There's no such thing as a stupid question, but they're the easiest to answer.
JoinTour
Login
Search
 
Malware Removal & HijackThis Logs
Tag Cloud
audio bios blue screen boot bsod card computer connection crash dell desktop drivers email error excel firefox freeze freezing google hard drive hardware hijackthis install internet laptop linux malware network no sound outlook problem redirect router screen slow sound speakers spyware startup trojan usb video virus vista vundo windows windows 7 windows vista windows xp wireless
Search
Search for:
Tech Support Guy Forums > Security & Malware Removal > Malware Removal & HijackThis Logs >
Virus Changes Computer Date (New)

Tip: Click here to scan for System Errors and Optimize PC performance
[ Sponsored Link ]

Closed Thread
Page 1 of 2 1 2
 
Thread Tools
sl2kassa's Avatar
Junior Member with 13 posts.
  
Join Date: Oct 2007
Location: Beijing, China
Experience: Beginner
19-Dec-2007, 12:46 PM #1
Virus Changes Computer Date
Hi all,

my computer infected by a virus which changes the date back to year 2005.

please help.

thanks in advance

__________________________________________________________________________

Logfile of HijackThis v1.99.1
Scan saved at 1:40:08 AM, on 12/20/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\FixCamera.exe
C:\WINDOWS\tsnp325.exe
C:\WINDOWS\vsnp325.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\System32\svchost.exe
K:\Important Softwares\hijackthis\HijackThis.exe

F2 - REG:system.ini: Shell=explorer.exe "svchost.exe"
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ASocksrv] SocksA.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe
O4 - HKLM\..\Run: [tsnp325] C:\WINDOWS\tsnp325.exe
O4 - HKLM\..\Run: [snp325] C:\WINDOWS\vsnp325.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [WinSysM] C:\WINDOWS\273100M.exe
O4 - HKLM\..\Run: [LotusHlp] C:\WINDOWS\LotusHlp.exe
O4 - HKLM\..\Run: [WinSysW] C:\WINDOWS\273100L.exe
O4 - HKLM\..\Run: [Kvsc3] C:\WINDOWS\Kvsc3.exE
O4 - HKLM\..\Run: [AVPSrv] C:\WINDOWS\AVPSrv.exE
O4 - HKLM\..\Run: [mppds] C:\WINDOWS\mppds.exe
O4 - HKLM\..\Run: [DbgHlp32] C:\WINDOWS\DbgHlp32.exe
O4 - HKLM\..\Run: [MsPrint32D] C:\WINDOWS\MsPrint32D.exe
O4 - HKLM\..\Run: [cmdbcs] C:\WINDOWS\cmdbcs.exe
O4 - HKLM\..\Run: [upxdnd] C:\WINDOWS\upxdnd.exe
O4 - HKLM\..\Run: [msccrt] C:\WINDOWS\msccrt.exe
O4 - HKLM\..\Run: [MsIMMs32] C:\WINDOWS\MsIMMs32.exE
O4 - HKLM\..\Run: [NVDispDrv] C:\WINDOWS\NVDispDRV.EXE
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: Download All Files by HiDownload - C:\Program Files\HiDownload\HDGetAll.htm
O8 - Extra context menu item: Download by HiDownload - C:\Program Files\HiDownload\HDGet.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O9 - Extra button: HiDownload - {F4FBA929-A891-492C-A0F6-5C79CC4F1742} - C:\Program Files\HiDownload\hidownload.exe
O15 - Trusted Zone: http://www.facebook.com
O15 - Trusted Zone: http://by109w.bay109.mail.live.com
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} - http://www.lankadeepa.lk/wfplayer/tdserver.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by109fd.bay109.hotmail.msn.co...s/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsof...?1193409766843
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1193409734093
O16 - DPF: {8FEFF364-6A5F-4966-A917-A3AC28411659} (SopCore Control) - http://download.sopcast.com/download/SOPCORE.CAB
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://pcpitstop.com/mhLbl.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/...ampx_en_dl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7385856D-8B79-43ED-B686-7AFE34CF8E4D}: NameServer = 202.106.0.20 202.106.46.151
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: D:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1.0 \adialhk.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\System32\klogon.dll
O23 - Service: 40B9CB77 - Unknown owner - C:\WINDOWS\System32\280E6F14.EXE
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" -r (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: VideoAcceleratorEngine - Unknown owner - D:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe (file missing)
Register for free to hide this ad!
~Candy~'s Avatar
Former Administrator with 104,744 posts.
  
Join Date: Jan 2001
Experience: Advanced
19-Dec-2007, 12:56 PM #2
Is there any reason that you don't have Service Pack 2 installed for Windows XP?

Also, you never finished here:

http://forums.techguy.org/malware-re...re-attack.html


Is this the same computer?
sl2kassa's Avatar
Junior Member with 13 posts.
  
Join Date: Oct 2007
Location: Beijing, China
Experience: Beginner
19-Dec-2007, 08:46 PM #3
not the same computer
sorry this is not the same computer.

this is a Desktop computer and that one a Laptop. its my friend's. couldnt finish the previous thread because we had to reformatted the Laptop. (sorry couldnt inform it)

I dont have XP SP 2 for my this Desktop Computer.

plz help,
thanks

__________________________________________________________________________
~Candy~'s Avatar
Former Administrator with 104,744 posts.
  
Join Date: Jan 2001
Experience: Advanced
20-Dec-2007, 08:50 AM #4
The service packs are availabe via Windows Updates. Have you tried to install Service Pack 1? Hold off on Service Pack 2 for the time being.
sl2kassa's Avatar
Junior Member with 13 posts.
  
Join Date: Oct 2007
Location: Beijing, China
Experience: Beginner
21-Dec-2007, 09:10 AM #5
installed Win XP SP 2
Hi again,

thanks for the advice.
I downloaded and installed the Service Pack 2.

here is the new Hijackthis log. (so far computer date doesnt change)
but kaspersky indicates series of virus infection which can not delete!

thanks for your help!
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Logfile of HijackThis v1.99.1
Scan saved at 10:05:49 PM, on 12/21/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\msiexec.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\FixCamera.exe
C:\WINDOWS\tsnp325.exe
C:\WINDOWS\vsnp325.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\System32\ctfmon.exe
\?\C:\WINDOWS\system32\WBEM\WMIADAP.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Media Player\wmplayer.exe
K:\Important Softwares\hijackthis\HijackThis.exe

F2 - REG:system.ini: Shell=explorer.exe "svchost.exe"
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ASocksrv] SocksA.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe
O4 - HKLM\..\Run: [tsnp325] C:\WINDOWS\tsnp325.exe
O4 - HKLM\..\Run: [snp325] C:\WINDOWS\vsnp325.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WinSysM] C:\WINDOWS\273100M.exe
O4 - HKLM\..\Run: [WinSysW] C:\WINDOWS\273100L.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: Download All Files by HiDownload - C:\Program Files\HiDownload\HDGetAll.htm
O8 - Extra context menu item: Download by HiDownload - C:\Program Files\HiDownload\HDGet.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O9 - Extra button: HiDownload - {F4FBA929-A891-492C-A0F6-5C79CC4F1742} - C:\Program Files\HiDownload\hidownload.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.facebook.com
O15 - Trusted Zone: http://by109w.bay109.mail.live.com
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} - http://www.lankadeepa.lk/wfplayer/tdserver.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by109fd.bay109.hotmail.msn.co...s/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsof...?1193409766843
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1193409734093
O16 - DPF: {8FEFF364-6A5F-4966-A917-A3AC28411659} (SopCore Control) - http://download.sopcast.com/download/SOPCORE.CAB
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://pcpitstop.com/mhLbl.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/...ampx_en_dl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7385856D-8B79-43ED-B686-7AFE34CF8E4D}: NameServer = 202.106.0.20 202.106.46.151
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: D:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1.0 \adialhk.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\System32\klogon.dll
O23 - Service: 40B9CB77 - Unknown owner - C:\WINDOWS\system32\280E6F14.EXE
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" -r (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: VideoAcceleratorEngine - Unknown owner - D:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe (file missing)
~Candy~'s Avatar
Former Administrator with 104,744 posts.
  
Join Date: Jan 2001
Experience: Advanced
21-Dec-2007, 09:24 AM #6
Oops, I didn't want you to install SP2 yet, I guess I wasn't clear enough, was just asking why you didn't have it installed yet....but, it may be ok.

Let me see if I can find someone to check your log. This malware forum is quite busy, with only a limited number of folks who are qualified to assist, and that could take up to 2 days. So be patient.
sl2kassa's Avatar
Junior Member with 13 posts.
  
Join Date: Oct 2007
Location: Beijing, China
Experience: Beginner
21-Dec-2007, 10:08 AM #7
its ok!

computer works normally with SP2.
I can understand about the work load you guys have!

its ok, when you have a minute just check my log!

thanks in advance.
cheers
sl2kassa's Avatar
Junior Member with 13 posts.
  
Join Date: Oct 2007
Location: Beijing, China
Experience: Beginner
22-Dec-2007, 07:19 AM #8
Dear Tech Support Experts!

my situation getting worsen !
any expert, plz take a min to look in to my log.

thanks for ur help!
Cookiegal's Avatar
Administrator with 63,382 posts.
  
Join Date: Aug 2003
Location: Quebec, Canada
22-Dec-2007, 03:37 PM #9
Please close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix and make sure you are disconnected from the Internet after downloading the program and before scanning.
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix and remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Remember to re-enable the protection again afterwards before connecting to the Internet.

Download ComboFix and save it to your desktop.

**Note: In the event you already have ComboFix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Close any open browsers and make sure you are disconnected from the net. Unplug the cable if need be before running ComboFix.
  • WARNING: IF you have not already done so ComboFix will disconnect your machine from the Internet when it starts.
  • Please do not re-connect your machine back to the Internet until ComboFix has completely finished.
  • If there is no Internet connection when Combofix has completely finished then restart your computer to restore the connection.

Double-click on combofix.exe and follow the prompts. When finished, it will produce a report for you. Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.

**Note: Do not mouseclick comboFix's window while it's running. That may cause it to stall**
__________________
Microsoft MVP - Consumer Security
~Candy~'s Avatar
Former Administrator with 104,744 posts.
  
Join Date: Jan 2001
Experience: Advanced
22-Dec-2007, 05:34 PM #10
Thanks Karen

I just noticed HJT is out of date too..........
Cookiegal's Avatar
Administrator with 63,382 posts.
  
Join Date: Aug 2003
Location: Quebec, Canada
22-Dec-2007, 06:14 PM #11
Thanks Candy.

Please post your next HijackThis log from the latest version:

Click here to download HJTsetup.exe.
  • Save HJTsetup.exe to your desktop.
  • Double click on the HJTsetup.exe icon on your desktop.
  • By default it will install to C:\Program Files\Hijack This.
  • Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
  • Put a check by Create a desktop icon then click Next again.
  • Continue to follow the rest of the prompts from there.
  • At the final dialogue box click Finish and it will launch Hijack This.
  • Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.
  • Click Save to save the log file and then the log will open in notepad.
  • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.
__________________
Microsoft MVP - Consumer Security
sl2kassa's Avatar
Junior Member with 13 posts.
  
Join Date: Oct 2007
Location: Beijing, China
Experience: Beginner
22-Dec-2007, 09:11 PM #12
Thank you so much to Cookiegal & AcaCandy
Thank you so much to Cookiegal & AcaCandy,

I followed your instruction and did the scanning.

seems that Time changes matter is okey but my IE homepage turned in to a Spam Chinese site

here are the two logs.
thanks a lot again!!
cheers
============================================================
ComboFix 07-12-23.1 - Kass'n Kaths 2007-12-23 9:47:58.1 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.192 [GMT 8:00]
Running from: C:\Documents and Settings\Kass'n Kaths\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\auto.exe
C:\Autorun.inf
C:\Documents and Settings\All Users\Application Data.\microsoft\office\system\finder.dll
C:\Documents and Settings\All Users\Application Data.\microsoft\office\system\kXUidJeCex_3105
C:\Documents and Settings\All Users\Application Data.\microsoft\office\system\sysloader.exe
C:\Documents and Settings\All Users\Application Data.\microsoft\office\userdata\webbrowser_3105.dll
C:\Documents and Settings\All Users\Application Data.\microsoft\pctools
C:\Documents and Settings\All Users\Application Data.\microsoft\pctools\pctools.dll
C:\Documents and Settings\All Users\Application Data\microsoft\pctools\pctools.dll
C:\Program Files\ad4all
C:\Program Files\ad4all\Install.exe
C:\Program Files\ad4all\install.ini
C:\Program Files\ad4all\link1\eachlink.htm
C:\Program Files\ad4all\link1\eachlink.ico
C:\Program Files\ad4all\link1\ebaylink.ico
C:\Program Files\ad4all\link1\install.ini
C:\Program Files\ad4all\link1\Thumbs.db
C:\Program Files\Common Files\cpush
C:\Program Files\Common Files\cpush\cpush.dll
C:\Program Files\Common Files\cpush\Uninst.exe
C:\RECYCLER\winow.dll
C:\WINDOWS\KB611311.log
C:\WINDOWS\msprint32d.exe
C:\WINDOWS\NVDispDrv.exe
C:\WINDOWS\rising129.exe
C:\WINDOWS\rising275.exe
C:\WINDOWS\rising616.exe
C:\WINDOWS\rising708.exe
C:\WINDOWS\rising771.exe
C:\WINDOWS\rising793.exe
C:\WINDOWS\rising831.exe
C:\WINDOWS\system32\280E6F14.EXE
C:\WINDOWS\system32\avpsrv.dll
C:\WINDOWS\system32\cmdbcs.dll
C:\WINDOWS\system32\d3d1caps.srg
C:\WINDOWS\system32\DbgHlp32.dll
C:\WINDOWS\system32\dodolook591.exe
C:\WINDOWS\system32\drivers\acpidisk.sys
C:\WINDOWS\system32\k119808561411.exe
C:\WINDOWS\system32\k119808562016.exe
C:\WINDOWS\system32\k11981143907.exe
C:\WINDOWS\system32\k119811439611.exe
C:\WINDOWS\system32\k119811440315.exe
C:\WINDOWS\system32\k119811440416.exe
C:\WINDOWS\system32\k119819082611.exe
C:\WINDOWS\system32\k119819083216.exe
C:\WINDOWS\system32\k11982193051.exe
C:\WINDOWS\system32\k11982193062.exe
C:\WINDOWS\system32\k11982193084.exe
C:\WINDOWS\system32\k11982193137.exe
C:\WINDOWS\system32\k119821932511.exe
C:\WINDOWS\system32\k119821933216.exe
C:\WINDOWS\system32\k11982426245.exe
C:\WINDOWS\system32\k11982426277.exe
C:\WINDOWS\system32\k119824263211.exe
C:\WINDOWS\system32\k119824263715.exe
C:\WINDOWS\system32\k119824263816.exe
C:\WINDOWS\system32\k11982456371.exe
C:\WINDOWS\system32\k11982456393.exe
C:\WINDOWS\system32\k11982456487.exe
C:\WINDOWS\system32\k11982456508.exe
C:\WINDOWS\system32\k119824565311.exe
C:\WINDOWS\system32\k119824565512.exe
C:\WINDOWS\system32\k119824566016.exe
C:\WINDOWS\system32\k119829566511.exe
C:\WINDOWS\system32\k119829567216.exe
C:\WINDOWS\system32\k11983138212.exe
C:\WINDOWS\system32\k11983138233.exe
C:\WINDOWS\system32\k11983138255.exe
C:\WINDOWS\system32\k11983138307.exe
C:\WINDOWS\system32\k119831383511.exe
C:\WINDOWS\system32\k119831383612.exe
C:\WINDOWS\system32\k119831383814.exe
C:\WINDOWS\system32\k119831383915.exe
C:\WINDOWS\system32\k119831384116.exe
C:\WINDOWS\system32\k11983228443.exe
C:\WINDOWS\system32\k11983228454.exe
C:\WINDOWS\system32\k11983228465.exe
C:\WINDOWS\system32\k11983228497.exe
C:\WINDOWS\system32\k119832285411.exe
C:\WINDOWS\system32\k119832285915.exe
C:\WINDOWS\system32\k119832286016.exe
C:\WINDOWS\system32\k11983243772.exe
C:\WINDOWS\system32\k11983243783.exe
C:\WINDOWS\system32\k11983243804.exe
C:\WINDOWS\system32\k11983243815.exe
C:\WINDOWS\system32\k11983243826.exe
C:\WINDOWS\system32\k11983243837.exe
C:\WINDOWS\system32\k11983243869.exe
C:\WINDOWS\system32\k119832438710.exe
C:\WINDOWS\system32\k119832438811.exe
C:\WINDOWS\system32\k119832439315.exe
C:\WINDOWS\system32\k119832439416.exe
C:\WINDOWS\system32\kvsc3.dll
C:\WINDOWS\system32\LotusHlp.dll
C:\WINDOWS\system32\lyloader.exe
C:\WINDOWS\system32\lyloadmr.exe
C:\WINDOWS\system32\lymangr.dll
C:\WINDOWS\system32\mhsha1.dat
C:\WINDOWS\system32\mppds.dll
C:\WINDOWS\system32\mprmsgse.axz
C:\WINDOWS\system32\msccrt.dll
C:\WINDOWS\system32\mscpx32r.det
C:\WINDOWS\system32\msdeg32.dll
C:\WINDOWS\system32\msimms32.dll
C:\WINDOWS\system32\MsPrint32D.dll
C:\WINDOWS\system32\nvdispdrv.dll
C:\WINDOWS\system32\SHQ.DLL
C:\WINDOWS\system32\SHQMANGR.DLL
C:\WINDOWS\system32\svchost.dat
C:\WINDOWS\system32\upxdnd.dll
C:\WINDOWS\ufdata2000.log
G:\auto.exe
G:\Autorun.inf
H:\auto.exe
H:\Autorun.inf
I:\auto.exe
I:\Autorun.inf
C:\Documents and Settings\All Users\Application Data.\microsoft\office\userdata

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_ACPIDISK
-------\acpidisk


((((((((((((((((((((((((( Files Created from 2007-11-23 to 2007-12-23 )))))))))))))))))))))))))))))))
.

2007-12-23 09:45 . 2007-12-23 09:45 <DIR> d-------- C:\Program Files\Trend Micro
2007-12-23 00:19 . 2007-12-23 00:19 <DIR> d-------- C:\Documents and Settings\Kass'n Kaths\temp
2007-12-23 00:09 . 2007-12-23 00:09 <DIR> d-------- C:\WINDOWS\ERUNT
2007-12-22 21:34 . 2007-12-22 21:35 70,144 --a------ C:\WINDOWS\system32\Verify.exe
2007-12-21 21:53 . 2007-12-21 21:53 <DIR> d--hs---- C:\FOUND.007
2007-12-21 21:42 . 2004-08-04 00:56 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2007-12-21 21:40 . 2004-08-04 00:56 239,616 --------- C:\WINDOWS\system32\wstrenderer.ax
2007-12-21 21:40 . 2004-08-04 00:56 164,352 --------- C:\WINDOWS\system32\wstpager.ax
2007-12-21 21:40 . 2004-08-04 00:56 96,768 --------- C:\WINDOWS\system32\dllcache\dpcdll.dll
2007-12-21 21:40 . 2004-08-04 00:56 53,248 --------- C:\WINDOWS\system32\vbicodec.ax
2007-12-21 21:40 . 2004-08-03 23:08 40,832 --------- C:\WINDOWS\system32\drivers\irbus.sys
2007-12-21 21:40 . 2004-08-03 22:59 9,728 --------- C:\WINDOWS\system32\comsdupd.exe
2007-12-21 21:36 . 2007-12-21 21:36 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2007-12-21 21:32 . 2004-08-04 00:56 2,897,920 --------- C:\WINDOWS\system32\xpsp2res.dll
2007-12-21 21:28 . 2004-07-17 11:40 19,528 --a------ C:\WINDOWS\002490_.tmp
2007-12-21 21:20 . 2007-12-21 21:20 <DIR> d-------- C:\WINDOWS\EHome
2007-12-21 21:14 . 2007-12-21 21:14 2,446 --a------ C:\WINDOWS\system32\k11351706233.exe
2007-12-21 21:14 . 2007-12-21 21:14 1,823 --a------ C:\WINDOWS\system32\k11351706222.exe
2007-12-21 21:13 . 2007-12-21 21:14 2,082 --a------ C:\WINDOWS\system32\k11351706211.exe
2007-12-21 06:50 . 2007-12-21 06:50 2,594 --a------ C:\WINDOWS\system32\k11351188249.exe
2007-12-20 21:00 . 2007-12-20 22:00 2,450 --a------ C:\WINDOWS\system32\k113508335216.exe
2007-12-20 20:58 . 2007-12-20 20:58 42,801 --a------ C:\WINDOWS\system32\k113508334611.exe
2007-12-20 20:58 . 2007-12-20 20:58 17,166 --a------ C:\WINDOWS\system32\k11350833395.exe
2007-12-20 20:58 . 2007-12-20 20:58 16,891 --a------ C:\WINDOWS\system32\k11350833449.exe
2007-12-20 20:58 . 2007-12-20 20:58 16,828 --a------ C:\WINDOWS\system32\k11350833406.exe
2007-12-20 20:58 . 2007-12-20 20:58 15,418 --a------ C:\WINDOWS\system32\k11350833352.exe
2007-12-20 20:58 . 2007-12-20 20:58 15,360 --a------ C:\WINDOWS\system32\k11350833341.exe
2007-12-20 20:58 . 2007-12-20 20:58 15,158 --a------ C:\WINDOWS\system32\k113508335014.exe
2007-12-20 01:37 . 2007-12-22 20:00 44,337 --a------ C:\WINDOWS\273100WL.DLL
2007-12-20 01:36 . 2005-12-22 21:57 52,300 --ahs---- C:\WINDOWS\273100MM.DLL
2007-12-20 01:29 . 2007-12-20 01:29 28,672 --a------ C:\WINDOWS\system32\akcjzj.dll
2007-12-20 01:28 . 2007-12-20 01:28 <DIR> d--hs---- C:\FOUND.006
2007-12-20 01:23 . 2007-12-20 01:23 <DIR> d-------- C:\Program Files\Kaspersky Lab
2007-12-20 01:21 . 2007-12-20 01:24 82,258 --a------ C:\WINDOWS\system32\drivers\klin.dat
2007-12-20 01:21 . 2007-12-20 01:24 82,258 --a------ C:\WINDOWS\system32\drivers\klick.dat
2007-12-20 01:20 . 2007-12-23 00:18 26,624 --a------ C:\WINDOWS\system32\PTSShell.dll
2007-12-20 01:09 . 2007-12-20 01:09 <DIR> d--hs---- C:\FOUND.005
2007-12-20 00:58 . 2007-12-20 00:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2007-12-20 00:29 . 2007-12-20 00:29 <DIR> d--hs---- C:\FOUND.004
2007-12-20 00:02 . 2007-12-20 00:02 <DIR> d--hs---- C:\FOUND.003
2007-12-02 16:41 . 2007-12-02 16:41 <DIR> d-------- C:\Program Files\SopCast
2007-12-02 16:41 . 2007-12-02 16:41 <DIR> d-------- C:\Documents and Settings\Kass'n Kaths\Application Data\SopCast
2007-12-01 21:35 . 2007-12-01 21:35 <DIR> d-------- C:\Program Files\Common Files\xing shared
2007-11-30 22:24 . 2007-11-30 22:24 <DIR> d-------- C:\Documents and Settings\Kass'n Kaths\Application Data\Yahoo!
2007-11-30 22:15 . 2007-11-30 22:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\yahoo!
2007-11-30 21:58 . 2007-11-30 21:58 <DIR> d-------- C:\Program Files\Yahoo!
2007-11-30 01:02 . 2007-12-22 18:34 10 --a------ C:\WINDOWS\popcinfo.dat
2007-11-30 00:47 . 2007-11-30 00:47 <DIR> d-------- C:\Program Files\GameHouse
2007-11-26 11:58 . 2007-11-26 11:58 <DIR> d-------- C:\WINDOWS\LogFiles
2007-11-24 19:27 . 2004-08-03 23:10 48,128 --a------ C:\WINDOWS\system32\drivers\61883.sys
2007-11-24 19:27 . 2004-08-03 23:10 38,912 --a------ C:\WINDOWS\system32\drivers\avc.sys
2007-11-23 14:37 . 2005-08-06 19:27 <DIR> d-------- C:\Program Files\AviSynth 2.5
2007-11-23 14:37 . 2004-02-22 10:11 719,872 --a------ C:\WINDOWS\system32\devil.dll
2007-11-23 14:37 . 2006-10-07 17:43 502,784 --a------ C:\WINDOWS\x2.64.exe
2007-11-23 14:37 . 2007-05-14 15:24 394,240 --a------ C:\WINDOWS\system32\Smab.dll
2007-11-23 14:37 . 2007-05-17 17:30 318,976 --a------ C:\WINDOWS\system32\avisynth.dll
2007-11-23 14:37 . 2005-02-28 13:16 240,128 --a------ C:\WINDOWS\system32\x.264.exe
2007-11-23 14:37 . 2006-04-12 09:47 217,073 --a------ C:\WINDOWS\meta4.exe
2007-11-23 14:37 . 2004-01-25 00:00 70,656 --a------ C:\WINDOWS\system32\yv12vfw.dll
2007-11-23 14:37 . 2004-01-25 00:00 70,656 --a------ C:\WINDOWS\system32\i420vfw.dll
2007-11-23 14:37 . 2006-04-05 08:09 66,560 --a------ C:\WINDOWS\MOTA113.exe
2007-11-23 14:37 . 2005-07-14 12:31 27,648 --a------ C:\WINDOWS\system32\AVSredirect.dll
2007-11-23 14:35 . 2007-11-23 14:35 <DIR> d-------- C:\Program Files\eRightSoft
2007-11-23 13:16 . 2007-11-23 13:16 <DIR> d--hs---- C:\FOUND.002
2007-11-23 12:11 . 2007-11-23 12:11 <DIR> d--hs---- C:\FOUND.001

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-23 01:53 45,056 ----a-w C:\WINDOWS\system32\90D9B6D7.DLL
2007-12-23 01:52 8,736 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2007-12-23 01:52 8,012 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2007-12-23 01:52 483,328 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2007-12-23 01:52 1,868 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2007-12-22 16:18 127,488 ----a-w C:\WINDOWS\system32\SSLDyn.dll
2007-12-22 13:35 19,171 ----a-w C:\WINDOWS\system32\dllcache\svchost.exe
2007-12-01 13:24 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2007-12-01 13:24 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2007-11-16 13:25 --------- d-----w C:\Program Files\uTorrent
2007-11-16 13:25 --------- d-----w C:\Documents and Settings\Kass'n Kaths\Application Data\uTorrent
2007-11-14 15:11 --------- d-----w C:\Program Files\VeryPDF PDF2Word v3.0
2007-11-10 03:17 74,752 ----a-w C:\WINDOWS\cadkasdeinst01e.exe
2007-11-10 03:17 --------- d-----w C:\Program Files\PDF Editor 2
2007-11-10 03:06 --------- d-----w C:\Program Files\GPLGS
2007-11-06 02:58 --------- d-----w C:\Program Files\Common Files\Skype
2007-10-27 14:17 --------- d-----w C:\Program Files\Windows Media Components
2007-10-27 14:04 --------- d-----w C:\Program Files\TVUBroadcaster
2007-09-25 15:47 50,688 ----a-w C:\WINDOWS\system32\wbhelp2.dll
2006-05-03 09:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
2007-02-21 10:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56]
"PictureShow"="C:\Program Files\PictureShow\poco_tools.exe" [2007-11-01 19:38]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2003-06-10 19:12 C:\WINDOWS\SOUNDMAN.EXE]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-03 22:32]
"MSPY2002"="C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe" [2002-08-29 20:00]
"PHIME2002ASync"="C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe" [2002-08-29 20:00]
"PHIME2002A"="C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe" [2002-08-29 20:00]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 11:09]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51]
"FixCamera"="C:\WINDOWS\FixCamera.exe" [2007-01-30 17:50]
"tsnp325"="C:\WINDOWS\tsnp325.exe" [2006-10-10 15:49]
"snp325"="C:\WINDOWS\vsnp325.exe" [2006-10-10 14:11]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50]
"WinSysW"="C:\WINDOWS\273100L.exe" []
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [2007-06-28 12:51]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-10-16 22:39:49]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=D:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll,C:\PROGRA~1\KASP ER~1\KASPER~1.0\adialhk.dll

R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-04-04 14:58]
R3 SNP325;USB PC Camera (SNPSTD325);C:\WINDOWS\system32\DRIVERS\snp325.sys [2007-01-27 09:56]
S2 40B9CB77;40B9CB77;C:\WINDOWS\system32\280E6F14.EXE -k []
S2 6DEB4996;6DEB4996;C:\WINDOWS\system32\3A9F0278.EXE -g []
S2 sysloader;System Event loader;"C:\Documents and Settings\All Users\Application Data\Microsoft\Office\SYSTEM\sysloader.exe" []
S2 Yiqilai;一起来音乐助手;"C:\Program Files\Yiqilai\wmp\YiqilaiLyrics.exe" [2007-10-18 10:15]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountp oints2\C]
\Shell\Auto\command - C:\auto.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL auto.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountp oints2\G]
\Shell\Auto\command - G:\auto.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL auto.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountp oints2\H]
\Shell\Auto\command - H:\auto.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL auto.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountp oints2\I]
\Shell\Auto\command - I:\auto.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL auto.exe

.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-23 09:54:07
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-23 9:55:29 - machine was rebooted
==========================================================
==========================================================
==========================================================
==========================================================
==========================================================

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:56:39 AM, on 12/23/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\FixCamera.exe
C:\WINDOWS\tsnp325.exe
C:\WINDOWS\vsnp325.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\PictureShow\poco_tools.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.zhaodao123.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe
O4 - HKLM\..\Run: [tsnp325] C:\WINDOWS\tsnp325.exe
O4 - HKLM\..\Run: [snp325] C:\WINDOWS\vsnp325.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WinSysW] C:\WINDOWS\273100L.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PictureShow] "C:\Program Files\PictureShow\poco_tools.exe" -p PictureShow
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: Download All Files by HiDownload - C:\Program Files\HiDownload\HDGetAll.htm
O8 - Extra context menu item: Download by HiDownload - C:\Program Files\HiDownload\HDGet.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: 一起来音乐社区 - {7DBC6ADB-5788-4FB9-AEC3-B40A58AC11DF} - http://www.yiqilai.com (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: HiDownload - {F4FBA929-A891-492C-A0F6-5C79CC4F1742} - C:\Program Files\HiDownload\hidownload.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: 易趣购物 - {FFB2385E-E812-4091-8C12-2370DC67F769} - http://www.eachnet.com/specials/digi...000_soft0_digi (file missing)
O15 - Trusted Zone: http://www.facebook.com
O15 - Trusted Zone: http://by109w.bay109.mail.live.com
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} - http://www.lankadeepa.lk/wfplayer/tdserver.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by109fd.bay109.hotmail.msn.co...s/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsof...?1193409766843
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1193409734093
O16 - DPF: {8FEFF364-6A5F-4966-A917-A3AC28411659} (SopCore Control) - http://download.sopcast.com/download/SOPCORE.CAB
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://pcpitstop.com/mhLbl.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/...ampx_en_dl.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: D:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1.0 \adialhk.dll
O23 - Service: 40B9CB77 - Unknown owner - C:\WINDOWS\system32\280E6F14.EXE (file missing)
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: System Event loader (sysloader) - Unknown owner - C:\Documents and Settings\All Users\Application Data\Microsoft\Office\SYSTEM\sysloader.exe (file missing)
O23 - Service: VideoAcceleratorEngine - Unknown owner - D:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe (file missing)
O23 - Service: 一起来音乐助手 (Yiqilai) - Yiqilai - C:\Program Files\Yiqilai\wmp\YiqilaiLyrics.exe

--
End of file - 8812 bytes
Cookiegal's Avatar
Administrator with 63,382 posts.
  
Join Date: Aug 2003
Location: Quebec, Canada
23-Dec-2007, 08:17 AM #13
Open Notepad and copy and paste the text in the quote box below into it:

Quote:
File::
C:\WINDOWS\002490_.tmp
C:\WINDOWS\system32\k11351706233.exe
C:\WINDOWS\system32\k11351706222.exe
C:\WINDOWS\system32\k11351706211.exe
C:\WINDOWS\system32\k11351188249.exe
C:\WINDOWS\system32\k113508335216.exe
C:\WINDOWS\system32\k113508334611.exe
C:\WINDOWS\system32\k11350833395.exe
C:\WINDOWS\system32\k11350833449.exe
C:\WINDOWS\system32\k11350833406.exe
C:\WINDOWS\system32\k11350833352.exe
C:\WINDOWS\system32\k11350833341.exe
C:\WINDOWS\system32\k113508335014.exe
C:\WINDOWS\273100WL.DLL
C:\WINDOWS\273100MM.DLL
C:\WINDOWS\system32\akcjzj.dll
C:\WINDOWS\system32\PTSShell.dll
C:\WINDOWS\system32\SSLDyn.dll
C:\WINDOWS\system32\90D9B6D7.DLL

Folder::
C:\Program Files\Yiqilai

Driver::
40B9CB77
6DEB4996
sysloader
Yiqilai

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinSysW"=-
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\C]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I]
Save the file to your desktop and name it CFScript.txt

Then drag the CFScript.txt into the ComboFix.exe as shown in the screenshot below.



This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply together with a new HijackThis log.
__________________
Microsoft MVP - Consumer Security
Cookiegal's Avatar
Administrator with 63,382 posts.
  
Join Date: Aug 2003
Location: Quebec, Canada
23-Dec-2007, 08:19 AM #14
Are you G, H and I drives external/flash drives?

If so do the following:

Download Flash_Disinfector.exe by sUBs from here and save it to your desktop.
  • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
  • The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
  • Wait until it has finished scanning and then exit the program.
  • Reboot your computer when done.
Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder...it will help protect your drives from future infection.
__________________
Microsoft MVP - Consumer Security
sl2kassa's Avatar
Junior Member with 13 posts.
  
Join Date: Oct 2007
Location: Beijing, China
Experience: Beginner
23-Dec-2007, 09:30 AM #15
thanks Cookiegal
Dear Cookiegal,

thanks for your help/time.

I did the 2nd ComboFix scan & Flash scan.
herewith posting the two log files.
(plz note my IE homepage is still hacked by a Chinese Spam website)

thanks a lot again!!
cheers
-----------------------------------------------------------------------------------------------------------------------

ComboFix 07-12-23.1 - Kass'n Kaths 2007-12-23 22:00:13.2 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.186 [GMT 8:00]
Running from: C:\Documents and Settings\Kass'n Kaths\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Kass'n Kaths\Desktop\CFScript.txt
* Created a new restore point

FILE
C:\WINDOWS\002490_.tmp
C:\WINDOWS\273100MM.DLL
C:\WINDOWS\273100WL.DLL
C:\WINDOWS\system32\90D9B6D7.DLL
C:\WINDOWS\system32\akcjzj.dll
C:\WINDOWS\system32\k11350833341.exe
C:\WINDOWS\system32\k11350833352.exe
C:\WINDOWS\system32\k11350833395.exe
C:\WINDOWS\system32\k11350833406.exe
C:\WINDOWS\system32\k11350833449.exe
C:\WINDOWS\system32\k113508334611.exe
C:\WINDOWS\system32\k113508335014.exe
C:\WINDOWS\system32\k113508335216.exe
C:\WINDOWS\system32\k11351188249.exe
C:\WINDOWS\system32\k11351706211.exe
C:\WINDOWS\system32\k11351706222.exe
C:\WINDOWS\system32\k11351706233.exe
C:\WINDOWS\system32\PTSShell.dll
C:\WINDOWS\system32\SSLDyn.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\Yiqilai
C:\Program Files\Yiqilai\wmp\_keepfile
C:\Program Files\Yiqilai\wmp\icon2.ico
C:\Program Files\Yiqilai\wmp\YiqilaiLyrics.exe
C:\WINDOWS\002490_.tmp
C:\WINDOWS\273100MM.DLL
C:\WINDOWS\273100WL.DLL
C:\WINDOWS\system32\_000008_.tmp.dll
C:\WINDOWS\system32\_000009_.tmp.dll
C:\WINDOWS\system32\_000010_.tmp.dll
C:\WINDOWS\system32\_000011_.tmp.dll
C:\WINDOWS\system32\90D9B6D7.DLL
C:\WINDOWS\system32\akcjzj.dll
C:\WINDOWS\system32\k11350833341.exe
C:\WINDOWS\system32\k11350833352.exe
C:\WINDOWS\system32\k11350833395.exe
C:\WINDOWS\system32\k11350833406.exe
C:\WINDOWS\system32\k11350833449.exe
C:\WINDOWS\system32\k113508334611.exe
C:\WINDOWS\system32\k113508335014.exe
C:\WINDOWS\system32\k113508335216.exe
C:\WINDOWS\system32\k11351188249.exe
C:\WINDOWS\system32\k11351706211.exe
C:\WINDOWS\system32\k11351706222.exe
C:\WINDOWS\system32\k11351706233.exe
C:\WINDOWS\system32\PTSShell.dll
C:\WINDOWS\system32\SSLDyn.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_40B9CB77
-------\LEGACY_6DEB4996
-------\LEGACY_SYSLOADER
-------\LEGACY_YIQILAI
-------\40B9CB77
-------\6DEB4996
-------\sysloader
-------\Yiqilai


((((((((((((((((((((((((( Files Created from 2007-11-23 to 2007-12-23 )))))))))))))))))))))))))))))))
.

2007-12-23 20:38 . 2007-12-23 20:38 <DIR> d-------- C:\Program Files\Sinhala Kit
2007-12-23 20:38 . 1998-06-18 00:00 89,360 --a------ C:\WINDOWS\system32\VB5DB.DLL
2007-12-23 10:00 . 2007-12-23 10:00 <DIR> d--hs---- C:\FOUND.010
2007-12-23 09:45 . 2007-12-23 09:45 <DIR> d-------- C:\Program Files\Trend Micro
2007-12-23 00:19 . 2007-12-23 00:19 <DIR> d-------- C:\Documents and Settings\Kass'n Kaths\temp
2007-12-23 00:09 . 2007-12-23 00:09 <DIR> d-------- C:\WINDOWS\ERUNT
2007-12-22 21:34 . 2007-12-22 21:35 70,144 --a------ C:\WINDOWS\system32\Verify.exe
2007-12-21 21:53 . 2007-12-21 21:53 <DIR> d--hs---- C:\FOUND.007
2007-12-21 21:42 . 2004-08-04 00:56 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2007-12-21 21:40 . 2004-08-04 00:56 239,616 --------- C:\WINDOWS\system32\wstrenderer.ax
2007-12-21 21:40 . 2004-08-04 00:56 164,352 --------- C:\WINDOWS\system32\wstpager.ax
2007-12-21 21:40 . 2004-08-04 00:56 96,768 --------- C:\WINDOWS\system32\dllcache\dpcdll.dll
2007-12-21 21:40 . 2004-08-04 00:56 53,248 --------- C:\WINDOWS\system32\vbicodec.ax
2007-12-21 21:40 . 2004-08-03 23:08 40,832 --------- C:\WINDOWS\system32\drivers\irbus.sys
2007-12-21 21:40 . 2004-08-03 22:59 9,728 --------- C:\WINDOWS\system32\comsdupd.exe
2007-12-21 21:37 . 2004-08-04 00:56 93,184 --a------ C:\WINDOWS\system32\dllcache\iexplore.exe
2007-12-21 21:36 . 2007-12-21 21:36 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2007-12-21 21:32 . 2004-08-04 00:56 2,897,920 --------- C:\WINDOWS\system32\xpsp2res.dll
2007-12-21 21:20 . 2007-12-21 21:20 <DIR> d-------- C:\WINDOWS\EHome
2007-12-20 01:28 . 2007-12-20 01:28 <DIR> d--hs---- C:\FOUND.006
2007-12-20 01:23 . 2007-12-20 01:23 <DIR> d-------- C:\Program Files\Kaspersky Lab
2007-12-20 01:21 . 2007-12-20 01:24 82,258 --a------ C:\WINDOWS\system32\drivers\klin.dat
2007-12-20 01:21 . 2007-12-20 01:24 82,258 --a------ C:\WINDOWS\system32\drivers\klick.dat
2007-12-20 01:09 . 2007-12-20 01:09 <DIR> d--hs---- C:\FOUND.005
2007-12-20 00:58 . 2007-12-20 00:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2007-12-20 00:29 . 2007-12-20 00:29 <DIR> d--hs---- C:\FOUND.004
2007-12-20 00:02 . 2007-12-20 00:02 <DIR> d--hs---- C:\FOUND.003
2007-12-02 16:41 . 2007-12-02 16:41 <DIR> d-------- C:\Program Files\SopCast
2007-12-02 16:41 . 2007-12-02 16:41 <DIR> d-------- C:\Documents and Settings\Kass'n Kaths\Application Data\SopCast
2007-12-01 21:35 . 2007-12-01 21:35 <DIR> d-------- C:\Program Files\Common Files\xing shared
2007-11-30 22:24 . 2007-11-30 22:24 <DIR> d-------- C:\Documents and Settings\Kass'n Kaths\Application Data\Yahoo!
2007-11-30 22:15 . 2007-11-30 22:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\yahoo!
2007-11-30 21:58 . 2007-11-30 21:58 <DIR> d-------- C:\Program Files\Yahoo!
2007-11-30 01:02 . 2007-12-23 20:23 10 --a------ C:\WINDOWS\popcinfo.dat
2007-11-30 00:47 . 2007-11-30 00:47 <DIR> d-------- C:\Program Files\GameHouse
2007-11-26 11:58 . 2007-11-26 11:58 <DIR> d-------- C:\WINDOWS\LogFiles
2007-11-24 19:27 . 2004-08-03 23:10 48,128 --a------ C:\WINDOWS\system32\drivers\61883.sys
2007-11-24 19:27 . 2004-08-03 23:10 38,912 --a------ C:\WINDOWS\system32\drivers\avc.sys
2007-11-23 14:37 . 2005-08-06 19:27 <DIR> d-------- C:\Program Files\AviSynth 2.5
2007-11-23 14:37 . 2004-02-22 10:11 719,872 --a------ C:\WINDOWS\system32\devil.dll
2007-11-23 14:37 . 2006-10-07 17:43 502,784 --a------ C:\WINDOWS\x2.64.exe
2007-11-23 14:37 . 2007-05-14 15:24 394,240 --a------ C:\WINDOWS\system32\Smab.dll
2007-11-23 14:37 . 2007-05-17 17:30 318,976 --a------ C:\WINDOWS\system32\avisynth.dll
2007-11-23 14:37 . 2005-02-28 13:16 240,128 --a------ C:\WINDOWS\system32\x.264.exe
2007-11-23 14:37 . 2006-04-12 09:47 217,073 --a------ C:\WINDOWS\meta4.exe
2007-11-23 14:37 . 2004-01-25 00:00 70,656 --a------ C:\WINDOWS\system32\yv12vfw.dll
2007-11-23 14:37 . 2004-01-25 00:00 70,656 --a------ C:\WINDOWS\system32\i420vfw.dll
2007-11-23 14:37 . 2006-04-05 08:09 66,560 --a------ C:\WINDOWS\MOTA113.exe
2007-11-23 14:37 . 2005-07-14 12:31 27,648 --a------ C:\WINDOWS\system32\AVSredirect.dll
2007-11-23 14:35 . 2007-11-23 14:35 <DIR> d-------- C:\Program Files\eRightSoft
2007-11-23 13:16 . 2007-11-23 13:16 <DIR> d--hs---- C:\FOUND.002
2007-11-23 12:11 . 2007-11-23 12:11 <DIR> d--hs---- C:\FOUND.001

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-23 04:18 8,992 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2007-12-23 04:18 8,036 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2007-12-23 04:18 483,328 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2007-12-23 04:18 1,892 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2007-12-22 13:35 19,171 ----a-w C:\WINDOWS\system32\dllcache\svchost.exe
2007-12-01 13:24 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2007-12-01 13:24 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2007-11-16 13:25 --------- d-----w C:\Program Files\uTorrent
2007-11-16 13:25 --------- d-----w C:\Documents and Settings\Kass'n Kaths\Application Data\uTorrent
2007-11-14 15:11 --------- d-----w C:\Program Files\VeryPDF PDF2Word v3.0
2007-11-10 03:17 74,752 ----a-w C:\WINDOWS\cadkasdeinst01e.exe
2007-11-10 03:17 --------- d-----w C:\Program Files\PDF Editor 2
2007-11-10 03:06 --------- d-----w C:\Program Files\GPLGS
2007-11-06 02:58 --------- d-----w C:\Program Files\Common Files\Skype
2007-10-27 14:17 --------- d-----w C:\Program Files\Windows Media Components
2007-10-27 14:04 --------- d-----w C:\Program Files\TVUBroadcaster
2007-09-25 15:47 50,688 ----a-w C:\WINDOWS\system32\wbhelp2.dll
2006-05-03 09:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
2007-02-21 10:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll
.

((((((((((((((((((((((((((((( snapshot@2007-12-23_ 9.54.35.95 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-12-23 01:26:46 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2007-12-23 14:07:52 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2007-12-23 01:26:46 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2007-12-23 14:07:52 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2007-12-23 01:26:46 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2007-12-23 14:07:52 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2005-01-11 07:58:30 5,632 ------w C:\WINDOWS\system32\dllcache\kbdsn1.dll
+ 2005-01-11 07:58:30 6,656 ------w C:\WINDOWS\system32\dllcache\kbdsw09.dll
- 2007-12-21 13:53:22 265,416 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2007-12-23 14:07:20 266,208 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2005-01-11 07:58:30 5,632 ------w C:\WINDOWS\system32\kbdsn1.dll
+ 2005-01-11 07:58:30 6,656 ------w C:\WINDOWS\system32\kbdsw09.dll
- 2004-08-03 16:56:48 406,528 ----a-w C:\WINDOWS\system32\usp10.dll
+ 2005-01-07 09:02:40 438,784 ----a-w C:\WINDOWS\system32\usp10.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56]
"PictureShow"="C:\Program Files\PictureShow\poco_tools.exe" [2007-11-01 19:38]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2003-06-10 19:12 C:\WINDOWS\SOUNDMAN.EXE]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-03 22:32]
"MSPY2002"="C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe" [2002-08-29 20:00]
"PHIME2002ASync"="C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe" [2002-08-29 20:00]
"PHIME2002A"="C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe" [2002-08-29 20:00]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 11:09]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51]
"FixCamera"="C:\WINDOWS\FixCamera.exe" [2007-01-30 17:50]
"tsnp325"="C:\WINDOWS\tsnp325.exe" [2006-10-10 15:49]
"snp325"="C:\WINDOWS\vsnp325.exe" [2006-10-10 14:11]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [2007-06-28 12:51]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-10-16 22:39:49]
Sinhala Kit.lnk - C:\Program Files\Sinhala Kit\SinhalaKit.exe [2007-12-23 20:38:54]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=D:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll,C:\PROGRA~1\KASP ER~1\KASPER~1.0\adialhk.dll

R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-04-04 14:58]
S3 SNP325;USB PC Camera (SNPSTD325);C:\WINDOWS\system32\DRIVERS\snp325.sys [2007-01-27 09:56]

.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-23 22:09:16
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-23 22:10:24 - machine was rebooted
C:\ComboFix2.txt ... 2007-12-23 09:55


||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||| ||||||||||||||||||||||||

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:16:13 PM, on 12/23/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\WINDOWS\FixCamera.exe
C:\WINDOWS\tsnp325.exe
C:\WINDOWS\vsnp325.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\PictureShow\poco_tools.exe
C:\Program Files\Sinhala Kit\SinhalaKit.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.zhaodao123.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 139.223.199.194:8080
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe
O4 - HKLM\..\Run: [tsnp325] C:\WINDOWS\tsnp325.exe
O4 - HKLM\..\Run: [snp325] C:\WINDOWS\vsnp325.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PictureShow] "C:\Program Files\PictureShow\poco_tools.exe" -p PictureShow
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Sinhala Kit.lnk = C:\Program Files\Sinhala Kit\SinhalaKit.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: Download All Files by HiDownload - C:\Program Files\HiDownload\HDGetAll.htm
O8 - Extra context menu item: Download by HiDownload - C:\Program Files\HiDownload\HDGet.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: 一起来音乐社区 - {7DBC6ADB-5788-4FB9-AEC3-B40A58AC11DF} - http://www.yiqilai.com (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: HiDownload - {F4FBA929-A891-492C-A0F6-5C79CC4F1742} - C:\Program Files\HiDownload\hidownload.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.facebook.com
O15 - Trusted Zone: http://by109w.bay109.mail.live.com
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} - http://www.lankadeepa.lk/wfplayer/tdserver.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by109fd.bay109.hotmail.msn.co...s/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsof...?1193409766843
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1193409734093
O16 - DPF: {8FEFF364-6A5F-4966-A917-A3AC28411659} (SopCore Control) - http://download.sopcast.com/download/SOPCORE.CAB
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://pcpitstop.com/mhLbl.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/...ampx_en_dl.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: D:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1.0 \adialhk.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: VideoAcceleratorEngine - Unknown owner - D:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe (file missing)

--
End of file - 8353 bytes
Closed Thread Bookmark and Share
Page 1 of 2 1 2

THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Smart Search

Find your solution!

« Previous Thread | Malware Removal & HijackThis Logs | Next Thread »

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
WELCOME TO TECH SUPPORT GUY! Are you looking for the solution to your computer problem? Join our site today to ask your question -- for free! Our site is run completely by volunteers who want to help you solve your computer problems. See our Welcome Guide to get started.

Thread Tools


Twitter Twitter! | Podcast | Mobile | Advertise
Contact Us - HelpOnThe.Net - Archive - Terms of Service - Top
You Are Using:
Server ID
Advertisements do not imply our endorsement of that product or service.
All times are GMT -5. The time now is 01:50 PM.
Copyright © 1996 - 2009 TechGuy, Inc. All rights reserved.
Powered by vBulletin, Copyright © 2000 - 2009, Jelsoft Enterprises Ltd.
 Powered by Cermak Technologies, Inc.