Results 1 to 3 of 3

Thread: Error loading rundll and chinese popups

  1. 2007-11-30, 22:30 #1
    London_Guy
    London_Guy is offline
    Junior Member
    Join Date
    Nov 2007
    Posts
    2

    Question Error loading rundll and chinese popups

    I recently encountered the same problem as described in the other chinese popups thread. I installed Kaspersky and it deleted a few spywares and I don't get the RunDll error anymore. I thought I was safe. However, after a while, I noticed some strange application being installed w/o me even clicking on anything! Of course I unintalled it and reran Kaspersky. I also ran ComboFix and HIJackthis. If anyone can take a look at the logs and let me know if everything is indeed clean, I'd really appreciate it. Thanks!

    ComboFix Log:
    ComboFix 07-11-19.4C - Administrator 2007-11-30 15:29:33.1 - NTFSx86 MINIMAL
    Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\Administrator\Local Settings\Application Data\baidu
    C:\Documents and Settings\All Users\Application Data.\microsoft\pctools
    C:\Documents and Settings\All Users\Application Data.\microsoft\pctools\pctools.dll
    C:\Documents and Settings\All Users\Application Data.\t
    C:\Documents and Settings\All Users\Application Data.\t\a1623.dat
    C:\Documents and Settings\All Users\Application Data.\t\b1623.dat
    C:\Documents and Settings\All Users\Application Data.\t\k1623.dat
    C:\Documents and Settings\All Users\Application Data.\t\p1623.dat
    C:\Documents and Settings\All Users\Application Data.\t\r1623.dat
    C:\Documents and Settings\All Users\Application Data\microsoft\pctools\pctools.dll
    C:\Program Files\Common Files\cpush
    C:\Program Files\Common Files\cpush\Uninst.exe
    C:\WINDOWS\fc1.bmp
    C:\WINDOWS\fn00321.log
    C:\WINDOWS\ocinfo.dat
    C:\WINDOWS\system\dvl
    C:\WINDOWS\system\lvl
    C:\WINDOWS\system32\1521.dll
    C:\WINDOWS\system32\1521.dlltmp
    C:\WINDOWS\system32\52241.exe
    C:\WINDOWS\system32\911.dll
    C:\WINDOWS\system32\d3d1caps.srg
    C:\WINDOWS\system32\drivers\acpidisk.sys
    C:\WINDOWS\system32\drivers\inetmib3.sys
    C:\WINDOWS\system32\iexp_log.txt
    C:\WINDOWS\system32\inetmib3.dll
    C:\WINDOWS\system32\inf\scrsys16_071129.dll
    C:\WINDOWS\system32\mprmsgse.axz
    C:\WINDOWS\system32\mscpx32r.det

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

    .
    -------\LEGACY_ACPIDISK
    -------\LEGACY_CNPROV
    -------\LEGACY_INETMIB3
    -------\LEGACY_MS_2FAX
    -------\acpidisk
    -------\inetmib3
    -------\ms_2fax


    ((((((((((((((((((((((((( Files Created from 2007-10-28 to 2007-11-30 )))))))))))))))))))))))))))))))
    .

    2007-11-30 12:48 <DIR> d-------- C:\Program Files\Trisnap Technologies
    2007-11-30 11:57 <DIR> d-------- C:\Program Files\Viewpoint
    2007-11-30 03:41 68 --a------ C:\WINDOWS\system32\ae95
    2007-11-30 03:11 68 --a------ C:\WINDOWS\system32\a3f
    2007-11-30 02:41 68 --a------ C:\WINDOWS\system32\7b58
    2007-11-30 01:11 68 --a------ C:\WINDOWS\system32\0fa
    2007-11-30 00:52 68 --a------ C:\WINDOWS\system32\48a
    2007-11-30 00:22 68 --a------ C:\WINDOWS\system32\3f3f
    2007-11-29 22:25 78 --a------ C:\WINDOWS\system32\mywehit.ini
    2007-11-29 22:22 <DIR> d-------- C:\Program Files\Kaspersky Lab
    2007-11-29 22:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
    2007-11-29 22:22 1,668,384 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
    2007-11-29 22:22 18,976 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
    2007-11-29 22:22 9,992 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
    2007-11-29 22:22 2,828 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
    2007-11-29 19:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Prevx
    2007-11-29 18:25 29 --a------ C:\WINDOWS\system32\-18-98-23117
    2007-11-29 18:24 74,360 --a------ C:\WINDOWS\an006.exe
    2007-11-29 18:24 14 --a------ C:\WINDOWS\system32\-34-98-23117
    2007-11-29 18:23 200,704 --a------ C:\WINDOWS\ThunderBHONew.dll
    2007-11-29 18:19 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Uniblue
    2007-11-29 18:18 <DIR> d-------- C:\Program Files\Uniblue
    2007-11-29 18:02 24,576 --a------ C:\WINDOWS\my_70203.exe
    2007-11-29 10:21 1 --a------ C:\WINDOWS\system32\suxp.uni
    2007-11-29 10:14 184,320 --a------ C:\WINDOWS\system32\winlib0.dll
    2007-11-29 10:10 24,576 --a------ C:\WINDOWS\subc.exe
    2007-11-29 10:09 <DIR> d-------- C:\WINDOWS\system32\inf
    2007-11-29 10:09 514,812 --a------ C:\WINDOWS\subb.exe
    2007-11-29 10:09 128 --a------ C:\WINDOWS\system32\rsfunser.ini
    2007-11-29 10:09 0 --a------ C:\WINDOWS\eqigocn321.dll
    2007-11-29 10:09 0 --a------ C:\WINDOWS\askerserkb.dll
    2007-11-28 21:58 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Wippien
    2007-11-28 21:58 23,096 --a------ C:\WINDOWS\system32\drivers\wip0203.sys
    2007-11-28 20:05 <DIR> d-------- C:\Program Files\Trillian
    2007-11-28 20:00 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\.purple
    2007-11-28 09:25 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\.gaim
    2007-11-27 18:55 <DIR> d-------- C:\Movies
    2007-11-27 10:18 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Miranda
    2007-11-23 21:16 <DIR> d-------- C:\Program Files\WinAVI Video Converter
    2007-11-20 13:26 <DIR> d-------- C:\Program Files\Gabest
    2007-11-19 12:16 <DIR> d-------- C:\Program Files\NCH Software
    2007-11-17 22:59 <DIR> d-------- C:\Program Files\Trend Micro
    2007-11-17 21:37 57,344 --------- C:\WINDOWS\system32\ImageDrive.cpl
    2007-11-17 21:35 569,344 -ra------ C:\WINDOWS\system32\imagr5.dll
    2007-11-17 21:35 544,768 -ra------ C:\WINDOWS\system32\imagx5.dll
    2007-11-17 21:35 283,920 -ra------ C:\WINDOWS\system32\ImagXpr5.dll
    2007-11-17 21:35 155,648 -ra------ C:\WINDOWS\system32\NeroCheck.exe
    2007-11-14 11:58 2,682,880 --------- C:\WINDOWS\UNNeroVision.exe
    2007-11-14 11:55 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll
    2007-11-14 11:55 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll
    2007-11-14 11:55 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll
    2007-11-14 11:55 364,544 --------- C:\WINDOWS\system32\TwnLib4.dll
    2007-11-14 11:55 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll
    2007-11-14 11:55 106,496 --------- C:\WINDOWS\system32\TwnLib20.dll
    2007-11-13 21:31 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Ahead
    2007-11-13 21:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Ahead
    2007-11-13 12:59 724,992 --a------ C:\WINDOWS\iun6002.exe
    2007-11-08 23:18 51,072 --a--c--- C:\WINDOWS\system32\dllcache\i8042prt.sys
    2007-11-08 23:18 22,016 --a--c--- C:\WINDOWS\system32\dllcache\mouclass.sys
    2007-11-08 23:17 19,968 --------- C:\WINDOWS\LOGI_MWX.EXE
    2007-10-27 14:34 <DIR> d-------- C:\WINDOWS\Cache
    2007-10-27 14:34 31 --ah----- C:\WINDOWS\uccspecc.sys
    2007-10-21 12:56 <DIR> d-------- C:\Program Files\Compaq Wireless LAN
    2007-10-20 23:25 183,296 --a------ C:\WINDOWS\system32\drivers\wlcom51b.sys
    2007-10-20 23:25 180,224 --a------ C:\WINDOWS\system32\wacom51b.dll
    2007-10-20 23:25 159,744 --a------ C:\WINDOWS\system32\wncom51b.cpl
    2007-10-20 23:25 57,344 --a------ C:\WINDOWS\system32\wccom51b.exe
    2007-10-20 23:25 7,680 --a------ C:\WINDOWS\system32\wdcmb51b.dll
    2007-10-20 20:58 214,896 --a------ C:\WINDOWS\system32\wncom.hlp
    2007-10-20 20:58 729 --a------ C:\WINDOWS\system32\wncom.cnt
    2007-10-20 20:30 49,664 --a------ C:\WINDOWS\system32\vfwwdm32.dll
    2007-10-20 20:30 49,664 --a--c--- C:\WINDOWS\system32\dllcache\vfwwdm32.dll
    2007-10-20 20:30 45,568 --a--c--- C:\WINDOWS\system32\dllcache\iyuv_32.dll
    2007-10-20 20:30 8,192 --a------ C:\WINDOWS\system32\tsbyuv.dll
    2007-10-20 20:30 8,192 --a--c--- C:\WINDOWS\system32\dllcache\tsbyuv.dll
    2007-10-16 14:09 <DIR> d-------- C:\Program Files\iPod
    2007-10-16 14:08 <DIR> d-------- C:\Program Files\iTunes
    2007-10-16 14:05 <DIR> d-------- C:\Program Files\QuickTime
    2007-10-16 14:01 <DIR> d-------- C:\Program Files\Apple Software Update
    2007-10-16 14:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
    2007-10-12 09:55 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Move Networks
    2007-10-03 17:02 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Samsung
    2007-10-03 16:53 22,486 -ra------ C:\WINDOWS\system32\UnInstall_Sample.ico
    2007-10-03 16:50 <DIR> d-------- C:\WINDOWS\system32\Samsung PC Studio Codecs
    2007-10-03 16:50 766 --a--c--- C:\WINDOWS\system32\Uninstall.ico
    2007-10-03 16:46 <DIR> d-------- C:\WINDOWS\system32\Samsung_USB_Drivers
    2007-10-03 16:46 <DIR> d-------- C:\WINDOWS\LastGood
    2007-10-03 16:46 94,000 --a------ C:\WINDOWS\system32\drivers\ssm_mdm.sys
    2007-10-03 16:46 58,320 --a------ C:\WINDOWS\system32\drivers\ssm_bus.sys
    2007-10-03 16:46 22,486 -ra------ C:\WINDOWS\system32\UnInstall_Driver.ico
    2007-10-03 16:46 8,336 --a------ C:\WINDOWS\system32\drivers\ssm_mdfl.sys
    2007-10-03 16:46 6,176 --a------ C:\WINDOWS\system32\drivers\ssm_cmnt.sys
    2007-10-03 16:46 6,176 --a------ C:\WINDOWS\system32\drivers\ssm_cm.sys
    2007-10-03 16:46 5,840 --a------ C:\WINDOWS\system32\drivers\ssm_whnt.sys
    2007-10-03 16:46 5,840 --a------ C:\WINDOWS\system32\drivers\ssm_wh.sys

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-11-30 17:39 --------- d-----w C:\Program Files\ICQ
    2007-11-30 03:34 82,061 ----a-w C:\WINDOWS\system32\drivers\klick.dat
    2007-11-30 03:34 81,549 ----a-w C:\WINDOWS\system32\drivers\klin.dat
    2007-11-29 01:02 --------- d-----w C:\Documents and Settings\Administrator\Application Data\.purple
    2007-11-28 14:27 --------- d-----w C:\Documents and Settings\Administrator\Application Data\.gaim
    2007-11-28 05:01 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Skype
    2007-11-27 22:41 53,248 ----a-r C:\WINDOWS\c861.exe
    2007-11-19 17:21 --------- d-----w C:\Program Files\Samsung
    2007-11-18 05:17 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2007-11-18 02:59 --------- d-----w C:\Program Files\Logitech
    2007-11-18 02:44 --------- d-----w C:\Program Files\Common Files\Logitech
    2007-11-18 02:42 --------- d-----w C:\Program Files\Java
    2007-11-18 02:39 --------- d-----w C:\Program Files\Common Files\aolshare
    2007-11-18 02:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
    2007-11-18 02:36 --------- d-----w C:\Program Files\Ahead
    2007-10-16 19:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
    2007-10-15 18:44 --------- d-----w C:\Program Files\VAG-COM
    2007-10-08 14:40 --------- d-----w C:\Program Files\FlashGet
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{385AB8C6-FB22-4D17-8834-064E2BA0A6F0}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5FB8C5D4-929F-4870-89E2-7E3EE26EE701}]
    C:\WINDOWS\System32\1521.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B9751A53-4494-4d7c-9732-AE3058D8145F}]
    C:\WINDOWS\System32\1521.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CE439C63-384A-747A-A357-23D96B5D652B}]
    2005-01-27 06:37 970240 --------- C:\PROGRA~1\ALiBaBar\ALiBaBar.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{0A1375E1-56C2-11D6-8E45-8933A0FB5235}"= C:\PROGRA~1\ALiBaBar\ALiBaBar.dll [2005-01-27 06:37 970240]

    [HKEY_CLASSES_ROOT\clsid\{0a1375e1-56c2-11d6-8e45-8933a0fb5235}]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\System32\ctfmon.exe" [2002-08-29 05:41]
    "ICQ Plus"="C:\Program Files\ICQPlus\vplus.exe" [2002-12-04 05:32]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Vmlist"="regsvr32 /s apphelps.dll" []
    "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-12-10 11:41]
    "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 05:24]
    "PHIME2002ASync"="C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe" [2002-08-28 23:39]
    "PHIME2002A"="C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe" [2002-08-28 23:39]
    "NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 04:50]
    "MessengerPlus3"="C:\Program Files\MessengerPlus! 3\MsgPlus.exe" [2006-06-08 17:37]
    "LTWinModem1"="ltmsg.exe" [2003-10-28 01:00 C:\WINDOWS\system32\ltmsg.exe]
    "Logitech Utility"="Logi_MwX.Exe" [2003-12-17 09:50 C:\WINDOWS\LOGI_MWX.EXE]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 13:42]
    "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2002-08-28 23:38]
    "HostManager"="C:\Program Files\Common Files\AOL\1189113338\ee\AOLSoftware.exe" [2006-09-25 19:52]
    "hkss"="C:\Program Files\Compaq\Hotkey Software\hkss.exe" [2002-09-19 14:30]
    "EPSON Stylus CX3800 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.exe" [2005-02-08 03:00]
    "eabconfg.cpl"="C:\Program Files\Compaq\EAB\EABSERVR.exe" [2002-11-12 11:39]
    "CitiVAN"="C:\Program Files\Citi Virtual Account Numbers\CitiVAN.exe" [2004-08-12 14:55]
    "AtiPTA"="atiptaxx.exe" [2002-02-07 23:10 C:\WINDOWS\system32\atiptaxx.exe]
    "ATIModeChange"="Ati2mdxx.exe" [2001-09-04 15:24 C:\WINDOWS\system32\Ati2mdxx.exe]
    "combofix"="C:\WINDOWS\system32\cmd.exe" [2001-08-23 07:00]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "combofix"="C:\WINDOWS\system32\cmd.exe" [2001-08-23 07:00]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2002-08-29 05:41]
    C:\WINDOWS\System32\klogon.dll 2007-06-28 12:51 206088 C:\WINDOWS\system32\klogon.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\combofix]
    @="service"

    R2 MSDCOMClient;DCOM Service Process Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs
    R3 BCM42U;USB HPNA 10 Mbps Network Adapter Driver;C:\WINDOWS\System32\DRIVERS\BCM42U.SYS
    R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\System32\DRIVERS\klim5.sys
    R3 WmBEnum;Logitech Virtual Bus Enumerator Driver;C:\WINDOWS\System32\drivers\WmBEnum.sys
    R3 WmFilter;Logitech Gaming HID Filter Driver;C:\WINDOWS\System32\drivers\WmFilter.sys
    R3 WmXlCore;Logitech WingMan Translation Layer Driver;C:\WINDOWS\System32\drivers\WmXlCore.sys
    S0 rupewz;rupew;C:\WINDOWS\System32\DRIVERS\rupewz.sys
    S0 yoycsp48;yoycsp4;C:\WINDOWS\System32\DRIVERS\yoycsp48.sys
    S2 qsvn;Windows qsvn RunThem;C:\WINDOWS\System32\svchost.exe -k netsvcs
    S3 Ip6FwHlp;IPv6 Internet Connection Firewall;C:\WINDOWS\System32\svchost.exe -k netsvcs
    S3 S6U12BScanner;MUSTEK 1200 UB Still Image Device Service;C:\WINDOWS\System32\drivers\usbscan.sys
    S3 wip0203;Wippien Network Adapter 2.3;C:\WINDOWS\System32\DRIVERS\wip0203.sys
    S3 wlcom51b;Compaq USB Driver;C:\WINDOWS\System32\DRIVERS\wlcom51b.sys
    S3 wltwo48b;2Wire Wireless PC Card Driver;C:\WINDOWS\System32\DRIVERS\wltwo48b.sys
    S3 WmVirHid;Logitech Virtual Hid Device Driver;C:\WINDOWS\System32\drivers\WmVirHid.sys

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    qsvn
    MSDCOMClient

    .
    Contents of the 'Scheduled Tasks' folder
    "2007-11-27 02:18:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    .
    **************************************************************************

    catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-11-30 15:34:46
    Windows 5.1.2600 Service Pack 1 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    **************************************************************************
    .
    Completion time: 2007-11-30 15:36:37 - machine was rebooted
    .
    --- E O F ---
  2. 2007-11-30, 22:31 #2
    London_Guy
    London_Guy is offline
    Junior Member
    Join Date
    Nov 2007
    Posts
    2

    Question

    HJT Log:
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 4:06:05 PM, on 11/30/2007
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\MessengerPlus! 3\MsgPlus.exe
    C:\WINDOWS\System32\ltmsg.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Common Files\AOL\1189113338\ee\AOLSoftware.exe
    C:\Program Files\Compaq\Hotkey Software\hkss.exe
    C:\Program Files\Compaq\EAB\EABSERVR.EXE
    C:\Program Files\Citi Virtual Account Numbers\CitiVAN.exe
    C:\WINDOWS\System32\atiptaxx.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\ICQPlus\vplus.exe
    C:\Program Files\Logitech\MouseWare\system\em_exec.exe
    C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
    C:\WINDOWS\system32\crypserv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\Program Files\iPod\bin\iPodService.exe

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: CitiUS Shared Browser Helper Object - {387EDF53-1CF2-4523-BC2F-13462651BE8C} - C:\WINDOWS\System32\BhoCitUS.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
    O2 - BHO: ALiBaBar_Helper - {CE439C63-384A-747A-A357-23D96B5D652B} - C:\PROGRA~1\ALiBaBar\ALiBaBar.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
    O3 - Toolbar: ALiBaBar - {0A1375E1-56C2-11D6-8E45-8933A0FB5235} - C:\PROGRA~1\ALiBaBar\ALiBaBar.dll
    O4 - HKLM\..\Run: [Vmlist] regsvr32 /s apphelps.dll
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
    O4 - HKLM\..\Run: [LTWinModem1] ltmsg.exe 9
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1189113338\ee\AOLSoftware.exe
    O4 - HKLM\..\Run: [hkss] C:\Program Files\Compaq\Hotkey Software\hkss.exe
    O4 - HKLM\..\Run: [EPSON Stylus CX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE /P26 "EPSON Stylus CX3800 Series" /O5 "LPT1:" /M "Stylus CX3800"
    O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\Compaq\EAB\EABSERVR.EXE /Start
    O4 - HKLM\..\Run: [CitiVAN] C:\Program Files\Citi Virtual Account Numbers\CitiVAN.exe /dontopenmycards
    O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
    O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [ICQ Plus] "C:\Program Files\ICQPlus\vplus.exe"
    O4 - HKLM\..\Policies\Explorer\Run: [if4g] rundll32 "C:\WINDOWS\Downlo~1\if4g.dll",Run
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
    O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
    O8 - Extra context menu item: 剪貼簿文字: 簡 > 繁 - res://C:\Program Files\ALiBaBar\ALiBaBar.dll/RT_HTML/ClipToTrad
    O8 - Extra context menu item: 剪貼簿文字: 繁 > 簡 - res://C:\Program Files\ALiBaBar\ALiBaBar.dll/RT_HTML/ClipToSim
    O8 - Extra context menu item: 網頁: [簡體] 顯示 - res://C:\Program Files\ALiBaBar\ALiBaBar.dll/RT_HTML/PageToSim
    O8 - Extra context menu item: 網頁: [繁體] 顯示 - res://C:\Program Files\ALiBaBar\ALiBaBar.dll/RT_HTML/PageToTrad
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
    O9 - Extra button: Citi - {4C730913-3961-439b-83D5-F4E445520422} - C:\Program Files\Citi Virtual Account Numbers\CitiVAN.exe
    O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
    O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
    O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
    O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
    O23 - Service: Crypkey License - Unknown owner - C:\WINDOWS\SYSTEM32\crypserv.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

    --
    End of file - 7311 bytes

    Here is the other thread I was talking about : http://forums.spybot.info/showthread.php?p=139969
    Last edited by tashi; 2007-11-30 at 23:06. Reason: Merged two posts
  3. 2007-12-11, 02:43 #3
    teacup61
    teacup61 is offline
    In Memoriam -Always in our heart teacup61's Avatar
    Join Date
    Jun 2006
    Location
    Texas
    Posts
    759

    Default

    Hello London_Guy,

    Welcome to Safer Networking Forums

    Sorry for the delay. When you reply to your own topic it looks like you're being helped, as Helpers look for topics with 0 replies. If you still need help, please post a new HijackThis log so I can be sure nothing has changed.

    Thanks,
    tea
    teacup61
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules