1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

plz help. malware problem

Discussion in 'Virus & Other Malware Removal' started by devilti, Nov 3, 2007.

Thread Status:
Not open for further replies.
Advertisement
  1. devilti

    devilti Thread Starter

    Joined:
    Nov 2, 2007
    Messages:
    11
    i tried many ultimate cleaner removal programs and some problems hav gone away like the background. but i still hav slot of problem. so help would really reall appreciate help

    hav about the same syptomes every1 has but i hav way more infections that they do. almost every catagory is severe with 100+ infections.:(

    also can anyone tell me wat HKEY_LOCAL is? this is where the threats r found. i havno idea on how to delete them. just by telln me how would help too:)

    my hijack after i ran the removal programs

    Logfile of HijackThis v1.99.1
    Scan saved at 10:37:45 PM, on 11/2/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\ZONELABS\vsmon.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Spyware Doctor\svcntaux.exe
    C:\Program Files\Spyware Doctor\swdsvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Spyware Doctor\SDTrayApp.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spool.exe
    C:\WINDOWS\system32\taskmg.exe
    C:\WINDOWS\ehome\mcrdsvc.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\PROGRA~1\LAUNCH~1\LManager.exe
    C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
    C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
    C:\Program Files\FlashGet\FlashGet.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
    C:\WINDOWS\system32\wbem\unsecapp.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\svhist.exe
    C:\Program Files\Skype\Plugin Manager\skypePM.exe
    C:\Program Files\Spyware Doctor\swdoctor.exe
    C:\Program Files\internet explorer\iexplore.exe
    C:\DOCUME~1\LINBGO~1\LOCALS~1\Temp\Rar$EX00.922\HijackThis.exe

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: MSVPS System - {88418AA3-16F5-4FC2-A9D8-90B1266DF841} - C:\WINDOWS\nsduo.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: The sdrmod - {521A5897-9EA7-43B4-A51D-B4C11D67BEEF} - C:\WINDOWS\SDRMOD.DLL (file missing)
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
    O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
    O4 - HKLM\..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
    O4 - HKLM\..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
    O4 - HKLM\..\Run: [Boot] C:\Acer\Empowering Technology\ePower\Boot.exe
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
    O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
    O4 - HKLM\..\Run: [IMSCMig] C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
    O4 - HKLM\..\Run: [Flashget] "C:\Program Files\FlashGet\FlashGet.exe" /min
    O4 - HKLM\..\Run: [Salestart(1)] "C:\Program Files\Common Files\YourPrivacyGuard\mc.exe" dm=http://yourprivacyguard.com; ad=http://yourprivacyguard.com
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [SpyHunter] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe
    O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [Salestart] "C:\Program Files\Common Files\YourPrivacyGuard\mc.exe" dm=http://yourprivacyguard.com; ad=http://yourprivacyguard.com
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Acer Empowering Technology.lnk = %SystemDrive%\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
    O8 - Extra context menu item: &使用快车(FlashGet)下载 - C:\Program Files\FlashGet\jc_link.htm
    O8 - Extra context menu item: &使用快车(FlashGet)下载全部链接 - C:\Program Files\FlashGet\jc_all.htm
    O8 - Extra context menu item: 导出到 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: D??¢?ì?÷ - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: ?ì3μ - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
    O9 - Extra 'Tools' menuitem: ?ì3μ(FlashGet) - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O21 - SSODL: msmhost - {55992B54-1A6F-448C-B431-81E8C761AFD4} - C:\WINDOWS\msmhost.dll
    O21 - SSODL: msmdev - {4A2269CE-2699-4A4D-B8BE-671368014894} - C:\WINDOWS\msmdev.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe
    O23 - Service: WindowsDriver - Unknown owner - C:\WINDOWS\system32\spool.exe


    Heres my combofix.....

    ComboFix 07-11-01.1 - Linbgo Li 2007-11-02 19:43:30.1 - FAT32x86
    Microsoft Windows XP Professional 5.1.2600.2.936.86.1033.18.239 [GMT -6:00]
    Running from: C:\Downloads\ComboFix.exe
    * Created a new restore point
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\All Users\Application Data.\salesmonitor
    C:\Documents and Settings\Linbgo Li\Application Data\install_en[1].exe
    C:\Documents and Settings\Linbgo Li\Application Data\installer_en[1].exe
    C:\Documents and Settings\Linbgo Li\Favorites\Error Cleaner.url
    C:\Documents and Settings\Linbgo Li\Favorites\Privacy Protector.url
    C:\Documents and Settings\Linbgo Li\Favorites\Spyware&Malware Protection.url
    C:\Documents and Settings\Linbgo Li\Local Settings\Application Data\baidu
    C:\Documents and Settings\Linbgo Li\ResErrors.log
    C:\Program Files\baidu\bar\baidubar.dat
    C:\Program Files\baidu\bar\BaiduBar.dll
    C:\Program Files\baidu\bar\bdgdins.dll
    C:\Program Files\baidu\bar\img\imglist.bmp
    C:\Program Files\baidu\bar\img\logo.bmp
    C:\Program Files\baidu\bar\loadmovie.swf
    C:\UGA6P
    C:\WINDOWS\dat.txt
    C:\WINDOWS\privacy_danger
    C:\WINDOWS\privacy_danger\images\capt.gif
    C:\WINDOWS\privacy_danger\images\danger.jpg
    C:\WINDOWS\privacy_danger\images\down.gif
    C:\WINDOWS\privacy_danger\images\spacer.gif
    C:\WINDOWS\privacy_danger\index.htm
    C:\WINDOWS\rs.txt
    C:\WINDOWS\sdrmod.dll
    C:\WINDOWS\search_res.txt
    C:\WINDOWS\system32\BDGuard.DAT
    C:\WINDOWS\system32\BDGuardS.DAT
    C:\WINDOWS\system32\drivers\bdguard.sys
    C:\WINDOWS\system32\iexp_log.txt

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

    .
    -------\LEGACY_BDGUARD
    -------\LEGACY_FMTR
    -------\BdGuard


    ((((((((((((((((((((((((( Files Created from 2007-10-03 to 2007-11-03 )))))))))))))))))))))))))))))))
    .

    2007-11-02 19:27 51,200 --a------ C:\WINDOWS\NirCmd.exe
    2007-11-02 19:11 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
    2007-11-02 19:11 <DIR> d-------- C:\Documents and Settings\Linbgo Li\Application Data\SUPERAntiSpyware.com
    2007-11-02 19:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
    2007-11-02 18:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TEMP
    2007-11-02 18:00 <DIR> d-------- C:\Program Files\Spyware Doctor
    2007-11-02 18:00 <DIR> d-------- C:\Documents and Settings\Linbgo Li\Application Data\PC Tools
    2007-11-02 18:00 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
    2007-11-02 18:00 79,688 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
    2007-11-02 18:00 62,280 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
    2007-11-02 18:00 41,288 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
    2007-11-02 18:00 29,000 --a------ C:\WINDOWS\system32\drivers\kcom.sys
    2007-11-02 17:33 <DIR> d-------- C:\Program Files\Enigma Software Group
    2007-11-02 16:44 <DIR> d-------- C:\!KillBox
    2007-11-01 22:41 <DIR> d-------- C:\Documents and Settings\Linbgo Li\Application Data\Apple Computer
    2007-11-01 22:38 <DIR> d-------- C:\Program Files\iTunes
    2007-11-01 22:38 <DIR> d-------- C:\Program Files\iPod
    2007-11-01 22:37 <DIR> d-------- C:\Program Files\QuickTime
    2007-11-01 22:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
    2007-11-01 22:36 <DIR> d-------- C:\Program Files\Apple Software Update
    2007-11-01 22:36 30,336 --a------ C:\WINDOWS\system32\drivers\usbaapl.sys
    2007-11-01 22:35 <DIR> d-------- C:\Program Files\Common Files\Apple
    2007-11-01 22:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
    2007-11-01 22:27 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
    2007-11-01 22:27 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
    2007-11-01 22:27 15,104 --a------ C:\WINDOWS\system32\dllcache\usbscan.sys
    2007-11-01 22:27 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
    2007-11-01 22:16 <DIR> d-------- C:\Program Files\Lavasoft
    2007-11-01 22:16 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
    2007-11-01 22:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
    2007-11-01 21:10 4,492 --a------ C:\WINDOWS\system32\tmp.reg
    2007-11-01 21:00 <DIR> d--h----- C:\WINDOWS\PIF
    2007-11-01 20:59 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
    2007-11-01 20:59 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
    2007-11-01 20:59 53,248 --a------ C:\WINDOWS\system32\Process.exe
    2007-11-01 20:59 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
    2007-11-01 20:59 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
    2007-11-01 20:58 <DIR> d-------- C:\Documents and Settings\Linbgo Li\SmitfraudFix
    2007-11-01 20:29 32 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
    2007-11-01 20:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
    2007-11-01 20:25 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
    2007-11-01 20:23 <DIR> d-------- C:\WINDOWS\Internet Logs
    2007-11-01 19:40 0 --a------ C:\WINDOWS\system32\julysoft.exe
    2007-11-01 17:43 <DIR> d-------- C:\Documents and Settings\Linbgo Li\Application Data\PCSecureSystem
    2007-11-01 17:42 24,064 --a------ C:\WINDOWS\system32\msxml3a.dll
    2007-11-01 17:39 <DIR> d-------- C:\Documents and Settings\Linbgo Li\Application Data\YourPrivacyGuard
    2007-11-01 17:33 <DIR> d-------- C:\Program Files\Common Files\YourPrivacyGuard
    2007-11-01 00:56 274,432 --a------ C:\WINDOWS\bindmod.dll
    2007-11-01 00:56 253,952 --a------ C:\WINDOWS\advreprwd.dll
    2007-11-01 00:56 245,760 --a------ C:\WINDOWS\hupsrv.dll
    2007-11-01 00:56 143,360 --a------ C:\WINDOWS\wtopmod.exe
    2007-10-29 01:03 <DIR> d-------- C:\Program Files\&#39118;&#24433;Flash&#25773;&#25918;&#22120;
    2007-10-26 16:03 <DIR> d-------- C:\Program Files\MSXML 4.0
    2007-10-26 11:47 <DIR> d-------- C:\Program Files\Google
    2007-10-26 11:47 <DIR> d-------- C:\Program Files\FlashGet
    2007-10-26 11:36 <DIR> d-------- C:\Program Files\Silkroad
    2007-10-26 10:36 <DIR> d-------- C:\Documents and Settings\Linbgo Li\Application Data\uTorrent
    2007-10-22 23:12 <DIR> d-------- C:\Documents and Settings\Linbgo Li\Contacts
    2007-10-22 23:11 <DIR> d-------- C:\Program Files\MSN Messenger
    2007-10-19 16:14 <DIR> d-------- C:\downloads
    2007-10-19 16:14 <DIR> d-------- C:\Documents and Settings\Linbgo Li\Incomplete
    2007-10-19 16:13 <DIR> d-------- C:\Documents and Settings\Linbgo Li\Application Data\LimeWire
    2007-10-19 16:12 <DIR> d-------- C:\Program Files\Java
    2007-10-19 16:11 <DIR> d--hs---- C:\Recycled
    2007-10-19 16:11 <DIR> d-------- C:\Program Files\LimeWire
    2007-10-19 16:11 <DIR> d-------- C:\Program Files\Common Files\Java
    2007-10-19 08:51 0 --a------ C:\WINDOWS\system32\cnfmon.exe
    2007-10-19 01:01 <DIR> d---s---- C:\Documents and Settings\Linbgo Li\UserData
    2007-10-18 19:50 <DIR> d-------- C:\Program Files\Skype
    2007-10-18 19:50 <DIR> d-------- C:\Program Files\Common Files\Skype
    2007-10-18 19:50 <DIR> d-------- C:\Documents and Settings\Linbgo Li\Application Data\Skype
    2007-10-18 19:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Skype
    2007-10-17 18:47 17,920 --a------ C:\WINDOWS\system32\mdimon.dll
    2007-10-17 18:46 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
    2007-10-17 18:44 <DIR> d-------- C:\WINDOWS\SHELLNEW
    2007-10-17 18:44 <DIR> d-------- C:\Program Files\Microsoft.NET
    2007-10-17 09:47 23,040 --------- C:\WINDOWS\kb913800.exe
    2007-10-15 21:31 <DIR> d-------- C:\WINDOWS\system32\PPLive
    2007-10-15 21:30 <DIR> d-------- C:\Program Files\PPLive
    2007-10-15 21:30 <DIR> d-------- C:\Documents and Settings\Linbgo Li\Application Data\PPLive
    2007-10-15 21:17 <DIR> d-------- C:\jcb_gx
    2007-10-15 21:17 212,992 --a------ C:\WINDOWS\TdxUnInstall.exe
    2007-10-15 21:02 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
    2007-10-15 21:02 12,160 --a------ C:\WINDOWS\system32\dllcache\mouhid.sys
    2007-10-15 21:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
    2007-10-15 21:02 9,600 --a------ C:\WINDOWS\system32\dllcache\hidusb.sys
    2007-10-15 15:03 <DIR> d-------- C:\Program Files\support.com
    2007-10-15 15:03 <DIR> d-------- C:\Program Files\Common Files\SupportSoft
    2007-10-09 08:38 1,168,896 --a------ C:\WINDOWS\system32\ERUpdateHidden.EXE
    2007-10-09 08:38 258,048 --a------ C:\WINDOWS\system32\Uninstall_eRecovery.exe
    2007-10-09 08:38 258,048 --a------ C:\WINDOWS\system32\CheckD2DSystem.exe
    2007-10-09 08:38 159,744 --a------ C:\WINDOWS\system32\CloseProcessWindow.dll
    2007-10-09 08:38 16,384 --a------ C:\WINDOWS\system32\ClearEvent.exe
    2007-10-09 08:37 <DIR> d-------- C:\WINDOWS\Options
    2007-10-09 08:35 <DIR> d-------- C:\Program Files\Synaptics
    2007-10-09 08:35 <DIR> d-------- C:\Program Files\Launch Manager
    2007-10-09 08:35 192,672 --a------ C:\WINDOWS\system32\drivers\SynTP.sys
    2007-10-09 08:35 114,688 --a------ C:\WINDOWS\system32\SynCtrl.dll
    2007-10-09 08:35 94,298 --a------ C:\WINDOWS\system32\SynTPAPI.dll
    2007-10-09 08:35 82,013 --a------ C:\WINDOWS\system32\SynCOM.dll

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-11-03 01:53 32 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
    2007-09-06 22:14 75,248 ----a-w C:\WINDOWS\zllsputility.exe
    2007-09-06 22:14 1,086,952 ----a-w C:\WINDOWS\system32\zpeng24.dll
    2007-08-22 12:55 96,256 ----a-w C:\WINDOWS\system32\dllcache\inseng.dll
    2007-08-22 12:55 665,600 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
    2007-08-22 12:55 617,984 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
    2007-08-22 12:55 55,808 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll
    2007-08-22 12:55 532,480 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
    2007-08-22 12:55 474,112 ----a-w C:\WINDOWS\system32\dllcache\shlwapi.dll
    2007-08-22 12:55 449,024 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
    2007-08-22 12:55 39,424 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
    2007-08-22 12:55 357,888 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
    2007-08-22 12:55 3,064,832 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
    2007-08-22 12:55 251,904 ----a-w C:\WINDOWS\system32\dllcache\iepeers.dll
    2007-08-22 12:55 205,824 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
    2007-08-22 12:55 16,384 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
    2007-08-22 12:55 151,040 ----a-w C:\WINDOWS\system32\dllcache\cdfview.dll
    2007-08-22 12:55 146,432 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
    2007-08-22 12:55 1,498,112 ----a-w C:\WINDOWS\system32\dllcache\shdocvw.dll
    2007-08-22 12:55 1,054,208 ----a-w C:\WINDOWS\system32\dllcache\danim.dll
    2007-08-22 12:55 1,022,976 ----a-w C:\WINDOWS\system32\dllcache\browseui.dll
    2007-08-21 10:19 18,432 ----a-w C:\WINDOWS\system32\dllcache\iedw.exe
    2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
    2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\system32\dllcache\inetcomm.dll
    2007-07-28 16:29:34 343,040 --sha-r C:\WINDOWS\system32\taskmg.exe
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{77FEF28E-EB96-44FF-B511-3185DEA48697}]
    C:\PROGRA~1\baidu\bar\baidubar.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7A22D62B-562F-4D55-8B1E-3AAA6C2BA688}]
    2007-10-31 11:18 253952 --a------ C:\WINDOWS\advreprwd.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{B580CF65-E151-49C3-B73F-70B13FCA8E86}"= C:\PROGRA~1\baidu\bar\baidubar.dll [ ]
    "{521A5897-9EA7-43B4-A51D-B4C11D67BEEF}"= C:\WINDOWS\SDRMOD.DLL [ ]

    [HKEY_CLASSES_ROOT\CLSID\{B580CF65-E151-49C3-B73F-70B13FCA8E86}]
    [HKEY_CLASSES_ROOT\BaiduBar.Baidu.1]
    [HKEY_CLASSES_ROOT\TypeLib\{6AFC2761-1253-427C-9A56-385B4609BE1D}]
    [HKEY_CLASSES_ROOT\BaiduBar.Baidu]

    [HKEY_CLASSES_ROOT\CLSID\{521A5897-9EA7-43B4-A51D-B4C11D67BEEF}]
    [HKEY_CLASSES_ROOT\sdrmod.ToolBar.1]
    [HKEY_CLASSES_ROOT\TypeLib\{A17546CB-2CFA-451E-9367-98E3D9BE9B67}]
    [HKEY_CLASSES_ROOT\sdrmod.ToolBar]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 13:56]
    "LaunchApp"="" []
    "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 17:41]
    "AzMixerSel"="C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" [2006-04-14 22:35]
    "ntiMUI"="C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2005-05-11 17:15]
    "@"="" []
    "Acer ePresentation HPD"="C:\Acer\Empowering Technology\ePresentation\ePresentation.exe" [2006-03-31 16:39]
    "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-10 20:00]
    "MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-10 20:00]
    "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-10 20:00]
    "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-10 20:00]
    "ePower_DMC"="C:\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-05-30 12:11]
    "Boot"="C:\Acer\Empowering Technology\ePower\Boot.exe" [2006-03-15 22:12]
    "RTHDCPL"="RTHDCPL.EXE" [2006-05-17 23:27 C:\WINDOWS\RTHDCPL.exe]
    "SkyTel"="SkyTel.EXE" [2006-05-16 03:04 C:\WINDOWS\SkyTel.exe]
    "Alcmtr"="ALCMTR.EXE" [2005-05-03 03:43 C:\WINDOWS\Alcmtr.exe]
    "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-03 13:07]
    "LManager"="C:\PROGRA~1\LAUNCH~1\LManager.exe" [2006-06-23 06:59]
    "eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\eRAgent.exe" [2006-06-01 14:40]
    "IMSCMig"="C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.exe" [2003-07-14 22:57]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
    "Flashget"="C:\Program Files\FlashGet\FlashGet.exe" [2007-09-25 02:10]
    "Salestart(1)"="C:\Program Files\Common Files\YourPrivacyGuard\mc.exe" []
    "ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-09-06 16:14]
    "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 14:42]
    "SpyHunter"="C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe" [2007-04-26 18:03]
    "SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2007-10-02 16:27]
    "combofix"="C:\WINDOWS\system32\cmd.exe" [2004-08-10 20:00]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 20:00]
    "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-09-13 13:31]
    "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-10-31 16:58]
    "Salestart"="C:\Program Files\Common Files\YourPrivacyGuard\mc.exe" []
    "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06]
    Acer Empowering Technology.lnk - C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe [2006-03-27 11:37:58]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
    "InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    "hupsrv"= {C6E3841A-FA1B-40A8-A661-72E50B08911E} - C:\WINDOWS\hupsrv.dll [2007-10-31 11:18 245760]
    "bindmod"= {B312A4F2-15EB-490E-9CE6-4BA911B5CA41} - C:\WINDOWS\bindmod.dll [2007-10-31 11:18 274432]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

    R0 UBHelper;UBHelper;C:\WINDOWS\system32\drivers\UBHelper.sys
    R2 DritekPortIO;Dritek General Port I/O;\??\C:\PROGRA~1\LAUNCH~1\DPortIO.sys
    R2 int15;int15;\??\C:\WINDOWS\system32\drivers\int15.sys
    R2 tvicport;tvicport;\??\C:\WINDOWS\system32\drivers\tvicport.sys
    R2 WindowsDriver;WindowsDriver;C:\WINDOWS\system32\spool.exe
    R3 DKbFltr;Dritek Keyboard Filter Driver;C:\WINDOWS\system32\DRIVERS\DKbFltr.sys
    R3 EMSCR;EMSCR;C:\WINDOWS\system32\DRIVERS\EMS7SK.sys
    R3 ESDCR;ESDCR;C:\WINDOWS\system32\DRIVERS\ESD7SK.sys
    R3 ESMCR;ESMCR;C:\WINDOWS\system32\DRIVERS\ESM7SK.sys
    S2 eLock2BurnerLockDriver;eLock2BurnerLockDriver;\??\C:\WINDOWS\system32\eLock2BurnerLockDriver.sys
    S2 eLock2FSCTLDriver;eLock2FSCTLDriver;\??\C:\WINDOWS\system32\eLock2FSCTLDriver.sys
    S3 USBAAPL;Apple Mobile USB Driver;C:\WINDOWS\system32\Drivers\usbaapl.sys

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5594bb7e-85e1-11dc-9dbe-0016d4183ba7}]
    \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL \SystemVolumeInformation\system.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7872b7ec-7d29-11dc-9da6-0016cf2b85c6}]
    \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL \SystemVolumeInformation\system.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e1aef5fa-7b61-11dc-9d9d-0016d4183ba7}]
    \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL \SystemVolumeInformation\system.exe

    .
    Contents of the 'Scheduled Tasks' folder
    "2007-11-02 04:36:28 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    .
    **************************************************************************

    catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-11-02 19:55:49
    Windows 5.1.2600 Service Pack 2 FAT NTAPI

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2007-11-02 19:58:45 - machine was rebooted
    .
    --- E O F ---


    help is really appreciated. after this once i hav time. ill learn how to analyze this crap. looks like i got alot to learn. :)
     
  2. sjpritch25

    sjpritch25

    Joined:
    Sep 8, 2005
    Messages:
    9,113
    Welcome to TSG :)

    You have an old version of ComboFix, please delete ComboFix.exe from your My Downloads folder.


    Download SDFix and save it to your Desktop.

    Double click SDFix.exe and it will extract the files to %systemdrive%
    (Drive that contains the Windows Directory, typically C:\SDFix)

    Please then reboot your computer in Safe Mode by doing the following :
    • Restart your computer
    • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
    • Instead of Windows loading as normal, the Advanced Options Menu should appear;
    • Select the first option, to run Windows in Safe Mode, then press Enter.
    • Choose your usual account.
    • Open the extracted SDFix folder and double click RunThis.bat to start the script.
    • Type Y to begin the cleanup process.
    • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
    • Press any Key and it will restart the PC.
    • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
    • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
      (Report.txt will also be copied to Clipboard ready for posting back on the forum).
    • Finally paste the contents of the Report.txt back on the forum with a new HijackThis log

    =======================================

    Download Combofix and save it to your desktop.

    **Note: It is important that it is saved directly to your desktop**

    --------------------------------------------------------------------

    1. Close any open browsers.

    2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    --------------------------------------------------------------------

    Double click on combofix.exe & follow the prompts.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.
    Note:
    Do not mouseclick combofix's window while it's running. That may cause it to stall
     
  3. devilti

    devilti Thread Starter

    Joined:
    Nov 2, 2007
    Messages:
    11
    will the new programs delete the malware? Or just tell me lik a log

    Thx at least now I won't hav to do things blindly.
    thank u very much
     
  4. sjpritch25

    sjpritch25

    Joined:
    Sep 8, 2005
    Messages:
    9,113
    They will remove the malware found and produce logs for me to analyze.
     
  5. devilti

    devilti Thread Starter

    Joined:
    Nov 2, 2007
    Messages:
    11
    kk, heres my sd fix


    SDFix: Version 1.113

    Run by Linbgo Li on 11/03/2007 Sat at 10:26 AM

    Microsoft Windows XP [Version 5.1.2600]

    Running From: C:\SDFix

    Safe Mode:
    Checking Services:


    Restoring Windows Registry Values
    Restoring Windows Default Hosts File

    Rebooting...


    Normal Mode:
    Checking Files:

    Trojan Files Found:

    C:\WINDOWS\SYSTEM32\CNFMON.EXE - Deleted
    C:\WINDOWS\SYSTEM32\JULYSOFT.EXE - Deleted
    C:\WINDOWS\antiv.exe - Deleted
    C:\WINDOWS\bindmod.dll - Deleted
    C:\WINDOWS\dat.txt - Deleted
    C:\WINDOWS\hupsrv.dll - Deleted
    C:\WINDOWS\system32\spool.exe - Deleted
    C:\WINDOWS\system32\spool.exe - Deleted
    C:\WINDOWS\wtopmod.exe - Deleted



    Removing Temp Files...

    ADS Check:

    C:\WINDOWS
    No streams found.

    C:\WINDOWS\system32
    No streams found.

    C:\WINDOWS\system32\svchost.exe
    No streams found.

    C:\WINDOWS\system32\ntoskrnl.exe
    No streams found.



    Final Check:

    catchme 0.3.1253 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-11-03 10:31:47
    Windows 5.1.2600 Service Pack 2 FAT NTAPI

    scanning hidden processes ...

    scanning hidden services ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden processes: 0
    hidden services: 0
    hidden files: 0


    Remaining Services:
    ------------------



    Authorized Application Key Export:

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

    Remaining Files:
    ---------------

    File Backups: - C:\SDFix\backups\backups.zip

    Files with Hidden Attributes:

    Thu 1 Jun 2006 1,024 ...HR --- "C:\WINDOWS\system32\NTICDMK7.dll"
    Thu 1 Jun 2006 1,024 ...HR --- "C:\WINDOWS\system32\NTIMP3.dll"
    Thu 1 Jun 2006 1,024 ...HR --- "C:\WINDOWS\system32\NTIMPEG2.dll"
    Thu 1 Jun 2006 1,024 ...HR --- "C:\WINDOWS\system32\NTIFCD3.dll"
    Thu 1 Jun 2006 1,024 ...HR --- "C:\WINDOWS\system32\NTIBUN4.dll"
    Wed 17 Oct 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\fe95c915e785c18bf9cc0792fb5a73df\BIT1.tmp"

    Finished!


    and heres my combofix


    ComboFix 07-11-02.3 - Linbgo Li 2007-11-03 10:37:46.2 - FAT32x86
    Microsoft Windows XP Professional 5.1.2600.2.936.86.1033.18.310 [GMT -6:00]
    Running from: C:\Documents and Settings\Linbgo Li\Desktop\ComboFix(1).exe
    * Created a new restore point
    .

    ((((((((((((((((((((((((( Files Created from 2007-10-03 to 2007-11-03 )))))))))))))))))))))))))))))))
    .

    2007-11-03 10:39 <DIR> d-------- C:\WINDOWS\system32\LogFiles
    2007-11-03 10:24 <DIR> d-------- C:\WINDOWS\ERUNT
    2007-11-02 19:27 51,200 --a------ C:\WINDOWS\NirCmd.exe
    2007-11-02 19:11 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
    2007-11-02 19:11 <DIR> d-------- C:\Documents and Settings\Linbgo Li\Application Data\SUPERAntiSpyware.com
    2007-11-02 19:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
    2007-11-02 18:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TEMP
    2007-11-02 18:00 <DIR> d-------- C:\Program Files\Spyware Doctor
    2007-11-02 18:00 <DIR> d-------- C:\Documents and Settings\Linbgo Li\Application Data\PC Tools
    2007-11-02 18:00 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
    2007-11-02 18:00 79,688 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
    2007-11-02 18:00 62,280 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
    2007-11-02 18:00 41,288 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
    2007-11-02 18:00 29,000 --a------ C:\WINDOWS\system32\drivers\kcom.sys
    2007-11-02 17:33 <DIR> d-------- C:\Program Files\Enigma Software Group
    2007-11-02 16:44 <DIR> d-------- C:\!KillBox
    2007-11-01 22:41 <DIR> d-------- C:\Documents and Settings\Linbgo Li\Application Data\Apple Computer
    2007-11-01 22:38 <DIR> d-------- C:\Program Files\iTunes
    2007-11-01 22:38 <DIR> d-------- C:\Program Files\iPod
    2007-11-01 22:37 <DIR> d-------- C:\Program Files\QuickTime
    2007-11-01 22:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
    2007-11-01 22:36 <DIR> d-------- C:\Program Files\Apple Software Update
    2007-11-01 22:36 30,336 --a------ C:\WINDOWS\system32\drivers\usbaapl.sys
    2007-11-01 22:35 <DIR> d-------- C:\Program Files\Common Files\Apple
    2007-11-01 22:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
    2007-11-01 22:27 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
    2007-11-01 22:27 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
    2007-11-01 22:27 15,104 --a------ C:\WINDOWS\system32\dllcache\usbscan.sys
    2007-11-01 22:27 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
    2007-11-01 22:16 <DIR> d-------- C:\Program Files\Lavasoft
    2007-11-01 22:16 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
    2007-11-01 22:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
    2007-11-01 21:10 4,492 --a------ C:\WINDOWS\system32\tmp.reg
    2007-11-01 21:00 <DIR> d--h----- C:\WINDOWS\PIF
    2007-11-01 20:59 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
    2007-11-01 20:59 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
    2007-11-01 20:59 53,248 --a------ C:\WINDOWS\system32\Process.exe
    2007-11-01 20:59 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
    2007-11-01 20:59 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
    2007-11-01 20:58 <DIR> d-------- C:\Documents and Settings\Linbgo Li\SmitfraudFix
    2007-11-01 20:29 32 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
    2007-11-01 20:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
    2007-11-01 20:25 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
    2007-11-01 20:23 <DIR> d-------- C:\WINDOWS\Internet Logs
    2007-11-01 17:43 <DIR> d-------- C:\Documents and Settings\Linbgo Li\Application Data\PCSecureSystem
    2007-11-01 17:42 24,064 --a------ C:\WINDOWS\system32\msxml3a.dll
    2007-11-01 17:39 <DIR> d-------- C:\Documents and Settings\Linbgo Li\Application Data\YourPrivacyGuard
    2007-11-01 17:33 <DIR> d-------- C:\Program Files\Common Files\YourPrivacyGuard
    2007-10-29 01:03 <DIR> d-------- C:\Program Files\&#39118;&#24433;Flash&#25773;&#25918;&#22120;
    2007-10-26 16:03 <DIR> d-------- C:\Program Files\MSXML 4.0
    2007-10-26 11:47 <DIR> d-------- C:\Program Files\Google
    2007-10-26 11:47 <DIR> d-------- C:\Program Files\FlashGet
    2007-10-26 11:36 <DIR> d-------- C:\Program Files\Silkroad
    2007-10-26 10:36 <DIR> d-------- C:\Documents and Settings\Linbgo Li\Application Data\uTorrent
    2007-10-22 23:12 <DIR> d-------- C:\Documents and Settings\Linbgo Li\Contacts
    2007-10-22 23:11 <DIR> d-------- C:\Program Files\MSN Messenger
    2007-10-19 16:14 <DIR> d-------- C:\downloads
    2007-10-19 16:14 <DIR> d-------- C:\Documents and Settings\Linbgo Li\Incomplete
    2007-10-19 16:13 <DIR> d-------- C:\Documents and Settings\Linbgo Li\Application Data\LimeWire
    2007-10-19 16:12 <DIR> d-------- C:\Program Files\Java
    2007-10-19 16:11 <DIR> d--hs---- C:\Recycled
    2007-10-19 16:11 <DIR> d-------- C:\Program Files\LimeWire
    2007-10-19 16:11 <DIR> d-------- C:\Program Files\Common Files\Java
    2007-10-19 01:01 <DIR> d---s---- C:\Documents and Settings\Linbgo Li\UserData
    2007-10-18 19:50 <DIR> d-------- C:\Program Files\Skype
    2007-10-18 19:50 <DIR> d-------- C:\Program Files\Common Files\Skype
    2007-10-18 19:50 <DIR> d-------- C:\Documents and Settings\Linbgo Li\Application Data\Skype
    2007-10-18 19:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Skype
    2007-10-17 18:47 17,920 --a------ C:\WINDOWS\system32\mdimon.dll
    2007-10-17 18:46 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
    2007-10-17 18:44 <DIR> d-------- C:\WINDOWS\SHELLNEW
    2007-10-17 18:44 <DIR> d-------- C:\Program Files\Microsoft.NET
    2007-10-17 09:47 23,040 --------- C:\WINDOWS\kb913800.exe
    2007-10-15 21:31 <DIR> d-------- C:\WINDOWS\system32\PPLive
    2007-10-15 21:30 <DIR> d-------- C:\Program Files\PPLive
    2007-10-15 21:30 <DIR> d-------- C:\Documents and Settings\Linbgo Li\Application Data\PPLive
    2007-10-15 21:17 <DIR> d-------- C:\jcb_gx
    2007-10-15 21:17 212,992 --a------ C:\WINDOWS\TdxUnInstall.exe
    2007-10-15 21:02 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
    2007-10-15 21:02 12,160 --a------ C:\WINDOWS\system32\dllcache\mouhid.sys
    2007-10-15 21:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
    2007-10-15 21:02 9,600 --a------ C:\WINDOWS\system32\dllcache\hidusb.sys
    2007-10-15 15:03 <DIR> d-------- C:\Program Files\support.com
    2007-10-15 15:03 <DIR> d-------- C:\Program Files\Common Files\SupportSoft
    2007-10-09 08:38 1,168,896 --a------ C:\WINDOWS\system32\ERUpdateHidden.EXE
    2007-10-09 08:38 258,048 --a------ C:\WINDOWS\system32\Uninstall_eRecovery.exe
    2007-10-09 08:38 258,048 --a------ C:\WINDOWS\system32\CheckD2DSystem.exe
    2007-10-09 08:38 159,744 --a------ C:\WINDOWS\system32\CloseProcessWindow.dll
    2007-10-09 08:38 16,384 --a------ C:\WINDOWS\system32\ClearEvent.exe
    2007-10-09 08:37 <DIR> d-------- C:\WINDOWS\Options
    2007-10-09 08:35 <DIR> d-------- C:\Program Files\Synaptics
    2007-10-09 08:35 <DIR> d-------- C:\Program Files\Launch Manager
    2007-10-09 08:35 192,672 --a------ C:\WINDOWS\system32\drivers\SynTP.sys
    2007-10-09 08:35 114,688 --a------ C:\WINDOWS\system32\SynCtrl.dll
    2007-10-09 08:35 94,298 --a------ C:\WINDOWS\system32\SynTPAPI.dll
    2007-10-09 08:35 82,013 --a------ C:\WINDOWS\system32\SynCOM.dll
    2007-10-09 08:35 81,920 --a------ C:\WINDOWS\system32\SynTPCo2.dll
    2007-10-09 08:35 69,722 --a------ C:\WINDOWS\system32\SynTPFcs.dll
    2007-10-09 08:33 2,879,488 --a------ C:\WINDOWS\SkyTel.exe
    2007-10-09 08:33 135,168 --a------ C:\WINDOWS\system32\RtlCPAPI.dll

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-11-03 16:18 32 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
    2007-09-06 22:14 75,248 ----a-w C:\WINDOWS\zllsputility.exe
    2007-09-06 22:14 1,086,952 ----a-w C:\WINDOWS\system32\zpeng24.dll
    2007-08-22 12:55 96,256 ----a-w C:\WINDOWS\system32\dllcache\inseng.dll
    2007-08-22 12:55 665,600 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
    2007-08-22 12:55 617,984 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
    2007-08-22 12:55 55,808 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll
    2007-08-22 12:55 532,480 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
    2007-08-22 12:55 474,112 ----a-w C:\WINDOWS\system32\dllcache\shlwapi.dll
    2007-08-22 12:55 449,024 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
    2007-08-22 12:55 39,424 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
    2007-08-22 12:55 357,888 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
    2007-08-22 12:55 3,064,832 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
    2007-08-22 12:55 251,904 ----a-w C:\WINDOWS\system32\dllcache\iepeers.dll
    2007-08-22 12:55 205,824 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
    2007-08-22 12:55 16,384 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
    2007-08-22 12:55 151,040 ----a-w C:\WINDOWS\system32\dllcache\cdfview.dll
    2007-08-22 12:55 146,432 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
    2007-08-22 12:55 1,498,112 ----a-w C:\WINDOWS\system32\dllcache\shdocvw.dll
    2007-08-22 12:55 1,054,208 ----a-w C:\WINDOWS\system32\dllcache\danim.dll
    2007-08-22 12:55 1,022,976 ----a-w C:\WINDOWS\system32\dllcache\browseui.dll
    2007-08-21 10:19 18,432 ----a-w C:\WINDOWS\system32\dllcache\iedw.exe
    2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
    2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\system32\dllcache\inetcomm.dll
    .

    ((((((((((((((((((((((((((((( [email protected]_19.57.01.26 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2007-03-13 16:57:12 163,328 ----a-w C:\WINDOWS\erdnt\subs\F3M\ERDNT.EXE
    + 2007-11-03 04:37:02 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
    + 2007-11-03 16:25:30 2,924,544 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000001\ntuser.dat
    + 2007-11-03 16:25:30 172,032 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat
    + 2007-11-03 04:37:02 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE
    + 2007-11-03 16:24:54 2,924,544 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000001\ntuser.dat
    + 2007-11-03 16:24:54 172,032 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat
    + 2007-11-03 16:31:00 16,384 ----a-w C:\WINDOWS\Temp\Perflib_Perfdata_5e4.dat
    + 2007-11-03 16:34:12 16,384 ----a-w C:\WINDOWS\Temp\Perflib_Perfdata_7e4.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 13:56]
    "LaunchApp"="" []
    "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 17:41]
    "AzMixerSel"="C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" [2006-04-14 22:35]
    "ntiMUI"="C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2005-05-11 17:15]
    "Acer ePresentation HPD"="C:\Acer\Empowering Technology\ePresentation\ePresentation.exe" [2006-03-31 16:39]
    "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-10 20:00]
    "MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-10 20:00]
    "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-10 20:00]
    "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-10 20:00]
    "ePower_DMC"="C:\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-05-30 12:11]
    "Boot"="C:\Acer\Empowering Technology\ePower\Boot.exe" [2006-03-15 22:12]
    "RTHDCPL"="RTHDCPL.EXE" [2006-05-17 23:27 C:\WINDOWS\RTHDCPL.exe]
    "SkyTel"="SkyTel.EXE" [2006-05-16 03:04 C:\WINDOWS\SkyTel.exe]
    "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-03 13:07]
    "LManager"="C:\PROGRA~1\LAUNCH~1\LManager.exe" [2006-06-23 06:59]
    "eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\eRAgent.exe" [2006-06-01 14:40]
    "IMSCMig"="C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.exe" [2003-07-14 22:57]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
    "Flashget"="C:\Program Files\FlashGet\FlashGet.exe" [2007-09-25 02:10]
    "Salestart(1)"="C:\Program Files\Common Files\YourPrivacyGuard\mc.exe" []
    "ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-09-06 16:14]
    "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 14:42]
    "SpyHunter"="C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe" [2007-04-26 18:03]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 20:00]
    "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-09-13 13:31]
    "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-10-31 16:58]
    "Salestart"="C:\Program Files\Common Files\YourPrivacyGuard\mc.exe" []
    "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06]
    Acer Empowering Technology.lnk - C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe [2006-03-27 11:37:58]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
    "InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

    R0 UBHelper;UBHelper;C:\WINDOWS\system32\drivers\UBHelper.sys
    R2 DritekPortIO;Dritek General Port I/O;\??\C:\PROGRA~1\LAUNCH~1\DPortIO.sys
    R2 int15;int15;\??\C:\WINDOWS\system32\drivers\int15.sys
    R2 tvicport;tvicport;\??\C:\WINDOWS\system32\drivers\tvicport.sys
    R3 DKbFltr;Dritek Keyboard Filter Driver;C:\WINDOWS\system32\DRIVERS\DKbFltr.sys
    R3 EMSCR;EMSCR;C:\WINDOWS\system32\DRIVERS\EMS7SK.sys
    R3 ESDCR;ESDCR;C:\WINDOWS\system32\DRIVERS\ESD7SK.sys
    R3 ESMCR;ESMCR;C:\WINDOWS\system32\DRIVERS\ESM7SK.sys
    R3 USBAAPL;Apple Mobile USB Driver;C:\WINDOWS\system32\Drivers\usbaapl.sys
    S2 eLock2BurnerLockDriver;eLock2BurnerLockDriver;\??\C:\WINDOWS\system32\eLock2BurnerLockDriver.sys
    S2 eLock2FSCTLDriver;eLock2FSCTLDriver;\??\C:\WINDOWS\system32\eLock2FSCTLDriver.sys
    S2 WindowsDriver;WindowsDriver;C:\WINDOWS\system32\spool.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5594bb7e-85e1-11dc-9dbe-0016d4183ba7}]
    \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL \SystemVolumeInformation\system.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7872b7ec-7d29-11dc-9da6-0016cf2b85c6}]
    \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL \SystemVolumeInformation\system.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e1aef5fa-7b61-11dc-9d9d-0016d4183ba7}]
    \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL \SystemVolumeInformation\system.exe

    .
    Contents of the 'Scheduled Tasks' folder
    "2007-11-02 04:36:28 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    .
    **************************************************************************

    catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-11-03 10:40:12
    Windows 5.1.2600 Service Pack 2 FAT NTAPI

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2007-11-03 10:41:37
    C:\ComboFix2.txt ... 2007-11-02 19:58
    .
    --- E O F ---




    Thx again.
     
  6. sjpritch25

    sjpritch25

    Joined:
    Sep 8, 2005
    Messages:
    9,113
    Please post a fresh Hijackthis log. Thanks
     
  7. devilti

    devilti Thread Starter

    Joined:
    Nov 2, 2007
    Messages:
    11
    ok here it is


    Logfile of HijackThis v1.99.1
    Scan saved at 11:14:26 AM, on 11/3/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\ehome\mcrdsvc.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\PROGRA~1\LAUNCH~1\LManager.exe
    C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
    C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
    C:\Program Files\FlashGet\FlashGet.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
    C:\WINDOWS\system32\wbem\unsecapp.exe
    C:\Program Files\Skype\Plugin Manager\skypePM.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\WINDOWS\system32\conime.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\internet explorer\iexplore.exe
    C:\Downloads\SRO_GlobalOfficial_v1_110_Downloader.exe
    C:\DOCUME~1\LINBGO~1\LOCALS~1\Temp\nsrF.tmp\utorrent.exe
    C:\DOCUME~1\LINBGO~1\LOCALS~1\Temp\Rar$EX01.890\HijackThis.exe

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
    O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
    O4 - HKLM\..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
    O4 - HKLM\..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
    O4 - HKLM\..\Run: [Boot] C:\Acer\Empowering Technology\ePower\Boot.exe
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
    O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
    O4 - HKLM\..\Run: [IMSCMig] C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
    O4 - HKLM\..\Run: [Flashget] "C:\Program Files\FlashGet\FlashGet.exe" /min
    O4 - HKLM\..\Run: [Salestart(1)] "C:\Program Files\Common Files\YourPrivacyGuard\mc.exe" dm=http://yourprivacyguard.com; ad=http://yourprivacyguard.com
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [SpyHunter] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [Salestart] "C:\Program Files\Common Files\YourPrivacyGuard\mc.exe" dm=http://yourprivacyguard.com; ad=http://yourprivacyguard.com
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Acer Empowering Technology.lnk = %SystemDrive%\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
    O8 - Extra context menu item: &&#20351;&#29992;&#24555;&#36710;(FlashGet)&#19979;&#36733; - C:\Program Files\FlashGet\jc_link.htm
    O8 - Extra context menu item: &&#20351;&#29992;&#24555;&#36710;(FlashGet)&#19979;&#36733;&#20840;&#37096;&#38142;&#25509; - C:\Program Files\FlashGet\jc_all.htm
    O8 - Extra context menu item: &#23548;&#20986;&#21040; Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: D??&#65504;?ì?÷ - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: ?ì3&#956; - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
    O9 - Extra 'Tools' menuitem: ?ì3&#956;(FlashGet) - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe
    O23 - Service: WindowsDriver - Unknown owner - C:\WINDOWS\system32\spool.exe (file missing)
     
  8. devilti

    devilti Thread Starter

    Joined:
    Nov 2, 2007
    Messages:
    11
    did i do everything right?

    is teh malware gone?
     
  9. sjpritch25

    sjpritch25

    Joined:
    Sep 8, 2005
    Messages:
    9,113
    In the following quote, please copy (Ctrl+C) and Paste (Ctrl+V) the text in Notepad. Save it as All Files and name it ServicesFix.bat. Save it to your Desktop.
    Doubleclick on ServicesFix.bat. It will open and close quickly. That is normal.


    =======================================

    Run HijackThis, and press "Do a System Scan Only".
    1. When the scan is complete place a check mark next to the following entries:

    O4 - HKLM\..\Run: [Salestart(1)] "C:\Program Files\Common Files\YourPrivacyGuard\mc.exe" dm=http://yourprivacyguard.com; ad=http://yourprivacyguard.com
    O4 - HKCU\..\Run: [Salestart] "C:\Program Files\Common Files\YourPrivacyGuard\mc.exe" dm=http://yourprivacyguard.com; ad=http://yourprivacyguard.com

    2. After checking these items CLOSE ALL open windows EXCEPT HijackThis and click "Fix Checked." Then, reboot your computer...


    ==================================


    Please perform a scan with Panda ActiveScan - ActiveScan does not remove adware/spyware but will autoclean for viruses & worms.
    1. Click "Scan Your PC".
    2. A new window will open. Click "Check Now!".
    3. Fill in your registration and click "Scan Now!".
    4. You may receive an alert on the address bar that "This site might require the following ActiveX control...Click here to install...". Click on that alert and then Click Install ActiveX component.
    5. A new window will appear asking "Do you want to install this software?"" Name: asinst.cab.
    6. Select "Install" to download the ActiveX controls that allows ActiveScan to run.
    7. If running MSAS beta you may receive an alert that an IE ActiveX program requires your approval. Click "Allow".
    8. Select a device to scan: Click on "Local Disks" [allow it to Auto Clean].
    9. When the scan completes, if anything malicious is detected, click the "See Report button", then "Save Report" to your desktop. 10. Post back the results of your scan and any infected files that are found but not deleted.
     
  10. devilti

    devilti Thread Starter

    Joined:
    Nov 2, 2007
    Messages:
    11
    k.


    Incident Status Location

    Potentially unwanted tool:Application/Processor Not disinfected C:\WINDOWS\SYSTEM32\Process.exe
    Virus:Trj/Downloader.QBT Disinfected C:\WINDOWS\SYSTEM32\SVHIST.EXE
    Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\WINDOWS\NirCmd.exe
    Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Linbgo Li\Desktop\SmitfraudFix\Process.exe
    Virus:Trj/Rebooter.J Disinfected C:\Documents and Settings\Linbgo Li\Desktop\SmitfraudFix\Reboot.exe
    Potentially unwanted tool:Application/SuperFast Not disinfected C:\Documents and Settings\Linbgo Li\Desktop\SmitfraudFix\RESTART.EXE
    Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Linbgo Li\Desktop\SDFix.exe[SDFix\apps\Process.exe]
    Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Documents and Settings\Linbgo Li\Desktop\ComboFix(1).exe[nircmd.exe]
    Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Documents and Settings\Linbgo Li\Desktop\ComboFix(1).exe[nircmd.cfexe]
    Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Linbgo Li\SmitfraudFix\Process.exe
    Virus:Trj/Rebooter.J Disinfected C:\Documents and Settings\Linbgo Li\SmitfraudFix\Reboot.exe
    Potentially unwanted tool:Application/SuperFast Not disinfected C:\Documents and Settings\Linbgo Li\SmitfraudFix\RESTART.EXE
    Adware:Adware/BaiduBar Not disinfected C:\downloads\wrar371sc-skycn(1).exe[setup2.exe][BaiduBar.dll]
    Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\fixwareout\FindT\NIRCMD.EXE
    Hacktool:Rootkit/Baidu Not disinfected C:\QOOBOX\Quarantine\C\WINDOWS\SYSTEM32\DRIVERS\bdguard.sys.vir
    Virus:Generic Malware Disinfected C:\QOOBOX\Quarantine\C\Program Files\BAIDU\BAR\BaiduBar.dll.vir
    Adware:Adware/BaiduBar Not disinfected C:\QOOBOX\Quarantine\C\Program Files\BAIDU\BAR\bdgdins.dll.vir
    Potentially unwanted tool:Application/Processor Not disinfected C:\SDFix\APPS\Process.exe
    Virus:Trj/Nabload.ACN Disinfected C:\SDFix\BACKUPS\BACKUPS.ZIP[backups/spool.exe]
     
  11. devilti

    devilti Thread Starter

    Joined:
    Nov 2, 2007
    Messages:
    11
    should i take other actions since it said stuff like admwares not deleted.

    would u like a hijack log o smthning else?
     
  12. devilti

    devilti Thread Starter

    Joined:
    Nov 2, 2007
    Messages:
    11
    is there anything i can do to delete the adwares?

    plz help.
     
  13. sjpritch25

    sjpritch25

    Joined:
    Sep 8, 2005
    Messages:
    9,113
    Just some leftover files created by the tools. Not a big deal

    Please DELETE the following folder(s) IF STILL PRESENT. You can use Windows Explorer to navigate or use Windows Search feature to locate them.

    Folders:
    C:\Documents and Settings\Linbgo Li\Desktop\SmitfraudFix <-- this folder
    C:\Documents and Settings\Linbgo Li\SmitfraudFix <-- this folder
    C:\SDFix <-- this folder


    Files:
    C:\Documents and Settings\Linbgo Li\Desktop\SDFix.exe <-- this file
    C:\downloads\wrar371sc-skycn(1).exe <-- this file


    how is everything running??? please post a fresh Hijackthis log. Thanks.
     
  14. devilti

    devilti Thread Starter

    Joined:
    Nov 2, 2007
    Messages:
    11
    well te laptop is still slow. in fact slower
    but no pop ups or any false system warnings

    heres my hijack log

    Logfile of HijackThis v1.99.1
    Scan saved at 4:53:29 PM, on 11/6/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ZONELABS\vsmon.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spool.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\drivers\conime.exe
    C:\WINDOWS\system32\oxhqbg.exe
    C:\WINDOWS\system32\severe.exe
    C:\WINDOWS\system32\conime.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\PROGRA~1\LAUNCH~1\LManager.exe
    C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
    C:\Program Files\FlashGet\FlashGet.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Skype\Plugin Manager\skypePM.exe
    C:\WINDOWS\system32\wbem\unsecapp.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\DOCUME~1\LINBGO~1\LOCALS~1\Temp\Rar$EX00.969\HijackThis.exe

    F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\drivers\conime.exe
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
    O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
    O4 - HKLM\..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
    O4 - HKLM\..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
    O4 - HKLM\..\Run: [Boot] C:\Acer\Empowering Technology\ePower\Boot.exe
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
    O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
    O4 - HKLM\..\Run: [IMSCMig] C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
    O4 - HKLM\..\Run: [Flashget] "C:\Program Files\FlashGet\FlashGet.exe" /min
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [SpyHunter] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe
    O4 - HKLM\..\Run: [Storm2Set] C:\WINDOWS\system32\rundll32.exe "C:\PROGRA~1\StormII\StormSet.dll",CheckEnv
    O4 - HKLM\..\Run: [dnenay] C:\WINDOWS\system32\oxhqbg.exe
    O4 - HKLM\..\Run: [oxhqbg] C:\WINDOWS\system32\severe.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Acer Empowering Technology.lnk = %SystemDrive%\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
    O8 - Extra context menu item: &&#20351;&#29992;&#24555;&#36710;(FlashGet)&#19979;&#36733; - C:\Program Files\FlashGet\jc_link.htm
    O8 - Extra context menu item: &&#20351;&#29992;&#24555;&#36710;(FlashGet)&#19979;&#36733;&#20840;&#37096;&#38142;&#25509; - C:\Program Files\FlashGet\jc_all.htm
    O8 - Extra context menu item: &#23548;&#20986;&#21040; Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: D??&#65504;?ì?÷ - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: ?ì3&#956; - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
    O9 - Extra 'Tools' menuitem: ?ì3&#956;(FlashGet) - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe
    O23 - Service: WindowsDriver - Unknown owner - C:\WINDOWS\system32\spool.exe

    thx
     
  15. sjpritch25

    sjpritch25

    Joined:
    Sep 8, 2005
    Messages:
    9,113
    Sorry for the delay, please delete your current copy of ComboFix.exe from your Desktop. Lets download another copy. You are still infected.


    Download Combofix and save it to your desktop.

    **Note: It is important that it is saved directly to your desktop**

    --------------------------------------------------------------------

    1. Close any open browsers.

    2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    --------------------------------------------------------------------

    Double click on combofix.exe & follow the prompts.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.
    Note:
    Do not mouseclick combofix's window while it's running. That may cause it to stall
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/647149

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice