Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Topics - erikiholloman

Pages: [1]
1
Tech Clinic / virus
« on: April 27, 2016, 09:07:27 AM »
Dear Bro,

 

Kindly need your help! My computer was infected with virus.

attach below my hijackthis logfile.

 

Logfile of Trend Micro HijackThis v2.0.5

Scan saved at 10:06:23 PM, on 27/4/2016

Platform: Unknown Windows (WinNT 6.02.1008)

MSIE: Internet Explorer v11.0 (11.00.10240.16603)

 

 

Boot mode: Normal

 

Running processes:

C:\\Program Files (x86)\\Lenovo\\iMController\\PluginHost\\Lenovo.Modern.ImController.PluginHost.exe

C:\\Program Files (x86)\\Lenovo\\iMController\\PluginHost\\Lenovo.Modern.ImController.PluginHost.exe

C:\\Program Files (x86)\\Lenovo\\iMController\\PluginHost\\Lenovo.Modern.ImController.PluginHost.exe

C:\\Program Files (x86)\\Lenovo\\iMController\\PluginHost\\Lenovo.Modern.ImController.PluginHost.exe

C:\\Users\\chanka\\AppData\\Local\\Microsoft\\OneDrive\\OneDrive.exe

C:\\Program Files (x86)\\Garena Plus\\GarenaMessenger.exe

C:\\Program Files (x86)\\Lenovo\\Lenovo Photo Master\\PhotoMasterWorker.exe

C:\\Program Files (x86)\\Lenovo\\PowerDVD12\\PDVD12Serv.exe

C:\\Program Files (x86)\\Lenovo\\Power2Go\\CLMLSvc_P2G8.exe

C:\\Program Files (x86)\\Common Files\\Java\\Java Update\\jusched.exe

C:\\Program Files (x86)\\AVG\\Framework\\Common\\avguix.exe

C:\\Program Files (x86)\\AVG\\Av\\avgui.exe

C:\\Program Files (x86)\\Spybot - Search & Destroy 2\\SDTray.exe

C:\\Program Files\\Intel\\Intel(R) Rapid Storage Technology\\IAStorIcon.exe

C:\\Windows\\SysWOW64\\ctfmon.exe

C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe

C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe

C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe

C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe

C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe

C:\\Program Files (x86)\\Thunder Network\\Thunder\\Program\\thunder.exe

c:\\program files (x86)\\common files\\thunder network\\tp\\ver1\\1.1.2.264_1111\\thunderplatform.exe

C:\\Program Files (x86)\\Thunder Network\\Thunder\\Program\\XLUEOPS.exe

C:\\Program Files (x86)\\Thunder Network\\Thunder\\Program\\XLUEOPS.exe

C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe

C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe

C:\\Users\\chanka\\Desktop\\HijackThis(1).exe

 

R1 - HKCU\\Software\\Microsoft\\Internet Explorer\\Main,Default_Page_URL = http://lenovo15.msn.com/?pc=LCTE\'>http://lenovo15.msn.com/?pc=LCTE

R1 - HKCU\\Software\\Microsoft\\Internet Explorer\\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896\'>http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\\Software\\Microsoft\\Internet Explorer\\Main,Start Page = about:blank

R1 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141\'>http://go.microsoft.com/fwlink/p/?LinkId=255141

R1 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896\'>http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896\'>http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Start Page = https://sg.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_dwndlm_16_15&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dsg%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuyB0AtD0C0BzztCyEyBzzzzyBtAyD0C0DtN0D0Tzu0StCyDyCyCtN1L2XzutAtFtBtCtFtDtFtCtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2StD0E0EyDyC0ByCtCtGyD0F0FtBtGzyyD0CyEtGtAyE0BtCtGtByDyBzyyD0Azyzz0AtAyCtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyB0CtAzy0E0DyC0AtG0AyD0ByCtGyE0FyCyCtG0AtA0EtCtGtAtC0D0FyBtAyCzyyCzytDyD2QtN0A0LzuyE%26cr%3D1394391829%26a%3Dwbf_dwndlm_16_15%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome%2BSingle%2BLanguage\'>https://sg.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_dwndlm_16_15&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dsg%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuyB0AtD0C0BzztCyEyBzzzzyBtAyD0C0DtN0D0Tzu0StCyDyCyCtN1L2XzutAtFtBtCtFtDtFtCtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2StD0E0EyDyC0ByCtCtGyD0F0FtBtGzyyD0CyEtGtAyE0BtCtGtByDyBzyyD0Azyzz0AtAyCtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyB0CtAzy0E0DyC0AtG0AyD0ByCtGyE0FyCyCtG0AtA0EtCtGtAtC0D0FyBtAyCzyyCzytDyD2QtN0A0LzuyE%26cr%3D1394391829%26a%3Dwbf_dwndlm_16_15%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome%2BSingle%2BLanguage

R0 - HKLM\\Software\\Microsoft\\Internet Explorer\\Search,SearchAssistant = 

R0 - HKLM\\Software\\Microsoft\\Internet Explorer\\Search,CustomizeSearch = 

R0 - HKCU\\Software\\Microsoft\\Internet Explorer\\Main,Local Page = %11%\\blank.htm

R0 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Local Page = C:\\Windows\\SysWOW64\\blank.htm

R0 - HKCU\\Software\\Microsoft\\Internet Explorer\\Toolbar,LinksFolderName = 

F2 - REG:system.ini: UserInit=

O2 - BHO: VideoUrlSniffer - {00000ADA-7E0D-47C1-986C-F017D09C4304} - C:\\Users\\Public\\Thunder Network\\XMP5\\Addins\\VideoUrlSniffer.2.3.3.211.(699).dll

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\\Program Files (x86)\\Skype\\Toolbars\\Internet Explorer\\SkypeIEPlugin.dll

O2 - BHO: Xunlei BHO Platform - {DE05CF4A-7B0A-4775-B5E5-396244938679} - C:\\Program Files (x86)\\Thunder Network\\Thunder\\Thunder BHO Platform\\np_tdieplat.dll

O4 - HKLM\\..\\Run: [CLMLServer_For_P2G8] \"C:\\Program Files (x86)\\Lenovo\\Power2Go\\CLMLSvc_P2G8.exe\"

O4 - HKLM\\..\\Run: [CLVirtualDrive] \"C:\\Program Files (x86)\\Lenovo\\Power2Go\\VirtualDrive.exe\" /R

O4 - HKLM\\..\\Run: [StartCCC] \"C:\\Program Files (x86)\\ATI Technologies\\ATI.ACE\\Core-Static\\amd64\\CLIStart.exe\" MSRun

O4 - HKLM\\..\\Run: [Intel(R) RealSense(TM) SDK info server] \"C:\\Program Files (x86)\\Common Files\\Intel\\RSDCM\\bin\\win32\\RealSenseInfo.exe\"

O4 - HKLM\\..\\Run: [SunJavaUpdateSched] \"C:\\Program Files (x86)\\Common Files\\Java\\Java Update\\jusched.exe\"

O4 - HKLM\\..\\Run: [AvgUi] \"C:\\Program Files (x86)\\AVG\\Framework\\Common\\avguirnx.exe\" /lps=fmw

O4 - HKLM\\..\\Run: [AVG_UI] \"C:\\Program Files (x86)\\AVG\\Av\\avuirunnerx.exe\" C:\\Program Files (x86)\\AVG\\Av\\avgui.exe

O4 - HKLM\\..\\Run: [SDTray] \"C:\\Program Files (x86)\\Spybot - Search & Destroy 2\\SDTray.exe\"

O4 - HKCU\\..\\Run: [OneDrive] \"C:\\Users\\chanka\\AppData\\Local\\Microsoft\\OneDrive\\OneDrive.exe\" /background

O4 - HKCU\\..\\Run: [Chromium] \"c:\\users\\chanka\\appdata\\local\\chromium\\application\\chrome.exe\" --auto-launch-at-startup --profile-directory=\"Default\" --restore-last-session --restore-last-session

O4 - HKCU\\..\\Run: [GarenaPlus] \"C:\\Program Files (x86)\\Garena Plus\\GarenaMessenger.exe\" -autolaunch

O4 - HKCU\\..\\Run: [SpybotPostWindows10UpgradeReInstall] \"C:\\Program Files\\Common Files\\AV\\Spybot - Search and Destroy\\Test.exe\"

O9 - Extra button: (no name) - {14c1d00e-0b92-4379-880b-444fa2d740dd} - C:\\Users\\Public\\Thunder Network\\XMP5\\V5.1.29.4510\\Program\\XmpIEToolMenu.htm (file missing)

O9 - Extra \'Tools\' menuitem: ?????? - {14c1d00e-0b92-4379-880b-444fa2d740dd} - C:\\Users\\Public\\Thunder Network\\XMP5\\V5.1.29.4510\\Program\\XmpIEToolMenu.htm (file missing)

O9 - Extra button: ???? - {24c1d00e-0b92-4379-880b-444fa2d740dd} - C:\\Users\\Public\\Thunder Network\\XMP5\\V5.1.29.4510\\Program\\XmpIEToolBar.htm (file missing)

O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\\Program Files (x86)\\Skype\\Toolbars\\Internet Explorer\\SkypeIEPlugin.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O17 - HKLM\\System\\CCS\\Services\\Tcpip\\..\\{4c1be958-c387-4f26-b97a-f11f8dc107d5}: NameServer = 82.163.142.7 95.211.158.134

O17 - HKLM\\System\\CCS\\Services\\Tcpip\\..\\{84053b3e-252e-45f9-8a55-37975c3f5251}: NameServer = 82.163.142.7 95.211.158.134

O17 - HKLM\\System\\CCS\\Services\\Tcpip\\..\\{acbc0327-2cda-47ba-9a95-86795bc36d8c}: NameServer = 82.163.142.7 95.211.158.134

O17 - HKLM\\System\\CCS\\Services\\Tcpip\\..\\{b5187d8e-4321-463e-bb03-cff6ead0eb11}: NameServer = 82.163.142.7 95.211.158.134

O17 - HKLM\\System\\CS1\\Services\\Tcpip\\Parameters: NameServer = 82.163.142.7 95.211.158.134

O17 - HKLM\\System\\CCS\\Services\\Tcpip\\Parameters: NameServer = 82.163.142.7 95.211.158.134

O18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\\Program Files (x86)\\Skype\\Toolbars\\Internet Explorer\\SkypeIEPlugin.dll

O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\\Windows\\SysWOW64\\tbauth.dll

O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)

O23 - Service: @%SystemRoot%\\system32\\Alg.exe,-112 (ALG) - Unknown owner - C:\\Windows\\System32\\alg.exe (file missing)

O23 - Service: AMD External Events Utility - Unknown owner - C:\\Windows\\system32\\atiesrxx.exe (file missing)

O23 - Service: AvgAMPS - AVG Technologies CZ, s.r.o. - C:\\Program Files (x86)\\AVG\\Av\\avgamps.exe

O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\\Program Files (x86)\\AVG\\Av\\avgidsagent.exe

O23 - Service: AVG Service (avgsvc) - AVG Technologies CZ, s.r.o. - C:\\Program Files (x86)\\AVG\\Framework\\Common\\avgsvca.exe

O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\\Program Files (x86)\\AVG\\Av\\avgwdsvcx.exe

O23 - Service: CCSDK - Lenovo - C:\\Program Files (x86)\\Lenovo\\CCSDK\\CCSDK.exe

O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\\Windows\\SysWow64\\IntelCpHeciSvc.exe

O23 - Service: @%SystemRoot%\\system32\\DiagSvcs\\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\\Windows\\system32\\DiagSvcs\\DiagnosticsHub.StandardCollector.Service.exe (file missing)

O23 - Service: @%SystemRoot%\\system32\\efssvc.dll,-100 (EFS) - Unknown owner - C:\\Windows\\System32\\lsass.exe (file missing)

O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\\Program Files\\Intel\\WiFi\\bin\\EvtEng.exe

O23 - Service: FastbootService - Lenovo - C:\\Program Files (x86)\\Lenovo\\LenovoPortal\\FastBoot\\FbService.exe

O23 - Service: @%systemroot%\\system32\\fxsresm.dll,-118 (Fax) - Unknown owner - C:\\Windows\\system32\\fxssvc.exe (file missing)

O23 - Service: GDCAgent - Lenovo - C:\\Program Files (x86)\\Lenovo\\GDCAgentSetupRed\\GDCAgent.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\\Program Files (x86)\\Google\\Update\\GoogleUpdate.exe

O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\\Program Files (x86)\\Google\\Update\\GoogleUpdate.exe

O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\\Program Files\\Intel\\Intel(R) Rapid Storage Technology\\IAStorDataMgrSvc.exe

O23 - Service: Intel Bluetooth Service (ibtsiva) - Intel Corporation - C:\\Program Files (x86)\\Intel\\Bluetooth\\utilities\\ibtsiva.exe

O23 - Service: @%SystemRoot%\\system32\\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\\Windows\\system32\\IEEtwCollector.exe (file missing)

O23 - Service: Intel(R) HD Graphics Control Panel Service (igfxCUIService2.0.0.0) - Unknown owner - C:\\Windows\\system32\\igfxCUIService.exe (file missing)

O23 - Service: System Interface Foundation Service (ImControllerService) - Lenovo Group Limited - c:\\Program Files\\Lenovo\\ImController\\Service\\Lenovo.Modern.ImController.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\\Windows\\system32\\lsass.exe (file missing)

O23 - Service: LenovoPortalService - Unknown owner - C:\\Program Files (x86)\\Lenovo\\LenovoPortal\\LenovoPortalService.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\\Windows\\System32\\msdtc.exe (file missing)

O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\\Program Files\\Intel\\WiFi\\bin\\PanDhcpDns.exe

O23 - Service: @%SystemRoot%\\System32\\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\\Windows\\system32\\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\\System32\\ngcsvc.dll,-100 (NgcSvc) - Unknown owner - C:\\Windows\\system32\\lsass.exe (file missing)

O23 - Service: Intel(R) RealSense(TM) Depth Camera Manager Service (RealSenseDCM) - Intel(R) Corporation - C:\\Program Files (x86)\\Common Files\\Intel\\RSDCM\\bin\\win32\\RealSenseDCM.exe

O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\\Program Files\\Common Files\\Intel\\WirelessCommon\\RegSrvc.exe

O23 - Service: @%systemroot%\\system32\\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\\Windows\\system32\\locator.exe (file missing)

O23 - Service: @%SystemRoot%\\system32\\samsrv.dll,-1 (SamSs) - Unknown owner - C:\\Windows\\system32\\lsass.exe (file missing)

O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\\Program Files (x86)\\Spybot - Search & Destroy 2\\SDFSSvc.exe

O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\\Program Files (x86)\\Spybot - Search & Destroy 2\\SDUpdSvc.exe

O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\\Program Files (x86)\\Spybot - Search & Destroy 2\\SDWSCSvc.exe

O23 - Service: @%SystemRoot%\\system32\\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\\Windows\\System32\\SensorDataService.exe (file missing)

O23 - Service: ShareItSvc - SHAREit Technologies Co.Ltd - C:\\Program Files (x86)\\Lenovo\\SHAREit\\Shareit.Service.exe

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\\Program Files (x86)\\Skype\\Updater\\Updater.exe

O23 - Service: @%SystemRoot%\\system32\\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\\Windows\\System32\\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\\system32\\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\\Windows\\System32\\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\\system32\\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\\Windows\\system32\\sppsvc.exe (file missing)

O23 - Service: @%SystemRoot%\\system32\\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\\Windows\\system32\\UI0Detect.exe (file missing)

O23 - Service: Update Agent (UpdateAgentService) - Unknown owner - C:\\Program Files\\update\\UpdateAgent.exe

O23 - Service: @%SystemRoot%\\system32\\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\\Windows\\system32\\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\\system32\\vds.exe,-100 (vds) - Unknown owner - C:\\Windows\\System32\\vds.exe (file missing)

O23 - Service: @%systemroot%\\system32\\vssvc.exe,-102 (VSS) - Unknown owner - C:\\Windows\\system32\\vssvc.exe (file missing)

O23 - Service: @%systemroot%\\system32\\wbengine.exe,-104 (wbengine) - Unknown owner - C:\\Windows\\system32\\wbengine.exe (file missing)

O23 - Service: @%ProgramFiles%\\Windows Defender\\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\\Program Files (x86)\\Windows Defender\\NisSrv.exe (file missing)

O23 - Service: @%ProgramFiles%\\Windows Defender\\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\\Program Files (x86)\\Windows Defender\\MsMpEng.exe (file missing)

O23 - Service: @%Systemroot%\\system32\\wbem\\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\\Windows\\system32\\wbem\\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\\Windows Media Player\\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\\Program Files (x86)\\Windows Media Player\\wmpnetwk.exe (file missing)

O23 - Service: Intel(R) PROSet/Wireless Zero Configuration Service (ZeroConfigService) - Intel® Corporation - C:\\Program Files\\Intel\\WiFi\\bin\\ZeroConfigService.exe

 

--

End of file - 14191 bytes

 


2
Tech Clinic / Window Font problem- can't change to window standard
« on: March 23, 2014, 08:01:39 AM »
Dear Guestolo,

 

I have another the changing font(window standard) issue on my Window XP as per attached picture.

 


  •  


Attached below hijackthis logfile.


 


Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 11:58:09 AM, on 9/18/2002

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\\WINDOWS\\System32\\smss.exe

C:\\WINDOWS\\system32\\winlogon.exe

C:\\WINDOWS\\system32\\services.exe

C:\\WINDOWS\\system32\\lsass.exe

C:\\WINDOWS\\system32\\svchost.exe

C:\\WINDOWS\\system32\\svchost.exe

C:\\WINDOWS\\system32\\spoolsv.exe

C:\\Documents and Settings\\All Users\\Application Data\\EPSON\\EPW!3 SSRP\\E_S40RP7.EXE

C:\\WINDOWS\\Explorer.EXE

C:\\Program Files\\Google\\Update\\GoogleUpdate.exe

C:\\Program Files\\Java\\jre6\\bin\\jqs.exe

C:\\WINDOWS\\system32\\nvsvc32.exe

C:\\Program Files\\Analog Devices\\SoundMAX\\SMAgent.exe

C:\\WINDOWS\\system32\\svchost.exe

C:\\Program Files\\Common Files\\Java\\Java Update\\jusched.exe

C:\\Program Files\\Analog Devices\\SoundMAX\\Smtray.exe

C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe

C:\\Program Files\\Microsoft Office\\Office12\\GrooveMonitor.exe

C:\\WINDOWS\\system32\\ctfmon.exe

C:\\Program Files\\PPStream\\PPSKernel.exe

C:\\Program Files\\Common Files\\PPLiveNetwork\\PPAP.exe

C:\\Documents and Settings\\Admin\\Local Settings\\Application Data\\Google\\Update\\GoogleUpdate.exe

C:\\Documents and Settings\\Admin\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe

C:\\Documents and Settings\\Admin\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe

C:\\Documents and Settings\\Admin\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe

C:\\Program Files\\Trend Micro\\HiJackThis\\HiJackThis.exe

 

O2 - BHO: BrowserHelper - {4BF2CB0E-658A-442B-AC83-A64EC2150BFC} - C:\\Documents and Settings\\All Users\\Application Data\\PPBrowserHelper\\BHO\\TipsBHO.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\\PROGRA~1\\MICROS~3\\Office12\\GRA8E1~1.DLL

O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\\Program Files\\Java\\jre6\\bin\\ssv.dll

O2 - BHO: XunleiBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - (no file)

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\\Program Files\\Java\\jre6\\lib\\deploy\\jqs\\ie\\jqs_plugin.dll

O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\\Program Files\\EPSON\\EPSON Web-To-Page\\EPSON Web-To-Page.dll

O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\\Program Files\\EPSON\\EPSON Web-To-Page\\EPSON Web-To-Page.dll

O4 - HKLM\\..\\Run: [NvCplDaemon] RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup

O4 - HKLM\\..\\Run: [Adobe ARM] \"C:\\Program Files\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\"

O4 - HKLM\\..\\Run: [IMJPMIG8.1] \"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32

O4 - HKLM\\..\\Run: [MSPY2002] C:\\WINDOWS\\system32\\IME\\PINTLGNT\\ImScInst.exe /SYNC

O4 - HKLM\\..\\Run: [PHIME2002ASync] C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC

O4 - HKLM\\..\\Run: [PHIME2002A] C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName

O4 - HKLM\\..\\Run: [UUSeeMediaCenter] \"C:\\PROGRA~1\\COMMON~1\\uusee\\UUSeeMediaCenter.exe\"

O4 - HKLM\\..\\Run: [SunJavaUpdateSched] \"C:\\Program Files\\Common Files\\Java\\Java Update\\jusched.exe\"

O4 - HKLM\\..\\Run: [Smapp] C:\\Program Files\\Analog Devices\\SoundMAX\\Smtray.exe

O4 - HKLM\\..\\Run: [nwiz] nwiz.exe /install

O4 - HKLM\\..\\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit

O4 - HKLM\\..\\Run: [KernelFaultCheck] %systemroot%\\system32\\dumprep 0 -k

O4 - HKLM\\..\\Run: [ISUSScheduler] \"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start

O4 - HKLM\\..\\Run: [ISUSPM Startup] c:\\progra~1\\common~1\\instal~1\\update~1\\isuspm.exe -startup

O4 - HKLM\\..\\Run: [GrooveMonitor] \"C:\\Program Files\\Microsoft Office\\Office12\\GrooveMonitor.exe\"

O4 - HKCU\\..\\Run: [ctfmon.exe] C:\\WINDOWS\\system32\\ctfmon.exe

O4 - HKCU\\..\\Run: [PPS Accelerator] C:\\Program Files\\PPStream\\PPSKernel.exe

O4 - HKCU\\..\\Run: [PPAP] \"C:\\Program Files\\Common Files\\PPLiveNetwork\\PPAP.EXE\"  -background

O4 - HKCU\\..\\Run: [Google Update] \"C:\\Documents and Settings\\Admin\\Local Settings\\Application Data\\Google\\Update\\GoogleUpdate.exe\" /c

O4 - HKCU\\..\\Run: [EPSON Stylus CX5500 Series] C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_FATICAP.EXE /FU \"C:\\WINDOWS\\TEMP\\E_SBB.tmp\" /EF \"HKCU\"

O4 - HKUS\\S-1-5-19\\..\\Run: [PPS Accelerator] C:\\Program Files\\PPStream\\PPSKernel.exe (User \'?\')

O4 - HKUS\\S-1-5-20\\..\\Run: [PPS Accelerator] C:\\Program Files\\PPStream\\PPSKernel.exe (User \'?\')

O4 - HKUS\\S-1-5-21-861567501-492894223-725345543-1003\\..\\Run: [ctfmon.exe] C:\\WINDOWS\\system32\\ctfmon.exe (User \'?\')

O4 - HKUS\\S-1-5-21-861567501-492894223-725345543-1003\\..\\Run: [Google Update] \"C:\\Documents and Settings\\Admin\\Local Settings\\Application Data\\Google\\Update\\GoogleUpdate.exe\" /c (User \'?\')

O4 - HKUS\\S-1-5-21-861567501-492894223-725345543-1003\\..\\Run: [EPSON Stylus CX5500 Series] C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_FATICAP.EXE /FU \"C:\\WINDOWS\\TEMP\\E_SBB.tmp\" /EF \"HKCU\" (User \'?\')

O4 - HKUS\\S-1-5-18\\..\\Run: [PPS Accelerator] C:\\Program Files\\PPStream\\PPSKernel.exe (User \'?\')

O4 - HKUS\\.DEFAULT\\..\\Run: [PPS Accelerator] C:\\Program Files\\PPStream\\PPSKernel.exe (User \'Default user\')

O4 - S-1-5-18 Startup: PPS.lnk = C:\\Program Files\\PPStream\\PPStream.exe (User \'?\')

O4 - .DEFAULT Startup: PPS.lnk = C:\\Program Files\\PPStream\\PPStream.exe (User \'Default user\')


O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\\PROGRA~1\\MICROS~3\\Office12\\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe

O9 - Extra \'Tools\' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\\Program Files\\Messenger\\msmsgs.exe

O9 - Extra \'Tools\' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\\Program Files\\Messenger\\msmsgs.exe


O15 - ProtocolDefaults: \'@ivt\' protocol is in My Computer Zone, should be Intranet Zone (HKLM)

O15 - ProtocolDefaults: \'file\' protocol is in My Computer Zone, should be Internet Zone (HKLM)

O15 - ProtocolDefaults: \'ftp\' protocol is in My Computer Zone, should be Internet Zone (HKLM)

O15 - ProtocolDefaults: \'http\' protocol is in My Computer Zone, should be Internet Zone (HKLM)

O15 - ProtocolDefaults: \'https\' protocol is in My Computer Zone, should be Internet Zone (HKLM)


O16 - DPF: {EF0D1A14-1033-41A2-A589-240C01EDC078} (PPLive Lite Class) - http://dl.pplive.com/PluginSetup.cab\'>http://dl.pplive.com/PluginSetup.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\\PROGRA~1\\MICROS~3\\Office12\\GR99D3~1.DLL

O18 - Protocol: kuwo - {3050F3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\\WINDOWS\\system32\\mshtml.dll

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\\WINDOWS\\system32\\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\\WINDOWS\\system32\\browseui.dll

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\\WINDOWS\\system32\\Macromed\\Flash\\FlashPlayerUpdateService.exe

O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\\Documents and Settings\\All Users\\Application Data\\EPSON\\EPW!3 SSRP\\E_S40RP7.EXE

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\\Program Files\\Google\\Update\\GoogleUpdate.exe

O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\\Program Files\\Google\\Update\\GoogleUpdate.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\\Program Files\\Google\\Common\\Google Updater\\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\\Program Files\\Common Files\\InstallShield\\Driver\\1050\\Intel 32\\IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\\Program Files\\Java\\jre6\\bin\\jqs.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\\WINDOWS\\system32\\nvsvc32.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\\Program Files\\Analog Devices\\SoundMAX\\SMAgent.exe

O23 - Service: Steam Client Service - Valve Corporation - C:\\Program Files\\Common Files\\Steam\\SteamService.exe

 

--

End of file - 8744 bytes

 


3
Tech Clinic / can't remove homepage in IE & chrome
« on: September 10, 2013, 11:28:58 AM »
Dear guestolo,

 

there was sometimes me haven\'t chat with you.

 

Kindly need your expertise to solve my comp. problem.

 

Problem:

Can\'t remove the home page in the IE and Chrome.

~every time below link will shown to my homepage. Attached HIjackthis log file FYI.

Bro, your help will be deeply appreciated. Thanks.


 

 

 

 

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 12:23:47 AM, on 9/11/2013

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\\WINDOWS\\System32\\smss.exe

C:\\WINDOWS\\system32\\winlogon.exe

C:\\WINDOWS\\system32\\services.exe

C:\\WINDOWS\\system32\\lsass.exe

C:\\WINDOWS\\system32\\svchost.exe

C:\\WINDOWS\\System32\\svchost.exe

C:\\WINDOWS\\system32\\spoolsv.exe

C:\\Program Files\\AskPartnerNetwork\\Toolbar\\apnmcp.exe

C:\\Documents and Settings\\All Users\\Application Data\\BrowserDefender\\2.6.1562.220\\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\\BrowserDefender.exe

C:\\Program Files\\D-Link\\DWA-123\\ALPBCSVC.exe

C:\\Documents and Settings\\All Users\\Application Data\\BrowserDefender\\2.6.1562.220\\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\\BrowserDefender.exe

C:\\Program Files\\Common Files\\Microsoft Shared\\VS7DEBUG\\MDM.EXE

C:\\WINDOWS\\system32\\WgaTray.exe

C:\\WINDOWS\\Explorer.EXE

C:\\Program Files\\HTC\\Internet Pass-Through\\PassThruSvr.exe

C:\\Program Files\\iQIYI\\QiyiService.exe

C:\\WINDOWS\\system32\\svchost.exe

C:\\Program Files\\AskPartnerNetwork\\Toolbar\\Updater\\TBNotifier.exe

C:\\Program Files\\QvodPlayer\\QvodTerminal.exe

C:\\WINDOWS\\system32\\ctfmon.exe

C:\\Program Files\\PPStream\\PPSKernel.exe

C:\\WINDOWS\\system32\\rundll32.exe

C:\\WINDOWS\\System32\\svchost.exe

C:\\Documents and Settings\\Windows xp\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe

C:\\Documents and Settings\\Windows xp\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe

C:\\WINDOWS\\system32\\wscntfy.exe

C:\\Documents and Settings\\Windows xp\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe

C:\\Documents and Settings\\Windows xp\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe

C:\\Documents and Settings\\Windows xp\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe

C:\\Documents and Settings\\Windows xp\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe

C:\\WINDOWS\\system32\\msiexec.exe

C:\\Program Files\\Trend Micro\\HiJackThis\\HiJackThis.exe

 

O2 - BHO: CrossriderApp0034362 - {11111111-1111-1111-1111-110311431162} - C:\\Program Files\\HDvid Codec V1\\HDvid Codec V1-bho.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\\Program Files\\Spybot - Search & Destroy\\SDHelper.dll

O2 - BHO: QvodGameExtend - {94C3E4BB-A261-4A83-B437-EA6F7A28CA68} - C:\\Program Files\\Kuaiwan\\QvodGameExtend.dll

O2 - BHO: A4A90076-33D2-E65C-558E-75B41A2B8C68 Class - {A4A90076-33D2-E65C-558E-75B41A2B8C68} - C:\\Program Files\\addr\\{A4A90076-33D2-E65C-558E-75B41A2B8C68}\\AddressBar.dll

O2 - BHO: QvodExtend - {A8502600-B272-4F68-A67B-A0305D46D297} - C:\\Program Files\\QvodPlayer\\QvodExtend\\5.0.95.0\\QvodExtend.dll

O2 - BHO: delta Helper Object - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\\Program Files\\Delta\\delta\\1.8.24.6\\bh\\delta.dll

O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\\Program Files\\EPSON\\EPSON Web-To-Page\\EPSON Web-To-Page.dll

O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\\Program Files\\EPSON\\EPSON Web-To-Page\\EPSON Web-To-Page.dll

O3 - Toolbar: Delta Toolbar - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\\Program Files\\Delta\\delta\\1.8.24.6\\deltaTlbr.dll

O4 - HKLM\\..\\Run: [PHIME2002ASync] C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC

O4 - HKLM\\..\\Run: [PHIME2002A] C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName

O4 - HKLM\\..\\Run: [EPSON Stylus C45 Series] C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_S4I3T1.EXE /P23 \"EPSON Stylus C45 Series\" /O6 \"USB001\" /M \"Stylus C45\"

O4 - HKLM\\..\\Run: [QuickTime Task] \"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime

O4 - HKLM\\..\\Run: [Adobe ARM] \"C:\\Program Files\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\"

O4 - HKLM\\..\\Run: [MSConfig] C:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\MSConfig.exe /auto

O4 - HKCU\\..\\Run: [ctfmon.exe] C:\\WINDOWS\\system32\\ctfmon.exe

O4 - HKCU\\..\\Run: [NTRedirect] C:\\WINDOWS\\system32\\rundll32.exe \"C:\\Documents and Settings\\Windows xp\\Application Data\\BabSolution\\Shared\\enhancedNT.dll\",Run

O4 - HKUS\\S-1-5-19\\..\\Run: [PPS Accelerator] C:\\Program Files\\PPStream\\PPSKernel.exe (User \'LOCAL SERVICE\')

O4 - HKUS\\S-1-5-20\\..\\Run: [PPS Accelerator] C:\\Program Files\\PPStream\\PPSKernel.exe (User \'NETWORK SERVICE\')

O4 - HKUS\\S-1-5-18\\..\\Run: [PPS Accelerator] C:\\Program Files\\PPStream\\PPSKernel.exe (User \'SYSTEM\')

O4 - HKUS\\.DEFAULT\\..\\Run: [PPS Accelerator] C:\\Program Files\\PPStream\\PPSKernel.exe (User \'Default user\')


O8 - Extra context menu item: 使用快播按图找片 - C:\\Program Files\\QvodPlayer\\AddIn\\ImgSeed.htm

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\\PROGRA~1\\MICROS~2\\Office12\\ONBttnIE.dll

O9 - Extra \'Tools\' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\\PROGRA~1\\MICROS~2\\Office12\\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\\PROGRA~1\\MICROS~2\\Office12\\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe

O9 - Extra \'Tools\' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\\Program Files\\Messenger\\msmsgs.exe

O9 - Extra \'Tools\' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\\Program Files\\Messenger\\msmsgs.exe









O17 - HKLM\\System\\CCS\\Services\\Tcpip\\..\\{B44AD91F-9084-47ED-BFD0-4C5FEE5FCF25}: NameServer = 202.188.0.133,202.188.1.5

O17 - HKLM\\System\\CCS\\Services\\Tcpip\\..\\{DBF7827C-2DE6-48DD-BFC5-D8B619D1E10C}: NameServer = 202.188.0.133,202.188.1.5

O18 - Protocol: kuwo - {3050F3DA-98B5-11CF-BB82-00AA00BDCE0C} - (no file)

O20 - AppInit_DLLs: c:\\docume~1\\alluse~1\\applic~1\\browse~1\\261562~1.220\\{c16c1~1\\browse~1.dll 

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\\WINDOWS\\system32\\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\\WINDOWS\\system32\\browseui.dll

O23 - Service: Ask Update Service (APNMCP) - APN LLC. - C:\\Program Files\\AskPartnerNetwork\\Toolbar\\apnmcp.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\\WINDOWS\\system32\\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\\WINDOWS\\system32\\ati2sgag.exe

O23 - Service: BrowserDefendert - Unknown owner - C:\\Documents and Settings\\All Users\\Application Data\\BrowserDefender\\2.6.1562.220\\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\\BrowserDefender.exe

O23 - Service: D-Link DWA-123_PBC_WPS Service (D-Link DWA-123_PBC_WPS) - Unknown owner - C:\\Program Files\\D-Link\\DWA-123\\ALPBCSVC.exe

O23 - Service: MSCSPTISRV - Sony Corporation - C:\\Program Files\\Common Files\\Sony Shared\\AVLib\\MSCSPTISRV.exe

O23 - Service: PACSPTISVR - Sony Corporation - C:\\Program Files\\Common Files\\Sony Shared\\AVLib\\PACSPTISVR.exe

O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\\Program Files\\HTC\\Internet Pass-Through\\PassThruSvr.exe

O23 - Service: IQIYI Video Platform Service (QiyiService) - BEIJING QIYI CENTURY SCIENCE&TECHNOLOGY CO.,LTD. - C:\\Program Files\\iQIYI\\QiyiService.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\\Program Files\\Common Files\\Symantec Shared\\SNDSrvc.exe

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\\Program Files\\Common Files\\Sony Shared\\AVLib\\SPTISRV.exe

O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\\Program Files\\Common Files\\Sony Shared\\AVLib\\SSScsiSV.exe

O23 - Service: Steam Client Service - Valve Corporation - C:\\Program Files\\Common Files\\Steam\\SteamService.exe

 

--

End of file - 8377 bytes

 


4
Tech Clinic / help..... is it any spyware in my comp
« on: February 02, 2008, 06:07:12 AM »
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:10:34 PM, on 2/2/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAP.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\conime.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: Thunder AtOnce - {01443AEC-0FD1-40fd-9C87-E93D1494C233} - C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: ThunderBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Encarta Web Companion Helper Object - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Encarta Web Companion - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools] "D:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [EPSON Stylus CX5500 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAP.EXE /FU "C:\WINDOWS\TEMP\E_S108.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: 使用迅雷下载 - C:\Program Files\Thunder Network\Thunder\Program\geturl.htm
O8 - Extra context menu item: 使用迅雷下载全部链接 - C:\Program Files\Thunder Network\Thunder\Program\getallurl.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: ???ˉ??à×5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - C:\Program Files\Thunder Network\Thunder\Thunder.exe
O9 - Extra 'Tools' menuitem: ???ˉ??à×5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - C:\Program Files\Thunder Network\Thunder\Thunder.exe
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {070CA17A-4BD2-4612-83B4-32B1B9159B47} - http://uc.sina.com.cn/download/live/weblive2.4.0.0.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-MY/a-UNO1/GAME_UNO1.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 6805 bytes

5
Tech Clinic / trojan problem
« on: September 27, 2007, 06:05:24 AM »
i get Spyware.Cyberlog-x
how 2 remove it?


Logfile of HijackThis v1.99.1
Scan saved at 6:53:00 PM, on 9/27/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Online Video Add-on\icthis.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Online Video Add-on\icmntr.exe
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

O2 - BHO: Thunder AtOnce - {01443AEC-0FD1-40fd-9C87-E93D1494C233} - D:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll
O2 - BHO: ThunderBHO - {06849E9E-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ZoneAlarm Client] "D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &使用BitComet下载 - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &使用BitComet下载全部链接 - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &使用BitComet下载本页视频 - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: 使用迅雷下载 - D:\Program Files\Thunder Network\Thunder\Program\geturl.htm
O8 - Extra context menu item: 使用迅雷下载全部链接 - D:\Program Files\Thunder Network\Thunder\Program\getallurl.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: ????ï¿¥??¨¤?á5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - D:\Program Files\Thunder Network\Thunder\Thunder.exe
O9 - Extra 'Tools' menuitem: ????ï¿¥??¨¤?á5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - D:\Program Files\Thunder Network\Thunder\Thunder.exe
O9 - Extra button: ×ê?′???÷ - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-AU/a-UNO1/GAME_UNO1.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0AD220CA-3AC3-4F26-9EDE-A7F5DF3486CA}: NameServer = 202.188.0.133,202.188.1.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{305264CE-31E7-4124-9F21-EF563D1B239D}: NameServer = 202.188.0.133 202.188.1.5
O17 - HKLM\System\CS1\Services\Tcpip\..\{0AD220CA-3AC3-4F26-9EDE-A7F5DF3486CA}: NameServer = 202.188.0.133,202.188.1.5
O17 - HKLM\System\CS2\Services\Tcpip\..\{0AD220CA-3AC3-4F26-9EDE-A7F5DF3486CA}: NameServer = 202.188.0.133,202.188.1.5
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

6
Tech Clinic / trojan problem
« on: October 28, 2006, 10:28:53 AM »
Logfile of HijackThis v1.99.1
Scan saved at 11:26:51 PM, on 10/28/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\Kg\command.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Network Monitor\netmon.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\UAService7.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\System32\WISPTIS.EXE
C:\WINDOWS\System32\svchosts.exe
C:\Documents and Settings\admin\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://soccernet.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: &VSToolBar - {821F87FF-8245-4972-9E28-732E92EC2F51} - C:\Program Files\VSToolbar\VSToolBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KAVPersonal50] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe /minimize
O4 - HKLM\..\Run: [SVC Hosts] svchosts.exe
O4 - HKLM\..\RunServices: [SVC Hosts] svchosts.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [SVC Hosts] svchosts.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by122fd.bay122.Email Removed.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1143655911453
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1143655827765
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/.../ymmapi_416.dll
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9DD342EF-B430-47D4-A63F-828B3E350433}: NameServer = 85.255.116.157 85.255.112.166
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: textwareilluminatorbase - {CE5CD329-1650-414A-8DB0-4CBF72FAED87} - C:\WINDOWS\System32\textwareilluminatorbaseProtocol.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\Kg\command.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Remote Plugin Service - Unknown owner - C:\WINDOWS\system32\lsyss.exe (file missing)
O23 - Service: SmartLinkService (SLService) -   - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Windows User Mode Driver Framework (UMWdf) - Unknown owner - C:\WINDOWS\System32\wdfmgr.exe (file missing)
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\System32\UAService7.exe
O23 - Service: Windows Task Manager - Unknown owner - C:\WINDOWS\system32\vcmon.exe (file missing)

7
Tech Clinic / WORM_SPYBOT.IJ-Hijackthis Log
« on: August 11, 2006, 10:30:06 PM »
Unable to clean or quarantine the infected file.
Incident name: C:\WINDOWS\WDFMGR.EXE
WORM_SPYBOT.IJ
Here is the hijack log if someone can help, much appreciated!

Logfile of HijackThis v1.99.1
Scan saved at 11:25:07 AM, on 8/12/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\System32\UAService7.exe
C:\WINDOWS\wdfmgr.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\admin\Desktop\HijackThis.exe
C:\Program Files\Winamp\winamp.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TSC.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://soccernet.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://seek.yisou.com/srchasst.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://seek.yisou.com/srchcust.htm
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL (file missing)
O2 - BHO: ThunderIEHelper - {0005A87D-D626-4B3A-84F9-1D9571695F55} - C:\WINDOWS\System32\xunleibho_v14.dll
O2 - BHO: (no name) - {00A6FAF1-072E-44cf-8957-5838F569A31D} - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Trend Micro Antifraud Toolbar - {06647158-359E-4D10-A8DE-E6145DA90BE9} - C:\PROGRA~1\TRENDM~1\INTERN~1\PccIeBar.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll (file missing)
O2 - BHO: Anti Fish - {38928D50-8A48-44C2-945F-D2F23F771410} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yangling.dll (file missing)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: (no name) - {BDA0287E-D2AA-506B-981D-59542F61EAA2} - C:\DOCUME~1\admin\APPLIC~1\ISOPEA~1\Delete sixth.exe (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
O3 - Toolbar: Trend Micro Antifraud Toolbar - {871F91FD-3A92-4988-A842-16AB2CFF5AF1} - C:\PROGRA~1\TRENDM~1\INTERN~1\PccIeBar.dll
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [MON76234] SetupExeDll.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: &ʹÓÃƨƨ¹·[PPGou]¼ÓËÙÏÂÔØ - C:\PROGRA~1\PPGou\geturl.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {01FE8D0A-51AD-459B-B62B-85E135128B32} - http://www.drivershq.com/DD_v4.CAB
O16 - DPF: {072039AB-2117-4ED5-A85F-9B9EB903E021} (NowStarter Control) - http://www.clubbox.co.kr/neo.fld/NowStarter.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwe...up1.0.0.8-2.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/LSSupCtl.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/1774caa6a0c86a...ip/RdxIE601.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1143655911453
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1143655827765
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/.../ymmapi_416.dll
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/SymAData.cab
O16 - DPF: {F5820AD3-9B20-423E-B2AA-7AF2B4055746} (CRegistryDownload Class) - http://download.paltalk.com/download/0.x/regdload.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9DD342EF-B430-47D4-A63F-828B3E350433}: NameServer = 85.255.116.157
O17 - HKLM\System\CCS\Services\Tcpip\..\{FE380C20-9295-44BF-BF07-1267E07B7A4C}: NameServer = 85.255.116.157
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.116.157 85.255.112.166
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.116.157 85.255.112.166
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.157 85.255.112.166
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: textwareilluminatorbase - {CE5CD329-1650-414A-8DB0-4CBF72FAED87} - C:\WINDOWS\System32\textwareilluminatorbaseProtocol.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: aol software (Aol Software) - Unknown owner - C:\WINDOWS\smss.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: SmartLinkService (SLService) -   - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\System32\UAService7.exe
O23 - Service: Microsoft Windows Spool Service (Windows Spool Service) - Unknown owner - C:\WINDOWS\wdfmgr.exe

Pages: [1]