Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

All start with Total security

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

All start with Total security

Unread postby five100aday » September 29th, 2009, 9:35 pm

few days ago, total security got into my machine and I followed the instruction found from internet to remove it. But after that it gets slower and slower after each time the machine is started. I have to restart the machine few time a day.

Please help!

Thanks,
Ming

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:15:36 PM, on 9/29/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\xampp\apache\bin\httpd.exe
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\xampp\mysql\bin\mysqld.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\xampp\apache\bin\httpd.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\sm56hlpr.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\Program Files\Google\Google Pinyin\GooglePinyinDaemon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\Temp\_ex-08.exe
C:\Program Files\Bluetooth Mouse\MulMouse.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Kingsoft\PowerWord Lite\XDict.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\WINDOWS\system32\mdm.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Temp\wpv111254042811.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Ares\Ares.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Ming\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Ming\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Ming\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Ming\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: CBIEBuddy - {a412e581-59b2-485e-834f-c5f0c0268c79} - C:\Program Files\Kingsoft\PowerWord Lite\CBEBand.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe
O4 - HKLM\..\Run: [emMON] emMON.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] "C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe"
O4 - HKLM\..\Run: [Google IME Autoupdater] C:\Program Files\Google\Google Pinyin\GooglePinyinDaemon.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [PromoReg] C:\WINDOWS\Temp\_ex-08.exe
O4 - HKLM\..\Run: [18822654] C:\Documents and Settings\All Users\Application Data\18822654\18822654.exe
O4 - HKLM\..\Run: [Xkenufoqiwu] rundll32.exe "C:\WINDOWS\ubawujon.dll",e
O4 - HKLM\..\Run: [14102034] C:\Documents and Settings\All Users\Application Data\14102034\14102034.exe
O4 - HKLM\..\Run: [sysgif32] C:\WINDOWS\Temp\wpv111254042811.exe
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Ming\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [FormAutoFiller] C:\Program Files\FormAutoFiller\faf.exe
O4 - Startup: ikowin32.exe
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Startup: ?eé?′ê°? 2005.lnk
O4 - Startup: ìú??QQ.lnk
O4 - Startup: 腾讯QQ.lnk = C:\Program Files\Tencent\QQ\CopyFolder.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Bluetooth Mouse.lnk = C:\Program Files\Bluetooth Mouse\MulMouse.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Global Startup: 蓝牙控制盘.lnk = ?
O4 - Global Startup: 谷歌金山词霸合作版.lnk = C:\Program Files\Kingsoft\PowerWord Lite\XDict.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: open with xmlpad - res://C:\Program Files\WMHelp Software\WMHelp XmlPad\WmhASPP.dll/101
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: 发送到 Bluetooth 设备(&B)... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: 添加到QQ表情 - C:\Program Files\Tencent\QQ\AddEmotion.htm
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: ?eé?′ê°??ˉàà?÷à? - {a412e581-59b2-485e-834f-c5f0c0268c79} - C:\Program Files\Kingsoft\PowerWord Lite\CBEBand.dll
O9 - Extra 'Tools' menuitem: ?eé?′ê°??ˉàà?÷à? - {a412e581-59b2-485e-834f-c5f0c0268c79} - C:\Program Files\Kingsoft\PowerWord Lite\CBEBand.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4EFA317A-8569-4788-B175-5BAF9731A549} (Microsoft Virtual Server VMRC Advanced Control) - https://www.microsoft.com/resources/vir ... lient1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 2991562890
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 7015596280
O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} (DLC Class) - https://transfers.ds.microsoft.com/FTM/ ... erCtrl.cab
O16 - DPF: {AC414988-E5BB-4C2C-873B-EA53D2F3D23A} (CCTVUpdateInstall) - http://t.live.cctv.com/ieocx/CCTVUpdateInstall.dll
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupControlXP Class) - https://pcln06.corp.priceline.com/dana- ... tupSP1.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C97AE255-EEEE-45FC-8C2A-F9AB9638DC33}: NameServer = 208.67.222.222,208.67.220.220
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wmh - {A1428E78-2D00-4590-A071-0CC9700A7768} - C:\Program Files\WMHelp Software\WMHelp XmlPad\WmhASPP.dll
O23 - Service: Apache2.2 - Apache Software Foundation - C:\xampp\apache\bin\httpd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - c:\xampp\FileZillaFTP\FileZillaServer.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Sony SPTI Service for DVE (ICDSPTSV) - Sony Corporation - C:\WINDOWS\system32\IcdSptSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service (lavasoft ad-aware service) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: MySQL - Unknown owner - c:\xampp\mysql\bin\mysqld.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Automatic Updates (wuauserv) - Unknown owner - C:\WINDOWS\

--
End of file - 15378 bytes
five100aday
Active Member
 
Posts: 9
Joined: September 29th, 2009, 9:24 pm
Advertisement
Register to Remove

Re: All start with Total security

Unread postby Blade81 » October 4th, 2009, 5:10 am

Hello,

Please download exeHelper to your desktop.
Double-click on exeHelper.com to run the fix.
A black window should pop up, press any key to close once the fix is completed.
Post the contents of log.txt (Will be created in the directory where you ran exeHelper.com)
Note: If the window shows a message that says Error deleting file, please re-run the program before posting a log - and post the two logs together (they will both be in the one file).

Download DDS and save it to your desktop from here or here or here.
Disable any script blocker, and then double click dds.scr to run the tool.
  • When done, DDS will open two (2) logs:
    1. DDS.txt
    2. Attach.txt
  • Save both reports to your desktop. Post them back to your topic.


Download GMER here by clicking download exe -button and then saving it your desktop:
  • Double-click .exe that you downloaded
  • Click rootkit-tab and then scan.
  • Don't check
    Show All
    box while scanning in progress!
  • When scanning is ready, click Copy.
  • This copies log to clipboard
  • Post log in your reply.
User avatar
Blade81
Admin/Teacher
Admin/Teacher
 
Posts: 5245
Joined: July 17th, 2006, 3:36 am
Location: Finland

Re: All start with Total security

Unread postby five100aday » October 4th, 2009, 3:54 pm

exeHelper by Raktor - 09
Build 20090925
Run at 13:03:30 on 10/04/09
Now searching...
Checking for numerical processes...
Removing HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\18822654
Removing HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\14102034
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--



DDS (Ver_09-09-29.01) - NTFSx86
Run by Ming at 13:39:59.77 on 10/04/2009 Sun
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_10
Microsoft Windows XP Professional 5.1.2600.3.936.86.1033.18.2038.1065 [GMT -4:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
svchost.exe
C:\xampp\apache\bin\httpd.exe
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\xampp\mysql\bin\mysqld.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\xampp\apache\bin\httpd.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\sm56hlpr.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\Temp\wpv111254042811.exe
C:\Program Files\Bluetooth Mouse\MulMouse.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Kingsoft\PowerWord Lite\XDict.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\WINDOWS\system32\mdm.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
svchost
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\conime.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\notepad.exe
C:\dds.scr

============== Pseudo HJT Report ===============

uStart Page = https://pcln06.corp.priceline.com/dana-na/auth/url_default/welcome.cgi
uInternet Settings,ProxyServer = hxxp://nw-proxy.corp.priceline.com/proxy.pac
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common

files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet

explorer\SkypeIEPlugin.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program

files\real\realplayer\rpbrowserrecordplugin.dll
BHO: RoboForm: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: CBBrowerBuddy Class: {a412e581-59b2-485e-834f-c5f0c0268c79} - c:\program files\kingsoft\powerword lite\CBEBand.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6

\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
TB: {65F8A3D2-4C22-4A33-9633-73167EAEEC45} - No File
EB: 金山词霸浏览器栏: {abb7394c-91cd-42e9-88a3-23166137709d} - c:\program files\kingsoft\powerword lite\CBEBand.dll
uRun: [Picasa Media Detector] c:\program files\picasa2\PicasaMediaDetector.exe
uRun: [Aim6]
uRun: [Google Update] "c:\documents and settings\ming\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [Weather] c:\program files\aws\weatherbug\Weather.exe 1
uRun: [FormAutoFiller] c:\program files\formautofiller\faf.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [IMEKRMIG6.1] c:\windows\ime\imkr6_1\IMEKRMIG.EXE
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [SMSERIAL] sm56hlpr.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [FixCamera] c:\windows\FixCamera.exe
mRun: [emMON] emMON.exe
mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe"
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam\Quickcam.exe" /hide
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [EOUApp] "c:\program files\intel\wireless\bin\EOUWiz.exe"
mRun: [Google IME Autoupdater] c:\program files\google\google pinyin\GooglePinyinDaemon.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [PromoReg] c:\windows\temp\_ex-08.exe
mRun: [Xkenufoqiwu] rundll32.exe "c:\windows\ubawujon.dll",e
mRun: [sysgif32] c:\windows\temp\wpv111254042811.exe
StartupFolder: c:\documents and settings\ming\start menu\programs\startup\ikowin32.exe
StartupFolder: c:\docume~1\ming\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 2.3

\program\quickstart.exe
StartupFolder: c:\docume~1\ming\startm~1\programs\startup\Eé′~1.LNK -
StartupFolder: c:\docume~1\ming\startm~1\programs\startup\QQ9F04~1.LNK -
StartupFolder: c:\docume~1\ming\startm~1\programs\startup\禚穸qq.lnk - c:\program files\tencent\qq\CopyFolder.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common

files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\bluetooth mouse\MulMouse.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\desktop

messenger\8876480\program\LogitechDesktopMessenger.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft

office\office\OSA9.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\喽襦盔~1.lnk - c:\program files\widcomm\bluetooth

software\BTTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\硅歌金~1.lnk - c:\program files\kingsoft\powerword

lite\XDict.exe
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Customize Menu - file://c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html
IE: Fill Forms - file://c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: open with xmlpad - c:\program files\wmhelp software\wmhelp xmlpad\WmhASPP.dll/101
IE: RoboForm Toolbar - file://c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: ìí?óμ?QQ±í?é - c:\program files\tencent\qq\AddEmotion.htm
IE: 发送到 Bluetooth 设备(&B)... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: 添加到QQ表情 - c:\program files\tencent\qq\AddEmotion.htm
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partygaming\partypoker\RunApp.exe
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program

files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {a412e581-59b2-485e-834f-c5f0c0268c79} - {A412E581-59B2-485E-834F-C5F0C0268C79} - c:\program files\kingsoft\powerword

lite\CBEBand.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {4EFA317A-8569-4788-B175-5BAF9731A549} - hxxps://www.microsoft.com/resources/virtuallabs/ActiveX/VMRCActiveXClient1.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} -

hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1192991562890
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} -

hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1207015596280
DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} - hxxps://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab
DPF: {AC414988-E5BB-4C2C-873B-EA53D2F3D23A} - hxxp://t.live.cctv.com/ieocx/CCTVUpdateInstall.dll
DPF: {CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} - hxxps://pcln06.corp.priceline.com/dana-cached/setup/JuniperSetupSP1.cab
TCP: {C97AE255-EEEE-45FC-8C2A-F9AB9638DC33} = 208.67.222.222,208.67.220.220
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480

\program\GAPlugProtocol-8876480.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: wmh - {A1428E78-2D00-4590-A071-0CC9700A7768} - c:\program files\wmhelp software\wmhelp xmlpad\WmhASPP.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Notification Packages = scecli ca3950.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\ming\applic~1\mozilla\firefox\profiles\bze6tqx0.default\
FF - prefs.js: network.proxy.type - 4
FF - component: c:\program files\mozilla firefox\components\QQDownloadFFH.dll
FF - component: c:\program files\real\realplayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - component: c:\program files\siber systems\ai roboform\firefox\components\rfproxy_31.dll
FF - plugin: c:\documents and settings\ming\application

data\mozilla\firefox\profiles\bze6tqx0.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-

msvc\plugins\npmnqmp07076007.dll
FF - plugin: c:\documents and settings\ming\local settings\application data\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - plugin: c:\windows\system32\npmirage.dll
FF - plugin: c:\windows\system32\npwmsdrm.dll
FF - HiddenExtension: XUL Cache: {69794326-27D2-41E2-8A3F-ADB89C7E9128} - c:\documents and settings\ming\local

settings\application data\{69794326-27D2-41E2-8A3F-ADB89C7E9128}

============= SERVICES / DRIVERS ===============

R0 lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-9-11 64160]
R1 NEOFLTR_600_12507;Juniper Networks TDI Filter Driver (NEOFLTR_600_12507);c:\windows\system32\drivers\NEOFLTR_600_12507.sys

[2007-12-27 64160]
R1 NEOFLTR_630_13725;Juniper Networks TDI Filter Driver (NEOFLTR_630_13725);c:\windows\system32\drivers\NEOFLTR_630_13725.sys

[2008-11-21 64480]
R2 Apache2.2;Apache2.2;c:\xampp\apache\bin\httpd.exe [2008-12-9 24636]
R2 LogWatch;Event Log Watch;c:\program files\ca\sharedcomponents\ca_lic\LogWatNT.exe [2005-2-23 53248]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-6 99328]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-6-27

24652]
S1 610138fc;610138fc;c:\windows\system32\drivers\610138fc.sys [2009-8-29 0]
S1 c10ec788;c10ec788;c:\windows\system32\drivers\c10ec788.sys [2009-9-18 0]
S2 lavasoft ad-aware service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-7-3 1028432]
S3 ICDUSB2;Sony IC Recorder (P);c:\windows\system32\drivers\IcdUsb2.sys [2008-8-6 39048]
S3 Si670m;WayTech Bluetooth USB Filter Driver;c:\windows\system32\drivers\Si670m.sys [2007-12-2 13312]
S4 MsDtsServer;SQL Server Integration Services;c:\program files\microsoft sql server\90\dts\binn\MsDtsSrvr.exe [2007-3-3

202096]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\microsoft visual studio 8\common7\ide\remote debugger\x86

\msvsmon.exe [2006-12-2 2805000]
S4 ReportServer;SQL Server Reporting Services (MSSQLSERVER);c:\program files\microsoft sql server\mssql.4\reporting

services\reportserver\bin\ReportingServicesService.exe [2007-3-3 17264]

============== File Associations ===============

chm.file="hh.exe" %1
txtfile=c:\windows\notepad.exe %1

=============== Created Last 30 ================

2009-10-04 13:39 361,369 a------- C:\dds.scr
2009-10-04 13:03 284,160 a------- C:\exeHelper.com
2009-09-27 20:33 <DIR> --d----- c:\program files\Trend Micro
2009-09-26 20:59 812,344 a------- C:\HJTInstall.exe
2009-09-26 20:39 <DIR> --d----- c:\documents and settings\ming\.housecall6.6
2009-09-26 15:51 8,144 a------- C:\jinv_request.xml
2009-09-26 13:40 <DIR> --d----- c:\docume~1\ming\applic~1\RapidTyping
2009-09-26 13:40 <DIR> --d----- c:\docume~1\alluse~1\applic~1\RapidTyping
2009-09-26 13:40 <DIR> --d----- c:\program files\RapidTyping
2009-09-26 13:40 1,967,100 a------- C:\RapidTyping_Setup_2.9.6.exe
2009-09-20 12:12 4,340 a------- C:\test.asp
2009-09-20 10:41 10,570,670 a------- C:\XmlPad3_02a.zip
2009-09-18 21:21 0 a------- c:\windows\system32\drivers\c10ec788.sys
2009-09-16 11:02 <DIR> --d----- c:\docume~1\ming\applic~1\WMHelp
2009-09-16 11:02 <DIR> --d----- c:\program files\WMHelp Software
2009-09-11 20:21 15,688 a------- c:\windows\system32\lsdelete.exe
2009-09-11 08:29 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-09-11 08:26 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{EF63305C-BAD7-4144-9208-D65528260864}
2009-09-11 08:26 <DIR> --d----- c:\program files\Lavasoft
2009-09-04 21:56 52,253 a------- C:\index.php

==================== Find3M ====================

2009-09-25 12:35 44,944 -------- c:\windows\system32\drivers\pxhelp20.sys
2009-09-16 18:58 0 a------- c:\windows\system32\drivers\610138fc.sys
2009-08-05 05:01 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-07-17 15:01 58,880 a------- c:\windows\system32\atl.dll
2009-07-13 23:43 286,208 a------- c:\windows\system32\wmpdxm.dll
2008-11-16 15:14 172,032 a------- c:\docume~1\ming\applic~1\JuniperSetup.exe

============= FINISH: 13:40:58.70 ===============




UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-09-29.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 10/21/2007 2:00:04 AM
System Uptime: 10/3/2009 12:24:48 AM (37 hours ago)

Motherboard: Gateway | | MP6954


Processor: Genuine Intel(R) CPU T2050 @ 1.60GHz | uFCPGA2 |

1596/533mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 73 GiB total, 5.018 GiB free.
D: is FIXED (NTFS) - 15 GiB total, 3.913 GiB free.
E: is FIXED (FAT32) - 24 GiB total, 4.39 GiB free.
F: is CDROM (CDFS)

==== Disabled Device Manager Items =============

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Video Controller (VGA Compatible)
Device ID: PCI\VEN_8086&DEV_27A2&SUBSYS_0366107B&REV_03\3&B1BFB68&0&10
Manufacturer:
Name: Video Controller (VGA Compatible)
PNP Device ID: PCI\VEN_8086&DEV_27A2&SUBSYS_0366107B&REV_03\3&B1BFB68&0&10
Service:

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Video Controller
Device ID: PCI\VEN_8086&DEV_27A6&SUBSYS_0366107B&REV_03\3&B1BFB68&0&11
Manufacturer:
Name: Video Controller
PNP Device ID: PCI\VEN_8086&DEV_27A6&SUBSYS_0366107B&REV_03\3&B1BFB68&0&11
Service:

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Generic Marvell Yukon Chipset based Gigabit Ethernet Controller
Device ID: PCI\VEN_11AB&DEV_4352&SUBSYS_0366107B&REV_14\4&192AC53F&0&00E0
Manufacturer: Marvell
Name: Generic Marvell Yukon Chipset based Gigabit Ethernet Controller
PNP Device ID: PCI\VEN_11AB&DEV_4352&SUBSYS_0366107B&REV_14\4&192AC53F&0&00E0
Service: yukonwxp

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: SM Bus Controller
Device ID: PCI\VEN_8086&DEV_27DA&SUBSYS_0366107B&REV_02\3&B1BFB68&0&FB
Manufacturer:
Name: SM Bus Controller
PNP Device ID: PCI\VEN_8086&DEV_27DA&SUBSYS_0366107B&REV_02\3&B1BFB68&0&FB
Service:

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Bluetooth LAN Access Server Driver
Device ID: {95C7A0A0-3094-11D7-A202-00508B9D7D5A}

\BTWDNDIS\1&30EE4AD&0&1000000020000
Manufacturer: Broadcom
Name: Bluetooth LAN Access Server Driver
PNP Device ID: {95C7A0A0-3094-11D7-A202-00508B9D7D5A}

\BTWDNDIS\1&30EE4AD&0&1000000020000
Service: BTWDNDIS

==== System Restore Points ===================

RP738: 9/29/2009 11:30:36 AM - System Checkpoint
RP739: 9/30/2009 6:08:40 PM - System Checkpoint
RP740: 10/1/2009 9:17:09 PM - System Checkpoint
RP741: 10/3/2009 1:28:45 AM - System Checkpoint
RP742: 10/4/2009 1:28:58 AM - System Checkpoint

==== Installed Programs ======================

.NET StockTrader
2007 Microsoft Office Suite Service Pack 1 (SP1)
AAC Decoder
Ad-Aware
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe AIR
Adobe Digital Editions
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Media Player
Adobe Photoshop 7.0
Adobe Reader 8.1.2
Adobe Reader 8.1.2 Security Update 1 (KB403742)
Adobe Shockwave Player
Advanced System Optimizer 2.01.4
AI RoboForm (All Users)
AIM 6
Apple Mobile Device Support
Apple Software Update
AutoUpdate
Bluetooth Mouse 1.00.02 (Build 1000)
Bonjour
CA AllFusion ERwin Data Modeler r7
Chinese Simplified Fonts Support For Adobe Reader 8
Chinese Traditional Fonts Support For Adobe Reader 8
Citrix Presentation Server Client
Contact_CS
Critical Update for Windows Media Player 11 (KB959772)
Digital Voice Editor 3
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Version Checker
DivX Web Player
ExamDiff 1.8
Flock 1.0
GDR 1406 for SQL Server Analysis Services 2005 ENU (KB932557)
GDR 1406 for SQL Server Database Services 2005 ENU (KB932557)
GDR 1406 for SQL Server Integration Services 2005 ENU (KB932557)
GDR 1406 for SQL Server Reporting Services 2005 ENU (KB932557)
GDR 1406 for SQL Server Tools and Workstation Components 2005 ENU (KB932557)
Google Chrome
H.264 Decoder
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
iTunes
Japanese Fonts Support For Adobe Reader 8
Java 2 Runtime Environment, SE v1.4.2_06
Java 2 SDK, SE v1.4.2_06
Java(TM) 6 Update 10
Java(TM) 6 Update 3
Java(TM) SE Development Kit 6 Update 3
Juniper Citrix Services Client
Juniper Networks Network Connect 5.4.0
Juniper Networks Network Connect 6.0.0
Juniper Networks Network Connect 6.2.0
Juniper Networks Network Connect 6.3.0
Juniper Networks Secure Application Manager
Logitech Desktop Messenger
Logitech QuickCam
Logitech(r) Camera 驱动程序
Marvell Miniport Driver
mCore
MCTS Self-Paced Training Kit (Exam 70-528) - Microsoft .NET Framework 2.0

Web-Based Client Development
mDriver
mDrWiFi
mEoU
mHelp
Microsoft .NET Compact Framework 1.0 SP3 Developer
Microsoft .NET Compact Framework 2.0
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - CHS
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - CHS
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft ASP.NET 2.0 AJAX Extensions 1.0
Microsoft Baseline Security Analyzer 2.0.1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Device Emulator version 1.0 - ENU
Microsoft Document Explorer 2005
Microsoft Office 2000 Professional
Microsoft Office 2003 Web Components
Microsoft Office Live Meeting 2005 Replay Wrapper
Microsoft Office Live Meeting 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Visual Web Developer 2007
Microsoft Office Visual Web Developer MUI (English) 2007
Microsoft Script Debugger
Microsoft Silverlight
Microsoft SQL Server 2000 Sample Database Scripts
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Analysis Services
Microsoft SQL Server 2005 Backward compatibility
Microsoft SQL Server 2005 Books Online (English)
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
Microsoft SQL Server 2005 Integration Services
Microsoft SQL Server 2005 Mobile [ENU] Developer Tools
Microsoft SQL Server 2005 Reporting Services
Microsoft SQL Server 2005 Tools
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual J# 2.0 Redistributable Package
Microsoft Visual Studio 2005 Professional Edition - ENU
Microsoft Visual Studio 2005 Professional Edition - ENU Service Pack 1

(KB926601)
Microsoft Visual Studio Web Authoring Component
Microsoft Windows SDK for Visual Studio 2008 Express Tools for Web
mIWA
MKV Splitter
mLogView
mMHouse
Mobiz-Lite
Motorola SM56 Data Fax Modem
Mozilla Firefox (3.0.14)
mPfMgr
mPfWiz
mProSafe
MSDN Library for Microsoft Visual Studio 2008 Express Editions
MSDN Library for Visual Studio 2005
MSN
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 6.0 Parser (KB933579)
MVision
mWlsSafe
mXML
MySQL Workbench 5.1 OSS
mZConfig
Netscape Navigator (9.0.0.6)
NJStar Chinese WP
Notepad++
OpenOffice.org 2.3
OverDrive Media Console
PartitionMagic
PeerGuardian 2.0
PHP 5.2.9-2
Picasa 3
PokerStars
PowerQuest PartitionMagic 8.0
QQ2008 正式版
QuickTime
RapidTyping
RealPlayer
Rhapsody Player Engine
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Visual Studio 2005 Professional Edition - ENU

(KB937061)
Security Update for Microsoft Visual Studio 2005 Professional Edition - ENU

(KB947738)
Security Update for Microsoft Visual Studio 2005 Professional Edition - ENU

(KB971090)
Security Update for Microsoft Visual Studio 2005 Professional Edition - ENU

(KB973673)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953155)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970483)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
SigmaTel Audio
Skype? 3.5
Sonic Encoders
Sony Player Plug-in for Windows Media Player
SQLXML4
TBS WMP Plug-in
TD AMERITRADE StrategyDesk 2.4_2 (C:\Program Files\TD AMERITRADE\StrategyDesk)
Texas Instruments PCIxx21/x515/xx12 drivers.
TIPCI
Uniblue DriverScanner 2009
Update for 2007 Microsoft Office System (KB967642)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973815)
Update Rollup 2 for Windows XP Media Center Edition 2005
USB Video Device Driver
VC80CRTRedist - 8.0.50727.762
Videos 7 and 8 Sample Code
Viewpoint Media Player
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VLC media player 0.9.2
WebFldrs XP
WIDCOMM Bluetooth Software
Windows Driver Package - Microsoft Corporation (usbvideo) Image (05/25/2007

1.0.3656.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows XP Media Center Edition 2005 KB925766
Windows XP Service Pack 3
WinRAR archiver
WinZip
WMHelp XmlPad
XAMPP 1.7.1
XML Paper Specification Shared Components Language Pack 1.0
XML Paper Specification Shared Components Pack 1.0
英特尔(R) PROSet/无线软件
谷歌拼音输入法
谷歌金山词霸合作版

==== Event Viewer Messages From Past Week ========

9/29/2009 8:35:56 PM, error: Service Control Manager [7031] - The lavasoft

ad-aware service service terminated unexpectedly. It has done this 1 time(s).

The following corrective action will be taken in 5000 milliseconds: Restart

the service.
9/28/2009 9:00:04 PM, error: Service Control Manager [7024] - The SQL Server

Active Directory Helper service terminated with service-specific error

3221225572 (0xC0000064).
9/28/2009 9:00:04 PM, error: Service Control Manager [7000] - The Automatic

Updates service failed to start due to the following error: The system cannot

find the file specified.
9/28/2009 1:21:00 PM, error: Service Control Manager [7000] - The Background

Intelligent Transfer Service service failed to start due to the following

error: The system cannot find the file specified.
9/28/2009 1:21:00 PM, error: DCOM [10005] - DCOM got error "%2" attempting to

start the service BITS with arguments "" in order to run the server:

{4991D34B-80A1-4291-83B6-3328366B9097}
9/27/2009 8:31:00 PM, error: Service Control Manager [7034] - The iPod

Service service terminated unexpectedly. It has done this 1 time(s).

==== End Of File ===========================

the Gmer file is too big. It freezes the browser each time trying to attach it.
It will be post next or attach it as a file.
five100aday
Active Member
 
Posts: 9
Joined: September 29th, 2009, 9:24 pm

Re: All start with Total security

Unread postby five100aday » October 4th, 2009, 4:08 pm

The gmer log file is too big, so sent as attachment.
ooops, it is too large for attachment too.

Please let me know what to do with the file.

Thanks!
five100aday
Active Member
 
Posts: 9
Joined: September 29th, 2009, 9:24 pm

Re: All start with Total security

Unread postby Blade81 » October 5th, 2009, 10:06 am

Hi,

Please archive GMER log into a zip file and attach it to your post.
User avatar
Blade81
Admin/Teacher
Admin/Teacher
 
Posts: 5245
Joined: July 17th, 2006, 3:36 am
Location: Finland

Re: All start with Total security

Unread postby five100aday » October 6th, 2009, 8:32 pm

Attached is the Gmer log zip file.

Thanks!
You do not have the required permissions to view the files attached to this post.
five100aday
Active Member
 
Posts: 9
Joined: September 29th, 2009, 9:24 pm

Re: All start with Total security

Unread postby Blade81 » October 7th, 2009, 11:05 am

Hi,

Make sure word wrap is disabled in your text editor so that logs will be created in more readable format (without those gaps between the lines).

Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully and install the Recovery Console first.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:

  1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
    Remember to re-enable them afterwards.

  2. Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New dds.txt log.


A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.
User avatar
Blade81
Admin/Teacher
Admin/Teacher
 
Posts: 5245
Joined: July 17th, 2006, 3:36 am
Location: Finland

Re: All start with Total security

Unread postby five100aday » October 9th, 2009, 8:42 am

Here is the log from the ComboFix.
You do not have the required permissions to view the files attached to this post.
five100aday
Active Member
 
Posts: 9
Joined: September 29th, 2009, 9:24 pm

Re: All start with Total security

Unread postby Blade81 » October 9th, 2009, 10:56 am

Please post a fresh dds.txt log too.
User avatar
Blade81
Admin/Teacher
Admin/Teacher
 
Posts: 5245
Joined: July 17th, 2006, 3:36 am
Location: Finland

Re: All start with Total security

Unread postby five100aday » October 9th, 2009, 11:00 pm

Here is the zip file including Attach.txt and DDS.txt.
You do not have the required permissions to view the files attached to this post.
five100aday
Active Member
 
Posts: 9
Joined: September 29th, 2009, 9:24 pm

Re: All start with Total security

Unread postby Blade81 » October 10th, 2009, 4:46 am

Hi,

From now on, copy-paste logs to your replies instead of using attachments (unless contents won't fit in post), please.

Open notepad and copy/paste the text in the quotebox below into it:

Code: Select all
http://malwareremoval.com/forum/viewtopic.php?f=11&t=46214
Collect::
c:\windows\ca3950.dll
Driver::
610138fc
c10ec788
File::
c:\documents and settings\jessica\Local Settings\Application Data\Hzebohu.dat
c:\windows\system32\drivers\610138fc.sys
c:\windows\system32\drivers\c10ec788.sys
Folder::
c:\documents and settings\Ming\Application Data\LimeWire
Firefox::
FF - HiddenExtension: XUL Cache: {69794326-27D2-41E2-8A3F-ADB89C7E9128} - c:\documents and settings\Ming\Local Settings\Application Data\{69794326-27D2-41E2-8A3F-ADB89C7E9128}
DirLook::
C:\error_fix
Registry::
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Notification Packages"=hex(7):73,63,65,63,6c,69,00,00
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000000
"FirewallOverride"=dword:00000000



Save this as
CFScript

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.

Image

Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe (follow the instructions given there to submit some file samples).
Then post the resultant log.


Get updates 8.1.3 & 8.1.6 for Adobe Reader here or get Foxit Reader here. Make sure you don't install toolbar if choose Foxit Reader! You may also check free readers introduced here.


Uninstall your current Adobe shockwave player and get the fresh one here if needed.

Check here to see if your Flash is up-to-date (do it separately with each of your browsers). If not, uninstall vulnerable versions by following instructions here. Fresh version can be obtained here.


Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update to the latest version...

Updating Java:
  • Download the latest version of Java Runtime Environment (JRE) 6 Update 16.
  • Click the
    Download
    button to the right.
  • Select Windows on platform combobox and check the box that says:
    Accept License Agreement. Click continue.
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u16-windows-i586-p.exe to install the newest version. Uncheck Carbonite online backup trial if it's offered there.


Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.

Double-click ATF Cleaner.exe to open it

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache

*The other boxes are optional*
Then click the Empty Selected button.

If you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

If you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program.


* Go here to run an online scanner from ESET.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • Make sure that the option Remove found threats is UNchecked and the option Scan unwanted applications is checkmarked.
  • Click Scan
  • Wait for the scan to finish
  • Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic, along with a fresh dds.txt log and above mentioned ComboFix resultant log.
User avatar
Blade81
Admin/Teacher
Admin/Teacher
 
Posts: 5245
Joined: July 17th, 2006, 3:36 am
Location: Finland

Re: All start with Total security

Unread postby five100aday » October 10th, 2009, 5:03 pm

ComboFix 09-10-08.04 - Ming 0/2009 Sat 15:58.3.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.936.86.1033.18.2038.1433 [GMT -4:00]
执行位置: c:\documents and settings\Ming\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Ming\Desktop\CFScript.txt

FILE ::
"c:\documents and settings\jessica\Local Settings\Application Data\Hzebohu.dat"
"c:\windows\system32\drivers\610138fc.sys"
"c:\windows\system32\drivers\c10ec788.sys"
.

((((((((((((((((((((((((((((((((((((((( 被删除的档案 )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Installer\18ad2a.msi

.
((((((((((((((((((((((((( 2009-09-10 至 2009-10-10 的新的档案 )))))))))))))))))))))))))))))))
.

2009-10-10 17:11 . 2009-10-10 17:11 -------- d-----w- c:\program files\ESET
2009-10-10 16:45 . 2009-10-10 17:04 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-10-10 16:45 . 2009-10-10 16:45 -------- d-----w- c:\program files\NOS
2009-10-10 14:37 . 2002-08-26 06:30 73116 ----a-w- c:\windows\system32\EBPMON2.DLL
2009-10-10 14:37 . 2002-07-31 06:25 61440 ----a-w- c:\windows\system32\ECBTEG.DLL
2009-10-10 14:37 . 2001-09-04 06:04 182 ----a-w- c:\windows\system32\EBPPORT.DAT
2009-10-10 14:37 . 2000-06-07 05:01 34304 ----a-w- c:\windows\system32\EBPCHP.DLL
2009-10-10 14:37 . 2009-10-10 14:38 -------- d-----w- c:\program files\EPSON
2009-10-10 14:37 . 2009-10-10 14:37 -------- d-----w- C:\epson
2009-10-10 14:29 . 2008-04-13 18:47 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
2009-10-10 14:29 . 2008-04-13 18:47 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2009-10-10 02:55 . 2009-10-10 02:57 -------- d-----w- C:\err_fix1
2009-10-09 04:45 . 2009-06-21 21:44 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2009-10-07 01:25 . 2009-10-07 01:25 -------- d-----w- C:\HEGames
2009-10-04 17:41 . 2009-10-10 19:45 -------- d-----w- C:\error_fix
2009-09-28 17:17 . 2009-09-28 17:17 -------- d-----w- c:\documents and settings\jessica\Application Data\RapidTyping
2009-09-28 00:33 . 2009-09-28 00:33 -------- d-----w- c:\program files\Trend Micro
2009-09-27 00:59 . 2009-09-27 00:59 812344 ----a-w- C:\HJTInstall.exe
2009-09-27 00:39 . 2009-09-27 02:58 -------- d-----w- c:\documents and settings\Ming\.housecall6.6
2009-09-26 17:40 . 2009-09-26 17:40 -------- d-----w- c:\documents and settings\Ming\Application Data\RapidTyping
2009-09-26 17:40 . 2009-09-26 17:40 -------- d-----w- c:\documents and settings\All Users\Application Data\RapidTyping
2009-09-26 17:40 . 2009-09-26 17:40 -------- d-----w- c:\program files\RapidTyping
2009-09-16 15:02 . 2009-09-16 15:02 -------- d-----w- c:\documents and settings\Ming\Application Data\WMHelp
2009-09-16 15:02 . 2009-09-16 15:02 -------- d-----w- c:\program files\WMHelp Software
2009-09-12 00:21 . 2009-09-21 12:28 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-09-11 12:29 . 2009-07-03 14:49 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-09-11 12:26 . 2009-09-11 12:26 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}
2009-09-11 12:26 . 2009-09-11 12:26 -------- d-----w- c:\program files\Lavasoft

.
(((((((((((((((((((((((((((((((((((((((( 在三个月内被修改的档案 ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-10 17:30 . 2007-11-04 19:33 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-10-10 15:31 . 2009-05-02 14:06 -------- d-----w- c:\documents and settings\Ming\Application Data\OpenOffice.org2
2009-10-10 15:29 . 2008-09-20 02:57 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-10 15:19 . 2007-10-27 02:58 -------- d-----w- c:\program files\Java
2009-10-09 23:12 . 2008-07-28 02:10 -------- d-----w- c:\program files\Ares
2009-10-09 07:10 . 2008-02-12 03:27 -------- d-----w- c:\program files\Microsoft Silverlight
2009-10-08 03:37 . 2007-10-25 02:09 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-08 00:29 . 2009-08-30 02:14 120 ----a-w- c:\windows\Hzebohu.dat
2009-10-04 18:10 . 2008-02-28 04:30 -------- d-----w- c:\program files\Flock
2009-10-04 18:09 . 2009-07-12 14:25 -------- d-----w- c:\program files\PokerStars
2009-10-04 18:08 . 2007-11-10 03:50 -------- d-----w- c:\documents and settings\Ming\Application Data\QQUpdate
2009-10-04 18:08 . 2007-11-03 03:48 -------- d-----w- c:\documents and settings\Ming\Application Data\QQ
2009-09-25 16:35 . 2008-07-31 22:17 44944 ------w- c:\windows\system32\drivers\pxhelp20.sys
2009-09-16 12:00 . 2008-02-10 03:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-09-03 01:37 . 2009-09-03 01:37 60744 ----a-w- c:\documents and settings\jessica\g2mdlhlpx.exe
2009-08-30 18:03 . 2008-08-12 02:12 -------- d-----w- c:\program files\PPLive
2009-08-23 00:40 . 2009-08-23 00:26 -------- d-----w- c:\program files\PartyGaming
2009-08-17 02:38 . 2005-01-10 01:26 45440 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-05 09:01 . 2007-10-21 04:28 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-17 19:01 . 2007-10-21 04:24 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-14 03:43 . 2007-10-21 04:30 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2007-06-17 06:22 . 2007-06-17 06:22 62784 ----a-w- c:\program files\mozilla firefox\components\QQDownloadFFH.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of C:\error_fix ----

2009-10-09 05:27 . 2009-10-09 05:28 21143 ----a-w- c:\error_fix\ComboFix.txt
2009-10-07 00:30 . 2009-10-07 00:30 114049 ----a-w- c:\error_fix\gmer_log.zip
2009-10-04 20:04 . 2009-10-04 20:04 2107148 ----a-w- c:\error_fix\gmer_log.txt
2009-10-04 17:45 . 2009-10-04 17:45 290816 ----a-w- c:\error_fix\wf59d7t5.exe
2009-10-04 17:43 . 2009-10-04 21:37 2138642 ----a-w- c:\error_fix\exehelperlog.txt
2009-10-04 17:41 . 2009-10-04 21:37 16693 ----a-w- c:\error_fix\DDS.txt
2009-10-04 17:41 . 2009-10-04 21:37 14125 ----a-w- c:\error_fix\Attach.txt
2009-10-04 17:03 . 2009-10-04 17:03 284160 ----a-w- c:\error_fix\exeHelper.com


------- Sigcheck -------

[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . 4AFB3B0919649F95C1964AA1FAD27D73 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[7] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
[7] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys
[-] 2007-10-30 . 90CAFF4B094573449A0872A0F919B178 . 360064 . . [5.1.2600.3244] . . c:\windows\$NtUninstallKB951748_0$\tcpip.sys
[-] 2007-10-30 . 64798ECFA43D78C7178375FCDD16D8C8 . 360832 . . [5.1.2600.3244] . . c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[-] 2006-04-20 . B2220C618B42A2212A59D91EBD6FC4B4 . 360576 . . [5.1.2600.2892] . . c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
[-] 2006-04-20 . 1DBF125862891817F374F407626967F4 . 359808 . . [5.1.2600.2892] . . c:\windows\$NtUninstallKB941644$\tcpip.sys
[-] 2004-08-10 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB917953$\tcpip.sys
.
((((((((((((((((((((((((((((( SnapShot_2009-10-10_15.54.40 )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-06-05 18:14 . 2006-06-05 18:14 626688 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\msvcr80.dll
- 2006-06-05 19:14 . 2006-06-05 19:14 626688 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\msvcr80.dll
+ 2006-06-05 18:14 . 2006-06-05 18:14 548864 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\msvcp80.dll
- 2006-06-05 19:14 . 2006-06-05 19:14 548864 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\msvcp80.dll
- 2006-06-05 19:14 . 2006-06-05 19:14 479232 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\msvcm80.dll
+ 2006-06-05 18:14 . 2006-06-05 18:14 479232 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\msvcm80.dll
+ 2008-02-09 16:31 . 2009-10-10 16:52 451004 c:\windows\system32\inetsrv\MetaBase.bin
- 2008-02-09 16:31 . 2009-10-10 15:54 451004 c:\windows\system32\inetsrv\MetaBase.bin
+ 2009-10-10 16:48 . 2009-10-10 16:48 295606 c:\windows\Installer\{AC76BA86-7AD7-1033-7B44-A81300000003}\SC_Reader.exe
+ 2009-10-10 16:48 . 2009-10-10 16:48 4192256 c:\windows\Installer\2a20de.msi
.
((((((((((((((((((((((((((((((((((((( 重要登入点 ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*注意* 空白与合法缺省登录将不会被显示
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\Ming\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-04 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-10 208952]
"IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-10 44032]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-10 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-07-25 563984]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2007-07-25 2027792]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-28 667718]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-12-28 602182]
"EOUApp"="c:\program files\Intel\Wireless\Bin\EOUWiz.exe" [2005-12-28 569413]
"Google IME Autoupdater"="c:\program files\Google\Google Pinyin\GooglePinyinDaemon.exe" [2008-10-17 308720]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-03-13 342312]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-04-26 198160]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-10 149280]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2005-12-27 413696]
"SMSERIAL"="sm56hlpr.exe" - c:\windows\sm56hlpr.exe [2006-01-11 544768]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-9-6 113664]
Bluetooth Mouse.lnk - c:\program files\Bluetooth Mouse\MulMouse.exe [2007-12-2 245760]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-11-8 67128]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2007-10-22 106560]
蓝牙控制盘.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-2-27 561213]
谷歌金山词霸合作版.lnk - c:\program files\Kingsoft\PowerWord Lite\XDict.exe [2008-7-10 2505840]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\lavasoft ad-aware service]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Tencent\\QQMusic\\QzoneMusic.exe"=
"c:\\Program Files\\Ares\\Ares.exe"=
"c:\\Program Files\\PPLive\\PPLive.exe"=
"c:\\Program Files\\Juniper Networks\\Secure Application Manager\\dsSamProxy.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Documents and Settings\\Ming\\Application Data\\Juniper Networks\\Juniper Citrix Services Client\\dsCitrixProxy.exe"=
"c:\\xampp\\apache\\bin\\httpd.exe"=
"c:\\xampp\\mysql\\bin\\mysqld.exe"=

R0 lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [9/11/2009 8:29 AM 64160]
R1 NEOFLTR_600_12507;Juniper Networks TDI Filter Driver (NEOFLTR_600_12507);c:\windows\system32\drivers\NEOFLTR_600_12507.sys [12/27/2007 11:23 PM 64160]
R1 NEOFLTR_630_13725;Juniper Networks TDI Filter Driver (NEOFLTR_630_13725);c:\windows\system32\drivers\NEOFLTR_630_13725.sys [11/21/2008 4:37 AM 64480]
R2 Apache2.2;Apache2.2;c:\xampp\apache\bin\httpd.exe [12/9/2008 7:10 PM 24636]
R2 lavasoft ad-aware service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [7/3/2009 10:49 AM 1028432]
R2 LogWatch;Event Log Watch;c:\program files\CA\SharedComponents\CA_LIC\LogWatNT.exe [2/23/2005 3:56 PM 53248]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [6/27/2008 5:24 AM 24652]
S3 getPlusHelper;getPlus(R) Helper;c:\windows\System32\svchost.exe -k getPlusHelper [10/21/2007 12:29 AM 14336]
S3 ICDUSB2;Sony IC Recorder (P);c:\windows\system32\drivers\IcdUsb2.sys [8/6/2008 8:39 PM 39048]
S3 Si670m;WayTech Bluetooth USB Filter Driver;c:\windows\system32\drivers\Si670m.sys [12/2/2007 12:27 AM 13312]
S4 MsDtsServer;SQL Server Integration Services;c:\program files\Microsoft SQL Server\90\DTS\Binn\MsDtsSrvr.exe [3/3/2007 11:12 PM 202096]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [12/2/2006 7:17 AM 2805000]
S4 ReportServer;SQL Server Reporting Services (MSSQLSERVER);c:\program files\Microsoft SQL Server\MSSQL.4\Reporting Services\ReportServer\bin\ReportingServicesService.exe [3/3/2007 11:09 PM 17264]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
‘计划任务’ 文件夹 里的内容

2009-10-09 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-07-03 12:28]

2009-10-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3872471544-4230950355-2361766433-1006Core.job
- c:\documents and settings\Ming\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-04 03:50]

2009-10-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3872471544-4230950355-2361766433-1006UA.job
- c:\documents and settings\Ming\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-04 03:50]

2009-10-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3872471544-4230950355-2361766433-1035Core.job
- c:\documents and settings\jessica\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-06 01:09]

2009-10-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3872471544-4230950355-2361766433-1035UA.job
- c:\documents and settings\jessica\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-06 01:09]
.
.
------- 而外的扫描 -------
.
uStart Page = https://pcln06.corp.priceline.com/dana-na/auth/url_default/welcome.cgi
uInternet Settings,ProxyServer = hxxp://nw-proxy.corp.priceline.com/proxy.pac
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: open with xmlpad - c:\program files\WMHelp Software\WMHelp XmlPad\WmhASPP.dll/101
IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: ìí?óμ?QQ±í?é - c:\program files\Tencent\QQ\AddEmotion.htm
IE: 发送到 Bluetooth 设备(&B)... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: 添加到QQ表情 - c:\program files\Tencent\QQ\AddEmotion.htm
TCP: {C97AE255-EEEE-45FC-8C2A-F9AB9638DC33} = 208.67.222.222,208.67.220.220
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
Handler: wmh - {A1428E78-2D00-4590-A071-0CC9700A7768} - c:\program files\WMHelp Software\WMHelp XmlPad\WmhASPP.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {AC414988-E5BB-4C2C-873B-EA53D2F3D23A} - hxxp://t.live.cctv.com/ieocx/CCTVUpdateInstall.dll
FF - ProfilePath - c:\documents and settings\Ming\Application Data\Mozilla\Firefox\Profiles\bze6tqx0.default\
FF - prefs.js: network.proxy.type - 4
FF - component: c:\program files\Mozilla Firefox\components\QQDownloadFFH.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - component: c:\program files\Siber Systems\AI RoboForm\Firefox\components\rfproxy_31.dll
FF - plugin: c:\documents and settings\Ming\Application Data\Mozilla\Firefox\Profiles\bze6tqx0.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
FF - plugin: c:\documents and settings\Ming\Application Data\Mozilla\Firefox\Profiles\bze6tqx0.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp07076007.dll
FF - plugin: c:\documents and settings\Ming\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - plugin: c:\windows\system32\npmirage.dll
FF - plugin: c:\windows\system32\npwmsdrm.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-10 16:10
Windows 5.1.2600 Service Pack 3 NTFS

扫描被隐藏的进程 。。。

扫描被隐藏的启动组 。。。

扫描被隐藏的文件 。。。

扫描完成
被隐藏的档案: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\msftesql]
"ImagePath"="\"c:\program files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\msftesql.exe\" -s:MSSQL.2 -f:MSSQLSERVER"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3872471544-4230950355-2361766433-1006\Software\Microsoft\Internet Explorer\MenuExt\鹠燫0RQ*Q*h埮`]
@="c:\\Program Files\\Tencent\\QQ\\AddEmotion.htm"
"contexts"=dword:00000002

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
完成时间: 2009-10-10 16:13
ComboFix-quarantined-files.txt 2009-10-10 20:13
ComboFix2.txt 2009-10-10 16:01

Pre-Run: 2,240,823,296 bytes free
Post-Run: 2,198,687,744 bytes free

254 --- E O F --- 2009-10-09 07:04

=============================================
DDS (Ver_09-09-29.01) - NTFSx86
Run by Ming at 16:56:19.54 on 10/10/2009 Sat
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_16
Microsoft Windows XP Professional 5.1.2600.3.936.86.1033.18.2038.1400 [GMT -4:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\xampp\apache\bin\httpd.exe
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\xampp\mysql\bin\mysqld.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\xampp\apache\bin\httpd.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\sm56hlpr.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\Program Files\Google\Google Pinyin\GooglePinyinDaemon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\WINDOWS\system32\DllHost.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\conime.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Ming\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = https://pcln06.corp.priceline.com/dana-na/auth/url_default/welcome.cgi
uInternet Settings,ProxyServer = hxxp://nw-proxy.corp.priceline.com/proxy.pac
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: RoboForm: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
BHO: CBBrowerBuddy Class: {a412e581-59b2-485e-834f-c5f0c0268c79} - c:\program files\kingsoft\powerword lite\CBEBand.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
EB: 金山词霸浏览器栏: {abb7394c-91cd-42e9-88a3-23166137709d} - c:\program files\kingsoft\powerword lite\CBEBand.dll
uRun: [Google Update] "c:\documents and settings\ming\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [IMEKRMIG6.1] c:\windows\ime\imkr6_1\IMEKRMIG.EXE
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [SMSERIAL] sm56hlpr.exe
mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe"
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam\Quickcam.exe" /hide
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [EOUApp] "c:\program files\intel\wireless\bin\EOUWiz.exe"
mRun: [Google IME Autoupdater] c:\program files\google\google pinyin\GooglePinyinDaemon.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
StartupFolder: c:\docume~1\ming\startm~1\programs\startup\Eé′~1.LNK -
StartupFolder: c:\docume~1\ming\startm~1\programs\startup\QQ9F04~1.LNK -
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\bluetooth mouse\MulMouse.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\喽襦盔~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\硅歌金~1.lnk - c:\program files\kingsoft\powerword lite\XDict.exe
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Customize Menu - file://c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html
IE: Fill Forms - file://c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: open with xmlpad - c:\program files\wmhelp software\wmhelp xmlpad\WmhASPP.dll/101
IE: RoboForm Toolbar - file://c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: ìí?óμ?QQ±í?é - c:\program files\tencent\qq\AddEmotion.htm
IE: 发送到 Bluetooth 设备(&B)... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: 添加到QQ表情 - c:\program files\tencent\qq\AddEmotion.htm
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partygaming\partypoker\RunApp.exe
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {a412e581-59b2-485e-834f-c5f0c0268c79} - {A412E581-59B2-485E-834F-C5F0C0268C79} - c:\program files\kingsoft\powerword lite\CBEBand.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {4EFA317A-8569-4788-B175-5BAF9731A549} - hxxps://www.microsoft.com/resources/virtuallabs/ActiveX/VMRCActiveXClient1.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1192991562890
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1207015596280
DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} - hxxps://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {AC414988-E5BB-4C2C-873B-EA53D2F3D23A} - hxxp://t.live.cctv.com/ieocx/CCTVUpdateInstall.dll
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} - hxxps://pcln06.corp.priceline.com/dana-cached/setup/JuniperSetupSP1.cab
TCP: {C97AE255-EEEE-45FC-8C2A-F9AB9638DC33} = 208.67.222.222,208.67.220.220
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Handler: wmh - {A1428E78-2D00-4590-A071-0CC9700A7768} - c:\program files\wmhelp software\wmhelp xmlpad\WmhASPP.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\ming\applic~1\mozilla\firefox\profiles\bze6tqx0.default\
FF - prefs.js: network.proxy.type - 4
FF - component: c:\program files\mozilla firefox\components\QQDownloadFFH.dll
FF - component: c:\program files\real\realplayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - component: c:\program files\siber systems\ai roboform\firefox\components\rfproxy_31.dll
FF - plugin: c:\documents and settings\ming\application data\mozilla\firefox\profiles\bze6tqx0.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll
FF - plugin: c:\documents and settings\ming\application data\mozilla\firefox\profiles\bze6tqx0.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp07076007.dll
FF - plugin: c:\documents and settings\ming\local settings\application data\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - plugin: c:\windows\system32\npmirage.dll
FF - plugin: c:\windows\system32\npwmsdrm.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R0 lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-9-11 64160]
R1 NEOFLTR_600_12507;Juniper Networks TDI Filter Driver (NEOFLTR_600_12507);c:\windows\system32\drivers\NEOFLTR_600_12507.sys [2007-12-27 64160]
R1 NEOFLTR_630_13725;Juniper Networks TDI Filter Driver (NEOFLTR_630_13725);c:\windows\system32\drivers\NEOFLTR_630_13725.sys [2008-11-21 64480]
R2 Apache2.2;Apache2.2;c:\xampp\apache\bin\httpd.exe [2008-12-9 24636]
R2 lavasoft ad-aware service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-7-3 1028432]
R2 LogWatch;Event Log Watch;c:\program files\ca\sharedcomponents\ca_lic\LogWatNT.exe [2005-2-23 53248]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-6 99328]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-6-27 24652]
S3 getPlusHelper;getPlus(R) Helper;c:\windows\system32\svchost.exe -k getPlusHelper [2007-10-21 14336]
S3 ICDUSB2;Sony IC Recorder (P);c:\windows\system32\drivers\IcdUsb2.sys [2008-8-6 39048]
S3 Si670m;WayTech Bluetooth USB Filter Driver;c:\windows\system32\drivers\Si670m.sys [2007-12-2 13312]
S4 MsDtsServer;SQL Server Integration Services;c:\program files\microsoft sql server\90\dts\binn\MsDtsSrvr.exe [2007-3-3 202096]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\microsoft visual studio 8\common7\ide\remote debugger\x86\msvsmon.exe [2006-12-2 2805000]
S4 ReportServer;SQL Server Reporting Services (MSSQLSERVER);c:\program files\microsoft sql server\mssql.4\reporting services\reportserver\bin\ReportingServicesService.exe [2007-3-3 17264]

============== File Associations ===============

txtfile=c:\windows\notepad.exe %1

=============== Created Last 30 ================

2009-10-10 15:56 <DIR> --d----- C:\ComboFix
2009-10-10 13:11 <DIR> --d----- c:\program files\ESET
2009-10-10 11:29 73,728 a------- c:\windows\system32\javacpl.cpl
2009-10-10 10:37 73,116 a------- c:\windows\system32\EBPMON2.DLL
2009-10-10 10:37 61,440 a------- c:\windows\system32\ECBTEG.DLL
2009-10-10 10:37 34,304 a------- c:\windows\system32\EBPCHP.DLL
2009-10-10 10:37 182 a------- c:\windows\system32\EBPPORT.DAT
2009-10-10 10:37 <DIR> --d----- c:\program files\EPSON
2009-10-10 10:37 <DIR> --d----- C:\epson
2009-10-10 10:29 25,856 ac------ c:\windows\system32\dllcache\usbprint.sys
2009-10-10 10:29 25,856 a------- c:\windows\system32\drivers\usbprint.sys
2009-10-09 22:55 <DIR> --d----- C:\err_fix1
2009-10-09 00:45 153,088 -c------ c:\windows\system32\dllcache\triedit.dll
2009-10-09 00:25 <DIR> a-dshr-- C:\cmdcons
2009-10-09 00:23 229,888 a------- c:\windows\PEV.exe
2009-10-09 00:23 161,792 a------- c:\windows\SWREG.exe
2009-10-09 00:23 98,816 a------- c:\windows\sed.exe
2009-10-06 21:25 <DIR> --d----- C:\HEGames
2009-10-06 21:25 715 a------- c:\windows\hegames.ini
2009-10-04 13:41 <DIR> --d----- C:\error_fix
2009-09-27 20:33 <DIR> --d----- c:\program files\Trend Micro
2009-09-26 20:59 812,344 a------- C:\HJTInstall.exe
2009-09-26 20:39 <DIR> --d----- c:\documents and settings\ming\.housecall6.6
2009-09-26 15:51 8,144 a------- C:\jinv_request.xml
2009-09-26 13:40 <DIR> --d----- c:\docume~1\ming\applic~1\RapidTyping
2009-09-26 13:40 <DIR> --d----- c:\docume~1\alluse~1\applic~1\RapidTyping
2009-09-26 13:40 <DIR> --d----- c:\program files\RapidTyping
2009-09-20 12:12 4,340 a------- C:\test.asp
2009-09-16 11:02 <DIR> --d----- c:\docume~1\ming\applic~1\WMHelp
2009-09-16 11:02 <DIR> --d----- c:\program files\WMHelp Software
2009-09-11 20:21 15,688 a------- c:\windows\system32\lsdelete.exe
2009-09-11 08:29 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-09-11 08:26 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{EF63305C-BAD7-4144-9208-D65528260864}
2009-09-11 08:26 <DIR> --d----- c:\program files\Lavasoft

==================== Find3M ====================

2009-10-10 11:29 411,368 a------- c:\windows\system32\deploytk.dll
2009-09-25 12:35 44,944 -------- c:\windows\system32\drivers\pxhelp20.sys
2009-08-05 05:01 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-07-17 15:01 58,880 a------- c:\windows\system32\atl.dll
2009-07-13 23:43 286,208 a------- c:\windows\system32\wmpdxm.dll
2008-11-16 15:14 172,032 a------- c:\docume~1\ming\applic~1\JuniperSetup.exe

============= FINISH: 16:56:33.82 ===============

ESETSmartInstaller@High as downloader log:
all ok
# version=6
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6050
# api_version=3.0.2
# EOSSerial=4b4801e3bf05ca4caa749ffec4ed31f7
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2009-10-10 06:27:25
# local_time=2009-10-10 02:27:25 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# scanned=174352
# found=2
# cleaned=0
# scan_time=4243
C:\Qoobox\Quarantine\C\Documents and Settings\Ming\Start Menu\Programs\Startup\ikowin32.exe.vir Win32/TrojanDownloader.Bredolab.AA trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP746\A0060537.exe Win32/TrojanDownloader.Bredolab.AA trojan 00000000000000000000000000000000 I
five100aday
Active Member
 
Posts: 9
Joined: September 29th, 2009, 9:24 pm

Re: All start with Total security

Unread postby Blade81 » October 11th, 2009, 8:17 am

Hi,

Go to C:\Qoobox\Quarantine folder and look for a zip file which name begins as [4]-Submit. Upload it here. Kindly include a link to this topic in the message.

Let me know when that's been done.
User avatar
Blade81
Admin/Teacher
Admin/Teacher
 
Posts: 5245
Joined: July 17th, 2006, 3:36 am
Location: Finland

Re: All start with Total security

Unread postby five100aday » October 11th, 2009, 11:31 am

The file is submitted with the link you provided.
five100aday
Active Member
 
Posts: 9
Joined: September 29th, 2009, 9:24 pm

Re: All start with Total security

Unread postby Blade81 » October 12th, 2009, 12:13 pm

Thanks for the upload. How's the system running now?
User avatar
Blade81
Admin/Teacher
Admin/Teacher
 
Posts: 5245
Joined: July 17th, 2006, 3:36 am
Location: Finland
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 37 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware