Sign in to follow this  
okrhommn

Virus Burst

Recommended Posts

Hello,

 

my computer is found infected. i would like to say thank you first. please help me to fix it.

Here are the symptoms:

 

1. homepage is changed

2. a popup message frequently shown up, telling me there is critical system error

3. a programme named "virusburster" automatically run when starting Windows each time.

 

 

Here is Log File:

 

Logfile of HijackThis v1.99.1

Scan saved at 23:57:37, on 13/12/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\IVT Corporation\IVT BlueSoleil\BTNtService.exe

C:\WINDOWS\System32\drivers\CDAC11BA.EXE

C:\Program Files\Ahead\InCD\InCDsrv.exe

C:\WINDOWS\system32\msasvc.exe

C:\WINDOWS\system32\pctspk.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\WINDOWS\system32\RunDll32.exe

C:\WINDOWS\System32\hkcmd.exe

C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\WINDOWS\VM_STI.EXE

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\VirusBurster\virusburster.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\conime.exe

C:\Program Files\Logitech\Desktop Messenger\8876480

 

\Program\LogitechDesktopMessenger.exe

C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE

C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe

C:\Program Files\IVT Corporation\IVT BlueSoleil\BlueSoleil.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\DOCUME~1\Sin\LOCALS~1\Temp\Rar$EX00.921\HijackThis.exe

 

R3 - URLSearchHook: (no name) - _{BC207F7D-3E63-4ACA-99B5-

 

FB5F8428200C} - (no file)

R3 - URLSearchHook: (no name) - _{855F3B16-6D32-4fe6-8A56-

 

BBB695989046} - (no file)

F3 - REG:win.ini: load=C:\PROGRA~1\UIupdater.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}

 

- C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -

 

C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program

 

Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll

O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} -

 

C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\zh-

 

tw\msntb.dll

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} -

 

C:\Program Files\Canon\Easy-WebPrint\Toolband.dll

O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} -

 

C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL (file missing)

O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} -

 

C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\zh-

 

tw\msntb.dll

O3 - Toolbar: 蚔眢儂妗奀隅 - {C9E8B651-F2D7-4a26-9654-4CF4931FF641}

 

- C:\WINDOWS\YOEEQU~1.DLL

O3 - Toolbar: Safety Bar - {18668683-731c-48fa-b1b9-ad013748fb00} -

 

C:\Program Files\Safety Bar\SafetyBar.dll

O4 - HKLM\..\Run: [iMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE

 

/Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32

 

\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32

 

\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program

 

Files\Java\jre1.5.0_09\bin\jusched.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program

 

Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common

 

Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [bigDogPath] C:\WINDOWS\VM_STI.EXE KINSTONE USB PC

 

Camera

O4 - HKLM\..\Run: [spySpotter System Defender] C:\Program

 

Files\SpySpotter3\Defender.exe -startup

O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan

 

Remover\Trjscan.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec

 

Shared\ccApp.exe"

O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton

 

AntiVirus\osCheck.exe"

O4 - HKLM\..\Run: [VirusBurster] C:\Program

 

Files\VirusBurster\virusburster.exe /h

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop

 

Messenger\8876480\Program\LogitechDesktopMessenger.exe

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft

 

ActiveSync\WCESCOMM.EXE"

O4 - HKCU\..\Run: [WinFixer2006] "C:\Program Files\WinFixer_2006

 

\uwfx6.exe" /scan

O8 - Extra context menu item: 匯出至 Microsoft Excel(&X) -

 

res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: 添加到QQ自定義面版 - C:\Program

 

Files\Tencent\QQ\AddPanel.htm

O8 - Extra context menu item: 用QQ彩信傳送該圖片 - C:\Program

 

Files\Tencent\QQ\SendMMS.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}

 

- C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java 主控台 - {08B0E5C0-4FCB-11CF-

 

AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra button: 建立行動最愛 - {2EAF5BB1-070F-11D3-9307-

 

00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F}

 

- C:\Program Files\Microsoft ActiveSync\inetrepl.dll

O9 - Extra 'Tools' menuitem: 建立行動最愛... - {2EAF5BB2-070F-11D3-

 

9307-00C04FAE2D4F} - C:\Program Files\Microsoft

 

ActiveSync\inetrepl.dll

O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} -

 

C:\PROGRA~1\ICQ\ICQ.exe

O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-

 

47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe

O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} -

 

C:\Program Files\Tencent\QQ\QQ.EXE (file missing)

O9 - Extra 'Tools' menuitem: 騰訊QQ - {c95fe080-8f5d-11d2-a20b-

 

00aa003c157b} - C:\Program Files\Tencent\QQ\QQ.EXE (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683}

 

- C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-

 

BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Broken Internet access because of LSP provider 'c:\program

 

files\newdotnet\newdotnet7_22.dll' missing

O11 - Options group: [!MySearch] 刲坰翑忒(MySearch)

O12 - Plugin for .spop: C:\Program Files\Internet

 

Explorer\Plugins\NPDocBox.dll

O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} -

 

http://static.windupdates.com/cab/MediaAcc...sign/ie/Bridge-

 

c139.cab

O16 - DPF: {3AC7F64E-6154-47B0-82B5-764ED4077F77} (DataStorage Class)

 

- http://txn.hkjc.com/BetSlip/object/HKJCSecKey.cab

O16 - DPF: {5EC7C511-CD0F-42E6-830C-1BD9882F3458} (PowerPlayer

 

Control) - http://download.ppstream.com/bin/powerplayer.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan

 

Installer Class) -

 

http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) -

 

http://cdn2.zone.msn.com/binFramework/v10/...ro.cab34246.cab

O16 - DPF: {FC67BB52-AAB6-4282-9D51-2DAFFE73AFD0} -

 

http://download.spyspotter.com/spyspotter/...ottercabinstall

 

.cab

O18 - Protocol: bw+0 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} -

 

C:\Program Files\Logitech\Desktop Messenger\8876480

 

\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw+0s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} -

 

C:\Program Files\Logitech\Desktop Messenger\8876480

 

\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw-0 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} -

 

C:\Program Files\Logitech\Desktop Messenger\8876480

 

\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw-0s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} -

 

C:\Program Files\Logitech\Desktop Messenger\8876480

 

\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw00 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} -

 

C:\Program Files\Logitech\Desktop Messenger\8876480

 

\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw00s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} -

 

C:\Program Files\Logitech\Desktop Messenger\8876480

 

\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw10 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} -

 

C:\Program Files\Logitech\Desktop Messenger\8876480

 

\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw10s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} -

 

C:\Program Files\Logitech\Desktop Messenger\8876480

 

\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw20 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} -

 

C:\Program Files\Logitech\Desktop Messenger\8876480

 

\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw20s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} -

 

C:\Program Files\Logitech\Desktop Messenger\8876480

 

\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw30 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} -

 

C:\Program Files\Logitech\Desktop Messenger\8876480

 

\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw30s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} -

 

C:\Program Files\Logitech\Desktop Messenger\8876480

 

\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw40 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} -

 

C:\Program Files\Logitech\Desktop Messenger\8876480

 

\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw40s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} -

 

C:\Program Files\Logitech\Desktop Messenger\8876480

 

\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw50 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} -

 

C:\Program Files\Logitech\Desktop Messenger\8876480

 

\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw50s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} -

 

C:\Program Files\Logitech\Desktop Messenger\8876480

 

\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw60 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} -

 

C:\Program Files\Logitech\Desktop Messenger\8876480

 

\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw60s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} -

 

C:\Program Files\Logitech\Desktop Messenger\8876480

 

\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw70 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} -

 

C:\Program Files\Logitech\Desktop Messenger\8876480

 

\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw70s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} -

 

C:\Program Files\Logitech\Desktop Messenger\8876480

 

\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw80 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} -

 

C:\Program Files\Logitech\Desktop Messenger\8876480

 

\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw80s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} -

 

C:\Program Files\Logitech\Desktop Messenger\8876480

 

\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw90 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} -

 

C:\Program Files\Logitech\Desktop Messenger\8876480

 

\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw90s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} -

 

C:\Program Files\Logitech\Desktop Messenger\8876480

 

\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwa0 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} -

 

C:\Program Files\Logitech\Desktop Messenger\8876480

 

\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwa0s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} -

 

C:\Program Files\Logitech\Desktop Messenger\8876480

 

\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwb0 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} -

 

C:\Program Files\Logitech\Desktop Messenger\8876480

 

\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwb0s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} -

 

C:\Program Files\Logitech\Desktop Messenger\8876480

 

\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwc0 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} -

 

C:\Program Files\Logitech\Desktop Messenger\8876480

 

\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwc0s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} -

 

C:\Program Files\Logitech\Desktop Messenger\8876480

 

\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwd0 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} -

 

C:\Program Files\Logitech\Desktop Messenger\8876480

 

\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwd0s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} -

 

C:\Program Files\Logitech\Desktop Messenger\8876480

 

\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwe0 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} -

 

C:\Program Files\Logitech\Desktop Messenger\8876480

 

\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwe0s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} -

 

C:\Program Files\Logitech\Desktop Messenger\8876480

 

\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwf0 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} -

 

C:\Program Files\Logitech\Desktop Messenger\8876480

 

\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwf0s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} -

 

C:\Program Files\Logitech\Desktop Messenger\8876480

 

\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-

 

C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480

 

\Program\GAPlugProtocol-8876480.dll

O18 - Protocol: bwg0 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} -

 

C:\Program Files\Logitech\Desktop Messenger\8876480

 

\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwg0s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} -

 

C:\Program Files\Logitech\Desktop Messenger\8876480

 

\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwh0 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} -

 

C:\Program Files\Logitech\Desktop Messenger\8876480

 

\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwh0s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} -

 

C:\Program Files\Logitech\Desktop Messenger\8876480

 

\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwi0 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} -

 

C:\Program Files\Logitech\Desktop Messenger\8876480

 

\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwi0s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} -

 

C:\Program Files\Logitech\Desktop Messenger\8876480

 

\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwj0 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} -

 

C:\Program Files\Logitech\Desktop Messenger\8876480

 

\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwj0s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} -

 

C:\Program Files\Logitech\Desktop Messenger\8876480

 

\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwk0 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} -

 

C:\Program Files\Logitech\Desktop Messenger\8876480

 

\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwk0s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} -

 

C:\Program Files\Logitech\Desktop Messenger\8876480

 

\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwl0 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} -

 

C:\Program Files\Logitech\Desktop Messenger\8876480

 

\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwl0s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} -

 

C:\Program Files\Logitech\Desktop Messenger\8876480

 

\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwm0 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} -

 

C:\Program Files\Logitech\Desktop Messenger\8876480

 

\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwm0s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} -

 

C:\Program Files\Logitech\Desktop Messenger\8876480

 

\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwn0 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} -

 

C:\Program Files\Logitech\Desktop Messenger\8876480

 

\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwn0s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} -

 

C:\Program Files\Logitech\Desktop Messenger\8876480

 

\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwo0 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} -

 

C:\Program Files\Logitech\Desktop Messenger\8876480

 

\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwo0s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} -

 

C:\Program Files\Logitech\Desktop Messenger\8876480

 

\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwp0 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} -

 

C:\Program Files\Logitech\Desktop Messenger\8876480

 

\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwp0s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} -

 

C:\Program Files\Logitech\Desktop Messenger\8876480

 

\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwq0 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} -

 

C:\Program Files\Logitech\Desktop Messenger\8876480

 

\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwq0s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} -

 

C:\Program Files\Logitech\Desktop Messenger\8876480

 

\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwr0 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} -

 

C:\Program Files\Logitech\Desktop Messenger\8876480

 

\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwr0s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} -

 

C:\Program Files\Logitech\Desktop Messenger\8876480

 

\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bws0 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} -

 

C:\Program Files\Logitech\Desktop Messenger\8876480

 

\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bws0s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} -

 

C:\Program Files\Logitech\Desktop Messenger\8876480

 

\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwt0 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} -

 

C:\Program Files\Logitech\Desktop Messenger\8876480

 

\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwt0s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} -

 

C:\Program Files\Logitech\Desktop Messenger\8876480

 

\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwu0 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} -

 

C:\Program Files\Logitech\Desktop Messenger\8876480

 

\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwu0s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} -

 

C:\Program Files\Logitech\Desktop Messenger\8876480

 

\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwv0 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} -

 

C:\Program Files\Logitech\Desktop Messenger\8876480

 

\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwv0s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} -

 

C:\Program Files\Logitech\Desktop Messenger\8876480

 

\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bww0 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} -

 

C:\Program Files\Logitech\Desktop Messenger\8876480

 

\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bww0s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} -

 

C:\Program Files\Logitech\Desktop Messenger\8876480

 

\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwx0 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} -

 

C:\Program Files\Logitech\Desktop Messenger\8876480

 

\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwx0s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} -

 

C:\Program Files\Logitech\Desktop Messenger\8876480

 

\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwy0 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} -

 

C:\Program Files\Logitech\Desktop Messenger\8876480

 

\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwy0s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} -

 

C:\Program Files\Logitech\Desktop Messenger\8876480

 

\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwz0 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} -

 

C:\Program Files\Logitech\Desktop Messenger\8876480

 

\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwz0s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} -

 

C:\Program Files\Logitech\Desktop Messenger\8876480

 

\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} -

 

"C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

O18 - Protocol: offline-8876480 - {59D5C87B-94DF-4FCE-AA74-

 

15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480

 

\Program\BWPlugProtocol-8876480.dll

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O20 - Winlogon Notify: winjgf32 - C:\WINDOWS\SYSTEM32\winjgf32.dll

O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program

 

Files\IVT Corporation\IVT BlueSoleil\BTNtService.exe

O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32

 

\drivers\CDAC11BA.EXE

O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner -

 

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h

 

ccCommon (file missing)

O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner -

 

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h

 

ccCommon (file missing)

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) -

 

Unknown owner - C:\Program Files\Common Files\Symantec

 

Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: InCD File System Service (InCDsrv) - AHEAD Software -

 

C:\Program Files\Ahead\InCD\InCDsrv.exe

O23 - Service: Symantec IS 密碼驗證 (ISPwdSvc) - Symantec Corporation

 

- C:\Program Files\Norton AntiVirus\isPwdSvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1

 

\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: Microsoft authenticate service (MsaSvc) - Unknown owner

 

- C:\WINDOWS\system32\msasvc.exe

O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. -

 

C:\WINDOWS\system32\pctspk.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program

 

Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec

 

Corporation - C:\Program Files\Common Files\Symantec

 

Shared\AppCore\AppSvc32.exe

O23 - Service: 自動 LiveUpdate 排程器 - Symantec Corporation -

 

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

Share this post


Link to post
Share on other sites

Ad-Aware should have detection for this. Did you run a full system scan? Probably best done in Safe mode.

 

Also, your HijackThis log isn't readable in it's present formatting. To correct this, open notepad and click on the *Format* at the top. Make sure that wordwrap is unchecked

 

Please scan with Ad-Aware if you haven't done so and post Your Adaware Scan log with the latest reference file update.

 

Please make sure that you are using

Ad-aware SE Build 106r1

Note: If your version is 6.0 and not the SE, you need to uninstall and get the latest version from the above link.

 

[if not Uninstall your old Ad-aware first then install SE]

Then use the WebUpDate

to get the latest Definition file

SE1R139 12.12.2006

To do this Open Ad-aware

Click the WebUpDate

button at the top right hand side of the Ad-aware screen (The world globe).

Click "Connect"

Ad-aware will then download the latest Definition file for you.

To make sure it is updated , look at the main

Ad-aware screen, and look under "Initialization Status"

It should say the Latest Definition file.

then scan doing a "Full Scan" in Safe mode:

 

You can usually do this by restarting your computer and continually tapping F8 until a menu appears. Highlight Safe Mode and hit enter.

 

How to start the computer in Safe mode

http://service1.symantec.com/SUPPORT/tsgen...src=sec_doc_nam

 

Let Ad-Aware fix any critical objects found and then post your logfile here by using the Add-Reply Feature .

As Logs are stored in :

C:\Documents and Settings\USERNAME\Application Data\Lavasoft\Ad-aware\Logs\.

An easy way to get there is to

click Start,

click Run

And type in and press ENTER: %appdata%

then click Lavasoft

then Ad-Aware

and then Logs.

scroll down to find the latest one that you have

(by date & time)

and open it right Click select all

copy and then paste the contents of it here, along with a fresh HijackThis log

Share this post


Link to post
Share on other sites

Thanks for your help~

 

I've update the Ad-aware by un-installing the old one in my computer. After scanning, deleted some infected files.

 

Here are the logfile, please check, thank you very much!!

 

Logfile of HijackThis v1.99.1

Scan saved at 20:32:10, on 14/12/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\IVT Corporation\IVT BlueSoleil\BTNtService.exe

C:\WINDOWS\System32\drivers\CDAC11BA.EXE

C:\Program Files\Ahead\InCD\InCDsrv.exe

C:\WINDOWS\system32\msasvc.exe

C:\WINDOWS\system32\pctspk.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\WINDOWS\system32\RunDll32.exe

C:\WINDOWS\System32\hkcmd.exe

C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\WINDOWS\VM_STI.EXE

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE

C:\WINDOWS\system32\conime.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe

C:\Program Files\IVT Corporation\IVT BlueSoleil\BlueSoleil.exe

C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Documents and Settings\Sin\桌面\HijackThis.exe

 

R3 - URLSearchHook: (no name) - _{BC207F7D-3E63-4ACA-99B5-FB5F8428200C} - (no file)

R3 - URLSearchHook: (no name) - _{855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)

F3 - REG:win.ini: load=C:\PROGRA~1\UIupdater.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll

O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\zh-tw\msntb.dll

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll

O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL (file missing)

O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\zh-tw\msntb.dll

O3 - Toolbar: 蚔眢儂妗奀隅 - {C9E8B651-F2D7-4a26-9654-4CF4931FF641} - C:\WINDOWS\YOEEQU~1.DLL

O3 - Toolbar: Safety Bar - {18668683-731c-48fa-b1b9-ad013748fb00} - C:\Program Files\Safety Bar\SafetyBar.dll

O4 - HKLM\..\Run: [iMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [bigDogPath] C:\WINDOWS\VM_STI.EXE KINSTONE USB PC Camera

O4 - HKLM\..\Run: [spySpotter System Defender] C:\Program Files\SpySpotter3\Defender.exe -startup

O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"

O4 - HKLM\..\Run: [VirusBurster] C:\Program Files\VirusBurster\virusburster.exe /h

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"

O4 - HKCU\..\Run: [WinFixer2006] "C:\Program Files\WinFixer_2006\uwfx6.exe" /scan

O8 - Extra context menu item: 匯出至 Microsoft Excel(&X) - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: 添加到QQ自定義面版 - C:\Program Files\Tencent\QQ\AddPanel.htm

O8 - Extra context menu item: 用QQ彩信傳送該圖片 - C:\Program Files\Tencent\QQ\SendMMS.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java 主控台 - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra button: 建立行動最愛 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll

O9 - Extra 'Tools' menuitem: 建立行動最愛... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll

O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe

O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe

O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\QQ\QQ.EXE (file missing)

O9 - Extra 'Tools' menuitem: 騰訊QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\QQ\QQ.EXE (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Broken Internet access because of LSP provider 'c:\program files\newdotnet\newdotnet7_22.dll' missing

O11 - Options group: [!MySearch] 刲坰翑忒(MySearch)

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/MediaAcc...Bridge-c139.cab

O16 - DPF: {3AC7F64E-6154-47B0-82B5-764ED4077F77} (DataStorage Class) - http://txn.hkjc.com/BetSlip/object/HKJCSecKey.cab

O16 - DPF: {5EC7C511-CD0F-42E6-830C-1BD9882F3458} (PowerPlayer Control) - http://download.ppstream.com/bin/powerplayer.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab34246.cab

O16 - DPF: {FC67BB52-AAB6-4282-9D51-2DAFFE73AFD0} - http://download.spyspotter.com/spyspotter/...rcabinstall.cab

O18 - Protocol: bw+0 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw+0s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw-0 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw-0s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw00 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw00s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw10 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw10s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw20 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw20s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw30 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw30s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw40 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw40s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw50 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw50s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw60 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw60s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw70 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw70s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw80 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw80s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw90 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw90s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwa0 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwa0s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwb0 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwb0s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwc0 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwc0s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwd0 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwd0s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwe0 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwe0s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwf0 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwf0s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O18 - Protocol: bwg0 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwg0s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwh0 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwh0s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwi0 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwi0s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwj0 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwj0s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwk0 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwk0s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwl0 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwl0s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwm0 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwm0s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwn0 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwn0s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwo0 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwo0s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwp0 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwp0s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwq0 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwq0s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwr0 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwr0s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bws0 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bws0s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwt0 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwt0s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwu0 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwu0s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwv0 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwv0s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bww0 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bww0s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwx0 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwx0s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwy0 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwy0s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwz0 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwz0s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

O18 - Protocol: offline-8876480 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O20 - Winlogon Notify: winjgf32 - C:\WINDOWS\SYSTEM32\winjgf32.dll

O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\IVT BlueSoleil\BTNtService.exe

O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE

O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: InCD File System Service (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe

O23 - Service: Symantec IS 密碼驗證 (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: Microsoft authenticate service (MsaSvc) - Unknown owner - C:\WINDOWS\system32\msasvc.exe

O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

O23 - Service: 自動 LiveUpdate 排程器 - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

Share this post


Link to post
Share on other sites

Did you have McAfee Antivirus on here at one time?

 

First step, go to your control panel and open *Add/Remove Programs*

 

Look for the following in the list and if found, highlight the program and press *remove*

 

WinFixer_2006

 

SpySpotter3

 

VirusBurster

 

newdotnet

 

Safety Bar

 

Then restart your computer.

 

Go to this file and we are going to rename it to possibly unhide some entries that may not be showing in the above log.

 

Go here:

C:\Documents and Settings\Sin\桌面\HijackThis.exe <--- rightclick on the file and choose *rename* from the menu.

 

Rename the file to: HJT.exe

 

Then close that out.

 

Doubleclick on the newly renamed HJT.exe to run a scan and produce a log.

 

Post the new log back here please.

Share this post


Link to post
Share on other sites

Thank you very much for your help again, I have deleted "VirusBurster" and "Safety Bar" in my computer.

 

Here are the latest log:

 

Logfile of HijackThis v1.99.1

Scan saved at 20:26:34, on 15/12/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\IVT Corporation\IVT BlueSoleil\BTNtService.exe

C:\WINDOWS\System32\drivers\CDAC11BA.EXE

C:\Program Files\Ahead\InCD\InCDsrv.exe

C:\WINDOWS\system32\msasvc.exe

C:\WINDOWS\system32\pctspk.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\WINDOWS\system32\ISHOST.EXE

C:\WINDOWS\system32\RunDll32.exe

C:\WINDOWS\System32\hkcmd.exe

C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\WINDOWS\VM_STI.EXE

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE

C:\WINDOWS\system32\ismini.exe

C:\WINDOWS\system32\conime.exe

C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe

C:\Program Files\IVT Corporation\IVT BlueSoleil\BlueSoleil.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Documents and Settings\Sin\桌面\HJT.exe.exe

 

R3 - URLSearchHook: (no name) - _{BC207F7D-3E63-4ACA-99B5-FB5F8428200C} - (no file)

R3 - URLSearchHook: (no name) - _{855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)

F3 - REG:win.ini: load=C:\PROGRA~1\UIupdater.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll

O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\zh-tw\msntb.dll

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll

O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL (file missing)

O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\zh-tw\msntb.dll

O3 - Toolbar: 蚔眢儂妗奀隅 - {C9E8B651-F2D7-4a26-9654-4CF4931FF641} - C:\WINDOWS\YOEEQU~1.DLL

O4 - HKLM\..\Run: [iMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [bigDogPath] C:\WINDOWS\VM_STI.EXE KINSTONE USB PC Camera

O4 - HKLM\..\Run: [spySpotter System Defender] C:\Program Files\SpySpotter3\Defender.exe -startup

O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"

O4 - HKCU\..\Run: [WinFixer2006] "C:\Program Files\WinFixer_2006\uwfx6.exe" /scan

O8 - Extra context menu item: 匯出至 Microsoft Excel(&X) - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: 添加到QQ自定義面版 - C:\Program Files\Tencent\QQ\AddPanel.htm

O8 - Extra context menu item: 用QQ彩信傳送該圖片 - C:\Program Files\Tencent\QQ\SendMMS.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java 主控台 - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra button: 建立行動最愛 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll

O9 - Extra 'Tools' menuitem: 建立行動最愛... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll

O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe

O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe

O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\QQ\QQ.EXE (file missing)

O9 - Extra 'Tools' menuitem: 騰訊QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\QQ\QQ.EXE (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Broken Internet access because of LSP provider 'c:\program files\newdotnet\newdotnet7_22.dll' missing

O11 - Options group: [!MySearch] 刲坰翑忒(MySearch)

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/MediaAcc...Bridge-c139.cab

O16 - DPF: {3AC7F64E-6154-47B0-82B5-764ED4077F77} (DataStorage Class) - http://txn.hkjc.com/BetSlip/object/HKJCSecKey.cab

O16 - DPF: {5EC7C511-CD0F-42E6-830C-1BD9882F3458} (PowerPlayer Control) - http://download.ppstream.com/bin/powerplayer.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab34246.cab

O16 - DPF: {FC67BB52-AAB6-4282-9D51-2DAFFE73AFD0} - http://download.spyspotter.com/spyspotter/...rcabinstall.cab

O18 - Protocol: bw+0 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw+0s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw-0 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw-0s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw00 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw00s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw10 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw10s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw20 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw20s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw30 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw30s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw40 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw40s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw50 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw50s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw60 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw60s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw70 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw70s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw80 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw80s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw90 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw90s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwa0 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwa0s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwb0 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwb0s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwc0 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwc0s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwd0 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwd0s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwe0 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwe0s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwf0 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwf0s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O18 - Protocol: bwg0 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwg0s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwh0 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwh0s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwi0 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwi0s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwj0 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwj0s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwk0 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwk0s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwl0 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwl0s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwm0 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwm0s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwn0 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwn0s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwo0 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwo0s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwp0 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwp0s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwq0 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwq0s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwr0 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwr0s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bws0 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bws0s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwt0 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwt0s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwu0 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwu0s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwv0 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwv0s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bww0 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bww0s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwx0 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwx0s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwy0 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwy0s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwz0 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwz0s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

O18 - Protocol: offline-8876480 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O20 - Winlogon Notify: winjgf32 - C:\WINDOWS\SYSTEM32\winjgf32.dll

O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\IVT BlueSoleil\BTNtService.exe

O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE

O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: InCD File System Service (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe

O23 - Service: Symantec IS 密碼驗證 (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: Microsoft authenticate service (MsaSvc) - Unknown owner - C:\WINDOWS\system32\msasvc.exe

O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

O23 - Service: 自動 LiveUpdate 排程器 - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

Share this post


Link to post
Share on other sites

My apologies for gatecrashing this thread, but there's a file we'd like to have a closer look at:

 

C:\Windows\YOEEQUERY.DLL

 

It looks like it might be a new parasite, so we'd like to receive a sample for analysis!

 

Could I ask you to please go to this forum

 

There's no need to register. Just start a new topic, titled "File for TonyKlein".

 

In the topic, simply refer to this --- forum thread, and use the Attachment box to upload the file.

 

In fact there's not even a need to actually browse to the file: just copy the full path to the file, in this case:

 

C:\Windows\YOEEQU~1.DLL

 

... and paste it in in the attachment box, then press the 'Post' button. The file should be found and uploaded.

 

NOTE: You will not see the files that have been uploaded (including the ones you upload yourself) as they only show to the authorised users who can download them

 

 

After that I'll be happy to leave you in CalamityJane's most capable hands! :)

 

Thanks! :lol:

Share this post


Link to post
Share on other sites

Hi, Please follow Tony's instructions above for uploading the requested file. I'd also like to see this one:

 

C:\PROGRAM FILES\UIupdater.exe

 

Attach that one with the file Tony requested as well and I'll collect it from there

.............................

After uploading the requested files, please proceed with the following steps:

 

First:

Download WinSock XP fix from here:

WinSock Fix

http://www.majorgeeks.com/download4372.html

 

Then download LSPFix from here:

LSP-Fix

http://www.bleepingcomputer.com/files/lspfix.php

 

Disconnect from the Internet and close all Internet Explorer Windows.

Run the program and check the "I know what I'm doing" box. Place all listings of newdotnet7_22.dll into the remove section by highlighting newdotnet7_22.dll' (and ONLY that file name - leave any others listed alone) and clicking on the button that points to the right. When all instances of this dll are in the Remove section press the Finish button.

Then Reboot.

 

On rare occasions, LSP-fix may leave your connection broken. If this happens, unzip Winsock Fix and run the program.

 

To see a tutorial on how to use this program click the link below:

Using LSP-Fix to remove LSP Spyware & Hijackers

http://www.bleepingcomputer.com/forums/tutorial59.html

.................

Make a copy of these instructions so you have them handy as you need to do these steps with all browsers close and only HijackThis open, so you won't be able to view this message board during the fix.

 

Next, open HijackThis and select *system scan only*

 

When it finishes, place a checkmark next to the following listed;

 

R3 - URLSearchHook: (no name) - _{BC207F7D-3E63-4ACA-99B5-FB5F8428200C} - (no file)

 

R3 - URLSearchHook: (no name) - _{855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)

 

F3 - REG:win.ini: load=C:\PROGRAM FILES\UIupdater.exe

 

O3 - Toolbar: 蚔眢儂妗奀隅 - {C9E8B651-F2D7-4a26-9654-4CF4931FF641} - C:\WINDOWS\YOEEQU~1.DLL

 

O4 - HKLM\..\Run: [spySpotter System Defender] C:\Program Files\SpySpotter3\Defender.exe -startup

 

O4 - HKCU\..\Run: [WinFixer2006] "C:\Program Files\WinFixer_2006\uwfx6.exe" /scan

 

O11 - Options group: [!MySearch] 刲坰翑忒(MySearch)

 

O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/MediaAcc...Bridge-c139.cab

 

O16 - DPF: {FC67BB52-AAB6-4282-9D51-2DAFFE73AFD0} - http://download.spyspotter.com/spyspotter/...rcabinstall.cab

 

O20 - Winlogon Notify: winjgf32 - C:\WINDOWS\SYSTEM32\winjgf32.dll

 

When those are checkmarked, press the *fix checked* button and close HijackThis.

 

Delete these two folders (if found)

C:\Program Files\SpySpotter3

C:\Program Files\WinFixer_2006

 

Open HijackThis again, and choose *Open Misc Tools Section*

 

Under System Tools select *delete a file on reboot*

 

A navigation window will popup. Go to this file named in bold and located in the system32 folder:

 

C:\WINDOWS\SYSTEM32\winjgf32.dll

 

click on it to highlight it and press Open.

 

Then you will get a popup notice about a system setting change asking if you want to delete that file on reboot. Choose *yes* and allow HijackThis to restart your computer.

 

After the re-start, please scan once more with HijackThis and post a fresh log please.

Share this post


Link to post
Share on other sites

I have uploaded the two files you and Tony mentioned on Tony's forum, please check, thank you~

 

Also, I have followed your instruction, but I cannot find "C:\WINDOWS\SYSTEM32\winjgf32.dll", here are the new logfile, please take a look, thank you very much~~

 

Logfile of HijackThis v1.99.1

Scan saved at 0:37:52, on 13/1/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\IVT Corporation\IVT BlueSoleil\BTNtService.exe

C:\WINDOWS\System32\drivers\CDAC11BA.EXE

C:\Program Files\Ahead\InCD\InCDsrv.exe

C:\WINDOWS\system32\pctspk.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\ISHOST.EXE

C:\WINDOWS\system32\RunDll32.exe

C:\WINDOWS\System32\hkcmd.exe

C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\WINDOWS\VM_STI.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

C:\WINDOWS\system32\ismini.exe

C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE

C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe

C:\Program Files\IVT Corporation\IVT BlueSoleil\BlueSoleil.exe

C:\EPDOA-1-2\OAHotkey.EXE

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\Sin\桌面\HJT.exe.exe

 

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll

O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\zh-tw\msntb.dll

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll

O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL (file missing)

O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\zh-tw\msntb.dll

O4 - HKLM\..\Run: [iMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [bigDogPath] C:\WINDOWS\VM_STI.EXE KINSTONE USB PC Camera

O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"

O8 - Extra context menu item: 匯出至 Microsoft Excel(&X) - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: 添加到QQ自定義面版 - C:\Program Files\Tencent\QQ\AddPanel.htm

O8 - Extra context menu item: 用QQ彩信傳送該圖片 - C:\Program Files\Tencent\QQ\SendMMS.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java 主控台 - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra button: 建立行動最愛 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll

O9 - Extra 'Tools' menuitem: 建立行動最愛... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll

O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe

O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe

O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\QQ\QQ.EXE (file missing)

O9 - Extra 'Tools' menuitem: 騰訊QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\QQ\QQ.EXE (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {3AC7F64E-6154-47B0-82B5-764ED4077F77} (DataStorage Class) - http://txn.hkjc.com/BetSlip/object/HKJCSecKey.cab

O16 - DPF: {5EC7C511-CD0F-42E6-830C-1BD9882F3458} (PowerPlayer Control) - http://download.ppstream.com/bin/powerplayer.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab34246.cab

O18 - Protocol: bw+0 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw+0s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw-0 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw-0s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw00 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw00s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw10 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw10s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw20 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw20s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw30 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw30s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw40 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw40s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw50 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw50s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw60 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw60s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw70 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw70s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw80 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw80s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw90 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw90s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwa0 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwa0s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwb0 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwb0s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwc0 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwc0s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwd0 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwd0s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwe0 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwe0s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwf0 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwf0s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O18 - Protocol: bwg0 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwg0s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwh0 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwh0s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwi0 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwi0s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwj0 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwj0s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwk0 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwk0s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwl0 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwl0s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwm0 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwm0s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwn0 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwn0s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwo0 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwo0s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwp0 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwp0s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwq0 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwq0s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwr0 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwr0s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bws0 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bws0s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwt0 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwt0s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwu0 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwu0s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwv0 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwv0s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bww0 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bww0s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwx0 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwx0s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwy0 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwy0s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwz0 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwz0s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

O18 - Protocol: offline-8876480 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\IVT BlueSoleil\BTNtService.exe

O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: InCD File System Service (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe

O23 - Service: 自動 LiveUpdate 排程器 - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

Share this post


Link to post
Share on other sites

Wow! It's been almost a month since we heard from you. Yes, please try disabling your AV long enough to upload that file: C:\PROGRAM FILES\UIupdater.exe

 

The VirusBurst pest is most likely covered and in detection by now.

 

Update your Ad-Aware program to the latest update: SE1R143 08.01.2007

Do a full system scan in SAFE MODE and let it remove any critical objects found.

 

How to start the computer in SAFE MODE:

You can usually do this by restarting your computer and continually tapping F8 until a menu appears. Highlight Safe Mode and hit enter.

 

How to start the computer in Safe mode

http://service1.symantec.com/SUPPORT/tsgen...src=sec_doc_nam

 

 

Reboot your PC back into normal mode, after cleaning with the updated Ad-Aware.

......................................

Then please download and run this free tool to make a different log:

 

1. Download SmitfraudFix (by S!Ri) to your Desktop (Win2k/WinXP only!).

http://siri.urz.free.fr/Fix/SmitfraudFix.zip

Extract all the files to your Destop. A folder named SmitfraudFix will be created on your Desktop.

 

How to extract (decompress) zipped or compressed files

http://www.lvsonline.com/compresstut/index.shtml

 

2. Open the SmitfraudFix folder and double-click smitfraudfix.cmd

Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).

Please copy/paste the content of that report into your next reply.

 

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.

http://www.beyondlogic.org/consulting/proc...processutil.htm

Share this post


Link to post
Share on other sites

i have tried to disable my AV and upload the file again.

 

the ad-awares have remove some critical objects from my computer. also, i have run "smitfraudfix.cmd". here is the log file you need:

 

SmitFraudFix v2.132

 

Scan done at 23:39:26.35, 15/01/2007 Mon

Run from C:\Documents and Settings\Sin\桌面\SmitfraudFix

OS: Microsoft Windows XP [版本 5.1.2600] - Windows_NT

The filesystem type is FAT32

Fix run in normal mode

 

遙遙遙遙遙遙遙遙遙遙遙遙 C:\

 

 

遙遙遙遙遙遙遙遙遙遙遙遙 C:\WINDOWS

 

 

遙遙遙遙遙遙遙遙遙遙遙遙 C:\WINDOWS\system

 

 

遙遙遙遙遙遙遙遙遙遙遙遙 C:\WINDOWS\Web

 

 

遙遙遙遙遙遙遙遙遙遙遙遙 C:\WINDOWS\system32

 

C:\WINDOWS\system32\ishost.exe FOUND !

C:\WINDOWS\system32\ismini.exe FOUND !

C:\WINDOWS\system32\olnohdw.dll FOUND !

C:\WINDOWS\system32\ot.ico FOUND !

C:\WINDOWS\system32\ts.ico FOUND !

C:\WINDOWS\system32\components\flx?.dll FOUND !

C:\WINDOWS\system32\components\flx??.dll FOUND !

C:\WINDOWS\system32\components\flx???.dll FOUND !

 

遙遙遙遙遙遙遙遙遙遙遙遙 C:\Documents and Settings\Sin

 

 

遙遙遙遙遙遙遙遙遙遙遙遙 C:\Documents and Settings\Sin\Application Data

 

 

遙遙遙遙遙遙遙遙遙遙遙遙 Start Menu

 

C:\DOCUME~1\ALLUSE~1\「開始~1\Online Security Guide.url FOUND !

C:\DOCUME~1\ALLUSE~1\「開始~1\Security Troubleshooting.url FOUND !

 

遙遙遙遙遙遙遙遙遙遙遙遙 C:\DOCUME~1\SIN\FAVORI~1

 

 

遙遙遙遙遙遙遙遙遙遙遙遙 Desktop

 

 

遙遙遙遙遙遙遙遙遙遙遙遙 C:\Program Files

 

C:\Program Files\VirusBurster\ FOUND !

 

遙遙遙遙遙遙遙遙遙遙遙遙 Corrupted keys

 

 

遙遙遙遙遙遙遙遙遙遙遙遙 Desktop Components

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]

"Source"="About:Home"

"SubscribedURL"="About:Home"

"FriendlyName"="My Current Home Page"

 

 

遙遙遙遙遙遙遙遙遙遙遙遙 Sharedtaskscheduler

!!!Attention, following keys are not inevitably infected!!!

 

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]

"{5f938c17-fbc7-4a3c-8526-85e5b1a1f762}"="astral"

 

[HKEY_CLASSES_ROOT\CLSID\{5f938c17-fbc7-4a3c-8526-85e5b1a1f762}\InProcServer32]

@="C:\WINDOWS\system32\olnohdw.dll"

 

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{5f938c17-fbc7-4a3c-8526-85e5b1a1f762}\InProcServer32]

@="C:\WINDOWS\system32\olnohdw.dll"

 

 

 

遙遙遙遙遙遙遙遙遙遙遙遙 AppInit_DLLs

!!!Attention, following keys are not inevitably infected!!!

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"=""

 

 

遙遙遙遙遙遙遙遙遙遙遙遙 Winlogon.System

!!!Attention, following keys are not inevitably infected!!!

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]

"System"=""

 

 

遙遙遙遙遙遙遙遙遙遙遙遙 pe386-msguard-lzx32

 

 

遙遙遙遙遙遙遙遙遙遙遙遙 Scanning wininet.dll infection

 

 

遙遙遙遙遙遙遙遙遙遙遙遙 End

Share this post


Link to post
Share on other sites

good job! I think SmitfraudFix got it :)

 

However, the file you uploaded again came in empty (0 bytes)

 

Please download FileFind from Atribune:

http://www.atribune.org/downloads/FileFind.zip

 

Unzip the file and save it to your desktop.

 

To run FileFind, please do the following:

 

* Click on FileFind.exe

* In the box labeled "Enter the directory to search"

o Enter C:\PROGRAM FILES

* In the box labeled "Enter the file to search"

o Enter the file name: UIupdater.exe

* Now click on the "Find" button

* Once the utility has found the files click on "Export"

* This will save a text file to your C:\ drive as "Export.txt"

* Double click on Export.txt, copy and paste this information in your next post

Share this post


Link to post
Share on other sites

Dear

 

I have follow all your instruction, but the result of filefind show "uiupdater.exe" is not exsisting. Please told me what should I do... Thank you very much!

Share this post


Link to post
Share on other sites

Logfile of HijackThis v1.99.1

Scan saved at 20:33:47, on 14/2/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\IVT Corporation\IVT BlueSoleil\BTNtService.exe

C:\WINDOWS\System32\drivers\CDAC11BA.EXE

C:\Program Files\Ahead\InCD\InCDsrv.exe

C:\WINDOWS\system32\pctspk.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\ISHOST.EXE

C:\WINDOWS\system32\RunDll32.exe

C:\WINDOWS\System32\hkcmd.exe

C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\WINDOWS\VM_STI.EXE

C:\WINDOWS\system32\ismini.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Java\j2re1.4.2_03\bin\jucheck.exe

C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE

C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe

C:\Program Files\IVT Corporation\IVT BlueSoleil\BlueSoleil.exe

C:\EPDOA-1-2\OAHotkey.EXE

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\Sin\桌面\HJT.exe.exe

 

F3 - REG:win.ini: load=C:\PROGRA~1\UIupdater.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll

O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\zh-tw\msntb.dll

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll

O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL (file missing)

O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\zh-tw\msntb.dll

O4 - HKLM\..\Run: [iMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [bigDogPath] C:\WINDOWS\VM_STI.EXE KINSTONE USB PC Camera

O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\PC-cillin 2004\pccguide.exe"

O4 - HKLM\..\Run: [PCClient.exe] "C:\Program Files\Trend Micro\PC-cillin 2004\PCClient.exe"

O4 - HKLM\..\Run: [TM Outbreak Agent] "C:\Program Files\Trend Micro\PC-cillin 2004\TMOAgent.exe" /run

O4 - HKLM\..\Run: [internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"

O4 - HKLM\..\Run: [5qe7h7m1] C:\WINDOWS\System32\5qe7h7m1.exe

O4 - HKLM\..\Run: [zango] "c:\program files\zango\zango.exe"

O4 - HKLM\..\Run: [spySpotter System Defender] C:\Program Files\SpySpotter3\Defender.exe -startup

O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s

O4 - HKLM\..\Run: [uIupdater] C:\PROGRA~1\UIupdater.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"

O4 - HKCU\..\Run: [WinFixer2006] "C:\Program Files\WinFixer_2006\uwfx6.exe" /scan

O4 - HKCU\..\Run: [Error Safe] "C:\Program Files\Error Safe Free\ers.exe" /scan

O4 - HKCU\..\Run: [Kerne0223] C:\WINDOWS\System32\Kerne0223.exe

O8 - Extra context menu item: 匯出至 Microsoft Excel(&X) - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: 添加到QQ自定義面版 - C:\Program Files\Tencent\QQ\AddPanel.htm

O8 - Extra context menu item: 用QQ彩信傳送該圖片 - C:\Program Files\Tencent\QQ\SendMMS.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java 主控台 - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra button: 建立行動最愛 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll

O9 - Extra 'Tools' menuitem: 建立行動最愛... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll

O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe

O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe

O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\QQ\QQ.EXE (file missing)

O9 - Extra 'Tools' menuitem: 騰訊QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\QQ\QQ.EXE (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {3AC7F64E-6154-47B0-82B5-764ED4077F77} (DataStorage Class) - http://txn.hkjc.com/BetSlip/object/HKJCSecKey.cab

O16 - DPF: {5EC7C511-CD0F-42E6-830C-1BD9882F3458} (PowerPlayer Control) - http://download.ppstream.com/bin/powerplayer.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab34246.cab

O18 - Protocol: bw+0 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw+0s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw-0 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw-0s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw00 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw00s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw10 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw10s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw20 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw20s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw30 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw30s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw40 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw40s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw50 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw50s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw60 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw60s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw70 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw70s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw80 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw80s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw90 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw90s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwa0 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwa0s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwb0 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwb0s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwc0 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwc0s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwd0 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwd0s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwe0 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwe0s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwf0 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwf0s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O18 - Protocol: bwg0 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwg0s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwh0 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwh0s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwi0 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwi0s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwj0 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwj0s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwk0 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwk0s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwl0 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwl0s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwm0 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwm0s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwn0 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwn0s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwo0 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwo0s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwp0 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwp0s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwq0 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwq0s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwr0 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwr0s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bws0 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bws0s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwt0 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwt0s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwu0 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwu0s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwv0 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwv0s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bww0 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bww0s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwx0 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwx0s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwy0 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwy0s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwz0 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwz0s - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

O18 - Protocol: offline-8876480 - {59D5C87B-94DF-4FCE-AA74-15A1F8DD7FF6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\IVT BlueSoleil\BTNtService.exe

O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: InCD File System Service (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe

O23 - Service: 自動 LiveUpdate 排程器 - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

Share this post


Link to post
Share on other sites

okrhommn,

 

It is rather defeating the purpose when you wait 3 weeks between posting because you are picking up new crap inbetween. Try to stay with this thread until completion before you put the machine back online and we might be able to make some progress.

 

Right now, you need to get rid of the NewDot Net pest via the Control Panel in Add/remove programs. While there also highlight and remove the following if listed in Add/remove programs.

 

SpySpotter

WinFixer

ErrorSafe

Internet Optimizer

Zango

 

When you have removed all of those via the Control Panel Add/remove programs, reboot your computer

 

Please do that and then, update your Ad-Aware program using the Webupdate feature. Do a full system scan and let Ad-Aware remove any critical objects found. Reboot your computer. Run Ad-Aware again and if any critical objects are found, let it remove those as well.

 

Then, reboot once more and scan and post a fresh HijackThis log so I can see what is left.

Share this post


Link to post
Share on other sites

Logfile of HijackThis v1.99.1

Scan saved at 22:30:43, on 2007-2-21

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\IVT Corporation\IVT BlueSoleil\BTNtService.exe

C:\WINDOWS\System32\drivers\CDAC11BA.EXE

C:\WINDOWS\system32\pctspk.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\ISHOST.EXE

C:\WINDOWS\system32\RunDll32.exe

C:\WINDOWS\System32\hkcmd.exe

C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\WINDOWS\VM_STI.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Java\j2re1.4.2_03\bin\jucheck.exe

C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE

C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe

C:\Program Files\IVT Corporation\IVT BlueSoleil\BlueSoleil.exe

C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\EPDOA-1-2\OAHotkey.EXE

C:\WINDOWS\system32\ismini.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Documents and Settings\Sin\桌面\HJT.exe.exe

 

F3 - REG:win.ini: load=C:\PROGRA~1\UIupdater.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: QQIEHelper - {54EBD53A-9BC1-480B-966A-843A333CA162} - C:\Program Files\Tencent\QQ\QQIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll

O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL (file missing)

O4 - HKLM\..\Run: [iMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [bigDogPath] C:\WINDOWS\VM_STI.EXE KINSTONE USB PC Camera

O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\PC-cillin 2004\pccguide.exe"

O4 - HKLM\..\Run: [PCClient.exe] "C:\Program Files\Trend Micro\PC-cillin 2004\PCClient.exe"

O4 - HKLM\..\Run: [TM Outbreak Agent] "C:\Program Files\Trend Micro\PC-cillin 2004\TMOAgent.exe" /run

O4 - HKLM\..\Run: [internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"

O4 - HKLM\..\Run: [5qe7h7m1] C:\WINDOWS\System32\5qe7h7m1.exe

O4 - HKLM\..\Run: [zango] "c:\program files\zango\zango.exe"

O4 - HKLM\..\Run: [spySpotter System Defender] C:\Program Files\SpySpotter3\Defender.exe -startup

O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s

O4 - HKLM\..\Run: [uIupdater] C:\PROGRA~1\UIupdater.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"

O4 - HKCU\..\Run: [WinFixer2006] "C:\Program Files\WinFixer_2006\uwfx6.exe" /scan

O4 - HKCU\..\Run: [Kerne0223] C:\WINDOWS\System32\Kerne0223.exe

O8 - Extra context menu item: 上?到QQ网?硬? - C:\Program Files\Tencent\QQ\AddToNetDisk.htm

O8 - Extra context menu item: 上傳到QQ網路硬碟 - C:\Program Files\Tencent\QQ\AddToNetDisk.htm

O8 - Extra context menu item: 匯出至 Microsoft Excel(&X) - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: 新增到QQ自定義面板 - C:\Program Files\Tencent\QQ\AddPanel.htm

O8 - Extra context menu item: 新增到QQ表情 - C:\Program Files\Tencent\QQ\AddEmotion.htm

O8 - Extra context menu item: 氝樓善QQ桶 - C:\Program Files\Tencent\QQ\AddEmotion.htm

O8 - Extra context menu item: 氝樓善QQ赻隅砱醱啣 - C:\Program Files\Tencent\QQ\AddPanel.htm

O8 - Extra context menu item: 添加到QQ自定?面板 - C:\Program Files\Tencent\QQ\AddPanel.htm

O8 - Extra context menu item: 添加到QQ自定義面板 - C:\Program Files\Tencent\QQ\AddPanel.htm

O8 - Extra context menu item: 添加到QQ自定義面版 - C:\Program Files\Tencent\QQ\AddPanel.htm

O8 - Extra context menu item: 添加到QQ表情 - C:\Program Files\Tencent\QQ\AddEmotion.htm

O8 - Extra context menu item: 用QQ MMS傳送該圖片 - C:\Program Files\Tencent\QQ\SendMMS.htm

O8 - Extra context menu item: 用QQ彩信?送??片 - C:\Program Files\Tencent\QQ\SendMMS.htm

O8 - Extra context menu item: 用QQ彩信傳送該圖片 - C:\Program Files\Tencent\QQ\SendMMS.htm

O8 - Extra context menu item: 用QQ彩信發送該圖片 - C:\Program Files\Tencent\QQ\SendMMS.htm

O8 - Extra context menu item: 蚚QQ粗陓楷冞蜆芞 - C:\Program Files\Tencent\QQ\SendMMS.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java 北 - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra button: ?︽笆程? - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll

O9 - Extra 'Tools' menuitem: ?︽笆程?... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll

O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe

O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe

O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\QQ\QQ.EXE

O9 - Extra 'Tools' menuitem: 乃癟QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\QQ\QQ.EXE

O9 - Extra button: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - C:\Program Files\Tencent\QQ\QQIEHelper.dll

O9 - Extra 'Tools' menuitem: QQ炫彩工具??置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - C:\Program Files\Tencent\QQ\QQIEHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {3AC7F64E-6154-47B0-82B5-764ED4077F77} (DataStorage Class) - http://txn.hkjc.com/BetSlip/object/HKJCSecKey.cab

O16 - DPF: {5EC7C511-CD0F-42E6-830C-1BD9882F3458} (PowerPlayer Control) - http://download.ppstream.com/bin/powerplayer.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {9ADACAA6-533E-4383-AFA7-F0A66650B6D8} (VqqSpeedDlProxy Class) - http://im.qq.com/vqqsdl1230.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab34246.cab

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\IVT BlueSoleil\BTNtService.exe

O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe

Share this post


Link to post
Share on other sites

Logfile of HijackThis v1.99.1

Scan saved at 22:30:43, on 2007-2-21

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\IVT Corporation\IVT BlueSoleil\BTNtService.exe

C:\WINDOWS\System32\drivers\CDAC11BA.EXE

C:\WINDOWS\system32\pctspk.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\ISHOST.EXE

C:\WINDOWS\system32\RunDll32.exe

C:\WINDOWS\System32\hkcmd.exe

C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\WINDOWS\VM_STI.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Java\j2re1.4.2_03\bin\jucheck.exe

C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE

C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe

C:\Program Files\IVT Corporation\IVT BlueSoleil\BlueSoleil.exe

C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\EPDOA-1-2\OAHotkey.EXE

C:\WINDOWS\system32\ismini.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Documents and Settings\Sin\桌面\HJT.exe.exe

 

F3 - REG:win.ini: load=C:\PROGRA~1\UIupdater.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: QQIEHelper - {54EBD53A-9BC1-480B-966A-843A333CA162} - C:\Program Files\Tencent\QQ\QQIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll

O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL (file missing)

O4 - HKLM\..\Run: [iMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [bigDogPath] C:\WINDOWS\VM_STI.EXE KINSTONE USB PC Camera

O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\PC-cillin 2004\pccguide.exe"

O4 - HKLM\..\Run: [PCClient.exe] "C:\Program Files\Trend Micro\PC-cillin 2004\PCClient.exe"

O4 - HKLM\..\Run: [TM Outbreak Agent] "C:\Program Files\Trend Micro\PC-cillin 2004\TMOAgent.exe" /run

O4 - HKLM\..\Run: [internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"

O4 - HKLM\..\Run: [5qe7h7m1] C:\WINDOWS\System32\5qe7h7m1.exe

O4 - HKLM\..\Run: [zango] "c:\program files\zango\zango.exe"

O4 - HKLM\..\Run: [spySpotter System Defender] C:\Program Files\SpySpotter3\Defender.exe -startup

O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s

O4 - HKLM\..\Run: [uIupdater] C:\PROGRA~1\UIupdater.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"

O4 - HKCU\..\Run: [WinFixer2006] "C:\Program Files\WinFixer_2006\uwfx6.exe" /scan

O4 - HKCU\..\Run: [Kerne0223] C:\WINDOWS\System32\Kerne0223.exe

O8 - Extra context menu item: 上?到QQ网?硬? - C:\Program Files\Tencent\QQ\AddToNetDisk.htm

O8 - Extra context menu item: 上傳到QQ網路硬碟 - C:\Program Files\Tencent\QQ\AddToNetDisk.htm

O8 - Extra context menu item: 匯出至 Microsoft Excel(&X) - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: 新增到QQ自定義面板 - C:\Program Files\Tencent\QQ\AddPanel.htm

O8 - Extra context menu item: 新增到QQ表情 - C:\Program Files\Tencent\QQ\AddEmotion.htm

O8 - Extra context menu item: 氝樓善QQ桶 - C:\Program Files\Tencent\QQ\AddEmotion.htm

O8 - Extra context menu item: 氝樓善QQ赻隅砱醱啣 - C:\Program Files\Tencent\QQ\AddPanel.htm

O8 - Extra context menu item: 添加到QQ自定?面板 - C:\Program Files\Tencent\QQ\AddPanel.htm

O8 - Extra context menu item: 添加到QQ自定義面板 - C:\Program Files\Tencent\QQ\AddPanel.htm

O8 - Extra context menu item: 添加到QQ自定義面版 - C:\Program Files\Tencent\QQ\AddPanel.htm

O8 - Extra context menu item: 添加到QQ表情 - C:\Program Files\Tencent\QQ\AddEmotion.htm

O8 - Extra context menu item: 用QQ MMS傳送該圖片 - C:\Program Files\Tencent\QQ\SendMMS.htm

O8 - Extra context menu item: 用QQ彩信?送??片 - C:\Program Files\Tencent\QQ\SendMMS.htm

O8 - Extra context menu item: 用QQ彩信傳送該圖片 - C:\Program Files\Tencent\QQ\SendMMS.htm

O8 - Extra context menu item: 用QQ彩信發送該圖片 - C:\Program Files\Tencent\QQ\SendMMS.htm

O8 - Extra context menu item: 蚚QQ粗陓楷冞蜆芞 - C:\Program Files\Tencent\QQ\SendMMS.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java 北 - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra button: ?︽笆程? - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll

O9 - Extra 'Tools' menuitem: ?︽笆程?... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll

O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe

O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe

O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\QQ\QQ.EXE

O9 - Extra 'Tools' menuitem: 乃癟QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\QQ\QQ.EXE

O9 - Extra button: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - C:\Program Files\Tencent\QQ\QQIEHelper.dll

O9 - Extra 'Tools' menuitem: QQ炫彩工具??置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - C:\Program Files\Tencent\QQ\QQIEHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {3AC7F64E-6154-47B0-82B5-764ED4077F77} (DataStorage Class) - http://txn.hkjc.com/BetSlip/object/HKJCSecKey.cab

O16 - DPF: {5EC7C511-CD0F-42E6-830C-1BD9882F3458} (PowerPlayer Control) - http://download.ppstream.com/bin/powerplayer.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {9ADACAA6-533E-4383-AFA7-F0A66650B6D8} (VqqSpeedDlProxy Class) - http://im.qq.com/vqqsdl1230.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab34246.cab

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\IVT BlueSoleil\BTNtService.exe

O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe

Share this post


Link to post
Share on other sites

Logfile of HijackThis v1.99.1

Scan saved at 23:55:28, on 2007-2-21

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\IVT Corporation\IVT BlueSoleil\BTNtService.exe

C:\WINDOWS\System32\drivers\CDAC11BA.EXE

C:\WINDOWS\system32\pctspk.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\ISHOST.EXE

C:\WINDOWS\system32\RunDll32.exe

C:\WINDOWS\System32\hkcmd.exe

C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\WINDOWS\VM_STI.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Java\j2re1.4.2_03\bin\jucheck.exe

C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE

C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe

C:\Program Files\IVT Corporation\IVT BlueSoleil\BlueSoleil.exe

C:\EPDOA-1-2\OAHotkey.EXE

C:\WINDOWS\system32\ismini.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Documents and Settings\Sin\桌面\HJT.exe.exe

 

F3 - REG:win.ini: load=C:\PROGRA~1\UIupdater.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: QQIEHelper - {54EBD53A-9BC1-480B-966A-843A333CA162} - C:\Program Files\Tencent\QQ\QQIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll

O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL (file missing)

O4 - HKLM\..\Run: [iMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [bigDogPath] C:\WINDOWS\VM_STI.EXE KINSTONE USB PC Camera

O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\PC-cillin 2004\pccguide.exe"

O4 - HKLM\..\Run: [PCClient.exe] "C:\Program Files\Trend Micro\PC-cillin 2004\PCClient.exe"

O4 - HKLM\..\Run: [TM Outbreak Agent] "C:\Program Files\Trend Micro\PC-cillin 2004\TMOAgent.exe" /run

O4 - HKLM\..\Run: [internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"

O4 - HKLM\..\Run: [5qe7h7m1] C:\WINDOWS\System32\5qe7h7m1.exe

O4 - HKLM\..\Run: [uIupdater] C:\PROGRA~1\UIupdater.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"

O4 - HKCU\..\Run: [WinFixer2006] "C:\Program Files\WinFixer_2006\uwfx6.exe" /scan

O4 - HKCU\..\Run: [Kerne0223] C:\WINDOWS\System32\Kerne0223.exe

O8 - Extra context menu item: 上?到QQ网?硬? - C:\Program Files\Tencent\QQ\AddToNetDisk.htm

O8 - Extra context menu item: 上傳到QQ網路硬碟 - C:\Program Files\Tencent\QQ\AddToNetDisk.htm

O8 - Extra context menu item: 匯出至 Microsoft Excel(&X) - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: 新增到QQ自定義面板 - C:\Program Files\Tencent\QQ\AddPanel.htm

O8 - Extra context menu item: 新增到QQ表情 - C:\Program Files\Tencent\QQ\AddEmotion.htm

O8 - Extra context menu item: 氝樓善QQ桶 - C:\Program Files\Tencent\QQ\AddEmotion.htm

O8 - Extra context menu item: 氝樓善QQ赻隅砱醱啣 - C:\Program Files\Tencent\QQ\AddPanel.htm

O8 - Extra context menu item: 添加到QQ自定?面板 - C:\Program Files\Tencent\QQ\AddPanel.htm

O8 - Extra context menu item: 添加到QQ自定義面板 - C:\Program Files\Tencent\QQ\AddPanel.htm

O8 - Extra context menu item: 添加到QQ自定義面版 - C:\Program Files\Tencent\QQ\AddPanel.htm

O8 - Extra context menu item: 添加到QQ表情 - C:\Program Files\Tencent\QQ\AddEmotion.htm

O8 - Extra context menu item: 用QQ MMS傳送該圖片 - C:\Program Files\Tencent\QQ\SendMMS.htm

O8 - Extra context menu item: 用QQ彩信?送??片 - C:\Program Files\Tencent\QQ\SendMMS.htm

O8 - Extra context menu item: 用QQ彩信傳送該圖片 - C:\Program Files\Tencent\QQ\SendMMS.htm

O8 - Extra context menu item: 用QQ彩信發送該圖片 - C:\Program Files\Tencent\QQ\SendMMS.htm

O8 - Extra context menu item: 蚚QQ粗陓楷冞蜆芞 - C:\Program Files\Tencent\QQ\SendMMS.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java 北 - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra button: ?︽笆程? - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll

O9 - Extra 'Tools' menuitem: ?︽笆程?... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll

O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe

O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe

O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\QQ\QQ.EXE

O9 - Extra 'Tools' menuitem: 乃癟QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\QQ\QQ.EXE

O9 - Extra button: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - C:\Program Files\Tencent\QQ\QQIEHelper.dll

O9 - Extra 'Tools' menuitem: QQ炫彩工具??置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - C:\Program Files\Tencent\QQ\QQIEHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {3AC7F64E-6154-47B0-82B5-764ED4077F77} (DataStorage Class) - http://txn.hkjc.com/BetSlip/object/HKJCSecKey.cab

O16 - DPF: {5EC7C511-CD0F-42E6-830C-1BD9882F3458} (PowerPlayer Control) - http://download.ppstream.com/bin/powerplayer.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {9ADACAA6-533E-4383-AFA7-F0A66650B6D8} (VqqSpeedDlProxy Class) - http://im.qq.com/vqqsdl1230.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab34246.cab

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\IVT BlueSoleil\BTNtService.exe

O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe

Share this post


Link to post
Share on other sites

Logfile of HijackThis v1.99.1

Scan saved at 23:55:28, on 2007-2-21

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\IVT Corporation\IVT BlueSoleil\BTNtService.exe

C:\WINDOWS\System32\drivers\CDAC11BA.EXE

C:\WINDOWS\system32\pctspk.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\ISHOST.EXE

C:\WINDOWS\system32\RunDll32.exe

C:\WINDOWS\System32\hkcmd.exe

C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\WINDOWS\VM_STI.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Java\j2re1.4.2_03\bin\jucheck.exe

C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE

C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe

C:\Program Files\IVT Corporation\IVT BlueSoleil\BlueSoleil.exe

C:\EPDOA-1-2\OAHotkey.EXE

C:\WINDOWS\system32\ismini.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Documents and Settings\Sin\桌面\HJT.exe.exe

 

F3 - REG:win.ini: load=C:\PROGRA~1\UIupdater.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: QQIEHelper - {54EBD53A-9BC1-480B-966A-843A333CA162} - C:\Program Files\Tencent\QQ\QQIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll

O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL (file missing)

O4 - HKLM\..\Run: [iMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [bigDogPath] C:\WINDOWS\VM_STI.EXE KINSTONE USB PC Camera

O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\PC-cillin 2004\pccguide.exe"

O4 - HKLM\..\Run: [PCClient.exe] "C:\Program Files\Trend Micro\PC-cillin 2004\PCClient.exe"

O4 - HKLM\..\Run: [TM Outbreak Agent] "C:\Program Files\Trend Micro\PC-cillin 2004\TMOAgent.exe" /run

O4 - HKLM\..\Run: [internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"

O4 - HKLM\..\Run: [5qe7h7m1] C:\WINDOWS\System32\5qe7h7m1.exe

O4 - HKLM\..\Run: [uIupdater] C:\PROGRA~1\UIupdater.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"

O4 - HKCU\..\Run: [WinFixer2006] "C:\Program Files\WinFixer_2006\uwfx6.exe" /scan

O4 - HKCU\..\Run: [Kerne0223] C:\WINDOWS\System32\Kerne0223.exe

O8 - Extra context menu item: 上?到QQ网?硬? - C:\Program Files\Tencent\QQ\AddToNetDisk.htm

O8 - Extra context menu item: 上傳到QQ網路硬碟 - C:\Program Files\Tencent\QQ\AddToNetDisk.htm

O8 - Extra context menu item: 匯出至 Microsoft Excel(&X) - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: 新增到QQ自定義面板 - C:\Program Files\Tencent\QQ\AddPanel.htm

O8 - Extra context menu item: 新增到QQ表情 - C:\Program Files\Tencent\QQ\AddEmotion.htm

O8 - Extra context menu item: 氝樓善QQ桶 - C:\Program Files\Tencent\QQ\AddEmotion.htm

O8 - Extra context menu item: 氝樓善QQ赻隅砱醱啣 - C:\Program Files\Tencent\QQ\AddPanel.htm

O8 - Extra context menu item: 添加到QQ自定?面板 - C:\Program Files\Tencent\QQ\AddPanel.htm

O8 - Extra context menu item: 添加到QQ自定義面板 - C:\Program Files\Tencent\QQ\AddPanel.htm

O8 - Extra context menu item: 添加到QQ自定義面版 - C:\Program Files\Tencent\QQ\AddPanel.htm

O8 - Extra context menu item: 添加到QQ表情 - C:\Program Files\Tencent\QQ\AddEmotion.htm

O8 - Extra context menu item: 用QQ MMS傳送該圖片 - C:\Program Files\Tencent\QQ\SendMMS.htm

O8 - Extra context menu item: 用QQ彩信?送??片 - C:\Program Files\Tencent\QQ\SendMMS.htm

O8 - Extra context menu item: 用QQ彩信傳送該圖片 - C:\Program Files\Tencent\QQ\SendMMS.htm

O8 - Extra context menu item: 用QQ彩信發送該圖片 - C:\Program Files\Tencent\QQ\SendMMS.htm

O8 - Extra context menu item: 蚚QQ粗陓楷冞蜆芞 - C:\Program Files\Tencent\QQ\SendMMS.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java 北 - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra button: ?︽笆程? - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll

O9 - Extra 'Tools' menuitem: ?︽笆程?... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll

O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe

O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe

O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\QQ\QQ.EXE

O9 - Extra 'Tools' menuitem: 乃癟QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\QQ\QQ.EXE

O9 - Extra button: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - C:\Program Files\Tencent\QQ\QQIEHelper.dll

O9 - Extra 'Tools' menuitem: QQ炫彩工具??置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - C:\Program Files\Tencent\QQ\QQIEHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {3AC7F64E-6154-47B0-82B5-764ED4077F77} (DataStorage Class) - http://txn.hkjc.com/BetSlip/object/HKJCSecKey.cab

O16 - DPF: {5EC7C511-CD0F-42E6-830C-1BD9882F3458} (PowerPlayer Control) - http://download.ppstream.com/bin/powerplayer.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {9ADACAA6-533E-4383-AFA7-F0A66650B6D8} (VqqSpeedDlProxy Class) - http://im.qq.com/vqqsdl1230.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab34246.cab

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\IVT BlueSoleil\BTNtService.exe

O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe

Share this post


Link to post
Share on other sites

Logfile of HijackThis v1.99.1

Scan saved at 23:55:28, on 2007-2-21

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\IVT Corporation\IVT BlueSoleil\BTNtService.exe

C:\WINDOWS\System32\drivers\CDAC11BA.EXE

C:\WINDOWS\system32\pctspk.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\ISHOST.EXE

C:\WINDOWS\system32\RunDll32.exe

C:\WINDOWS\System32\hkcmd.exe

C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\WINDOWS\VM_STI.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Java\j2re1.4.2_03\bin\jucheck.exe

C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE

C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe

C:\Program Files\IVT Corporation\IVT BlueSoleil\BlueSoleil.exe

C:\EPDOA-1-2\OAHotkey.EXE

C:\WINDOWS\system32\ismini.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Documents and Settings\Sin\桌面\HJT.exe.exe

 

F3 - REG:win.ini: load=C:\PROGRA~1\UIupdater.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: QQIEHelper - {54EBD53A-9BC1-480B-966A-843A333CA162} - C:\Program Files\Tencent\QQ\QQIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll

O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL (file missing)

O4 - HKLM\..\Run: [iMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [bigDogPath] C:\WINDOWS\VM_STI.EXE KINSTONE USB PC Camera

O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\PC-cillin 2004\pccguide.exe"

O4 - HKLM\..\Run: [PCClient.exe] "C:\Program Files\Trend Micro\PC-cillin 2004\PCClient.exe"

O4 - HKLM\..\Run: [TM Outbreak Agent] "C:\Program Files\Trend Micro\PC-cillin 2004\TMOAgent.exe" /run

O4 - HKLM\..\Run: [internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"

O4 - HKLM\..\Run: [5qe7h7m1] C:\WINDOWS\System32\5qe7h7m1.exe

O4 - HKLM\..\Run: [uIupdater] C:\PROGRA~1\UIupdater.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"

O4 - HKCU\..\Run: [WinFixer2006] "C:\Program Files\WinFixer_2006\uwfx6.exe" /scan

O4 - HKCU\..\Run: [Kerne0223] C:\WINDOWS\System32\Kerne0223.exe

O8 - Extra context menu item: 上?到QQ网?硬? - C:\Program Files\Tencent\QQ\AddToNetDisk.htm

O8 - Extra context menu item: 上傳到QQ網路硬碟 - C:\Program Files\Tencent\QQ\AddToNetDisk.htm

O8 - Extra context menu item: 匯出至 Microsoft Excel(&X) - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: 新增到QQ自定義面板 - C:\Program Files\Tencent\QQ\AddPanel.htm

O8 - Extra context menu item: 新增到QQ表情 - C:\Program Files\Tencent\QQ\AddEmotion.htm

O8 - Extra context menu item: 氝樓善QQ桶 - C:\Program Files\Tencent\QQ\AddEmotion.htm

O8 - Extra context menu item: 氝樓善QQ赻隅砱醱啣 - C:\Program Files\Tencent\QQ\AddPanel.htm

O8 - Extra context menu item: 添加到QQ自定?面板 - C:\Program Files\Tencent\QQ\AddPanel.htm

O8 - Extra context menu item: 添加到QQ自定義面板 - C:\Program Files\Tencent\QQ\AddPanel.htm

O8 - Extra context menu item: 添加到QQ自定義面版 - C:\Program Files\Tencent\QQ\AddPanel.htm

O8 - Extra context menu item: 添加到QQ表情 - C:\Program Files\Tencent\QQ\AddEmotion.htm

O8 - Extra context menu item: 用QQ MMS傳送該圖片 - C:\Program Files\Tencent\QQ\SendMMS.htm

O8 - Extra context menu item: 用QQ彩信?送??片 - C:\Program Files\Tencent\QQ\SendMMS.htm

O8 - Extra context menu item: 用QQ彩信傳送該圖片 - C:\Program Files\Tencent\QQ\SendMMS.htm

O8 - Extra context menu item: 用QQ彩信發送該圖片 - C:\Program Files\Tencent\QQ\SendMMS.htm

O8 - Extra context menu item: 蚚QQ粗陓楷冞蜆芞 - C:\Program Files\Tencent\QQ\SendMMS.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java 北 - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra button: ?︽笆程? - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll

O9 - Extra 'Tools' menuitem: ?︽笆程?... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll

O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe

O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe

O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\QQ\QQ.EXE

O9 - Extra 'Tools' menuitem: 乃癟QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\QQ\QQ.EXE

O9 - Extra button: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - C:\Program Files\Tencent\QQ\QQIEHelper.dll

O9 - Extra 'Tools' menuitem: QQ炫彩工具??置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - C:\Program Files\Tencent\QQ\QQIEHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {3AC7F64E-6154-47B0-82B5-764ED4077F77} (DataStorage Class) - http://txn.hkjc.com/BetSlip/object/HKJCSecKey.cab

O16 - DPF: {5EC7C511-CD0F-42E6-830C-1BD9882F3458} (PowerPlayer Control) - http://download.ppstream.com/bin/powerplayer.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {9ADACAA6-533E-4383-AFA7-F0A66650B6D8} (VqqSpeedDlProxy Class) - http://im.qq.com/vqqsdl1230.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab34246.cab

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\IVT BlueSoleil\BTNtService.exe

O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe

Share this post


Link to post
Share on other sites

Hello,okrhommn & Welcome

 

----------------

 

Please upload this file for me

 

Go to next site:

http://www.virustotal.com/en/indexx.html

On top you'll find 'Browse'

Click the browse button and browse to next file:

 

C:\Program Files\UIupdater.exe

 

Click open.

Then click the 'Send' button next to it.

This will scan the file. Please be patient.

Once scanned, copy and paste the results as well in your next reply.

 

----------------

 

First goto ControlPanel Add/Remove Programs and Uninstall/Remove these

items if stell there:

Tencent Or Tencent QQ

WinFixer_2006

 

*Note: (although it's popular in China, it's an adware program, so, you may choose to stay with or get rid of it, at your own risk) up to you to keep or remove.

 

------------------

 

Run HijackThis

Scan and when it finishes, put a check mark only next to these following items : (if present)

 

O2 - BHO: QQIEHelper - {54EBD53A-9BC1-480B-966A-843A333CA162} - C:\Program Files\Tencent\QQ\QQIEHelper.dll

 

O4 - HKLM\..\Run: [5qe7h7m1] C:\WINDOWS\System32\5qe7h7m1.exe

 

O4 - HKCU\..\Run: [WinFixer2006] "C:\Program Files\WinFixer_2006\uwfx6.exe" /scan

 

O4 - HKCU\..\Run: [Kerne0223] C:\WINDOWS\System32\Kerne0223.exe

 

O8 - Extra context menu item: 上?到QQ网?硬? - C:\Program Files\Tencent\QQ\AddToNetDisk.htm

 

O8 - Extra context menu item: 上傳到QQ網路硬碟 - C:\Program Files\Tencent\QQ\AddToNetDisk.htm

O8 - Extra context menu item: 新增到QQ自定義面板 - C:\Program Files\Tencent\QQ\AddPanel.htm

 

O8 - Extra context menu item: 新增到QQ表情 - C:\Program Files\Tencent\QQ\AddEmotion.htm

 

O8 - Extra context menu item: 氝樓善QQ桶 - C:\Program Files\Tencent\QQ\AddEmotion.htm

 

O8 - Extra context menu item: 氝樓善QQ赻隅砱醱啣 - C:\Program Files\Tencent\QQ\AddPanel.htm

 

O8 - Extra context menu item: 添加到QQ自定?面板 - C:\Program Files\Tencent\QQ\AddPanel.htm

 

O8 - Extra context menu item: 添加到QQ自定義面板 - C:\Program Files\Tencent\QQ\AddPanel.htm

 

O8 - Extra context menu item: 添加到QQ自定義面版 - C:\Program Files\Tencent\QQ\AddPanel.htm

 

O8 - Extra context menu item: 添加到QQ表情 - C:\Program Files\Tencent\QQ\AddEmotion.htm

 

O8 - Extra context menu item: 用QQ MMS傳送該圖片 - C:\Program Files\Tencent\QQ\SendMMS.htm

 

O8 - Extra context menu item: 用QQ彩信?送??片 - C:\Program Files\Tencent\QQ\SendMMS.htm

 

O8 - Extra context menu item: 用QQ彩信傳送該圖片 - C:\Program Files\Tencent\QQ\SendMMS.htm

 

O8 - Extra context menu item: 用QQ彩信發送該圖片 - C:\Program Files\Tencent\QQ\SendMMS.htm

 

O8 - Extra context menu item: 蚚QQ粗陓楷冞蜆芞 - C:\Program Files\Tencent\QQ\SendMMS.htm

 

O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\QQ\QQ.EXE

 

O9 - Extra 'Tools' menuitem: 乃癟QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\QQ\QQ.EXE

 

O9 - Extra button: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - C:\Program Files\Tencent\QQ\QQIEHelper.dll

 

O9 - Extra 'Tools' menuitem: QQ炫彩工具??置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - C:\Program Files\Tencent\QQ\QQIEHelper.dll

 

Close all browsers and any open Windows, making sure that only HijackThis is open

Click Fix Checked

Close HijackThis

 

------------------

 

Do a reboot and run this tool for me then come back here with a new HijackThis logfile and rapport.txt

 

Download SmitfraudFix (by S!Ri) to your Desktop.

http://siri.urz.free.fr/Fix/SmitfraudFix.zip

Extract all the files to your Destop. A folder named SmitfraudFix will be created on your Desktop.

 

Open the SmitfraudFix folder and double-click smitfraudfix.cmd

Select option #1 - Search by typing 1 and press Enter

This program will scan large amounts of files on your computer for known patterns so please be patient while it works. When it is done, the results of the scan will be displayed and it will create a log named rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed. Please post that log in your next reply.

 

Please do not run any other options until you are asked to do so.

 

Gogo ;)

Share this post


Link to post
Share on other sites

Logfile of HijackThis v1.99.1

Scan saved at 23:55:28, on 2007-2-21

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\IVT Corporation\IVT BlueSoleil\BTNtService.exe

C:\WINDOWS\System32\drivers\CDAC11BA.EXE

C:\WINDOWS\system32\pctspk.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\ISHOST.EXE

C:\WINDOWS\system32\RunDll32.exe

C:\WINDOWS\System32\hkcmd.exe

C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\WINDOWS\VM_STI.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Java\j2re1.4.2_03\bin\jucheck.exe

C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE

C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe

C:\Program Files\IVT Corporation\IVT BlueSoleil\BlueSoleil.exe

C:\EPDOA-1-2\OAHotkey.EXE

C:\WINDOWS\system32\ismini.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Documents and Settings\Sin\桌面\HJT.exe.exe

 

F3 - REG:win.ini: load=C:\PROGRA~1\UIupdater.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: QQIEHelper - {54EBD53A-9BC1-480B-966A-843A333CA162} - C:\Program Files\Tencent\QQ\QQIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll

O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL (file missing)

O4 - HKLM\..\Run: [iMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [bigDogPath] C:\WINDOWS\VM_STI.EXE KINSTONE USB PC Camera

O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\PC-cillin 2004\pccguide.exe"

O4 - HKLM\..\Run: [PCClient.exe] "C:\Program Files\Trend Micro\PC-cillin 2004\PCClient.exe"

O4 - HKLM\..\Run: [TM Outbreak Agent] "C:\Program Files\Trend Micro\PC-cillin 2004\TMOAgent.exe" /run

O4 - HKLM\..\Run: [internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"

O4 - HKLM\..\Run: [5qe7h7m1] C:\WINDOWS\System32\5qe7h7m1.exe

O4 - HKLM\..\Run: [uIupdater] C:\PROGRA~1\UIupdater.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"

O4 - HKCU\..\Run: [WinFixer2006] "C:\Program Files\WinFixer_2006\uwfx6.exe" /scan

O4 - HKCU\..\Run: [Kerne0223] C:\WINDOWS\System32\Kerne0223.exe

O8 - Extra context menu item: 上?到QQ网?硬? - C:\Program Files\Tencent\QQ\AddToNetDisk.htm

O8 - Extra context menu item: 上傳到QQ網路硬碟 - C:\Program Files\Tencent\QQ\AddToNetDisk.htm

O8 - Extra context menu item: 匯出至 Microsoft Excel(&X) - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: 新增到QQ自定義面板 - C:\Program Files\Tencent\QQ\AddPanel.htm

O8 - Extra context menu item: 新增到QQ表情 - C:\Program Files\Tencent\QQ\AddEmotion.htm

O8 - Extra context menu item: 氝樓善QQ桶 - C:\Program Files\Tencent\QQ\AddEmotion.htm

O8 - Extra context menu item: 氝樓善QQ赻隅砱醱啣 - C:\Program Files\Tencent\QQ\AddPanel.htm

O8 - Extra context menu item: 添加到QQ自定?面板 - C:\Program Files\Tencent\QQ\AddPanel.htm

O8 - Extra context menu item: 添加到QQ自定義面板 - C:\Program Files\Tencent\QQ\AddPanel.htm

O8 - Extra context menu item: 添加到QQ自定義面版 - C:\Program Files\Tencent\QQ\AddPanel.htm

O8 - Extra context menu item: 添加到QQ表情 - C:\Program Files\Tencent\QQ\AddEmotion.htm

O8 - Extra context menu item: 用QQ MMS傳送該圖片 - C:\Program Files\Tencent\QQ\SendMMS.htm

O8 - Extra context menu item: 用QQ彩信?送??片 - C:\Program Files\Tencent\QQ\SendMMS.htm

O8 - Extra context menu item: 用QQ彩信傳送該圖片 - C:\Program Files\Tencent\QQ\SendMMS.htm

O8 - Extra context menu item: 用QQ彩信發送該圖片 - C:\Program Files\Tencent\QQ\SendMMS.htm

O8 - Extra context menu item: 蚚QQ粗陓楷冞蜆芞 - C:\Program Files\Tencent\QQ\SendMMS.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java 北 - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra button: ?︽笆程? - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll

O9 - Extra 'Tools' menuitem: ?︽笆程?... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll

O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe

O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe

O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\QQ\QQ.EXE

O9 - Extra 'Tools' menuitem: 乃癟QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\QQ\QQ.EXE

O9 - Extra button: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - C:\Program Files\Tencent\QQ\QQIEHelper.dll

O9 - Extra 'Tools' menuitem: QQ炫彩工具??置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - C:\Program Files\Tencent\QQ\QQIEHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {3AC7F64E-6154-47B0-82B5-764ED4077F77} (DataStorage Class) - http://txn.hkjc.com/BetSlip/object/HKJCSecKey.cab

O16 - DPF: {5EC7C511-CD0F-42E6-830C-1BD9882F3458} (PowerPlayer Control) - http://download.ppstream.com/bin/powerplayer.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {9ADACAA6-533E-4383-AFA7-F0A66650B6D8} (VqqSpeedDlProxy Class) - http://im.qq.com/vqqsdl1230.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab34246.cab

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\IVT BlueSoleil\BTNtService.exe

O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe

Share this post


Link to post
Share on other sites

Logfile of HijackThis v1.99.1

Scan saved at 23:55:28, on 2007-2-21

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\IVT Corporation\IVT BlueSoleil\BTNtService.exe

C:\WINDOWS\System32\drivers\CDAC11BA.EXE

C:\WINDOWS\system32\pctspk.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\ISHOST.EXE

C:\WINDOWS\system32\RunDll32.exe

C:\WINDOWS\System32\hkcmd.exe

C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\WINDOWS\VM_STI.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Java\j2re1.4.2_03\bin\jucheck.exe

C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE

C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe

C:\Program Files\IVT Corporation\IVT BlueSoleil\BlueSoleil.exe

C:\EPDOA-1-2\OAHotkey.EXE

C:\WINDOWS\system32\ismini.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Documents and Settings\Sin\桌面\HJT.exe.exe

 

F3 - REG:win.ini: load=C:\PROGRA~1\UIupdater.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: QQIEHelper - {54EBD53A-9BC1-480B-966A-843A333CA162} - C:\Program Files\Tencent\QQ\QQIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll

O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL (file missing)

O4 - HKLM\..\Run: [iMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [bigDogPath] C:\WINDOWS\VM_STI.EXE KINSTONE USB PC Camera

O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\PC-cillin 2004\pccguide.exe"

O4 - HKLM\..\Run: [PCClient.exe] "C:\Program Files\Trend Micro\PC-cillin 2004\PCClient.exe"

O4 - HKLM\..\Run: [TM Outbreak Agent] "C:\Program Files\Trend Micro\PC-cillin 2004\TMOAgent.exe" /run

O4 - HKLM\..\Run: [internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"

O4 - HKLM\..\Run: [5qe7h7m1] C:\WINDOWS\System32\5qe7h7m1.exe

O4 - HKLM\..\Run: [uIupdater] C:\PROGRA~1\UIupdater.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"

O4 - HKCU\..\Run: [WinFixer2006] "C:\Program Files\WinFixer_2006\uwfx6.exe" /scan

O4 - HKCU\..\Run: [Kerne0223] C:\WINDOWS\System32\Kerne0223.exe

O8 - Extra context menu item: 上?到QQ网?硬? - C:\Program Files\Tencent\QQ\AddToNetDisk.htm

O8 - Extra context menu item: 上傳到QQ網路硬碟 - C:\Program Files\Tencent\QQ\AddToNetDisk.htm

O8 - Extra context menu item: 匯出至 Microsoft Excel(&X) - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: 新增到QQ自定義面板 - C:\Program Files\Tencent\QQ\AddPanel.htm

O8 - Extra context menu item: 新增到QQ表情 - C:\Program Files\Tencent\QQ\AddEmotion.htm

O8 - Extra context menu item: 氝樓善QQ桶 - C:\Program Files\Tencent\QQ\AddEmotion.htm

O8 - Extra context menu item: 氝樓善QQ赻隅砱醱啣 - C:\Program Files\Tencent\QQ\AddPanel.htm

O8 - Extra context menu item: 添加到QQ自定?面板 - C:\Program Files\Tencent\QQ\AddPanel.htm

O8 - Extra context menu item: 添加到QQ自定義面板 - C:\Program Files\Tencent\QQ\AddPanel.htm

O8 - Extra context menu item: 添加到QQ自定義面版 - C:\Program Files\Tencent\QQ\AddPanel.htm

O8 - Extra context menu item: 添加到QQ表情 - C:\Program Files\Tencent\QQ\AddEmotion.htm

O8 - Extra context menu item: 用QQ MMS傳送該圖片 - C:\Program Files\Tencent\QQ\SendMMS.htm

O8 - Extra context menu item: 用QQ彩信?送??片 - C:\Program Files\Tencent\QQ\SendMMS.htm

O8 - Extra context menu item: 用QQ彩信傳送該圖片 - C:\Program Files\Tencent\QQ\SendMMS.htm

O8 - Extra context menu item: 用QQ彩信發送該圖片 - C:\Program Files\Tencent\QQ\SendMMS.htm

O8 - Extra context menu item: 蚚QQ粗陓楷冞蜆芞 - C:\Program Files\Tencent\QQ\SendMMS.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java 北 - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra button: ?︽笆程? - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll

O9 - Extra 'Tools' menuitem: ?︽笆程?... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll

O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe

O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe

O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\QQ\QQ.EXE

O9 - Extra 'Tools' menuitem: 乃癟QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\QQ\QQ.EXE

O9 - Extra button: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - C:\Program Files\Tencent\QQ\QQIEHelper.dll

O9 - Extra 'Tools' menuitem: QQ炫彩工具??置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - C:\Program Files\Tencent\QQ\QQIEHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {3AC7F64E-6154-47B0-82B5-764ED4077F77} (DataStorage Class) - http://txn.hkjc.com/BetSlip/object/HKJCSecKey.cab

O16 - DPF: {5EC7C511-CD0F-42E6-830C-1BD9882F3458} (PowerPlayer Control) - http://download.ppstream.com/bin/powerplayer.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {9ADACAA6-533E-4383-AFA7-F0A66650B6D8} (VqqSpeedDlProxy Class) - http://im.qq.com/vqqsdl1230.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab34246.cab

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\IVT BlueSoleil\BTNtService.exe

O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe

Share this post


Link to post
Share on other sites
Sign in to follow this