Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijackthis Scan Log, Please Help Diagnose


  • This topic is locked This topic is locked
13 replies to this topic

#1 yrhc@eht

yrhc@eht

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:05:54 PM

Posted 08 November 2006 - 05:31 AM

here is my hijackthis scan log, please help me diagnose and solve my computer problem, thank you




Logfile of HijackThis v1.99.1
Scan saved at 15:09:30, on 2006-11-7
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Yahoo!\Assistant\yassistse.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\Intel\rundll32.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\Downloads\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe

R3 - URLSearchHook: 雅虎助手 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll
O1 - Hosts: 202.75.218.253 www.hao123.com
O1 - Hosts: 202.75.218.253 www.7b.com.cn
O1 - Hosts: 202.75.218.253 www.7939.com
O1 - Hosts: 202.75.218.253 www.360safe.com
O1 - Hosts: 202.75.218.253 360safe.com
O1 - Hosts: 202.75.218.253 update.360safe.com
O1 - Hosts: 202.75.218.253 dl.360safe.com
O1 - Hosts: 202.75.218.253 bbs.360safe.com
O1 - Hosts: 202.75.218.253 count16.51yes.com
O1 - Hosts: 202.75.218.253 count18.51yes.com
O1 - Hosts: 202.75.218.253 count20.51yes.com
O1 - Hosts: 202.75.218.253 www.btbaicai.com
O1 - Hosts: 202.75.218.253 btbaicai.com
O1 - Hosts: 202.75.218.253 www.pctutu.com
O1 - Hosts: 202.75.218.253 www.7322.com
O1 - Hosts: 202.75.218.253 www.5566.net
O1 - Hosts: 202.75.218.253 www.9991.com
O1 - Hosts: 202.75.218.253 forum.ikaka.com
O1 - Hosts: 202.75.218.253 www.ikaka.com
O1 - Hosts: 202.75.218.253 www.piaoxue.com
O1 - Hosts: 202.75.218.253 forum.jiangmin.com
O1 - Hosts: 202.75.218.253 update.jiangmin.com
O1 - Hosts: 202.75.218.253 post.baidu.com
O1 - Hosts: 202.75.218.253 zhidao.baidu.com
O1 - Hosts: 202.75.218.253 update.rising.com.cn
O1 - Hosts: 202.75.218.253 online.rising.com.cn
O1 - Hosts: 202.75.218.253 dl.pconline.com.cn
O1 - Hosts: 202.75.218.253 space.uwants.com
O1 - Hosts: 202.75.218.253 www.pcav.cn
O1 - Hosts: 202.75.218.253 mopery.hits.io
O1 - Hosts: 202.75.218.253 www.goodmv.cn
O1 - Hosts: 202.75.218.253 www.5566.net
O1 - Hosts: 202.75.218.253 www.piaoxue.com
O1 - Hosts: 202.75.218.253 www.luosoft.com
O1 - Hosts: 202.75.218.253 luosoft.com
O1 - Hosts: 202.75.218.253 www.7255.com
O1 - Hosts: 202.75.218.253 dl.pconline.com.cn
O1 - Hosts: 202.75.218.253 www.spjoy.com
O1 - Hosts: 202.75.218.253 c01.caishow.com
O1 - Hosts: 202.75.218.253 c02.caishow.com
O1 - Hosts: 202.75.218.253 c03.caishow.com
O1 - Hosts: 202.75.218.253 c04.caishow.com
O1 - Hosts: 202.75.218.253 www.caishow.com
O1 - Hosts: 202.75.218.253 union.caishow.com
O1 - Hosts: 202.75.218.253 ad01.a8.com
O1 - Hosts: 202.75.218.253 ad02.a8.com
O1 - Hosts: 202.75.218.253 sg.a8.com
O1 - Hosts: 202.75.218.253 www.adanywhere.cn
O1 - Hosts: 202.75.218.253 ip.adanywhere.cn
O1 - Hosts: 202.75.218.253 ip1.adanywhere.cn
O1 - Hosts: 202.75.218.253 ip2.adanywhere.cn
O1 - Hosts: 202.75.218.253 www.bannerbox.cn
O1 - Hosts: 202.75.218.253 www.caiqiyue.com
O1 - Hosts: 202.75.218.253 www.2t2t.cn
O1 - Hosts: 202.75.218.253 3.a.kal.cn
O1 - Hosts: 202.75.218.253 ip.alexaanywhere.com
O1 - Hosts: 202.75.218.253 go.ipcenter.cn
O1 - Hosts: 202.75.218.253 www.2yin.cn
O1 - Hosts: 202.75.218.253 wwww.systeel.com.cn
O1 - Hosts: 202.75.218.253 go.baibaoxiang.cn
O1 - Hosts: 202.75.218.253 www.gao58.com
O1 - Hosts: 202.75.218.253 www.2tu.cn
O1 - Hosts: 202.75.218.253 www.91tu.cn
O1 - Hosts: 202.75.218.253 www.haotop.com
O1 - Hosts: 202.75.218.253 news01.virussky.com
O1 - Hosts: 202.75.218.253 news02.virussky.com
O1 - Hosts: 202.75.218.253 news03.virussky.com
O1 - Hosts: 202.75.218.253 news04.virussky.com
O1 - Hosts: 202.75.218.253 news40.virussky.com
O1 - Hosts: 202.75.218.253 news41.virussky.com
O1 - Hosts: 202.75.218.253 news42.virussky.com
O1 - Hosts: 202.75.218.253 www.an85.com
O1 - Hosts: 202.75.218.253 an85.com
O1 - Hosts: 202.75.218.253 www.ycdy.com
O1 - Hosts: 202.75.218.253 ycdy.com
O1 - Hosts: 202.75.218.253 down.virussky.com
O1 - Hosts: 202.75.218.253 update.virussky.com
O1 - Hosts: 202.75.218.253 www.maipao.com
O1 - Hosts: 202.75.218.253 www.sina-baidu.com
O1 - Hosts: 202.75.218.253 www.maohehe.com
O1 - Hosts: 202.75.218.253 www.1717kan.cn
O1 - Hosts: 202.75.218.253 www.feixue.net
O1 - Hosts: 202.75.218.253 www.xingkongitv.com
O1 - Hosts: 202.75.218.253 about-blank.cc
O1 - Hosts: 202.75.218.253 www.xfkz.com
O1 - Hosts: 202.75.218.253 xfkz.com
O1 - Hosts: 202.75.218.253 www.365tan.com
O1 - Hosts: 202.75.218.253 cg.9e3.com
O1 - Hosts: 202.75.218.253 www.qqplayer.net
O1 - Hosts: 202.75.218.253 www.sosok.com
O1 - Hosts: 202.75.218.253 img.zhangxiu.com
O1 - Hosts: 202.75.218.253 www.okeaa.com
O1 - Hosts: 202.75.218.253 www.winopen.cn
O1 - Hosts: 202.75.218.253 dnl-eu1.kaspersky-labs.com
O1 - Hosts: 202.75.218.253 dnl-eu2.kaspersky-labs.com
O1 - Hosts: 202.75.218.253 dnl-eu3.kaspersky-labs.com
O1 - Hosts: 202.75.218.253 dnl-eu4.kaspersky-labs.com
O1 - Hosts: 202.75.218.253 dnl-eu5.kaspersky-labs.com
O1 - Hosts: 202.75.218.253 dnl-us1.kaspersky-labs.com
O1 - Hosts: 202.75.218.253 dnl-us2.kaspersky-labs.com
O1 - Hosts: 202.75.218.253 dnl-us3.kaspersky-labs.com
O2 - BHO: Yahoo!Photo - {33BBE430-0E42-4f12-B075-8D21ACB10DCB} - C:\PROGRA~1\Yahoo!\ASSIST~1\assist\yphtb.dll
O2 - BHO: Anti Fish - {38928D50-8A48-44C2-945F-D2F23F771410} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yangling.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: YDragSearch - {62EED7C6-9F02-42f9-B634-98E2899E147B} - C:\PROGRA~1\Yahoo!\ASSIST~1\assist\YDRAGS~1.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {AF3876B1-7D5F-4F0F-BECA-A6324D125A48} - C:\WINDOWS\system32\ATIDEMGREDEM.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: IEHlprObj Class - {EAACBF9E-4B91-45FF-93ED-B297093951EA} - C:\Program Files\Internet Explorer\PLUGINS\Flash_Player.dll
O2 - BHO: AssistHelper - {FE3ECAE7-0A37-4506-8A7D-3CC9A04D2CA8} - C:\PROGRA~1\Yahoo!\ASSIST~1\assist\yassist.dll
O3 - Toolbar: 雅虎助手 - {406F94F0-504F-4A40-8DFD-58B0666ABEBD} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Lexmark 2200 Series] rem "C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe"
O4 - HKLM\..\Run: [SoundMan] rem SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [YLive.exe] rem C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe
O4 - HKLM\..\Run: [yassistse] "C:\PROGRA~1\Yahoo!\Assistant\yassistse.exe"
O4 - HKLM\..\Run: [kav] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [A] C:\WINDOWS\System32\rundll32.exe msad.dll s
O4 - HKLM\..\Run: [rzt] C:\WINDOWS\Intel\rundll32.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [updatereal] C:\WINDOWS\realupdate.exe other
O4 - HKCU\..\Run: [msnnt] C:\WINDOWS\winamph.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: 氝樓善捇誥隆堐(&Y) - res://C:\PROGRA~1\Yahoo!\ASSIST~1\assist\yrss.dll/YRSSMENUEXT
O8 - Extra context menu item: 添加到雅虎订阅(&Y) - res://C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yrss.dll/YRSSMENUEXT
O8 - Extra context menu item: 设为 Messenger Live 头像 - C:\Program Files\MSNShell\BIN\SetMSNDP.htm
O8 - Extra context menu item: 雅虎搜索 - res://C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll/203
O9 - Extra button: MSN Shell 4 - {0713E8D2-850A-101B-AFC0-4210102A8DA7} - C:\Program Files\MSNShell\Bin\MSNShell.exe
O9 - Extra 'Tools' menuitem: MSN Shell 4 - {0713E8D2-850A-101B-AFC0-4210102A8DA7} - C:\Program Files\MSNShell\Bin\MSNShell.exe
O9 - Extra button: Web毀瓷馮悵誘 - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O16 - DPF: Yahoo! Pool 2 - http://download2.games.yahoo.com/games/clients/y/poti_x.cab
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab46479.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab32846.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab32846.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab34246.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/binframework/v10/StProxy.cab41227.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab
O18 - Protocol: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll
O18 - Protocol: cdl - {3DD53D40-7B8B-11D0-B013-00AA0059CE02} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\System32\msvidctl.dll
O18 - Protocol: file - {79EAC9E7-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: ftp - {79EAC9E3-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: gopher - {79EAC9E4-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: http - {79EAC9E2-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: https - {79EAC9E5-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: ipp - (no CLSID) - (no file)
O18 - Protocol: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\System32\itss.dll
O18 - Protocol: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: local - {79EAC9E7-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: mailto - {3050F3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll
O18 - Protocol: mhtml - {05300401-BCBC-11D0-85E3-00C04FD85AB4} - C:\WINDOWS\System32\inetcomm.dll
O18 - Protocol: mk - {79EAC9E6-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\System32\itss.dll
O18 - Protocol: msdaipp - (no CLSID) - (no file)
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll
O18 - Protocol: sysimage - {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\System32\mshtml.dll
O18 - Protocol: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\System32\msvidctl.dll
O18 - Protocol: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll
O18 - Protocol: vnd.ms.radio - {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\WINDOWS\System32\msdxm.ocx
O18 - Protocol: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\System32\wiascr.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\System32\klogon.dll
O21 - SSODL: DLMon - {590498A3-4131-4D8F-BA4B-36791A0803B1} - (no file)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: 卡巴斯基反病毒软件6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (Omega 1.6693) (Q) (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe




and beside that, i hav a serious problem when evertime i open computer, many system error box write "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\scvhost.exe is not a valid Win32 application"
popout!

Edited by yrhc@eht, 08 November 2006 - 05:53 AM.


BC AdBot (Login to Remove)

 


#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:04:54 AM

Posted 08 November 2006 - 04:15 PM

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. :thumbsup:

Please download AVG Anti-Spyware and save that file to your desktop.
This is a 30 day trial of the program
  • Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double-click it to launch the set up program.
  • Once the setup is complete you will need run ewido and update the definition files.
  • On the main screen select the icon "Update" then select the "Update now" link.
    • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
  • Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  • Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
  • Under "Reports"
    • Select "Automatically generate report after every scan"
    • Un-Select "Only if threats were found"
Close AVG Anti-Spyware. Do not run a scan just yet. We will shortly.
  • Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.

  • Clean out your Temporary Internet files.
    • Internet Explorer
      • Close Internet Explorer and close any instances of Windows Explorer.
      • Click Start -> Control Panel and then double-click Internet Options.
      • On the General tab, click Delete Files under Temporary Internet Files.
      • In the Delete Files dialog box, tick the Delete all offline content check box , and then click OK.
      • On the General tab, click Delete Cookies under Temporary Internet Files, and then click OK.
      • Click on the Programs tab then click the Reset Web Settings button. Click Apply then OK.
      • Click OK.
    • Firefox (In case you also have Firefox installed)
      • Open Firefox and go to Tools -> Options.
      • Click Privacy in the menu on the left side of the Options window.
      • Click the Clear button located to the right of each option (History, Cookies, Cache).
      • Click OK to close the Options window.
        Alternatively, you can clear all information stored while browsing by clicking Clear All.
        A confirmation dialog box will be shown before clearing the information.
    IMPORTANT: Close all windows and do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess.

  • Lauch AVG Anti-Spyware by double-clicking the icon on your desktop.
  • Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
  • AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time.
    Once the scan is complete do the following:
  • If you have any infections you will prompted, then select "Apply all actions"
  • Next select the "Reports" icon at the top.
  • Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
Close AVG Anti-Spyware and reboot your system back into Normal Mode.
Post the results of the AVG Anti-Spyware scan report along with a new hijackthis log.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 yrhc@eht

yrhc@eht
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:05:54 PM

Posted 08 November 2006 - 11:28 PM

thank you, here is my results of the AVG Anti-Spyware scan report along with a new hijackthis log,


---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 上午 12:56:12 2006/11/8

+ Scan result:



C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\W14JWNGR\xnqot[1].cab/wmpns.dll/cdnaux.dll -> Adware.Cdn : Cleaned with backup (quarantined).
C:\Program Files\3721\assist\assist.dll -> Adware.Cdn : Cleaned with backup (quarantined).
C:\Program Files\3721\ske\snpmw.dll/cdnaux.dll -> Adware.Cdn : Cleaned with backup (quarantined).
C:\Program Files\3721\ske\wmpns.cab/wmpns.dll/cdnaux.dll -> Adware.Cdn : Cleaned with backup (quarantined).
C:\Program Files\3721\ske\wmpns.dll/cdnaux.dll -> Adware.Cdn : Cleaned with backup (quarantined).
C:\Program Files\Yahoo!\Assistant\Assist\yieacore.dll/cdnaux.dll -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{7C18EC2E-1FCE-4AAB-9988-A6AA2AFA9A58}\RP15\A0004280.exe -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{7C18EC2E-1FCE-4AAB-9988-A6AA2AFA9A58}\RP15\A0004305.dll -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{7C18EC2E-1FCE-4AAB-9988-A6AA2AFA9A58}\RP15\A0004306.dll -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{7C18EC2E-1FCE-4AAB-9988-A6AA2AFA9A58}\RP16\A0007932.dll/cdnaux.dll -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{7C18EC2E-1FCE-4AAB-9988-A6AA2AFA9A58}\RP16\A0007936.dll/cdnaux.dll -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{7C18EC2E-1FCE-4AAB-9988-A6AA2AFA9A58}\RP16\A0007939.dll -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{7C18EC2E-1FCE-4AAB-9988-A6AA2AFA9A58}\RP16\A0007942.dll -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{7C18EC2E-1FCE-4AAB-9988-A6AA2AFA9A58}\RP16\A0007943.dll -> Adware.Cdn : Cleaned with backup (quarantined).
HKLM\SOFTWARE\3721 -> Adware.CnsMin : Cleaned with backup (quarantined).
HKLM\SOFTWARE\3721\Assist -> Adware.CnsMin : Cleaned with backup (quarantined).
HKLM\SOFTWARE\3721\AutoLive -> Adware.CnsMin : Cleaned with backup (quarantined).
HKLM\SOFTWARE\3721\ske -> Adware.CnsMin : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\Assist.EasyAssist -> Adware.CnsMin : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\Assist.EasyAssist.1 -> Adware.CnsMin : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\Assist.EasyAssist\CLSID -> Adware.CnsMin : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\Assist.EasyAssist\CurVer -> Adware.CnsMin : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\AutoLive.Live -> Adware.CnsMin : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\AutoLive.Live.1 -> Adware.CnsMin : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\AutoLive.Live\CLSID -> Adware.CnsMin : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\AutoLive.Live\CurVer -> Adware.CnsMin : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{38928D50-8A48-44C2-945F-D2F23F771410} -> Adware.CnsMin : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{38928D50-8A48-44C2-945F-D2F23F771410} -> Adware.CnsMin : Cleaned with backup (quarantined).
C:\Program Files\CNX\Shui Hu Fantasy Online\local.ver -> Adware.DriveCleaner : Cleaned with backup (quarantined).
C:\Program Files\Internet Explorer\PLUGINS\Flash_Player.dll -> Adware.IEHlpr : Cleaned with backup (quarantined).
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\9L8XBBFG\ku6[1].htm -> Downloader.IstBar.ai : Cleaned with backup (quarantined).
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\LDY3AMIN\so[1].htm -> Downloader.IstBar.ai : Cleaned with backup (quarantined).
C:\Documents and Settings\All Users\Templates\temp.exe -> Downloader.QQHelper.na : Cleaned with backup (quarantined).
C:\WINDOWS\realupdate.exe -> Downloader.Small.dts : Cleaned with backup (quarantined).
C:\WINDOWS\winamph.exe -> Downloader.Small.dts : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{pchome}\.setupa\avph.exe -> Dropper.Agent.awb : Cleaned with backup (quarantined).
C:\WINDOWS\update10.exe -> Dropper.Delf.aan : Cleaned with backup (quarantined).
C:\WINDOWS\update14.exe -> Dropper.Delf.aan : Cleaned with backup (quarantined).
C:\WINDOWS\update15.exe -> Dropper.Delf.aan : Cleaned with backup (quarantined).
C:\WINDOWS\update17.exe -> Dropper.Delf.aan : Cleaned with backup (quarantined).
C:\WINDOWS\update18.exe -> Dropper.Delf.aan : Cleaned with backup (quarantined).
C:\WINDOWS\update19.exe -> Dropper.Delf.aan : Cleaned with backup (quarantined).
C:\WINDOWS\update20.exe -> Dropper.Delf.aan : Cleaned with backup (quarantined).
C:\WINDOWS\update21.exe -> Dropper.Delf.aan : Cleaned with backup (quarantined).
C:\WINDOWS\update22.exe -> Dropper.Delf.aan : Cleaned with backup (quarantined).
C:\WINDOWS\update23.exe -> Dropper.Delf.aan : Cleaned with backup (quarantined).
C:\WINDOWS\update3.exe -> Dropper.Delf.aan : Cleaned with backup (quarantined).
C:\WINDOWS\update4.exe -> Dropper.Delf.aan : Cleaned with backup (quarantined).
C:\WINDOWS\update7.exe -> Dropper.Delf.aan : Cleaned with backup (quarantined).
C:\WINDOWS\update.exe -> Dropper.Delf.aaq : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{7C18EC2E-1FCE-4AAB-9988-A6AA2AFA9A58}\RP20\A0012595.dll -> Hijacker.Agent.h : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{7C18EC2E-1FCE-4AAB-9988-A6AA2AFA9A58}\RP15\A0005514.exe -> Hijacker.BHO.h : Cleaned with backup (quarantined).
C:\Documents and Settings\Administrator\Cookies\administrator@adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned.
C:\System Volume Information\_restore{7C18EC2E-1FCE-4AAB-9988-A6AA2AFA9A58}\RP15\A0002269.dll -> Trojan.Agent.aac : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{7C18EC2E-1FCE-4AAB-9988-A6AA2AFA9A58}\RP15\A0003270.dll -> Trojan.Agent.aac : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{7C18EC2E-1FCE-4AAB-9988-A6AA2AFA9A58}\RP15\A0004270.dll -> Trojan.Agent.aac : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{7C18EC2E-1FCE-4AAB-9988-A6AA2AFA9A58}\RP15\A0004308.dll -> Trojan.Agent.aac : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{7C18EC2E-1FCE-4AAB-9988-A6AA2AFA9A58}\RP15\A0005302.dll -> Trojan.Agent.aac : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{7C18EC2E-1FCE-4AAB-9988-A6AA2AFA9A58}\RP15\A0005319.dll -> Trojan.Agent.aac : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{7C18EC2E-1FCE-4AAB-9988-A6AA2AFA9A58}\RP15\A0005358.dll -> Trojan.Agent.aac : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{7C18EC2E-1FCE-4AAB-9988-A6AA2AFA9A58}\RP15\A0005402.dll -> Trojan.Agent.aac : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{7C18EC2E-1FCE-4AAB-9988-A6AA2AFA9A58}\RP15\A0005436.dll -> Trojan.Agent.aac : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{7C18EC2E-1FCE-4AAB-9988-A6AA2AFA9A58}\RP15\A0005495.dll -> Trojan.Agent.aac : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{7C18EC2E-1FCE-4AAB-9988-A6AA2AFA9A58}\RP15\A0005529.dll -> Trojan.Agent.aac : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{7C18EC2E-1FCE-4AAB-9988-A6AA2AFA9A58}\RP15\A0005570.dll -> Trojan.Agent.aac : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{7C18EC2E-1FCE-4AAB-9988-A6AA2AFA9A58}\RP15\A0005596.dll -> Trojan.Agent.aac : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{7C18EC2E-1FCE-4AAB-9988-A6AA2AFA9A58}\RP15\A0005628.dll -> Trojan.Agent.aac : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{7C18EC2E-1FCE-4AAB-9988-A6AA2AFA9A58}\RP15\A0005649.dll -> Trojan.Agent.aac : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{7C18EC2E-1FCE-4AAB-9988-A6AA2AFA9A58}\RP16\A0005670.dll -> Trojan.Agent.aac : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{7C18EC2E-1FCE-4AAB-9988-A6AA2AFA9A58}\RP16\A0005682.dll -> Trojan.Agent.aac : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{7C18EC2E-1FCE-4AAB-9988-A6AA2AFA9A58}\RP15\A0005335.dll -> Trojan.Agent.ib : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{7C18EC2E-1FCE-4AAB-9988-A6AA2AFA9A58}\RP15\A0005614.dll -> Trojan.Agent.ib : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{7C18EC2E-1FCE-4AAB-9988-A6AA2AFA9A58}\RP20\A0012598.exe -> Trojan.Agent.tl : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{pchome}\.setupa\dllhosth.dll -> Trojan.Agent.tl : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{7C18EC2E-1FCE-4AAB-9988-A6AA2AFA9A58}\RP16\A0005715.dll -> Trojan.BCB.n : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{7C18EC2E-1FCE-4AAB-9988-A6AA2AFA9A58}\RP16\A0005762.dll -> Trojan.BCB.n : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{7C18EC2E-1FCE-4AAB-9988-A6AA2AFA9A58}\RP16\A0006762.dll -> Trojan.BCB.n : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{7C18EC2E-1FCE-4AAB-9988-A6AA2AFA9A58}\RP16\A0006799.dll -> Trojan.BCB.n : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{7C18EC2E-1FCE-4AAB-9988-A6AA2AFA9A58}\RP16\A0007762.dll -> Trojan.BCB.n : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{7C18EC2E-1FCE-4AAB-9988-A6AA2AFA9A58}\RP16\A0007777.dll -> Trojan.BCB.n : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{7C18EC2E-1FCE-4AAB-9988-A6AA2AFA9A58}\RP16\A0007951.dll -> Trojan.BCB.n : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{7C18EC2E-1FCE-4AAB-9988-A6AA2AFA9A58}\RP16\A0007964.dll -> Trojan.BCB.n : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{7C18EC2E-1FCE-4AAB-9988-A6AA2AFA9A58}\RP16\A0007993.dll -> Trojan.BCB.n : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{7C18EC2E-1FCE-4AAB-9988-A6AA2AFA9A58}\RP16\A0008993.dll -> Trojan.BCB.n : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{7C18EC2E-1FCE-4AAB-9988-A6AA2AFA9A58}\RP16\A0009045.dll -> Trojan.BCB.n : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{7C18EC2E-1FCE-4AAB-9988-A6AA2AFA9A58}\RP16\A0009052.dll -> Trojan.BCB.n : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{7C18EC2E-1FCE-4AAB-9988-A6AA2AFA9A58}\RP18\A0009149.dll -> Trojan.BCB.n : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{7C18EC2E-1FCE-4AAB-9988-A6AA2AFA9A58}\RP18\A0009167.dll -> Trojan.BCB.n : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{7C18EC2E-1FCE-4AAB-9988-A6AA2AFA9A58}\RP19\A0009174.dll -> Trojan.BCB.n : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{7C18EC2E-1FCE-4AAB-9988-A6AA2AFA9A58}\RP19\A0009202.dll -> Trojan.BCB.n : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{7C18EC2E-1FCE-4AAB-9988-A6AA2AFA9A58}\RP19\A0009204.dll -> Trojan.BCB.n : Cleaned with backup (quarantined).
C:\wz041.dll -> Trojan.BCB.n : Cleaned with backup (quarantined).
C:\Program Files\3721\ske\fsk.dll -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{7C18EC2E-1FCE-4AAB-9988-A6AA2AFA9A58}\RP16\A0007930.dll -> Trojan.Small : Cleaned with backup (quarantined).


::Report end






Logfile of HijackThis v1.99.1
Scan saved at 上午 01:20:31, on 2006/11/8
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Yahoo!\Assistant\yassistse.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Downloads\HijackThis.exe

O1 - Hosts: 202.75.218.253 www.hao123.com
O1 - Hosts: 202.75.218.253 www.7b.com.cn
O1 - Hosts: 202.75.218.253 www.7939.com
O1 - Hosts: 202.75.218.253 www.360safe.com
O1 - Hosts: 202.75.218.253 360safe.com
O1 - Hosts: 202.75.218.253 update.360safe.com
O1 - Hosts: 202.75.218.253 dl.360safe.com
O1 - Hosts: 202.75.218.253 bbs.360safe.com
O1 - Hosts: 202.75.218.253 count16.51yes.com
O1 - Hosts: 202.75.218.253 count18.51yes.com
O1 - Hosts: 202.75.218.253 count20.51yes.com
O1 - Hosts: 202.75.218.253 www.btbaicai.com
O1 - Hosts: 202.75.218.253 btbaicai.com
O1 - Hosts: 202.75.218.253 www.pctutu.com
O1 - Hosts: 202.75.218.253 www.7322.com
O1 - Hosts: 202.75.218.253 www.5566.net
O1 - Hosts: 202.75.218.253 www.9991.com
O1 - Hosts: 202.75.218.253 forum.ikaka.com
O1 - Hosts: 202.75.218.253 www.ikaka.com
O1 - Hosts: 202.75.218.253 www.piaoxue.com
O1 - Hosts: 202.75.218.253 forum.jiangmin.com
O1 - Hosts: 202.75.218.253 update.jiangmin.com
O1 - Hosts: 202.75.218.253 post.baidu.com
O1 - Hosts: 202.75.218.253 zhidao.baidu.com
O1 - Hosts: 202.75.218.253 update.rising.com.cn
O1 - Hosts: 202.75.218.253 online.rising.com.cn
O1 - Hosts: 202.75.218.253 dl.pconline.com.cn
O1 - Hosts: 202.75.218.253 space.uwants.com
O1 - Hosts: 202.75.218.253 www.pcav.cn
O1 - Hosts: 202.75.218.253 mopery.hits.io
O1 - Hosts: 202.75.218.253 www.goodmv.cn
O1 - Hosts: 202.75.218.253 www.5566.net
O1 - Hosts: 202.75.218.253 www.piaoxue.com
O1 - Hosts: 202.75.218.253 www.luosoft.com
O1 - Hosts: 202.75.218.253 luosoft.com
O1 - Hosts: 202.75.218.253 www.7255.com
O1 - Hosts: 202.75.218.253 dl.pconline.com.cn
O1 - Hosts: 202.75.218.253 www.spjoy.com
O1 - Hosts: 202.75.218.253 c01.caishow.com
O1 - Hosts: 202.75.218.253 c02.caishow.com
O1 - Hosts: 202.75.218.253 c03.caishow.com
O1 - Hosts: 202.75.218.253 c04.caishow.com
O1 - Hosts: 202.75.218.253 www.caishow.com
O1 - Hosts: 202.75.218.253 union.caishow.com
O1 - Hosts: 202.75.218.253 ad01.a8.com
O1 - Hosts: 202.75.218.253 ad02.a8.com
O1 - Hosts: 202.75.218.253 sg.a8.com
O1 - Hosts: 202.75.218.253 www.adanywhere.cn
O1 - Hosts: 202.75.218.253 ip.adanywhere.cn
O1 - Hosts: 202.75.218.253 ip1.adanywhere.cn
O1 - Hosts: 202.75.218.253 ip2.adanywhere.cn
O1 - Hosts: 202.75.218.253 www.bannerbox.cn
O1 - Hosts: 202.75.218.253 www.caiqiyue.com
O1 - Hosts: 202.75.218.253 www.2t2t.cn
O1 - Hosts: 202.75.218.253 3.a.kal.cn
O1 - Hosts: 202.75.218.253 ip.alexaanywhere.com
O1 - Hosts: 202.75.218.253 go.ipcenter.cn
O1 - Hosts: 202.75.218.253 www.2yin.cn
O1 - Hosts: 202.75.218.253 wwww.systeel.com.cn
O1 - Hosts: 202.75.218.253 go.baibaoxiang.cn
O1 - Hosts: 202.75.218.253 www.gao58.com
O1 - Hosts: 202.75.218.253 www.2tu.cn
O1 - Hosts: 202.75.218.253 www.91tu.cn
O1 - Hosts: 202.75.218.253 www.haotop.com
O1 - Hosts: 202.75.218.253 news01.virussky.com
O1 - Hosts: 202.75.218.253 news02.virussky.com
O1 - Hosts: 202.75.218.253 news03.virussky.com
O1 - Hosts: 202.75.218.253 news04.virussky.com
O1 - Hosts: 202.75.218.253 news40.virussky.com
O1 - Hosts: 202.75.218.253 news41.virussky.com
O1 - Hosts: 202.75.218.253 news42.virussky.com
O1 - Hosts: 202.75.218.253 www.an85.com
O1 - Hosts: 202.75.218.253 an85.com
O1 - Hosts: 202.75.218.253 www.ycdy.com
O1 - Hosts: 202.75.218.253 ycdy.com
O1 - Hosts: 202.75.218.253 down.virussky.com
O1 - Hosts: 202.75.218.253 update.virussky.com
O1 - Hosts: 202.75.218.253 www.maipao.com
O1 - Hosts: 202.75.218.253 www.sina-baidu.com
O1 - Hosts: 202.75.218.253 www.maohehe.com
O1 - Hosts: 202.75.218.253 www.1717kan.cn
O1 - Hosts: 202.75.218.253 www.feixue.net
O1 - Hosts: 202.75.218.253 www.xingkongitv.com
O1 - Hosts: 202.75.218.253 about-blank.cc
O1 - Hosts: 202.75.218.253 www.xfkz.com
O1 - Hosts: 202.75.218.253 xfkz.com
O1 - Hosts: 202.75.218.253 www.365tan.com
O1 - Hosts: 202.75.218.253 cg.9e3.com
O1 - Hosts: 202.75.218.253 www.qqplayer.net
O1 - Hosts: 202.75.218.253 www.sosok.com
O1 - Hosts: 202.75.218.253 img.zhangxiu.com
O1 - Hosts: 202.75.218.253 www.okeaa.com
O1 - Hosts: 202.75.218.253 www.winopen.cn
O1 - Hosts: 202.75.218.253 dnl-eu1.kaspersky-labs.com
O1 - Hosts: 202.75.218.253 dnl-eu2.kaspersky-labs.com
O1 - Hosts: 202.75.218.253 dnl-eu3.kaspersky-labs.com
O1 - Hosts: 202.75.218.253 dnl-eu4.kaspersky-labs.com
O1 - Hosts: 202.75.218.253 dnl-eu5.kaspersky-labs.com
O1 - Hosts: 202.75.218.253 dnl-us1.kaspersky-labs.com
O1 - Hosts: 202.75.218.253 dnl-us2.kaspersky-labs.com
O1 - Hosts: 202.75.218.253 dnl-us3.kaspersky-labs.com
O2 - BHO: Yahoo!Photo - {33BBE430-0E42-4f12-B075-8D21ACB10DCB} - C:\PROGRA~1\Yahoo!\ASSIST~1\assist\yphtb.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: YDragSearch - {62EED7C6-9F02-42f9-B634-98E2899E147B} - C:\PROGRA~1\Yahoo!\ASSIST~1\assist\YDRAGS~1.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: IEHlprObj Class - {EAACBF9E-4B91-45FF-93ED-B297093951EA} - C:\Program Files\Internet Explorer\PLUGINS\Flash_Player.dll (file missing)
O2 - BHO: AssistHelper - {FE3ECAE7-0A37-4506-8A7D-3CC9A04D2CA8} - C:\PROGRA~1\Yahoo!\ASSIST~1\assist\yassist.dll
O3 - Toolbar: 捇誥翑忒 - {406F94F0-504F-4A40-8DFD-58B0666ABEBD} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [YLive.exe] rem C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe
O4 - HKLM\..\Run: [yassistse] "C:\PROGRA~1\Yahoo!\Assistant\yassistse.exe"
O4 - HKLM\..\Run: [kav] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [A] C:\WINDOWS\System32\rundll32.exe msad.dll s
O4 - HKLM\..\Run: [rzt] C:\WINDOWS\Intel\rundll32.exe
O4 - HKLM\..\Run: [wl] C:\WINDOWS\Download\svhost32.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [updatereal] rem C:\WINDOWS\realupdate.exe other
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: 氝樓善捇誥隆堐(&Y) - res://C:\PROGRA~1\Yahoo!\ASSIST~1\assist\yrss.dll/YRSSMENUEXT
O8 - Extra context menu item: 添加到雅虎订阅(&Y) - res://C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yrss.dll/YRSSMENUEXT
O8 - Extra context menu item: 设为 Messenger Live 头像 - C:\Program Files\MSNShell\BIN\SetMSNDP.htm
O8 - Extra context menu item: 雅虎搜索 - res://C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll/203
O9 - Extra button: MSN Shell 4 - {0713E8D2-850A-101B-AFC0-4210102A8DA7} - C:\Program Files\MSNShell\Bin\MSNShell.exe
O9 - Extra 'Tools' menuitem: MSN Shell 4 - {0713E8D2-850A-101B-AFC0-4210102A8DA7} - C:\Program Files\MSNShell\Bin\MSNShell.exe
O9 - Extra button: Web?棟鎌?悾 - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O16 - DPF: Yahoo! Pool 2 - http://download2.games.yahoo.com/games/clients/y/poti_x.cab
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab46479.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab32846.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab32846.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab34246.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/binframework/v10/StProxy.cab41227.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: klogon - C:\WINDOWS\System32\klogon.dll
O21 - SSODL: DLMon - {590498A3-4131-4D8F-BA4B-36791A0803B1} - (no file)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: 縐匙佴價毀瓷馮?璃6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (Omega 1.6693) (Q) (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

#4 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:04:54 AM

Posted 09 November 2006 - 06:30 PM

Download Hoster.

This will restore your original Host files.
Run the program and press Restore Original Hosts and press OK.


===============


Please download ComboFix and save it to your desktop.

IMPORTANT - Make sure the Combofix is saved to your desktop.

Click Start -> Run
Copy the command below and paste it into the Run box and click Ok.

"%userprofile%\desktop\combofix.exe" /wow

When it's done running it will produce a log for you. Please post that log in your next reply.

Important Note - Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#5 yrhc@eht

yrhc@eht
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:05:54 PM

Posted 11 November 2006 - 03:10 AM

i had save the file to my desktop and run the "%userprofile%\desktop\combofix.exe" /wow command
it was run but didn't produce any log for me after scan. then, i was found a combofix log in c:\
here is the log:

Administrator - 06-11-09 15:42:30.48 Service Pack 1
ComboFix 06.11.9W - Running from: "C:\Documents and Settings\Administrator\desktop"
Command switches used :: /wow

#6 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:04:54 AM

Posted 11 November 2006 - 04:16 PM

Please reboot your computer in SafeMode by doing the following:
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
  • Instead of Windows loading as normal, a menu should appear
  • Select the first option, to run Windows in Safe Mode.
  • If you have trouble getting into Safe mode go here for more info.
Try to run that command with Combofix in safe mode.
Post the log if you can get it to run.


Reboot back into normal mode.



Please run the F-Secure Online Scanner

Note: This Scanner is for Internet Explorer Only!
  • Follow the Instruction on the F-Secure page for proper installation.
  • Accept the License Agreement.
  • Once the ActiveX installs,Click Full System Scan
  • Once the download completes,the scan will begin automatically.
  • The scan will take some time to finish,so please be patient.
  • When the scan completes, click the Automatic cleaning (recommended) button.
  • Click the Show Report button and Copy&Paste the entire report in your next reply.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#7 yrhc@eht

yrhc@eht
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:05:54 PM

Posted 12 November 2006 - 12:54 PM

thank you again, here is my combofix scan log:

Administrator - 06-11-10 23:59:52.92 Service Pack 1
ComboFix 06.11.9W - Running from: "C:\Documents and Settings\Administrator\desktop"
Command switches used :: /wow

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Program Files\YAHOO!\Assist~1
C:\Program Files\YAHOO!\Assist~1
C:\Program Files\YAHOO!\Assist~1
C:\Program Files\YAHOO!\Assist~1


((((((((((((((((((((((((((((((( Files Created from 2006-10-09 to 2006-11-09 ))))))))))))))))))))))))))))))))))


2006-11-11 00:11 <DIR> d-------- C:\WINDOWS\erdnt
2006-11-09 20:37 <DIR> d-------- C:\Program Files\WinAVIVideoConverter
2006-11-09 08:44 <DIR> d-------- C:\Program Files\Common Files\xing shared
2006-11-09 08:41 <DIR> d-------- C:\Program Files\Real
2006-11-09 08:40 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Real
2006-11-09 08:31 <DIR> d-------- C:\Program Files\Codec Pack - All In 1
2006-11-09 08:12 86,016 --a------ C:\WINDOWS\unvise32.exe
2006-11-09 08:12 <DIR> d-------- C:\Program Files\Common Files\Real
2006-11-09 00:07 <DIR> d-------- C:\WINDOWS\system32\AdCache
2006-11-08 08:54 <DIR> d-------- C:\Program Files\BitComet
2006-11-07 23:44 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2006-11-07 23:44 <DIR> d-------- C:\Program Files\Grisoft
2006-11-07 23:16 <DIR> d-------- C:\WINDOWS\pss
2006-11-07 17:24 92,868 --a------ C:\WINDOWS\system32\wlexplorer.exe
2006-11-07 17:24 <DIR> d-------- C:\WINDOWS\Download
2006-11-06 19:00 92,852 --a------ C:\WINDOWS\zt.exe
2006-11-06 18:58 <DIR> d-------- C:\Program Files\PPStream
2006-11-06 18:58 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\ppstream
2006-11-06 18:44 <DIR> d-------- C:\Program Files\Spyware Doctor
2006-11-06 18:43 <DIR> d-------- C:\WINDOWS\CSC
2006-11-06 13:28 92,852 --a------ C:\WINDOWS\system32\mhzt1106.exe
2006-11-06 13:28 <DIR> d-------- C:\WINDOWS\Intel
2006-10-29 03:43 159,744 --a------ C:\WINDOWS\system32\contmenu.dll
2006-10-29 03:43 <DIR> d-------- C:\Program Files\MSNShell
2006-10-28 21:24 <DIR> d-------- C:\Program Files\Lavasoft
2006-10-28 21:24 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Lavasoft
2006-10-27 20:27 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Google
2006-10-27 20:23 <DIR> d-------- C:\Program Files\Google
2006-10-26 18:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2006-10-26 18:28 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2006-10-26 18:12 <DIR> d-------- C:\WINDOWS\system32\appmgmt
2006-10-23 13:50 52,224 --------- C:\WINDOWS\system32\drivers\yaskp.sys
2006-10-23 12:23 <DIR> d-------- C:\WINDOWS\Minidump
2006-10-23 11:57 159,739 --a------ C:\WINDOWS\~tmp1723.exe
2006-10-23 11:34 159,739 --a------ C:\WINDOWS\~tmp4762.exe
2006-10-23 09:32 28,672 --a------ C:\WINDOWS\system32\chinese.dll
2006-10-23 09:31 30,224 --a------ C:\WINDOWS\system32\drivers\CSCtl50.sys
2006-10-23 09:31 <DIR> d-------- C:\Program Files\Chinese Star 2000
2006-10-18 23:02 118,752 --a------ C:\WINDOWS\system32\mfcuiw32.dll
2006-10-18 19:30 <DIR> d---s---- C:\Documents and Settings\Administrator\UserData
2006-10-18 16:36 <DIR> d-------- C:\Program Files\Ahead
2006-10-17 20:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PopCap
2006-10-17 15:22 73,216 --a------ C:\WINDOWS\system32\avwav.dll
2006-10-17 15:22 5,632 --a------ C:\WINDOWS\system32\write.exe
2006-10-17 15:22 489,984 --a------ C:\WINDOWS\system32\hypertrm.dll
2006-10-17 15:22 44,544 --a------ C:\WINDOWS\system32\hticons.dll
2006-10-17 15:22 35,328 --a------ C:\WINDOWS\system32\winchat.exe
2006-10-17 15:22 227,840 --a------ C:\WINDOWS\system32\avtapi.dll
2006-10-17 15:22 179,200 --a------ C:\WINDOWS\system32\accwiz.exe
2006-10-17 15:22 16,384 --a------ C:\WINDOWS\system32\avmeter.dll
2006-10-17 15:22 138,752 --a------ C:\WINDOWS\system32\sndvol32.exe
2006-10-17 15:22 124,416 --a------ C:\WINDOWS\system32\sndrec32.exe
2006-10-17 15:21 80,384 --a------ C:\WINDOWS\system32\charmap.exe
2006-10-17 15:21 605,696 --a------ C:\WINDOWS\system32\getuname.dll
2006-10-17 15:21 56,832 --a------ C:\WINDOWS\system32\sol.exe
2006-10-17 15:21 55,296 --a------ C:\WINDOWS\system32\freecell.exe
2006-10-17 15:21 126,976 --a------ C:\WINDOWS\system32\mshearts.exe
2006-10-17 15:21 119,808 --a------ C:\WINDOWS\system32\winmine.exe
2006-10-17 15:21 114,688 --a------ C:\WINDOWS\system32\calc.exe
2006-10-17 10:39 <DIR> d-------- C:\Program Files\Sing-Gium International Pte Ltd
2006-10-16 15:11 <DIR> d-------- C:\Program Files\Windows Journal Viewer
2006-10-15 23:21 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys
2006-10-15 23:20 56,576 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2006-10-15 23:20 27,165 --a------ C:\WINDOWS\system32\drivers\fetnd5.sys
2006-10-15 23:19 9,759 --a------ C:\WINDOWS\system32\HSF_INST.dll
2006-10-15 23:19 73,279 --a------ C:\WINDOWS\system32\drivers\HSF_SPKP.sys
2006-10-15 23:19 67,167 --a------ C:\WINDOWS\system32\drivers\HSF_BSC2.sys
2006-10-15 23:19 67,072 --a------ C:\WINDOWS\system32\usbui.dll
2006-10-15 23:19 57,471 --a------ C:\WINDOWS\system32\drivers\HSF_SAMP.sys
2006-10-15 23:19 542,879 --a------ C:\WINDOWS\system32\drivers\HSF_MSFT.sys
2006-10-15 23:19 50,751 --a------ C:\WINDOWS\system32\drivers\HSF_TONE.sys
2006-10-15 23:19 488,383 --a------ C:\WINDOWS\system32\drivers\HSF_V124.sys
2006-10-15 23:19 44,863 --a------ C:\WINDOWS\system32\drivers\HSF_SOAR.sys
2006-10-15 23:19 391,199 --a------ C:\WINDOWS\system32\drivers\HSF_K56K.sys
2006-10-15 23:19 289,887 --a------ C:\WINDOWS\system32\drivers\HSF_FALL.sys
2006-10-15 23:19 199,711 --a------ C:\WINDOWS\system32\drivers\HSF_FAXX.sys
2006-10-15 23:19 150,239 --a------ C:\WINDOWS\system32\drivers\HSF_AMOS.sys
2006-10-15 23:19 115,807 --a------ C:\WINDOWS\system32\drivers\HSF_FSKS.sys
2006-10-15 23:18 9,936 --a------ C:\WINDOWS\system\LZEXPAND.DLL
2006-10-15 23:18 9,008 --a------ C:\WINDOWS\system\VER.DLL
2006-10-15 23:18 85,020 --a------ C:\WINDOWS\system32\dgsetup.dll
2006-10-15 23:18 82,944 --a------ C:\WINDOWS\system\OLECLI.DLL
2006-10-15 23:18 8,192 -ra------ C:\WINDOWS\system32\kbdhept.dll
2006-10-15 23:18 71,168 --a------ C:\WINDOWS\system32\storprop.dll
2006-10-15 23:18 7,168 -ra------ C:\WINDOWS\system32\kbdcz.dll
2006-10-15 23:18 69,584 --a------ C:\WINDOWS\system\AVICAP.DLL
2006-10-15 23:18 68,928 --a------ C:\WINDOWS\system\MMSYSTEM.DLL
2006-10-15 23:18 66,048 --a------ C:\WINDOWS\NOTEPAD.EXE
2006-10-15 23:18 6,656 -ra------ C:\WINDOWS\system32\kbdycl.dll
2006-10-15 23:18 6,656 -ra------ C:\WINDOWS\system32\kbdsl1.dll
2006-10-15 23:18 6,656 -ra------ C:\WINDOWS\system32\kbdsl.dll
2006-10-15 23:18 6,656 -ra------ C:\WINDOWS\system32\kbdpl.dll
2006-10-15 23:18 6,656 -ra------ C:\WINDOWS\system32\kbdhu.dll
2006-10-15 23:18 6,656 -ra------ C:\WINDOWS\system32\kbdhela3.dll
2006-10-15 23:18 6,656 -ra------ C:\WINDOWS\system32\kbdcz2.dll
2006-10-15 23:18 6,656 -ra------ C:\WINDOWS\system32\kbdcz1.dll
2006-10-15 23:18 6,656 -ra------ C:\WINDOWS\system32\kbdcr.dll
2006-10-15 23:18 6,656 -ra------ C:\WINDOWS\system32\KBDAL.DLL
2006-10-15 23:18 6,656 --a------ C:\WINDOWS\system32\batt.dll
2006-10-15 23:18 6,144 -ra------ C:\WINDOWS\system32\kbdtuq.dll
2006-10-15 23:18 6,144 -ra------ C:\WINDOWS\system32\kbdtuf.dll
2006-10-15 23:18 6,144 -ra------ C:\WINDOWS\system32\kbdlv1.dll
2006-10-15 23:18 6,144 -ra------ C:\WINDOWS\system32\kbdlv.dll
2006-10-15 23:18 6,144 -ra------ C:\WINDOWS\system32\kbdhela2.dll
2006-10-15 23:18 6,144 -ra------ C:\WINDOWS\system32\kbdgkl.dll
2006-10-15 23:18 6,144 -ra------ C:\WINDOWS\system32\kbdest.dll
2006-10-15 23:18 5,632 -ra------ C:\WINDOWS\system32\kbdycc.dll
2006-10-15 23:18 5,632 -ra------ C:\WINDOWS\system32\kbduzb.dll
2006-10-15 23:18 5,632 -ra------ C:\WINDOWS\system32\kbdur.dll
2006-10-15 23:18 5,632 -ra------ C:\WINDOWS\system32\kbdtat.dll
2006-10-15 23:18 5,632 -ra------ C:\WINDOWS\system32\kbdru1.dll
2006-10-15 23:18 5,632 -ra------ C:\WINDOWS\system32\kbdru.dll
2006-10-15 23:18 5,632 -ra------ C:\WINDOWS\system32\kbdro.dll
2006-10-15 23:18 5,632 -ra------ C:\WINDOWS\system32\kbdpl1.dll
2006-10-15 23:18 5,632 -ra------ C:\WINDOWS\system32\kbdmon.dll
2006-10-15 23:18 5,632 -ra------ C:\WINDOWS\system32\kbdlt1.dll
2006-10-15 23:18 5,632 -ra------ C:\WINDOWS\system32\kbdlt.dll
2006-10-15 23:18 5,632 -ra------ C:\WINDOWS\system32\kbdkyr.dll
2006-10-15 23:18 5,632 -ra------ C:\WINDOWS\system32\kbdkaz.dll
2006-10-15 23:18 5,632 -ra------ C:\WINDOWS\system32\kbdhu1.dll
2006-10-15 23:18 5,632 -ra------ C:\WINDOWS\system32\kbdhe319.dll
2006-10-15 23:18 5,632 -ra------ C:\WINDOWS\system32\kbdhe220.dll
2006-10-15 23:18 5,632 -ra------ C:\WINDOWS\system32\kbdhe.dll
2006-10-15 23:18 5,632 -ra------ C:\WINDOWS\system32\kbdbu.dll
2006-10-15 23:18 5,632 -ra------ C:\WINDOWS\system32\kbdblr.dll
2006-10-15 23:18 5,632 -ra------ C:\WINDOWS\system32\kbdazel.dll
2006-10-15 23:18 5,632 -ra------ C:\WINDOWS\system32\kbdaze.dll
2006-10-15 23:18 5,120 --a------ C:\WINDOWS\system\SHELL.DLL
2006-10-15 23:18 32,816 --a------ C:\WINDOWS\system\COMMDLG.DLL
2006-10-15 23:18 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
2006-10-15 23:18 24,064 --a------ C:\WINDOWS\system\OLESVR.DLL
2006-10-15 23:18 19,200 --a------ C:\WINDOWS\system\TAPI.DLL
2006-10-15 23:18 176,157 --a------ C:\WINDOWS\system32\dgrpsetu.dll
2006-10-15 23:18 15,360 --a------ C:\WINDOWS\TASKMAN.EXE
2006-10-15 23:18 13,312 --a------ C:\WINDOWS\system32\irclass.dll
2006-10-15 23:18 126,912 --a------ C:\WINDOWS\system\MSVIDEO.DLL
2006-10-15 23:18 109,456 --a------ C:\WINDOWS\system\AVIFILE.DLL
2006-10-15 23:18 103,424 --a------ C:\WINDOWS\system32\EqnClass.Dll
2006-10-15 23:18 10,496 --a------ C:\WINDOWS\system32\drivers\irenum.sys
2006-10-15 23:18 <DIR> d-ahs---- C:\Program Files\..
2006-10-15 23:18 <DIR> d-a------ C:\Program Files\Common Files\..
2006-10-15 23:18 <DIR> d-a------ C:\Program Files\.
2006-10-15 23:18 <DIR> d-a------ C:\Program Files
2006-10-15 23:18 <DIR> d-------- C:\Program Files\Common Files\SpeechEngines
2006-10-15 23:18 <DIR> d-------- C:\Program Files\Common Files\ODBC
2006-10-15 23:18 <DIR> d-------- C:\Program Files\Common Files\Microsoft Shared
2006-10-15 23:18 <DIR> d-------- C:\Program Files\Common Files\.
2006-10-15 23:18 <DIR> d-------- C:\Program Files\Common Files
2006-10-15 23:17 <DIR> dr-h----- C:\Documents and Settings\All Users\Application Data\.
2006-10-15 23:17 <DIR> dr-h----- C:\Documents and Settings\All Users\Application Data
2006-10-15 23:17 <DIR> dr------- C:\Documents and Settings\All Users\Start Menu
2006-10-15 23:17 <DIR> dr------- C:\Documents and Settings\All Users\Documents
2006-10-15 23:17 <DIR> d--h----- C:\Documents and Settings\All Users\Templates
2006-10-15 23:17 <DIR> d---s---- C:\Documents and Settings\All Users\Application Data\Microsoft
2006-10-15 23:17 <DIR> d-------- C:\WINDOWS\system32\CatRoot2
2006-10-15 23:17 <DIR> d-------- C:\WINDOWS\system32\CatRoot
2006-10-15 23:17 <DIR> d-------- C:\Documents and Settings\All Users\Favorites
2006-10-15 23:17 <DIR> d-------- C:\Documents and Settings\All Users\Desktop
2006-10-15 23:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\..
2006-10-15 23:17 <DIR> d-------- C:\Documents and Settings\All Users\..
2006-10-15 23:17 <DIR> d-------- C:\Documents and Settings\All Users\.
2006-10-15 23:17 <DIR> d-------- C:\Documents and Settings
2006-10-15 23:12 <DIR> dr-hsc--- C:\WINDOWS\system32\dllcache
2006-10-15 23:12 <DIR> dr--s---- C:\WINDOWS\Fonts
2006-10-15 23:12 <DIR> dr------- C:\WINDOWS\Web
2006-10-15 23:12 <DIR> d-ahs---- C:\WINDOWS\..
2006-10-15 23:12 <DIR> d--h----- C:\WINDOWS\inf
2006-10-15 23:12 <DIR> d-------- C:\WINDOWS\WinSxS
2006-10-15 23:12 <DIR> d-------- C:\WINDOWS\twain_32
2006-10-15 23:12 <DIR> d-------- C:\WINDOWS\Temp
2006-10-15 23:12 <DIR> d-------- C:\WINDOWS\system32\wins
2006-10-15 23:12 <DIR> d-------- C:\WINDOWS\system32\wbem
2006-10-15 23:12 <DIR> d-------- C:\WINDOWS\system32\usmt
2006-10-15 23:12 <DIR> d-------- C:\WINDOWS\system32\spool
2006-10-15 23:12 <DIR> d-------- C:\WINDOWS\system32\ShellExt
2006-10-15 23:12 <DIR> d-------- C:\WINDOWS\system32\Setup
2006-10-15 23:12 <DIR> d-------- C:\WINDOWS\system32\ras
2006-10-15 23:12 <DIR> d-------- C:\WINDOWS\system32\oobe
2006-10-15 23:12 <DIR> d-------- C:\WINDOWS\system32\npp
2006-10-15 23:12 <DIR> d-------- C:\WINDOWS\system32\mui
2006-10-15 23:12 <DIR> d-------- C:\WINDOWS\system32\inetsrv
2006-10-15 23:12 <DIR> d-------- C:\WINDOWS\system32\IME
2006-10-15 23:12 <DIR> d-------- C:\WINDOWS\system32\icsxml
2006-10-15 23:12 <DIR> d-------- C:\WINDOWS\system32\ias
2006-10-15 23:12 <DIR> d-------- C:\WINDOWS\system32\export
2006-10-15 23:12 <DIR> d-------- C:\WINDOWS\system32\drivers\etc
2006-10-15 23:12 <DIR> d-------- C:\WINDOWS\system32\drivers\disdn
2006-10-15 23:12 <DIR> d-------- C:\WINDOWS\system32\drivers\..
2006-10-15 23:12 <DIR> d-------- C:\WINDOWS\system32\drivers\.
2006-10-15 23:12 <DIR> d-------- C:\WINDOWS\system32\drivers
2006-10-15 23:12 <DIR> d-------- C:\WINDOWS\system32\dhcp
2006-10-15 23:12 <DIR> d-------- C:\WINDOWS\system32\config
2006-10-15 23:12 <DIR> d-------- C:\WINDOWS\system32\3com_dmi
2006-10-15 23:12 <DIR> d-------- C:\WINDOWS\system32\3076
2006-10-15 23:12 <DIR> d-------- C:\WINDOWS\system32\2052
2006-10-15 23:12 <DIR> d-------- C:\WINDOWS\system32\1054
2006-10-15 23:12 <DIR> d-------- C:\WINDOWS\system32\1042
2006-10-15 23:12 <DIR> d-------- C:\WINDOWS\system32\1041
2006-10-15 23:12 <DIR> d-------- C:\WINDOWS\system32\1037
2006-10-15 23:12 <DIR> d-------- C:\WINDOWS\system32\1033
2006-10-15 23:12 <DIR> d-------- C:\WINDOWS\system32\1031
2006-10-15 23:12 <DIR> d-------- C:\WINDOWS\system32\1028
2006-10-15 23:12 <DIR> d-------- C:\WINDOWS\system32\1025
2006-10-15 23:12 <DIR> d-------- C:\WINDOWS\system32\..
2006-10-15 23:12 <DIR> d-------- C:\WINDOWS\system32\.
2006-10-15 23:12 <DIR> d-------- C:\WINDOWS\system32
2006-10-15 23:12 <DIR> d-------- C:\WINDOWS\system\..
2006-10-15 23:12 <DIR> d-------- C:\WINDOWS\system\.
2006-10-15 23:12 <DIR> d-------- C:\WINDOWS\system
2006-10-15 23:12 <DIR> d-------- C:\WINDOWS\security
2006-10-15 23:12 <DIR> d-------- C:\WINDOWS\Resources
2006-10-15 23:12 <DIR> d-------- C:\WINDOWS\repair
2006-10-15 23:12 <DIR> d-------- C:\WINDOWS\mui
2006-10-15 23:12 <DIR> d-------- C:\WINDOWS\msapps
2006-10-15 23:12 <DIR> d-------- C:\WINDOWS\msagent
2006-10-15 23:12 <DIR> d-------- C:\WINDOWS\Media
2006-10-15 23:12 <DIR> d-------- C:\WINDOWS\java
2006-10-15 23:12 <DIR> d-------- C:\WINDOWS\ime
2006-10-15 23:12 <DIR> d-------- C:\WINDOWS\Help
2006-10-15 23:12 <DIR> d-------- C:\WINDOWS\Driver Cache
2006-10-15 23:12 <DIR> d-------- C:\WINDOWS\Debug
2006-10-15 23:12 <DIR> d-------- C:\WINDOWS\Cursors
2006-10-15 23:12 <DIR> d-------- C:\WINDOWS\Connection Wizard
2006-10-15 23:12 <DIR> d-------- C:\WINDOWS\Config
2006-10-15 23:12 <DIR> d-------- C:\WINDOWS\AppPatch
2006-10-15 23:12 <DIR> d-------- C:\WINDOWS\addins
2006-10-15 23:12 <DIR> d-------- C:\WINDOWS\.
2006-10-15 23:12 <DIR> d-------- C:\WINDOWS
2006-10-15 19:36 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Macromedia
2006-10-15 19:14 <DIR> d-------- C:\WINDOWS\system32\SoftwareDistribution
2006-10-15 19:11 <DIR> d-------- C:\WINDOWS\SoftwareDistribution
2006-10-15 19:10 465,176 --a------ C:\WINDOWS\system32\wuapi.dll
2006-10-15 19:10 41,240 --a------ C:\WINDOWS\system32\wups.dll
2006-10-15 19:10 194,328 --a------ C:\WINDOWS\system32\wuaueng1.dll
2006-10-15 19:10 173,536 --a------ C:\WINDOWS\system32\wuweb.dll
2006-10-15 19:10 172,312 --a------ C:\WINDOWS\system32\wuauclt1.exe
2006-10-15 19:10 127,256 --a------ C:\WINDOWS\system32\wucltui.dll
2006-10-15 18:29 <DIR> d-------- C:\Program Files\Kaspersky Lab
2006-10-15 18:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2006-10-15 18:27 <DIR> d--hs---- C:\RECYCLER
2006-10-15 18:22 32,768 --a------ C:\WINDOWS\system32\yasrdd.dll
2006-10-15 18:22 28,672 --a------ C:\WINDOWS\system32\yasrde.exe
2006-10-15 18:21 <DIR> d-------- C:\Program Files\Yahoo!
2006-10-15 18:14 <DIR> d-------- C:\WINDOWS\RegisteredPackages
2006-10-15 18:12 <DIR> d-------- C:\Documents and Settings\Administrator\Contacts
2006-10-15 18:11 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2006-10-15 18:06 198,424 --a------ C:\WINDOWS\system32\iuengine.dll
2006-10-15 18:05 98,304 --a------ C:\WINDOWS\system32\msir3jp.dll
2006-10-15 18:05 838,144 --a------ C:\WINDOWS\system32\chtbrkr.dll
2006-10-15 18:05 70,656 --a------ C:\WINDOWS\system32\korwbrkr.dll
2006-10-15 18:05 6,144 --a------ C:\WINDOWS\system32\kbd101a.dll
2006-10-15 18:05 218,112 --a------ C:\WINDOWS\system32\c_g18030.dll
2006-10-15 18:05 1,677,824 --a------ C:\WINDOWS\system32\chsbrkr.dll
2006-10-15 18:04 9,216 --a------ C:\WINDOWS\system32\kbdnecAT.dll
2006-10-15 18:04 7,680 --a------ C:\WINDOWS\system32\kbdnecNT.dll
2006-10-15 18:04 7,168 --a------ C:\WINDOWS\system32\kbdnec95.dll
2006-10-15 18:04 7,168 --a------ C:\WINDOWS\system32\kbdibm02.dll
2006-10-15 18:04 7,168 --a------ C:\WINDOWS\system32\f3ahvoas.dll
2006-10-15 18:04 6,656 --a------ C:\WINDOWS\system32\kbdlk41a.dll
2006-10-15 18:04 6,656 --a------ C:\WINDOWS\system32\c_is2022.dll
2006-10-15 18:04 6,144 --a------ C:\WINDOWS\system32\kbdlk41j.dll
2006-10-15 18:04 6,144 --a------ C:\WINDOWS\system32\kbdax2.dll
2006-10-15 18:04 6,144 --a------ C:\WINDOWS\system32\kbd106n.dll
2006-10-15 18:04 6,144 --a------ C:\WINDOWS\system32\kbd101.dll
2006-10-15 17:58 <DIR> d-------- C:\Program Files\MSN Messenger
2006-10-15 17:58 <DIR> d-------- C:\Program Files\MSN Apps
2006-10-15 17:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles
2006-10-15 17:44 921,600 --a------ C:\WINDOWS\system32\nwiz.exe
2006-10-15 17:44 462,848 --a------ C:\WINDOWS\system32\nvshell.dll
2006-10-15 17:44 311,296 --a------ C:\WINDOWS\system32\nvwrses.dll
2006-10-15 17:44 311,296 --a------ C:\WINDOWS\system32\nvwrsel.dll
2006-10-15 17:44 303,104 --a------ C:\WINDOWS\system32\nvwrsesm.dll
2006-10-15 17:44 299,008 --a------ C:\WINDOWS\system32\nvwrspt.dll
2006-10-15 17:44 299,008 --a------ C:\WINDOWS\system32\nvwrsit.dll
2006-10-15 17:44 299,008 --a------ C:\WINDOWS\system32\nvwrsfr.dll
2006-10-15 17:44 299,008 --a------ C:\WINDOWS\system32\nvrsar.dll
2006-10-15 17:44 294,912 --a------ C:\WINDOWS\system32\nvwrsptb.dll
2006-10-15 17:44 294,912 --a------ C:\WINDOWS\system32\nvwrsnl.dll
2006-10-15 17:44 294,912 --a------ C:\WINDOWS\system32\nvrshe.dll
2006-10-15 17:44 290,816 --a------ C:\WINDOWS\system32\nvwrsru.dll
2006-10-15 17:44 290,816 --a------ C:\WINDOWS\system32\nvwrshu.dll
2006-10-15 17:44 282,624 --a------ C:\WINDOWS\system32\nvwrsde.dll
2006-10-15 17:44 278,528 --a------ C:\WINDOWS\system32\nvwrstr.dll
2006-10-15 17:44 278,528 --a------ C:\WINDOWS\system32\nvwrssl.dll
2006-10-15 17:44 278,528 --a------ C:\WINDOWS\system32\nvwrsfi.dll
2006-10-15 17:44 274,432 --a------ C:\WINDOWS\system32\nvwrssv.dll
2006-10-15 17:44 274,432 --a------ C:\WINDOWS\system32\nvwrssk.dll
2006-10-15 17:44 274,432 --a------ C:\WINDOWS\system32\nvwrspl.dll
2006-10-15 17:44 274,432 --a------ C:\WINDOWS\system32\nvwrsno.dll
2006-10-15 17:44 274,432 --a------ C:\WINDOWS\system32\nvwrsda.dll
2006-10-15 17:44 262,144 --a------ C:\WINDOWS\system32\nvwrseng.dll
2006-10-15 17:44 262,144 --a------ C:\WINDOWS\system32\nvwrscs.dll
2006-10-15 17:44 262,144 --a------ C:\WINDOWS\system32\nvrsit.dll
2006-10-15 17:44 262,144 --a------ C:\WINDOWS\system32\nvrsfr.dll
2006-10-15 17:44 258,048 --a------ C:\WINDOWS\system32\nvwrshe.dll
2006-10-15 17:44 258,048 --a------ C:\WINDOWS\system32\nvwrsar.dll
2006-10-15 17:44 258,048 --a------ C:\WINDOWS\system32\nvrses.dll
2006-10-15 17:44 258,048 --a------ C:\WINDOWS\system32\nvrsel.dll
2006-10-15 17:44 258,048 --a------ C:\WINDOWS\system32\nvrsde.dll
2006-10-15 17:44 253,952 --a------ C:\WINDOWS\system32\nvrsnl.dll
2006-10-15 17:44 253,952 --a------ C:\WINDOWS\system32\nvrsesm.dll
2006-10-15 17:44 249,856 --a------ C:\WINDOWS\system32\nvrspt.dll
2006-10-15 17:44 245,760 --a------ C:\WINDOWS\system32\nvrsru.dll
2006-10-15 17:44 245,760 --a------ C:\WINDOWS\system32\nvrsptb.dll
2006-10-15 17:44 241,664 --a------ C:\WINDOWS\system32\nvrsko.dll
2006-10-15 17:44 241,664 --a------ C:\WINDOWS\system32\nvrsja.dll
2006-10-15 17:44 237,568 --a------ C:\WINDOWS\system32\nvrssl.dll
2006-10-15 17:44 237,568 --a------ C:\WINDOWS\system32\nvrshu.dll
2006-10-15 17:44 237,568 --a------ C:\WINDOWS\system32\nvrsda.dll
2006-10-15 17:44 233,472 --a------ C:\WINDOWS\system32\nvrstr.dll
2006-10-15 17:44 233,472 --a------ C:\WINDOWS\system32\nvrssv.dll
2006-10-15 17:44 233,472 --a------ C:\WINDOWS\system32\nvrssk.dll
2006-10-15 17:44 233,472 --a------ C:\WINDOWS\system32\nvrspl.dll
2006-10-15 17:44 233,472 --a------ C:\WINDOWS\system32\nvrsno.dll
2006-10-15 17:44 225,280 --a------ C:\WINDOWS\system32\nvrsfi.dll
2006-10-15 17:44 225,280 --a------ C:\WINDOWS\system32\nvrseng.dll
2006-10-15 17:44 225,280 --a------ C:\WINDOWS\system32\nvrscs.dll
2006-10-15 17:44 204,800 --a------ C:\WINDOWS\system32\nvrszhc.dll
2006-10-15 17:44 196,608 --a------ C:\WINDOWS\system32\nvwrsja.dll
2006-10-15 17:44 184,320 --a------ C:\WINDOWS\system32\nvwrsko.dll
2006-10-15 17:44 155,648 --a------ C:\WINDOWS\system32\nvwrszht.dll
2006-10-15 17:44 151,552 --a------ C:\WINDOWS\system32\nvwrszhc.dll
2006-10-15 17:44 114,688 --a------ C:\WINDOWS\system32\nvrszht.dll
2006-10-15 17:44 1,646,592 --a------ C:\WINDOWS\system32\nvwdmcpl.dll
2006-10-15 17:44 1,441,792 --a------ C:\WINDOWS\system32\nview.dll
2006-10-15 17:44 1,019,904 --a------ C:\WINDOWS\system32\nvwimg.dll
2006-10-15 17:43 442,368 --a------ C:\WINDOWS\system32\nvappbar.exe
2006-10-15 17:43 393,216 --a------ C:\WINDOWS\system32\keystone.exe
2006-10-15 17:43 172,032 --a------ C:\WINDOWS\system32\nvudisp.exe
2006-10-15 17:43 1,339,392 --a------ C:\WINDOWS\system32\nvdspsch.exe
2006-10-15 17:43 <DIR> d-------- C:\WINDOWS\nview
2006-10-15 17:40 737,280 --a------ C:\WINDOWS\iun6002.exe
2006-10-15 17:40 <DIR> d-------- C:\Program Files\MultiRes
2006-10-15 17:39 180,224 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2006-10-15 17:39 <DIR> d-------- C:\Program Files\Nvidia Omega Drivers
2006-10-15 17:35 <DIR> d-------- C:\WINDOWS\LastGood
2006-10-15 17:34 8,704 --a------ C:\WINDOWS\system32\kbdjpn.dll
2006-10-15 17:34 8,192 --a------ C:\WINDOWS\system32\kbdkor.dll
2006-10-15 17:34 6,144 --a------ C:\WINDOWS\system32\kbd106.dll
2006-10-15 17:34 6,144 --a------ C:\WINDOWS\system32\kbd101c.dll
2006-10-15 17:34 6,144 --a------ C:\WINDOWS\system32\kbd101b.dll
2006-10-15 17:34 5,632 --a------ C:\WINDOWS\system32\kbd103.dll
2006-10-15 17:31 <DIR> d-------- C:\Program Files\CNX
2006-10-15 17:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Adobe Systems
2006-10-15 17:27 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Adobe
2006-10-15 17:25 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared
2006-10-15 17:23 16,384 --a------ C:\WINDOWS\system32\FileOps.exe
2006-10-15 17:23 <DIR> d-------- C:\WINDOWS\system32\Adobe
2006-10-15 17:23 <DIR> d-------- C:\Program Files\Common Files\Adobe
2006-10-15 17:23 <DIR> d-------- C:\Program Files\Adobe
2006-10-15 17:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2006-10-15 17:18 <DIR> dr-h----- C:\Documents and Settings\Administrator\Recent
2006-10-15 17:16 <DIR> d-------- C:\Program Files\FlashGet
2006-10-15 17:13 <DIR> d-------- C:\Program Files\WinRAR
2006-10-15 16:41 <DIR> d--h----- C:\WINDOWS\ShellNew
2006-10-15 16:41 <DIR> d-------- C:\Program Files\Common Files\Designer
2006-10-15 16:40 <DIR> d-------- C:\Program Files\Microsoft Office
2006-10-15 16:40 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Microsoft Web Folders
2006-10-15 16:37 25,434 --a------ C:\WINDOWS\system32\drivers\RTL8139.sys
2006-10-15 16:37 <DIR> d-------- C:\WINDOWS\OPTIONS
2006-10-15 16:36 19,072 --a------ C:\WINDOWS\system32\drivers\usbehci.sys
2006-10-15 16:36 <DIR> d-------- C:\Program Files\VIA Technologies, INC
2006-10-15 16:36 <DIR> d-------- C:\Program Files\S3
2006-10-15 16:35 77,440 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys
2006-10-15 16:35 56,832 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys
2006-10-15 16:35 54,272 --a------ C:\WINDOWS\system32\drivers\swmidi.sys
2006-10-15 16:35 50,048 --a------ C:\WINDOWS\system32\drivers\DMusic.sys
2006-10-15 16:35 5,888 --a------ C:\WINDOWS\system32\drivers\splitter.sys
2006-10-15 16:35 35,840 --a------ C:\WINDOWS\system32\drivers\isapnp.sys
2006-10-15 16:35 306,688 --a------ C:\WINDOWS\IsUninst.exe
2006-10-15 16:35 3,279 --a------ C:\WINDOWS\system32\drivers\VIAPFD.SYS
2006-10-15 16:35 2,816 --a------ C:\WINDOWS\system32\drivers\drmkaud.sys
2006-10-15 16:35 159,360 --a------ C:\WINDOWS\system32\drivers\kmixer.sys
2006-10-15 16:35 142,208 --a------ C:\WINDOWS\system32\drivers\aec.sys
2006-10-15 16:35 <DIR> d-------- C:\WINDOWS\system32\ReinstallBackups
2006-10-15 16:35 <DIR> d-------- C:\Documents and Settings\Administrator\WINDOWS
2006-10-15 16:34 7,040 --a------ C:\WINDOWS\system32\drivers\MSKSSRV.sys
2006-10-15 16:34 667,543 -ra------ C:\WINDOWS\system32\drivers\ALCXWDM.SYS
2006-10-15 16:34 57,856 --a------ C:\WINDOWS\system32\drivers\drmk.sys
2006-10-15 16:34 5,120 --a------ C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2006-10-15 16:34 46,592 -ra------ C:\WINDOWS\SOUNDMAN.EXE
2006-10-15 16:34 44,416 --a------ C:\WINDOWS\system32\drivers\stream.sys
2006-10-15 16:34 4,608 --a------ C:\WINDOWS\system32\drivers\MSPQM.sys
2006-10-15 16:34 4,096 --a------ C:\WINDOWS\system32\ksuser.dll
2006-10-15 16:34 24,064 --a------ C:\WINDOWS\autoload.exe
2006-10-15 16:34 208,896 -ra------ C:\WINDOWS\alcupd.exe
2006-10-15 16:34 135,168 -ra------ C:\WINDOWS\alcrmv.exe
2006-10-15 16:34 134,272 --a------ C:\WINDOWS\system32\drivers\portcls.sys
2006-10-15 16:34 131,712 --a------ C:\WINDOWS\system32\drivers\ks.sys
2006-10-15 16:34 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
2006-10-15 16:34 <DIR> d-------- C:\Program Files\Common Files\InstallShield
2006-10-15 16:34 <DIR> d-------- C:\Program Files\AvRack
2006-10-15 16:34 <DIR> d-------- C:\Program Files\Avance Sound Manager
2006-10-15 16:33 23,168 -ra------ C:\WINDOWS\system32\drivers\CnxTrLan.sys
2006-10-15 16:32 49,536 -ra------ C:\WINDOWS\system32\drivers\CnxTrUsb.sys
2006-10-15 16:32 22,048 -ra------ C:\WINDOWS\system32\cocpyinf.dll
2006-10-15 16:32 <DIR> d-------- C:\Program Files\Conexant
2006-10-15 16:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MSN6
2006-10-15 16:32 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\MSN6
2006-10-15 16:30 <DIR> d-------- C:\Program Files\ABBYY FineReader 5.0 Sprint
2006-10-15 16:26 87,040 --a------ C:\WINDOWS\system32\wiafbdrv.dll
2006-10-15 16:26 14,208 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2006-10-15 16:26 <DIR> d-------- C:\WINDOWS\LastGood.Tmp
2006-10-15 16:26 <DIR> d-------- C:\Program Files\Lexmark 2200 Series
2006-10-15 16:23 28,160 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2006-10-15 16:23 24,960 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2006-10-15 16:22 27,392 --a------ C:\WINDOWS\system32\drivers\VIAAGP.SYS
2006-10-15 16:02 <DIR> d-------- C:\NVIDIA
2006-10-15 15:56 <DIR> d-------- C:\Downloads
2006-10-15 15:39 <DIR> d---s---- C:\WINDOWS\system32\Microsoft
2006-10-15 15:38 <DIR> dr-h----- C:\Documents and Settings\Administrator\SendTo
2006-10-15 15:38 <DIR> dr-h----- C:\Documents and Settings\Administrator\Application Data\.
2006-10-15 15:38 <DIR> dr-h----- C:\Documents and Settings\Administrator\Application Data
2006-10-15 15:38 <DIR> dr------- C:\Documents and Settings\Administrator\Start Menu
2006-10-15 15:38 <DIR> dr------- C:\Documents and Settings\Administrator\My Documents
2006-10-15 15:38 <DIR> dr------- C:\Documents and Settings\Administrator\Favorites
2006-10-15 15:38 <DIR> d--hs---- C:\WINDOWS\Installer
2006-10-15 15:38 <DIR> d--hs---- C:\System Volume Information
2006-10-15 15:38 <DIR> d--h----- C:\Program Files\Uninstall Information
2006-10-15 15:38 <DIR> d--h----- C:\Documents and Settings\Administrator\Templates
2006-10-15 15:38 <DIR> d--h----- C:\Documents and Settings\Administrator\PrintHood
2006-10-15 15:38 <DIR> d--h----- C:\Documents and Settings\Administrator\NetHood
2006-10-15 15:38 <DIR> d--h----- C:\Documents and Settings\Administrator\Local Settings
2006-10-15 15:38 <DIR> d---s---- C:\Documents and Settings\Administrator\Cookies
2006-10-15 15:38 <DIR> d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2006-10-15 15:38 <DIR> d-------- C:\WINDOWS\Prefetch
2006-10-15 15:38 <DIR> d-------- C:\Documents and Settings\Administrator\Desktop
2006-10-15 15:38 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Identities
2006-10-15 15:38 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\..
2006-10-15 15:38 <DIR> d-------- C:\Documents and Settings\Administrator\..
2006-10-15 15:38 <DIR> d-------- C:\Documents and Settings\Administrator\.
2006-10-15 15:34 72,192 --a------ C:\WINDOWS\system32\uniime.dll
2006-10-15 15:33 827,438 --a------ C:\WINDOWS\system32\imjp81k.dll
2006-10-15 15:32 <DIR> d-------- C:\WINDOWS\system32\xircom
2006-10-15 15:32 <DIR> d-------- C:\Program Files\xerox
2006-10-15 15:32 <DIR> d-------- C:\Program Files\microsoft frontpage
2006-10-15 15:31 112,128 --a------ C:\WINDOWS\system32\mapi32.dll
2006-10-15 15:31 0 -rahs---- C:\MSDOS.SYS
2006-10-15 15:31 0 -rahs---- C:\IO.SYS
2006-10-15 15:31 0 --a------ C:\CONFIG.SYS
2006-10-15 15:31 0 --a------ C:\AUTOEXEC.BAT
2006-10-15 15:30 <DIR> dr------- C:\WINDOWS\Offline Web Pages
2006-10-15 15:30 <DIR> d--hs---- C:\Documents and Settings\All Users\DRM
2006-10-15 15:30 <DIR> d---s---- C:\WINDOWS\Downloaded Program Files
2006-10-15 15:29 77,824 --a------ C:\WINDOWS\system32\isign32.dll
2006-10-15 15:29 69,632 --a------ C:\WINDOWS\system32\icwdial.dll
2006-10-15 15:29 64,512 --a------ C:\WINDOWS\system32\acctres.dll
2006-10-15 15:29 61,440 --a------ C:\WINDOWS\system32\icwphbk.dll
2006-10-15 15:29 47,616 --a------ C:\WINDOWS\system32\inetres.dll
2006-10-15 15:29 40,960 --a------ C:\WINDOWS\system32\safrslv.dll
2006-10-15 15:29 39,424 --a------ C:\WINDOWS\system32\safrcdlg.dll
2006-10-15 15:29 33,280 --a------ C:\WINDOWS\system32\racpldlg.dll
2006-10-15 15:29 32,768 --a------ C:\WINDOWS\system32\mnmsrvc.exe
2006-10-15 15:29 28,672 --a------ C:\WINDOWS\system32\isrdbg32.dll
2006-10-15 15:29 266,240 --a------ C:\WINDOWS\system32\inetcfg.dll
2006-10-15 15:29 26,624 --a------ C:\WINDOWS\system32\safrdm.dll
2006-10-15 15:29 221,696 --a------ C:\WINDOWS\system32\qmgr.dll
2006-10-15 15:29 17,408 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2006-10-15 15:29 16,384 --a------ C:\WINDOWS\system32\icfgnt5.dll
2006-10-15 15:29 12,288 --a------ C:\WINDOWS\system32\nmevtmsg.dll
2006-10-15 15:29 11,264 --a------ C:\WINDOWS\system32\atrace.dll
2006-10-15 15:29 <DIR> d---s---- C:\WINDOWS\Tasks
2006-10-15 15:29 <DIR> d-------- C:\WINDOWS\system32\Macromed
2006-10-15 15:29 <DIR> d-------- C:\WINDOWS\system32\DirectX
2006-10-15 15:29 <DIR> d-------- C:\WINDOWS\srchasst
2006-10-15 15:29 <DIR> d-------- C:\Program Files\Movie Maker
2006-10-15 15:29 <DIR> d-------- C:\Program Files\Common Files\Services
2006-10-15 15:29 <DIR> d-------- C:\Program Files\Common Files\MSSoap
2006-10-15 15:28 9,728 --a------ C:\WINDOWS\system32\mstinit.exe
2006-10-15 15:28 81,408 --a------ C:\WINDOWS\system32\msoert2.dll
2006-10-15 15:28 73,728 --a------ C:\WINDOWS\system32\ils.dll
2006-10-15 15:28 69,248 --a------ C:\WINDOWS\system32\drivers\sr.sys
2006-10-15 15:28 65,536 --a------ C:\WINDOWS\system32\msconf.dll
2006-10-15 15:28 63,488 --a------ C:\WINDOWS\system32\srclient.dll
2006-10-15 15:28 587,776 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-10-15 15:28 32,256 --a------ C:\WINDOWS\system32\mnmdd.dll
2006-10-15 15:28 250,368 --a------ C:\WINDOWS\system32\mstask.dll
2006-10-15 15:28 24,576 --a------ C:\WINDOWS\system32\nmmkcert.dll
2006-10-15 15:28 228,864 --a------ C:\WINDOWS\system32\msoeacct.dll
2006-10-15 15:28 226,304 --a------ C:\WINDOWS\system32\srrstr.dll
2006-10-15 15:28 159,232 --a------ C:\WINDOWS\system32\schedsvc.dll
2006-10-15 15:28 158,720 --a------ C:\WINDOWS\system32\srsvc.dll
2006-10-15 15:28 <DIR> d-------- C:\WINDOWS\system32\Restore
2006-10-15 15:28 <DIR> d-------- C:\WINDOWS\PCHealth
2006-10-15 15:28 <DIR> d-------- C:\Program Files\Outlook Express
2006-10-15 15:28 <DIR> d-------- C:\Program Files\NetMeeting
2006-10-15 15:28 <DIR> d-------- C:\Program Files\Internet Explorer
2006-10-15 15:28 <DIR> d-------- C:\Program Files\ComPlus Applications
2006-10-15 15:28 <DIR> d-------- C:\Program Files\Common Files\System
2006-10-15 15:27 9,728 --a------ C:\WINDOWS\system32\xolehlp.dll
2006-10-15 15:27 9,728 --a------ C:\WINDOWS\system32\reset.exe
2006-10-15 15:27 869,376 --a------ C:\WINDOWS\system32\msdtctm.dll
2006-10-15 15:27 85,504 --a------ C:\WINDOWS\system32\catsrvps.dll
2006-10-15 15:27 83,968 --a------ C:\WINDOWS\system32\mtxoci.dll
2006-10-15 15:27 82,432 --a------ C:\WINDOWS\system32\comrepl.dll
2006-10-15 15:27 61,952 --a------ C:\WINDOWS\system32\rdshost.exe
2006-10-15 15:27 6,144 --a------ C:\WINDOWS\system32\msdtc.exe
2006-10-15 15:27 56,832 --a------ C:\WINDOWS\system32\colbact.dll
2006-10-15 15:27 54,784 --a------ C:\WINDOWS\system32\msdtclog.dll
2006-10-15 15:27 54,272 --a------ C:\WINDOWS\system32\stclient.dll
2006-10-15 15:27 53,248 --a------ C:\WINDOWS\system32\servdeps.dll
2006-10-15 15:27 5,120 --a------ C:\WINDOWS\system32\dcomcnfg.exe
2006-10-15 15:27 495,616 --a------ C:\WINDOWS\system32\comuid.dll
2006-10-15 15:27 468,480 --a------ C:\WINDOWS\system32\clbcatq.dll
2006-10-15 15:27 4,096 --a------ C:\WINDOWS\system32\rdpcfgex.dll
2006-10-15 15:27 4,096 --a------ C:\WINDOWS\system32\mtxex.dll
2006-10-15 15:27 33,792 --a------ C:\WINDOWS\system32\regini.exe
2006-10-15 15:27 25,600 --a------ C:\WINDOWS\system32\comaddin.dll
2006-10-15 15:27 25,088 --a------ C:\WINDOWS\system32\mtxlegih.dll
2006-10-15 15:27 22,016 --a------ C:\WINDOWS\system32\qwinsta.exe
2006-10-15 15:27 215,040 --a------ C:\WINDOWS\system32\catsrv.dll
2006-10-15 15:27 20,992 --a------ C:\WINDOWS\system32\msg.exe
2006-10-15 15:27 20,480 --a------ C:\WINDOWS\system32\mtxdm.dll
2006-10-15 15:27 20,232 --a------ C:\WINDOWS\system32\drivers\tdtcp.sys
2006-10-15 15:27 18,432 --a------ C:\WINDOWS\system32\qprocess.exe
2006-10-15 15:27 174,592 --a------ C:\WINDOWS\system32\cmprops.dll
2006-10-15 15:27 16,896 --a------ C:\WINDOWS\system32\tsshutdn.exe
2006-10-15 15:27 16,896 --a------ C:\WINDOWS\system32\qappsrv.exe
2006-10-15 15:27 16,384 --a------ C:\WINDOWS\system32\tskill.exe
2006-10-15 15:27 16,384 --a------ C:\WINDOWS\system32\mmfutil.dll
2006-10-15 15:27 151,040 --a------ C:\WINDOWS\system32\msdtcuiu.dll
2006-10-15 15:27 15,872 --a------ C:\WINDOWS\system32\rwinsta.exe
2006-10-15 15:27 15,872 --a------ C:\WINDOWS\system32\cdmodem.dll
2006-10-15 15:27 15,360 --a------ C:\WINDOWS\system32\logoff.exe
2006-10-15 15:27 147,456 --a------ C:\WINDOWS\system32\comsnap.dll
2006-10-15 15:27 14,848 --a------ C:\WINDOWS\system32\tsdiscon.exe
2006-10-15 15:27 14,848 --a------ C:\WINDOWS\system32\tscon.exe
2006-10-15 15:27 14,848 --a------ C:\WINDOWS\system32\shadow.exe
2006-10-15 15:27 11,144 --a------ C:\WINDOWS\system32\drivers\tdpipe.sys
2006-10-15 15:27 100,864 --a------ C:\WINDOWS\system32\clbcatex.dll
2006-10-15 15:27 1,161 --a------ C:\WINDOWS\system32\usrlogon.cmd
2006-10-15 15:27 <DIR> d--h----- C:\Program Files\WindowsUpdate
2006-10-15 15:27 <DIR> d-------- C:\WINDOWS\Registration
2006-10-15 15:27 <DIR> d-------- C:\Program Files\Windows Media Player
2006-10-15 15:27 <DIR> d-------- C:\Program Files\Online Services
2006-10-15 15:27 <DIR> d-------- C:\Program Files\MSN Gaming Zone
2006-10-15 15:27 <DIR> d-------- C:\Program Files\Messenger
2006-10-15 15:26 98,816 --a------ C:\WINDOWS\system32\clipbrd.exe
2006-10-15 15:26 9,216 --a------ C:\WINDOWS\system32\wuauserv.dll
2006-10-15 15:26 9,216 --a------ C:\WINDOWS\system32\icaapi.dll
2006-10-15 15:26 88,064 --a------ C:\WINDOWS\system32\tscfgwmi.dll
2006-10-15 15:26 75,912 --a------ C:\WINDOWS\system32\rdpwsx.dll
2006-10-15 15:26 598,016 --a------ C:\WINDOWS\system32\mstscax.dll
2006-10-15 15:26 582,656 --a------ C:\WINDOWS\system32\catsrvut.dll
2006-10-15 15:26 57,856 --a------ C:\WINDOWS\system32\licwmi.dll
2006-10-15 15:26 56,320 --a------ C:\WINDOWS\system32\remotepg.dll
2006-10-15 15:26 534,016 --a------ C:\WINDOWS\system32\spider.exe
2006-10-15 15:26 44,032 --a------ C:\WINDOWS\system32\rdpclip.exe
2006-10-15 15:26 40,960 --a------ C:\WINDOWS\system32\tscupgrd.exe
2006-10-15 15:26 388,608 --a------ C:\WINDOWS\system32\mstsc.exe
2006-10-15 15:26 38,024 --a------ C:\WINDOWS\system32\drivers\termdd.sys
2006-10-15 15:26 359,936 --a------ C:\WINDOWS\system32\msdtcprx.dll
2006-10-15 15:26 339,968 --a------ C:\WINDOWS\system32\mspaint.exe
2006-10-15 15:26 32,768 --a------ C:\WINDOWS\system32\cfgbkend.dll
2006-10-15 15:26 200,192 --a------ C:\WINDOWS\system32\termsrv.dll
2006-10-15 15:26 182,400 --a------ C:\WINDOWS\system32\drivers\rdpdr.sys
2006-10-15 15:26 14,848 --a------ C:\WINDOWS\system32\rdpsnd.dll
2006-10-15 15:26 135,680 --a------ C:\WINDOWS\system32\rdchost.dll
2006-10-15 15:26 129,024 --a------ C:\WINDOWS\system32\sessmgr.exe
2006-10-15 15:26 124,184 --a------ C:\WINDOWS\system32\wuauclt.exe
2006-10-15 15:26 12,288 --a------ C:\WINDOWS\system32\rdsaddin.exe
2006-10-15 15:26 116,736 --a------ C:\WINDOWS\system32\mplay32.exe
2006-10-15 15:26 115,976 --a------ C:\WINDOWS\system32\drivers\rdpwd.sys
2006-10-15 15:26 1,343,768 --a------ C:\WINDOWS\system32\wuaueng.dll
2006-10-15 15:26 1,172,992 --a------ C:\WINDOWS\system32\comsvcs.dll
2006-10-15 15:26 <DIR> d-------- C:\WINDOWS\system32\MsDtc
2006-10-15 15:26 <DIR> d-------- C:\WINDOWS\system32\Com
2006-10-15 15:26 <DIR> d-------- C:\Program Files\Windows NT


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))




(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\System32\\ctfmon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvMcTray.dll,NvTaskbarInit"
"IMJPMIG8.1"="C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32"
"MSPY2002"="C:\\WINDOWS\\System32\\IME\\PINTLGNT\\ImScInst.exe /SYNC"
"PHIME2002ASync"="C:\\WINDOWS\\System32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC"
"PHIME2002A"="C:\\WINDOWS\\System32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName"
"kav"="\"C:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 6.0\\avp.exe\""
@=""
"NeroCheck"="C:\\WINDOWS\\System32\\\\NeroCheck.exe"
"wl"="C:\\WINDOWS\\Download\\svhost32.exe"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000005

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,80,00,00,00,00,00,00,00,00,02,00,00,c2,01,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,f2,01,00,00,23,00,00,00,7c,00,00,00,72,00,\
00,00,01,00,00,00

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^Adobe Gamma.lnk]
"path"="C:\\Documents and Settings\\Administrator\\Start Menu\\Programs\\Startup\\Adobe Gamma.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Gamma.lnkStartup"
"location"="Startup"
"command"="C:\\PROGRA~1\\COMMON~1\\Adobe\\CALIBR~1\\ADOBEG~1.EXE "
"item"="Adobe Gamma"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark 2200 Series]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="lxbvbmgr"
"hkey"="HKLM"
"command"="rem \"C:\\Program Files\\Lexmark 2200 Series\\lxbvbmgr.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnnt]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="winamph"
"hkey"="HKCU"
"command"="C:\\WINDOWS\\winamph.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="rem SOUNDMAN"
"hkey"="HKLM"
"command"="rem SOUNDMAN.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
Usnsvc REG_MULTI_SZ usnsvc\0\0

Completion time: 06-11-11 0:13:29.59
C:\ComboFix.txt ... 06-11-11 00:13
C:\ComboFix2.txt ... 06-11-09 15:42



and here is my f-secure scan report:


Scanning Report
Saturday, November 11, 2006 01:05:43 - 01:40:49
Computer name: YRHC-EHT
Scanning type: Scan system for viruses, rootkits, spyware
Target: C:\


--------------------------------------------------------------------------------

Result: 0 malware found

--------------------------------------------------------------------------------

Statistics
Scanned:
Files: 15003
System: 4091
Not scanned: 2
Actions:
Disinfected: 0
Renamed: 0
Deleted: 0
None: 0
Submitted: 0
Files not scanned:
C:\PAGEFILE.SYS
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT

--------------------------------------------------------------------------------

Options
Scanning engines:
F-Secure Libra: 2.4.2, 2006-11-10
F-Secure AVP: 7.0.171, 2006-11-10
F-Secure Orion: 1.2.37, 2006-11-10
F-Secure Blacklight: 1.0.31, 0000-00-00
F-Secure Draco: 1.0.35, 2006-11-02
F-Secure Pegasus: 1.19.0, 2006-08-29
Scanning options:
Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML ZIP XXX
Use Advanced heuristics

--------------------------------------------------------------------------------

Copyright 1998-2006 Product support |Send virus sample to F-Secure
F-Secure assumes no responsibility for material created or published by third parties that F-Secure World Wide Web pages have a link to. Unless you have clearly stated otherwise, by submitting material to any of our servers, for example by E-mail or via our F-Secure's CGI E-mail, you agree that the material you make available may be published in the F-Secure World Wide Pages or hard-copy publications. You will reach F-Secure public web site by clicking on underlined links. While doing this, your access will be logged to our private access statistics with your domain name.This information will not be given to any third party. You agree not to take action against us in relation to material that you submit. Unless you have clearly stated otherwise, by submitting material you warrant that F-Secure may incorporate any concepts described in it in the F-Secure products/publications without liability.

#8 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:04:54 AM

Posted 12 November 2006 - 10:41 PM

Please download the Killbox by Option^Explicit.

Note: In the event you already have Killbox, this is a new version that I need you to download.
  • Save it to your desktop.
  • Please double-click Killbox.exe to run it.
  • Select:
    • Delete on Reboot
    • then Click on the All Files button.
  • Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):



    C:\WINDOWS\system32\mhzt1106.exe
    C:\WINDOWS\system32\wlexplorer.exe
    C:\WINDOWS\Download\svhost32.exe



  • Return to Killbox, go to the File menu, and choose Paste from Clipboard.
  • Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).

    If your computer does not restart automatically, please restart it manually.

  • After rebooting, open up Killbox again. Click File -> Logs -> Actions History Log
  • Post this log in your next reply.
Delete these folders, if present.

C:\WINDOWS\system32\AdCache
C:\Program Files\3721




Please post a new hijackthis log.

Edited by Buckeye_Sam, 12 November 2006 - 10:42 PM.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#9 yrhc@eht

yrhc@eht
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:05:54 PM

Posted 12 November 2006 - 11:21 PM

here is my killbox history log:

Pocket Killbox version 2.0.0.881
Running on Windows XP as Administrator(Administrator)
was started @ Saturday, November 11, 2006, 11:55 AM

# 1 [Delete on Reboot]
Path = C:\WINDOWS\system32\mhzt1106.exe


# 2 [Delete on Reboot]
Path = C:\WINDOWS\system32\wlexplorer.exe


# 3 [Delete on Reboot]
Path = C:\WINDOWS\Download\svhost32.exe


# 4 [Delete on Reboot]
Path = C:\WINDOWS\system32\mhzt1106.exe


# 5 [Delete on Reboot]
Path = C:\WINDOWS\system32\wlexplorer.exe


# 6 [Delete on Reboot]
Path = C:\WINDOWS\system32\mhzt1106.exe


# 7 [Delete on Reboot]
Path = C:\WINDOWS\system32\wlexplorer.exe


I Rebooted @ 12:00:13 PM
Killbox Closed(Exit) @ 12:00:28 PM
__________________________________________________

Pocket Killbox version 2.0.0.881
Running on Windows XP as Administrator(Administrator)
was started @ Saturday, November 11, 2006, 12:04 PM




here is my hijackthis scan log:

Logfile of HijackThis v1.99.1
Scan saved at 12:08, on 06-11-13
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Downloads\HijackThis.exe

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - (no file)
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [kav] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [wl] C:\WINDOWS\Download\svhost32.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: 氝樓善捇誥隆堐(&Y) - res://C:\PROGRA~1\Yahoo!\ASSIST~1\assist\yrss.dll/YRSSMENUEXT
O8 - Extra context menu item: 添加到雅虎订阅(&Y) - res://C:\PROGRA~1\Yahoo!\ASSIST~1\assist\yrss.dll/YRSSMENUEXT
O8 - Extra context menu item: 设为 Messenger Live 头像 - C:\Program Files\MSNShell\BIN\SetMSNDP.htm
O8 - Extra context menu item: 雅虎搜索 - res://C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll/203
O9 - Extra button: MSN Shell 4 - {0713E8D2-850A-101B-AFC0-4210102A8DA7} - C:\Program Files\MSNShell\Bin\MSNShell.exe
O9 - Extra 'Tools' menuitem: MSN Shell 4 - {0713E8D2-850A-101B-AFC0-4210102A8DA7} - C:\Program Files\MSNShell\Bin\MSNShell.exe
O9 - Extra button: Web?′?T???T - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O16 - DPF: Yahoo! Pool 2 - http://download2.games.yahoo.com/games/clients/y/poti_x.cab
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab46479.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab32846.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab32846.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols3/fscax.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab34246.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/binframework/v10/StProxy.cab41227.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: klogon - C:\WINDOWS\System32\klogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ??1?′2????t6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (Omega 1.6693) (Q) (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

#10 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:04:54 AM

Posted 13 November 2006 - 05:37 PM

Run Hijackthis again, click scan, and Put a checkmark next to each of the lines listed below. Then close all other windows--you should only see HijackThis on your Desktop--and click the Fix Checked button.

O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - (no file)
O4 - HKLM\..\Run: [wl] C:\WINDOWS\Download\svhost32.exe
O8 - Extra context menu item: 氝樓善捇誥隆堐(&Y) - res://C:\PROGRA~1\Yahoo!\ASSIST~1\assist\yrss.dll/YRSSMENUEXT
O8 - Extra context menu item: 添加到雅虎订阅(&Y) - res://C:\PROGRA~1\Yahoo!\ASSIST~1\assist\yrss.dll/YRSSMENUEXT
O8 - Extra context menu item: 雅虎搜索 - res://C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll/203



Reboot and post a new hijackthis log.
How is your computer working now?
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#11 yrhc@eht

yrhc@eht
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:05:54 PM

Posted 14 November 2006 - 04:38 AM

thank you, my computer has more smooth and no more spyware problem, here is my hijackthis scan log:

Logfile of HijackThis v1.99.1
Scan saved at 17:30, on 06-11-14
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Downloads\HijackThis.exe

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [kav] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: 设为 Messenger Live 头像 - C:\Program Files\MSNShell\BIN\SetMSNDP.htm
O9 - Extra button: MSN Shell 4 - {0713E8D2-850A-101B-AFC0-4210102A8DA7} - C:\Program Files\MSNShell\Bin\MSNShell.exe
O9 - Extra 'Tools' menuitem: MSN Shell 4 - {0713E8D2-850A-101B-AFC0-4210102A8DA7} - C:\Program Files\MSNShell\Bin\MSNShell.exe
O9 - Extra button: Web?′?T???T - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O16 - DPF: Yahoo! Pool 2 - http://download2.games.yahoo.com/games/clients/y/poti_x.cab
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab46479.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab32846.cab
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab32846.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols3/fscax.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab34246.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/binframework/v10/StProxy.cab41227.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: klogon - C:\WINDOWS\System32\klogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ??1?′2????t6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (Omega 1.6693) (Q) (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

#12 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:04:54 AM

Posted 14 November 2006 - 08:01 AM

Good to hear! :thumbsup:

Your log is clean!


Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
  • Disable and Enable System Restore. - If you are using Windows ME or XP then you should disable and reenable system restore to make sure there are no infected files found in a restore point left over from what we have just cleaned.

    You can find instructions on how to enable and reenable system restore here:

    Managing Windows Millenium System Restore

    or

    Windows XP System Restore Guide

    Renable system restore with instructions from tutorial above

  • Make your Internet Explorer more secure - This can be done by following these simple instructions:
    • From within Internet Explorer click on the Tools menu and then click on Options.
    • Click once on the Security tab
    • Click once on the Internet icon so it becomes highlighted.
    • Click once on the Custom Level button.
      • Change the Download signed ActiveX controls to Prompt
      • Change the Download unsigned ActiveX controls to Disable
      • Change the Initialize and script ActiveX controls not marked as safe to Disable
      • Change the Installation of desktop items to Prompt
      • Change the Launching programs and files in an IFRAME to Prompt
      • Change the Navigate sub-frames across different domains to Prompt
      • When all these settings have been made, click on the OK button.
      • If it prompts you as to whether or not you want to save the settings, press the Yes button.
    • Next press the Apply button and then the OK to exit the Internet Properties page.
  • Use an AntiVirus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.

    See this link for a listing of some online & their stand-alone antivirus programs:

    Virus, Spyware, and Malware Protection and Removal Resources

  • Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

  • Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

    For a tutorial on Firewalls and a listing of some available ones see the link below:

    Understanding and Using Firewalls

  • Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

  • Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an antivirus software.

    A tutorial on installing & using this product can be found here:

    Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers

  • Install Ad-Aware - Install and download Ad-Aware. ou should also scan your computer with program on a regular basis just as you would an antivirus software in conjunction with Spybot.

    A tutorial on installing & using this product can be found here:

    Using Ad-aware to remove Spyware, Malware, & Hijackers from Your Computer

  • Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

    A tutorial on installing & using this product can be found here:

    Using SpywareBlaster to protect your computer from Spyware and Malware

  • Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.

:flowers: :huh:
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#13 yrhc@eht

yrhc@eht
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:05:54 PM

Posted 15 November 2006 - 08:52 AM

thank you very much!!!

#14 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:04:54 AM

Posted 15 November 2006 - 06:32 PM

I'm glad I could help you out! :thumbsup:

Now that your problem appears to be resolved, this thread will be closed. If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users