Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Antivirus and Tv program problems

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Antivirus and Tv program problems

Unread postby luckwealth » January 13th, 2008, 10:15 pm

Here're the 2 required logs please :-

===========================================================
===========================================================

ComboFix 08-01-13.1 - -mildy- 2008-01-14 9:39:50.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.950.1.1028.18.567 [GMT 8:00]
執行位置?: C:\Tools\System\ComboFix.exe
Command switches used :: C:\Tools\System\CFScript.txt
* 已建立新的還原點

FILE
C:\79F.tmp
C:\WINDOWS\system32\drivers\hldrrr.exe
.

(((((((((((((((((((((((((((((((((((((( 其他遭刪除的檔案 ))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\79F.tmp
C:\Documents and Settings\-mildy-\Application Data\iWin
C:\Documents and Settings\-mildy-\Application Data\iWin\Shopmania\Fashion.uhst
C:\Documents and Settings\-mildy-\Application Data\iWin\Shopmania\Garden.uhst
C:\Documents and Settings\-mildy-\Application Data\iWin\Shopmania\Housewares.uhst
C:\Documents and Settings\-mildy-\Application Data\iWin\Shopmania\Luxury.uhst
C:\Documents and Settings\-mildy-\Application Data\iWin\Shopmania\Toys.uhst
C:\Documents and Settings\-mildy-\Application Data\iWin\Shopmania\USR1753.tmp\AccountInformation.uad
C:\Documents and Settings\-mildy-\Application Data\iWin\Shopmania\USR1753.tmp\BASSSoundManager.uad
C:\Documents and Settings\-mildy-\Application Data\iWin\Shopmania\USR1753.tmp\CursorData.uad
C:\Documents and Settings\-mildy-\Application Data\iWin\Shopmania\USR1753.tmp\LevelData.uad
C:\Documents and Settings\-mildy-\Application Data\iWin\Shopmania\USR1753.tmp\Orbital_Window.uad
C:\Documents and Settings\-mildy-\Application Data\iWin\Shopmania\USR1753.tmp\TutorialEventStatus.uad

.
(((((((((((((((((((((((((((( 2007-12-14 - 2008-01-14 之間建立的檔案 )))))))))))))))))))))))))))))))))
.

2008-01-14 01:31 . 2008-01-14 08:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-13 18:08 . 2007-12-04 20:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2008-01-13 18:08 . 2007-12-04 22:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2008-01-13 18:08 . 2007-12-04 22:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2008-01-13 18:08 . 2007-12-04 22:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2008-01-13 18:08 . 2007-12-04 22:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2008-01-13 18:08 . 2007-12-04 22:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2008-01-13 18:07 . 2008-01-13 21:28 <DIR> d-------- C:\Program Files\AvastPro4.7
2008-01-13 18:07 . 2007-12-04 21:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
2008-01-13 14:32 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-12 19:56 . 2004-08-12 12:00 11,776 --a------ C:\WINDOWS\system32\dllcache\chkdsk.exe
2008-01-12 19:56 . 2004-08-12 12:00 11,776 --a------ C:\WINDOWS\system32\chkdsk.exe
2008-01-11 20:14 . 2007-08-01 22:47 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-01-11 12:11 . 2008-01-11 12:11 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-01-11 12:11 . 2008-01-11 12:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-01-11 10:41 . 2008-01-11 10:50 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-01-11 10:41 . 2005-08-25 18:18 118,784 --a------ C:\WINDOWS\system32\MSSTDFMT.DLL
2008-01-11 10:36 . 2008-01-14 01:32 <DIR> d-------- C:\Program Files\SpywareGuard
2008-01-11 10:15 . 2008-01-11 10:15 23,600 --a------ C:\WINDOWS\system32\drivers\TVICHW32.SYS
2008-01-05 22:28 . 2008-01-05 22:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Gogii
2008-01-05 18:36 . 2006-09-24 16:11 389,120 --a------ C:\WINDOWS\system32\lameACM.acm
2008-01-05 18:36 . 2007-10-03 16:03 414 --a------ C:\WINDOWS\system32\lame_acm.xml
2008-01-05 18:35 . 2008-01-05 21:44 <DIR> d-------- C:\Program Files\K-Lite Codec Pack
2008-01-05 18:35 . 2007-12-24 13:49 7,680 --a------ C:\WINDOWS\system32\ff_vfw.dll
2008-01-05 18:35 . 2007-07-10 17:10 547 --a------ C:\WINDOWS\system32\ff_vfw.dll.manifest
2008-01-05 18:03 . 2008-01-05 18:03 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-05 18:03 . 2008-01-05 18:03 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-05 17:57 . 2008-01-05 17:57 <DIR> d-------- C:\Program Files\Real Alternative
2008-01-05 17:54 . 2008-01-05 17:54 <DIR> d-------- C:\Program Files\RealMedia
2008-01-04 21:01 . 2007-06-08 09:44 8,576 --a------ C:\WINDOWS\system32\drivers\ltkiuluurife.sys
2008-01-04 18:14 . 2007-06-05 10:56 44,928 --a------ C:\WINDOWS\system32\drivers\SDTHOOK.SYS
2008-01-04 18:09 . 2007-06-08 09:44 8,576 --a------ C:\WINDOWS\system32\drivers\kpnffmdfnmti.sys
2008-01-04 16:59 . 2008-01-13 21:15 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2008-01-04 16:59 . 2008-01-11 16:30 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2008-01-04 16:59 . 2008-01-11 16:31 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2008-01-04 16:59 . 2008-01-11 16:31 1,406 --a------ C:\WINDOWS\system32\Help.ico
2008-01-04 14:36 . 2008-01-05 20:39 <DIR> d-------- C:\Documents and Settings\-mildy-\.housecall6.6
2008-01-04 02:46 . 2008-01-09 21:06 <DIR> d-------- C:\Program Files\Babysitting Mania
2008-01-04 01:07 . 2008-01-13 22:18 <DIR> d-------- C:\Program Files\a-squared Free
2008-01-04 01:02 . 2008-01-11 23:47 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2008-01-03 23:27 . 2008-01-05 22:10 <DIR> d-------- C:\Program Files\Ad-Aware 2007
2008-01-03 23:27 . 2008-01-03 23:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-03 23:25 . 2008-01-03 23:25 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-03 22:36 . 2008-01-11 09:19 <DIR> d-------- C:\Program Files\MalwareScanner-HiJackThis
2008-01-03 02:06 . 2004-01-09 17:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2008-01-03 01:18 . 2008-01-04 20:59 <DIR> d-------- C:\Program Files\Trojan Killer
2008-01-01 18:51 . 2003-03-19 04:20 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2008-01-01 13:16 . 2008-01-06 01:54 <DIR> d-------- C:\WINDOWS\system32\drivers\down
2007-12-31 15:45 . 2008-01-02 12:54 <DIR> d-------- C:\Program Files\Farm Frenzy
2007-12-31 15:28 . 2007-12-31 15:42 <DIR> d-------- C:\Program Files\Neighbours from Hell
2007-12-30 17:00 . 2007-12-30 17:00 <DIR> d-------- C:\Program Files\Nuclear Coffee
2007-12-30 16:31 . 2007-12-30 22:58 <DIR> d-------- C:\Program Files\Brainsbreaker 4.9.105
2007-12-30 16:18 . 2007-12-30 16:29 <DIR> d-------- C:\Program Files\Playtonium Jigsaw Patterns in Nature
2007-12-30 13:27 . 2008-01-05 17:06 <DIR> d-------- C:\Program Files\Total Video Converter
2007-12-30 13:27 . 2000-05-22 22:58 608,448 --a------ C:\WINDOWS\system32\comctl32.ocx
2007-12-27 13:25 . 2007-12-27 17:30 <DIR> d-------- C:\Program Files\Jigsaws
2007-12-27 11:39 . 2007-12-28 11:02 <DIR> d-------- C:\Program Files\BrainsBreaker
2007-12-26 15:09 . 2008-01-05 18:32 <DIR> d-------- C:\Program Files\OpenSource Flash Video Splitter
2007-12-24 14:20 . 2007-12-24 14:21 <DIR> d-------- C:\Program Files\Wedding Dash
2007-12-23 20:49 . 2007-12-23 21:14 <DIR> d-------- C:\Program Files\Pastime Puzzles
2007-12-23 17:53 . 2007-12-23 18:00 <DIR> d-------- C:\Program Files\Mystery Of Shark Island
2007-12-23 14:00 . 2007-12-23 14:01 <DIR> d-------- C:\Program Files\Lucy Q Deluxe
2007-12-23 11:39 . 2007-12-27 11:33 <DIR> d-------- C:\Program Files\Jigsaw365
2007-12-21 17:04 . 2008-01-09 20:13 <DIR> d-------- C:\Program Files\Pocket JigMake
2007-12-21 16:37 . 2007-12-21 16:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-12-21 16:37 . 2007-12-11 10:57 65,536 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2007-12-21 16:37 . 2007-12-11 10:57 49,152 --a------ C:\WINDOWS\system32\QuickTime.qts
2007-12-21 16:36 . 2007-12-21 16:45 <DIR> d-------- C:\Program Files\QuickTime Alternative
2007-12-20 14:35 . 2007-12-20 14:35 <DIR> d-------- C:\Documents and Settings\-mildy-\Application Data\ViquaSoft
2007-12-19 20:01 . 2007-12-19 20:02 <DIR> d-------- C:\Program Files\Diner Dash Flo On The Go
2007-12-19 20:00 . 2007-12-23 22:52 <DIR> d-------- C:\Program Files\Diner Dash Hometown Hero
2007-12-19 19:47 . 2007-12-20 15:12 <DIR> d-------- C:\Program Files\Delivery King
2007-12-18 22:40 . 2007-12-18 22:40 <DIR> d-------- C:\Documents and Settings\-mildy-\Application Data\My Games
2007-12-18 15:32 . 2007-12-18 15:32 4,096 --a------ C:\WINDOWS\d3dx.dat
2007-12-18 15:15 . 2007-12-18 15:31 535 --a------ C:\WINDOWS\wwwconfig.dat
2007-12-18 01:27 . 2007-12-18 15:32 <DIR> d-------- C:\Program Files\Flower Shop Big City Break
2007-12-18 01:26 . 2007-12-18 15:06 <DIR> d-------- C:\Program Files\Posh Shop
2007-12-18 01:25 . 2007-12-20 21:00 <DIR> d-------- C:\Program Files\Pizza Frenzy
2007-12-18 01:25 . 2007-12-20 22:57 <DIR> d-------- C:\Program Files\Daycare Nightmare
2007-12-18 01:24 . 2007-12-18 15:09 <DIR> d-------- C:\Program Files\Cathys Caribbean Club
2007-12-18 01:23 . 2007-12-21 23:22 <DIR> d-------- C:\Program Files\Believe In Santa
2007-12-18 01:20 . 2007-12-18 15:12 <DIR> d-------- C:\Program Files\Baby Luv
2007-12-18 01:19 . 2007-12-18 15:13 <DIR> d-------- C:\Program Files\Big Island Blends
2007-12-18 01:18 . 2007-12-25 01:29 <DIR> d-------- C:\Program Files\Fab Fashion
2007-12-18 01:15 . 2007-12-27 11:34 <DIR> d-------- C:\Program Files\Teddy Factory
2007-12-18 00:56 . 2007-12-18 15:15 <DIR> d-------- C:\Program Files\Wild West Wendy
2007-12-18 00:51 . 2007-12-18 01:09 <DIR> d-------- C:\Program Files\Mystic Inn
2007-12-18 00:50 . 2007-12-18 01:09 <DIR> d-------- C:\Program Files\Santas Super Friends
2007-12-18 00:48 . 2007-12-18 01:11 <DIR> d-------- C:\Program Files\Birdies
2007-12-18 00:45 . 2007-12-18 01:12 <DIR> d-------- C:\Program Files\Home Sweet Home
2007-12-18 00:41 . 2007-12-18 01:12 <DIR> d-------- C:\Program Files\Happy Hour
2007-12-17 23:31 . 2007-12-21 21:21 <DIR> d-------- C:\Program Files\Sallys Salon
2007-12-17 23:12 . 2007-12-18 01:13 <DIR> d-------- C:\Program Files\Delicious 2 Deluxe
2007-12-17 23:10 . 2007-12-20 21:03 <DIR> d-------- C:\Program Files\Sushi Frenzy
2007-12-17 01:53 . 2007-12-20 19:53 <DIR> d-------- C:\Program Files\Nanny Mania
2007-12-17 01:42 . 2007-12-17 01:42 <DIR> d-------- C:\Documents and Settings\-mildy-\Application Data\Jane s Hotel
2007-12-17 01:37 . 2007-12-17 01:41 <DIR> d-------- C:\Program Files\Janes Hotel
2007-12-16 20:48 . 2007-12-16 20:48 <DIR> d-------- C:\Documents and Settings\-mildy-\Application Data\Sandlot Games
2007-12-16 20:39 . 2007-12-16 20:39 <DIR> d-------- C:\WINDOWS\Burger Shop
2007-12-16 20:39 . 2007-12-16 20:44 <DIR> d-------- C:\Program Files\Burger Shop

.
(((((((((((((((((((((((((((((((((((( 近三個月內更動的檔案 )))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-14 01:37 5,505,024 ---ha-w C:\Documents and Settings\-mildy-\NTUSER.DAT
2008-01-14 01:36 --------- d-----w C:\Documents and Settings\-mildy-\Application Data\Ditto
2008-01-14 00:57 --------- d-----w C:\Program Files\NJStar Communicator
2008-01-14 00:29 --------- d-----w C:\Program Files\BitComet
2008-01-14 00:20 --------- d-----w C:\Documents and Settings\-mildy-\Application Data\ClickOff
2008-01-13 11:50 --------- d-----w C:\Program Files\Common Files\Sandlot Shared
2008-01-12 16:00 --------- d-----w C:\Program Files\Replay AV 8
2008-01-11 12:18 --------- d-----w C:\Program Files\Crazy Browser
2008-01-08 17:00 --------- d-----w C:\Program Files\Flary Address
2008-01-08 10:27 --------- d-----w C:\Program Files\eMule
2008-01-05 14:48 --------- d-----w C:\Program Files\Winsplit Revolution 1.8 (1.9NonProperlyWorkable)
2008-01-05 14:48 --------- d-----w C:\Program Files\Volumouse
2008-01-05 14:47 --------- d-----w C:\Program Files\UberIcon
2008-01-05 14:46 --------- d-----w C:\Program Files\TaskSwitchXP
2008-01-05 14:46 --------- d-----w C:\Program Files\StrokeIt
2008-01-05 14:41 --------- d-----w C:\Program Files\Point-N-Click
2008-01-05 14:25 --------- d-----w C:\Program Files\Free Internet Window Washer
2008-01-05 14:23 --------- d-----w C:\Program Files\FileNote
2008-01-05 14:21 --------- d-----w C:\Program Files\EasyZip
2008-01-05 14:16 --------- d-----w C:\Program Files\CursorXP
2008-01-05 14:16 --------- d-----w C:\Program Files\CopyURL
2008-01-05 14:16 --------- d-----w C:\Program Files\Common Files\Stardock
2008-01-05 14:15 --------- d-----w C:\Program Files\ClickOff
2008-01-05 14:15 --------- d-----w C:\Program Files\Click-N-Type
2008-01-05 14:15 --------- d-----w C:\Program Files\Brightness&ColorSwapper-gapa
2008-01-05 12:31 --------- d-----w C:\Program Files\Renamer
2008-01-03 18:10 --------- d-----w C:\Program Files\Taskbar Shuffle
2008-01-02 13:21 20 ----a-w C:\sccfg.sys
2008-01-01 13:19 --------- d-----w C:\Documents and Settings\-mildy-\Application Data\MegauploadToolbar
2008-01-01 12:28 --------- d-s---w C:\Documents and Settings\-mildy-\Application Data\Microsoft
2007-12-31 12:16 --------- d-----w C:\Program Files\Microsoft ActiveSync
2007-12-24 06:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\PlayFirst
2007-12-24 06:21 --------- d-----w C:\Documents and Settings\-mildy-\Application Data\PlayFirst
2007-12-21 18:22 --------- d-----w C:\Program Files\ICE Book Reader Professional Retail 76
2007-12-21 04:52 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-20 08:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\mvcache
2007-12-20 06:35 --------- d-----w C:\Documents and Settings\-mildy-\Application Data\ViquaSoft
2007-12-19 15:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\thunder_dctemp
2007-12-18 14:40 --------- d-----w C:\Documents and Settings\-mildy-\Application Data\My Games
2007-12-16 17:42 --------- d-----w C:\Documents and Settings\-mildy-\Application Data\Jane s Hotel
2007-12-16 12:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sandlot Games
2007-12-16 12:48 --------- d-----w C:\Documents and Settings\-mildy-\Application Data\Sandlot Games
2007-12-15 11:13 --------- d-----w C:\Program Files\Paradise Pet Salon
2007-12-13 09:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\thunder_vod_cache
2007-12-13 09:33 --------- d-----w C:\Program Files\Thunder Network
2007-12-13 09:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\Thunder Network
2007-12-13 06:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Legacy Interactive
2007-12-13 06:16 --------- d-----w C:\Program Files\The Apprentice Los Angeles
2007-12-12 10:23 53,248 ----a-w C:\WINDOWS\system32\suppdll.dll
2007-12-09 20:58 --------- d-----w C:\Program Files\Fashion Fits
2007-12-09 09:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\Fugazo
2007-12-08 14:59 --------- d-----w C:\Documents and Settings\-mildy-\Application Data\Macromedia
2007-12-08 09:19 --------- d-----w C:\Program Files\Cake Mania Back to the Bakery
2007-12-07 10:17 --------- d-----w C:\Program Files\Cake Mania 2
2007-12-06 07:36 --------- d-----w C:\Program Files\mp3DirectCut
2007-12-05 14:57 --------- d-----w C:\Program Files\Any Media to MP3 Converter
2007-12-05 14:34 --------- d-----w C:\Program Files\Shuangs Audio Editor
2007-12-05 11:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\River Past G5
2007-12-05 11:24 --------- d-----w C:\Documents and Settings\-mildy-\Application Data\River Past G5
2007-12-05 08:13 --------- d-----w C:\Program Files\Common Files\DVDVideoSoft
2007-12-05 08:12 --------- d-----w C:\Program Files\DVDVideoSoft
2007-12-05 06:12 --------- d-----w C:\Program Files\AimOne_AlltoMP3
2007-12-05 06:10 1,307,468 ----a-w C:\WINDOWS\system32\tmp~1.exe
2007-12-04 15:27 --------- d-----w C:\Program Files\GameHouse
2007-12-04 12:15 --------- d-----w C:\Documents and Settings\-mildy-\Application Data\Big Fish Games
2007-12-04 12:10 --------- d-----w C:\Program Files\Azada
2007-12-04 09:48 --------- d-----w C:\Documents and Settings\-mildy-\Application Data\GameHouse
2007-12-04 08:44 --------- d-----w C:\Program Files\Abra Academy
2007-12-03 18:33 682,496 ----a-w C:\WINDOWS\system32\divx.dll
2007-12-03 11:06 --------- d-----w C:\Program Files\Tudou
2007-12-01 06:39 10,884,472 ----a-w C:\WINDOWS\system32\SpoonUninstall.exe
2007-11-29 17:47 --------- d-----w C:\Documents and Settings\-mildy-\Application Data\PhraseExpress
2007-11-29 17:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\PhraseExpress
2007-11-29 15:30 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2007-11-29 15:28 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2007-11-26 15:02 --------- d-----w C:\Documents and Settings\-mildy-\Application Data\Scan2PDF
2007-11-26 13:51 --------- d-----w C:\Program Files\Scan2PDF
2007-11-25 14:04 --------- d-----w C:\Program Files\SimpleOCR
2007-11-25 12:25 --------- d-----w C:\Program Files\ScannerU
2007-11-24 10:44 --------- d-----w C:\Program Files\InfoTag Magic 1.0
2007-11-21 05:29 --------- d-----w C:\Program Files\Paint.NET
2007-11-20 01:05 --------- d-----w C:\Program Files\Tracker Software
2007-11-14 07:27 450,560 ------w C:\WINDOWS\system32\dllcache\jscript.dll
2007-11-07 09:26 699,904 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-11-07 09:26 699,904 ------w C:\WINDOWS\system32\dllcache\lsasrv.dll
2007-11-07 06:46 533 ----a-w C:\Program Files\Softwares'.lnk
2007-10-30 17:20 360,064 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys
2007-10-30 09:56 3,086,848 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-10-29 22:42 1,269,248 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-29 22:42 1,269,248 ------w C:\WINDOWS\system32\dllcache\quartz.dll
2007-10-25 16:42 8,320,512 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
2007-10-25 02:26 53,248 ----a-w C:\WINDOWS\bdoscandel.exe
2005-10-20 09:17 28,672 ----a-w C:\Program Files\CloseAll.exe
2005-07-14 18:31 27,648 --sha-w C:\WINDOWS\system32\AVSredirect.dll
2005-06-26 21:32 616,448 --sha-r C:\WINDOWS\system32\cygwin1.dll
2005-06-22 04:37 45,568 --sha-r C:\WINDOWS\system32\cygz.dll
.

((((((((((((((((((((((((((((( snapshot@2008-01-13_15.21.48.79 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-10-30 16:53:32 360,832 ----a-w C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
+ 2007-03-06 03:45:38 12,000 ----a-w C:\WINDOWS\$hf_mig$\KB941644\spmsg.dll
+ 2007-03-06 03:45:43 207,072 ----a-w C:\WINDOWS\$hf_mig$\KB941644\spuninst.exe
+ 2007-03-06 03:45:37 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB941644\update\spcustom.dll
+ 2007-03-06 03:46:01 690,912 ----a-w C:\WINDOWS\$hf_mig$\KB941644\update\update.exe
+ 2007-03-06 03:46:53 328,928 ----a-w C:\WINDOWS\$hf_mig$\KB941644\update\updspapi.dll
+ 2007-11-07 09:49:28 705,024 ----a-w C:\WINDOWS\$hf_mig$\KB943485\SP2QFE\lsasrv.dll
+ 2007-03-06 03:45:38 12,000 ----a-w C:\WINDOWS\$hf_mig$\KB943485\spmsg.dll
+ 2007-03-06 03:45:43 207,072 ----a-w C:\WINDOWS\$hf_mig$\KB943485\spuninst.exe
+ 2007-03-06 03:45:37 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB943485\update\spcustom.dll
+ 2007-03-06 03:46:01 690,912 ----a-w C:\WINDOWS\$hf_mig$\KB943485\update\update.exe
+ 2007-03-06 03:46:53 328,928 ----a-w C:\WINDOWS\$hf_mig$\KB943485\update\updspapi.dll
- 2008-01-13 06:37:47 229,376 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
+ 2008-01-14 01:39:15 229,376 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
- 2008-01-13 06:37:47 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
+ 2008-01-14 01:39:15 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
- 2008-01-13 06:37:47 229,376 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
+ 2008-01-14 01:39:15 229,376 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
- 2008-01-13 06:37:47 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
+ 2008-01-14 01:39:15 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
- 2008-01-13 06:37:47 5,283,840 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
+ 2008-01-14 01:39:15 5,308,416 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
- 2008-01-13 06:37:47 16,384 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
+ 2008-01-14 01:39:15 16,384 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
- 2007-10-01 06:30:12 359,808 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
+ 2007-10-30 17:20:55 360,064 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
+ 2008-01-14 00:34:17 16,384 ----atw C:\WINDOWS\TEMP\Perflib_Perfdata_41c.dat
+ 2008-01-14 00:31:45 16,384 ----atw C:\WINDOWS\TEMP\Perflib_Perfdata_4c8.dat
.
(((((((((((((((((((((((((((((((((((((((((( 重要登錄檔 )))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*注意* 空白或合法的登錄值將不會顯示

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UberIcon"="C:\Program Files\UberIcon\UberIcon Manager.exe" [2006-07-17 23:16 122880]
"Kana Reminder"="C:\Tools\Tools\Reminder.exe" [2005-11-29 08:09 1185280]
"Sensiva"="C:\Program Files\Sensiva" [ ]
"Winsplit"="C:\Program Files\Winsplit Revolution 1.8 (1.9NonProperlyWorkable)\WinSplit.exe" [2007-10-10 00:29 2627072]
"TaskSwitchXP"="C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe" [2006-08-05 06:29 62976]
"Taskbar Shuffle"="C:\Program Files\Taskbar Shuffle\taskbarshuffle.exe" [ ]
"NetXfer"="C:\Program Files\Xi\NetXfer\NetTransport.exe" [2007-10-08 15:09 1392640]
"Mmm"="C:\Program Files\HACE\Mmm\MmmTray.exe" [2007-06-01 00:01 15872]
"Free Internet Window Washer"="C:\PROGRA~1\FREEIN~1\Clearpch.exe" [2006-12-15 21:29 1498624]
"Ditto"="C:\Tools\Processor\Ditto\Ditto.exe" [2006-08-04 12:20 618496]
"CursorXP"="C:\Program Files\CursorXP\CursorXP.exe" [2005-01-19 16:44 140288]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-12 20:00 15360]
"BitComet"="C:\Program Files\BitComet\BitComet.exe" [2007-09-10 20:33 6338360]
"Ashampoo PopUpBlocker"="C:\PROGRA~1\Ashampoo\ASHAMP~1\PopUpKiller.exe" [2004-02-03 13:13 1216000]
"$Volumouse$"="C:\Program Files\Volumouse\volumouse.exe" [2006-05-27 11:49 26112]
"TrojanKiller"="C:\Program Files\Trojan Killer\TrojanKiller.exe" [2007-12-22 16:58 1366016]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46 1460560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [2006-09-08 01:19 15872]
"RAM Idle Professional"="C:\Tools\System\RAM Idle Professional 3.4\RAM_XP.exe" [ ]
"PCMService"="c:\Apps\Powercinema\PCMService.exe" [2005-05-11 13:48 127118]
"NuonSoft ShellEnhancer StartupHelper"="C:\Program Files\NuonSoft\ShellEnhancer\StartupHelper.exe" [2006-12-16 11:46 65536]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [ ]
"Aqua"="C:\Program Files\Deskperience\Aqua\wText.exe" [2005-05-06 19:33 1011712]
"Ad-Watch"="C:\Program Files\Ad-Aware 2007\Ad-Watch2007.exe" [2007-11-07 15:49 4579328]
"avast!"="C:\PROGRA~1\AVASTP~1.7\ashDisp.exe" [2007-12-04 21:00 79224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"WIAWizardMenu"="C:\WINDOWS\system32\sti_ci.dll" [2004-08-12 20:00 133632]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-12 20:00 15360]

C:\Documents and Settings\-mildy-\「開始」功能表\程式集\啟動\
a-squared Free.lnk - C:\Program Files\a-squared Free\a2free.exe [2008-01-04 01:07:57]
ActiveSyncToggle.exe.lnk - C:\Tools\Tools\ActiveSyncToggle.exe [2007-10-03 21:59:08]
Ad-Aware 2007.lnk - C:\Program Files\Ad-Aware 2007\Ad-Aware2007.exe [2007-10-31 15:18:06]
Brightness&ColorSwapper-gapa.lnk - C:\Program Files\Brightness&ColorSwapper-gapa\Brightness&ColorSwapper-gapa.exe [2007-05-31 05:03:31]
Click-N-Type.LNK - C:\Program Files\Click-N-Type\Click-N-Type.exe [2007-09-27 14:43:14]
ClickOff.lnk - C:\Program Files\ClickOff\Clickoff.exe [2007-04-12 16:02:26]
Export.sxp.lnk - C:\Backup\Nec\Softwares'\StrokeIt\Export.sxp [2007-11-07 15:32:56]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSetFolders"= 1 (0x1)
"NoWinKeys"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient]
C:\Program Files\Common Files\Stardock\mcpstub.dll 2005-01-31 15:13 49152 C:\Program Files\Common Files\Stardock\MCPStub.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll 2001-12-20 23:34 24576 C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll

R3 3xHybrid;3xHybrid service;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2006-04-16 13:53]
S3 APLMp50;APLMp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\APLMp50.sys [2005-02-16 16:06]
S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [2005-08-03 05:10]

*Newly Created Service* - AD-WATCH_REGISTRY_FILTER

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{28681820-917D-11d5-8177-005056FDDA4B}]
rundll32.exe C:\WINDOWS\system32\ShellExt\DafiTech\Cpy2Clip\cpy2clip.dll,CreateUserSettings
.
排程工作資料夾的內容
"2007-05-30 18:28:34 C:\WINDOWS\Tasks\註冊提醒 2.job"
- C:\WINDOWS\system32\OOBE\oobebaln.exe
"2007-05-30 18:28:34 C:\WINDOWS\Tasks\註冊提醒 3.job"
- C:\WINDOWS\system32\OOBE\oobebaln.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-14 09:47:05
Windows 5.1.2600 Service Pack 2 NTFS

掃描隱藏的程序...

掃描隱藏的進程...

掃描隱藏的檔案...

掃描完成
隱藏檔案?: 0

**************************************************************************
.
完成時間?: 2008-01-14 9:50:41
ComboFix-quarantined-files.txt 2008-01-14 01:50:36
ComboFix2.txt 2008-01-13 07:22:09
.
2008-01-14 00:24:18 --- E O F ---

===========================================================
===========================================================

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:10:16, on 14/1/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ad-Aware 2007\aawservice.exe
C:\Program Files\AvastPro4.7\aswUpdSv.exe
C:\Program Files\Common Files\Stardock\SDMCP.exe
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe
C:\Program Files\AvastPro4.7\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Apps\Powercinema\PCMService.exe
C:\Program Files\NuonSoft\ShellEnhancer\ShellEnhancer.exe
c:\program files\a-squared free\a2service.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\Program Files\Ad-Aware 2007\Ad-Watch2007.exe
C:\PROGRA~1\AVASTP~1.7\ashDisp.exe
C:\Program Files\UberIcon\UberIcon Manager.exe
C:\WINDOWS\system32\svchost.exe
C:\Tools\Tools\Reminder.exe
C:\Program Files\Sensiva, Inc\Symbol Commander Pro\Sensiva.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\Winsplit Revolution 1.8 (1.9NonProperlyWorkable)\WinSplit.exe
C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe
C:\Program Files\Xi\NetXfer\NetTransport.exe
C:\Program Files\HACE\Mmm\MmmTray.exe
C:\PROGRA~1\FREEIN~1\Clearpch.exe
C:\Tools\Processor\Ditto\Ditto.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\BitComet\BitComet.exe
C:\Program Files\AvastPro4.7\ashMaiSv.exe
C:\PROGRA~1\Ashampoo\ASHAMP~1\PopUpKiller.exe
C:\Program Files\Volumouse\volumouse.exe
C:\Program Files\AvastPro4.7\ashWebSv.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\Program Files\Brightness&ColorSwapper-gapa\Brightness&ColorSwapper-gapa.exe
C:\Program Files\Click-N-Type\Click-N-Type.exe
C:\Program Files\ClickOff\Clickoff.exe
C:\Program Files\Strokeit\strokeit.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Point-N-Click\Point-N-Click.exe
C:\Tools\RAM Idle Professional 3.4\RAM_XP.exe
C:\Tools\Tools\ResizeEnable\ResizeEnableRunner.exe
C:\Program Files\Stardock\Object Desktop\RightClick\RightClick.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Tools\Tools\ZoomIt-DesktopZoomer.Pen.BlankScreen.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\WINDOWS\system32\conime.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Crazy Browser\Crazy Browser.exe
C:\Program Files\MalwareScanner-HiJackThis\MalwareScanner-HiJackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll
O2 - BHO: IE PopUp-Killer - {49E0E0F0-5C30-11D4-945D-000000000003} - C:\PROGRA~1\Ashampoo\ASHAMP~1\PopUp.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NetXfer - {83B80A9C-D91A-4F22-8DCF-EA7204039F79} - C:\Program Files\Xi\NetXfer\NXIEHelper.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL (file missing)
O3 - Toolbar: NetXfer - {C16CBAAC-A75C-4DB5-A0DD-CDF5CAFCDD3A} - C:\Program Files\Xi\NetXfer\NXToolBar.dll
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [RAM Idle Professional] C:\Tools\System\RAM Idle Professional 3.4\RAM_XP.exe
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [NuonSoft ShellEnhancer StartupHelper] C:\Program Files\NuonSoft\ShellEnhancer\StartupHelper.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [Aqua] C:\Program Files\Deskperience\Aqua\wText.exe
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Ad-Aware 2007\Ad-Watch2007.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\AVASTP~1.7\ashDisp.exe
O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu
O4 - HKCU\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe"
O4 - HKCU\..\Run: [Kana Reminder] "C:\Tools\Tools\Reminder.exe"
O4 - HKCU\..\Run: [Sensiva] "C:\Program Files\Sensiva, Inc\Symbol Commander Pro\Sensiva.exe"
O4 - HKCU\..\Run: [Winsplit] C:\Program Files\Winsplit Revolution 1.8 (1.9NonProperlyWorkable)\WinSplit.exe
O4 - HKCU\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe
O4 - HKCU\..\Run: [Taskbar Shuffle] C:\Program Files\Taskbar Shuffle\taskbarshuffle.exe
O4 - HKCU\..\Run: [NetXfer] "C:\Program Files\Xi\NetXfer\NetTransport.exe"
O4 - HKCU\..\Run: [Mmm] "C:\Program Files\HACE\Mmm\MmmTray.exe"
O4 - HKCU\..\Run: [Free Internet Window Washer] C:\PROGRA~1\FREEIN~1\Clearpch.exe -Start
O4 - HKCU\..\Run: [Ditto] C:\Tools\Processor\Ditto\Ditto.exe
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe" /tray
O4 - HKCU\..\Run: [Ashampoo PopUpBlocker] C:\PROGRA~1\Ashampoo\ASHAMP~1\PopUpKiller.exe
O4 - HKCU\..\Run: [$Volumouse$] "C:\Program Files\Volumouse\volumouse.exe" /nodlg
O4 - HKCU\..\Run: [TrojanKiller] "C:\Program Files\Trojan Killer\TrojanKiller.exe" 0
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Get file size - res://C:\Program Files\Moveax InternetFileSize\IFSIEMenuStub.dll/201
O8 - Extra context menu item: Download All by NetXfer - C:\Program Files\Xi\NetXfer\NXAddList.html
O8 - Extra context menu item: Download by NetXfer - C:\Program Files\Xi\NetXfer\NXAddLink.html
O8 - Extra context menu item: 妏蚚iTudou狟婥誹醴 - C:\Program Files\Tudou\iTudou\iTudou_Link.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java 主控台 - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {18226BF8-DC0B-4D81-80E9-A41AE37BB73A} (EWA Control) - http://www.pplive.com/zh-cn/other/live/install.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/house ... hcImpl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar ... vSniff.cab
O16 - DPF: {3AC7F64E-6154-47B0-82B5-764ED4077F77} (DataStorage Class) - http://txn02.hkjc.com/BetSlip/object/eWinCtl.cab
O16 - DPF: {4C833081-D026-4FF8-968F-7EAB660D2FBA} - http://download.tvants.com/pub/tvants/t ... tvants.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O16 - DPF: {5EC7C511-CD0F-42E6-830C-1BD9882F3458} - http://download.ppstream.com/bin/powerplayer.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {8A4943CC-1950-44F9-9045-D3D428FD3948} (SecureX Class) - http://txn02.hkjc.com/BetSlip/object/eWinCtl.cab
O16 - DPF: {9242BB35-0DB0-43AC-8DFC-8EA07E63B92A} (LiveMediaOcx Control) - http://dl_dir.qq.com/qqtv/QQLiveOcxSetup.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O16 - DPF: {D4ACE027-B115-4181-82CF-831C68235CAB} (PPSBase Control) - http://hot1.vdown.21cn.com/rmdownload/d ... psbase.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - c:\program files\a-squared free\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\AvastPro4.7\aswUpdSv.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\AvastPro4.7\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\AvastPro4.7\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\AvastPro4.7\ashWebSv.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe

--
End of file - 12006 bytes
===========================================================

Thanks so very much....
luckwealth
Active Member
 
Posts: 13
Joined: January 3rd, 2008, 9:45 am
Advertisement
Register to Remove

Re: Antivirus and Tv program problems

Unread postby 'KotaGuy » January 14th, 2008, 10:18 am

Can I get you to upload C:\WINDOWS\system32\tmp~1.exe into VirusTotal and post back the results of the scan please.

Thanks :)
User avatar
'KotaGuy
Admin/Teacher Emeritus
 
Posts: 12472
Joined: April 7th, 2005, 7:06 pm
Location: Alberta, Canada

Re: Antivirus and Tv program problems

Unread postby luckwealth » January 14th, 2008, 11:09 am

Here the Virustotal log is please :-

============================

File tmp_1.exe received on 01.14.2008 15:47:20 (CET)

Antivirus Version Last Update Result

AhnLab-V3 2008.1.15.10 2008.01.14 -
AntiVir 7.6.0.46 2008.01.14 -
Authentium 4.93.8 2008.01.13 -
Avast 4.7.1098.0 2008.01.14 -
AVG 7.5.0.516 2008.01.13 -
BitDefender 7.2 2008.01.14 -
CAT-QuickHeal 9.00 2008.01.12 -
ClamAV 0.91.2 2008.01.13 -
DrWeb 4.44.0.09170 2008.01.14 -
eSafe 7.0.15.0 2008.01.13 -
eTrust-Vet 31.3.5456 2008.01.14 -
Ewido 4.0 2008.01.14 -
FileAdvisor 1 2008.01.14 -
Fortinet 3.14.0.0 2008.01.14 -
F-Prot 4.4.2.54 2008.01.13 -
F-Secure 6.70.13030.0 2008.01.14 -
Ikarus T3.1.1.20 2008.01.14 -
Kaspersky 7.0.0.125 2008.01.14 -
McAfee 5205 2008.01.11 -
Microsoft 1.3109 2008.01.14 -
NOD32v2 2790 2008.01.14 -
Norman 5.80.02 2008.01.14 -
Panda 9.0.0.4 2008.01.13 -
Prevx1 V2 2008.01.14 -
Rising 20.27.02.00 2008.01.14 -
Sophos 4.24.0 2008.01.14 -
Sunbelt 2.2.907.0 2008.01.12 -
Symantec 10 2008.01.14 -
TheHacker 6.2.9.187 2008.01.13 -
VBA32 3.12.2.5 2008.01.13 -
VirusBuster 4.3.26:9 2008.01.13 -
Webwasher-Gateway 6.0.1 2008.01.14 -

Additional information
File size: 1307468 bytes
MD5: d6337b8e38ad53e824e63e20e7838dda
SHA1: ddfadfa6f1d3e031167013e1b9c6023a3b77defa
PEiD: -
packers: Armadillo

Antivirus;Version;Last Update;Result
AhnLab-V3;2008.1.15.10;2008.01.14;-
AntiVir;7.6.0.46;2008.01.14;-
Authentium;4.93.8;2008.01.13;-
Avast;4.7.1098.0;2008.01.14;-
AVG;7.5.0.516;2008.01.13;-
BitDefender;7.2;2008.01.14;-
CAT-QuickHeal;9.00;2008.01.12;-
ClamAV;0.91.2;2008.01.13;-
DrWeb;4.44.0.09170;2008.01.14;-
eSafe;7.0.15.0;2008.01.13;-
eTrust-Vet;31.3.5456;2008.01.14;-
Ewido;4.0;2008.01.14;-
FileAdvisor;1;2008.01.14;-
Fortinet;3.14.0.0;2008.01.14;-
F-Prot;4.4.2.54;2008.01.13;-
F-Secure;6.70.13030.0;2008.01.14;-
Ikarus;T3.1.1.20;2008.01.14;-
Kaspersky;7.0.0.125;2008.01.14;-
McAfee;5205;2008.01.11;-
Microsoft;1.3109;2008.01.14;-
NOD32v2;2790;2008.01.14;-
Norman;5.80.02;2008.01.14;-
Panda;9.0.0.4;2008.01.13;-
Prevx1;V2;2008.01.14;-
Rising;20.27.02.00;2008.01.14;-
Sophos;4.24.0;2008.01.14;-
Sunbelt;2.2.907.0;2008.01.12;-
Symantec;10;2008.01.14;-
TheHacker;6.2.9.187;2008.01.13;-
VBA32;3.12.2.5;2008.01.13;-
VirusBuster;4.3.26:9;2008.01.13;-
Webwasher-Gateway;6.0.1;2008.01.14;-

Additional information
File size: 1307468 bytes
MD5: d6337b8e38ad53e824e63e20e7838dda
SHA1: ddfadfa6f1d3e031167013e1b9c6023a3b77defa
PEiD: -
packers: Armadillo

===========================

In addition just a small update please, my Cyberlink Cinema is not very stable, it now craches almost every time I launch it.

Many thanks indeed....
luckwealth
Active Member
 
Posts: 13
Joined: January 3rd, 2008, 9:45 am

Re: Antivirus and Tv program problems

Unread postby 'KotaGuy » January 14th, 2008, 2:20 pm

COMBOFIX-Script

  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

    File::
    C:\WINDOWS\system32\drivers\ltkiuluurife.sys
    C:\WINDOWS\system32\drivers\kpnffmdfnmti.sys
    C:\sccfg.sys
    C:\WINDOWS\system32\tmp~1.exe

  • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.

    Image
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply along with a new HijackThis log please.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

With regards to Cyberlink... have you tried to uninstall/reinstall it? I really can't see anything malware related affecting it.
User avatar
'KotaGuy
Admin/Teacher Emeritus
 
Posts: 12472
Joined: April 7th, 2005, 7:06 pm
Location: Alberta, Canada

Re: Antivirus and Tv program problems

Unread postby luckwealth » January 15th, 2008, 6:35 am

Here they are please :-

==================================================
==================================================
~ Wrongly formatted logs corrected as in later post below
==================================================
==================================================

No, I haven't reinstalled Cyberlink Cinema. If its unstability keeps on, I'd do the reinstallation then. You've taken a load off my mind with your advice on your not seeing any malware possibly attacking it, hehe....

Thanks a lot....
Last edited by luckwealth on January 15th, 2008, 12:07 pm, edited 4 times in total.
luckwealth
Active Member
 
Posts: 13
Joined: January 3rd, 2008, 9:45 am

Re: Antivirus and Tv program problems

Unread postby 'KotaGuy » January 15th, 2008, 9:48 am

Can I get you to repost the last ComboFix and HijackThis logs please. Make sure WordWrap is turned off in Notepad(Click the Format Menu Header>Uncheck Word Wrap). The logs are almost impossible to read they way they have been posted.

Thanks.
User avatar
'KotaGuy
Admin/Teacher Emeritus
 
Posts: 12472
Joined: April 7th, 2005, 7:06 pm
Location: Alberta, Canada

Re: Antivirus and Tv program problems

Unread postby luckwealth » January 15th, 2008, 11:55 am

I'm so sorry about it, and again here they are please :-

======================================================

ComboFix 08-01-13.1 - -mildy- 2008-01-15 17:54:44.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.950.1.1028.18.535 [GMT 8:00]
執行位置?: C:\Tools\System\ComboFix.exe
Command switches used :: C:\Tools\System\CFScript.txt
* 已建立新的還原點

FILE
C:\sccfg.sys
C:\WINDOWS\system32\drivers\kpnffmdfnmti.sys
C:\WINDOWS\system32\drivers\ltkiuluurife.sys
C:\WINDOWS\system32\tmp~1.exe
.

(((((((((((((((((((((((((((((((((((((( 其他遭刪除的檔案 ))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\sccfg.sys
C:\WINDOWS\system32\drivers\kpnffmdfnmti.sys
C:\WINDOWS\system32\drivers\ltkiuluurife.sys
C:\WINDOWS\system32\tmp~1.exe

.
(((((((((((((((((((((((((((( 2007-12-15 - 2008-01-15 之間建立的檔案 )))))))))))))))))))))))))))))))))
.

2008-01-14 01:31 . 2008-01-15 12:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-13 18:08 . 2007-12-04 20:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2008-01-13 18:08 . 2007-12-04 22:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2008-01-13 18:08 . 2007-12-04 22:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2008-01-13 18:08 . 2007-12-04 22:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2008-01-13 18:08 . 2007-12-04 22:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2008-01-13 18:08 . 2007-12-04 22:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2008-01-13 18:07 . 2008-01-13 21:28 <DIR> d-------- C:\Program Files\AvastPro4.7
2008-01-13 18:07 . 2007-12-04 21:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
2008-01-13 14:32 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-12 19:56 . 2004-08-12 12:00 11,776 --a------ C:\WINDOWS\system32\dllcache\chkdsk.exe
2008-01-12 19:56 . 2004-08-12 12:00 11,776 --a------ C:\WINDOWS\system32\chkdsk.exe
2008-01-11 20:14 . 2007-08-01 22:47 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-01-11 12:11 . 2008-01-11 12:11 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-01-11 12:11 . 2008-01-11 12:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-01-11 10:41 . 2008-01-11 10:50 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-01-11 10:41 . 2005-08-25 18:18 118,784 --a------ C:\WINDOWS\system32\MSSTDFMT.DLL
2008-01-11 10:36 . 2008-01-14 01:32 <DIR> d-------- C:\Program Files\SpywareGuard
2008-01-11 10:15 . 2008-01-11 10:15 23,600 --a------ C:\WINDOWS\system32\drivers\TVICHW32.SYS
2008-01-05 22:28 . 2008-01-05 22:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Gogii
2008-01-05 18:36 . 2006-09-24 16:11 389,120 --a------ C:\WINDOWS\system32\lameACM.acm
2008-01-05 18:36 . 2007-10-03 16:03 414 --a------ C:\WINDOWS\system32\lame_acm.xml
2008-01-05 18:35 . 2008-01-05 21:44 <DIR> d-------- C:\Program Files\K-Lite Codec Pack
2008-01-05 18:35 . 2007-12-24 13:49 7,680 --a------ C:\WINDOWS\system32\ff_vfw.dll
2008-01-05 18:35 . 2007-07-10 17:10 547 --a------ C:\WINDOWS\system32\ff_vfw.dll.manifest
2008-01-05 18:03 . 2008-01-05 18:03 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-05 18:03 . 2008-01-05 18:03 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-05 17:57 . 2008-01-05 17:57 <DIR> d-------- C:\Program Files\Real Alternative
2008-01-05 17:54 . 2008-01-05 17:54 <DIR> d-------- C:\Program Files\RealMedia
2008-01-04 18:14 . 2007-06-05 10:56 44,928 --a------ C:\WINDOWS\system32\drivers\SDTHOOK.SYS
2008-01-04 16:59 . 2008-01-13 21:15 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2008-01-04 16:59 . 2008-01-11 16:30 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2008-01-04 16:59 . 2008-01-11 16:31 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2008-01-04 16:59 . 2008-01-11 16:31 1,406 --a------ C:\WINDOWS\system32\Help.ico
2008-01-04 14:36 . 2008-01-05 20:39 <DIR> d-------- C:\Documents and Settings\-mildy-\.housecall6.6
2008-01-04 02:46 . 2008-01-09 21:06 <DIR> d-------- C:\Program Files\Babysitting Mania
2008-01-04 01:07 . 2008-01-13 22:18 <DIR> d-------- C:\Program Files\a-squared Free
2008-01-04 01:02 . 2008-01-11 23:47 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2008-01-03 23:27 . 2008-01-05 22:10 <DIR> d-------- C:\Program Files\Ad-Aware 2007
2008-01-03 23:27 . 2008-01-03 23:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-03 23:25 . 2008-01-03 23:25 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-03 22:36 . 2008-01-14 10:09 <DIR> d-------- C:\Program Files\MalwareScanner-HiJackThis
2008-01-03 02:06 . 2004-01-09 17:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2008-01-03 01:18 . 2008-01-04 20:59 <DIR> d-------- C:\Program Files\Trojan Killer
2008-01-01 18:51 . 2003-03-19 04:20 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2008-01-01 13:16 . 2008-01-06 01:54 <DIR> d-------- C:\WINDOWS\system32\drivers\down
2007-12-31 15:45 . 2008-01-02 12:54 <DIR> d-------- C:\Program Files\Farm Frenzy
2007-12-31 15:28 . 2007-12-31 15:42 <DIR> d-------- C:\Program Files\Neighbours from Hell
2007-12-30 17:00 . 2007-12-30 17:00 <DIR> d-------- C:\Program Files\Nuclear Coffee
2007-12-30 16:31 . 2007-12-30 22:58 <DIR> d-------- C:\Program Files\Brainsbreaker 4.9.105
2007-12-30 16:18 . 2007-12-30 16:29 <DIR> d-------- C:\Program Files\Playtonium Jigsaw Patterns in Nature
2007-12-30 13:27 . 2008-01-05 17:06 <DIR> d-------- C:\Program Files\Total Video Converter
2007-12-30 13:27 . 2000-05-22 22:58 608,448 --a------ C:\WINDOWS\system32\comctl32.ocx
2007-12-27 13:25 . 2007-12-27 17:30 <DIR> d-------- C:\Program Files\Jigsaws
2007-12-27 11:39 . 2007-12-28 11:02 <DIR> d-------- C:\Program Files\BrainsBreaker
2007-12-26 15:09 . 2008-01-05 18:32 <DIR> d-------- C:\Program Files\OpenSource Flash Video Splitter
2007-12-24 14:20 . 2007-12-24 14:21 <DIR> d-------- C:\Program Files\Wedding Dash
2007-12-23 20:49 . 2007-12-23 21:14 <DIR> d-------- C:\Program Files\Pastime Puzzles
2007-12-23 17:53 . 2007-12-23 18:00 <DIR> d-------- C:\Program Files\Mystery Of Shark Island
2007-12-23 14:00 . 2007-12-23 14:01 <DIR> d-------- C:\Program Files\Lucy Q Deluxe
2007-12-23 11:39 . 2007-12-27 11:33 <DIR> d-------- C:\Program Files\Jigsaw365
2007-12-21 17:04 . 2008-01-09 20:13 <DIR> d-------- C:\Program Files\Pocket JigMake
2007-12-21 16:37 . 2007-12-21 16:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-12-21 16:37 . 2007-12-11 10:57 65,536 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2007-12-21 16:37 . 2007-12-11 10:57 49,152 --a------ C:\WINDOWS\system32\QuickTime.qts
2007-12-21 16:36 . 2007-12-21 16:45 <DIR> d-------- C:\Program Files\QuickTime Alternative
2007-12-20 14:35 . 2007-12-20 14:35 <DIR> d-------- C:\Documents and Settings\-mildy-\Application Data\ViquaSoft
2007-12-19 20:01 . 2007-12-19 20:02 <DIR> d-------- C:\Program Files\Diner Dash Flo On The Go
2007-12-19 20:00 . 2007-12-23 22:52 <DIR> d-------- C:\Program Files\Diner Dash Hometown Hero
2007-12-19 19:47 . 2007-12-20 15:12 <DIR> d-------- C:\Program Files\Delivery King
2007-12-18 22:40 . 2007-12-18 22:40 <DIR> d-------- C:\Documents and Settings\-mildy-\Application Data\My Games
2007-12-18 15:32 . 2007-12-18 15:32 4,096 --a------ C:\WINDOWS\d3dx.dat
2007-12-18 15:15 . 2007-12-18 15:31 535 --a------ C:\WINDOWS\wwwconfig.dat
2007-12-18 01:27 . 2007-12-18 15:32 <DIR> d-------- C:\Program Files\Flower Shop Big City Break
2007-12-18 01:26 . 2007-12-18 15:06 <DIR> d-------- C:\Program Files\Posh Shop
2007-12-18 01:25 . 2007-12-20 21:00 <DIR> d-------- C:\Program Files\Pizza Frenzy
2007-12-18 01:25 . 2007-12-20 22:57 <DIR> d-------- C:\Program Files\Daycare Nightmare
2007-12-18 01:24 . 2007-12-18 15:09 <DIR> d-------- C:\Program Files\Cathys Caribbean Club
2007-12-18 01:23 . 2007-12-21 23:22 <DIR> d-------- C:\Program Files\Believe In Santa
2007-12-18 01:20 . 2007-12-18 15:12 <DIR> d-------- C:\Program Files\Baby Luv
2007-12-18 01:19 . 2007-12-18 15:13 <DIR> d-------- C:\Program Files\Big Island Blends
2007-12-18 01:18 . 2007-12-25 01:29 <DIR> d-------- C:\Program Files\Fab Fashion
2007-12-18 01:15 . 2007-12-27 11:34 <DIR> d-------- C:\Program Files\Teddy Factory
2007-12-18 00:56 . 2007-12-18 15:15 <DIR> d-------- C:\Program Files\Wild West Wendy
2007-12-18 00:51 . 2007-12-18 01:09 <DIR> d-------- C:\Program Files\Mystic Inn
2007-12-18 00:50 . 2007-12-18 01:09 <DIR> d-------- C:\Program Files\Santas Super Friends
2007-12-18 00:48 . 2007-12-18 01:11 <DIR> d-------- C:\Program Files\Birdies
2007-12-18 00:45 . 2007-12-18 01:12 <DIR> d-------- C:\Program Files\Home Sweet Home
2007-12-18 00:41 . 2007-12-18 01:12 <DIR> d-------- C:\Program Files\Happy Hour
2007-12-17 23:31 . 2007-12-21 21:21 <DIR> d-------- C:\Program Files\Sallys Salon
2007-12-17 23:12 . 2007-12-18 01:13 <DIR> d-------- C:\Program Files\Delicious 2 Deluxe
2007-12-17 23:10 . 2007-12-20 21:03 <DIR> d-------- C:\Program Files\Sushi Frenzy
2007-12-17 01:53 . 2007-12-20 19:53 <DIR> d-------- C:\Program Files\Nanny Mania
2007-12-17 01:42 . 2007-12-17 01:42 <DIR> d-------- C:\Documents and Settings\-mildy-\Application Data\Jane s Hotel
2007-12-17 01:37 . 2007-12-17 01:41 <DIR> d-------- C:\Program Files\Janes Hotel
2007-12-16 20:48 . 2007-12-16 20:48 <DIR> d-------- C:\Documents and Settings\-mildy-\Application Data\Sandlot Games
2007-12-16 20:39 . 2007-12-16 20:39 <DIR> d-------- C:\WINDOWS\Burger Shop
2007-12-16 20:39 . 2007-12-16 20:44 <DIR> d-------- C:\Program Files\Burger Shop
2007-12-16 19:57 . 2007-12-16 19:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Oberon Games
2007-12-16 19:55 . 2007-12-16 19:55 <DIR> d-------- C:\Program Files\MSN Games

.
(((((((((((((((((((((((((((((((((((( 近三個月內更動的檔案 )))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-15 09:52 --------- d-----w C:\Documents and Settings\-mildy-\Application Data\Ditto
2008-01-15 09:46 --------- d-----w C:\Program Files\eMule
2008-01-15 05:17 5,505,024 ---ha-w C:\Documents and Settings\-mildy-\NTUSER.DAT
2008-01-15 04:28 --------- d-----w C:\Documents and Settings\-mildy-\Application Data\ClickOff
2008-01-15 03:15 --------- d-----w C:\Program Files\BitComet
2008-01-14 11:13 --------- d-----w C:\Program Files\Replay AV 8
2008-01-14 05:16 --------- d-----w C:\Program Files\NJStar Communicator
2008-01-13 11:50 --------- d-----w C:\Program Files\Common Files\Sandlot Shared
2008-01-11 12:18 --------- d-----w C:\Program Files\Crazy Browser
2008-01-08 17:00 --------- d-----w C:\Program Files\Flary Address
2008-01-05 14:48 --------- d-----w C:\Program Files\Winsplit Revolution 1.8 (1.9NonProperlyWorkable)
2008-01-05 14:48 --------- d-----w C:\Program Files\Volumouse
2008-01-05 14:47 --------- d-----w C:\Program Files\UberIcon
2008-01-05 14:46 --------- d-----w C:\Program Files\TaskSwitchXP
2008-01-05 14:46 --------- d-----w C:\Program Files\StrokeIt
2008-01-05 14:41 --------- d-----w C:\Program Files\Point-N-Click
2008-01-05 14:25 --------- d-----w C:\Program Files\Free Internet Window Washer
2008-01-05 14:23 --------- d-----w C:\Program Files\FileNote
2008-01-05 14:21 --------- d-----w C:\Program Files\EasyZip
2008-01-05 14:16 --------- d-----w C:\Program Files\CursorXP
2008-01-05 14:16 --------- d-----w C:\Program Files\CopyURL
2008-01-05 14:16 --------- d-----w C:\Program Files\Common Files\Stardock
2008-01-05 14:15 --------- d-----w C:\Program Files\ClickOff
2008-01-05 14:15 --------- d-----w C:\Program Files\Click-N-Type
2008-01-05 14:15 --------- d-----w C:\Program Files\Brightness&ColorSwapper-gapa
2008-01-05 12:31 --------- d-----w C:\Program Files\Renamer
2008-01-03 18:10 --------- d-----w C:\Program Files\Taskbar Shuffle
2008-01-01 13:19 --------- d-----w C:\Documents and Settings\-mildy-\Application Data\MegauploadToolbar
2008-01-01 12:28 --------- d-s---w C:\Documents and Settings\-mildy-\Application Data\Microsoft
2007-12-31 12:16 --------- d-----w C:\Program Files\Microsoft ActiveSync
2007-12-24 06:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\PlayFirst
2007-12-24 06:21 --------- d-----w C:\Documents and Settings\-mildy-\Application Data\PlayFirst
2007-12-21 18:22 --------- d-----w C:\Program Files\ICE Book Reader Professional Retail 76
2007-12-21 04:52 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-20 08:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\mvcache
2007-12-20 06:35 --------- d-----w C:\Documents and Settings\-mildy-\Application Data\ViquaSoft
2007-12-19 15:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\thunder_dctemp
2007-12-18 14:40 --------- d-----w C:\Documents and Settings\-mildy-\Application Data\My Games
2007-12-16 17:42 --------- d-----w C:\Documents and Settings\-mildy-\Application Data\Jane s Hotel
2007-12-16 12:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sandlot Games
2007-12-16 12:48 --------- d-----w C:\Documents and Settings\-mildy-\Application Data\Sandlot Games
2007-12-15 11:13 --------- d-----w C:\Program Files\Paradise Pet Salon
2007-12-15 04:11 --------- d-----w C:\Program Files\GowerPoint.com
2007-12-13 09:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\thunder_vod_cache
2007-12-13 09:33 --------- d-----w C:\Program Files\Thunder Network
2007-12-13 09:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\Thunder Network
2007-12-13 06:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Legacy Interactive
2007-12-13 06:16 --------- d-----w C:\Program Files\The Apprentice Los Angeles
2007-12-12 10:23 53,248 ----a-w C:\WINDOWS\system32\suppdll.dll
2007-12-09 20:58 --------- d-----w C:\Program Files\Fashion Fits
2007-12-09 09:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\Fugazo
2007-12-08 14:59 --------- d-----w C:\Documents and Settings\-mildy-\Application Data\Macromedia
2007-12-08 09:19 --------- d-----w C:\Program Files\Cake Mania Back to the Bakery
2007-12-07 10:17 --------- d-----w C:\Program Files\Cake Mania 2
2007-12-06 07:36 --------- d-----w C:\Program Files\mp3DirectCut
2007-12-05 14:57 --------- d-----w C:\Program Files\Any Media to MP3 Converter
2007-12-05 14:34 --------- d-----w C:\Program Files\Shuangs Audio Editor
2007-12-05 11:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\River Past G5
2007-12-05 11:24 --------- d-----w C:\Documents and Settings\-mildy-\Application Data\River Past G5
2007-12-05 08:13 --------- d-----w C:\Program Files\Common Files\DVDVideoSoft
2007-12-05 08:12 --------- d-----w C:\Program Files\DVDVideoSoft
2007-12-05 06:12 --------- d-----w C:\Program Files\AimOne_AlltoMP3
2007-12-04 15:27 --------- d-----w C:\Program Files\GameHouse
2007-12-04 12:15 --------- d-----w C:\Documents and Settings\-mildy-\Application Data\Big Fish Games
2007-12-04 12:10 --------- d-----w C:\Program Files\Azada
2007-12-04 09:48 --------- d-----w C:\Documents and Settings\-mildy-\Application Data\GameHouse
2007-12-04 08:44 --------- d-----w C:\Program Files\Abra Academy
2007-12-03 18:33 682,496 ----a-w C:\WINDOWS\system32\divx.dll
2007-12-03 11:06 --------- d-----w C:\Program Files\Tudou
2007-12-01 06:39 10,884,472 ----a-w C:\WINDOWS\system32\SpoonUninstall.exe
2007-11-29 17:47 --------- d-----w C:\Documents and Settings\-mildy-\Application Data\PhraseExpress
2007-11-29 17:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\PhraseExpress
2007-11-29 15:30 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2007-11-29 15:28 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2007-11-26 15:02 --------- d-----w C:\Documents and Settings\-mildy-\Application Data\Scan2PDF
2007-11-26 13:51 --------- d-----w C:\Program Files\Scan2PDF
2007-11-25 14:04 --------- d-----w C:\Program Files\SimpleOCR
2007-11-25 12:25 --------- d-----w C:\Program Files\ScannerU
2007-11-24 10:44 --------- d-----w C:\Program Files\InfoTag Magic 1.0
2007-11-21 05:29 --------- d-----w C:\Program Files\Paint.NET
2007-11-20 01:05 --------- d-----w C:\Program Files\Tracker Software
2007-11-14 07:27 450,560 ------w C:\WINDOWS\system32\dllcache\jscript.dll
2007-11-07 09:26 699,904 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-11-07 09:26 699,904 ------w C:\WINDOWS\system32\dllcache\lsasrv.dll
2007-11-07 06:46 533 ----a-w C:\Program Files\Softwares'.lnk
2007-10-30 17:20 360,064 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys
2007-10-30 09:56 3,086,848 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-10-29 22:42 1,269,248 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-29 22:42 1,269,248 ------w C:\WINDOWS\system32\dllcache\quartz.dll
2007-10-25 16:42 8,320,512 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
2007-10-25 02:26 53,248 ----a-w C:\WINDOWS\bdoscandel.exe
2005-10-20 09:17 28,672 ----a-w C:\Program Files\CloseAll.exe
2005-07-14 18:31 27,648 --sha-w C:\WINDOWS\system32\AVSredirect.dll
2005-06-26 21:32 616,448 --sha-r C:\WINDOWS\system32\cygwin1.dll
2005-06-22 04:37 45,568 --sha-r C:\WINDOWS\system32\cygz.dll
.

((((((((((((((((((((((((((((( snapshot@2008-01-13_15.21.48.79 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-10-30 16:53:32 360,832 ----a-w C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
+ 2007-03-06 03:45:38 12,000 ----a-w C:\WINDOWS\$hf_mig$\KB941644\spmsg.dll
+ 2007-03-06 03:45:43 207,072 ----a-w C:\WINDOWS\$hf_mig$\KB941644\spuninst.exe
+ 2007-03-06 03:45:37 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB941644\update\spcustom.dll
+ 2007-03-06 03:46:01 690,912 ----a-w C:\WINDOWS\$hf_mig$\KB941644\update\update.exe
+ 2007-03-06 03:46:53 328,928 ----a-w C:\WINDOWS\$hf_mig$\KB941644\update\updspapi.dll
+ 2007-11-07 09:49:28 705,024 ----a-w C:\WINDOWS\$hf_mig$\KB943485\SP2QFE\lsasrv.dll
+ 2007-03-06 03:45:38 12,000 ----a-w C:\WINDOWS\$hf_mig$\KB943485\spmsg.dll
+ 2007-03-06 03:45:43 207,072 ----a-w C:\WINDOWS\$hf_mig$\KB943485\spuninst.exe
+ 2007-03-06 03:45:37 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB943485\update\spcustom.dll
+ 2007-03-06 03:46:01 690,912 ----a-w C:\WINDOWS\$hf_mig$\KB943485\update\update.exe
+ 2007-03-06 03:46:53 328,928 ----a-w C:\WINDOWS\$hf_mig$\KB943485\update\updspapi.dll
- 2008-01-13 06:37:47 229,376 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
+ 2008-01-15 09:53:57 229,376 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
- 2008-01-13 06:37:47 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
+ 2008-01-15 09:53:57 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
- 2008-01-13 06:37:47 229,376 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
+ 2008-01-15 09:53:57 229,376 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
- 2008-01-13 06:37:47 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
+ 2008-01-15 09:53:57 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
- 2008-01-13 06:37:47 5,283,840 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
+ 2008-01-15 09:53:57 5,304,320 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
- 2008-01-13 06:37:47 16,384 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
+ 2008-01-15 09:53:57 16,384 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
- 2007-10-01 06:30:12 359,808 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
+ 2007-10-30 17:20:55 360,064 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
+ 2008-01-14 05:10:13 16,384 ----atw C:\WINDOWS\TEMP\Perflib_Perfdata_468.dat
+ 2008-01-15 04:26:39 16,384 ----atw C:\WINDOWS\TEMP\Perflib_Perfdata_508.dat
.
(((((((((((((((((((((((((((((((((((((((((( 重要登錄檔 )))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*注意* 空白或合法的登錄值將不會顯示

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UberIcon"="C:\Program Files\UberIcon\UberIcon Manager.exe" [2006-07-17 23:16 122880]
"Kana Reminder"="C:\Tools\Tools\Reminder.exe" [2005-11-29 08:09 1185280]
"Sensiva"="C:\Program Files\Sensiva" [ ]
"Winsplit"="C:\Program Files\Winsplit Revolution 1.8 (1.9NonProperlyWorkable)\WinSplit.exe" [2007-10-10 00:29 2627072]
"TaskSwitchXP"="C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe" [2006-08-05 06:29 62976]
"Taskbar Shuffle"="C:\Program Files\Taskbar Shuffle\taskbarshuffle.exe" [ ]
"NetXfer"="C:\Program Files\Xi\NetXfer\NetTransport.exe" [2007-10-08 15:09 1392640]
"Mmm"="C:\Program Files\HACE\Mmm\MmmTray.exe" [2007-06-01 00:01 15872]
"Free Internet Window Washer"="C:\PROGRA~1\FREEIN~1\Clearpch.exe" [2006-12-15 21:29 1498624]
"Ditto"="C:\Tools\Processor\Ditto\Ditto.exe" [2006-08-04 12:20 618496]
"CursorXP"="C:\Program Files\CursorXP\CursorXP.exe" [2005-01-19 16:44 140288]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-12 20:00 15360]
"BitComet"="C:\Program Files\BitComet\BitComet.exe" [2007-09-10 20:33 6338360]
"Ashampoo PopUpBlocker"="C:\PROGRA~1\Ashampoo\ASHAMP~1\PopUpKiller.exe" [2004-02-03 13:13 1216000]
"$Volumouse$"="C:\Program Files\Volumouse\volumouse.exe" [2006-05-27 11:49 26112]
"TrojanKiller"="C:\Program Files\Trojan Killer\TrojanKiller.exe" [2007-12-22 16:58 1366016]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46 1460560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [2006-09-08 01:19 15872]
"RAM Idle Professional"="C:\Tools\System\RAM Idle Professional 3.4\RAM_XP.exe" [ ]
"PCMService"="c:\Apps\Powercinema\PCMService.exe" [2005-05-11 13:48 127118]
"NuonSoft ShellEnhancer StartupHelper"="C:\Program Files\NuonSoft\ShellEnhancer\StartupHelper.exe" [2006-12-16 11:46 65536]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [ ]
"Aqua"="C:\Program Files\Deskperience\Aqua\wText.exe" [2005-05-06 19:33 1011712]
"Ad-Watch"="C:\Program Files\Ad-Aware 2007\Ad-Watch2007.exe" [2007-11-07 15:49 4579328]
"avast!"="C:\PROGRA~1\AVASTP~1.7\ashDisp.exe" [2007-12-04 21:00 79224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"WIAWizardMenu"="C:\WINDOWS\system32\sti_ci.dll" [2004-08-12 20:00 133632]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-12 20:00 15360]

C:\Documents and Settings\-mildy-\「開始」功能表\程式集\啟動\
a-squared Free.lnk - C:\Program Files\a-squared Free\a2free.exe [2008-01-04 01:07:57]
ActiveSyncToggle.exe.lnk - C:\Tools\Tools\ActiveSyncToggle.exe [2007-10-03 21:59:08]
Brightness&ColorSwapper-gapa.lnk - C:\Program Files\Brightness&ColorSwapper-gapa\Brightness&ColorSwapper-gapa.exe [2007-05-31 05:03:31]
Click-N-Type.LNK - C:\Program Files\Click-N-Type\Click-N-Type.exe [2007-09-27 14:43:14]
ClickOff.lnk - C:\Program Files\ClickOff\Clickoff.exe [2007-04-12 16:02:26]
eMule.lnk - C:\Program Files\eMule\emule.exe [2007-11-28 14:26:16]
Export.sxp.lnk - C:\Backup\Nec\Softwares'\StrokeIt\Export.sxp [2007-11-07 15:32:56]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSetFolders"= 1 (0x1)
"NoWinKeys"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient]
C:\Program Files\Common Files\Stardock\mcpstub.dll 2005-01-31 15:13 49152 C:\Program Files\Common Files\Stardock\MCPStub.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll 2001-12-20 23:34 24576 C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll

R3 3xHybrid;3xHybrid service;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2006-04-16 13:53]
S3 APLMp50;APLMp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\APLMp50.sys [2005-02-16 16:06]
S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [2005-08-03 05:10]

*Newly Created Service* - AD-WATCH_REGISTRY_FILTER

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{28681820-917D-11d5-8177-005056FDDA4B}]
rundll32.exe C:\WINDOWS\system32\ShellExt\DafiTech\Cpy2Clip\cpy2clip.dll,CreateUserSettings
.
排程工作資料夾的內容
"2007-05-30 18:28:34 C:\WINDOWS\Tasks\註冊提醒 2.job"
- C:\WINDOWS\system32\OOBE\oobebaln.exe
"2007-05-30 18:28:34 C:\WINDOWS\Tasks\註冊提醒 3.job"
- C:\WINDOWS\system32\OOBE\oobebaln.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-15 18:06:13
Windows 5.1.2600 Service Pack 2 NTFS

掃描隱藏的程序...

掃描隱藏的進程...

掃描隱藏的檔案...

掃描完成
隱藏檔案?: 0

**************************************************************************
.
完成時間?: 2008-01-15 18:11:56
ComboFix-quarantined-files.txt 2008-01-15 10:11:52
ComboFix2.txt 2008-01-14 01:50:42
ComboFix3.txt 2008-01-13 07:22:09
.
2008-01-14 00:24:18 --- E O F ---

======================================================

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:14:54, on 15/1/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ad-Aware 2007\aawservice.exe
C:\Program Files\AvastPro4.7\aswUpdSv.exe
C:\Program Files\Common Files\Stardock\SDMCP.exe
C:\Program Files\AvastPro4.7\ashServ.exe
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Apps\Powercinema\PCMService.exe
C:\Program Files\NuonSoft\ShellEnhancer\ShellEnhancer.exe
c:\program files\a-squared free\a2service.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\PROGRA~1\AVASTP~1.7\ashDisp.exe
C:\Program Files\UberIcon\UberIcon Manager.exe
C:\Tools\Tools\Reminder.exe
C:\Program Files\Sensiva, Inc\Symbol Commander Pro\Sensiva.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Winsplit Revolution 1.8 (1.9NonProperlyWorkable)\WinSplit.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe
C:\Program Files\Xi\NetXfer\NetTransport.exe
C:\Program Files\HACE\Mmm\MmmTray.exe
C:\PROGRA~1\FREEIN~1\Clearpch.exe
C:\Tools\Processor\Ditto\Ditto.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\BitComet\BitComet.exe
C:\PROGRA~1\Ashampoo\ASHAMP~1\PopUpKiller.exe
C:\Program Files\Volumouse\volumouse.exe
C:\Program Files\AvastPro4.7\ashMaiSv.exe
C:\Program Files\AvastPro4.7\ashWebSv.exe
C:\Program Files\Brightness&ColorSwapper-gapa\Brightness&ColorSwapper-gapa.exe
C:\Program Files\Click-N-Type\Click-N-Type.exe
C:\Program Files\ClickOff\Clickoff.exe
C:\Program Files\Strokeit\strokeit.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Point-N-Click\Point-N-Click.exe
C:\Tools\RAM Idle Professional 3.4\RAM_XP.exe
C:\Tools\Tools\ResizeEnable\ResizeEnableRunner.exe
C:\Program Files\Stardock\Object Desktop\RightClick\RightClick.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Tools\Tools\ZoomIt-DesktopZoomer.Pen.BlankScreen.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\Realtek\InstallShield\RTHDCPL.EXE
C:\Program Files\Crazy Browser\Crazy Browser.exe
C:\WINDOWS\system32\conime.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\MalwareScanner-HiJackThis\MalwareScanner-HiJackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll
O2 - BHO: IE PopUp-Killer - {49E0E0F0-5C30-11D4-945D-000000000003} - C:\PROGRA~1\Ashampoo\ASHAMP~1\PopUp.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NetXfer - {83B80A9C-D91A-4F22-8DCF-EA7204039F79} - C:\Program Files\Xi\NetXfer\NXIEHelper.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL (file missing)
O3 - Toolbar: NetXfer - {C16CBAAC-A75C-4DB5-A0DD-CDF5CAFCDD3A} - C:\Program Files\Xi\NetXfer\NXToolBar.dll
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [RAM Idle Professional] C:\Tools\System\RAM Idle Professional 3.4\RAM_XP.exe
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [NuonSoft ShellEnhancer StartupHelper] C:\Program Files\NuonSoft\ShellEnhancer\StartupHelper.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [Aqua] C:\Program Files\Deskperience\Aqua\wText.exe
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Ad-Aware 2007\Ad-Watch2007.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\AVASTP~1.7\ashDisp.exe
O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu
O4 - HKCU\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe"
O4 - HKCU\..\Run: [Kana Reminder] "C:\Tools\Tools\Reminder.exe"
O4 - HKCU\..\Run: [Sensiva] "C:\Program Files\Sensiva, Inc\Symbol Commander Pro\Sensiva.exe"
O4 - HKCU\..\Run: [Winsplit] C:\Program Files\Winsplit Revolution 1.8 (1.9NonProperlyWorkable)\WinSplit.exe
O4 - HKCU\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe
O4 - HKCU\..\Run: [Taskbar Shuffle] C:\Program Files\Taskbar Shuffle\taskbarshuffle.exe
O4 - HKCU\..\Run: [NetXfer] "C:\Program Files\Xi\NetXfer\NetTransport.exe"
O4 - HKCU\..\Run: [Mmm] "C:\Program Files\HACE\Mmm\MmmTray.exe"
O4 - HKCU\..\Run: [Free Internet Window Washer] C:\PROGRA~1\FREEIN~1\Clearpch.exe -Start
O4 - HKCU\..\Run: [Ditto] C:\Tools\Processor\Ditto\Ditto.exe
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe" /tray
O4 - HKCU\..\Run: [Ashampoo PopUpBlocker] C:\PROGRA~1\Ashampoo\ASHAMP~1\PopUpKiller.exe
O4 - HKCU\..\Run: [$Volumouse$] "C:\Program Files\Volumouse\volumouse.exe" /nodlg
O4 - HKCU\..\Run: [TrojanKiller] "C:\Program Files\Trojan Killer\TrojanKiller.exe" 0
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Get file size - res://C:\Program Files\Moveax InternetFileSize\IFSIEMenuStub.dll/201
O8 - Extra context menu item: Download All by NetXfer - C:\Program Files\Xi\NetXfer\NXAddList.html
O8 - Extra context menu item: Download by NetXfer - C:\Program Files\Xi\NetXfer\NXAddLink.html
O8 - Extra context menu item: 妏蚚iTudou狟婥誹醴 - C:\Program Files\Tudou\iTudou\iTudou_Link.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java 主控台 - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {18226BF8-DC0B-4D81-80E9-A41AE37BB73A} (EWA Control) - http://www.pplive.com/zh-cn/other/live/install.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/house ... hcImpl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar ... vSniff.cab
O16 - DPF: {3AC7F64E-6154-47B0-82B5-764ED4077F77} (DataStorage Class) - http://txn02.hkjc.com/BetSlip/object/eWinCtl.cab
O16 - DPF: {4C833081-D026-4FF8-968F-7EAB660D2FBA} - http://download.tvants.com/pub/tvants/t ... tvants.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O16 - DPF: {5EC7C511-CD0F-42E6-830C-1BD9882F3458} - http://download.ppstream.com/bin/powerplayer.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {8A4943CC-1950-44F9-9045-D3D428FD3948} (SecureX Class) - http://txn02.hkjc.com/BetSlip/object/eWinCtl.cab
O16 - DPF: {9242BB35-0DB0-43AC-8DFC-8EA07E63B92A} (LiveMediaOcx Control) - http://dl_dir.qq.com/qqtv/QQLiveOcxSetup.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O16 - DPF: {D4ACE027-B115-4181-82CF-831C68235CAB} (PPSBase Control) - http://hot1.vdown.21cn.com/rmdownload/d ... psbase.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - c:\program files\a-squared free\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\AvastPro4.7\aswUpdSv.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\AvastPro4.7\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\AvastPro4.7\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\AvastPro4.7\ashWebSv.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe

--
End of file - 11938 bytes
======================================================

Many thanks indeed....
luckwealth
Active Member
 
Posts: 13
Joined: January 3rd, 2008, 9:45 am

Re: Antivirus and Tv program problems

Unread postby 'KotaGuy » January 15th, 2008, 12:14 pm

Logs lookg good. Don't see any malware in them :thumbup:

How is the computer behaving?
User avatar
'KotaGuy
Admin/Teacher Emeritus
 
Posts: 12472
Joined: April 7th, 2005, 7:06 pm
Location: Alberta, Canada

Re: Antivirus and Tv program problems

Unread postby luckwealth » January 15th, 2008, 12:33 pm

After so much hard work of yours, I'm so happy indeed to hear that!! And what a quick reply, just can't imagine how incredibly quick reader and expert analyser you are!!

My computer's working as fine as before.

Really much appreciate your help, tons of thanks and thanks for every effort of yours, you're just marvelous....!!!!
luckwealth
Active Member
 
Posts: 13
Joined: January 3rd, 2008, 9:45 am

Re: Antivirus and Tv program problems

Unread postby 'KotaGuy » January 15th, 2008, 12:50 pm

Good to hear! And thank you very much for the kind words... it was my pleasure.

And now that we are done...

UNINSTALL COMBOFIX

  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK.
  • Note the space between the X and the U, it needs to be there.
  • Image
You can also delete any logs we have produced, and empty your Recycle bin.

Some tips for the future to minimize reinfection...

  • Disable and Enable System Restore - If you are using Windows ME or XP then you should disable and re-enable system restore to make sure there are no infected files found in a restore point.
    Turn off System Restore.
    On the Desktop, right-click My Computer
    Click Properties
    Click the System Restore tab
    Check Turn off System Restore
    Click Apply, and then click OK

    Reboot.

    Turn on System Restore.
    On the Desktop, right-click My Computer
    Click Properties
    Click the System Restore tab
    Uncheck Turn off System Restore
    Click Apply, and then click OK
    NOTE: only do this ONCE, NOT on a regular basis!
  • Re hide your system files To do so, please follow the steps below:
    • Double-click My Computer.
    • Click the Tools menu, and then click Folder Options.
    • Click the View tab.
    • Put a check by "Hide file extensions for known file types."
    • Under the "Hidden files" folder, select "Do not show hidden files and folders."
    • Check "Hide protected operating system files."
    • Click Apply, and then click OK.
  • Make your Internet Explorer more secure - This can be done by following these simple instructions:
    • From within Internet Explorer click on the Tools menu and then click on Options.
    • Click once on the Security tab
    • Click once on the Internet icon so it becomes highlighted.
    • Click once on the Custom Level button.
      • Change the Download signed ActiveX controls to Prompt
      • Change the Download unsigned ActiveX controls to Disable
      • Change the Initialise and script ActiveX controls not marked as safe to Disable
      • Change the Installation of desktop items to Prompt
      • Change the Launching programs and files in an IFRAME to Prompt
      • Change the Navigate sub-frames across different domains to Prompt
      • When all these settings have been made, click on the OK button.
      • If it prompts you as to whether or not you want to save the settings, press the Yes button.
    • Next press the Apply button and then the OK to exit the Internet Properties page.
  • Use an Anti Virus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future. Here are some Anti Virus products which are free for personal use and most used:
    AntiVir
    Avast
    BitDefender
  • Update your Anti Virus Software - It is imperitive that you update your Anti virus software at least once a week (Even more if you wish). If you do not update your anti virus software then it will not be able to catch any of the new variants that may come out.
  • Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is susceptible to being hacked and taken over. If you use the Windows Firewall you might think that's sufficient but it only controls one way of the traffic (inbound/outbound not sure). Simply using a Firewall in its default configuration can lower your risk greatly. Here are some firewalls which are free for personal use and most used:
    Comodo
    Kerio
    ZoneAlarm
  • Visit Microsoft's Update Site Frequently - It is important that you visit http://update.microsoft.com/ regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
  • Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option.
    This will provide real-time spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an anti virus software. A tutorial on installing & using this product can be found here:
    Instructions for - Spybot S & D and Ad-aware
  • Install Ad-Aware - Install and download Ad-Aware. You should also scan your computer with the program on a regular basis just as you would an anti virus software in conjunction with Spybot. A tutorial on installing & using this product can be found here:
    Instructions for - Spybot S & D and Ad-aware
  • Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs. A article on anti-malware products with links for this program and others can be found here:
    Computer Safety on line - Anti-Malware
  • Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.

Stand Up and Be Counted!
Please take the time to tell us what you would like to be done about the people who are behind all the problems you have had. We can only get something done about this if the people that we help, like you, are prepared to complain. We have a dedicated forum for collecting these complaints called Malware Complaints. Please register there first! Then follow the instructions here:
<link>

>> Here << you can see how you can help us.

Surf Safe :)
User avatar
'KotaGuy
Admin/Teacher Emeritus
 
Posts: 12472
Joined: April 7th, 2005, 7:06 pm
Location: Alberta, Canada

Re: Antivirus and Tv program problems

Unread postby NonSuch » January 20th, 2008, 5:22 pm

Glad we could be of assistance.

This topic is now closed. If you wish it reopened, please send us an email to 'admin at malwareremoval.com' with a link to your thread.

You can help support this site from this link :
Donations For Malware Removal

Please do not contact us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 28747
Joined: February 23rd, 2005, 7:08 am
Location: California
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 479 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware