定義面版 - C:\Program Files\Tencent\QQ\AddPanel.htm O8 - Extra context menu item: 用QQ彩信傳送該圖片 - C:\Program Files\Tencent\QQ\SendMMS.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java 主控台 - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra button: 建立行動最愛 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll O9 - Extra 'Tools' menuitem: 建立行動最愛... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\QQ\QQ.EXE (file missing) O9 - Extra 'Tools' menuitem: 騰訊QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\QQ\QQ.EXE (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {3AC7F64E-6154-47B0-82B5-764ED4077F77} (DataStorage Class) - http://txn.hkjc.com/BetSlip/object/HKJCSecKey.cab O16 - DPF: {5EC7C511-CD0F-42E6-830C-1BD9882F3458} (PowerPlayer Control) - http://download.ppstream.com/bin/powerplayer.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab34246.cab O18 - Protocol: bw+0 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw+0s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: bwg0 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwg0s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O18 - Protocol: offline-8876480 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\IVT BlueSoleil\BTNtService.exe O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: InCD File System Service (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe O23 - Service: 自動 LiveUpdate 排程器 - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
- February 14, 2007
- 30 replies
Virus Burst

okrhommn replied to okrhommn's topic in Resolved/Inactive HijackThis Logs

Dear I have follow all your instruction, but the result of filefind show "uiupdater.exe" is not exsisting. Please told me what should I do... Thank you very much!
- January 24, 2007
- 30 replies
Virus Burst

okrhommn replied to okrhommn's topic in Resolved/Inactive HijackThis Logs

i have tried to disable my AV and upload the file again. the ad-awares have remove some critical objects from my computer. also, i have run "smitfraudfix.cmd". here is the log file you need: SmitFraudFix v2.132 Scan done at 23:39:26.35, 15/01/2007 Mon Run from C:\Documents and Settings\Sin\桌面\SmitfraudFix OS: Microsoft Windows XP [版本 5.1.2600] - Windows_NT The filesystem type is FAT32 Fix run in normal mode 遙遙遙遙遙遙遙遙遙遙遙遙 C:\ 遙遙遙遙遙遙遙遙遙遙遙遙 C:\WINDOWS 遙遙遙遙遙遙遙遙遙遙遙遙 C:\WINDOWS\system 遙遙遙遙遙遙遙遙遙遙遙遙 C:\WINDOWS\Web 遙遙遙遙遙遙遙遙遙遙遙遙 C:\WINDOWS\system32 C:\WINDOWS\system32\ishost.exe FOUND ! C:\WINDOWS\system32\ismini.exe FOUND ! C:\WINDOWS\system32\olnohdw.dll FOUND ! C:\WINDOWS\system32\ot.ico FOUND ! C:\WINDOWS\system32\ts.ico FOUND ! C:\WINDOWS\system32\components\flx?.dll FOUND ! C:\WINDOWS\system32\components\flx??.dll FOUND ! C:\WINDOWS\system32\components\flx???.dll FOUND ! 遙遙遙遙遙遙遙遙遙遙遙遙 C:\Documents and Settings\Sin 遙遙遙遙遙遙遙遙遙遙遙遙 C:\Documents and Settings\Sin\Application Data 遙遙遙遙遙遙遙遙遙遙遙遙 Start Menu C:\DOCUME~1\ALLUSE~1\「開始~1\Online Security Guide.url FOUND ! C:\DOCUME~1\ALLUSE~1\「開始~1\Security Troubleshooting.url FOUND ! 遙遙遙遙遙遙遙遙遙遙遙遙 C:\DOCUME~1\SIN\FAVORI~1 遙遙遙遙遙遙遙遙遙遙遙遙 Desktop 遙遙遙遙遙遙遙遙遙遙遙遙 C:\Program Files C:\Program Files\VirusBurster\ FOUND ! 遙遙遙遙遙遙遙遙遙遙遙遙 Corrupted keys 遙遙遙遙遙遙遙遙遙遙遙遙 Desktop Components [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="My Current Home Page" 遙遙遙遙遙遙遙遙遙遙遙遙 Sharedtaskscheduler !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "{5f938c17-fbc7-4a3c-8526-85e5b1a1f762}"="astral" [HKEY_CLASSES_ROOT\CLSID\{5f938c17-fbc7-4a3c-8526-85e5b1a1f762}\InProcServer32] @="C:\WINDOWS\system32\olnohdw.dll" [HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{5f938c17-fbc7-4a3c-8526-85e5b1a1f762}\InProcServer32] @="C:\WINDOWS\system32\olnohdw.dll" 遙遙遙遙遙遙遙遙遙遙遙遙 AppInit_DLLs !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="" 遙遙遙遙遙遙遙遙遙遙遙遙 Winlogon.System !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "System"="" 遙遙遙遙遙遙遙遙遙遙遙遙 pe386-msguard-lzx32 遙遙遙遙遙遙遙遙遙遙遙遙 Scanning wininet.dll infection 遙遙遙遙遙遙遙遙遙遙遙遙 End
- January 15, 2007
- 30 replies
Virus Burst

okrhommn replied to okrhommn's topic in Resolved/Inactive HijackThis Logs

I have uploaded the two files you and Tony mentioned on Tony's forum, please check, thank you~ Also, I have followed your instruction, but I cannot find "C:\WINDOWS\SYSTEM32\winjgf32.dll", here are the new logfile, please take a look, thank you very much~~ Logfile of HijackThis v1.99.1 Scan saved at 0:37:52, on 13/1/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\IVT Corporation\IVT BlueSoleil\BTNtService.exe C:\WINDOWS\System32\drivers\CDAC11BA.EXE C:\Program Files\Ahead\InCD\InCDsrv.exe C:\WINDOWS\system32\pctspk.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\ISHOST.EXE C:\WINDOWS\system32\RunDll32.exe C:\WINDOWS\System32\hkcmd.exe C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\VM_STI.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\WINDOWS\system32\ismini.exe C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe C:\Program Files\IVT Corporation\IVT BlueSoleil\BlueSoleil.exe C:\EPDOA-1-2\OAHotkey.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Sin\桌面\HJT.exe.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\zh-tw\msntb.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL (file missing) O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\zh-tw\msntb.dll O4 - HKLM\..\Run: [iMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [bigDogPath] C:\WINDOWS\VM_STI.EXE KINSTONE USB PC Camera O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" O8 - Extra context menu item: 匯出至 Microsoft Excel(&X) - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: 添加到QQ自定義面版 - C:\Program Files\Tencent\QQ\AddPanel.htm O8 - Extra context menu item: 用QQ彩信傳送該圖片 - C:\Program Files\Tencent\QQ\SendMMS.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java 主控台 - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra button: 建立行動最愛 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll O9 - Extra 'Tools' menuitem: 建立行動最愛... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\QQ\QQ.EXE (file missing) O9 - Extra 'Tools' menuitem: 騰訊QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\QQ\QQ.EXE (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {3AC7F64E-6154-47B0-82B5-764ED4077F77} (DataStorage Class) - http://txn.hkjc.com/BetSlip/object/HKJCSecKey.cab O16 - DPF: {5EC7C511-CD0F-42E6-830C-1BD9882F3458} (PowerPlayer Control) - http://download.ppstream.com/bin/powerplayer.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab34246.cab O18 - Protocol: bw+0 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw+0s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: bwg0 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwg0s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O18 - Protocol: offline-8876480 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\IVT BlueSoleil\BTNtService.exe O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: InCD File System Service (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe O23 - Service: 自動 LiveUpdate 排程器 - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
- January 12, 2007
- 30 replies

Sign In

Welcome to adaware forum

okrhommn

Content Count

Joined

Last visited

Community Reputation

About okrhommn

Virus Burst

Virus Burst

Virus Burst

Virus Burst

Virus Burst

Virus Burst

Virus Burst

Virus Burst

Virus Burst

Virus Burst

Virus Burst

Virus Burst

Virus Burst

Virus Burst

Virus Burst

Browse

Activity

Important Information