Login 
 Search | |
| |
19-Dec-2007, 01:46 PM
#1 | |||||
| Virus Changes Computer Date |
| |
22-Dec-2007, 07:14 PM
#11 | |||||
| Thanks Candy.  Please post your next HijackThis log from the latest version: Click here to download HJTsetup.exe.
__________________ Microsoft MVP - Consumer Security |
22-Dec-2007, 10:11 PM
#12 | |||||
| Thank you so much to Cookiegal & AcaCandy Thank you so much to Cookiegal & AcaCandy, I followed your instruction and did the scanning. seems that Time changes matter is okey  but my IE homepage turned in to a Spam Chinese site  here are the two logs. thanks a lot again!! cheers ============================================================ ComboFix 07-12-23.1 - Kass'n Kaths 2007-12-23 9:47:58.1 - FAT32x86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.192 [GMT 8:00] Running from: C:\Documents and Settings\Kass'n Kaths\Desktop\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\auto.exe C:\Autorun.inf C:\Documents and Settings\All Users\Application Data.\microsoft\office\system\finder.dll C:\Documents and Settings\All Users\Application Data.\microsoft\office\system\kXUidJeCex_3105 C:\Documents and Settings\All Users\Application Data.\microsoft\office\system\sysloader.exe C:\Documents and Settings\All Users\Application Data.\microsoft\office\userdata\webbrowser_3105.dll C:\Documents and Settings\All Users\Application Data.\microsoft\pctools C:\Documents and Settings\All Users\Application Data.\microsoft\pctools\pctools.dll C:\Documents and Settings\All Users\Application Data\microsoft\pctools\pctools.dll C:\Program Files\ad4all C:\Program Files\ad4all\Install.exe C:\Program Files\ad4all\install.ini C:\Program Files\ad4all\link1\eachlink.htm C:\Program Files\ad4all\link1\eachlink.ico C:\Program Files\ad4all\link1\ebaylink.ico C:\Program Files\ad4all\link1\install.ini C:\Program Files\ad4all\link1\Thumbs.db C:\Program Files\Common Files\cpush C:\Program Files\Common Files\cpush\cpush.dll C:\Program Files\Common Files\cpush\Uninst.exe C:\RECYCLER\winow.dll C:\WINDOWS\KB611311.log C:\WINDOWS\msprint32d.exe C:\WINDOWS\NVDispDrv.exe C:\WINDOWS\rising129.exe C:\WINDOWS\rising275.exe C:\WINDOWS\rising616.exe C:\WINDOWS\rising708.exe C:\WINDOWS\rising771.exe C:\WINDOWS\rising793.exe C:\WINDOWS\rising831.exe C:\WINDOWS\system32\280E6F14.EXE C:\WINDOWS\system32\avpsrv.dll C:\WINDOWS\system32\cmdbcs.dll C:\WINDOWS\system32\d3d1caps.srg C:\WINDOWS\system32\DbgHlp32.dll C:\WINDOWS\system32\dodolook591.exe C:\WINDOWS\system32\drivers\acpidisk.sys C:\WINDOWS\system32\k119808561411.exe C:\WINDOWS\system32\k119808562016.exe C:\WINDOWS\system32\k11981143907.exe C:\WINDOWS\system32\k119811439611.exe C:\WINDOWS\system32\k119811440315.exe C:\WINDOWS\system32\k119811440416.exe C:\WINDOWS\system32\k119819082611.exe C:\WINDOWS\system32\k119819083216.exe C:\WINDOWS\system32\k11982193051.exe C:\WINDOWS\system32\k11982193062.exe C:\WINDOWS\system32\k11982193084.exe C:\WINDOWS\system32\k11982193137.exe C:\WINDOWS\system32\k119821932511.exe C:\WINDOWS\system32\k119821933216.exe C:\WINDOWS\system32\k11982426245.exe C:\WINDOWS\system32\k11982426277.exe C:\WINDOWS\system32\k119824263211.exe C:\WINDOWS\system32\k119824263715.exe C:\WINDOWS\system32\k119824263816.exe C:\WINDOWS\system32\k11982456371.exe C:\WINDOWS\system32\k11982456393.exe C:\WINDOWS\system32\k11982456487.exe C:\WINDOWS\system32\k11982456508.exe C:\WINDOWS\system32\k119824565311.exe C:\WINDOWS\system32\k119824565512.exe C:\WINDOWS\system32\k119824566016.exe C:\WINDOWS\system32\k119829566511.exe C:\WINDOWS\system32\k119829567216.exe C:\WINDOWS\system32\k11983138212.exe C:\WINDOWS\system32\k11983138233.exe C:\WINDOWS\system32\k11983138255.exe C:\WINDOWS\system32\k11983138307.exe C:\WINDOWS\system32\k119831383511.exe C:\WINDOWS\system32\k119831383612.exe C:\WINDOWS\system32\k119831383814.exe C:\WINDOWS\system32\k119831383915.exe C:\WINDOWS\system32\k119831384116.exe C:\WINDOWS\system32\k11983228443.exe C:\WINDOWS\system32\k11983228454.exe C:\WINDOWS\system32\k11983228465.exe C:\WINDOWS\system32\k11983228497.exe C:\WINDOWS\system32\k119832285411.exe C:\WINDOWS\system32\k119832285915.exe C:\WINDOWS\system32\k119832286016.exe C:\WINDOWS\system32\k11983243772.exe C:\WINDOWS\system32\k11983243783.exe C:\WINDOWS\system32\k11983243804.exe C:\WINDOWS\system32\k11983243815.exe C:\WINDOWS\system32\k11983243826.exe C:\WINDOWS\system32\k11983243837.exe C:\WINDOWS\system32\k11983243869.exe C:\WINDOWS\system32\k119832438710.exe C:\WINDOWS\system32\k119832438811.exe C:\WINDOWS\system32\k119832439315.exe C:\WINDOWS\system32\k119832439416.exe C:\WINDOWS\system32\kvsc3.dll C:\WINDOWS\system32\LotusHlp.dll C:\WINDOWS\system32\lyloader.exe C:\WINDOWS\system32\lyloadmr.exe C:\WINDOWS\system32\lymangr.dll C:\WINDOWS\system32\mhsha1.dat C:\WINDOWS\system32\mppds.dll C:\WINDOWS\system32\mprmsgse.axz C:\WINDOWS\system32\msccrt.dll C:\WINDOWS\system32\mscpx32r.det C:\WINDOWS\system32\msdeg32.dll C:\WINDOWS\system32\msimms32.dll C:\WINDOWS\system32\MsPrint32D.dll C:\WINDOWS\system32\nvdispdrv.dll C:\WINDOWS\system32\SHQ.DLL C:\WINDOWS\system32\SHQMANGR.DLL C:\WINDOWS\system32\svchost.dat C:\WINDOWS\system32\upxdnd.dll C:\WINDOWS\ufdata2000.log G:\auto.exe G:\Autorun.inf H:\auto.exe H:\Autorun.inf I:\auto.exe I:\Autorun.inf C:\Documents and Settings\All Users\Application Data.\microsoft\office\userdata . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\LEGACY_ACPIDISK -------\acpidisk ((((((((((((((((((((((((( Files Created from 2007-11-23 to 2007-12-23 ))))))))))))))))))))))))))))))) . 2007-12-23 09:45 . 2007-12-23 09:45 <DIR> d-------- C:\Program Files\Trend Micro 2007-12-23 00:19 . 2007-12-23 00:19 <DIR> d-------- C:\Documents and Settings\Kass'n Kaths\temp 2007-12-23 00:09 . 2007-12-23 00:09 <DIR> d-------- C:\WINDOWS\ERUNT 2007-12-22 21:34 . 2007-12-22 21:35 70,144 --a------ C:\WINDOWS\system32\Verify.exe 2007-12-21 21:53 . 2007-12-21 21:53 <DIR> d--hs---- C:\FOUND.007 2007-12-21 21:42 . 2004-08-04 00:56 221,184 --a------ C:\WINDOWS\system32\wmpns.dll 2007-12-21 21:40 . 2004-08-04 00:56 239,616 --------- C:\WINDOWS\system32\wstrenderer.ax 2007-12-21 21:40 . 2004-08-04 00:56 164,352 --------- C:\WINDOWS\system32\wstpager.ax 2007-12-21 21:40 . 2004-08-04 00:56 96,768 --------- C:\WINDOWS\system32\dllcache\dpcdll.dll 2007-12-21 21:40 . 2004-08-04 00:56 53,248 --------- C:\WINDOWS\system32\vbicodec.ax 2007-12-21 21:40 . 2004-08-03 23:08 40,832 --------- C:\WINDOWS\system32\drivers\irbus.sys 2007-12-21 21:40 . 2004-08-03 22:59 9,728 --------- C:\WINDOWS\system32\comsdupd.exe 2007-12-21 21:36 . 2007-12-21 21:36 <DIR> d-------- C:\WINDOWS\ServicePackFiles 2007-12-21 21:32 . 2004-08-04 00:56 2,897,920 --------- C:\WINDOWS\system32\xpsp2res.dll 2007-12-21 21:28 . 2004-07-17 11:40 19,528 --a------ C:\WINDOWS\002490_.tmp 2007-12-21 21:20 . 2007-12-21 21:20 <DIR> d-------- C:\WINDOWS\EHome 2007-12-21 21:14 . 2007-12-21 21:14 2,446 --a------ C:\WINDOWS\system32\k11351706233.exe 2007-12-21 21:14 . 2007-12-21 21:14 1,823 --a------ C:\WINDOWS\system32\k11351706222.exe 2007-12-21 21:13 . 2007-12-21 21:14 2,082 --a------ C:\WINDOWS\system32\k11351706211.exe 2007-12-21 06:50 . 2007-12-21 06:50 2,594 --a------ C:\WINDOWS\system32\k11351188249.exe 2007-12-20 21:00 . 2007-12-20 22:00 2,450 --a------ C:\WINDOWS\system32\k113508335216.exe 2007-12-20 20:58 . 2007-12-20 20:58 42,801 --a------ C:\WINDOWS\system32\k113508334611.exe 2007-12-20 20:58 . 2007-12-20 20:58 17,166 --a------ C:\WINDOWS\system32\k11350833395.exe 2007-12-20 20:58 . 2007-12-20 20:58 16,891 --a------ C:\WINDOWS\system32\k11350833449.exe 2007-12-20 20:58 . 2007-12-20 20:58 16,828 --a------ C:\WINDOWS\system32\k11350833406.exe 2007-12-20 20:58 . 2007-12-20 20:58 15,418 --a------ C:\WINDOWS\system32\k11350833352.exe 2007-12-20 20:58 . 2007-12-20 20:58 15,360 --a------ C:\WINDOWS\system32\k11350833341.exe 2007-12-20 20:58 . 2007-12-20 20:58 15,158 --a------ C:\WINDOWS\system32\k113508335014.exe 2007-12-20 01:37 . 2007-12-22 20:00 44,337 --a------ C:\WINDOWS\273100WL.DLL 2007-12-20 01:36 . 2005-12-22 21:57 52,300 --ahs---- C:\WINDOWS\273100MM.DLL 2007-12-20 01:29 . 2007-12-20 01:29 28,672 --a------ C:\WINDOWS\system32\akcjzj.dll 2007-12-20 01:28 . 2007-12-20 01:28 <DIR> d--hs---- C:\FOUND.006 2007-12-20 01:23 . 2007-12-20 01:23 <DIR> d-------- C:\Program Files\Kaspersky Lab 2007-12-20 01:21 . 2007-12-20 01:24 82,258 --a------ C:\WINDOWS\system32\drivers\klin.dat 2007-12-20 01:21 . 2007-12-20 01:24 82,258 --a------ C:\WINDOWS\system32\drivers\klick.dat 2007-12-20 01:20 . 2007-12-23 00:18 26,624 --a------ C:\WINDOWS\system32\PTSShell.dll 2007-12-20 01:09 . 2007-12-20 01:09 <DIR> d--hs---- C:\FOUND.005 2007-12-20 00:58 . 2007-12-20 00:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files 2007-12-20 00:29 . 2007-12-20 00:29 <DIR> d--hs---- C:\FOUND.004 2007-12-20 00:02 . 2007-12-20 00:02 <DIR> d--hs---- C:\FOUND.003 2007-12-02 16:41 . 2007-12-02 16:41 <DIR> d-------- C:\Program Files\SopCast 2007-12-02 16:41 . 2007-12-02 16:41 <DIR> d-------- C:\Documents and Settings\Kass'n Kaths\Application Data\SopCast 2007-12-01 21:35 . 2007-12-01 21:35 <DIR> d-------- C:\Program Files\Common Files\xing shared 2007-11-30 22:24 . 2007-11-30 22:24 <DIR> d-------- C:\Documents and Settings\Kass'n Kaths\Application Data\Yahoo! 2007-11-30 22:15 . 2007-11-30 22:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\yahoo! 2007-11-30 21:58 . 2007-11-30 21:58 <DIR> d-------- C:\Program Files\Yahoo! 2007-11-30 01:02 . 2007-12-22 18:34 10 --a------ C:\WINDOWS\popcinfo.dat 2007-11-30 00:47 . 2007-11-30 00:47 <DIR> d-------- C:\Program Files\GameHouse 2007-11-26 11:58 . 2007-11-26 11:58 <DIR> d-------- C:\WINDOWS\LogFiles 2007-11-24 19:27 . 2004-08-03 23:10 48,128 --a------ C:\WINDOWS\system32\drivers\61883.sys 2007-11-24 19:27 . 2004-08-03 23:10 38,912 --a------ C:\WINDOWS\system32\drivers\avc.sys 2007-11-23 14:37 . 2005-08-06 19:27 <DIR> d-------- C:\Program Files\AviSynth 2.5 2007-11-23 14:37 . 2004-02-22 10:11 719,872 --a------ C:\WINDOWS\system32\devil.dll 2007-11-23 14:37 . 2006-10-07 17:43 502,784 --a------ C:\WINDOWS\x2.64.exe 2007-11-23 14:37 . 2007-05-14 15:24 394,240 --a------ C:\WINDOWS\system32\Smab.dll 2007-11-23 14:37 . 2007-05-17 17:30 318,976 --a------ C:\WINDOWS\system32\avisynth.dll 2007-11-23 14:37 . 2005-02-28 13:16 240,128 --a------ C:\WINDOWS\system32\x.264.exe 2007-11-23 14:37 . 2006-04-12 09:47 217,073 --a------ C:\WINDOWS\meta4.exe 2007-11-23 14:37 . 2004-01-25 00:00 70,656 --a------ C:\WINDOWS\system32\yv12vfw.dll 2007-11-23 14:37 . 2004-01-25 00:00 70,656 --a------ C:\WINDOWS\system32\i420vfw.dll 2007-11-23 14:37 . 2006-04-05 08:09 66,560 --a------ C:\WINDOWS\MOTA113.exe 2007-11-23 14:37 . 2005-07-14 12:31 27,648 --a------ C:\WINDOWS\system32\AVSredirect.dll 2007-11-23 14:35 . 2007-11-23 14:35 <DIR> d-------- C:\Program Files\eRightSoft 2007-11-23 13:16 . 2007-11-23 13:16 <DIR> d--hs---- C:\FOUND.002 2007-11-23 12:11 . 2007-11-23 12:11 <DIR> d--hs---- C:\FOUND.001 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-12-23 01:53 45,056 ----a-w C:\WINDOWS\system32\90D9B6D7.DLL 2007-12-23 01:52 8,736 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat 2007-12-23 01:52 8,012 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx 2007-12-23 01:52 483,328 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat 2007-12-23 01:52 1,868 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx 2007-12-22 16:18 127,488 ----a-w C:\WINDOWS\system32\SSLDyn.dll 2007-12-22 13:35 19,171 ----a-w C:\WINDOWS\system32\dllcache\svchost.exe 2007-12-01 13:24 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll 2007-12-01 13:24 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll 2007-11-16 13:25 --------- d-----w C:\Program Files\uTorrent 2007-11-16 13:25 --------- d-----w C:\Documents and Settings\Kass'n Kaths\Application Data\uTorrent 2007-11-14 15:11 --------- d-----w C:\Program Files\VeryPDF PDF2Word v3.0 2007-11-10 03:17 74,752 ----a-w C:\WINDOWS\cadkasdeinst01e.exe 2007-11-10 03:17 --------- d-----w C:\Program Files\PDF Editor 2 2007-11-10 03:06 --------- d-----w C:\Program Files\GPLGS 2007-11-06 02:58 --------- d-----w C:\Program Files\Common Files\Skype 2007-10-27 14:17 --------- d-----w C:\Program Files\Windows Media Components 2007-10-27 14:04 --------- d-----w C:\Program Files\TVUBroadcaster 2007-09-25 15:47 50,688 ----a-w C:\WINDOWS\system32\wbhelp2.dll 2006-05-03 09:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll 2007-02-21 10:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56] "PictureShow"="C:\Program Files\PictureShow\poco_tools.exe" [2007-11-01 19:38] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMan"="SOUNDMAN.EXE" [2003-06-10 19:12 C:\WINDOWS\SOUNDMAN.EXE] "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-03 22:32] "MSPY2002"="C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe" [2002-08-29 20:00] "PHIME2002ASync"="C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe" [2002-08-29 20:00] "PHIME2002A"="C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe" [2002-08-29 20:00] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11] "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 11:09] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51] "FixCamera"="C:\WINDOWS\FixCamera.exe" [2007-01-30 17:50] "tsnp325"="C:\WINDOWS\tsnp325.exe" [2006-10-10 15:49] "snp325"="C:\WINDOWS\vsnp325.exe" [2006-10-10 14:11] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50] "WinSysW"="C:\WINDOWS\273100L.exe" [] "AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [2007-06-28 12:51] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-10-16 22:39:49] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=D:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll,C:\PROGRA~1\KASP ER~1\KASPER~1.0\adialhk.dll R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-04-04 14:58] R3 SNP325;USB PC Camera (SNPSTD325);C:\WINDOWS\system32\DRIVERS\snp325.sys [2007-01-27 09:56] S2 40B9CB77;40B9CB77;C:\WINDOWS\system32\280E6F14.EXE -k [] S2 6DEB4996;6DEB4996;C:\WINDOWS\system32\3A9F0278.EXE -g [] S2 sysloader;System Event loader;"C:\Documents and Settings\All Users\Application Data\Microsoft\Office\SYSTEM\sysloader.exe" [] S2 Yiqilai;Ò»ÆðÀ´ÒôÀÖÖúÊÖ;"C:\Program Files\Yiqilai\wmp\YiqilaiLyrics.exe" [2007-10-18 10:15] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountp oints2\C] \Shell\Auto\command - C:\auto.exe \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL auto.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountp oints2\G] \Shell\Auto\command - G:\auto.exe \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL auto.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountp oints2\H] \Shell\Auto\command - H:\auto.exe \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL auto.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountp oints2\I] \Shell\Auto\command - I:\auto.exe \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL auto.exe . ************************************************************************** catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-12-23 09:54:07 Windows 5.1.2600 Service Pack 2 FAT NTAPI scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-12-23 9:55:29 - machine was rebooted ========================================================== ========================================================== ========================================================== ========================================================== ========================================================== Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 9:56:39 AM, on 12/23/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe C:\WINDOWS\FixCamera.exe C:\WINDOWS\tsnp325.exe C:\WINDOWS\vsnp325.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\PictureShow\poco_tools.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.zhaodao123.com/ O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe O4 - HKLM\..\Run: [tsnp325] C:\WINDOWS\tsnp325.exe O4 - HKLM\..\Run: [snp325] C:\WINDOWS\vsnp325.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [WinSysW] C:\WINDOWS\273100L.exe O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [PictureShow] "C:\Program Files\PictureShow\poco_tools.exe" -p PictureShow O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm O8 - Extra context menu item: Download All Files by HiDownload - C:\Program Files\HiDownload\HDGetAll.htm O8 - Extra context menu item: Download by HiDownload - C:\Program Files\HiDownload\HDGet.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Ò»ÆðÀ´ÒôÀÖÉçÇø - {7DBC6ADB-5788-4FB9-AEC3-B40A58AC11DF} - http://www.yiqilai.com (file missing) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: HiDownload - {F4FBA929-A891-492C-A0F6-5C79CC4F1742} - C:\Program Files\HiDownload\hidownload.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: Ò×Ȥ¹ºÎï - {FFB2385E-E812-4091-8C12-2370DC67F769} - http://www.eachnet.com/specials/digi...000_soft0_digi (file missing) O15 - Trusted Zone: http://www.facebook.com O15 - Trusted Zone: http://by109w.bay109.mail.live.com O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} - http://www.lankadeepa.lk/wfplayer/tdserver.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by109fd.bay109.hotmail.msn.co...s/MsnPUpld.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsof...?1193409766843 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1193409734093 O16 - DPF: {8FEFF364-6A5F-4966-A917-A3AC28411659} (SopCore Control) - http://download.sopcast.com/download/SOPCORE.CAB O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://pcpitstop.com/mhLbl.cab O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/...ampx_en_dl.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: D:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1.0 \adialhk.dll O23 - Service: 40B9CB77 - Unknown owner - C:\WINDOWS\system32\280E6F14.EXE (file missing) O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: System Event loader (sysloader) - Unknown owner - C:\Documents and Settings\All Users\Application Data\Microsoft\Office\SYSTEM\sysloader.exe (file missing) O23 - Service: VideoAcceleratorEngine - Unknown owner - D:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe (file missing) O23 - Service: Ò»ÆðÀ´ÒôÀÖÖúÊÖ (Yiqilai) - Yiqilai - C:\Program Files\Yiqilai\wmp\YiqilaiLyrics.exe -- End of file - 8812 bytes |
23-Dec-2007, 09:17 AM
#13 | |||||
| Open Notepad and copy and paste the text in the quote box below into it: Quote:
Then drag the CFScript.txt into the ComboFix.exe as shown in the screenshot below.  This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply together with a new HijackThis log.
__________________ Microsoft MVP - Consumer Security |
 |
| |
| Currently Active Users Viewing This Thread: 1 (0 members and 1 guests) | |
| Thread Tools | |
| |
| You Are Using:  |
Advertisements do not imply our endorsement of that product or service. All times are GMT -4. The time now is 02:10 PM. Copyright © 1996 - 2011 TechGuy, Inc. All rights reserved. |  |
Facebook
Twitter
TechGuy.tv
TSG Mobile