Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected By Virus


  • Please log in to reply
20 replies to this topic

#1 jian

jian

  • Members
  • 75 posts
  • OFFLINE
  •  
  • Local time:06:40 PM

Posted 11 May 2007 - 09:47 PM

my pc infected by trojan again? i can never reboot to the normal mode after my computer restart automatically. i have no choice but to use safe mode to hijack this log and pls help me to solve this problem.

thank you so so much

Logfile of HijackThis v1.99.1
Scan saved at 10:38:52 AM, on 5/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\user\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about.blank.la
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: CLDown Object - {0BECAB3A-E1F8-45E6-8332-38DD750EBA01} - C:\Program Files\Tuotu\TuoTuHelper_v8.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RemoteControl] C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [cFosSpeed] C:\Program Files\cFosSpeed\cFosSpeed.exe
O4 - HKLM\..\Run: [TuoTu] C:\Program Files\Tuotu\Tuotu.exe /m
O4 - HKLM\..\Run: [Nero DriveSpeed] C:\PROGRA~1\Nero\NERO7~1\NEROTO~1\DRIVES~1.EXE
O4 - HKLM\..\Run: [System] C:\Program Files\Common Files\system\Updaterun.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\RunOnce: [zdrsf] %systemroot%\system32\Rundll32.exe %systemroot%\system32\zdrsf.dll,DllUnregisterServer
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\eMule.exe -AutoStart
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O8 - Extra context menu item: 使用脱兔下载 - C:\Program Files\Tuotu\TT_one.htm
O8 - Extra context menu item: 使用脱兔下载全部链接 - C:\Program Files\Tuotu\TT_all.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ?? - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: ??(FlashGet) - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1FAF427B-1EE5-43D3-A023-3009142AFCD6} (CS Order Entry Control (AAA)) - http://219.93.0.130/webecos/control/csoex_aaa.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by135fd.bay135.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-MY/a-UNO1/GAME_UNO1.cab
O16 - DPF: {B9B2EE1A-E314-4338-A305-BE845EACB112} (CyberStock 250) - http://219.93.0.130/webecos/control/cswx.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.adobe.com/pub/shockwave/...ash/swflash.cab
O16 - DPF: {EDDA7B3F-CA25-4D98-81AC-8BA0E4AE65F6} (dcCertUtils.clsOperation) - https://ef.hasil.org.my/scrs-lhdn_malay/dcCertUtils.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{685BA51E-A1F6-47EF-AAAF-14ED61E17F1C}: NameServer = 202.188.0.133,202.188.1.5
O17 - HKLM\System\CS1\Services\Tcpip\..\{685BA51E-A1F6-47EF-AAAF-14ED61E17F1C}: NameServer = 202.188.0.133,202.188.1.5
O17 - HKLM\System\CS2\Services\Tcpip\..\{685BA51E-A1F6-47EF-AAAF-14ED61E17F1C}: NameServer = 202.188.0.133,202.188.1.5
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: cFosSpeed System Service (cFosSpeedS) - Unknown owner - C:\Program Files\cFosSpeed\spd.exe" -service (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: DNS Cache (NHLscA) - Unknown owner - C:\WINDOWS\SYSTEM32\RUNDLL2KXP.EXE (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Windows (Windowcmd) - Unknown owner - C:\WINDOWS\system32\servc.exe

BC AdBot (Login to Remove)

 


m

#2 jian

jian
  • Topic Starter

  • Members
  • 75 posts
  • OFFLINE
  •  
  • Local time:06:40 PM

Posted 11 May 2007 - 10:19 PM

I can log in to the normal mode now
but i think my pc still infected by virus

pls help..

thanks

Edited by jian, 12 May 2007 - 08:58 PM.


#3 jurgenv

jurgenv

  • Members
  • 1,093 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:11:40 AM

Posted 13 May 2007 - 10:11 AM

* First download AVG Anti-Spyware 7.5 from HERE and save that file to your desktop.
This is a 30 day trial of the program
  • Once you have downloaded AVG Anti-Spyware 7.5, locate the icon on the desktop and double-click it to launch the set up program.
  • Once the setup is complete you will need run AVG Anti-Spyware 7.5 and update the definition files.
  • Run AVG Anti-Spyware
  • From the main AVG Anti-Spyware screen, click on Update, then click the Start update button.
  • After the update finishes (the status bar at the bottom will display "Update successful")
  • Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
  • Under "Reports
  • Select "Automatically generate report after every scan"
  • Un-Select "Only if threats were found"
[/list]Close AVG Anti-Spyware 7.5, Do Not run a scan just yet, we will shortly.

* If you do not already have Ad-Aware SE 1.06 installed, follow these download and setup instructions. Also check for updates:
Ad-Aware SE Setup
Again, do NOT run a scan yet.


* Next, please reboot your computer in Safe Mode by doing the following:
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
  • Instead of Windows loading as normal, a menu should appear
  • Select the first option, to run Windows in Safe Mode.
* Next, run Ad-aware and perform a full scan. Remove everything found.
  • Lauch AVG Anti-Spyware 7.5 by double-clicking the icon on your desktop.
  • Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
  • AVG Anti-Spyware 7.5 will now begin the scanning process, be patient this may take a little time.
    Once the scan is complete do the following:
  • If you have any infections you will prompted, then select "Apply all actions"
  • Next select the "Reports" icon at the top.
  • Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
* Restart your computer in normal mode.

* Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

* After that, post a new hijackthis log here with the report of AVG antispyware.
Greets J黵genv

Donation: Click me.

#4 jian

jian
  • Topic Starter

  • Members
  • 75 posts
  • OFFLINE
  •  
  • Local time:06:40 PM

Posted 14 May 2007 - 06:45 AM

Thanks for yr reply

here is the log

Logfile of HijackThis v1.99.1
Scan saved at 19:39:40, on 14/05/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\cFosSpeed\cFosSpeed.exe
C:\Program Files\Tuotu\Tuotu.exe
C:\PROGRA~1\Nero\NERO7~1\NEROTO~1\DRIVES~1.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\cFosSpeed\spd.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\user\Desktop\HijackThis.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: CLDown Object - {0BECAB3A-E1F8-45E6-8332-38DD750EBA01} - C:\Program Files\Tuotu\TuoTuHelper_v8.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RemoteControl] C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [cFosSpeed] C:\Program Files\cFosSpeed\cFosSpeed.exe
O4 - HKLM\..\Run: [TuoTu] C:\Program Files\Tuotu\Tuotu.exe /m
O4 - HKLM\..\Run: [Nero DriveSpeed] C:\PROGRA~1\Nero\NERO7~1\NEROTO~1\DRIVES~1.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\eMule.exe -AutoStart
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O8 - Extra context menu item: 使用脱兔下载 - C:\Program Files\Tuotu\TT_one.htm
O8 - Extra context menu item: 使用脱兔下载全部链接 - C:\Program Files\Tuotu\TT_all.htm
O8 - Extra context menu item: 妏蚚迕芤狟婥 - C:\Program Files\Tuotu\TT_one.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ?3μ - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: ?3μ(FlashGet) - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1FAF427B-1EE5-43D3-A023-3009142AFCD6} (CS Order Entry Control (AAA)) - http://219.93.0.130/webecos/control/csoex_aaa.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://jiansee.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-MY/a-UNO1/GAME_UNO1.cab
O16 - DPF: {B9B2EE1A-E314-4338-A305-BE845EACB112} (CyberStock 250) - http://219.93.0.130/webecos/control/cswx.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.adobe.com/pub/shockwave/...ash/swflash.cab
O16 - DPF: {EDDA7B3F-CA25-4D98-81AC-8BA0E4AE65F6} (dcCertUtils.clsOperation) - https://ef.hasil.org.my/scrs-lhdn_malay/dcCertUtils.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{685BA51E-A1F6-47EF-AAAF-14ED61E17F1C}: NameServer = 202.188.0.133,202.188.1.5
O17 - HKLM\System\CS1\Services\Tcpip\..\{685BA51E-A1F6-47EF-AAAF-14ED61E17F1C}: NameServer = 202.188.0.133,202.188.1.5
O17 - HKLM\System\CS2\Services\Tcpip\..\{685BA51E-A1F6-47EF-AAAF-14ED61E17F1C}: NameServer = 202.188.0.133,202.188.1.5
O17 - HKLM\System\CS3\Services\Tcpip\..\{685BA51E-A1F6-47EF-AAAF-14ED61E17F1C}: NameServer = 202.188.0.133,202.188.1.5
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: cFosSpeed System Service (cFosSpeedS) - Unknown owner - C:\Program Files\cFosSpeed\spd.exe" -service (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe



and this is from AVG anti spyware

--------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 19:34:33 14/05/2005

+ Scan result:



D:\System Volume Information\_restore{752448C3-7542-40EC-981A-3C9F9342DF82}\RP81\A0037033.com -> Logger.Agent.pn : Cleaned.
C:\Documents and Settings\user\Cookies\user@3.adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\user\Cookies\user@ads.adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned.


::Report end

#5 jian

jian
  • Topic Starter

  • Members
  • 75 posts
  • OFFLINE
  •  
  • Local time:06:40 PM

Posted 14 May 2007 - 06:48 AM

when i start my pc...it will automatically jump into a website www.infodiy.com

and after that my AVG will detect this torjan ''trojan horse downloader. generic4..jgm'' :thumbsup: and it cannot be heal

Edited by jian, 14 May 2007 - 08:23 AM.


#6 jurgenv

jurgenv

  • Members
  • 1,093 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:11:40 AM

Posted 14 May 2007 - 09:57 AM

1. Download this file - combofix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply with a new hijackthis log.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
Greets J黵genv

Donation: Click me.

#7 jian

jian
  • Topic Starter

  • Members
  • 75 posts
  • OFFLINE
  •  
  • Local time:06:40 PM

Posted 15 May 2007 - 05:12 AM

"user" - 2005-05-15 18:02:19 Service Pack 2
ComboFix 07-05.13.V - Running from: "C:\Program Files\FlashGet\"


((((((((((((((((((((((((((((((( Files Created from 2005-04-05 to 2005-05-15 ))))))))))))))))))))))))))))))))))


2005-05-26 04:16 18,200 --a------ C:\WINDOWS\system32\wups2.dll
2005-05-14 22:12 <DIR> d-------- C:\Program Files\Flickr Uploadr
2005-05-14 22:12 <DIR> d-------- C:\DOCUME~1\user\APPLIC~1\Flickr
2005-05-14 21:28 <DIR> d-------- C:\WINDOWS\ImageShackToolbar
2005-05-14 20:02 <DIR> d-------- C:\Program Files\MSN Messenger
2005-05-14 17:44 <DIR> d-------- C:\Program Files\Lavasoft
2005-05-14 17:44 <DIR> d-------- C:\DOCUME~1\user\APPLIC~1\Lavasoft
2005-05-13 09:30 1 --a------ C:\WINDOWS\system32\index.dat
2005-05-13 09:00 41,142 --a------ C:\WINDOWS\system32\1122491B.DLL


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-05-11 14:36:34 16,625 --sh--w C:\WINDOWS\system32\servc.exe
2007-05-01 23:35:50 -------- d-----w C:\DOCUME~1\user\APPLIC~1\uTorrent
2007-04-27 11:31:35 -------- d-----w C:\Program Files\Tuotu
2007-04-26 12:51:19 10 ----a-w C:\WINDOWS\popcinfo.dat
2007-04-05 14:14:00 -------- d-----w C:\DOCUME~1\user\APPLIC~1\vlc
2007-04-05 13:16:15 -------- d-----w C:\Program Files\VideoLAN
2007-04-05 13:07:02 -------- d-----w C:\Program Files\Smart Projects
2007-04-05 13:02:01 223,128 ----a-w C:\WINDOWS\system32\drivers\vaxscsi.sys
2007-04-05 12:47:11 96,256 ----a-w C:\WINDOWS\system32\drivers\sptd0029.sys
2007-04-05 12:47:11 642,560 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2007-04-05 12:31:33 -------- d-----w C:\DOCUME~1\user\APPLIC~1\Ahead
2007-04-01 04:02:17 -------- d-----w C:\Program Files\TVUPlayer
2007-03-31 16:58:56 -------- d-----w C:\DOCUME~1\user\APPLIC~1\CyberLink
2007-03-30 12:10:07 -------- d-----w C:\DOCUME~1\user\APPLIC~1\Opera
2007-03-28 12:48:39 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-03-28 12:48:39 -------- d-----w C:\Program Files\MOTECH
2007-03-26 13:01:38 -------- d-----w C:\DOCUME~1\user\APPLIC~1\Nokia Multimedia Player
2007-03-26 12:53:57 -------- d-----w C:\DOCUME~1\user\APPLIC~1\Nokia
2007-03-25 16:33:11 -------- d-----w C:\Program Files\Microsoft ActiveSync
2007-03-25 15:10:11 -------- d-----w C:\DOCUME~1\user\APPLIC~1\Scooter Software
2007-03-24 13:17:36 -------- d--h--r C:\DOCUME~1\user\APPLIC~1\yahoo!
2007-03-24 13:16:00 -------- d-----w C:\Program Files\Total Video Converter
2007-03-24 12:33:11 -------- d-----w C:\DOCUME~1\user\APPLIC~1\TVU networks
2007-03-24 11:48:51 -------- d-----w C:\Program Files\Yahoo!
2007-03-24 08:34:03 -------- d-----w C:\Program Files\Google
2007-03-23 14:01:14 -------- d-----w C:\Program Files\Nokia
2007-03-23 14:01:14 -------- d-----w C:\Program Files\Common Files\Nokia
2007-03-23 12:16:46 -------- d-----w C:\Program Files\Common Files\PCSuite
2007-03-23 12:15:45 -------- d-----w C:\Program Files\PC Connectivity Solution
2007-03-23 11:57:15 -------- d-----w C:\DOCUME~1\user\APPLIC~1\PC Suite
2007-03-23 11:54:12 -------- d-----w C:\Program Files\DIFX
2007-03-22 14:20:46 -------- d-----w C:\Program Files\Common Files\ACD Systems
2007-03-22 14:09:22 -------- d-----w C:\Program Files\Avant Browser
2007-03-22 14:09:02 -------- d-----w C:\DOCUME~1\user\APPLIC~1\Google
2007-03-22 14:02:02 -------- d-----w C:\DOCUME~1\user\APPLIC~1\Avant Profiles
2007-03-22 13:59:47 -------- d-----w C:\Program Files\BitLord
2007-03-22 13:47:13 -------- d-----w C:\Program Files\Common Files\Adobe Systems Shared
2007-03-22 13:44:23 -------- d-----w C:\DOCUME~1\user\APPLIC~1\ACD Systems
2007-03-22 13:44:10 -------- d-----w C:\Program Files\ACD Systems
2007-03-22 13:44:07 10,368 ----a-w C:\WINDOWS\system32\drivers\pfc.sys
2007-03-22 01:55:38 -------- d-----w C:\Program Files\The KMPlayer
2007-03-22 01:26:56 -------- d-----w C:\DOCUME~1\user\APPLIC~1\Skype
2007-03-22 01:16:02 -------- d-----w C:\Program Files\CyberLink
2007-03-22 01:15:56 -------- d-----w C:\Program Files\Common Files\InstallShield
2007-03-22 01:09:08 -------- d-----w C:\Program Files\Skype
2007-03-22 01:09:07 -------- d-----w C:\Program Files\Common Files\Skype
2007-03-22 01:08:25 -------- d-----w C:\DOCUME~1\user\APPLIC~1\Real
2007-03-22 01:06:57 -------- d-----w C:\Program Files\Common Files\xing shared
2007-03-22 01:06:55 -------- d-----w C:\Program Files\Common Files\Real
2007-03-22 01:06:37 -------- d-----w C:\Program Files\Real
2007-03-22 00:52:19 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2007-03-22 00:52:19 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2007-03-21 16:37:40 -------- d-----w C:\Program Files\Common Files\ODBC
2007-03-21 16:37:37 -------- d-----w C:\Program Files\Common Files\SpeechEngines
2007-03-21 09:55:40 -------- d-----w C:\Program Files\Common Files\Ahead
2007-03-21 09:51:38 -------- d-----w C:\Program Files\Nero
2007-03-21 09:42:29 -------- d-----w C:\Program Files\Microsoft.NET
2007-03-21 09:35:23 -------- d-----w C:\Program Files\Intel
2007-03-21 09:32:11 -------- d-----w C:\Program Files\SigmaTel
2007-03-21 09:20:38 -------- d-----w C:\Program Files\MSXML 4.0
2007-03-21 08:50:37 -------- d-----w C:\Program Files\microsoft frontpage
2007-03-21 08:50:18 0 --sha-r C:\MSDOS.SYS
2007-03-21 08:50:18 0 --sha-r C:\IO.SYS
2007-03-21 08:50:18 0 ----a-w C:\CONFIG.SYS
2007-03-21 08:50:18 0 ----a-w C:\AUTOEXEC.BAT
2007-03-21 08:48:57 -------- d--h--w C:\Program Files\WindowsUpdate
2007-03-21 08:47:58 -------- d-----w C:\Program Files\Common Files\MSSoap
2007-03-21 08:47:48 -------- d-----w C:\Program Files\Movie Maker
2007-03-21 08:46:57 21,640 ----a-w C:\WINDOWS\system32\emptyregdb.dat
2007-03-21 08:46:30 -------- d-----w C:\Program Files\Online Services
2007-03-21 08:46:25 -------- d-----w C:\Program Files\Messenger
2007-03-21 08:46:20 -------- d-----w C:\Program Files\MSN Gaming Zone
2007-03-21 08:46:09 -------- d-----w C:\Program Files\Windows NT
2007-01-19 04:53:04 51,056 ----a-w C:\WINDOWS\system32\sirenacm.dll
2006-11-13 05:39:28 138,024 ----a-w C:\WINDOWS\system32\rapi.dll
2006-11-13 05:38:40 22,824 ----a-w C:\WINDOWS\system32\ceutil.dll
2006-11-06 10:04:56 28,672 ----a-w C:\WINDOWS\system32\drivers\wceusbsh.sys
2006-10-18 09:32:38 807,032 ----a-w C:\WINDOWS\system32\wmv9dmod.dll
2006-10-10 00:54:34 138,240 ----a-w C:\WINDOWS\system32\drivers\nmwcd.sys
2006-10-10 00:54:32 9,216 ----a-w C:\WINDOWS\system32\drivers\nmwcdc.sys
2006-10-10 00:54:32 12,800 ----a-w C:\WINDOWS\system32\drivers\nmwcdcm.sys
2006-10-10 00:54:32 12,800 ----a-w C:\WINDOWS\system32\drivers\nmwcdcj.sys
2006-10-10 00:54:30 50,688 ----a-w C:\WINDOWS\system32\nmwcdcls.dll
2006-10-10 00:54:30 4,608 ----a-w C:\WINDOWS\system32\nmwcdlog.dll
2006-10-10 00:54:30 30,720 ----a-w C:\WINDOWS\system32\nmwcdcocls.dll
2006-09-28 09:27:02 270,336 ----a-w C:\WINDOWS\system32\cfosspeed.dll
2006-09-28 09:24:34 630,784 ----a-r C:\WINDOWS\system32\drivers\cfosspeed.sys
2006-09-05 16:03:16 3,968 ----a-w C:\WINDOWS\system32\drivers\AvgAsCln.sys
2006-08-07 07:22:00 276,620 ----a-w C:\WINDOWS\system32\drivers\BTCap.sys
2006-04-19 17:22:24 102,400 ----a-w C:\WINDOWS\system32\DSCMJPG.dll
2005-12-07 03:31:00 202,752 ----a-r C:\WINDOWS\system32\CddbCdda.dll
2005-10-21 01:47:05 12,800 ----a-w C:\WINDOWS\system32\drivers\usb8023.sys
2005-10-21 01:47:05 12,800 ------w C:\WINDOWS\system32\drivers\usb8023x.sys
2005-10-21 01:47:04 30,592 ----a-w C:\WINDOWS\system32\drivers\rndismp.sys
2005-10-21 01:47:04 30,592 ------w C:\WINDOWS\system32\drivers\rndismpx.sys
2005-10-07 04:25:34 58,288 ----a-w C:\WINDOWS\system32\drivers\w810bus.sys
2005-10-07 04:25:30 5,808 ----a-w C:\WINDOWS\system32\drivers\w810whnt.sys
2005-10-07 04:25:30 5,808 ----a-w C:\WINDOWS\system32\drivers\w810wh.sys
2005-09-12 08:13:46 233,472 ----a-w C:\WINDOWS\UNRecode.exe
2005-09-12 08:13:46 233,472 ----a-w C:\WINDOWS\UNNeroVision.exe
2005-09-12 08:13:46 233,472 ----a-w C:\WINDOWS\UNNeroShowTime.exe
2005-09-12 08:13:46 233,472 ----a-w C:\WINDOWS\UNNeroMediaHome.exe
2005-08-10 17:21:16 41,216 ----a-w C:\WINDOWS\system32\drivers\sfng32.sys
2005-08-09 23:44:10 1,021,608 ----a-w C:\WINDOWS\system32\drivers\sthda.sys
2005-08-09 23:40:12 151,552 ----a-w C:\WINDOWS\system32\stacapi.dll
2005-08-09 23:37:30 109,056 ----a-w C:\WINDOWS\system32\staco.dll
2005-08-01 11:10:00 11,264 ----a-r C:\WINDOWS\system32\drivers\EIO.sys
2005-07-08 10:57:00 86,016 ----a-w C:\WINDOWS\system32\nvmctray.dll
2005-07-08 10:57:00 81,920 ----a-w C:\WINDOWS\system32\nvwddi.dll
2005-07-08 10:57:00 7,110,656 ----a-w C:\WINDOWS\system32\nvcpl.dll
2005-07-08 10:57:00 540,672 ----a-w C:\WINDOWS\system32\nvhwvid.dll
2005-07-08 10:57:00 5,140,480 ----a-w C:\WINDOWS\system32\nvoglnt.dll
2005-07-08 10:57:00 466,944 ----a-w C:\WINDOWS\system32\nvshell.dll
2005-07-08 10:57:00 442,368 ----a-w C:\WINDOWS\system32\nvappbar.exe
2005-07-08 10:57:00 393,216 ----a-w C:\WINDOWS\system32\keystone.exe
2005-07-08 10:57:00 335,872 ----a-w C:\WINDOWS\system32\nvwrses.dll
2005-07-08 10:57:00 335,872 ----a-w C:\WINDOWS\system32\nvwrsel.dll
2005-07-08 10:57:00 327,680 ----a-w C:\WINDOWS\system32\nvwrsfr.dll
2005-07-08 10:57:00 327,680 ----a-w C:\WINDOWS\system32\nvwrsesm.dll
2005-07-08 10:57:00 323,584 ----a-w C:\WINDOWS\system32\nvwrspt.dll
2005-07-08 10:57:00 323,584 ----a-w C:\WINDOWS\system32\nvwrsit.dll
2005-07-08 10:57:00 32,768 ----a-w C:\WINDOWS\system32\nvcodins.dll
2005-07-08 10:57:00 32,768 ----a-w C:\WINDOWS\system32\nvcod.dll
2005-07-08 10:57:00 319,488 ----a-w C:\WINDOWS\system32\nvwrsptb.dll
2005-07-08 10:57:00 319,488 ----a-w C:\WINDOWS\system32\nvwrsnl.dll
2005-07-08 10:57:00 315,392 ----a-w C:\WINDOWS\system32\nvwrsru.dll
2005-07-08 10:57:00 315,392 ----a-w C:\WINDOWS\system32\nvwrshu.dll
2005-07-08 10:57:00 315,392 ----a-w C:\WINDOWS\system32\nvrsar.dll
2005-07-08 10:57:00 311,296 ----a-w C:\WINDOWS\system32\nvwrsde.dll
2005-07-08 10:57:00 311,296 ----a-w C:\WINDOWS\system32\nvrshe.dll
2005-07-08 10:57:00 303,104 ----a-w C:\WINDOWS\system32\nvwrstr.dll
2005-07-08 10:57:00 303,104 ----a-w C:\WINDOWS\system32\nvwrssl.dll
2005-07-08 10:57:00 303,104 ----a-w C:\WINDOWS\system32\nvwrsfi.dll
2005-07-08 10:57:00 3,908,736 ----a-w C:\WINDOWS\system32\nv4_disp.dll
2005-07-08 10:57:00 3,198,304 ----a-w C:\WINDOWS\system32\drivers\nv4_mini.sys
2005-07-08 10:57:00 299,008 ----a-w C:\WINDOWS\system32\nvwrssk.dll
2005-07-08 10:57:00 299,008 ----a-w C:\WINDOWS\system32\nvwrsno.dll
2005-07-08 10:57:00 294,912 ----a-w C:\WINDOWS\system32\nvwrssv.dll
2005-07-08 10:57:00 294,912 ----a-w C:\WINDOWS\system32\nvwrspl.dll
2005-07-08 10:57:00 294,912 ----a-w C:\WINDOWS\system32\nvwrsda.dll
2005-07-08 10:57:00 286,720 ----a-w C:\WINDOWS\system32\nvwrseng.dll
2005-07-08 10:57:00 286,720 ----a-w C:\WINDOWS\system32\nvwrscs.dll
2005-07-08 10:57:00 286,720 ----a-w C:\WINDOWS\system32\nvnt4cpl.dll
2005-07-08 10:57:00 282,624 ----a-w C:\WINDOWS\system32\nvwrsar.dll
2005-07-08 10:57:00 278,528 ----a-w C:\WINDOWS\system32\nvwrshe.dll
2005-07-08 10:57:00 270,336 ----a-w C:\WINDOWS\system32\nvrsit.dll
2005-07-08 10:57:00 270,336 ----a-w C:\WINDOWS\system32\nvrsfr.dll
2005-07-08 10:57:00 270,336 ----a-w C:\WINDOWS\system32\nvrses.dll
2005-07-08 10:57:00 270,336 ----a-w C:\WINDOWS\system32\nvrsel.dll
2005-07-08 10:57:00 266,240 ----a-w C:\WINDOWS\system32\nvrsde.dll
2005-07-08 10:57:00 262,144 ----a-w C:\WINDOWS\system32\nvrspt.dll
2005-07-08 10:57:00 262,144 ----a-w C:\WINDOWS\system32\nvrsnl.dll
2005-07-08 10:57:00 262,144 ----a-w C:\WINDOWS\system32\nvrsesm.dll
2005-07-08 10:57:00 258,048 ----a-w C:\WINDOWS\system32\nvrsru.dll
2005-07-08 10:57:00 253,952 ----a-w C:\WINDOWS\system32\nvrsptb.dll
2005-07-08 10:57:00 253,952 ----a-w C:\WINDOWS\system32\nvrsja.dll
2005-07-08 10:57:00 249,856 ----a-w C:\WINDOWS\system32\nvrsko.dll
2005-07-08 10:57:00 245,760 ----a-w C:\WINDOWS\system32\nvrstr.dll
2005-07-08 10:57:00 245,760 ----a-w C:\WINDOWS\system32\nvrssk.dll
2005-07-08 10:57:00 245,760 ----a-w C:\WINDOWS\system32\nvrshu.dll
2005-07-08 10:57:00 241,664 ----a-w C:\WINDOWS\system32\nvrssv.dll
2005-07-08 10:57:00 241,664 ----a-w C:\WINDOWS\system32\nvrssl.dll
2005-07-08 10:57:00 241,664 ----a-w C:\WINDOWS\system32\nvrspl.dll
2005-07-08 10:57:00 241,664 ----a-w C:\WINDOWS\system32\nvrsno.dll
2005-07-08 10:57:00 241,664 ----a-w C:\WINDOWS\system32\nvrsda.dll
2005-07-08 10:57:00 237,568 ----a-w C:\WINDOWS\system32\nvrsfi.dll
2005-07-08 10:57:00 237,568 ----a-w C:\WINDOWS\system32\nvrseng.dll
2005-07-08 10:57:00 233,472 ----a-w C:\WINDOWS\system32\nvrscs.dll
2005-07-08 10:57:00 212,992 ----a-w C:\WINDOWS\system32\nvwrsja.dll
2005-07-08 10:57:00 212,992 ----a-w C:\WINDOWS\system32\nvrszhc.dll
2005-07-08 10:57:00 196,608 ----a-w C:\WINDOWS\system32\nvwrsko.dll
2005-07-08 10:57:00 176,128 ----a-w C:\WINDOWS\system32\nvudisp.exe
2005-07-08 10:57:00 167,936 ----a-w C:\WINDOWS\system32\nvwrszht.dll
2005-07-08 10:57:00 163,840 ----a-w C:\WINDOWS\system32\nvwrszhc.dll
2005-07-08 10:57:00 147,456 ----a-w C:\WINDOWS\system32\nvcolor.exe
2005-07-08 10:57:00 127,043 ----a-w C:\WINDOWS\system32\nvsvc32.exe
2005-07-08 10:57:00 114,688 ----a-w C:\WINDOWS\system32\nvrszht.dll
2005-07-08 10:57:00 1,662,976 ----a-w C:\WINDOWS\system32\nvwdmcpl.dll
2005-07-08 10:57:00 1,519,616 ----a-w C:\WINDOWS\system32\nwiz.exe
2005-07-08 10:57:00 1,466,368 ----a-w C:\WINDOWS\system32\nview.dll
2005-07-08 10:57:00 1,339,392 ----a-w C:\WINDOWS\system32\nvdspsch.exe
2005-07-08 10:57:00 1,019,904 ----a-w C:\WINDOWS\system32\nvwimg.dll
2005-07-08 02:55:28 430,080 ------w C:\WINDOWS\system32\Ncs2DMIX.dll
2005-07-07 08:47:06 528,384 ----a-w C:\WINDOWS\system32\ACDSee.scr
2005-07-07 04:12:42 417,792 ------w C:\WINDOWS\system32\NcsCoLib.dll
2005-06-29 03:59:02 323,584 ------w C:\WINDOWS\system32\Accesor.dll
2005-06-29 02:09:22 126,976 ------w C:\WINDOWS\system32\Ncs2InstUtility.dll
2005-06-23 16:36:06 117,248 ----a-w C:\WINDOWS\system32\drivers\ianswxp.sys
2005-06-20 04:56:52 462,848 ----a-w C:\WINDOWS\system32\ACDV.dll
2005-06-16 15:48:24 36,864 ----a-r C:\WINDOWS\system32\e100bmsg.dll
2005-06-15 21:27:42 126,976 ----a-r C:\WINDOWS\system32\Prounstl.exe
2005-06-15 06:08:42 20,480 ----a-r C:\WINDOWS\system32\NicCo32.dll
2005-06-14 11:42:22 20,480 ------w C:\WINDOWS\system32\drivers\iqvw32.sys
2005-06-13 20:58:04 162,816 ----a-r C:\WINDOWS\system32\drivers\e100b325.sys
2005-05-25 20:16:30 465,176 ----a-w C:\WINDOWS\system32\wuapi.dll
2005-05-25 20:16:30 41,240 ----a-w C:\WINDOWS\system32\wups.dll
2005-05-25 20:16:30 194,328 ----a-w C:\WINDOWS\system32\wuaueng1.dll
2005-05-25 20:16:30 173,536 ----a-w C:\WINDOWS\system32\wuweb.dll
2005-05-25 20:16:30 172,312 ----a-w C:\WINDOWS\system32\wuauclt1.exe
2005-05-25 20:16:30 127,256 ----a-w C:\WINDOWS\system32\wucltui.dll
2005-05-25 20:16:30 124,184 ----a-w C:\WINDOWS\system32\wuauclt.exe
2005-05-25 20:16:30 1,343,768 ----a-w C:\WINDOWS\system32\wuaueng.dll
2005-05-25 20:16:24 75,544 ----a-w C:\WINDOWS\system32\cdm.dll
2005-05-25 20:16:24 198,424 ----a-w C:\WINDOWS\system32\iuengine.dll
2005-05-19 15:28:12 21,504 ----a-r C:\WINDOWS\system32\NicIn32.dll
2005-05-15 10:05:38 -------- d-----w C:\Program Files\cFosSpeed
2005-05-15 10:02:16 -------- d-----w C:\Program Files\FlashGet
2005-05-04 06:45:36 884,736 ----a-w C:\WINDOWS\system32\msimsg.dll
2005-05-04 06:45:36 78,848 ----a-w C:\WINDOWS\system32\msiexec.exe
2005-05-04 06:45:36 271,360 ----a-w C:\WINDOWS\system32\msihnd.dll
2005-05-04 06:45:36 15,360 ----a-w C:\WINDOWS\system32\msisip.dll
2005-05-04 06:45:32 2,890,240 ----a-w C:\WINDOWS\system32\msi.dll
2005-05-02 00:18:14 503,808 ------w C:\WINDOWS\system32\ncscrtp71.dll
2005-05-02 00:17:48 344,064 ------w C:\WINDOWS\system32\ncscrt71.dll
2005-04-28 17:50:00 167,936 ------w C:\WINDOWS\system32\PRONtObj.dll
2005-03-15 10:34:22 21,248 ----a-r C:\WINDOWS\system32\drivers\intelsmb.sys
2005-02-25 03:35:05 22,752 ----a-w C:\WINDOWS\system32\spupdsvc.exe
2005-02-17 21:59:52 226,816 ----a-w C:\WINDOWS\system32\CEWMDM.dll
2005-02-16 07:18:04 90,184 ----a-w C:\WINDOWS\system32\NeroCo.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{02478D38-C3F9-4EFB-9B51-7695ECA05670}=C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-10-26 10:28]
{0BECAB3A-E1F8-45E6-8332-38DD750EBA01}=C:\Program Files\Tuotu\TuoTuHelper_v8.dll [2007-03-19 21:46]
{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}=C:\Program Files\FlashGet\jccatch.dll [2007-01-29 17:46]
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}=C:\Program Files\Yahoo!\Common\yiesrvc.dll [2006-10-31 15:29]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll [2006-12-15 03:23]
{9030D464-4C02-4ABF-8ECC-5164760863C6}=C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-08-31 20:33]
{AA58ED58-01DD-4d91-8333-CF10577473F7}=c:\program files\google\googletoolbar2.dll [2007-01-19 23:55]
{F156768E-81EF-470C-9057-481BA8380DBA}=C:\Program Files\FlashGet\getflash.dll [2007-01-15 11:40]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"IMJPMIG8.1"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32"
"PHIME2002ASync"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC"
"PHIME2002A"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName"
"SigmatelSysTrayApp"="sttray.exe"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"NWEReboot"=""
"NeroFilterCheck"="C:\\Program Files\\Common Files\\Ahead\\Lib\\NeroCheck.exe"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgcc.exe /STARTUP"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_11\\bin\\jusched.exe\""
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"RemoteControl"="C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe"
"PCSuiteTrayApplication"="C:\\Program Files\\Nokia\\Nokia PC Suite 6\\LaunchApplication.exe -startup"
"cFosSpeed"="C:\\Program Files\\cFosSpeed\\cFosSpeed.exe"
"TuoTu"="C:\\Program Files\\Tuotu\\Tuotu.exe /m"
"Nero DriveSpeed"="C:\\PROGRA~1\\Nero\\NERO7~1\\NEROTO~1\\DRIVES~1.EXE"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 06:32]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 06:32]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 06:32]
"SigmatelSysTrayApp"="sttray.exe" [])
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-07-08 18:57]
"nwiz"="nwiz.exe" [2005-07-08 18:57 C:\WINDOWS\system32\nwiz.exe])
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-07-08 18:57]
"NWEReboot"="" [])
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 16:40]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-04-23 10:29]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" [2006-12-15 03:23]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-03-22 09:06]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-11-30 02:04]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2006-11-08 13:27]
"cFosSpeed"="C:\Program Files\cFosSpeed\cFosSpeed.exe" [2006-09-28 17:26]
"TuoTu"="C:\Program Files\Tuotu\Tuotu.exe" [2007-03-21 16:27]
"Nero DriveSpeed"="C:\PROGRA~1\Nero\NERO7~1\NEROTO~1\DRIVES~1.EXE" [2005-10-31 02:58]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:56]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-04 01:06]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-03-24 13:41]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 13:39]
"eMuleAutoStart"="C:\Program Files\eMule\eMule.exe" []
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 12:54]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"
"H/PC Connection Agent"="\"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe\""
"eMuleAutoStart"="C:\\Program Files\\eMule\\eMule.exe -AutoStart"
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"PcSync"="C:\\Program Files\\Nokia\\Nokia PC Suite 6\\PcSync2.exe /NoDialog"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2006-09-28 22:13]


HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages msv1_0\0\0
Security Packages kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages scecli\0\0

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\skype
"C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized


[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter HTTPFilter\0\0
LocalService Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService DnsCache\0\0
DcomLaunch DcomLaunch\0TermService\0\0
rpcss RpcSs\0\0
imgsvc StiSvc\0\0
termsvcs TermService\0\0

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost


********************************************************************

catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2005-05-15 18:06:01
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


********************************************************************

Completion time: 2005-05-15 18:06:31 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2005-05-15 18:06


Logfile of HijackThis v1.99.1
Scan saved at 18:07:48, on 15/05/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\conime.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\cFosSpeed\cFosSpeed.exe
C:\Program Files\Tuotu\Tuotu.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Nero\NERO7~1\NEROTO~1\DRIVES~1.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\cFosSpeed\spd.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\user\Desktop\HijackThis.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: CLDown Object - {0BECAB3A-E1F8-45E6-8332-38DD750EBA01} - C:\Program Files\Tuotu\TuoTuHelper_v8.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: ImageShack Toolbar - {6932D140-ABC4-4073-A44C-D4A541665E35} - C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RemoteControl] C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [cFosSpeed] C:\Program Files\cFosSpeed\cFosSpeed.exe
O4 - HKLM\..\Run: [TuoTu] C:\Program Files\Tuotu\Tuotu.exe /m
O4 - HKLM\..\Run: [Nero DriveSpeed] C:\PROGRA~1\Nero\NERO7~1\NEROTO~1\DRIVES~1.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\eMule.exe -AutoStart
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O8 - Extra context menu item: 使用脱兔下载 - C:\Program Files\Tuotu\TT_one.htm
O8 - Extra context menu item: 使用脱兔下载全部链接 - C:\Program Files\Tuotu\TT_all.htm
O8 - Extra context menu item: 妏蚚迕芤狟婥 - C:\Program Files\Tuotu\TT_one.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ?3μ - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: ?3μ(FlashGet) - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://toolbar.imageshack.us
O16 - DPF: {1FAF427B-1EE5-43D3-A023-3009142AFCD6} (CS Order Entry Control (AAA)) - http://219.93.0.130/webecos/control/csoex_aaa.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://jiansee.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-MY/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6932D140-ABC4-4073-A44C-D4A541665E35} (ImageShack Toolbar) - http://toolbar.imageshack.us/toolbar/ImageShackToolbar.cab
O16 - DPF: {B9B2EE1A-E314-4338-A305-BE845EACB112} (CyberStock 250) - http://219.93.0.130/webecos/control/cswx.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.adobe.com/pub/shockwave/...ash/swflash.cab
O16 - DPF: {EDDA7B3F-CA25-4D98-81AC-8BA0E4AE65F6} (dcCertUtils.clsOperation) - https://ef.hasil.org.my/scrs-lhdn_malay/dcCertUtils.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{685BA51E-A1F6-47EF-AAAF-14ED61E17F1C}: NameServer = 202.188.0.133,202.188.1.5
O17 - HKLM\System\CS1\Services\Tcpip\..\{685BA51E-A1F6-47EF-AAAF-14ED61E17F1C}: NameServer = 202.188.0.133,202.188.1.5
O17 - HKLM\System\CS2\Services\Tcpip\..\{685BA51E-A1F6-47EF-AAAF-14ED61E17F1C}: NameServer = 202.188.0.133,202.188.1.5
O17 - HKLM\System\CS3\Services\Tcpip\..\{685BA51E-A1F6-47EF-AAAF-14ED61E17F1C}: NameServer = 202.188.0.133,202.188.1.5
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: 3134D146 - Unknown owner - C:\WINDOWS\system32\E8083987.EXE (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: cFosSpeed System Service (cFosSpeedS) - Unknown owner - C:\Program Files\cFosSpeed\spd.exe" -service (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

#8 jurgenv

jurgenv

  • Members
  • 1,093 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:11:40 AM

Posted 15 May 2007 - 10:08 AM

* Download OTMoveIt.exe from here and place it on your desktop:
http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe

* Open OTMoveIt.exe.
In the left pane where it says: "Paste List of Files/Folders to be Moved", copy and paste next part:

C:\WINDOWS\system32\servc.exe

Then click the MoveIt button below.
In case you get a "Bad Image" error, just click OK at the promt. It will move the file anyway.
When done, it will create a log (********_******.log -- * stands for date and time) in next folder: C:\_OTMoveIt\MovedFiles.
Copy and paste this log in your next reply.

* Go to http://www.virustotal.com/en/indexf.html and upload the following file:

C:\WINDOWS\system32\1122491B.DLL

* Post the report of it here with a new hijackthis log.
Greets J黵genv

Donation: Click me.

#9 jian

jian
  • Topic Starter

  • Members
  • 75 posts
  • OFFLINE
  •  
  • Local time:06:40 PM

Posted 15 May 2007 - 10:36 AM

C:\WINDOWS\system32\servc.exe moved successfully.

Created on 05/15/2005 23:12:07





STATUS: FINISHEDComplete scanning result of "1122491B.DLL", received in VirusTotal at 05.15.2007, 17:33:45 (CET).

Antivirus Version Update Result
AhnLab-V3 2007.5.15.1 05.15.2007 Win32/NSAnti.suspicious
AntiVir 7.4.0.15 05.15.2007 HEUR/Malware
Authentium 4.93.8 05.14.2007 Possibly a new variant of W32/PWStealer1!Generic
Avast 4.7.997.0 05.15.2007 Win32:Agent-EXD
AVG 7.5.0.467 05.15.2007 Agent.AXA
BitDefender 7.2 05.15.2007 no virus found
CAT-QuickHeal 9.00 05.15.2007 no virus found
ClamAV devel-20070416 05.15.2007 no virus found
DrWeb 4.33 05.15.2007 no virus found
eSafe 7.0.15.0 05.15.2007 Suspicious Trojan/Worm
eTrust-Vet 30.7.3634 05.15.2007 no virus found
Ewido 4.0 05.15.2007 no virus found
FileAdvisor 1 05.15.2007 No threat detected
Fortinet 2.85.0.0 05.15.2007 suspicious
F-Prot 4.3.2.48 05.14.2007 W32/PWStealer1!Generic
F-Secure 6.70.13030.0 05.15.2007 no virus found
Ikarus T3.1.1.7 05.15.2007 Backdoor.Win32.Hupigon.BV
Kaspersky 4.0.2.24 05.15.2007 no virus found
McAfee 5030 05.14.2007 no virus found
Microsoft 1.2503 05.15.2007 VirTool:Win32/Obfuscator.A
NOD32v2 2268 05.15.2007 probably a variant of Win32/Agent.NEO
Norman 5.80.02 05.15.2007 no virus found
Panda 9.0.0.4 05.15.2007 Suspicious file
Prevx1 V2 05.15.2007 no virus found
Sophos 4.17.0 05.11.2007 no virus found
Sunbelt 2.2.907.0 05.12.2007 VIPRE.Suspicious
Symantec 10 05.15.2007 no virus found
TheHacker 6.1.6.115 05.15.2007 no virus found
VBA32 3.12.0 05.15.2007 no virus found
VirusBuster 4.3.7:9 05.15.2007 Trojan.Popwin.Gen!Pac
Webwasher-Gateway 6.0.1 05.15.2007 Heuristic.Malware


Aditional Information
File size: 41142 bytes
MD5: 6078965005a72e36c3d6e6a3133d5881
SHA1: 96fb42d07e94d159aa6d6be2c839241b48e0377f
packers: NsPack, NsPack
Bit9 info: http://fileadvisor.bit9.com/services/extin...3d6e6a3133d5881
packers: embedded
Sunbelt info: VIPRE.Suspicious is a generic detection for potential threats that are deemed








Logfile of HijackThis v1.99.1
Scan saved at 23:32:48, on 15/05/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\conime.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\cFosSpeed\cFosSpeed.exe
C:\Program Files\Tuotu\Tuotu.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Nero\NERO7~1\NEROTO~1\DRIVES~1.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\cFosSpeed\spd.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\FlashGet\flashget.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Avant Browser\avant.exe
C:\Documents and Settings\user\Desktop\HijackThis.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: CLDown Object - {0BECAB3A-E1F8-45E6-8332-38DD750EBA01} - C:\Program Files\Tuotu\TuoTuHelper_v8.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: ImageShack Toolbar - {6932D140-ABC4-4073-A44C-D4A541665E35} - C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RemoteControl] C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [cFosSpeed] C:\Program Files\cFosSpeed\cFosSpeed.exe
O4 - HKLM\..\Run: [TuoTu] C:\Program Files\Tuotu\Tuotu.exe /m
O4 - HKLM\..\Run: [Nero DriveSpeed] C:\PROGRA~1\Nero\NERO7~1\NEROTO~1\DRIVES~1.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\eMule.exe -AutoStart
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Add to AD Black List - C:\Program Files\Avant Browser\AddToADBlackList.htm
O8 - Extra context menu item: Block All Images from the Same Server - C:\Program Files\Avant Browser\AddAllToADBlackList.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Highlight - C:\Program Files\Avant Browser\Highlight.htm
O8 - Extra context menu item: Open All Links in This Page... - C:\Program Files\Avant Browser\OpenAllLinks.htm
O8 - Extra context menu item: Open In New Avant Browser - C:\Program Files\Avant Browser\OpenInNewBrowser.htm
O8 - Extra context menu item: Search - C:\Program Files\Avant Browser\Search.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O8 - Extra context menu item: 使用脱兔下载 - C:\Program Files\Tuotu\TT_one.htm
O8 - Extra context menu item: 使用脱兔下载全部链接 - C:\Program Files\Tuotu\TT_all.htm
O8 - Extra context menu item: 妏蚚迕芤狟婥 - C:\Program Files\Tuotu\TT_one.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ?3μ - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: ?3μ(FlashGet) - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://toolbar.imageshack.us
O16 - DPF: {1FAF427B-1EE5-43D3-A023-3009142AFCD6} (CS Order Entry Control (AAA)) - http://219.93.0.130/webecos/control/csoex_aaa.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://jiansee.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-MY/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6932D140-ABC4-4073-A44C-D4A541665E35} (ImageShack Toolbar) - http://toolbar.imageshack.us/toolbar/ImageShackToolbar.cab
O16 - DPF: {B9B2EE1A-E314-4338-A305-BE845EACB112} (CyberStock 250) - http://219.93.0.130/webecos/control/cswx.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.adobe.com/pub/shockwave/...ash/swflash.cab
O16 - DPF: {EDDA7B3F-CA25-4D98-81AC-8BA0E4AE65F6} (dcCertUtils.clsOperation) - https://ef.hasil.org.my/scrs-lhdn_malay/dcCertUtils.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{685BA51E-A1F6-47EF-AAAF-14ED61E17F1C}: NameServer = 202.188.0.133,202.188.1.5
O17 - HKLM\System\CS1\Services\Tcpip\..\{685BA51E-A1F6-47EF-AAAF-14ED61E17F1C}: NameServer = 202.188.0.133,202.188.1.5
O17 - HKLM\System\CS2\Services\Tcpip\..\{685BA51E-A1F6-47EF-AAAF-14ED61E17F1C}: NameServer = 202.188.0.133,202.188.1.5
O17 - HKLM\System\CS3\Services\Tcpip\..\{685BA51E-A1F6-47EF-AAAF-14ED61E17F1C}: NameServer = 202.188.0.133,202.188.1.5
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: 3134D146 - Unknown owner - C:\WINDOWS\system32\E8083987.EXE (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: cFosSpeed System Service (cFosSpeedS) - Unknown owner - C:\Program Files\cFosSpeed\spd.exe" -service (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

Edited by jian, 15 May 2007 - 10:58 AM.


#10 jurgenv

jurgenv

  • Members
  • 1,093 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:11:40 AM

Posted 15 May 2007 - 10:37 AM

Please remove this file with OTMoveIt:

C:\WINDOWS\system32\1122491B.DLL

* After that, post me a new hijackthis log and tell me how everything is working.
Greets J黵genv

Donation: Click me.

#11 jian

jian
  • Topic Starter

  • Members
  • 75 posts
  • OFFLINE
  •  
  • Local time:06:40 PM

Posted 15 May 2007 - 11:00 AM

i'll be away for 3 days, back on friday
actually i'm getting worry as u keep asking me to scan it, and havent come to the state of delete them..i wonder is my pc infected by the virus seriously?

#12 jian

jian
  • Topic Starter

  • Members
  • 75 posts
  • OFFLINE
  •  
  • Local time:06:40 PM

Posted 15 May 2007 - 11:02 AM

Logfile of HijackThis v1.99.1
Scan saved at 23:59:09, on 15/05/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\conime.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\cFosSpeed\cFosSpeed.exe
C:\Program Files\Tuotu\Tuotu.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Nero\NERO7~1\NEROTO~1\DRIVES~1.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\cFosSpeed\spd.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\FlashGet\flashget.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Avant Browser\avant.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Documents and Settings\user\Desktop\HijackThis.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: CLDown Object - {0BECAB3A-E1F8-45E6-8332-38DD750EBA01} - C:\Program Files\Tuotu\TuoTuHelper_v8.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: ImageShack Toolbar - {6932D140-ABC4-4073-A44C-D4A541665E35} - C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RemoteControl] C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [cFosSpeed] C:\Program Files\cFosSpeed\cFosSpeed.exe
O4 - HKLM\..\Run: [TuoTu] C:\Program Files\Tuotu\Tuotu.exe /m
O4 - HKLM\..\Run: [Nero DriveSpeed] C:\PROGRA~1\Nero\NERO7~1\NEROTO~1\DRIVES~1.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\eMule.exe -AutoStart
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Add to AD Black List - C:\Program Files\Avant Browser\AddToADBlackList.htm
O8 - Extra context menu item: Block All Images from the Same Server - C:\Program Files\Avant Browser\AddAllToADBlackList.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Highlight - C:\Program Files\Avant Browser\Highlight.htm
O8 - Extra context menu item: Open All Links in This Page... - C:\Program Files\Avant Browser\OpenAllLinks.htm
O8 - Extra context menu item: Open In New Avant Browser - C:\Program Files\Avant Browser\OpenInNewBrowser.htm
O8 - Extra context menu item: Search - C:\Program Files\Avant Browser\Search.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O8 - Extra context menu item: 使用脱兔下载 - C:\Program Files\Tuotu\TT_one.htm
O8 - Extra context menu item: 使用脱兔下载全部链接 - C:\Program Files\Tuotu\TT_all.htm
O8 - Extra context menu item: 妏蚚迕芤狟婥 - C:\Program Files\Tuotu\TT_one.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ?3μ - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: ?3μ(FlashGet) - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://toolbar.imageshack.us
O16 - DPF: {1FAF427B-1EE5-43D3-A023-3009142AFCD6} (CS Order Entry Control (AAA)) - http://219.93.0.130/webecos/control/csoex_aaa.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://jiansee.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-MY/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6932D140-ABC4-4073-A44C-D4A541665E35} (ImageShack Toolbar) - http://toolbar.imageshack.us/toolbar/ImageShackToolbar.cab
O16 - DPF: {B9B2EE1A-E314-4338-A305-BE845EACB112} (CyberStock 250) - http://219.93.0.130/webecos/control/cswx.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.adobe.com/pub/shockwave/...ash/swflash.cab
O16 - DPF: {EDDA7B3F-CA25-4D98-81AC-8BA0E4AE65F6} (dcCertUtils.clsOperation) - https://ef.hasil.org.my/scrs-lhdn_malay/dcCertUtils.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{685BA51E-A1F6-47EF-AAAF-14ED61E17F1C}: NameServer = 202.188.0.133,202.188.1.5
O17 - HKLM\System\CS1\Services\Tcpip\..\{685BA51E-A1F6-47EF-AAAF-14ED61E17F1C}: NameServer = 202.188.0.133,202.188.1.5
O17 - HKLM\System\CS2\Services\Tcpip\..\{685BA51E-A1F6-47EF-AAAF-14ED61E17F1C}: NameServer = 202.188.0.133,202.188.1.5
O17 - HKLM\System\CS3\Services\Tcpip\..\{685BA51E-A1F6-47EF-AAAF-14ED61E17F1C}: NameServer = 202.188.0.133,202.188.1.5
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: 3134D146 - Unknown owner - C:\WINDOWS\system32\E8083987.EXE
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: cFosSpeed System Service (cFosSpeedS) - Unknown owner - C:\Program Files\cFosSpeed\spd.exe" -service (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

#13 jurgenv

jurgenv

  • Members
  • 1,093 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:11:40 AM

Posted 15 May 2007 - 11:05 AM

Also delete this file with OTMoveIt and post me a new hijackthis log:

C:\WINDOWS\system32\E8083987.EXE
Greets J黵genv

Donation: Click me.

#14 jian

jian
  • Topic Starter

  • Members
  • 75 posts
  • OFFLINE
  •  
  • Local time:06:40 PM

Posted 15 May 2007 - 11:13 AM

well..after i restart my pc...it no longer automatic jump out the website that i mention above..and my AVG didnt detect ay trojan now...thanks to u first...

but, i dunno whether i should hv ask u here, or related to wat we have done to the system...my Windows live messenger cant work anymore when we are doing some scanning. But, b4 that, it works...i dont think it is the windows live messenger problem, as i can log in in other pc but not in this pc. and i'm suffering this problem a few days ago...it come out this error code: 80048820, extended error code : 80048412..although i have try the troubelshoot, and it seems working fine for everything with the ''green tick'', it still cant log me in :thumbsup:

anyway, thanks to u again

#15 jian

jian
  • Topic Starter

  • Members
  • 75 posts
  • OFFLINE
  •  
  • Local time:06:40 PM

Posted 15 May 2007 - 11:15 AM

Logfile of HijackThis v1.99.1
Scan saved at 00:11:34, on 16/05/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\cFosSpeed\cFosSpeed.exe
C:\Program Files\Tuotu\Tuotu.exe
C:\PROGRA~1\Nero\NERO7~1\NEROTO~1\DRIVES~1.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\cFosSpeed\spd.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Avant Browser\avant.exe
C:\Documents and Settings\user\Desktop\HijackThis.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: CLDown Object - {0BECAB3A-E1F8-45E6-8332-38DD750EBA01} - C:\Program Files\Tuotu\TuoTuHelper_v8.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: ImageShack Toolbar - {6932D140-ABC4-4073-A44C-D4A541665E35} - C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RemoteControl] C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [cFosSpeed] C:\Program Files\cFosSpeed\cFosSpeed.exe
O4 - HKLM\..\Run: [TuoTu] C:\Program Files\Tuotu\Tuotu.exe /m
O4 - HKLM\..\Run: [Nero DriveSpeed] C:\PROGRA~1\Nero\NERO7~1\NEROTO~1\DRIVES~1.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\eMule.exe -AutoStart
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Add to AD Black List - C:\Program Files\Avant Browser\AddToADBlackList.htm
O8 - Extra context menu item: Block All Images from the Same Server - C:\Program Files\Avant Browser\AddAllToADBlackList.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Highlight - C:\Program Files\Avant Browser\Highlight.htm
O8 - Extra context menu item: Open All Links in This Page... - C:\Program Files\Avant Browser\OpenAllLinks.htm
O8 - Extra context menu item: Open In New Avant Browser - C:\Program Files\Avant Browser\OpenInNewBrowser.htm
O8 - Extra context menu item: Search - C:\Program Files\Avant Browser\Search.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O8 - Extra context menu item: 使用脱兔下载 - C:\Program Files\Tuotu\TT_one.htm
O8 - Extra context menu item: 使用脱兔下载全部链接 - C:\Program Files\Tuotu\TT_all.htm
O8 - Extra context menu item: 妏蚚迕芤狟婥 - C:\Program Files\Tuotu\TT_one.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ?3μ - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: ?3μ(FlashGet) - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://toolbar.imageshack.us
O16 - DPF: {1FAF427B-1EE5-43D3-A023-3009142AFCD6} (CS Order Entry Control (AAA)) - http://219.93.0.130/webecos/control/csoex_aaa.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://jiansee.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-MY/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6932D140-ABC4-4073-A44C-D4A541665E35} (ImageShack Toolbar) - http://toolbar.imageshack.us/toolbar/ImageShackToolbar.cab
O16 - DPF: {B9B2EE1A-E314-4338-A305-BE845EACB112} (CyberStock 250) - http://219.93.0.130/webecos/control/cswx.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.adobe.com/pub/shockwave/...ash/swflash.cab
O16 - DPF: {EDDA7B3F-CA25-4D98-81AC-8BA0E4AE65F6} (dcCertUtils.clsOperation) - https://ef.hasil.org.my/scrs-lhdn_malay/dcCertUtils.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{685BA51E-A1F6-47EF-AAAF-14ED61E17F1C}: NameServer = 202.188.0.133,202.188.1.5
O17 - HKLM\System\CS1\Services\Tcpip\..\{685BA51E-A1F6-47EF-AAAF-14ED61E17F1C}: NameServer = 202.188.0.133,202.188.1.5
O17 - HKLM\System\CS2\Services\Tcpip\..\{685BA51E-A1F6-47EF-AAAF-14ED61E17F1C}: NameServer = 202.188.0.133,202.188.1.5
O17 - HKLM\System\CS3\Services\Tcpip\..\{685BA51E-A1F6-47EF-AAAF-14ED61E17F1C}: NameServer = 202.188.0.133,202.188.1.5
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: 3134D146 - Unknown owner - C:\WINDOWS\system32\E8083987.EXE (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: cFosSpeed System Service (cFosSpeedS) - Unknown owner - C:\Program Files\cFosSpeed\spd.exe" -service (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users