plz help. malware problem

[devilti]

i tried many ultimate cleaner removal programs and some problems hav gone away like the background. but i still hav slot of problem. so help would really reall appreciate help

hav about the same syptomes every1 has but i hav way more infections that they do. almost every catagory is severe with 100+ infections.

also can anyone tell me wat HKEY_LOCAL is? this is where the threats r found. i havno idea on how to delete them. just by telln me how would help too

my hijack after i ran the removal programs

Logfile of HijackThis v1.99.1
Scan saved at 10:37:45 PM, on 11/2/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spool.exe
C:\WINDOWS\system32\taskmg.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\FlashGet\FlashGet.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\svhist.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\internet explorer\iexplore.exe
C:\DOCUME~1\LINBGO~1\LOCALS~1\Temp\Rar$EX00.922\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: MSVPS System - {88418AA3-16F5-4FC2-A9D8-90B1266DF841} - C:\WINDOWS\nsduo.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: The sdrmod - {521A5897-9EA7-43B4-A51D-B4C11D67BEEF} - C:\WINDOWS\SDRMOD.DLL (file missing)
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Boot] C:\Acer\Empowering Technology\ePower\Boot.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
O4 - HKLM\..\Run: [IMSCMig] C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Flashget] "C:\Program Files\FlashGet\FlashGet.exe" /min
O4 - HKLM\..\Run: [Salestart(1)] "C:\Program Files\Common Files\YourPrivacyGuard\mc.exe" dm=http://yourprivacyguard.com; ad=http://yourprivacyguard.com
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SpyHunter] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Salestart] "C:\Program Files\Common Files\YourPrivacyGuard\mc.exe" dm=http://yourprivacyguard.com; ad=http://yourprivacyguard.com
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Acer Empowering Technology.lnk = %SystemDrive%\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
O8 - Extra context menu item: &使用快车(FlashGet)下载 - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &使用快车(FlashGet)下载全部链接 - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: 导出到 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: D??￠?ì?÷ - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ?ì3μ - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: ?ì3μ(FlashGet) - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O21 - SSODL: msmhost - {55992B54-1A6F-448C-B431-81E8C761AFD4} - C:\WINDOWS\msmhost.dll
O21 - SSODL: msmdev - {4A2269CE-2699-4A4D-B8BE-671368014894} - C:\WINDOWS\msmdev.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe
O23 - Service: WindowsDriver - Unknown owner - C:\WINDOWS\system32\spool.exe


Heres my combofix.....

ComboFix 07-11-01.1 - Linbgo Li 2007-11-02 19:43:30.1 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.936.86.1033.18.239 [GMT -6:00]
Running from: C:\Downloads\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data.\salesmonitor
C:\Documents and Settings\Linbgo Li\Application Data\install_en[1].exe
C:\Documents and Settings\Linbgo Li\Application Data\installer_en[1].exe
C:\Documents and Settings\Linbgo Li\Favorites\Error Cleaner.url
C:\Documents and Settings\Linbgo Li\Favorites\Privacy Protector.url
C:\Documents and Settings\Linbgo Li\Favorites\Spyware&Malware Protection.url
C:\Documents and Settings\Linbgo Li\Local Settings\Application Data\baidu
C:\Documents and Settings\Linbgo Li\ResErrors.log
C:\Program Files\baidu\bar\baidubar.dat
C:\Program Files\baidu\bar\BaiduBar.dll
C:\Program Files\baidu\bar\bdgdins.dll
C:\Program Files\baidu\bar\img\imglist.bmp
C:\Program Files\baidu\bar\img\logo.bmp
C:\Program Files\baidu\bar\loadmovie.swf
C:\UGA6P
C:\WINDOWS\dat.txt
C:\WINDOWS\privacy_danger
C:\WINDOWS\privacy_danger\images\capt.gif
C:\WINDOWS\privacy_danger\images\danger.jpg
C:\WINDOWS\privacy_danger\images\down.gif
C:\WINDOWS\privacy_danger\images\spacer.gif
C:\WINDOWS\privacy_danger\index.htm
C:\WINDOWS\rs.txt
C:\WINDOWS\sdrmod.dll
C:\WINDOWS\search_res.txt
C:\WINDOWS\system32\BDGuard.DAT
C:\WINDOWS\system32\BDGuardS.DAT
C:\WINDOWS\system32\drivers\bdguard.sys
C:\WINDOWS\system32\iexp_log.txt

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_BDGUARD
-------\LEGACY_FMTR
-------\BdGuard


((((((((((((((((((((((((( Files Created from 2007-10-03 to 2007-11-03 )))))))))))))))))))))))))))))))
.

2007-11-02 19:27 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-02 19:11 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-11-02 19:11 <DIR> d-------- C:\Documents and Settings\Linbgo Li\Application Data\SUPERAntiSpyware.com
2007-11-02 19:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-11-02 18:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TEMP
2007-11-02 18:00 <DIR> d-------- C:\Program Files\Spyware Doctor
2007-11-02 18:00 <DIR> d-------- C:\Documents and Settings\Linbgo Li\Application Data\PC Tools
2007-11-02 18:00 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-11-02 18:00 79,688 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2007-11-02 18:00 62,280 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2007-11-02 18:00 41,288 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2007-11-02 18:00 29,000 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2007-11-02 17:33 <DIR> d-------- C:\Program Files\Enigma Software Group
2007-11-02 16:44 <DIR> d-------- C:\!KillBox
2007-11-01 22:41 <DIR> d-------- C:\Documents and Settings\Linbgo Li\Application Data\Apple Computer
2007-11-01 22:38 <DIR> d-------- C:\Program Files\iTunes
2007-11-01 22:38 <DIR> d-------- C:\Program Files\iPod
2007-11-01 22:37 <DIR> d-------- C:\Program Files\QuickTime
2007-11-01 22:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-11-01 22:36 <DIR> d-------- C:\Program Files\Apple Software Update
2007-11-01 22:36 30,336 --a------ C:\WINDOWS\system32\drivers\usbaapl.sys
2007-11-01 22:35 <DIR> d-------- C:\Program Files\Common Files\Apple
2007-11-01 22:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2007-11-01 22:27 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2007-11-01 22:27 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2007-11-01 22:27 15,104 --a------ C:\WINDOWS\system32\dllcache\usbscan.sys
2007-11-01 22:27 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2007-11-01 22:16 <DIR> d-------- C:\Program Files\Lavasoft
2007-11-01 22:16 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-11-01 22:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-11-01 21:10 4,492 --a------ C:\WINDOWS\system32\tmp.reg
2007-11-01 21:00 <DIR> d--h----- C:\WINDOWS\PIF
2007-11-01 20:59 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2007-11-01 20:59 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-11-01 20:59 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-11-01 20:59 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-11-01 20:59 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2007-11-01 20:58 <DIR> d-------- C:\Documents and Settings\Linbgo Li\SmitfraudFix
2007-11-01 20:29 32 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-11-01 20:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2007-11-01 20:25 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2007-11-01 20:23 <DIR> d-------- C:\WINDOWS\Internet Logs
2007-11-01 19:40 0 --a------ C:\WINDOWS\system32\julysoft.exe
2007-11-01 17:43 <DIR> d-------- C:\Documents and Settings\Linbgo Li\Application Data\PCSecureSystem
2007-11-01 17:42 24,064 --a------ C:\WINDOWS\system32\msxml3a.dll
2007-11-01 17:39 <DIR> d-------- C:\Documents and Settings\Linbgo Li\Application Data\YourPrivacyGuard
2007-11-01 17:33 <DIR> d-------- C:\Program Files\Common Files\YourPrivacyGuard
2007-11-01 00:56 274,432 --a------ C:\WINDOWS\bindmod.dll
2007-11-01 00:56 253,952 --a------ C:\WINDOWS\advreprwd.dll
2007-11-01 00:56 245,760 --a------ C:\WINDOWS\hupsrv.dll
2007-11-01 00:56 143,360 --a------ C:\WINDOWS\wtopmod.exe
2007-10-29 01:03 <DIR> d-------- C:\Program Files\&#39118;&#24433;Flash&#25773;&#25918;&#22120;
2007-10-26 16:03 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-10-26 11:47 <DIR> d-------- C:\Program Files\Google
2007-10-26 11:47 <DIR> d-------- C:\Program Files\FlashGet
2007-10-26 11:36 <DIR> d-------- C:\Program Files\Silkroad
2007-10-26 10:36 <DIR> d-------- C:\Documents and Settings\Linbgo Li\Application Data\uTorrent
2007-10-22 23:12 <DIR> d-------- C:\Documents and Settings\Linbgo Li\Contacts
2007-10-22 23:11 <DIR> d-------- C:\Program Files\MSN Messenger
2007-10-19 16:14 <DIR> d-------- C:\downloads
2007-10-19 16:14 <DIR> d-------- C:\Documents and Settings\Linbgo Li\Incomplete
2007-10-19 16:13 <DIR> d-------- C:\Documents and Settings\Linbgo Li\Application Data\LimeWire
2007-10-19 16:12 <DIR> d-------- C:\Program Files\Java
2007-10-19 16:11 <DIR> d--hs---- C:\Recycled
2007-10-19 16:11 <DIR> d-------- C:\Program Files\LimeWire
2007-10-19 16:11 <DIR> d-------- C:\Program Files\Common Files\Java
2007-10-19 08:51 0 --a------ C:\WINDOWS\system32\cnfmon.exe
2007-10-19 01:01 <DIR> d---s---- C:\Documents and Settings\Linbgo Li\UserData
2007-10-18 19:50 <DIR> d-------- C:\Program Files\Skype
2007-10-18 19:50 <DIR> d-------- C:\Program Files\Common Files\Skype
2007-10-18 19:50 <DIR> d-------- C:\Documents and Settings\Linbgo Li\Application Data\Skype
2007-10-18 19:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Skype
2007-10-17 18:47 17,920 --a------ C:\WINDOWS\system32\mdimon.dll
2007-10-17 18:46 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
2007-10-17 18:44 <DIR> d-------- C:\WINDOWS\SHELLNEW
2007-10-17 18:44 <DIR> d-------- C:\Program Files\Microsoft.NET
2007-10-17 09:47 23,040 --------- C:\WINDOWS\kb913800.exe
2007-10-15 21:31 <DIR> d-------- C:\WINDOWS\system32\PPLive
2007-10-15 21:30 <DIR> d-------- C:\Program Files\PPLive
2007-10-15 21:30 <DIR> d-------- C:\Documents and Settings\Linbgo Li\Application Data\PPLive
2007-10-15 21:17 <DIR> d-------- C:\jcb_gx
2007-10-15 21:17 212,992 --a------ C:\WINDOWS\TdxUnInstall.exe
2007-10-15 21:02 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2007-10-15 21:02 12,160 --a------ C:\WINDOWS\system32\dllcache\mouhid.sys
2007-10-15 21:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2007-10-15 21:02 9,600 --a------ C:\WINDOWS\system32\dllcache\hidusb.sys
2007-10-15 15:03 <DIR> d-------- C:\Program Files\support.com
2007-10-15 15:03 <DIR> d-------- C:\Program Files\Common Files\SupportSoft
2007-10-09 08:38 1,168,896 --a------ C:\WINDOWS\system32\ERUpdateHidden.EXE
2007-10-09 08:38 258,048 --a------ C:\WINDOWS\system32\Uninstall_eRecovery.exe
2007-10-09 08:38 258,048 --a------ C:\WINDOWS\system32\CheckD2DSystem.exe
2007-10-09 08:38 159,744 --a------ C:\WINDOWS\system32\CloseProcessWindow.dll
2007-10-09 08:38 16,384 --a------ C:\WINDOWS\system32\ClearEvent.exe
2007-10-09 08:37 <DIR> d-------- C:\WINDOWS\Options
2007-10-09 08:35 <DIR> d-------- C:\Program Files\Synaptics
2007-10-09 08:35 <DIR> d-------- C:\Program Files\Launch Manager
2007-10-09 08:35 192,672 --a------ C:\WINDOWS\system32\drivers\SynTP.sys
2007-10-09 08:35 114,688 --a------ C:\WINDOWS\system32\SynCtrl.dll
2007-10-09 08:35 94,298 --a------ C:\WINDOWS\system32\SynTPAPI.dll
2007-10-09 08:35 82,013 --a------ C:\WINDOWS\system32\SynCOM.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-03 01:53 32 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2007-09-06 22:14 75,248 ----a-w C:\WINDOWS\zllsputility.exe
2007-09-06 22:14 1,086,952 ----a-w C:\WINDOWS\system32\zpeng24.dll
2007-08-22 12:55 96,256 ----a-w C:\WINDOWS\system32\dllcache\inseng.dll
2007-08-22 12:55 665,600 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
2007-08-22 12:55 617,984 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
2007-08-22 12:55 55,808 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll
2007-08-22 12:55 532,480 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
2007-08-22 12:55 474,112 ----a-w C:\WINDOWS\system32\dllcache\shlwapi.dll
2007-08-22 12:55 449,024 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-08-22 12:55 39,424 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
2007-08-22 12:55 357,888 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
2007-08-22 12:55 3,064,832 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-08-22 12:55 251,904 ----a-w C:\WINDOWS\system32\dllcache\iepeers.dll
2007-08-22 12:55 205,824 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
2007-08-22 12:55 16,384 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-08-22 12:55 151,040 ----a-w C:\WINDOWS\system32\dllcache\cdfview.dll
2007-08-22 12:55 146,432 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
2007-08-22 12:55 1,498,112 ----a-w C:\WINDOWS\system32\dllcache\shdocvw.dll
2007-08-22 12:55 1,054,208 ----a-w C:\WINDOWS\system32\dllcache\danim.dll
2007-08-22 12:55 1,022,976 ----a-w C:\WINDOWS\system32\dllcache\browseui.dll
2007-08-21 10:19 18,432 ----a-w C:\WINDOWS\system32\dllcache\iedw.exe
2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\system32\dllcache\inetcomm.dll
2007-07-28 16:29:34 343,040 --sha-r C:\WINDOWS\system32\taskmg.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{77FEF28E-EB96-44FF-B511-3185DEA48697}]
C:\PROGRA~1\baidu\bar\baidubar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7A22D62B-562F-4D55-8B1E-3AAA6C2BA688}]
2007-10-31 11:18 253952 --a------ C:\WINDOWS\advreprwd.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{B580CF65-E151-49C3-B73F-70B13FCA8E86}"= C:\PROGRA~1\baidu\bar\baidubar.dll [ ]
"{521A5897-9EA7-43B4-A51D-B4C11D67BEEF}"= C:\WINDOWS\SDRMOD.DLL [ ]

[HKEY_CLASSES_ROOT\CLSID\{B580CF65-E151-49C3-B73F-70B13FCA8E86}]
[HKEY_CLASSES_ROOT\BaiduBar.Baidu.1]
[HKEY_CLASSES_ROOT\TypeLib\{6AFC2761-1253-427C-9A56-385B4609BE1D}]
[HKEY_CLASSES_ROOT\BaiduBar.Baidu]

[HKEY_CLASSES_ROOT\CLSID\{521A5897-9EA7-43B4-A51D-B4C11D67BEEF}]
[HKEY_CLASSES_ROOT\sdrmod.ToolBar.1]
[HKEY_CLASSES_ROOT\TypeLib\{A17546CB-2CFA-451E-9367-98E3D9BE9B67}]
[HKEY_CLASSES_ROOT\sdrmod.ToolBar]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 13:56]
"LaunchApp"="" []
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 17:41]
"AzMixerSel"="C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" [2006-04-14 22:35]
"ntiMUI"="C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2005-05-11 17:15]
"@"="" []
"Acer ePresentation HPD"="C:\Acer\Empowering Technology\ePresentation\ePresentation.exe" [2006-03-31 16:39]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-10 20:00]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-10 20:00]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-10 20:00]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-10 20:00]
"ePower_DMC"="C:\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-05-30 12:11]
"Boot"="C:\Acer\Empowering Technology\ePower\Boot.exe" [2006-03-15 22:12]
"RTHDCPL"="RTHDCPL.EXE" [2006-05-17 23:27 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 03:04 C:\WINDOWS\SkyTel.exe]
"Alcmtr"="ALCMTR.EXE" [2005-05-03 03:43 C:\WINDOWS\Alcmtr.exe]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-03 13:07]
"LManager"="C:\PROGRA~1\LAUNCH~1\LManager.exe" [2006-06-23 06:59]
"eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\eRAgent.exe" [2006-06-01 14:40]
"IMSCMig"="C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.exe" [2003-07-14 22:57]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"Flashget"="C:\Program Files\FlashGet\FlashGet.exe" [2007-09-25 02:10]
"Salestart(1)"="C:\Program Files\Common Files\YourPrivacyGuard\mc.exe" []
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-09-06 16:14]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 14:42]
"SpyHunter"="C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe" [2007-04-26 18:03]
"SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2007-10-02 16:27]
"combofix"="C:\WINDOWS\system32\cmd.exe" [2004-08-10 20:00]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 20:00]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-09-13 13:31]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-10-31 16:58]
"Salestart"="C:\Program Files\Common Files\YourPrivacyGuard\mc.exe" []
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06]
Acer Empowering Technology.lnk - C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe [2006-03-27 11:37:58]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"hupsrv"= {C6E3841A-FA1B-40A8-A661-72E50B08911E} - C:\WINDOWS\hupsrv.dll [2007-10-31 11:18 245760]
"bindmod"= {B312A4F2-15EB-490E-9CE6-4BA911B5CA41} - C:\WINDOWS\bindmod.dll [2007-10-31 11:18 274432]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

R0 UBHelper;UBHelper;C:\WINDOWS\system32\drivers\UBHelper.sys
R2 DritekPortIO;Dritek General Port I/O;\??\C:\PROGRA~1\LAUNCH~1\DPortIO.sys
R2 int15;int15;\??\C:\WINDOWS\system32\drivers\int15.sys
R2 tvicport;tvicport;\??\C:\WINDOWS\system32\drivers\tvicport.sys
R2 WindowsDriver;WindowsDriver;C:\WINDOWS\system32\spool.exe
R3 DKbFltr;Dritek Keyboard Filter Driver;C:\WINDOWS\system32\DRIVERS\DKbFltr.sys
R3 EMSCR;EMSCR;C:\WINDOWS\system32\DRIVERS\EMS7SK.sys
R3 ESDCR;ESDCR;C:\WINDOWS\system32\DRIVERS\ESD7SK.sys
R3 ESMCR;ESMCR;C:\WINDOWS\system32\DRIVERS\ESM7SK.sys
S2 eLock2BurnerLockDriver;eLock2BurnerLockDriver;\??\C:\WINDOWS\system32\eLock2BurnerLockDriver.sys
S2 eLock2FSCTLDriver;eLock2FSCTLDriver;\??\C:\WINDOWS\system32\eLock2FSCTLDriver.sys
S3 USBAAPL;Apple Mobile USB Driver;C:\WINDOWS\system32\Drivers\usbaapl.sys

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5594bb7e-85e1-11dc-9dbe-0016d4183ba7}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL \SystemVolumeInformation\system.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7872b7ec-7d29-11dc-9da6-0016cf2b85c6}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL \SystemVolumeInformation\system.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e1aef5fa-7b61-11dc-9d9d-0016d4183ba7}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL \SystemVolumeInformation\system.exe

.
Contents of the 'Scheduled Tasks' folder
"2007-11-02 04:36:28 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-02 19:55:49
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-02 19:58:45 - machine was rebooted
.
--- E O F ---


help is really appreciated. after this once i hav time. ill learn how to analyze this crap. looks like i got alot to learn.

 

[sjpritch25]

Welcome to TSG

You have an old version of ComboFix, please delete ComboFix.exe from your My Downloads folder.


Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :

• Restart your computer
• After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
• Instead of Windows loading as normal, the Advanced Options Menu should appear;
• Select the first option, to run Windows in Safe Mode, then press Enter.
• Choose your usual account.

• Open the extracted SDFix folder and double click RunThis.bat to start the script.
• Type Y to begin the cleanup process.
• It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
• Press any Key and it will restart the PC.
• When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
• Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
  (Report.txt will also be copied to Clipboard ready for posting back on the forum).
• Finally paste the contents of the Report.txt back on the forum with a new HijackThis log

=======================================

Download Combofix and save it to your desktop.

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

--------------------------------------------------------------------

Double click on combofix.exe & follow the prompts.

• When finished, it will produce a report for you.
• Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall

 

[devilti]

will the new programs delete the malware? Or just tell me lik a log

Thx at least now I won't hav to do things blindly.
thank u very much

 

[sjpritch25]

They will remove the malware found and produce logs for me to analyze.

 

[devilti]

kk, heres my sd fix


SDFix: Version 1.113

Run by Linbgo Li on 11/03/2007 Sat at 10:26 AM

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files:

Trojan Files Found:

C:\WINDOWS\SYSTEM32\CNFMON.EXE - Deleted
C:\WINDOWS\SYSTEM32\JULYSOFT.EXE - Deleted
C:\WINDOWS\antiv.exe - Deleted
C:\WINDOWS\bindmod.dll - Deleted
C:\WINDOWS\dat.txt - Deleted
C:\WINDOWS\hupsrv.dll - Deleted
C:\WINDOWS\system32\spool.exe - Deleted
C:\WINDOWS\system32\spool.exe - Deleted
C:\WINDOWS\wtopmod.exe - Deleted



Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found.

C:\WINDOWS\system32
No streams found.

C:\WINDOWS\system32\svchost.exe
No streams found.

C:\WINDOWS\system32\ntoskrnl.exe
No streams found.



Final Check:

catchme 0.3.1253 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-03 10:31:47
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

Remaining Files:
---------------

File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes:

Thu 1 Jun 2006 1,024 ...HR --- "C:\WINDOWS\system32\NTICDMK7.dll"
Thu 1 Jun 2006 1,024 ...HR --- "C:\WINDOWS\system32\NTIMP3.dll"
Thu 1 Jun 2006 1,024 ...HR --- "C:\WINDOWS\system32\NTIMPEG2.dll"
Thu 1 Jun 2006 1,024 ...HR --- "C:\WINDOWS\system32\NTIFCD3.dll"
Thu 1 Jun 2006 1,024 ...HR --- "C:\WINDOWS\system32\NTIBUN4.dll"
Wed 17 Oct 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\fe95c915e785c18bf9cc0792fb5a73df\BIT1.tmp"

Finished!


and heres my combofix


ComboFix 07-11-02.3 - Linbgo Li 2007-11-03 10:37:46.2 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.936.86.1033.18.310 [GMT -6:00]
Running from: C:\Documents and Settings\Linbgo Li\Desktop\ComboFix(1).exe
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2007-10-03 to 2007-11-03 )))))))))))))))))))))))))))))))
.

2007-11-03 10:39 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2007-11-03 10:24 <DIR> d-------- C:\WINDOWS\ERUNT
2007-11-02 19:27 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-02 19:11 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-11-02 19:11 <DIR> d-------- C:\Documents and Settings\Linbgo Li\Application Data\SUPERAntiSpyware.com
2007-11-02 19:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-11-02 18:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TEMP
2007-11-02 18:00 <DIR> d-------- C:\Program Files\Spyware Doctor
2007-11-02 18:00 <DIR> d-------- C:\Documents and Settings\Linbgo Li\Application Data\PC Tools
2007-11-02 18:00 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-11-02 18:00 79,688 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2007-11-02 18:00 62,280 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2007-11-02 18:00 41,288 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2007-11-02 18:00 29,000 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2007-11-02 17:33 <DIR> d-------- C:\Program Files\Enigma Software Group
2007-11-02 16:44 <DIR> d-------- C:\!KillBox
2007-11-01 22:41 <DIR> d-------- C:\Documents and Settings\Linbgo Li\Application Data\Apple Computer
2007-11-01 22:38 <DIR> d-------- C:\Program Files\iTunes
2007-11-01 22:38 <DIR> d-------- C:\Program Files\iPod
2007-11-01 22:37 <DIR> d-------- C:\Program Files\QuickTime
2007-11-01 22:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-11-01 22:36 <DIR> d-------- C:\Program Files\Apple Software Update
2007-11-01 22:36 30,336 --a------ C:\WINDOWS\system32\drivers\usbaapl.sys
2007-11-01 22:35 <DIR> d-------- C:\Program Files\Common Files\Apple
2007-11-01 22:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2007-11-01 22:27 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2007-11-01 22:27 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2007-11-01 22:27 15,104 --a------ C:\WINDOWS\system32\dllcache\usbscan.sys
2007-11-01 22:27 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2007-11-01 22:16 <DIR> d-------- C:\Program Files\Lavasoft
2007-11-01 22:16 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-11-01 22:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-11-01 21:10 4,492 --a------ C:\WINDOWS\system32\tmp.reg
2007-11-01 21:00 <DIR> d--h----- C:\WINDOWS\PIF
2007-11-01 20:59 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2007-11-01 20:59 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-11-01 20:59 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-11-01 20:59 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-11-01 20:59 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2007-11-01 20:58 <DIR> d-------- C:\Documents and Settings\Linbgo Li\SmitfraudFix
2007-11-01 20:29 32 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-11-01 20:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2007-11-01 20:25 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2007-11-01 20:23 <DIR> d-------- C:\WINDOWS\Internet Logs
2007-11-01 17:43 <DIR> d-------- C:\Documents and Settings\Linbgo Li\Application Data\PCSecureSystem
2007-11-01 17:42 24,064 --a------ C:\WINDOWS\system32\msxml3a.dll
2007-11-01 17:39 <DIR> d-------- C:\Documents and Settings\Linbgo Li\Application Data\YourPrivacyGuard
2007-11-01 17:33 <DIR> d-------- C:\Program Files\Common Files\YourPrivacyGuard
2007-10-29 01:03 <DIR> d-------- C:\Program Files\&#39118;&#24433;Flash&#25773;&#25918;&#22120;
2007-10-26 16:03 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-10-26 11:47 <DIR> d-------- C:\Program Files\Google
2007-10-26 11:47 <DIR> d-------- C:\Program Files\FlashGet
2007-10-26 11:36 <DIR> d-------- C:\Program Files\Silkroad
2007-10-26 10:36 <DIR> d-------- C:\Documents and Settings\Linbgo Li\Application Data\uTorrent
2007-10-22 23:12 <DIR> d-------- C:\Documents and Settings\Linbgo Li\Contacts
2007-10-22 23:11 <DIR> d-------- C:\Program Files\MSN Messenger
2007-10-19 16:14 <DIR> d-------- C:\downloads
2007-10-19 16:14 <DIR> d-------- C:\Documents and Settings\Linbgo Li\Incomplete
2007-10-19 16:13 <DIR> d-------- C:\Documents and Settings\Linbgo Li\Application Data\LimeWire
2007-10-19 16:12 <DIR> d-------- C:\Program Files\Java
2007-10-19 16:11 <DIR> d--hs---- C:\Recycled
2007-10-19 16:11 <DIR> d-------- C:\Program Files\LimeWire
2007-10-19 16:11 <DIR> d-------- C:\Program Files\Common Files\Java
2007-10-19 01:01 <DIR> d---s---- C:\Documents and Settings\Linbgo Li\UserData
2007-10-18 19:50 <DIR> d-------- C:\Program Files\Skype
2007-10-18 19:50 <DIR> d-------- C:\Program Files\Common Files\Skype
2007-10-18 19:50 <DIR> d-------- C:\Documents and Settings\Linbgo Li\Application Data\Skype
2007-10-18 19:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Skype
2007-10-17 18:47 17,920 --a------ C:\WINDOWS\system32\mdimon.dll
2007-10-17 18:46 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
2007-10-17 18:44 <DIR> d-------- C:\WINDOWS\SHELLNEW
2007-10-17 18:44 <DIR> d-------- C:\Program Files\Microsoft.NET
2007-10-17 09:47 23,040 --------- C:\WINDOWS\kb913800.exe
2007-10-15 21:31 <DIR> d-------- C:\WINDOWS\system32\PPLive
2007-10-15 21:30 <DIR> d-------- C:\Program Files\PPLive
2007-10-15 21:30 <DIR> d-------- C:\Documents and Settings\Linbgo Li\Application Data\PPLive
2007-10-15 21:17 <DIR> d-------- C:\jcb_gx
2007-10-15 21:17 212,992 --a------ C:\WINDOWS\TdxUnInstall.exe
2007-10-15 21:02 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2007-10-15 21:02 12,160 --a------ C:\WINDOWS\system32\dllcache\mouhid.sys
2007-10-15 21:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2007-10-15 21:02 9,600 --a------ C:\WINDOWS\system32\dllcache\hidusb.sys
2007-10-15 15:03 <DIR> d-------- C:\Program Files\support.com
2007-10-15 15:03 <DIR> d-------- C:\Program Files\Common Files\SupportSoft
2007-10-09 08:38 1,168,896 --a------ C:\WINDOWS\system32\ERUpdateHidden.EXE
2007-10-09 08:38 258,048 --a------ C:\WINDOWS\system32\Uninstall_eRecovery.exe
2007-10-09 08:38 258,048 --a------ C:\WINDOWS\system32\CheckD2DSystem.exe
2007-10-09 08:38 159,744 --a------ C:\WINDOWS\system32\CloseProcessWindow.dll
2007-10-09 08:38 16,384 --a------ C:\WINDOWS\system32\ClearEvent.exe
2007-10-09 08:37 <DIR> d-------- C:\WINDOWS\Options
2007-10-09 08:35 <DIR> d-------- C:\Program Files\Synaptics
2007-10-09 08:35 <DIR> d-------- C:\Program Files\Launch Manager
2007-10-09 08:35 192,672 --a------ C:\WINDOWS\system32\drivers\SynTP.sys
2007-10-09 08:35 114,688 --a------ C:\WINDOWS\system32\SynCtrl.dll
2007-10-09 08:35 94,298 --a------ C:\WINDOWS\system32\SynTPAPI.dll
2007-10-09 08:35 82,013 --a------ C:\WINDOWS\system32\SynCOM.dll
2007-10-09 08:35 81,920 --a------ C:\WINDOWS\system32\SynTPCo2.dll
2007-10-09 08:35 69,722 --a------ C:\WINDOWS\system32\SynTPFcs.dll
2007-10-09 08:33 2,879,488 --a------ C:\WINDOWS\SkyTel.exe
2007-10-09 08:33 135,168 --a------ C:\WINDOWS\system32\RtlCPAPI.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-03 16:18 32 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2007-09-06 22:14 75,248 ----a-w C:\WINDOWS\zllsputility.exe
2007-09-06 22:14 1,086,952 ----a-w C:\WINDOWS\system32\zpeng24.dll
2007-08-22 12:55 96,256 ----a-w C:\WINDOWS\system32\dllcache\inseng.dll
2007-08-22 12:55 665,600 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
2007-08-22 12:55 617,984 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
2007-08-22 12:55 55,808 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll
2007-08-22 12:55 532,480 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
2007-08-22 12:55 474,112 ----a-w C:\WINDOWS\system32\dllcache\shlwapi.dll
2007-08-22 12:55 449,024 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-08-22 12:55 39,424 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
2007-08-22 12:55 357,888 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
2007-08-22 12:55 3,064,832 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-08-22 12:55 251,904 ----a-w C:\WINDOWS\system32\dllcache\iepeers.dll
2007-08-22 12:55 205,824 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
2007-08-22 12:55 16,384 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-08-22 12:55 151,040 ----a-w C:\WINDOWS\system32\dllcache\cdfview.dll
2007-08-22 12:55 146,432 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
2007-08-22 12:55 1,498,112 ----a-w C:\WINDOWS\system32\dllcache\shdocvw.dll
2007-08-22 12:55 1,054,208 ----a-w C:\WINDOWS\system32\dllcache\danim.dll
2007-08-22 12:55 1,022,976 ----a-w C:\WINDOWS\system32\dllcache\browseui.dll
2007-08-21 10:19 18,432 ----a-w C:\WINDOWS\system32\dllcache\iedw.exe
2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\system32\dllcache\inetcomm.dll
.

((((((((((((((((((((((((((((( [email protected]_19.57.01.26 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-03-13 16:57:12 163,328 ----a-w C:\WINDOWS\erdnt\subs\F3M\ERDNT.EXE
+ 2007-11-03 04:37:02 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
+ 2007-11-03 16:25:30 2,924,544 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000001\ntuser.dat
+ 2007-11-03 16:25:30 172,032 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat
+ 2007-11-03 04:37:02 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2007-11-03 16:24:54 2,924,544 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000001\ntuser.dat
+ 2007-11-03 16:24:54 172,032 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat
+ 2007-11-03 16:31:00 16,384 ----a-w C:\WINDOWS\Temp\Perflib_Perfdata_5e4.dat
+ 2007-11-03 16:34:12 16,384 ----a-w C:\WINDOWS\Temp\Perflib_Perfdata_7e4.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 13:56]
"LaunchApp"="" []
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 17:41]
"AzMixerSel"="C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" [2006-04-14 22:35]
"ntiMUI"="C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2005-05-11 17:15]
"Acer ePresentation HPD"="C:\Acer\Empowering Technology\ePresentation\ePresentation.exe" [2006-03-31 16:39]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-10 20:00]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-10 20:00]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-10 20:00]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-10 20:00]
"ePower_DMC"="C:\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-05-30 12:11]
"Boot"="C:\Acer\Empowering Technology\ePower\Boot.exe" [2006-03-15 22:12]
"RTHDCPL"="RTHDCPL.EXE" [2006-05-17 23:27 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 03:04 C:\WINDOWS\SkyTel.exe]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-03 13:07]
"LManager"="C:\PROGRA~1\LAUNCH~1\LManager.exe" [2006-06-23 06:59]
"eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\eRAgent.exe" [2006-06-01 14:40]
"IMSCMig"="C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.exe" [2003-07-14 22:57]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"Flashget"="C:\Program Files\FlashGet\FlashGet.exe" [2007-09-25 02:10]
"Salestart(1)"="C:\Program Files\Common Files\YourPrivacyGuard\mc.exe" []
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-09-06 16:14]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 14:42]
"SpyHunter"="C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe" [2007-04-26 18:03]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 20:00]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-09-13 13:31]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-10-31 16:58]
"Salestart"="C:\Program Files\Common Files\YourPrivacyGuard\mc.exe" []
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06]
Acer Empowering Technology.lnk - C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe [2006-03-27 11:37:58]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

R0 UBHelper;UBHelper;C:\WINDOWS\system32\drivers\UBHelper.sys
R2 DritekPortIO;Dritek General Port I/O;\??\C:\PROGRA~1\LAUNCH~1\DPortIO.sys
R2 int15;int15;\??\C:\WINDOWS\system32\drivers\int15.sys
R2 tvicport;tvicport;\??\C:\WINDOWS\system32\drivers\tvicport.sys
R3 DKbFltr;Dritek Keyboard Filter Driver;C:\WINDOWS\system32\DRIVERS\DKbFltr.sys
R3 EMSCR;EMSCR;C:\WINDOWS\system32\DRIVERS\EMS7SK.sys
R3 ESDCR;ESDCR;C:\WINDOWS\system32\DRIVERS\ESD7SK.sys
R3 ESMCR;ESMCR;C:\WINDOWS\system32\DRIVERS\ESM7SK.sys
R3 USBAAPL;Apple Mobile USB Driver;C:\WINDOWS\system32\Drivers\usbaapl.sys
S2 eLock2BurnerLockDriver;eLock2BurnerLockDriver;\??\C:\WINDOWS\system32\eLock2BurnerLockDriver.sys
S2 eLock2FSCTLDriver;eLock2FSCTLDriver;\??\C:\WINDOWS\system32\eLock2FSCTLDriver.sys
S2 WindowsDriver;WindowsDriver;C:\WINDOWS\system32\spool.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5594bb7e-85e1-11dc-9dbe-0016d4183ba7}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL \SystemVolumeInformation\system.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7872b7ec-7d29-11dc-9da6-0016cf2b85c6}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL \SystemVolumeInformation\system.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e1aef5fa-7b61-11dc-9d9d-0016d4183ba7}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL \SystemVolumeInformation\system.exe

.
Contents of the 'Scheduled Tasks' folder
"2007-11-02 04:36:28 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-03 10:40:12
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-03 10:41:37
C:\ComboFix2.txt ... 2007-11-02 19:58
.
--- E O F ---




Thx again.

 

[sjpritch25]

Please post a fresh Hijackthis log. Thanks

 

[devilti]

ok here it is


Logfile of HijackThis v1.99.1
Scan saved at 11:14:26 AM, on 11/3/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\FlashGet\FlashGet.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\conime.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Downloads\SRO_GlobalOfficial_v1_110_Downloader.exe
C:\DOCUME~1\LINBGO~1\LOCALS~1\Temp\nsrF.tmp\utorrent.exe
C:\DOCUME~1\LINBGO~1\LOCALS~1\Temp\Rar$EX01.890\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Boot] C:\Acer\Empowering Technology\ePower\Boot.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
O4 - HKLM\..\Run: [IMSCMig] C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Flashget] "C:\Program Files\FlashGet\FlashGet.exe" /min
O4 - HKLM\..\Run: [Salestart(1)] "C:\Program Files\Common Files\YourPrivacyGuard\mc.exe" dm=http://yourprivacyguard.com; ad=http://yourprivacyguard.com
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SpyHunter] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Salestart] "C:\Program Files\Common Files\YourPrivacyGuard\mc.exe" dm=http://yourprivacyguard.com; ad=http://yourprivacyguard.com
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Acer Empowering Technology.lnk = %SystemDrive%\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
O8 - Extra context menu item: &&#20351;&#29992;&#24555;&#36710;(FlashGet)&#19979;&#36733; - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &&#20351;&#29992;&#24555;&#36710;(FlashGet)&#19979;&#36733;&#20840;&#37096;&#38142;&#25509; - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &#23548;&#20986;&#21040; Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: D??&#65504;?ì?÷ - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ?ì3&#956; - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: ?ì3&#956;(FlashGet) - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe
O23 - Service: WindowsDriver - Unknown owner - C:\WINDOWS\system32\spool.exe (file missing)

 

[devilti]

did i do everything right?

is teh malware gone?

 

[sjpritch25]

In the following quote, please copy (Ctrl+C) and Paste (Ctrl+V) the text in Notepad. Save it as All Files and name it ServicesFix.bat. Save it to your Desktop.

@echo off
sc stop WindowsDriver
sc delete WindowsDriver
del ServicesFix.bat
exit

Doubleclick on ServicesFix.bat. It will open and close quickly. That is normal.


=======================================

Run HijackThis, and press "Do a System Scan Only".
1. When the scan is complete place a check mark next to the following entries:

O4 - HKLM\..\Run: [Salestart(1)] "C:\Program Files\Common Files\YourPrivacyGuard\mc.exe" dm=http://yourprivacyguard.com; ad=http://yourprivacyguard.com
O4 - HKCU\..\Run: [Salestart] "C:\Program Files\Common Files\YourPrivacyGuard\mc.exe" dm=http://yourprivacyguard.com; ad=http://yourprivacyguard.com

2. After checking these items CLOSE ALL open windows EXCEPT HijackThis and click "Fix Checked." Then, reboot your computer...


==================================


Please perform a scan with Panda ActiveScan - ActiveScan does not remove adware/spyware but will autoclean for viruses & worms.

1. Click "Scan Your PC".
2. A new window will open. Click "Check Now!".
3. Fill in your registration and click "Scan Now!".
4. You may receive an alert on the address bar that "This site might require the following ActiveX control...Click here to install...". Click on that alert and then Click Install ActiveX component.
5. A new window will appear asking "Do you want to install this software?"" Name: asinst.cab.
6. Select "Install" to download the ActiveX controls that allows ActiveScan to run.
7. If running MSAS beta you may receive an alert that an IE ActiveX program requires your approval. Click "Allow".
8. Select a device to scan: Click on "Local Disks" [allow it to Auto Clean].
9. When the scan completes, if anything malicious is detected, click the "See Report button", then "Save Report" to your desktop. 10. Post back the results of your scan and any infected files that are found but not deleted.

 

[devilti]

k.


Incident Status Location

Potentially unwanted tool:Application/Processor Not disinfected C:\WINDOWS\SYSTEM32\Process.exe
Virus:Trj/Downloader.QBT Disinfected C:\WINDOWS\SYSTEM32\SVHIST.EXE
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\WINDOWS\NirCmd.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Linbgo Li\Desktop\SmitfraudFix\Process.exe
Virus:Trj/Rebooter.J Disinfected C:\Documents and Settings\Linbgo Li\Desktop\SmitfraudFix\Reboot.exe
Potentially unwanted tool:Application/SuperFast Not disinfected C:\Documents and Settings\Linbgo Li\Desktop\SmitfraudFix\RESTART.EXE
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Linbgo Li\Desktop\SDFix.exe[SDFix\apps\Process.exe]
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Documents and Settings\Linbgo Li\Desktop\ComboFix(1).exe[nircmd.exe]
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Documents and Settings\Linbgo Li\Desktop\ComboFix(1).exe[nircmd.cfexe]
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Linbgo Li\SmitfraudFix\Process.exe
Virus:Trj/Rebooter.J Disinfected C:\Documents and Settings\Linbgo Li\SmitfraudFix\Reboot.exe
Potentially unwanted tool:Application/SuperFast Not disinfected C:\Documents and Settings\Linbgo Li\SmitfraudFix\RESTART.EXE
Adware:Adware/BaiduBar Not disinfected C:\downloads\wrar371sc-skycn(1).exe[setup2.exe][BaiduBar.dll]
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\fixwareout\FindT\NIRCMD.EXE
Hacktool:Rootkit/Baidu Not disinfected C:\QOOBOX\Quarantine\C\WINDOWS\SYSTEM32\DRIVERS\bdguard.sys.vir
Virus:Generic Malware Disinfected C:\QOOBOX\Quarantine\C\Program Files\BAIDU\BAR\BaiduBar.dll.vir
Adware:Adware/BaiduBar Not disinfected C:\QOOBOX\Quarantine\C\Program Files\BAIDU\BAR\bdgdins.dll.vir
Potentially unwanted tool:Application/Processor Not disinfected C:\SDFix\APPS\Process.exe
Virus:Trj/Nabload.ACN Disinfected C:\SDFix\BACKUPS\BACKUPS.ZIP[backups/spool.exe]

 

[devilti]

should i take other actions since it said stuff like admwares not deleted.

would u like a hijack log o smthning else?

 

[devilti]

is there anything i can do to delete the adwares?

plz help.

 

[sjpritch25]

Just some leftover files created by the tools. Not a big deal

Please DELETE the following folder(s) IF STILL PRESENT. You can use Windows Explorer to navigate or use Windows Search feature to locate them.

Folders:
C:\Documents and Settings\Linbgo Li\Desktop\SmitfraudFix <-- this folder
C:\Documents and Settings\Linbgo Li\SmitfraudFix <-- this folder
C:\SDFix <-- this folder


Files:
C:\Documents and Settings\Linbgo Li\Desktop\SDFix.exe <-- this file
C:\downloads\wrar371sc-skycn(1).exe <-- this file


how is everything running??? please post a fresh Hijackthis log. Thanks.

 

[devilti]

well te laptop is still slow. in fact slower
but no pop ups or any false system warnings

heres my hijack log

Logfile of HijackThis v1.99.1
Scan saved at 4:53:29 PM, on 11/6/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spool.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\drivers\conime.exe
C:\WINDOWS\system32\oxhqbg.exe
C:\WINDOWS\system32\severe.exe
C:\WINDOWS\system32\conime.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\FlashGet\FlashGet.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\LINBGO~1\LOCALS~1\Temp\Rar$EX00.969\HijackThis.exe

F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\drivers\conime.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Boot] C:\Acer\Empowering Technology\ePower\Boot.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
O4 - HKLM\..\Run: [IMSCMig] C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Flashget] "C:\Program Files\FlashGet\FlashGet.exe" /min
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SpyHunter] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe
O4 - HKLM\..\Run: [Storm2Set] C:\WINDOWS\system32\rundll32.exe "C:\PROGRA~1\StormII\StormSet.dll",CheckEnv
O4 - HKLM\..\Run: [dnenay] C:\WINDOWS\system32\oxhqbg.exe
O4 - HKLM\..\Run: [oxhqbg] C:\WINDOWS\system32\severe.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Acer Empowering Technology.lnk = %SystemDrive%\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
O8 - Extra context menu item: &&#20351;&#29992;&#24555;&#36710;(FlashGet)&#19979;&#36733; - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &&#20351;&#29992;&#24555;&#36710;(FlashGet)&#19979;&#36733;&#20840;&#37096;&#38142;&#25509; - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &#23548;&#20986;&#21040; Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: D??&#65504;?ì?÷ - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ?ì3&#956; - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: ?ì3&#956;(FlashGet) - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe
O23 - Service: WindowsDriver - Unknown owner - C:\WINDOWS\system32\spool.exe

thx

 

[sjpritch25]

Sorry for the delay, please delete your current copy of ComboFix.exe from your Desktop. Lets download another copy. You are still infected.


Download Combofix and save it to your desktop.

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

--------------------------------------------------------------------

Double click on combofix.exe & follow the prompts.

• When finished, it will produce a report for you.
• Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall