Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

My Infection. Please Save Me.


  • Please log in to reply
2 replies to this topic

#1 susupopo

susupopo

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:01:49 AM

Posted 01 May 2008 - 10:43 AM

Problem 1:
Error x2

avp.exe & avgas.exe - corrupt file.
the file or directory
C:\DELL\drivers\R113575\BIN\Enum.dev\ is corrupt and unreadable.
Please run Chkdsk utility.

Disk Defragmenter not available. Says run check disk or schedule one before.
When I schedule to run checkdisk on restart it says
"the volume is somethi unable to.. complete check disk."

Problem 2:

I keep gettinng pop-ups from my avgas anti virus software repetitively


Trojan.WOW.asn
Trojan.OnlineGames.zph
Downloader.Delf.ggz
Logger.Delf.bpk

so on and so forth. TO which I "clean and move to Quarantine as recommended."
To which it requests a restart for the computer."

My anti virus softwear updates every few hours and requests a restart... is that normal?
Running a scan detects quite a few Trojans. But upon restart they come back.

Problem 3:
Trying to uninstall some programs for recovery gives an error

"The setup files are corrupted. Please obtain a new copy of the program."

&

"The installer you are trying to use is corrupted or incomplete.
This could be the result of a damaged disk, a failed download or a virus.
You may want to contact the author of this installer to obtain a new copy.
It may be possible to skip this check using /NCRC command line switch.
(NOT RECOMMENDED)"

Problem 4:
I use firefox but I constantly get popups from internet explorer which appear for a second.
with some maybeline china and some shopping sites in Chinese. I know what it says in Chinese
cause my girlfriend is Chinese and it's pretty much a given that she unknowingly did
this to my computer.

Deckard's System Scanner v20071014.68
Run by Dell on 2008-05-01 14:16:15
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Percentage of Memory in Use: 81% (more than 75%).


-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-05-01 14:17:34
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\1XConfig.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\cc071.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
C:\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\BellCanada\McciTrayApp.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\dwwin.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Dell\Desktop\dss.exe
C:\WINDOWS\system32\conime.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.kaspersky.com/virusscanner
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AdPopup - {11F09AFD-75AD-4E51-AB43-E09E9351CE16} - C:\Program Files\Common Files\CPUSH\cpush.dll
O2 - BHO: Info cache - {385AB8C6-FB22-4D17-8834-064E2BA0A6F0} - C:\Documents and Settings\All Users\Application Data\Microsoft\PCTools\pctools.dll
O2 - BHO: Invoke Class - {77929B3F-50EB-449b-9982-CAD99180EC0F} - C:\WINDOWS\system32\ecc1.dll
O2 - BHO: Internet Enhanced Objects - {986488AF-13D5-9DDF-4FEF-9FB88698CFC1} - C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\USERDATA\webbrowser_2026.dll
O2 - BHO: (no name) - {A45B2C37-01D0-4D3E-BE5E-CC119B17BE9E} - C:\Program Files\Internet Explorer\IEXPLORE32.win
O2 - BHO: (no name) - {c5af49a2-94f3-42bd-f434-2604812c897d} - (no file)
O2 - BHO: (no name) - {C5E87A05-F463-4841-B19E-DD3EC3862368} - C:\Program Files\Internet Explorer\IEXPLORE32.Sys (file missing)
O2 - BHO: (no name) - {D29DCEE0-457B-45A2-A92D-741B95B7723B} - C:\Program Files\Internet Explorer\PLUGINS\Ns_Sys55.Sys
O2 - BHO: Thunder5下载辅助 - {EA2FCCA9-F44F-43DD-9724-9339950D103C} - C:\WINDOWS\ThunderHelper04.dll
O2 - BHO: (no name) - {EE12D60D-AD9A-4095-B839-3BE6862679FD} - C:\Program Files\Internet Explorer\IEXPLORE32.Dat
O2 - BHO: (no name) - {FFB3D068-F8DA-4370-A71E-83B1C959CDD6} - (no file)
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [ZCfgSvc.exe] C:\WINDOWS\system32\ZCfgSvc.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [BellCanada_McciTrayApp] C:\Program Files\BellCanada\McciTrayApp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [WSockDrv32] C:\WINDOWS\WSockDrv32.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKLM\..\Policies\Explorer\Run: [731] rundll32 C:\WINDOWS\system32\be1.dll,Always
O4 - HKLM\..\Policies\Explorer\Run: [f4bb] rundll32 "C:\WINDOWS\Downlo~1\f4bb.dll",Run
O4 - HKLM\..\Policies\Explorer\Run: [4b9a] C:\WINDOWS\system32\4b9a.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: msword.lnk = C:\WINDOWS\system32\ccwle080307.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: 易趣购物 - C:\Program Files\AD4All\link1\ebaylink.htm
O9 - Extra button: 知识库 - {06926B30-424E-4f1c-8EE3-543CD96573DC} - http://blank.la/?h (file missing)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: 一起来音乐社区 - {7DBC6ADB-5788-4FB9-AEC3-B40A58AC11DF} - http://www.yiqilai.com (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: (no name) - {dfb852a3-47f8-48c4-a200-58cab36fd2a2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {dfb852a3-47f8-48c4-a200-58cab36fd2a2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: 易趣购物 - {EE60714F-AC17-427e-861A-FD60CBDF119A} - http://www.dayofday.cn/cl/?b (file missing)
O9 - Extra 'Tools' menuitem: 易趣购物 - {EE60714F-AC17-427e-861A-FD60CBDF119A} - http://www.dayofday.cn/cl/?b (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: https://www.kaspersky.com (HKCU)
O15 - Trusted Zone: https://us.mcafee.com (HKCU)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/u...can_unicode.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O20 - AppInit_DLLs: wfhyt.dll,kghk.dll,ethsh.dll,stehs.dll,sthth.dll,frntrn.dll,qrhhb.dll,drghszd.dll,fngn.dll,gjjte.dll,xgnfn.dll,xfgnhcgfm.dll,serger.dll,bnxnb.dll,fxgnfx.dll,jzijj.dll,xfgnfx.dll,serghjm.dll,thsddh.dll,xbcvxb.dll,zfdzb.dll,xdndn.dll,xdfntt.dll,hgfhk.dll,dnteh.dll,xfng.dll,njritc.dll,chmfcmh.dll,jwlah.dll,gmnait.dll,hfjg.dll,thurh.dll,mgmgmm.dll,oqrthc.dll,fehom.dll,jyjlt.dll,ijatnaw.dll,sehhter.dll,fhjfg.dll,zdbdb.dll,ydgn.dll,dbfb.dll,fjnbv.dll,wmsat.dll,setrhes.dll,cdxbfxdb.dll,xfgnxfn.dll,gjkhj.dll,xdhdg.dll,rhs.dll,mrjhtjd.dll,zdbfbd.dll,fjyjy.dll,fxnfnh.dll,bjrvm.dll,ektvm.dll,rdthr.dll,rgfjj.dll,dscef.dll,crugd.dll,lariytrz.dll,hjaiq.dll,kduy.dll,hkfgh.dll,awef.dll,dfhsh.dll,msepbe.dll,
O20 - Winlogon Notify: nnnomgys - C:\WINDOWS\system32\
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\system32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\system32\S24EvMon.exe
O23 - Service: Windows System Event (SystemLog) - Unknown owner - C:\WINDOWS\TEMP\Servlee.ex
O23 - Service: COM+ Windows System (WinCOM) - Unknown owner - C:\WINDOWS\system32\wincom.exe


--
End of file - 10347 bytes

-- Files created between 2008-04-01 and 2008-05-01 -----------------------------

2008-05-01 14:00:29 24064 --a------ C:\avp.exe
2008-05-01 13:54:58 8320 --a------ C:\WINDOWS\system32\mseion.sys
2008-04-30 20:55:14 0 d-------- C:\Program Files\Windows Installer Clean Up
2008-04-30 20:54:45 0 d-------- C:\Program Files\MSECACHE
2008-04-30 13:52:03 0 d-------- C:\Documents and Settings\Dell\Application Data\PandoraRecovery
2008-04-30 13:51:58 0 d-------- C:\Program Files\Pandora Recovery
2008-04-29 12:01:54 53248 -ra------ C:\WINDOWS\5731.exe <Not Verified; ; DLL Module>
2008-04-29 12:01:36 53248 -ra------ C:\WINDOWS\system32\ecc1.dll <Not Verified; ; DLL Module>
2008-04-29 12:01:36 860160 -r------- C:\WINDOWS\system32\be1.dll <Not Verified; ; Player 动态链接库>
2008-04-28 12:03:43 151552 --a------ C:\WINDOWS\system32\msplrc0.dll
2008-04-28 11:55:44 0 dr-h----- C:\Documents and Settings\Dell\Recent
2008-04-24 13:02:41 0 d-------- C:\Documents and Settings\NetworkService\Application Data\Macromedia
2008-04-24 13:00:06 304 --a------ C:\WINDOWS\system32\perfx_ar_32.dat
2008-04-24 12:28:30 2688 --a------ C:\WINDOWS\system32\msiosDom32.sys
2008-04-23 05:12:28 159744 --a------ C:\WINDOWS\system32\msias32.dll <Not Verified; ; Microsoft? Windows? Operating System>
2008-04-23 03:41:12 73216 --a------ C:\WINDOWS\system32\gbdll.dll
2008-04-23 02:09:12 13824 --a------ C:\WINDOWS\system32\MsCheck32.dll <Not Verified; ; Microsoft? Windows? Operating System>
2008-04-18 12:11:07 200192 --a------ C:\WINDOWS\ThunderHelper04.dll <Not Verified; Thunder Networking Technologies,LTD; 迅雷浏览器高级特性支持模块>
2008-04-17 09:56:49 0 d-------- C:\Program Files\AD4All
2008-04-15 19:12:24 199680 --a------ C:\WINDOWS\ThunderHelper2.dll <Not Verified; Thunder Networking Technologies,LTD; 迅雷浏览器高级特性支持模块>
2008-04-15 14:46:06 0 d-------- C:\Program Files\Yiqilai
2008-04-15 14:45:54 186368 --a------ C:\WINDOWS\system32\sysloader.dll <Not Verified; Microsoft; loader>
2008-04-15 14:28:55 199680 --a------ C:\WINDOWS\ThunderHelper3.dll <Not Verified; Thunder Networking Technologies,LTD; 迅雷浏览器高级特性支持模块>
2008-04-15 11:20:18 131072 -r------- C:\WINDOWS\system32\4b9a.exe
2008-04-13 17:44:03 172032 --a------ C:\WINDOWS\system32\winlib0.dll
2008-04-09 11:44:04 0 d-------- C:\Program Files\Trend Micro
2008-04-09 11:15:49 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-04-09 11:15:47 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-04-08 23:42:01 0 d-------- C:\Documents and Settings\Dell\Application Data\Grisoft
2008-04-08 23:39:58 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-04-08 22:56:09 0 d-------- C:\WINDOWS\ERUNT
2008-04-08 20:35:19 1100 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-04-08 19:01:37 1060864 --a------ C:\WINDOWS\system32\MFC71.dll <Not Verified; Microsoft Corporation; Microsoft? Visual Studio .NET>
2008-04-08 19:01:29 0 d-------- C:\Program Files\Alwil Software
2008-04-08 16:28:56 0 d-------- C:\Documents and Settings\Administrator\Application Data\Macromedia
2008-04-08 16:27:23 0 d-------- C:\Documents and Settings\Administrator\Application Data\Mozilla
2008-04-08 16:25:02 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-04-08 16:25:02 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-04-08 16:25:02 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-04-08 16:25:02 0 d--h----- C:\Documents and Settings\Administrator\Recent
2008-04-08 16:25:02 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-04-08 16:25:02 2097152 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-04-08 16:25:02 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-04-08 16:25:02 0 d-------- C:\Documents and Settings\Administrator\My Documents
2008-04-08 16:25:02 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-04-08 16:25:02 0 d-------- C:\Documents and Settings\Administrator\Favorites
2008-04-08 16:25:02 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-04-08 16:25:02 0 d--hs---- C:\Documents and Settings\Administrator\Cookies
2008-04-08 16:25:02 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-04-08 16:25:02 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-04-08 14:40:28 30988 --a------ C:\WINDOWS\system32\uqcrso.dll
2008-04-08 14:16:05 34060 --a------ C:\WINDOWS\system32\arfgog.dll
2008-04-08 12:27:28 28932 --a------ C:\WINDOWS\system32\eldxlx.dll
2008-04-08 12:27:28 30988 --a------ C:\WINDOWS\system32\bmnchi.dll
2008-04-08 11:51:05 34060 --a------ C:\WINDOWS\system32\nvzzie.dll
2008-04-07 17:12:53 207360 --a------ C:\WINDOWS\ThunderBHONew3.dll <Not Verified; Thunder Networking Technologies,LTD; 迅雷浏览器高级特性支持模块>
2008-04-07 14:55:45 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-07 14:26:58 0 d-------- C:\Documents and Settings\Dell\Application Data\Antispyware
2008-04-07 13:19:06 43825 --a------ C:\WINDOWS\481354WL.DLL
2008-04-07 12:41:04 199680 --a------ C:\WINDOWS\ThunderHelper32.dll <Not Verified; Thunder Networking Technologies,LTD; 迅雷浏览器高级特性支持模块>
2008-04-07 12:33:17 169 --a------ C:\WINDOWS\system32\5f19a4f.exe
2008-04-07 12:33:15 169 --a------ C:\WINDOWS\system32\5f192c2.exe
2008-04-07 12:14:00 31362 --ahs---- C:\WINDOWS\system32\LmnUtBeg.ini2
2008-04-07 12:10:22 169 --a------ C:\WINDOWS\system32\5dca139.exe
2008-04-07 12:10:21 169 --a------ C:\WINDOWS\system32\5dc3139.exe
2008-04-07 12:08:19 13369 --a------ C:\vhwhqj.exe
2008-04-07 12:08:18 59449 --a------ C:\yfgtpfw.exe
2008-04-07 12:08:17 6713 --a------ C:\ireekty.exe
2008-04-07 12:02:59 222208 --a------ C:\WINDOWS\system32\rvvzkyugdw.dll
2008-04-07 11:56:29 76688 --a------ C:\WINDOWS\system32\boodwxqcpj.dll
2008-04-07 11:54:23 114440 --a------ C:\WINDOWS\system32\yoidslcefi.dll
2008-04-07 11:48:08 111536 --a------ C:\WINDOWS\system32\hypaqrzelu.dll
2008-04-07 11:46:03 76688 --a------ C:\WINDOWS\system32\tfdffmfnen.dll
2008-04-07 11:41:52 110084 --a------ C:\WINDOWS\system32\npthwnfars.dll
2008-04-07 11:39:48 11348 --a------ C:\WINDOWS\system32\atbsiffcub.dll
2008-04-07 11:37:43 11348 --a------ C:\WINDOWS\system32\guuhfqtjwt.dll
2008-04-07 11:35:38 11325 --a------ C:\WINDOWS\system32\lgijtjljvn.dll
2008-04-07 11:33:32 11348 --a------ C:\WINDOWS\system32\kfismcztrq.dll
2008-04-06 08:53:09 20332 --a------ C:\WINDOWS\nplfah.exe
2008-04-05 18:12:53 0 d-------- C:\Documents and Settings\LocalService\Application Data\Real
2008-04-05 14:22:32 30988 --a------ C:\WINDOWS\system32\Kvsc3.dll
2008-04-05 14:22:22 128 --a------ C:\WINDOWS\system32\msosmnsf.dat
2008-04-05 14:22:22 3200 --ahs---- C:\WINDOWS\system32\drivers\msosfpids32.sys
2008-04-05 14:21:45 13755 --ahs---- C:\WINDOWS\system32\msosmnsf00.dll
2008-04-05 14:19:20 28932 --a------ C:\WINDOWS\system32\fmsbbqi.dll
2008-04-05 14:19:02 34060 --a------ C:\WINDOWS\system32\keunhzlr.dll
2008-04-05 14:18:41 51 --a------ C:\WINDOWS\dxtmechk
2008-04-05 14:17:58 58 --a------ C:\_uninsep.bat
2008-04-05 13:28:43 221696 --a------ C:\WINDOWS\system32\hixgkmpcee.dll


-- Find3M Report ---------------------------------------------------------------

2008-05-01 13:59:44 29 --a------ C:\WINDOWS\system32\-109-1206111
2008-04-30 21:35:22 0 d-------- C:\Documents and Settings\Dell\Application Data\Skype
2008-04-30 11:52:06 153088 --a------ C:\WINDOWS\tempaq
2008-04-29 22:51:37 122880 -----n--- C:\WINDOWS\system32\cc071.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-29 12:01:12 81 --a------ C:\WINDOWS\106-1206111
2008-04-25 16:54:31 0 d-------- C:\Program Files\Common Files\CPUSH
2008-04-17 09:57:19 45056 --a------ C:\WINDOWS\system32\bveujv91.dll <Not Verified; Microsoft Corporation; Microsoft Windows Operating System>
2008-04-17 09:57:10 40960 --a------ C:\WINDOWS\system32\msjtes42.dll <Not Verified; Microsoft Corporation; Microsoft Windows Operating System>
2008-04-16 12:18:46 78 --a------ C:\WINDOWS\107-1206111
2008-04-14 19:05:47 0 d-------- C:\Documents and Settings\Dell\Application Data\uTorrent
2008-04-08 15:05:47 0 d-------- C:\Program Files\Common Files\Real
2008-04-08 15:05:46 0 d-------- C:\Documents and Settings\Dell\Application Data\Real
2008-04-08 15:05:28 0 d-------- C:\Program Files\Common Files
2008-04-08 12:50:05 0 d-------- C:\Program Files\Windows NT
2008-04-08 12:39:53 0 d-------- C:\Program Files\Movie Maker
2008-04-08 11:54:05 0 d-------- C:\Program Files\Common Files\Adobe
2008-04-06 08:53:26 80 --a------ C:\WINDOWS\6a88066f
2008-04-05 13:49:51 0 --a------ C:\WINDOWS\system32\5988066f
2008-04-02 19:36:15 74288 --a------ C:\WINDOWS\an006.exe
2008-04-02 19:36:12 207360 --a------ C:\WINDOWS\ThunderBHONew.dll <Not Verified; Thunder Networking Technologies,LTD; 迅雷浏览器高级特性支持模块>
2008-03-31 17:44:17 96288 --a------ C:\WINDOWS\system32\ccwlae080331.exe
2008-03-31 03:34:58 213586 --a------ C:\WINDOWS\h01.exe
2008-03-29 23:48:32 69632 --a------ C:\WINDOWS\system32\promote.dll <Not Verified; ; PromoteDemo Module>
2008-03-29 12:26:54 147 --a------ C:\WINDOWS\system32\68defc7776.dll
2008-03-29 12:26:42 12 --a------ C:\WINDOWS\645cae1077.dll
2008-03-29 12:26:38 0 --a------ C:\WINDOWS\system32\dnabeser.dat
2008-03-29 12:26:23 179586 --a------ C:\WINDOWS\dodolook659.exe
2008-03-29 12:26:14 221184 --a------ C:\WINDOWS\system32\erclzhxtio.dll
2008-03-27 17:59:00 825602 --a------ C:\WINDOWS\巫颂1.exe <Not Verified; 中文在线; 17K单本下载阅读器>
2008-03-25 08:49:43 199680 --a------ C:\WINDOWS\ThunderHelper.dll <Not Verified; Thunder Networking Technologies,LTD; 迅雷浏览器高级特性支持模块>
2008-03-24 00:18:31 181248 --a------ C:\WINDOWS\servicesss.exe
2008-03-24 00:17:44 975 --a------ C:\WINDOWS\mozver.dat
2008-03-24 00:16:35 0 d-------- C:\Program Files\Real
2008-03-22 23:44:34 0 d-------- C:\Program Files\jwag
2008-03-22 23:15:27 130104 --a------ C:\WINDOWS\d39.exe
2008-03-21 14:06:39 227292 --a------ C:\WINDOWS\ad_2515.exe
2008-03-21 14:05:43 213082 --a------ C:\WINDOWS\e01.exe
2008-03-21 14:05:35 130017 --a------ C:\WINDOWS\ad7678.exe
2008-03-21 14:05:26 220672 --a------ C:\WINDOWS\system32\pbojtymacy.dll
2008-03-07 16:15:06 14 --a------ C:\WINDOWS\system32\-125-1206111
2008-03-05 16:43:22 165402 --a------ C:\WINDOWS\dodolook375.exe
2008-03-05 16:43:17 20480 --a------ C:\WINDOWS\my_70387.exe
2008-03-05 16:43:12 224256 --a------ C:\WINDOWS\system32\ofpfoiibgh.dll
2008-03-05 16:43:12 224256 --a------ C:\WINDOWS\system32\dinairmkip.dll
2008-03-05 09:32:43 0 --a------ C:\WINDOWS\acdsee321.dll
2008-03-02 20:59:19 0 d-------- C:\Program Files\Skype
2008-03-02 20:59:00 0 d-------- C:\Program Files\Common Files\Skype
2008-03-02 20:39:15 224256 --a------ C:\WINDOWS\system32\lzgysdjnebphk.dll


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{11F09AFD-75AD-4E51-AB43-E09E9351CE16}]
04/28/2008 05:36 AM 180224 --a------ C:\Program Files\Common Files\CPUSH\cpush.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{385AB8C6-FB22-4D17-8834-064E2BA0A6F0}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{77929B3F-50EB-449b-9982-CAD99180EC0F}]
04/30/2008 11:26 AM 53248 -ra------ C:\WINDOWS\system32\ecc1.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{986488AF-13D5-9DDF-4FEF-9FB88698CFC1}]
04/30/2008 01:23 PM 166400 --a------ C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\USERDATA\webbrowser_2026.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A45B2C37-01D0-4D3E-BE5E-CC119B17BE9E}]
04/13/2008 05:44 AM 29817 --------- C:\Program Files\Internet Explorer\IEXPLORE32.win

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c5af49a2-94f3-42bd-f434-2604812c897d}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C5E87A05-F463-4841-B19E-DD3EC3862368}]
C:\Program Files\Internet Explorer\IEXPLORE32.Sys

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D29DCEE0-457B-45A2-A92D-741B95B7723B}]
04/08/2008 10:45 PM 44151 --ahs---- C:\Program Files\Internet Explorer\PLUGINS\Ns_Sys55.Sys

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EA2FCCA9-F44F-43DD-9724-9339950D103C}]
04/28/2008 12:07 PM 200192 --a------ C:\WINDOWS\ThunderHelper04.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EE12D60D-AD9A-4095-B839-3BE6862679FD}]
04/13/2008 05:44 AM 37020 --ahs---- C:\Program Files\Internet Explorer\IEXPLORE32.Dat

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FFB3D068-F8DA-4370-A71E-83B1C959CDD6}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [04/07/2008 01:45 PM]
"BCMSMMSG"="BCMSMMSG.exe" [08/29/2003 04:59 AM C:\WINDOWS\BCMSMMSG.exe]
"ZCfgSvc.exe"="C:\WINDOWS\system32\ZCfgSvc.exe" [07/05/2005 04:32 AM]
"PRONoMgr.exe"="C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe" [04/07/2008 01:46 PM]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [08/04/2004 08:00 AM]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [08/04/2004 08:00 AM]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [08/04/2004 08:00 AM]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [08/04/2004 08:00 AM]
"BellCanada_McciTrayApp"="C:\Program Files\BellCanada\McciTrayApp.exe" [04/07/2008 01:45 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [04/07/2008 01:48 PM]
"LogMeIn GUI"="C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" []
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [03/28/2008 07:52 AM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [04/07/2008 01:47 PM]
"WSockDrv32"="C:\WINDOWS\WSockDrv32.exe" []
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [04/08/2008 03:04 PM]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [05/01/2008 11:22 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/12/2004 09:18 AM]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [01/28/2008 11:43 AM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]
"731"=rundll32 C:\WINDOWS\system32\be1.dll,Always
"f4bb"=rundll32 "C:\WINDOWS\Downlo~1\f4bb.dll",Run
"4b9a"=C:\WINDOWS\system32\4b9a.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{8DFA2904-9664-43AE-8929-4347554D24B6}"= C:\WINDOWS\system32\csavpw0.dll [ ]
"{D29DCEE0-457B-45A2-A92D-741B95B7723B}"= C:\Program Files\Internet Explorer\PLUGINS\Ns_Sys55.Sys [04/08/2008 10:45 PM 44151]
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:35:24 AM, on 5/1/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Internet Explorer\IEXPLORE32.jmp
C:\Program Files\Internet Explorer\IEXPLORE32.New
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\1XConfig.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\IEXPLORE32.New
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\cc071.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\conime.exe
C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
C:\Program Files\BellCanada\McciTrayApp.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE

O2 - BHO: AdPopup - {11F09AFD-75AD-4E51-AB43-E09E9351CE16} - C:\Program Files\Common Files\CPUSH\cpush.dll
O2 - BHO: Info cache - {385AB8C6-FB22-4D17-8834-064E2BA0A6F0} - C:\Documents and Settings\All Users\Application Data\Microsoft\PCTools\pctools.dll
O2 - BHO: Invoke Class - {77929B3F-50EB-449b-9982-CAD99180EC0F} - C:\WINDOWS\system32\ecc1.dll
O2 - BHO: Internet Enhanced Objects - {986488AF-13D5-9DDF-4FEF-9FB88698CFC1} - C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\USERDATA\webbrowser_2026.dll
O2 - BHO: (no name) - {A45B2C37-01D0-4D3E-BE5E-CC119B17BE9E} - C:\Program Files\Internet Explorer\IEXPLORE32.win
O2 - BHO: (no name) - {c5af49a2-94f3-42bd-f434-2604812c897d} - (no file)
O2 - BHO: (no name) - {C5E87A05-F463-4841-B19E-DD3EC3862368} - C:\Program Files\Internet Explorer\IEXPLORE32.Sys (file missing)
O2 - BHO: (no name) - {D29DCEE0-457B-45A2-A92D-741B95B7723B} - C:\Program Files\Internet Explorer\PLUGINS\Ns_Sys55.Sys
O2 - BHO: Thunder5?????? - {EA2FCCA9-F44F-43DD-9724-9339950D103C} - C:\WINDOWS\ThunderHelper04.dll
O2 - BHO: (no name) - {EE12D60D-AD9A-4095-B839-3BE6862679FD} - C:\Program Files\Internet Explorer\IEXPLORE32.Dat
O2 - BHO: (no name) - {FFB3D068-F8DA-4370-A71E-83B1C959CDD6} - (no file)
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [ZCfgSvc.exe] C:\WINDOWS\system32\ZCfgSvc.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [BellCanada_McciTrayApp] C:\Program Files\BellCanada\McciTrayApp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [WSockDrv32] C:\WINDOWS\WSockDrv32.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKLM\..\Policies\Explorer\Run: [731] rundll32 C:\WINDOWS\system32\be1.dll,Always
O4 - HKLM\..\Policies\Explorer\Run: [f4bb] rundll32 "C:\WINDOWS\Downlo~1\f4bb.dll",Run
O4 - HKLM\..\Policies\Explorer\Run: [4b9a] C:\WINDOWS\system32\4b9a.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: msword.lnk = C:\WINDOWS\system32\ccwle080307.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: 易趣购物 - C:\Program Files\AD4All\link1\ebaylink.htm
O9 - Extra button: ?a??a - {06926B30-424E-4f1c-8EE3-543CD96573DC} - http://blank.la/?h (file missing)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: ??e′????? - {7DBC6ADB-5788-4FB9-AEC3-B40A58AC11DF} - http://www.yiqilai.com (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {dfb852a3-47f8-48c4-a200-58cab36fd2a2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {dfb852a3-47f8-48c4-a200-58cab36fd2a2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: 1o?? - {EE60714F-AC17-427e-861A-FD60CBDF119A} - http://www.dayofday.cn/cl/?b (file missing)
O9 - Extra 'Tools' menuitem: 1o?? - {EE60714F-AC17-427e-861A-FD60CBDF119A} - http://www.dayofday.cn/cl/?b (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/u...can_unicode.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: wfhyt.dll,kghk.dll,ethsh.dll,stehs.dll,sthth.dll,frntrn.dll,qrhhb.dll,drghszd.dll,fngn.dll,gjjte.dll,xgnfn.dll,xfgnhcgfm.dll,serger.dll,bnxnb.dll,fxgnfx.dll,jzijj.dll,xfgnfx.dll,serghjm.dll,thsddh.dll,xbcvxb.dll,zfdzb.dll,xdndn.dll,xdfntt.dll,hgfhk.dll,dnteh.dll,xfng.dll,njritc.dll,chmfcmh.dll,jwlah.dll,gmnait.dll,hfjg.dll,thurh.dll,mgmgmm.dll,oqrthc.dll,fehom.dll,jyjlt.dll,ijatnaw.dll,sehhter.dll,fhjfg.dll,zdbdb.dll,ydgn.dll,dbfb.dll,fjnbv.dll,wmsat.dll,setrhes.dll,cdxbfxdb.dll,xfgnxfn.dll,gjkhj.dll,xdhdg.dll,rhs.dll,mrjhtjd.dll,zdbfbd.dll,fjyjy.dll,fxnfnh.dll,bjrvm.dll,ektvm.dll,rdthr.dll,rgfjj.dll,dscef.dll,crugd.dll,lariytrz.dll,hjaiq.dll,kduy.dll,hkfgh.dll,awef.dll,dfhsh.dll,msepbe.dll,
O20 - Winlogon Notify: nnnomgys - C:\WINDOWS\
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\system32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\system32\S24EvMon.exe
O23 - Service: Windows System Event (SystemLog) - Unknown owner - C:\WINDOWS\TEMP\Servlee.ex (file missing)
O23 - Service: COM+ Windows System (WinCOM) - Unknown owner - C:\WINDOWS\system32\wincom.exe (file missing)

--
End of file - 9167 bytes


I hope I did this right.. please tell me what to do it will be greatly appreciated.
Thank you.

Edited by susupopo, 01 May 2008 - 01:29 PM.


BC AdBot (Login to Remove)

 


#2 susupopo

susupopo
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:01:49 AM

Posted 01 May 2008 - 01:35 PM

I've added the dss file as well as the HJT file...

thank you for the assistance ...I am a virgin user.

#3 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:10:49 PM

Posted 20 May 2008 - 04:42 PM

Hello susupopo,

I am SifuMike and I will be helping you. It looks like you are running some non-English programs on your computer. What language is it I am seeing in your log?

avp.exe & avgas.exe - corrupt file.

avgas.exe is part of AVG anti-Spyware.

avp.exe is a process belonging to Kaspersky Internet Security Suite;
I dont see Kaspersky Internet Security Suite installed on your computer.

AVG Anti-Spyware is no longer available
http://free.grisoft.com/ww.download-avg-an...nd-anti-rootkit

Before we start, you need to realize that you are missing one important program on that computer: An antivirus.

This is somewhat suicidal in today's digital world. :thumbsup:

You need to install an antivirus program as soon as you can and run a complete scan of the computer.

I recommend you download the free

Avast or
AntiVir or
AVG antivirus

Products from all three vendors received the Virus Bulletin's VB100% award and certification for virus detection from ICSA Labs.

Never install more than one antivirus scanner or firewall on your system! Several together can give you problems and decrease the reliability of it seriously!

After you run antivirus program, please post the anvtivirus log and we will go from there.

Edited by SifuMike, 20 May 2008 - 04:56 PM.
add AVG Anti-Spyware link

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users