Jump to content

Recommended Posts

Could someone please HELP? My PC is infected. Many thanks!

I have MBAM installed on my desktop PC and run it on the regular base. Starting from today, when I double click the icon from start menu, MBAM just won't start.

I downloaded the 1.35.0.0 and re-install it. Also tried to rename the installation file. But none worked.

The access to this website (malwarebytes.org) is also blocked.

The access to C: drive has errors. When I double click on C: drive to open it from My Computer, it shows error "windows cannot find 'Recycler\s-9-1-22-100031599-100012108-100010160-4201.com'.Make sure you typed the name correctly, and then try again...'

The windows Firewall within Windows XP's security center was turned off.

I am using my laptop to type this and below is the HijackThis log that I copied from my desktop:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 23:42:22, on 2009-3-29

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16791)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\cisvc.exe

C:\WINDOWS\System32\CTsvcCDA.EXE

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\Network Associates\Common Framework\FrameworkService.exe

C:\Program Files\Network Associates\VirusScan\mcshield.exe

C:\Program Files\Network Associates\VirusScan\vstskmgr.exe

C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe

C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\Program Files\CyberLink\Shared files\RichVideo.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE

C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe

C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe

C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe

C:\WINDOWS\system32\CTHELPER.EXE

C:\WINDOWS\system32\CTXFIHLP.EXE

C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE

C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe

C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe

C:\WINDOWS\SYSTEM32\CTXFISPI.EXE

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe

C:\Documents and Settings\Dongyan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Program Files\NETGEAR\MA111v2 USB Adapter\MA111v2.exe

C:\Program Files\Creative\ShareDLL\CADI\NotiMan.exe

C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\cidaemon.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll

O2 - BHO: Thunder AtOnce - {01443AEC-0FD1-40fd-9C87-E93D1494C233} - C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: ThunderBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"

O4 - HKLM\..\Run: [RCSystem] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" RCSystem * -Startup

O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"

O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r

O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE

O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart

O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"

O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE

O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey

O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe"

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] E:\data\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Dongyan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c

O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')

O4 - Startup: Registration Heroes of Might & Magic 5.LNK = E:\Games\HoMM5\registration\RegistrationReminder.exe

O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe

O4 - Global Startup: MA111 Configuration Utility.lnk = C:\Program Files\NETGEAR\MA111v2 USB Adapter\MA111v2.exe

O4 - Global Startup: 新浪UC.lnk = C:\Program Files\sina\UC\uc.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: 使用迅雷下载 - C:\Program Files\Thunder Network\Thunder\Program\geturl.htm

O8 - Extra context menu item: 使用迅雷下载全部链接 - C:\Program Files\Thunder Network\Thunder\Program\getallurl.htm

O9 - Extra button: 启动迅雷5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - C:\Program Files\Thunder Network\Thunder\Thunder.exe

O9 - Extra 'Tools' menuitem: 启动迅雷5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - C:\Program Files\Thunder Network\Thunder\Thunder.exe

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O15 - ESC Trusted Zone: http://*.update.microsoft.com

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1184722726560

O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1190153864843

O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{72357C13-2994-494E-83F8-187C5619C43D}: NameServer = 85.255.112.225,85.255.112.199

O17 - HKLM\System\CCS\Services\Tcpip\..\{D248DA12-489E-4738-BA9E-777CACA6ABA9}: NameServer = 85.255.112.225,85.255.112.199

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.225,85.255.112.199

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.112.122,85.255.112.154

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.225,85.255.112.199

O20 - AppInit_DLLs: jguyjm.dll oucoje.dll

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Bonjour 服务 (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE

O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod 服务 (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: McAfee Framework 服务 (McAfeeFramework) - McAfee, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe

O23 - Service: Network Associates McShield (McShield) - McAfee, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe

O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe

O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe

O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe

O23 - Service: Performance Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe

O23 - Service: Update Center Service (UpdateCenterService) - NVIDIA - C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe

--

End of file - 11563 bytes

Link to post
Share on other sites

Just got home and tried as suggested. It is NOT working.

I downloaded RootRepeal and when I double click and try to run it, I got an error saying "Invalid PE image found!".

The RootRepeal just won't run. If I ignore the error and try go to "file" then click on "scan", my PC would stop responding.

Any other suggestions? I am really panic now. :D

Below is another HJT log I just got:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 20:39:31, on 2009-3-30

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16791)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\cisvc.exe

C:\WINDOWS\System32\CTsvcCDA.EXE

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\Network Associates\Common Framework\FrameworkService.exe

C:\Program Files\Network Associates\VirusScan\mcshield.exe

C:\Program Files\Network Associates\VirusScan\vstskmgr.exe

C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe

C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\Program Files\CyberLink\Shared files\RichVideo.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE

C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe

C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe

C:\WINDOWS\system32\CTHELPER.EXE

C:\WINDOWS\system32\CTXFIHLP.EXE

C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE

C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe

C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe

C:\WINDOWS\SYSTEM32\CTXFISPI.EXE

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe

C:\Documents and Settings\Dongyan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Program Files\NETGEAR\MA111v2 USB Adapter\MA111v2.exe

C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE

C:\Program Files\Creative\ShareDLL\CADI\NotiMan.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll

O2 - BHO: Thunder AtOnce - {01443AEC-0FD1-40fd-9C87-E93D1494C233} - C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: ThunderBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"

O4 - HKLM\..\Run: [RCSystem] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" RCSystem * -Startup

O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"

O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r

O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE

O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart

O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"

O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE

O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey

O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe"

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Dongyan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c

O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')

O4 - Startup: Registration Heroes of Might & Magic 5.LNK = E:\Games\HoMM5\registration\RegistrationReminder.exe

O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe

O4 - Global Startup: MA111 Configuration Utility.lnk = C:\Program Files\NETGEAR\MA111v2 USB Adapter\MA111v2.exe

O4 - Global Startup: 新浪UC.lnk = C:\Program Files\sina\UC\uc.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: 使用迅雷下载 - C:\Program Files\Thunder Network\Thunder\Program\geturl.htm

O8 - Extra context menu item: 使用迅雷下载全部链接 - C:\Program Files\Thunder Network\Thunder\Program\getallurl.htm

O9 - Extra button: 启动迅雷5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - C:\Program Files\Thunder Network\Thunder\Thunder.exe

O9 - Extra 'Tools' menuitem: 启动迅雷5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - C:\Program Files\Thunder Network\Thunder\Thunder.exe

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O15 - ESC Trusted Zone: http://*.update.microsoft.com

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1184722726560

O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1190153864843

O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{72357C13-2994-494E-83F8-187C5619C43D}: NameServer = 85.255.112.225,85.255.112.199

O17 - HKLM\System\CCS\Services\Tcpip\..\{D248DA12-489E-4738-BA9E-777CACA6ABA9}: NameServer = 85.255.112.225,85.255.112.199

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.225,85.255.112.199

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.112.225,85.255.112.199

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.225,85.255.112.199

O20 - AppInit_DLLs: jguyjm.dll oucoje.dll

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Bonjour 服务 (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE

O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod 服务 (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: McAfee Framework 服务 (McAfeeFramework) - McAfee, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe

O23 - Service: Network Associates McShield (McShield) - McAfee, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe

O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe

O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe

O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe

O23 - Service: Performance Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe

O23 - Service: Update Center Service (UpdateCenterService) - NVIDIA - C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe

--

End of file - 11382 bytes

Link to post
Share on other sites

Hi time to try another angle of attack then!

STEP 01

Please visit this webpage for instructions for downloading ComboFix to your
DESKTOP
:

Please ensure you read this guide carefully and install the Recovery Console first.

NOTE!!:
You must save and run
ComboFix.exe
on your DESKTOP and not from any other folder.
Also,
DO NOT
click the mouse or launch any other applications while this is running or it may stall the program

Additional links to download the tool:

http://www.forospyware.com/sUBs/ComboFix.exe' rel="external nofollow">

Note:
The
Windows Recovery Console
will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.
Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.
Please continue as follows:
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Click
    Yes
    to allow ComboFix to continue scanning for malware.

  • When the tool is finished, it will produce a report for you.

  • Please post the
    C:\ComboFix.txt
    along with a
    new HijackThis log
    so we may continue cleaning the system.

Link to post
Share on other sites

Hi, really appreciate the fast response. The ComboFix went through and the log is shown below. HJT log is after ComboFix log.

Combofix log:

ComboFix 09-03-29.04 - Dongyan 2009-03-30 21:27:42.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.936.1.1033.18.2814.2351 [GMT -4:00]

执行位置: c:\documents and settings\Dongyan\Desktop\ComboFix.exe

* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( 被删除的档案 )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\autorun.inf

c:\program files\Common Files\PagingSYS.dll

c:\program files\StormII

c:\program files\StormII\codec\264be.dll

c:\program files\StormII\codec\264dmmx.dll

c:\program files\StormII\codec\264dsse.dll

c:\program files\StormII\codec\264dsse2.dll

c:\program files\StormII\codec\264dsse3.dll

c:\program files\StormII\codec\3ivx.dll

c:\program files\StormII\codec\3ivxDemux.ax

c:\program files\StormII\codec\3ivxDSDecoder.ax

c:\program files\StormII\codec\aasc32.dll

c:\program files\StormII\codec\ac3filter.ax

c:\program files\StormII\codec\ACDV.dll

c:\program files\StormII\codec\acelpdec.ax

c:\program files\StormII\codec\asusasv1.dll

c:\program files\StormII\codec\asusasv2.dll

c:\program files\StormII\codec\ativcr2.dll

c:\program files\StormII\codec\avcodec.dll

c:\program files\StormII\codec\avformat.dll

c:\program files\StormII\codec\avidavicodec.dll

c:\program files\StormII\codec\AviSplitter.ax

c:\program files\StormII\codec\avutil.dll

c:\program files\StormII\codec\bass.dll

c:\program files\StormII\codec\bass_aac.dll

c:\program files\StormII\codec\bass_alac.dll

c:\program files\StormII\codec\bass_ape.dll

c:\program files\StormII\codec\bass_flac.dll

c:\program files\StormII\codec\bass_mpc.dll

c:\program files\StormII\codec\bass_tta.dll

c:\program files\StormII\codec\bass_wv.dll

c:\program files\StormII\codec\binkw32.dll

c:\program files\StormII\codec\BSPVDEC.dll

c:\program files\StormII\codec\bw10.dll

c:\program files\StormII\codec\cddareader.ax

c:\program files\StormII\codec\cdxareader.ax

c:\program files\StormII\codec\ChpSrcFilter.ax

c:\program files\StormII\codec\CinemasterAudio.DLL

c:\program files\StormII\codec\cl264dec.ax

c:\program files\StormII\codec\CLNavX.ax

c:\program files\StormII\codec\CLRVIDDC.DLL

c:\program files\StormII\codec\clrviddd.dll

c:\program files\StormII\codec\CLVc1Dec.ax

c:\program files\StormII\codec\CLVSD.ax

c:\program files\StormII\codec\clvsdx.ax

c:\program files\StormII\codec\coreavc.ax

c:\program files\StormII\codec\CUVCcodc.dll

c:\program files\StormII\codec\DCBassSource.ax

c:\program files\StormII\codec\DECVW_32.DLL

c:\program files\StormII\codec\divxdec.ax

c:\program files\StormII\codec\DmoDec.dll

c:\program files\StormII\codec\DSMSplitter.ax

c:\program files\StormII\codec\empgdmx.ax

c:\program files\StormII\codec\ff_kernelDeint.dll

c:\program files\StormII\codec\ff_liba52.dll

c:\program files\StormII\codec\ff_libavcodec.dll

c:\program files\StormII\codec\ff_libdts.dll

c:\program files\StormII\codec\ff_libfaad2.dll

c:\program files\StormII\codec\ff_libmad.dll

c:\program files\StormII\codec\ff_libmpeg2.dll

c:\program files\StormII\codec\ff_libmplayer.dll

c:\program files\StormII\codec\ff_realaac.dll

c:\program files\StormII\codec\ff_samplerate.dll

c:\program files\StormII\codec\ff_theora.dll

c:\program files\StormII\codec\ff_TomsMoComp.dll

c:\program files\StormII\codec\ff_tremor.dll

c:\program files\StormII\codec\ff_unrar.dll

c:\program files\StormII\codec\ff_wmv9.dll

c:\program files\StormII\codec\ff_xvidcore.dll

c:\program files\StormII\codec\ffdshow.ax

c:\program files\StormII\codec\ffdshow.ax.manifest

c:\program files\StormII\codec\ffmpeg.dll

c:\program files\StormII\codec\ffsource.ax

c:\program files\StormII\codec\Flash9d.ocx

c:\program files\StormII\codec\FLT_ffdshow.dll

c:\program files\StormII\codec\FLVSplitter.ax

c:\program files\StormII\codec\frapsvid.dll

c:\program files\StormII\codec\G722ADEC.dll

c:\program files\StormII\codec\GeoCodec.dll

c:\program files\StormII\codec\H264VDEC.dll

c:\program files\StormII\codec\HikAudioDec.ax

c:\program files\StormII\codec\HikFileSource.ax

c:\program files\StormII\codec\HikFileSplitter.ax

c:\program files\StormII\codec\HIKM4DEC.dll

c:\program files\StormII\codec\HikVideoDec.ax

c:\program files\StormII\codec\i263_32.drv

c:\program files\StormII\codec\icmw_32.dll

c:\program files\StormII\codec\iconv.dll

c:\program files\StormII\codec\kdh4.dll

c:\program files\StormII\codec\kdm4.dll

c:\program files\StormII\codec\keys.dat

c:\program files\StormII\codec\l3codecx.ax

c:\program files\StormII\codec\LCodcCMP.dll

c:\program files\StormII\codec\libavcodec.dll

c:\program files\StormII\codec\libmpeg2_ff.dll

c:\program files\StormII\codec\libmplayer.dll

c:\program files\StormII\codec\LMVRGBxf.dll

c:\program files\StormII\codec\LMVYUVxf.dll

c:\program files\StormII\codec\lsvxdec.dll

c:\program files\StormII\codec\mfplat.dll

c:\program files\StormII\codec\mkunicode.dll

c:\program files\StormII\codec\mkx.dll

c:\program files\StormII\codec\mkzlib.dll

c:\program files\StormII\codec\mmamrdmx.ax

c:\program files\StormII\codec\Mp3Decdll.dll

c:\program files\StormII\codec\MP3DMOD.DLL

c:\program files\StormII\codec\mp4.dll

c:\program files\StormII\codec\mp43dmod.dll

c:\program files\StormII\codec\MP4Demux.ax

c:\program files\StormII\codec\mp4sdmod.dll

c:\program files\StormII\codec\MP4Splitter.ax

c:\program files\StormII\codec\mpadecfilter.ax

c:\program files\StormII\codec\MpaSplitter.ax

c:\program files\StormII\codec\mpcvideodec.ax

c:\program files\StormII\codec\Mpeg2DecFilter.ax

c:\program files\StormII\codec\mpeg2dmx.ax

c:\program files\StormII\codec\Mpeg4DecA.ax

c:\program files\StormII\codec\Mpeg4DecV.ax

c:\program files\StormII\codec\Mpeg4Splitter.ax

c:\program files\StormII\codec\Mpeg4SrcFlt.ax

c:\program files\StormII\codec\MpegSplitter.ax

c:\program files\StormII\codec\mpg2splt.ax

c:\program files\StormII\codec\mpg4dmod.dll

c:\program files\StormII\codec\mpg4ds32.ax

c:\program files\StormII\codec\msdmo.dll

c:\program files\StormII\codec\msms001.vwp

c:\program files\StormII\codec\msscds32.ax

c:\program files\StormII\codec\msvcp71.dll

c:\program files\StormII\codec\msvcr71.dll

c:\program files\StormII\codec\MZP4_DEC.DLL

c:\program files\StormII\codec\NDParser.ax

c:\program files\StormII\codec\NeMP4Splitter.ax

c:\program files\StormII\codec\nvviddec.ax

c:\program files\StormII\codec\OggSplitter.ax

c:\program files\StormII\codec\ogm.dll

c:\program files\StormII\codec\openquicktimelib.dll

c:\program files\StormII\codec\Plugins\nppl3260.dll

c:\program files\StormII\codec\Plugins\nppl3260.xpt

c:\program files\StormII\codec\Plugins\nprpjplug.dll

c:\program files\StormII\codec\Plugins\nsJSRealPlayerPlugin.xpt

c:\program files\StormII\codec\PmpSplt.ax

c:\program files\StormII\codec\pncrt.dll

c:\program files\StormII\codec\pndx5016.dll

c:\program files\StormII\codec\pndx5032.dll

c:\program files\StormII\codec\pthreadVC2.dll

c:\program files\StormII\codec\pvmjpg21.dll

c:\program files\StormII\codec\PVWV220.DLL

c:\program files\StormII\codec\qasf.dll

c:\program files\StormII\codec\QTComponents\QTCheck.ocx

c:\program files\StormII\codec\QTComponents\QuickTime.qtp

c:\program files\StormII\codec\QTSystem\QTPlugin.ocx

c:\program files\StormII\codec\QTSystem\QuickTime.qtp

c:\program files\StormII\codec\QuickTime.qts

c:\program files\StormII\codec\QuickTimeVR.qtx

c:\program files\StormII\codec\RadGtSplitter.ax

c:\program files\StormII\codec\Real\Codecs\14_43260.dll

c:\program files\StormII\codec\Real\Codecs\28_83260.dll

c:\program files\StormII\codec\Real\Codecs\atrc.dll

c:\program files\StormII\codec\Real\Codecs\cook.dll

c:\program files\StormII\codec\Real\Codecs\ddnt3260.dll

c:\program files\StormII\codec\Real\Codecs\dnet3260.dll

c:\program files\StormII\codec\Real\Codecs\drv1.dll

c:\program files\StormII\codec\Real\Codecs\drv2.dll

c:\program files\StormII\codec\Real\Codecs\drvc.dll

c:\program files\StormII\codec\Real\Codecs\hxltcolor.dll

c:\program files\StormII\codec\Real\Codecs\raac.dll

c:\program files\StormII\codec\Real\Codecs\ralf.dll

c:\program files\StormII\codec\Real\Codecs\rv10.dll

c:\program files\StormII\codec\Real\Codecs\rv20.dll

c:\program files\StormII\codec\Real\Codecs\rv30.dll

c:\program files\StormII\codec\Real\Codecs\rv40.dll

c:\program files\StormII\codec\Real\Codecs\sipr.dll

c:\program files\StormII\codec\Real\Common\objb3201.dll

c:\program files\StormII\codec\Real\Common\pnen3260.dll

c:\program files\StormII\codec\Real\Common\pngu3267.dll

c:\program files\StormII\codec\Real\Common\pnrs3260.dll

c:\program files\StormII\codec\Real\Common\rppr3260.dll

c:\program files\StormII\codec\Real\Common\security.dll

c:\program files\StormII\codec\Real\Plugins\audplin.dll

c:\program files\StormII\codec\Real\Plugins\authmgr.dll

c:\program files\StormII\codec\Real\Plugins\clbascauth.dll

c:\program files\StormII\codec\Real\Plugins\clntxres.dll

c:\program files\StormII\codec\Real\Plugins\ExtResources\coreres.xrs

c:\program files\StormII\codec\Real\Plugins\fpsechnd.dll

c:\program files\StormII\codec\Real\Plugins\httpfsys.dll

c:\program files\StormII\codec\Real\Plugins\hxsdp.dll

c:\program files\StormII\codec\Real\Plugins\hxxml.dll

c:\program files\StormII\codec\Real\Plugins\imgrender.dll

c:\program files\StormII\codec\Real\Plugins\memfsys.dll

c:\program files\StormII\codec\Real\Plugins\mp3fformat.dll

c:\program files\StormII\codec\Real\Plugins\mp3render.dll

c:\program files\StormII\codec\Real\Plugins\mp4arender.dll

c:\program files\StormII\codec\Real\Plugins\ntlmauth.dll

c:\program files\StormII\codec\Real\Plugins\oggfformat.dll

c:\program files\StormII\codec\Real\Plugins\pacplin.dll

c:\program files\StormII\codec\Real\Plugins\plusplin.dll

c:\program files\StormII\codec\Real\Plugins\pxcb3210.dll

c:\program files\StormII\codec\Real\Plugins\ramfformat.dll

c:\program files\StormII\codec\Real\Plugins\ramrender.dll

c:\program files\StormII\codec\Real\Plugins\rarender.dll

c:\program files\StormII\codec\Real\Plugins\rmfformat.dll

c:\program files\StormII\codec\Real\Plugins\rmxfpln.dll

c:\program files\StormII\codec\Real\Plugins\rmxrend.dll

c:\program files\StormII\codec\Real\Plugins\rn5auth.dll

c:\program files\StormII\codec\Real\Plugins\rtfformat.dll

c:\program files\StormII\codec\Real\Plugins\rtrender.dll

c:\program files\StormII\codec\Real\Plugins\rvrender.dll

c:\program files\StormII\codec\Real\Plugins\sdpplin.dll

c:\program files\StormII\codec\Real\Plugins\security.dll

c:\program files\StormII\codec\Real\Plugins\smlfformat.dll

c:\program files\StormII\codec\Real\Plugins\smlrender.dll

c:\program files\StormII\codec\Real\Plugins\smmrender.dll

c:\program files\StormII\codec\Real\Plugins\smplfsys.dll

c:\program files\StormII\codec\Real\Plugins\stubdrm.dll

c:\program files\StormII\codec\Real\Plugins\tfilesys.dll

c:\program files\StormII\codec\Real\Plugins\vidplin.dll

c:\program files\StormII\codec\Real\Plugins\vidsite.dll

c:\program files\StormII\codec\Real\Plugins\vorbisrend.dll

c:\program files\StormII\codec\Real\Plugins\vsrlocal.dll

c:\program files\StormII\codec\Real\rpplugins\cn\embed_cn.dll

c:\program files\StormII\codec\Real\rpplugins\cn\rpclsvc_cn.dll

c:\program files\StormII\codec\Real\rpplugins\embd3260.dll

c:\program files\StormII\codec\Real\rpplugins\rpcl3260.dll

c:\program files\StormII\codec\Real\rpplugins\rput3260.dll

c:\program files\StormII\codec\RLMPCDec.ax

c:\program files\StormII\codec\rmoc3260.dll

c:\program files\StormII\codec\RMSplt.ax

c:\program files\StormII\codec\Sc726dec.ax

c:\program files\StormII\codec\SCMPack.dll

c:\program files\StormII\codec\scsource.ax

c:\program files\StormII\codec\skinsres.dll

c:\program files\StormII\codec\smackw32.dll

c:\program files\StormII\codec\SonicLicenseManager9.dll

c:\program files\StormII\codec\splitter.ax

c:\program files\StormII\codec\swscale.dll

c:\program files\StormII\codec\TomsMoComp_ff.dll

c:\program files\StormII\codec\ts.dll

c:\program files\StormII\codec\tsccvid.dll

c:\program files\StormII\codec\TTL2Dec.dll

c:\program files\StormII\codec\v2k2_dec.dll

c:\program files\StormII\codec\v2kdspde.dll

c:\program files\StormII\codec\vc1dc.dll

c:\program files\StormII\codec\vc1dmmx.dll

c:\program files\StormII\codec\vc1dsse.dll

c:\program files\StormII\codec\vc1dsse2.dll

c:\program files\StormII\codec\vc1wp.ax

c:\program files\StormII\codec\VDODEC32.dll

c:\program files\StormII\codec\vdowave.drv

c:\program files\StormII\codec\VgmAudio.ax

c:\program files\StormII\codec\vgmbgr.ax

c:\program files\StormII\codec\VgmSplt.ax

c:\program files\StormII\codec\vgmv2k2.ax

c:\program files\StormII\codec\Vid1Dec.dll

c:\program files\StormII\codec\VideoTune.ax

c:\program files\StormII\codec\vmnc.dll

c:\program files\StormII\codec\voxmsdec.ax

c:\program files\StormII\codec\vp6vfw.dll

c:\program files\StormII\codec\vp7vfw.dll

c:\program files\StormII\codec\vtaccess.dll

c:\program files\StormII\codec\WMADMOD.dll

c:\program files\StormII\codec\wmpasf.dll

c:\program files\StormII\codec\wmsdmod.dll

c:\program files\StormII\codec\WMVDECOD.dll

c:\program files\StormII\codec\wmvdmod.dll

c:\program files\StormII\codec\xvid.ax

c:\program files\StormII\codec\xvidcore.dll

c:\program files\StormII\current.ecs

c:\program files\StormII\GdiPlus.dll

c:\program files\StormII\GifParser.dll

c:\program files\StormII\jscript.dll

c:\program files\StormII\keys.dat

c:\program files\StormII\media\def\def.flv

c:\program files\StormII\media\def\def.ini

c:\program files\StormII\media\empty.swf

c:\program files\StormII\media\media4in1.swf

c:\program files\StormII\media\mediabp.swf

c:\program files\StormII\media\others.xml

c:\program files\StormII\media\others.xml.ini

c:\program files\StormII\media\stcon.ini

c:\program files\StormII\media\stcon.ini.hxb

c:\program files\StormII\media\toff.ini

c:\program files\StormII\media\video_material_list.xml

c:\program files\StormII\media\video_material_list.xml.ini

c:\program files\StormII\media\video_style_list.xml

c:\program files\StormII\media\video_style_list.xml.hxb

c:\program files\StormII\media\video_style_list.xml.ini

c:\program files\StormII\Media2.dll.hxb

c:\program files\StormII\mee.db

c:\program files\StormII\mps.dll

c:\program files\StormII\msscript.ocx

c:\program files\StormII\msvcp60.dll

c:\program files\StormII\QQCarSkinInstaller.exe

c:\program files\StormII\rndrmgr.dll

c:\program files\StormII\score.dll

c:\program files\StormII\server.ecs

c:\program files\StormII\sexpert.dll

c:\program files\StormII\Skin\暴风1经典.zip

c:\program files\StormII\Skin\暴风2经典.zip

c:\program files\StormII\spfa.dll

c:\program files\StormII\splayers.dll

c:\program files\StormII\sprobe.dll

c:\program files\StormII\storm.exe

c:\program files\StormII\StormExcept.log

c:\program files\StormII\stormliv.exe.hxb

c:\program files\StormII\stormply.exe

c:\program files\StormII\stormres.dll

c:\program files\StormII\subdecoder.dll

c:\program files\StormII\uninst.exe

c:\program files\StormII\video.dll

c:\recycler\S-9-0-20-100027596-100012012-100032269-4118.com

c:\windows\struct~.ini

c:\windows\system32\drivers\gaopdxbqlrviqjwpkmlotxjkvxobqtvymupkds.sys

c:\windows\system32\drivers\gaopdxkdaejrlbwwonqrvrcpalknqqpwaqbrpr.sys

c:\windows\system32\drivers\gaopdxwmumqkiwqvayvgowxmnisghpyimwmrdg.sys

c:\windows\system32\drivers\npf.sys

c:\windows\system32\gaopdxcounter

c:\windows\system32\gaopdxmvavjwyavggiaicfqedvdyyafsfsawhp.dll

c:\windows\system32\hgxdkmld.dll

c:\windows\system32\lxaaovel.dll

c:\windows\system32\packet.dll

c:\windows\system32\pwlxskuq.dll

c:\windows\system32\wpcap.dll

c:\windows\Tasks\ozzjwtyt.job

E:\Autorun.inf

e:\recycler\S-0-7-75-100031091-100021254-100015484-4949.com

e:\recycler\S-8-7-40-100012286-100001895-100017591-7060.com

e:\recycler\S-9-0-20-100027596-100012012-100032269-4118.com

e:\recycler\S-9-1-22-100031599-100012108-100010160-4201.com

.

((((((((((((((((((((((((((((((((((((((( 驱动/服务 )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Service_gaopdxserv.sys

-------\Service_NPF

((((((((((((((((((((((((( 2009-02-28 至 2009-03-31 的新的档案 )))))))))))))))))))))))))))))))

.

2009-03-29 23:08 . 2009-03-29 23:08 <DIR> d-------- c:\program files\Trend Micro

2009-03-29 23:02 . 2009-03-26 16:49 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys

2009-03-29 23:02 . 2009-03-26 16:49 15,504 --a------ c:\windows\system32\drivers\mbam.sys

2009-03-21 19:27 . 2009-03-21 19:27 <DIR> d-------- c:\program files\iTunes

2009-03-21 19:27 . 2009-03-21 19:27 <DIR> d-------- c:\program files\iPod

2009-03-21 19:27 . 2009-03-21 19:27 <DIR> d-------- c:\documents and settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}

2009-03-21 19:24 . 2009-03-05 23:59 1,900,544 --a------ c:\windows\system32\usbaaplrc.dll

2009-03-13 18:53 . 2009-03-13 18:53 <DIR> d-------- c:\program files\Microsoft ActiveSync

2009-03-13 18:53 . 2007-04-09 13:23 28,040 --a------ c:\windows\system32\mdimon.dll

2009-03-13 18:52 . 2009-03-13 18:53 <DIR> d-------- c:\windows\SHELLNEW

2009-03-13 18:52 . 2009-03-13 18:52 <DIR> d-------- c:\program files\Microsoft.NET

2009-03-08 18:18 . 2009-03-08 18:18 <DIR> d-------- c:\program files\Windows Live SkyDrive

2009-03-08 18:18 . 2009-03-08 18:18 <DIR> d-------- c:\program files\Microsoft

2009-03-08 18:17 . 2009-03-08 18:18 <DIR> d-------- c:\program files\Windows Live

2009-02-28 18:44 . 2009-02-28 18:55 <DIR> d-------- c:\windows\NV21563452.TMP

2009-02-28 16:58 . 2009-03-29 18:06 <DIR> d-------- c:\documents and settings\Dongyan\Tracing

2009-02-28 16:23 . 2009-02-28 16:23 <DIR> d-------- c:\program files\Common Files\Windows Live

2009-02-27 23:59 . 2009-02-28 00:14 <DIR> d-------- c:\windows\NV7201032.TMP

2009-02-24 17:59 . 2009-01-09 15:19 1,089,593 -----c--- c:\windows\system32\dllcache\ntprint.cat

2009-02-22 17:45 . 2009-02-22 17:45 <DIR> d-------- c:\program files\Common Files\Adobe AIR

2009-02-22 17:42 . 2009-02-23 18:28 <DIR> d-------- c:\documents and settings\All Users\Application Data\NOS

2009-02-22 14:58 . 2009-02-22 15:03 <DIR> d-------- c:\windows\SxsCaPendDel

2009-02-15 16:19 . 2009-03-01 18:09 183,112 --a------ c:\windows\system32\PnkBstrB.exe

2009-02-15 16:19 . 2009-03-01 18:09 138,184 --a------ c:\windows\system32\drivers\PnkBstrK.sys

2009-02-15 16:19 . 2009-02-16 02:15 66,872 --a------ c:\windows\system32\PnkBstrA.exe

2009-02-15 13:26 . 2009-02-15 13:26 <DIR> d-------- c:\documents and settings\Dongyan\Application Data\Leadertech

2009-02-09 14:18 . 2009-02-09 14:18 1,253,376 --a------ c:\windows\system32\NvPVEnc.ax

2009-02-09 14:18 . 2009-02-09 14:18 401,408 --a------ c:\windows\system32\nvcuvid.dll

2009-02-06 18:52 . 2009-02-06 18:52 49,504 --a------ c:\windows\system32\sirenacm.dll

.

(((((((((((((((((((((((((((((((((((((((( 在三个月内被修改的档案 ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-03-22 21:59 --------- d-----w c:\program files\Common Files\Adobe

2009-03-21 23:27 --------- d-----w c:\program files\Common Files\Apple

2009-03-21 23:26 --------- d-----w c:\program files\QuickTime

2009-03-06 03:59 36,864 ----a-w c:\windows\system32\drivers\usbaapl.sys

2009-02-28 23:28 --------- d--h--w c:\program files\InstallShield Installation Information

2009-02-28 22:45 --------- d-----w c:\program files\Common Files\Wise Installation Wizard

2009-02-28 22:44 --------- d-----w c:\program files\AGEIA Technologies

2009-02-28 22:38 --------- d-----w c:\program files\NVIDIA Corporation

2009-02-28 20:22 --------- d-----w c:\documents and settings\All Users\Application Data\Storm

2009-02-28 20:21 --------- d-----w c:\program files\MSN Messenger

2009-02-22 15:03 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP

2009-02-21 20:25 --------- d-----w c:\documents and settings\Dongyan\Application Data\Skype

2009-02-09 18:18 6,307,328 ----a-w c:\windows\system32\drivers\nv4_mini.sys

2009-01-07 21:20 36,896 ----a-w c:\windows\nvflash.sys

2009-01-06 20:51 36,640 ----a-w c:\windows\nvoclock.sys

2009-01-06 20:47 430,080 ----a-w c:\windows\ntuneoem.dll

2008-12-13 16:00 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008121320081214\index.dat

.

------- Sigcheck -------

2006-04-20 08:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys

2007-10-30 12:53 360832 64798ecfa43d78c7178375fcdd16d8c8 c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys

2008-06-20 07:59 361600 ad978a1b783b5719720cff204b666c8e c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys

2007-10-30 13:20 360064 ef7834c1d9ddf4c7da697d8c24a03791 c:\windows\$NtServicePackUninstall$\tcpip.sys

2004-08-04 02:14 359040 9f4b36614a0fc234525ba224957de55c c:\windows\$NtUninstallKB917953$\tcpip.sys

2006-04-20 07:51 359808 1dbf125862891817f374f407626967f4 c:\windows\$NtUninstallKB941644$\tcpip.sys

2008-04-13 15:20 361344 607c976b22aeb2fcf8a7486bcca1e3bf c:\windows\$NtUninstallKB951748$\tcpip.sys

2008-04-13 15:20 361344 93ea8d04ec73a85db02eb8805988f733 c:\windows\ServicePackFiles\i386\tcpip.sys

2008-06-20 07:51 361600 9aefa14bd6b182d61e3119fa5f436d3d c:\windows\system32\dllcache\tcpip.sys

2008-06-20 07:51 361600 4afb3b0919649f95c1964aa1fad27d73 c:\windows\system32\drivers\tcpip.sys

.

((((((((((((((((((((((((((((((((((((( 重要登入点 ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*注意* 空白与合法缺省登录将不会被显示

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Creative Detector"="c:\program files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 102400]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392]

"Google Update"="c:\documents and settings\Dongyan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-03-21 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-02-09 13680640]

"CTDVDDET"="c:\program files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE" [2003-06-18 45056]

"RCSystem"="c:\program files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-06-16 49152]

"AudioDrvEmulator"="c:\program files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-06-16 49152]

"VolPanel"="c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" [2005-07-11 122880]

"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]

"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]

"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-05-18 49152]

"ShStatEXE"="c:\program files\Network Associates\VirusScan\SHSTAT.EXE" [2004-09-22 98304]

"McAfeeUpdaterUI"="c:\program files\Network Associates\Common Framework\UpdaterUI.exe" [2006-09-29 131072]

"Network Associates Error Reporting Service"="c:\program files\Common Files\Network Associates\TalkBack\tbmon.exe" [2003-10-07 147514]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-03-06 177472]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-02-09 86016]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-03-12 342312]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]

"nwiz"="nwiz.exe" [2009-02-09 c:\windows\system32\nwiz.exe]

"CTHelper"="CTHELPER.EXE" [2006-12-12 c:\windows\system32\CtHelper.exe]

"CTxfiHlp"="CTXFIHLP.EXE" [2006-12-12 c:\windows\system32\Ctxfihlp.exe]

"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-09-21 c:\windows\KHALMNPR.Exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-05-17 784912]

MA111 Configuration Utility.lnk - c:\program files\NETGEAR\MA111v2 USB Adapter\MA111v2.exe [2004-05-28 421888]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]

2007-11-15 10:10 72208 c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=jguyjm.dll oucoje.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"VIDC.ACDV"= ACDV.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=

"c:\\WINDOWS\\system32\\dxdiag.exe"=

"c:\\Program Files\\Network Associates\\Common Framework\\FrameworkService.exe"=

"e:\\Games\\COD5\\CoDWaWmp.exe"=

"e:\\Games\\COD5\\CoDWaW.exe"=

"c:\\Program Files\\Thunder Network\\Thunder\\Program\\Thunder5.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\skype\\Skype\\Phone\\Skype.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Documents and Settings\\Dongyan\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=

"c:\\Documents and Settings\\Dongyan\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=

R1 NaiAvTdi1;NaiAvTdi1;c:\windows\system32\drivers\mvstdi5x.sys [2008-09-27 59904]

R3 SISNPF;SIS Netgroup Packet Filter;c:\windows\system32\drivers\SISNPF.SYS [2004-05-03 74112]

S3 CrystalSysInfo;CrystalSysInfo;e:\downloads\MediaCoder\SysInfo.sys [2008-12-28 15152]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

"c:\program files\Common Files\LightScribe\LSRunOnce.exe"

.

Link to post
Share on other sites

Ok thats looking a lot better :)

Open HiJackThis and place a check(Tick) next to the following entries and select *Fix Checked* option

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O20 - AppInit_DLLs: jguyjm.dll oucoje.dll

Next update MBAM and run quick scan.Let it remove anything that it finds then post back the MBAM log + another HJT log after running MBAM.

Thanks in advance.

Link to post
Share on other sites

It does look better now! :)

I followed all of the instructions. MBAM quick scan did find anything wrong.

MBAM log:

Malwarebytes' Anti-Malware 1.35

Database version: 1927

Windows 5.1.2600 Service Pack 3

2009-3-31 20:11:41

mbam-log-2009-03-31 (20-11-41).txt

Scan type: Quick Scan

Objects scanned: 69313

Time elapsed: 2 minute(s), 11 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

HJT log:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 20:12:05, on 2009-3-31

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16791)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\System32\CTsvcCDA.EXE

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\Network Associates\Common Framework\FrameworkService.exe

C:\Program Files\Network Associates\VirusScan\mcshield.exe

C:\Program Files\Network Associates\VirusScan\vstskmgr.exe

C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe

C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\Program Files\CyberLink\Shared files\RichVideo.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE

C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe

C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe

C:\WINDOWS\system32\CTHELPER.EXE

C:\WINDOWS\system32\CTXFIHLP.EXE

C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE

C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe

C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe

C:\WINDOWS\SYSTEM32\CTXFISPI.EXE

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe

C:\Documents and Settings\Dongyan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Program Files\NETGEAR\MA111v2 USB Adapter\MA111v2.exe

C:\Program Files\Creative\ShareDLL\CADI\NotiMan.exe

C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll

O2 - BHO: Thunder AtOnce - {01443AEC-0FD1-40fd-9C87-E93D1494C233} - C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: ThunderBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"

O4 - HKLM\..\Run: [RCSystem] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" RCSystem * -Startup

O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"

O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r

O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE

O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart

O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"

O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE

O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey

O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe"

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Dongyan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c

O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')

O4 - Startup: Registration Heroes of Might & Magic 5.LNK = E:\Games\HoMM5\registration\RegistrationReminder.exe

O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe

O4 - Global Startup: MA111 Configuration Utility.lnk = C:\Program Files\NETGEAR\MA111v2 USB Adapter\MA111v2.exe

O4 - Global Startup: 新浪UC.lnk = C:\Program Files\sina\UC\uc.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: 使用迅雷下载 - C:\Program Files\Thunder Network\Thunder\Program\geturl.htm

O8 - Extra context menu item: 使用迅雷下载全部链接 - C:\Program Files\Thunder Network\Thunder\Program\getallurl.htm

O9 - Extra button: 启动迅雷5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - C:\Program Files\Thunder Network\Thunder\Thunder.exe

O9 - Extra 'Tools' menuitem: 启动迅雷5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - C:\Program Files\Thunder Network\Thunder\Thunder.exe

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O15 - ESC Trusted Zone: http://*.update.microsoft.com

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1184722726560

O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1190153864843

O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Bonjour 服务 (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE

O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod 服务 (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: McAfee Framework 服务 (McAfeeFramework) - McAfee, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe

O23 - Service: Network Associates McShield (McShield) - McAfee, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe

O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe

O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe

O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe

O23 - Service: Performance Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe

O23 - Service: Update Center Service (UpdateCenterService) - NVIDIA - C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe

--

End of file - 10523 bytes

Link to post
Share on other sites

Ok your HiJackThis log is looking good to go :)

Here's some handy reading tho Prevention page with lots of info and tips how to prevent this in the future.

And if you want to improve speed/system performance after malware removal, take a look here.

Extra note: Make sure your programs are up to date - because older versions may contain Security Leaks. To find out what programs need to be updated, please run the Secunia Software Inspector Scan.

Safe surfing :)

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.