1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Solved Pop up virus

Discussion in 'Malware and Virus Removal Archive' started by ChingChingHo, 2007/10/06.

Page 1 of 2
  1. 2007/10/06
    ChingChingHo

    ChingChingHo Inactive Thread Starter

    Joined:
    2007/10/06
    Messages:
    13
    Likes Received:
    0
    [Resolved]Pop up virus

    My computer was reasonly annoyed by a number of pop up virus, I have used many many methods to remove or isolate the virus, but it was useless. I hope you can help me to solve the problem. Thanks you. Here is my HJT log:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 21:44:58, on 6/10/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16512)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exe
    C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Softex\OmniPass\Omniserv.exe
    C:\WINDOWS\system32\PMSveH.exe
    C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
    C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
    C:\Program Files\IBM ThinkVantage\Common\Scheduler\tvtsched.exe
    C:\WINDOWS\system32\PMHandler.exe
    C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\system32\PMHandler.exe
    C:\WINDOWS\system32\tsnp2std.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\WINDOWS\vsnp2std.exe
    C:\Program Files\Softex\OmniPass\scureapp.exe
    C:\Program Files\ThinkVantage\AMSG\Amsg.exe
    C:\PROGRA~1\Lenovo\LENOVO~2\LPMGR.exe
    C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauthe.exe
    C:\Program Files\Picasa2\PicasaMediaDetector.exe
    C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
    C:\Program Files\DAEMON Tools\daemon.exe
    C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
    C:\Program Files\ICQLite\ICQLite.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Sophos\AutoUpdate\ALMon.exe
    C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
    C:\PROGRA~1\Lenovo\BLUETO~1\BTSTAC~1.EXE
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\conime.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [High Definition Audio 屬性頁捷徑] HDAShCut.exe
    O4 - HKLM\..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPHKMGR.exe
    O4 - HKLM\..\Run: [TPWAUDAP] C:\Program Files\Lenovo\HOTKEY\TpWAudAp.exe
    O4 - HKLM\..\Run: [PMHandler] C:\WINDOWS\system32\PMHandler.exe
    O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\system32\tsnp2std.exe
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe
    O4 - HKLM\..\Run: [suScheduler] C:\Program Files\ThinkVantage\SystemUpdate\UCLauncher.exe /SCHEDULER
    O4 - HKLM\..\Run: [ISUSPM Startup] c:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "c:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [OmniPass] C:\Program Files\Softex\OmniPass\scureapp.exe
    O4 - HKLM\..\Run: [AMSG] C:\Program Files\ThinkVantage\AMSG\Amsg.exe
    O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\Lenovo\LENOVO~2\LPMGR.exe
    O4 - HKLM\..\Run: [cssauthe] "C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauthe.exe" silent
    O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
    O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe "
    O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
    O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
    O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [CJIMETIPSYNC] C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\CHANGJIE\CINTLCFG.EXE /CJIMETIPSync
    O4 - HKLM\..\Run: [PHIMETIPSYNC] C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\PHONETIC\TINTLCFG.EXE /PHIMETIPSync
    O4 - HKLM\..\Run: [DaemonTools_WhenUSaveNow_Installer] C:\Program Files\DaemonTools_WhenUSaveNow_Installer\DaemonTools_WhenUSaveNow_Installer.exe
    O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe "
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [ICQ Lite] "C:\Program Files\ICQLite\ICQLite.exe" -minimize
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" AcPro7_0_7
    O4 - HKUS\S-1-5-19\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-21-2464516817-4094875079-1992848042-1007\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'a')
    O4 - HKUS\S-1-5-21-2464516817-4094875079-1992848042-1007\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'a')
    O4 - HKUS\S-1-5-21-2464516817-4094875079-1992848042-1007\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" (User 'a')
    O4 - HKUS\S-1-5-21-2464516817-4094875079-1992848042-1007\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot (User 'a')
    O4 - HKUS\S-1-5-21-2464516817-4094875079-1992848042-1019\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '細妹')
    O4 - HKUS\S-1-5-21-2464516817-4094875079-1992848042-1019\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot (User '細妹')
    O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: &使用BitComet下載本頁視頻 - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
    O8 - Extra context menu item: &使用迅雷下載 - C:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm
    O8 - Extra context menu item: &使用迅雷下載全部鏈接 - C:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm
    O8 - Extra context menu item: Google 搜尋(&G) - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: 使用BitComet下載全部鏈接 - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
    O8 - Extra context menu item: 使用BitComet下載鏈接(&B) - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
    O8 - Extra context menu item: 傳送到 &Bluetooth 裝置... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
    O8 - Extra context menu item: 匯出至 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: 反向連結 - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: 妏蚚Web捃濘狟婥 - C:\Program Files\Thunder Network\WebThunder\GetUrl.htm
    O8 - Extra context menu item: 妏蚚Web捃濘狟婥窒蟈諉 - C:\Program Files\Thunder Network\WebThunder\GetAllUrl.htm
    O8 - Extra context menu item: 網頁的快取快照 - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: 翻譯英文字詞(&T) - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
    O8 - Extra context menu item: 轉換到現有 PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: 轉換為 Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: 轉換連結目標到現有 PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: 轉換連結目標為 Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: 轉換選定的連結到現有 PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: 轉換選定的連結為 Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: 轉換選擇內容到現有 PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: 轉換選擇內容為 Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: 類似網頁 - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
    O9 - Extra 'Tools' menuitem: IBM Java 主控台 - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
    O9 - Extra button: (no name) - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - (no file)
    O9 - Extra button: 參考資料 - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
    O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [JAVA_IBM] Java (IBM)
    O14 - IERESET.INF: START_PAGE_URL=http://www.lenovo.com/hk/en/
    O15 - ESC Trusted Zone: http://*.update.microsoft.com
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://chingsim.spaces.live.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://chingsim.spaces.live.com/PhotoUpload/MsnPUpld.cab
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Unknown owner - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe (file missing)
    O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exe
    O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
    O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
    O23 - Service: Softex OmniPass Service (omniserv) - Softex Inc. - C:\Program Files\Softex\OmniPass\Omniserv.exe
    O23 - Service: PMSveH - Lenovo - C:\WINDOWS\system32\PMSveH.exe
    O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
    O23 - Service: Sophos Anti-Virus status reporter (SAVAdminService) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
    O23 - Service: Sophos Anti-Virus (SAVService) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
    O23 - Service: Sophos AutoUpdate Service - Sophos Plc - C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
    O23 - Service: TVT Backup Service - Unknown owner - C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
    O23 - Service: TVT Scheduler - Unknown owner - C:\Program Files\IBM ThinkVantage\Common\Scheduler\tvtsched.exe
    O23 - Service: ThinkVantage System Update (UCLauncherService) - Unknown owner - C:\Program Files\ThinkVantage\SystemUpdate\UCLauncherService.exe (file missing)

    --
    End of file - 13888 bytes
     
    ChingChingHo,
    #1
  2. 2007/10/06
    Geri Lifetime Subscription

    Geri Inactive Alumni

    Joined:
    2003/03/02
    Messages:
    4,580
    Likes Received:
    7
    Hi ChingChingHo
    Welcome to Windowsbbs.

    Please download VundoFix.exe to your desktop
    • Double-click VundoFix.exe to run it.
    • Click the Scan for Vundo button.
    • Once it's done scanning, click the Remove Vundo button.
    • You will receive a prompt asking if you want to remove the files, click YES
    • Once you click yes, your desktop will go blank as it starts removing Vundo.
    • When completed, it will prompt that it will reboot your computer, click OK.
    • Please post the contents of C:\vundofix.txt and a new HiJackThis log in a reply to this thread.

    Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting

    Please post the Vundo log and a new HJT log.
    Thanks
    Geri
     
    Geri,
    #2


  3. to hide this advert.

  4. 2007/10/06
    ChingChingHo

    ChingChingHo Inactive Thread Starter

    Joined:
    2007/10/06
    Messages:
    13
    Likes Received:
    0
    I have download it and scan my computer, but it can not find any infected file or virus.


    Here is the HIJ:
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 11:49:25, on 7/10/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16512)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exe
    C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Softex\OmniPass\Omniserv.exe
    C:\WINDOWS\system32\PMSveH.exe
    C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
    C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
    C:\WINDOWS\system32\PMHandler.exe
    C:\Program Files\IBM ThinkVantage\Common\Scheduler\tvtsched.exe
    C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\system32\tsnp2std.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\WINDOWS\vsnp2std.exe
    C:\Program Files\Softex\OmniPass\scureapp.exe
    C:\Program Files\ThinkVantage\AMSG\Amsg.exe
    C:\PROGRA~1\Lenovo\LENOVO~2\LPMGR.exe
    C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauthe.exe
    C:\Program Files\Picasa2\PicasaMediaDetector.exe
    C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
    C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
    C:\Program Files\DAEMON Tools\daemon.exe
    C:\Program Files\ICQLite\ICQLite.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Sophos\AutoUpdate\ALMon.exe
    C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
    C:\Program Files\Palm\HOTSYNC.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\PROGRA~1\Lenovo\BLUETO~1\BTSTAC~1.EXE
    C:\WINDOWS\system32\msiexec.exe
    C:\Program Files\Windows Media Player\wmplayer.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\conime.exe
    C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [High Definition Audio 屬性頁捷徑] HDAShCut.exe
    O4 - HKLM\..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPHKMGR.exe
    O4 - HKLM\..\Run: [TPWAUDAP] C:\Program Files\Lenovo\HOTKEY\TpWAudAp.exe
    O4 - HKLM\..\Run: [PMHandler] C:\WINDOWS\system32\PMHandler.exe
    O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\system32\tsnp2std.exe
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe
    O4 - HKLM\..\Run: [suScheduler] C:\Program Files\ThinkVantage\SystemUpdate\UCLauncher.exe /SCHEDULER
    O4 - HKLM\..\Run: [ISUSPM Startup] c:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "c:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [OmniPass] C:\Program Files\Softex\OmniPass\scureapp.exe
    O4 - HKLM\..\Run: [AMSG] C:\Program Files\ThinkVantage\AMSG\Amsg.exe
    O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\Lenovo\LENOVO~2\LPMGR.exe
    O4 - HKLM\..\Run: [cssauthe] "C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauthe.exe" silent
    O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
    O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe "
    O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
    O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
    O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [CJIMETIPSYNC] C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\CHANGJIE\CINTLCFG.EXE /CJIMETIPSync
    O4 - HKLM\..\Run: [PHIMETIPSYNC] C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\PHONETIC\TINTLCFG.EXE /PHIMETIPSync
    O4 - HKLM\..\Run: [DaemonTools_WhenUSaveNow_Installer] C:\Program Files\DaemonTools_WhenUSaveNow_Installer\DaemonTools_WhenUSaveNow_Installer.exe
    O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe "
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [ICQ Lite] "C:\Program Files\ICQLite\ICQLite.exe" -minimize
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot
    O4 - HKUS\S-1-5-19\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Google 搜尋(&G) - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: 傳送到 &Bluetooth 裝置... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
    O8 - Extra context menu item: 反向連結 - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: 網頁的快取快照 - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: 翻譯英文字詞(&T) - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
    O8 - Extra context menu item: 類似網頁 - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
    O9 - Extra 'Tools' menuitem: IBM Java 主控台 - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
    O9 - Extra button: (no name) - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - (no file)
    O9 - Extra button: 參考資料 - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
    O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [JAVA_IBM] Java (IBM)
    O14 - IERESET.INF: START_PAGE_URL=http://www.lenovo.com/hk/en/
    O15 - ESC Trusted Zone: http://*.update.microsoft.com
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://chingsim.spaces.live.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://chingsim.spaces.live.com/PhotoUpload/MsnPUpld.cab
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Unknown owner - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe (file missing)
    O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exe
    O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
    O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
    O23 - Service: Softex OmniPass Service (omniserv) - Softex Inc. - C:\Program Files\Softex\OmniPass\Omniserv.exe
    O23 - Service: PMSveH - Lenovo - C:\WINDOWS\system32\PMSveH.exe
    O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
    O23 - Service: Sophos Anti-Virus status reporter (SAVAdminService) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
    O23 - Service: Sophos Anti-Virus (SAVService) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
    O23 - Service: Sophos AutoUpdate Service - Sophos Plc - C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
    O23 - Service: TVT Backup Service - Unknown owner - C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
    O23 - Service: TVT Scheduler - Unknown owner - C:\Program Files\IBM ThinkVantage\Common\Scheduler\tvtsched.exe
    O23 - Service: ThinkVantage System Update (UCLauncherService) - Unknown owner - C:\Program Files\ThinkVantage\SystemUpdate\UCLauncherService.exe (file missing)

    --
    End of file - 11895 bytes
     
    ChingChingHo,
    #3
  5. 2007/10/07
    Geri Lifetime Subscription

    Geri Inactive Alumni

    Joined:
    2003/03/02
    Messages:
    4,580
    Likes Received:
    7
    Hi ChingChingHo

    Please go to add/remove list and remove
    DAEMON Tools
    DaemonTools_WhenUSaveNow_Installer     (If present)

    Please re-open HiJackThis and scan only. Check the boxes next to all the entries listed below.

    O4 - HKLM\..\Run: [DaemonTools_WhenUSaveNow_Installer] C:\Program Files\DaemonTools_WhenUSaveNow_Installer\DaemonToo ls_WhenUSaveNow_Installer.exe
    O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O9 - Extra button: (no name) - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - (no file)

    Now close all windows other than HiJackThis, then click Fix Checked.

    Close HJT.

    Using Windows Explorer (to get there right-click your Start button and go to "Explore "), please delete these folders (if present):

    C:\Program Files\DaemonTools_WhenUSaveNow_Installer
    C:\Program Files\DAEMON Tools

    Please reboot your computer.


    OK, Now Lets look a little deeper

    Please download Deckard's System Scanner (dss.exe) and save it to your Desktop.
    Note: You must be logged onto an account with administrator privileges to complete the following.
    • Close all other windows before proceeding.
    • Double-click on dss.exe and follow the prompts.
    • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

    Please post the “main.txt” log only for now.

    Thanks
    Geri
     
    Geri,
    #4
  6. 2007/10/07
    ChingChingHo

    ChingChingHo Inactive Thread Starter

    Joined:
    2007/10/06
    Messages:
    13
    Likes Received:
    0
    Thank you for your reply. I have followed your instruction and here is the main.txt:

    Deckard's System Scanner v20070905.67
    Run by 細妹 on 2007-10-08 00:34:22
    Computer is in Normal Mode.
    --------------------------------------------------------------------------------

    -- System Restore --------------------------------------------------------------

    Successfully created a Deckard's System Scanner Restore Point.


    -- Last 5 Restore Point(s) --
    32: 2007-10-07 16:34:33 UTC - RP96 - Deckard's System Scanner Restore Point
    31: 2007-10-07 13:33:41 UTC - RP95 - 已安裝 Microsoft Office Professional Edition 2003
    30: 2007-10-06 17:30:40 UTC - RP94 - Software Distribution Service 3.0
    29: 2007-10-06 17:26:10 UTC - RP93 - Removed Windows Live Sign-in Assistant
    28: 2007-10-06 17:23:43 UTC - RP92 - 已移除 Windows Live Messenger


    -- First Restore Point --
    1: 2007-09-24 17:13:05 UTC - RP65 - Installed Pocket Player


    Backed up registry hives.
    Performed disk cleanup.

    Percentage of Memory in Use: 84% (more than 75%).
    Total Physical Memory: 503 MiB (512 MiB recommended).
    System Drive C: has 4.67 GiB (less than 15%) free.


    -- HijackThis (run as 細妹.exe) --------------------------------------------------

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 0:36:07, on 8/10/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16512)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exe
    C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Softex\OmniPass\Omniserv.exe
    C:\WINDOWS\system32\PMSveH.exe
    C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
    C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
    C:\WINDOWS\system32\PMHandler.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
    C:\Program Files\IBM ThinkVantage\Common\Scheduler\tvtsched.exe
    C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\system32\tsnp2std.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\WINDOWS\vsnp2std.exe
    C:\Program Files\Softex\OmniPass\scureapp.exe
    C:\Program Files\ThinkVantage\AMSG\Amsg.exe
    C:\PROGRA~1\Lenovo\LENOVO~2\LPMGR.exe
    C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauthe.exe
    C:\Program Files\Picasa2\PicasaMediaDetector.exe
    C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
    C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
    C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
    C:\Program Files\ICQLite\ICQLite.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Sophos\AutoUpdate\ALMon.exe
    C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
    C:\Program Files\Palm\HOTSYNC.EXE
    C:\PROGRA~1\Lenovo\BLUETO~1\BTSTAC~1.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Documents and Settings\細妹\桌面\dss.exe
    C:\WINDOWS\system32\conime.exe
    C:\PROGRA~1\TRENDM~1\HIJACK~1\細妹.exe

    O2 - BHO: ThunderBHO - {06849E9E-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_006.dll (file missing)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.2.7.dll
    O2 - BHO: (no name) - {517AAD4D-B405-4869-9B93-1DF9A344ADE2} - C:\WINDOWS\system32\mlljh.dll
    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [High Definition Audio 屬性頁捷徑] HDAShCut.exe
    O4 - HKLM\..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPHKMGR.exe
    O4 - HKLM\..\Run: [TPWAUDAP] C:\Program Files\Lenovo\HOTKEY\TpWAudAp.exe
    O4 - HKLM\..\Run: [PMHandler] C:\WINDOWS\system32\PMHandler.exe
    O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\system32\tsnp2std.exe
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe
    O4 - HKLM\..\Run: [suScheduler] C:\Program Files\ThinkVantage\SystemUpdate\UCLauncher.exe /SCHEDULER
    O4 - HKLM\..\Run: [ISUSPM Startup] c:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "c:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [OmniPass] C:\Program Files\Softex\OmniPass\scureapp.exe
    O4 - HKLM\..\Run: [AMSG] C:\Program Files\ThinkVantage\AMSG\Amsg.exe
    O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\Lenovo\LENOVO~2\LPMGR.exe
    O4 - HKLM\..\Run: [cssauthe] "C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauthe.exe" silent
    O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
    O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe "
    O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
    O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
    O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [CJIMETIPSYNC] C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\CHANGJIE\CINTLCFG.EXE /CJIMETIPSync
    O4 - HKLM\..\Run: [PHIMETIPSYNC] C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\PHONETIC\TINTLCFG.EXE /PHIMETIPSync
    O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe "
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [ICQ Lite] "C:\Program Files\ICQLite\ICQLite.exe" -minimize
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Google 搜尋(&G) - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: 傳送到 &Bluetooth 裝置... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
    O8 - Extra context menu item: 反向連結 - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: 網頁的快取快照 - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: 翻譯英文字詞(&T) - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
    O8 - Extra context menu item: 類似網頁 - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
    O9 - Extra 'Tools' menuitem: IBM Java 主控台 - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
    O9 - Extra button: 參考資料 - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
    O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [JAVA_IBM] Java (IBM)
    O14 - IERESET.INF: START_PAGE_URL=http://www.lenovo.com/hk/en/
    O15 - ESC Trusted Zone: http://*.update.microsoft.com
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://chingsim.spaces.live.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://chingsim.spaces.live.com/PhotoUpload/MsnPUpld.cab
    O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
    O20 - Winlogon Notify: urqppnn - urqppnn.dll (file missing)
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Unknown owner - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe (file missing)
    O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exe
    O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
    O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
    O23 - Service: Softex OmniPass Service (omniserv) - Softex Inc. - C:\Program Files\Softex\OmniPass\Omniserv.exe
    O23 - Service: PMSveH - Lenovo - C:\WINDOWS\system32\PMSveH.exe
    O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
    O23 - Service: Sophos Anti-Virus status reporter (SAVAdminService) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
    O23 - Service: Sophos Anti-Virus (SAVService) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
    O23 - Service: Sophos AutoUpdate Service - Sophos Plc - C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
    O23 - Service: TVT Backup Service - Unknown owner - C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
    O23 - Service: TVT Scheduler - Unknown owner - C:\Program Files\IBM ThinkVantage\Common\Scheduler\tvtsched.exe
    O23 - Service: ThinkVantage System Update (UCLauncherService) - Unknown owner - C:\Program Files\ThinkVantage\SystemUpdate\UCLauncherService.exe (file missing)

    --
    End of file - 12153 bytes

    -- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

    backup-20071008-001539-712 O9 - Extra button: (no name) - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - (no file)
    backup-20071008-001539-933 O4 - HKLM\..\Run: [DaemonTools_WhenUSaveNow_Installer] C:\Program Files\DaemonTools_WhenUSaveNow_Installer\DaemonTools_WhenUSaveNow_Installer.exe

    -- File Associations -----------------------------------------------------------

    All associations okay.


    -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

    R1 ANC - c:\windows\system32\drivers\anc.sys <Not Verified; IBM Corp.; IBM Access Connections>
    R1 IBMTPCHK - c:\windows\system32\drivers\ibmbldid.sys
    R1 TPHKDRV - c:\windows\system32\drivers\tphkdrv.sys <Not Verified; Lenovo Group Limited; OnScreenDisplay>
    R1 TSMAPIP - c:\windows\system32\drivers\tsmapip.sys
    R2 EGATHDRV (IBM eGatherer) - c:\windows\system32\egathdrv.sys <Not Verified; IBM Corporation; IBM eGatherer>
    R2 ibmfilter - c:\windows\system32\drivers\ibmfilter.sys <Not Verified; IBM; RRU>
    R2 PMEM - c:\windows\system32\drivers\pmemnt.sys <Not Verified; Microsoft Corporation; Microsoft(R) Windows NT(TM) Operating System>
    R2 smi2 - c:\program files\smi2\smi2.sys <Not Verified; IBM Corp.; TVT SMI Bios driver>
    R3 CLEDX (Team H2O CLEDX service) - c:\windows\system32\drivers\cledx.sys <Not Verified; Team H2O; CLEDX>
    R3 Iviaspi (IVI ASPI Shell) - c:\windows\system32\drivers\iviaspi.sys <Not Verified; InterVideo, Inc.; InterVideo ASPI Shell>

    S0 ANCSQ - c:\windows\system32\drivers\ancsq.sys (file missing)
    S3 btwmodem (藍芽數據機) - c:\windows\system32\drivers\btwmodem.sys <Not Verified; Broadcom Corporation.; Bluetooth Software 5.0.1.1200>
    S3 NOWMEMDF - c:\windows\system32\nowmemdf.sys (file missing)
    S3 psadd (IBM PSA Access Driver) - c:\windows\system32\drivers\psadd.sys <Not Verified; Lenovo; SMI Driver>
    S3 StMp3Rec (Player Recovery Device Control Driver) - c:\windows\system32\drivers\stmp3rec.sys <Not Verified; SigmaTel, Inc.; SigmaTel MSCN Audio Player>


    -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

    R2 Diskeeper - "c:\program files\diskeeper corporation\diskeeper\dkservice.exe" <Not Verified; Diskeeper Corporation; Diskeeper (TM) Disk Defragmenter>
    R2 PMSveH - c:\windows\system32\pmsveh.exe <Not Verified; Lenovo; PMSveH>
    R2 SAVAdminService (Sophos Anti-Virus status reporter) - "c:\program files\sophos\sophos anti-virus\savadminservice.exe" <Not Verified; Sophos Plc; Sophos Anti-Virus>
    R2 SAVService (Sophos Anti-Virus) - "c:\program files\sophos\sophos anti-virus\savservice.exe" <Not Verified; Sophos Plc; Sophos Anti-Virus>
    R2 Sophos AutoUpdate Service - "c:\program files\sophos\autoupdate\alsvc.exe" <Not Verified; Sophos Plc; Sophos AutoUpdate>
    R2 TVT Scheduler - "c:\program files\ibm thinkvantage\common\scheduler\tvtsched.exe" <Not Verified; ; tvtsched Module>

    S2 AcPrfMgrSvc (Ac Profile Manager Service) - c:\program files\thinkpad\connectutilities\acprfmgrsvc.exe (file missing)
    S2 UCLauncherService (ThinkVantage System Update) - c:\program files\thinkvantage\systemupdate\uclauncherservice.exe (file missing)
    S3 gusvc (Google Updater Service) - "c:\program files\google\common\google updater\googleupdaterservice.exe" (file missing)
    S3 NMIndexingService - "c:\program files\common files\ahead\lib\nmindexingservice.exe" (file missing)
    S3 PsaSrv (IBM PSA Access Driver Control) - c:\windows\system32\psasrv.exe (file missing)
    S3 WmcCds (Windows Media Connect (WMC)) - c:\program files\windows media connect\mswmccds.exe <Not Verified; Microsoft Corporation; MicrosoftR WindowsR Operating System>
    S3 WmcCdsLs (Windows Media Connect (WMC) Helper) - c:\program files\windows media connect\mswmcls.exe <Not Verified; Microsoft Corporation; MicrosoftR WindowsR Operating System>


    -- Device Manager: Disabled ----------------------------------------------------

    Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Description: Cisco Systems VPN Adapter
    Device ID: ROOT\NET\0000
    Manufacturer: Cisco Systems
    Name: Cisco Systems VPN Adapter
    PNP Device ID: ROOT\NET\0000
    Service: CVirtA


    -- Scheduled Tasks -------------------------------------------------------------

    2007-10-08 00:23:21 530 --a------ C:\WINDOWS\Tasks\Weekday Scan [0].job
    2007-04-05 11:27:01 530 --a------ C:\WINDOWS\Tasks\Weekday Scan.job


    -- Files created between 2007-09-08 and 2007-10-08 -----------------------------

    2007-10-06 19:53:20 0 d-------- C:\Program Files\Trend Micro
    2007-10-06 19:42:06 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
    2007-10-06 19:41:54 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
    2007-10-06 19:29:07 571695 ---hs---- C:\WINDOWS\system32\hjllm.ini2
    2007-10-06 15:42:34 0 d-------- C:\Documents and Settings\細妹\Application Data\AdobeUM
    2007-10-06 15:04:26 0 d-------- C:\WINDOWS\system32\zh-tw
    2007-10-06 14:59:22 0 d-------- C:\WINDOWS\network diagnostic
    2007-10-06 12:49:40 0 d-------- C:\Program Files\Lavasoft
    2007-10-06 01:03:52 116224 --a------ C:\VundoFix.exe <Not Verified; Atribune.org; VundoFix>
    2007-10-06 00:54:09 69184 -----n--- C:\WINDOWS\system32\rqmpxaxg.dll
    2007-10-06 00:32:44 0 d-------- C:\VundoFix Backups
    2007-10-05 23:50:01 0 d-------- C:\Documents and Settings\Administrator\桌面
    2007-10-05 23:50:01 0 d--h----- C:\Documents and Settings\Administrator\Templates
    2007-10-05 23:50:01 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
    2007-10-05 23:50:01 0 dr-h----- C:\Documents and Settings\Administrator\Recent
    2007-10-05 23:50:01 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
    2007-10-05 23:50:01 0 d--h----- C:\Documents and Settings\Administrator\NetHood
    2007-10-05 23:50:01 0 dr------- C:\Documents and Settings\Administrator\My Documents
    2007-10-05 23:50:01 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
    2007-10-05 23:50:01 0 dr------- C:\Documents and Settings\Administrator\Favorites
    2007-10-05 23:50:01 0 d---s---- C:\Documents and Settings\Administrator\Cookies
    2007-10-05 23:50:01 0 d-------- C:\Documents and Settings\Administrator\Bluetooth Software
    2007-10-05 23:50:01 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
    2007-10-05 23:50:01 0 d-------- C:\Documents and Settings\Administrator\Application Data\Symantec
    2007-10-05 23:50:01 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
    2007-10-05 23:50:01 0 d-------- C:\Documents and Settings\Administrator\Application Data\Identities
    2007-10-05 23:50:01 0 d-------- C:\Documents and Settings\Administrator\Application Data\IBM
    2007-10-05 23:50:01 0 d-------- C:\Documents and Settings\Administrator\Application Data\Google
    2007-10-05 23:50:01 0 dr------- C:\Documents and Settings\Administrator\「開始」功能表
    2007-10-05 23:50:00 786432 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
    2007-10-02 13:53:23 0 d--hs---- C:\Documents and Settings\細妹\UserData
    2007-10-01 17:26:07 0 d-------- C:\Documents and Settings\細妹\Application Data\DivX
    2007-10-01 16:39:01 0 d-------- C:\Documents and Settings\細妹\Application Data\Macromedia
    2007-10-01 16:21:36 0 d-------- C:\Documents and Settings\細妹\Application Data\Adobe
    2007-10-01 16:20:39 0 d-------- C:\Documents and Settings\細妹\Application Data\ThinkVantage
    2007-10-01 16:18:44 0 d-------- C:\Documents and Settings\細妹\桌面
    2007-10-01 16:18:44 0 d--h----- C:\Documents and Settings\細妹\Templates
    2007-10-01 16:18:44 0 dr-h----- C:\Documents and Settings\細妹\SendTo
    2007-10-01 16:18:44 0 dr-h----- C:\Documents and Settings\細妹\Recent
    2007-10-01 16:18:44 0 d--h----- C:\Documents and Settings\細妹\PrintHood
    2007-10-01 16:18:44 0 d--h----- C:\Documents and Settings\細妹\NetHood
    2007-10-01 16:18:44 0 dr------- C:\Documents and Settings\細妹\My Documents
    2007-10-01 16:18:44 0 d--h----- C:\Documents and Settings\細妹\Local Settings
    2007-10-01 16:18:44 0 dr------- C:\Documents and Settings\細妹\Favorites
    2007-10-01 16:18:44 0 d--hs---- C:\Documents and Settings\細妹\Cookies
    2007-10-01 16:18:44 0 d-------- C:\Documents and Settings\細妹\Bluetooth Software
    2007-10-01 16:18:44 0 dr-h----- C:\Documents and Settings\細妹\Application Data
    2007-10-01 16:18:44 0 d-------- C:\Documents and Settings\細妹\Application Data\Symantec
    2007-10-01 16:18:44 0 d-------- C:\Documents and Settings\細妹\Application Data\Identities
    2007-10-01 16:18:44 0 d-------- C:\Documents and Settings\細妹\Application Data\IBM
    2007-10-01 16:18:44 0 d-------- C:\Documents and Settings\細妹\Application Data\Google
    2007-10-01 16:18:44 0 dr------- C:\Documents and Settings\細妹\「開始」功能表
    2007-10-01 16:18:43 1835008 --ah----- C:\Documents and Settings\細妹\NTUSER.DAT
    2007-09-29 21:43:18 84032 --a------ C:\WINDOWS\system32\ratdqrio.dll
    2007-09-28 21:40:57 85056 -----n--- C:\WINDOWS\system32\endbjaia.dll
    2007-09-26 13:31:32 0 d-------- C:\Program Files\Common Files\Epocrates
    2007-09-26 13:10:57 0 d-------- C:\Program Files\Epocrates
    2007-09-26 13:03:56 0 d-------- C:\WINDOWS\Skyscape
    2007-09-26 13:03:56 0 d-------- C:\Program Files\Common Files\Skyscape
    2007-09-26 11:46:29 0 d-------- C:\Program Files\MWC
    2007-09-25 13:15:34 84032 --a------ C:\WINDOWS\system32\ymxlitqy.dll
    2007-09-25 13:15:25 69184 --a------ C:\WINDOWS\system32\fciilwph.dll
    2007-09-25 13:13:55 28963 ---hs---- C:\WINDOWS\system32\hjllm.bak2
    2007-09-25 01:13:42 6414 ---hs---- C:\WINDOWS\system32\hjllm.bak1
    2007-09-25 01:12:41 244832 --a------ C:\WINDOWS\system32\mlljh.dll
    2007-09-24 00:50:44 0 d-------- C:\Program Files\MWCPPC
    2007-09-18 20:56:17 0 d-------- C:\modernr
    2007-09-18 20:55:52 252176 -ra------ C:\WINDOWS\system32\MSRD2X35.DLL <Not Verified; Microsoft Corporation; MicrosoftR Jet>
    2007-09-18 20:55:51 1056768 -ra------ C:\WINDOWS\system32\MSJET35.DLL <Not Verified; Microsoft Corporation; MicrosoftR Jet>
    2007-09-18 20:55:50 24848 -ra------ C:\WINDOWS\system32\MSJTER35.DLL <Not Verified; Microsoft Corporation; MicrosoftR Jet>
    2007-09-18 20:55:50 123664 -ra------ C:\WINDOWS\system32\MSJINT35.DLL <Not Verified; Microsoft Corporation; MicrosoftR Jet>
    2007-09-10 13:18:32 0 d-------- C:\Program Files\ISLITE
    2007-09-10 13:17:03 299008 --a------ C:\WINDOWS\uninst.exe <Not Verified; InstallShield Corporation, Inc.; InstallShield unInstaller>
    2007-09-10 13:16:33 0 -rahs---- C:\MSDOS.SYS
    2007-09-08 10:50:07 0 d-------- C:\Documents and Settings\b\Application Data\Sonic
    2007-09-08 10:50:01 0 d-------- C:\Documents and Settings\b\Application Data\Leadertech
    2007-09-08 10:31:35 0 d-------- C:\Program Files\QuickTime
    2007-09-08 10:18:20 0 d-------- C:\Program Files\EPH


    -- Find3M Report ---------------------------------------------------------------

    2007-10-07 23:55:34 219960 --a------ C:\WINDOWS\system32\prfh0404.dat
    2007-10-07 23:55:34 66028 --a------ C:\WINDOWS\system32\prfc0404.dat
    2007-10-07 23:54:42 0 d-------- C:\Program Files\Windows NT
    2007-10-07 00:41:17 5427 --a------ C:\WINDOWS\system32\EGATHDRV.SYS <Not Verified; IBM Corporation; IBM eGatherer>
    2007-10-06 18:59:55 0 d-------- C:\Program Files\Palm
    2007-10-06 15:45:47 0 d--h----- C:\Program Files\InstallShield Installation Information
    2007-10-06 01:00:25 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
    2007-10-04 21:52:21 0 d-------- C:\Program Files\ICQToolbar
    2007-10-03 21:45:00 1647 --a------ C:\Program Files\ircbo-xg.ide
    2007-10-02 21:30:08 0 d-------- C:\Program Files\ICQLite
    2007-09-26 13:31:32 0 d-------- C:\Program Files\Common Files
    2007-09-26 13:10:53 724992 --a------ C:\WINDOWS\iun6002.exe <Not Verified; Indigo Rose Corporation; Setup Factory 6.0 Runtime Module>
    2007-09-25 10:50:32 0 d-------- C:\Program Files\Microsoft ActiveSync
    2007-09-24 17:05:59 5 --a------ C:\WINDOWS\system32\SySMP3CutJoin.dat
    2007-09-08 00:03:00 0 d-------- C:\Program Files\Cakewalk
    2007-09-07 00:09:03 0 d-------- C:\Program Files\BitComet
    2007-08-15 00:18:01 4834 --a------ C:\WINDOWS\system32\cid_store.dat


    -- Registry Dump ---------------------------------------------------------------

    *Note* empty entries & legit default entries are not shown


    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{517AAD4D-B405-4869-9B93-1DF9A344ADE2}]
    25/09/2007 01:12 244832 --a------ C:\WINDOWS\system32\mlljh.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IMJPMIG8.1 "= "C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [12/08/2004 21:00]
    "SynTPEnh "= "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [28/10/2005 17:58]
    "High Definition Audio 屬性頁捷徑 "= "HDAShCut.exe" [07/01/2005 17:07 C:\WINDOWS\system32\HdAShCut.exe]
    "TPHOTKEY "= "C:\Program Files\Lenovo\HOTKEY\TPHKMGR.exe" []
    "TPWAUDAP "= "C:\Program Files\Lenovo\HOTKEY\TpWAudAp.exe" []
    "PMHandler "= "C:\WINDOWS\system32\PMHandler.exe" [06/01/2006 09:42]
    "tsnp2std "= "C:\WINDOWS\system32\tsnp2std.exe" [27/12/2005 22:36]
    "AGRSMMSG "= "AGRSMMSG.exe" [12/12/2005 14:50 C:\WINDOWS\AGRSMMSG.exe]
    "igfxtray "= "C:\WINDOWS\system32\igfxtray.exe" [03/11/2005 15:25]
    "igfxhkcmd "= "C:\WINDOWS\system32\hkcmd.exe" [03/11/2005 15:22]
    "igfxpers "= "C:\WINDOWS\system32\igfxpers.exe" [03/11/2005 15:26]
    "snp2std "= "C:\WINDOWS\vsnp2std.exe" [20/10/2005 14:18]
    "suScheduler "= "C:\Program Files\ThinkVantage\SystemUpdate\UCLauncher.exe" [01/08/2005 17:32]
    "ISUSPM Startup "= "c:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" []
    "ISUSScheduler "= "c:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" []
    "OmniPass "= "C:\Program Files\Softex\OmniPass\scureapp.exe" [28/02/2006 00:20]
    "AMSG "= "C:\Program Files\ThinkVantage\AMSG\Amsg.exe" [22/11/2005 20:36]
    "LPManager "= "C:\PROGRA~1\Lenovo\LENOVO~2\LPMGR.exe" [07/12/2005 01:00]
    "cssauthe "= "C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauthe.exe" [21/12/2005 18:08]
    "Picasa Media Detector "= "C:\Program Files\Picasa2\PicasaMediaDetector.exe" [16/06/2007 07:15]
    "DiskeeperSystray "= "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [29/11/2005 10:55]
    "ACTray "= "C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe" [31/01/2006 22:19]
    "ACWLIcon "= "C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe" [31/01/2006 22:12]
    "IMEKRMIG6.1 "= "C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE" [12/08/2004 21:00]
    "MSPY2002 "= "C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [12/08/2004 21:00]
    "CJIMETIPSYNC "= "C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\CHANGJIE\CINTLCFG.exe" [14/07/2003 22:57]
    "PHIMETIPSYNC "= "C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\PHONETIC\TINTLCFG.exe" [14/07/2003 22:57]
    "Acrobat Assistant 7.0 "= "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [12/01/2006 20:52]
    "@ "=" " []
    "QuickTime Task "= "C:\Program Files\QuickTime\qttask.exe" [08/09/2007 10:31]
    "ICQ Lite "= "C:\Program Files\ICQLite\ICQLite.exe" [28/07/2006 02:12]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe "= "C:\WINDOWS\system32\ctfmon.exe" [12/08/2004 21:00]
    "MSMSGS "= "C:\Program Files\Messenger\msmsgs.exe" [14/10/2004 00:24]

    C:\Documents and Settings\細妹\「開始」功能表\程式集\啟動\
    HotSync Manager.lnk - C:\Program Files\Palm\HOTSYNC.EXE [18/7/2002 11:58:46]

    C:\Documents and Settings\All Users\「開始」功能表\程式集\啟動\
    Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1028-0000-7760-000000000002}\SC_Acrobat.exe [12/4/2007 21:38:07]
    Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [14/12/2004 4:44:06]
    AutoUpdate Monitor.lnk - C:\Program Files\Sophos\AutoUpdate\ALMon.exe [5/8/2007 22:45:59]
    BTTray.lnk - C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe [2/12/2005 14:30:42]
    Cisco Systems VPN Client.lnk - C:\Program Files\Cisco Systems\VPN Client\vpngui.exe [5/4/2007 13:26:28]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ACNotify]
    ACNotify.dll 31/01/2006 22:13 32768 C:\Program Files\ThinkPad\ConnectUtilities\ACNotify.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina]
    C:\Program Files\Softex\OmniPass\opxpgina.dll 28/02/2006 00:21 49152 C:\Program Files\Softex\OmniPass\OPXPGina.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
    tphklock.dll 20/12/2005 20:46 24576 C:\WINDOWS\system32\tphklock.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\urqppnn]
    urqppnn.dll

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    "Authentication Packages "= msv1_0 C:\\WINDOWS\\system32\\mlljh

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
    @= "Service "

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService]
    @= "service "




    -- End of Deckard's System Scanner: finished at 2007-10-08 00:38:11 ------------
     
    ChingChingHo,
    #5
  7. 2007/10/07
    Geri Lifetime Subscription

    Geri Inactive Alumni

    Joined:
    2003/03/02
    Messages:
    4,580
    Likes Received:
    7
    Hi ChingChingHo

    Do you use Thunder Network? It is now showing in your logs.

    Download ComboFix from Here or [color= "Red"]Here[/color] to your Desktop.
    • Double click combofix.exe and follow the prompts.
    • When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
    Note: Do not mouseclick combofix's window while its running. That may cause it to stall

    Please post the combofix log.

    Thanks
    Geri
     
    Geri,
    #6
  8. 2007/10/07
    ChingChingHo

    ChingChingHo Inactive Thread Starter

    Joined:
    2007/10/06
    Messages:
    13
    Likes Received:
    0
    Thank you for your reply.
    Yes, I have a Thunder network, but I don't use it very often.
    I have download the programme and tried to run it in my site, but it was not success. Then, I had to go to the administrator site to run the programme, but it didn't give me the log and restart the computer auto. Then, I went back to my site and run the programme again, and it was success. The log is here:
    ComboFix 07-10-07.2 - 細妹 2007-10-08 12:11:10.2 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.2.950.1.1028.18.74 [GMT 8:00]
    執行位置?: C:\Documents and Settings\細妹\桌面\ComboFix.exe
    .

    (((((((((((((((((((((((((((( 2007-09-08 - 2007-10-08 之間建立的檔案 )))))))))))))))))))))))))))))))))
    .

    2007-10-08 11:53 51,200 --a------ C:\WINDOWS\NirCmd.exe
    2007-10-08 00:33 <DIR> d-------- C:\Deckard
    2007-10-06 19:53 <DIR> d-------- C:\Program Files\Trend Micro
    2007-10-06 19:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
    2007-10-06 19:41 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
    2007-10-06 15:42 <DIR> d-------- C:\Documents and Settings\細妹\Application Data\AdobeUM
    2007-10-06 15:04 <DIR> d-------- C:\WINDOWS\system32\zh-tw
    2007-10-06 14:58 6,058,496 --------- C:\WINDOWS\system32\dllcache\ieframe.dll
    2007-10-06 14:58 52,224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
    2007-10-06 14:58 459,264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll
    2007-10-06 14:58 383,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll
    2007-10-06 14:58 267,776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll
    2007-10-06 14:58 2,455,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dat
    2007-10-06 14:58 13,824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe
    2007-10-06 12:49 <DIR> d-------- C:\Program Files\Lavasoft
    2007-10-06 01:03 116,224 --a------ C:\VundoFix.exe
    2007-10-06 01:02 19,755,376 --a------ C:\aaw2007.exe
    2007-10-06 00:32 <DIR> d-------- C:\VundoFix Backups
    2007-10-05 23:50 <DIR> dr------- C:\Documents and Settings\Administrator\「開始」功能表
    2007-10-05 23:50 <DIR> d-------- C:\Documents and Settings\Administrator\桌面
    2007-10-05 23:50 <DIR> d-------- C:\Documents and Settings\Administrator\Bluetooth Software
    2007-10-05 23:50 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Symantec
    2007-10-05 23:50 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\IBM
    2007-10-05 23:50 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Google
    2007-10-02 13:53 <DIR> d--hs---- C:\Documents and Settings\細妹\UserData
    2007-10-01 17:26 <DIR> d-------- C:\Documents and Settings\細妹\Application Data\DivX
    2007-10-01 16:20 <DIR> d-------- C:\Documents and Settings\細妹\Application Data\ThinkVantage
    2007-10-01 16:18 2,359,296 --ah----- C:\Documents and Settings\細妹\NTUSER.DAT
    2007-10-01 16:18 <DIR> dr------- C:\Documents and Settings\細妹\「開始」功能表
    2007-10-01 16:18 <DIR> d-------- C:\Documents and Settings\細妹\桌面
    2007-10-01 16:18 <DIR> d-------- C:\Documents and Settings\細妹\Bluetooth Software
    2007-10-01 16:18 <DIR> d-------- C:\Documents and Settings\細妹\Application Data\Symantec
    2007-10-01 16:18 <DIR> d-------- C:\Documents and Settings\細妹\Application Data\IBM
    2007-10-01 16:18 <DIR> d-------- C:\Documents and Settings\細妹\Application Data\Google
    2007-09-26 13:31 2,551,280 --a------ C:\Epocrates2PalmW.exe
    2007-09-26 13:31 <DIR> d-------- C:\Program Files\Common Files\Epocrates
    2007-09-26 13:10 <DIR> d-------- C:\Program Files\Epocrates
    2007-09-26 13:03 <DIR> d-------- C:\WINDOWS\Skyscape
    2007-09-26 13:03 <DIR> d-------- C:\Program Files\Common Files\Skyscape
    2007-09-26 11:46 <DIR> d-------- C:\Program Files\MWC
    2007-09-24 00:50 <DIR> d-------- C:\Program Files\MWCPPC
    2007-09-18 20:56 <DIR> d-------- C:\modernr
    2007-09-18 20:55 252,176 -ra------ C:\WINDOWS\system32\MSRD2X35.DLL
    2007-09-18 20:55 24,848 -ra------ C:\WINDOWS\system32\MSJTER35.DLL
    2007-09-18 20:55 123,664 -ra------ C:\WINDOWS\system32\MSJINT35.DLL
    2007-09-18 20:55 1,056,768 -ra------ C:\WINDOWS\system32\MSJET35.DLL
    2007-09-11 12:38 30,592 --------- C:\WINDOWS\system32\drivers\rndismpx.sys
    2007-09-11 12:38 12,800 --------- C:\WINDOWS\system32\drivers\usb8023x.sys
    2007-09-10 13:18 <DIR> d-------- C:\Program Files\ISLITE
    2007-09-10 13:17 299,008 --a------ C:\WINDOWS\uninst.exe
    2007-09-08 10:50 <DIR> d-------- C:\Documents and Settings\b\Application Data\Sonic
    2007-09-08 10:50 <DIR> d-------- C:\Documents and Settings\b\Application Data\Leadertech
    2007-09-08 10:31 <DIR> d-------- C:\Program Files\QuickTime
    2007-09-08 10:18 <DIR> d-------- C:\Program Files\EPH

    .
    (((((((((((((((((((((((((((((((((((( 近三個月內更動的檔案 )))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-10-07 11:41 --------- d-------- C:\Documents and Settings\細妹\Application Data\AdobeUM
    2007-10-07 00:41 5427 --a------ C:\WINDOWS\system32\EGATHDRV.SYS
    2007-10-06 19:18 --------- d-------- C:\Documents and Settings\d\Application Data\AdobeUM
    2007-10-06 18:59 --------- d-------- C:\Program Files\Palm
    2007-10-06 15:45 --------- d--h----- C:\Program Files\InstallShield Installation Information
    2007-10-06 01:00 --------- d-------- C:\Program Files\Common Files\Wise Installation Wizard
    2007-10-04 21:52 --------- d-------- C:\Program Files\ICQToolbar
    2007-10-03 21:45 1647 --a------ C:\Program Files\ircbo-xg.ide
    2007-10-02 21:30 --------- d-------- C:\Program Files\ICQLite
    2007-10-01 17:26 --------- d-------- C:\Documents and Settings\細妹\Application Data\DivX
    2007-10-01 16:20 --------- d-------- C:\Documents and Settings\細妹\Application Data\ThinkVantage
    2007-09-26 20:52 --------- d-------- C:\Documents and Settings\b\Application Data\ICQLite
    2007-09-26 13:10 724992 --a------ C:\WINDOWS\iun6002.exe
    2007-09-25 10:50 --------- d-------- C:\Program Files\Microsoft ActiveSync
    2007-09-08 00:03 --------- d-------- C:\Program Files\Cakewalk
    2007-09-07 00:09 --------- d-------- C:\Program Files\BitComet
    2007-09-03 22:42 --------- d-------- C:\Documents and Settings\b\Application Data\Ahead
    2007-08-30 22:22 17823600 --a------ C:\Install_Messenger.exe
    2007-08-18 15:30 --------- d-------- C:\Documents and Settings\All Users\Application Data\Ahead
    2007-08-18 15:16 188660200 --a------ C:\Nero-7.10.1.0_chs_trial.exe
    2007-08-15 23:56 --------- d-------- C:\Documents and Settings\All Users\Application Data\Google
    2007-08-13 18:54 413696 --a------ C:\WINDOWS\system32\vbscript.dll
    2007-08-13 18:54 413696 --------- C:\WINDOWS\system32\dllcache\vbscript.dll
    2007-08-13 18:54 33792 --a------ C:\WINDOWS\system32\dllcache\custsat.dll
    2007-08-13 18:54 191488 --a------ C:\WINDOWS\system32\dllcache\iepeers.dll
    2007-08-13 18:54 156160 --a------ C:\WINDOWS\system32\msls31.dll
    2007-08-13 18:54 156160 --------- C:\WINDOWS\system32\dllcache\msls31.dll
    2007-08-13 18:45 78336 --a------ C:\WINDOWS\system32\ieencode.dll
    2007-08-13 18:45 78336 --a------ C:\WINDOWS\system32\dllcache\ieencode.dll
    2007-08-13 18:44 69120 --a------ C:\WINDOWS\system32\dllcache\iedw.exe
    2007-08-13 18:44 40960 --a------ C:\WINDOWS\system32\licmgr10.dll
    2007-08-13 18:44 40960 --a------ C:\WINDOWS\system32\dllcache\licmgr10.dll
    2007-08-13 18:42 17408 --------- C:\WINDOWS\system32\dllcache\corpol.dll
    2007-08-13 18:39 92672 --a------ C:\WINDOWS\system32\dllcache\inseng.dll
    2007-08-13 18:39 71680 --a------ C:\WINDOWS\system32\dllcache\admparse.dll
    2007-08-13 18:39 71680 --a------ C:\WINDOWS\system32\admparse.dll
    2007-08-13 18:39 55296 --a------ C:\WINDOWS\system32\iesetup.dll
    2007-08-13 18:39 55296 --a------ C:\WINDOWS\system32\dllcache\iesetup.dll
    2007-08-13 18:38 491520 --a------ C:\WINDOWS\system32\dllcache\jscript.dll
    2007-08-13 18:36 44544 --a------ C:\WINDOWS\system32\dllcache\pngfilt.dll
    2007-08-13 18:36 36352 --a------ C:\WINDOWS\system32\imgutil.dll
    2007-08-13 18:36 36352 --------- C:\WINDOWS\system32\dllcache\imgutil.dll
    2007-08-13 18:35 346624 --a------ C:\WINDOWS\system32\dllcache\dxtmsft.dll
    2007-08-13 18:35 214528 --a------ C:\WINDOWS\system32\dllcache\dxtrans.dll
    2007-08-13 18:32 45568 --a------ C:\WINDOWS\system32\mshta.exe
    2007-08-13 18:32 45568 --------- C:\WINDOWS\system32\dllcache\mshta.exe
    2007-08-13 18:18 60416 --------- C:\WINDOWS\system32\dllcache\hmmapi.dll
    2007-08-13 18:01 48128 --a------ C:\WINDOWS\system32\mshtmler.dll
    2007-08-13 18:01 48128 --------- C:\WINDOWS\system32\dllcache\mshtmler.dll
    2007-08-08 22:39 --------- d-------- C:\Documents and Settings\a\Application Data\Help
    2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\dllcache\cdm.dll
    2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
    2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
    2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\dllcache\wuapi.dll
    2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
    2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\dllcache\wuauclt.exe
    2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
    2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
    2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\dllcache\wucltui.dll
    2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
    2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\dllcache\wuweb.dll
    2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
    2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\dllcache\wuaueng.dll
    2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
    2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\dllcache\wups.dll
    2007-07-18 23:54 3583488 --------- C:\WINDOWS\system32\dllcache\mshtml.dll
    2007-07-13 07:30 765952 --a------ C:\WINDOWS\system32\dllcache\vgx.dll
    .

    (((((((((((((((((((((((((((((((((((((((((( 重要登錄檔 )))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *注意* 空白或合法的登錄值將不會顯示

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{01B73383-3269-4B0F-B2CA-E2DF2F8A0874}]
    C:\WINDOWS\system32\mlljh.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IMJPMIG8.1 "= "C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-12 21:00]
    "SynTPEnh "= "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-10-28 17:58]
    "High Definition Audio 屬性頁捷徑 "= "HDAShCut.exe" [2005-01-07 17:07 C:\WINDOWS\system32\HdAShCut.exe]
    "TPHOTKEY "= "C:\Program Files\Lenovo\HOTKEY\TPHKMGR.exe" []
    "TPWAUDAP "= "C:\Program Files\Lenovo\HOTKEY\TpWAudAp.exe" []
    "PMHandler "= "C:\WINDOWS\system32\PMHandler.exe" [2006-01-06 09:42]
    "tsnp2std "= "C:\WINDOWS\system32\tsnp2std.exe" [2005-12-27 22:36]
    "AGRSMMSG "= "AGRSMMSG.exe" [2005-12-12 14:50 C:\WINDOWS\AGRSMMSG.exe]
    "igfxtray "= "C:\WINDOWS\system32\igfxtray.exe" [2005-11-03 15:25]
    "igfxhkcmd "= "C:\WINDOWS\system32\hkcmd.exe" [2005-11-03 15:22]
    "igfxpers "= "C:\WINDOWS\system32\igfxpers.exe" [2005-11-03 15:26]
    "snp2std "= "C:\WINDOWS\vsnp2std.exe" [2005-10-20 14:18]
    "suScheduler "= "C:\Program Files\ThinkVantage\SystemUpdate\UCLauncher.exe" [2005-08-01 17:32]
    "ISUSPM Startup "= "c:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" []
    "ISUSScheduler "= "c:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" []
    "OmniPass "= "C:\Program Files\Softex\OmniPass\scureapp.exe" [2006-02-28 00:20]
    "AMSG "= "C:\Program Files\ThinkVantage\AMSG\Amsg.exe" [2005-11-22 20:36]
    "LPManager "= "C:\PROGRA~1\Lenovo\LENOVO~2\LPMGR.exe" [2005-12-07 01:00]
    "cssauthe "= "C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauthe.exe" [2005-12-21 18:08]
    "Picasa Media Detector "= "C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-06-16 07:15]
    "DiskeeperSystray "= "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2005-11-29 10:55]
    "ACTray "= "C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe" [2006-01-31 22:19]
    "ACWLIcon "= "C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2006-01-31 22:12]
    "IMEKRMIG6.1 "= "C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-12 21:00]
    "MSPY2002 "= "C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-12 21:00]
    "CJIMETIPSYNC "= "C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\CHANGJIE\CINTLCFG.exe" [2003-07-14 22:57]
    "PHIMETIPSYNC "= "C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\PHONETIC\TINTLCFG.exe" [2003-07-14 22:57]
    "Acrobat Assistant 7.0 "= "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2006-01-12 20:52]
    "QuickTime Task "= "C:\Program Files\QuickTime\qttask.exe" [2007-09-08 10:31]
    "ICQ Lite "= "C:\Program Files\ICQLite\ICQLite.exe" [2006-07-28 02:12]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe "= "C:\WINDOWS\system32\ctfmon.exe" [2004-08-12 21:00]
    "MSMSGS "= "C:\Program Files\Messenger\msmsgs.exe" [2004-10-14 00:24]

    C:\Documents and Settings\細妹\「開始」功能表\程式集\啟動\
    HotSync Manager.lnk - C:\Program Files\Palm\HOTSYNC.EXE [2002-07-18 11:58:46]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ACNotify]
    ACNotify.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina]
    C:\Program Files\Softex\OmniPass\opxpgina.dll 2006-02-28 00:21 49152 C:\Program Files\Softex\OmniPass\OPXPGina.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
    tphklock.dll 2005-12-20 20:46 24576 C:\WINDOWS\system32\tphklock.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\urqppnn]
    urqppnn.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService]
    @= "service "

    R1 ANC;ANC;C:\WINDOWS\system32\drivers\ANC.SYS
    R1 IBMTPCHK;IBMTPCHK;\??\C:\WINDOWS\system32\Drivers\IBMBLDID.sys
    R1 PMHler;PMHler;C:\WINDOWS\system32\drivers\PMHler.sys
    R1 SAVOnAccess Control;SAVOnAccess Control;C:\WINDOWS\system32\DRIVERS\savonaccesscontrol.sys
    R1 SAVOnAccess Filter;SAVOnAccess Filter;C:\WINDOWS\system32\DRIVERS\savonaccessfilter.sys
    R2 ibmfilter;ibmfilter;\??\C:\WINDOWS\system32\drivers\ibmfilter.sys
    R2 smi2;smi2;\??\C:\Program Files\SMI2\smi2.sys
    R3 ATSWPDRV;AuthenTec TruePrint USB Driver (AES2500);C:\WINDOWS\system32\Drivers\ATSwpDrv.sys
    R3 CLEDX;Team H2O CLEDX service;C:\WINDOWS\system32\DRIVERS\cledx.sys
    R3 SNP2STD;USB2.0 PC Camera (SNP2STD);C:\WINDOWS\system32\DRIVERS\snp2sxp.sys
    S0 ANCSQ;ANCSQ;C:\WINDOWS\system32\drivers\ANCSQ.sys
    S3 NOWMEMDF;NOWMEMDF;\??\C:\WINDOWS\system32\NOWMEMDF.sys
    S3 StMp3Rec;Player Recovery Device Control Driver;C:\WINDOWS\system32\Drivers\StMp3Rec.sys

    .
    排程工作資料夾的內容
    "2007-10-08 04:08:22 C:\WINDOWS\Tasks\Weekday Scan [0].job "
    - C:\Program Files\Sophos\Sophos Anti-Virus\BackgroundScanClient.exe
    "2007-04-05 03:27:01 C:\WINDOWS\Tasks\Weekday Scan.job "
    - C:\Program Files\Sophos\Sophos Anti-Virus\BackgroundScanClient.exe
    .
    **************************************************************************

    catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-10-08 12:13:12
    Windows 5.1.2600 Service Pack 2 NTFS

    掃描隱藏的程序...

    掃描隱藏的進程...

    掃描隱藏的檔案...

    掃描完成
    隱藏檔案?: 0

    **************************************************************************
    .
    完成時間?: 2007-10-08 12:14:17
    C:\ComboFix-quarantined-files.txt ... 2007-10-08 12:14
    .
    --- E O F ---
     
    ChingChingHo,
    #7
  9. 2007/10/07
    ChingChingHo

    ChingChingHo Inactive Thread Starter

    Joined:
    2007/10/06
    Messages:
    13
    Likes Received:
    0
    The HiJ log is here:
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 12:22:31, on 8/10/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16512)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exe
    C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Softex\OmniPass\Omniserv.exe
    C:\WINDOWS\system32\PMSveH.exe
    C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
    C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
    C:\Program Files\IBM ThinkVantage\Common\Scheduler\tvtsched.exe
    C:\WINDOWS\system32\PMHandler.exe
    C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\system32\tsnp2std.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\WINDOWS\vsnp2std.exe
    C:\Program Files\Softex\OmniPass\scureapp.exe
    C:\Program Files\ThinkVantage\AMSG\Amsg.exe
    C:\PROGRA~1\Lenovo\LENOVO~2\LPMGR.exe
    C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauthe.exe
    C:\Program Files\Picasa2\PicasaMediaDetector.exe
    C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
    C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
    C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
    C:\Program Files\ICQLite\ICQLite.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Sophos\AutoUpdate\ALMon.exe
    C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
    C:\Program Files\Palm\HOTSYNC.EXE
    C:\PROGRA~1\Lenovo\BLUETO~1\BTSTAC~1.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\WINDOWS\system32\conime.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    O2 - BHO: (no name) - {01B73383-3269-4B0F-B2CA-E2DF2F8A0874} - C:\WINDOWS\system32\mlljh.dll (file missing)
    O2 - BHO: ThunderBHO - {06849E9E-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_006.dll (file missing)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.2.7.dll
    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [High Definition Audio 屬性頁捷徑] HDAShCut.exe
    O4 - HKLM\..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPHKMGR.exe
    O4 - HKLM\..\Run: [TPWAUDAP] C:\Program Files\Lenovo\HOTKEY\TpWAudAp.exe
    O4 - HKLM\..\Run: [PMHandler] C:\WINDOWS\system32\PMHandler.exe
    O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\system32\tsnp2std.exe
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe
    O4 - HKLM\..\Run: [suScheduler] C:\Program Files\ThinkVantage\SystemUpdate\UCLauncher.exe /SCHEDULER
    O4 - HKLM\..\Run: [ISUSPM Startup] c:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "c:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [OmniPass] C:\Program Files\Softex\OmniPass\scureapp.exe
    O4 - HKLM\..\Run: [AMSG] C:\Program Files\ThinkVantage\AMSG\Amsg.exe
    O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\Lenovo\LENOVO~2\LPMGR.exe
    O4 - HKLM\..\Run: [cssauthe] "C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauthe.exe" silent
    O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
    O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe "
    O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
    O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
    O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [CJIMETIPSYNC] C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\CHANGJIE\CINTLCFG.EXE /CJIMETIPSync
    O4 - HKLM\..\Run: [PHIMETIPSYNC] C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\PHONETIC\TINTLCFG.EXE /PHIMETIPSync
    O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe "
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [ICQ Lite] "C:\Program Files\ICQLite\ICQLite.exe" -minimize
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Google 搜尋(&G) - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: 傳送到 &Bluetooth 裝置... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
    O8 - Extra context menu item: 反向連結 - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: 網頁的快取快照 - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: 翻譯英文字詞(&T) - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
    O8 - Extra context menu item: 類似網頁 - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
    O9 - Extra 'Tools' menuitem: IBM Java 主控台 - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
    O9 - Extra button: 參考資料 - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
    O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [JAVA_IBM] Java (IBM)
    O14 - IERESET.INF: START_PAGE_URL=http://www.lenovo.com/hk/en/
    O15 - ESC Trusted Zone: http://*.update.microsoft.com
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://chingsim.spaces.live.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://chingsim.spaces.live.com/PhotoUpload/MsnPUpld.cab
    O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
    O20 - Winlogon Notify: urqppnn - urqppnn.dll (file missing)
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Unknown owner - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe (file missing)
    O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exe
    O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
    O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
    O23 - Service: Softex OmniPass Service (omniserv) - Softex Inc. - C:\Program Files\Softex\OmniPass\Omniserv.exe
    O23 - Service: PMSveH - Lenovo - C:\WINDOWS\system32\PMSveH.exe
    O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
    O23 - Service: Sophos Anti-Virus status reporter (SAVAdminService) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
    O23 - Service: Sophos Anti-Virus (SAVService) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
    O23 - Service: Sophos AutoUpdate Service - Sophos Plc - C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
    O23 - Service: TVT Backup Service - Unknown owner - C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
    O23 - Service: TVT Scheduler - Unknown owner - C:\Program Files\IBM ThinkVantage\Common\Scheduler\tvtsched.exe
    O23 - Service: ThinkVantage System Update (UCLauncherService) - Unknown owner - C:\Program Files\ThinkVantage\SystemUpdate\UCLauncherService.exe (file missing)

    --
    End of file - 12146 bytes
     
    ChingChingHo,
    #8
  10. 2007/10/08
    Geri Lifetime Subscription

    Geri Inactive Alumni

    Joined:
    2003/03/02
    Messages:
    4,580
    Likes Received:
    7
    Hi ChingChingHo

    Please post the contents of this log.

    C:\ComboFix-quarantined-files.txt

    Thanks
    Geri
     
    Geri,
    #9
  11. 2007/10/08
    ChingChingHo

    ChingChingHo Inactive Thread Starter

    Joined:
    2007/10/06
    Messages:
    13
    Likes Received:
    0
    Here you are, thanks


    Code:
    2007-09-25 01:13      6414    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\hjllm.bak1.vir
2007-09-25 13:15      69184    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\fciilwph.dll.vir
2007-09-25 13:15      84032    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\ymxlitqy.dll.vir
2007-09-26 11:43      693499    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\yqtilxmy.ini.vir
2007-09-28 21:40      85056    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\endbjaia.dll.vir
2007-09-29 21:41      694012    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\aiajbdne.ini.vir
2007-09-29 21:43      84032    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\ratdqrio.dll.vir
2007-09-29 21:48      694081    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\oirqdtar.ini.vir
2007-10-06 00:55      69184    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\rqmpxaxg.dll.vir
2007-10-06 21:34      571695    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\hjllm.ini2.vir
2007-10-08 11:35      539797    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\hjllm.bak2.vir
2007-10-08 11:37      69184    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\oyxlosfi.dll.vir
2007-10-08 11:39      86080    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\ladlfqao.dll.vir
2007-10-08 11:44      535    --a------    C:\Qoobox\Quarantine\C\WINDOWS\cookies.ini.vir
2007-10-08 11:44      693421    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\oaqfldal.ini.vir
2007-10-08 11:59      541377    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\hjllm.ini.vir
2007-10-08 12:00      418    --a------    C:\Qoobox\Quarantine\catchme.log


列出磁碟區 IBM_PRELOAD 的資料夾 PATH
磁碟區序列號碼為 C499-CDA6
C:\QOOBOX\QUARANTINE
|   catchme.log
|   
+---C
|   \---WINDOWS
|       |   cookies.ini.vir
|       |   
|       \---system32
|               aiajbdne.ini.vir
|               endbjaia.dll.vir
|               fciilwph.dll.vir
|               hjllm.bak1.vir
|               hjllm.bak2.vir
|               hjllm.ini.vir
|               hjllm.ini2.vir
|               ladlfqao.dll.vir
|               oaqfldal.ini.vir
|               oirqdtar.ini.vir
|               oyxlosfi.dll.vir
|               ratdqrio.dll.vir
|               rqmpxaxg.dll.vir
|               ymxlitqy.dll.vir
|               yqtilxmy.ini.vir
|               
\---Registry_backups
     
    ChingChingHo,
    #10
  12. 2007/10/08
    Geri Lifetime Subscription

    Geri Inactive Alumni

    Joined:
    2003/03/02
    Messages:
    4,580
    Likes Received:
    7
    Hi ChingChingHo

    Have the pop-ups stopped?

    How are things running?

    Let me know.

    Thanks
    Geri
     
    Geri,
    #11
  13. 2007/10/09
    ChingChingHo

    ChingChingHo Inactive Thread Starter

    Joined:
    2007/10/06
    Messages:
    13
    Likes Received:
    0
    Hi Geri,

    My computer is now running faster than before and the pop up do not appear again. Everythings now seem to return normal, but I find many hiden files in my C drive, is it normal?? and the virus is removed now??
     
    ChingChingHo,
    #12
  14. 2007/10/09
    Geri Lifetime Subscription

    Geri Inactive Alumni

    Joined:
    2003/03/02
    Messages:
    4,580
    Likes Received:
    7
    Hi ChingChingHo

    The files showing in the dss scan are all legit files.

    Lets make sure you have hidden files/folders enabled, (this is recommended)
    Here is how.
    Click Start.
    Open My Computer.
    Select the Tools menu and click Folder Options.
    Select the View Tab. Under the Hidden files and folders heading select Do Not Show hidden files and folders.
    Check the Hide protected operating system files (recommended) option.
    Click Yes to confirm.
    Click OK.

    Yes, your logs are clean, We have a little clean up to do and you should be good to go.

    Please re-open HiJackThis and scan only. Check the boxes next to all the entries listed below.

    O2 - BHO: (no name) - {01B73383-3269-4B0F-B2CA-E2DF2F8A0874} - C:\WINDOWS\system32\mlljh.dll (file missing)
    O2 - BHO: ThunderBHO - {06849E9E-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_006.dll (file missing)
    O20 - Winlogon Notify: urqppnn - urqppnn.dll (file missing)

    Now close all windows other than HiJackThis, then click Fix Checked.

    Close HJT.

    You can delete any tools you were asked to download and the files/folders or logs they created, There will be newer versions if ever needed again any way.

    These tools.
    VundoFix.exe
    ComboFix.exe
    dss.exe

    These Files/Folders.
    C:\VundoFix Backups
    C:\WINDOWS\nircmd.exe
    C:\WINDOWS\system32\tmp.reg
    C:\QOOBOX
    C:\Combofix quarantine files.txt
    C:\Deckard

    Download ATF Cleaner by Atribune and save it to your Desktop.
    This is a good tool to get rid of the temporary garbage you pick up while surfing the net.
    Double click ATF-Cleaner.exe to run the program.
    Check the boxes to the left of:

    Windows Temp
    Current User Temp
    All Users Temp
    Temporary Internet Files
    Prefetch
    Java Cache
    Recycle bin

    The rest are optional - if you want it to remove everything check "Select All ".
    Finally, click Empty Selected. When you get the "Done Cleaning" message, click OK.

    Please look at this link for some preventive recommendations, It could keep you from ending up back here to the Spyware and Virus Removal Forms.
    http://www.windowsbbs.com/showthread.php?t=67958

    This would also be a good time to set a new system restore point for your machine.
    Set New System Restore Point Windows XP. - Set New System Restore Point Windows Vista
    Do not do this unless there are no other user accounts to be diagnosed.

    If there are any other user accounts on this machine, they too, must be cleaned with AdAware and Spybot S&D. Not all infections are global, nor are all fixes global.
    Log onto that user account, Run HJT and save log, post each user account here into this thread, but please, do only one at a time to avoid confusion. Please let us know that it is a different account.


    Please let me know that things are OK, and I will mark this thread Resolved.

    Surf Safely
    Geri
     
    Geri,
    #13
  15. 2007/10/10
    ChingChingHo

    ChingChingHo Inactive Thread Starter

    Joined:
    2007/10/06
    Messages:
    13
    Likes Received:
    0
    Thank you so much!!!
    There are 5 accounts in this computer, here is the HIJ log of another account:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 17:00:02, on 10/10/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16512)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exe
    C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Softex\OmniPass\Omniserv.exe
    C:\WINDOWS\system32\PMSveH.exe
    C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
    C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
    C:\Program Files\IBM ThinkVantage\Common\Scheduler\tvtsched.exe
    C:\WINDOWS\system32\PMHandler.exe
    C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\system32\PMHandler.exe
    C:\WINDOWS\system32\tsnp2std.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\WINDOWS\vsnp2std.exe
    C:\Program Files\Softex\OmniPass\scureapp.exe
    C:\Program Files\ThinkVantage\AMSG\Amsg.exe
    C:\PROGRA~1\Lenovo\LENOVO~2\LPMGR.exe
    C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauthe.exe
    C:\Program Files\Picasa2\PicasaMediaDetector.exe
    C:\Program Files\ThinkVantage\SystemUpdate\PipeServer.exe
    C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
    C:\Program Files\ThinkVantage\SystemUpdate\jre\bin\javaw.exe
    C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\ICQLite\ICQLite.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Adobe\Acrobat 7.0\Distillr\AcroDist.exe
    C:\Program Files\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\Program Files\Sophos\AutoUpdate\ALMon.exe
    C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\PROGRA~1\Lenovo\BLUETO~1\BTSTAC~1.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE

    R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.2.7.dll
    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [High Definition Audio 屬性頁捷徑] HDAShCut.exe
    O4 - HKLM\..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPHKMGR.exe
    O4 - HKLM\..\Run: [TPWAUDAP] C:\Program Files\Lenovo\HOTKEY\TpWAudAp.exe
    O4 - HKLM\..\Run: [PMHandler] C:\WINDOWS\system32\PMHandler.exe
    O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\system32\tsnp2std.exe
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe
    O4 - HKLM\..\Run: [suScheduler] C:\Program Files\ThinkVantage\SystemUpdate\UCLauncher.exe /SCHEDULER
    O4 - HKLM\..\Run: [ISUSPM Startup] c:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "c:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [OmniPass] C:\Program Files\Softex\OmniPass\scureapp.exe
    O4 - HKLM\..\Run: [AMSG] C:\Program Files\ThinkVantage\AMSG\Amsg.exe
    O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\Lenovo\LENOVO~2\LPMGR.exe
    O4 - HKLM\..\Run: [cssauthe] "C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauthe.exe" silent
    O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
    O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe "
    O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
    O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
    O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [CJIMETIPSYNC] C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\CHANGJIE\CINTLCFG.EXE /CJIMETIPSync
    O4 - HKLM\..\Run: [PHIMETIPSYNC] C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\PHONETIC\TINTLCFG.EXE /PHIMETIPSync
    O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe "
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [ICQ Lite] "C:\Program Files\ICQLite\ICQLite.exe" -minimize
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe "
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe "
    O4 - HKUS\S-1-5-19\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-21-2464516817-4094875079-1992848042-1019\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '細妹')
    O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
    O8 - Extra context menu item: &使用BitComet下載本頁視頻 - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
    O8 - Extra context menu item: &使用迅雷下載 - C:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm
    O8 - Extra context menu item: &使用迅雷下載全部鏈接 - C:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm
    O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: 使用BitComet下載全部鏈接 - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
    O8 - Extra context menu item: 使用BitComet下載鏈接(&B) - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
    O8 - Extra context menu item: 傳送到 &Bluetooth 裝置... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
    O8 - Extra context menu item: 匯出至 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
    O9 - Extra 'Tools' menuitem: IBM Java 主控台 - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
    O9 - Extra button: 參考資料 - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
    O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [JAVA_IBM] Java (IBM)
    O14 - IERESET.INF: START_PAGE_URL=http://www.lenovo.com/hk/en/
    O15 - ESC Trusted Zone: http://*.update.microsoft.com
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://chingsim.spaces.live.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://chingsim.spaces.live.com/PhotoUpload/MsnPUpld.cab
    O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Unknown owner - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe (file missing)
    O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exe
    O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
    O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
    O23 - Service: Softex OmniPass Service (omniserv) - Softex Inc. - C:\Program Files\Softex\OmniPass\Omniserv.exe
    O23 - Service: PMSveH - Lenovo - C:\WINDOWS\system32\PMSveH.exe
    O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
    O23 - Service: Sophos Anti-Virus status reporter (SAVAdminService) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
    O23 - Service: Sophos Anti-Virus (SAVService) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
    O23 - Service: Sophos AutoUpdate Service - Sophos Plc - C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
    O23 - Service: TVT Backup Service - Unknown owner - C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
    O23 - Service: TVT Scheduler - Unknown owner - C:\Program Files\IBM ThinkVantage\Common\Scheduler\tvtsched.exe
    O23 - Service: ThinkVantage System Update (UCLauncherService) - Unknown owner - C:\Program Files\ThinkVantage\SystemUpdate\UCLauncherService.exe (file missing)

    --
    End of file - 12814 bytes
     
    ChingChingHo,
    #14
  16. 2007/10/10
    Geri Lifetime Subscription

    Geri Inactive Alumni

    Joined:
    2003/03/02
    Messages:
    4,580
    Likes Received:
    7
    Hi ChingChingHo

    OK That log looks clean.

    Run HJT in that account and fix this.

    Please re-open HiJackThis and scan only. Check the boxes next to all the entries listed below.

    R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)

    Now close all windows other than HiJackThis, then click Fix Checked.

    Close HJT.

    Post the next account.

    Thanks
    Geri
     
    Geri,
    #15
  17. 2007/10/10
    ChingChingHo

    ChingChingHo Inactive Thread Starter

    Joined:
    2007/10/06
    Messages:
    13
    Likes Received:
    0
    Thanks you for your reply, here is the HIJ log:
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 1:20:00, on 11/10/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16544)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exe
    C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Softex\OmniPass\Omniserv.exe
    C:\WINDOWS\system32\PMSveH.exe
    C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
    C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
    C:\WINDOWS\system32\PMHandler.exe
    C:\Program Files\IBM ThinkVantage\Common\Scheduler\tvtsched.exe
    C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\system32\tsnp2std.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\WINDOWS\vsnp2std.exe
    C:\Program Files\Softex\OmniPass\scureapp.exe
    C:\Program Files\ThinkVantage\AMSG\Amsg.exe
    C:\PROGRA~1\Lenovo\LENOVO~2\LPMGR.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauthe.exe
    C:\Program Files\Picasa2\PicasaMediaDetector.exe
    C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
    C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
    C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
    C:\Program Files\ICQLite\ICQLite.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Adobe\Acrobat 7.0\Distillr\AcroDist.exe
    C:\Program Files\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\Program Files\Sophos\AutoUpdate\ALMon.exe
    C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
    C:\PROGRA~1\Lenovo\BLUETO~1\BTSTAC~1.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.2.7.dll
    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [High Definition Audio 屬性頁捷徑] HDAShCut.exe
    O4 - HKLM\..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPHKMGR.exe
    O4 - HKLM\..\Run: [TPWAUDAP] C:\Program Files\Lenovo\HOTKEY\TpWAudAp.exe
    O4 - HKLM\..\Run: [PMHandler] C:\WINDOWS\system32\PMHandler.exe
    O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\system32\tsnp2std.exe
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe
    O4 - HKLM\..\Run: [suScheduler] C:\Program Files\ThinkVantage\SystemUpdate\UCLauncher.exe /SCHEDULER
    O4 - HKLM\..\Run: [ISUSPM Startup] c:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "c:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [OmniPass] C:\Program Files\Softex\OmniPass\scureapp.exe
    O4 - HKLM\..\Run: [AMSG] C:\Program Files\ThinkVantage\AMSG\Amsg.exe
    O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\Lenovo\LENOVO~2\LPMGR.exe
    O4 - HKLM\..\Run: [cssauthe] "C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauthe.exe" silent
    O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
    O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe "
    O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
    O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
    O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [CJIMETIPSYNC] C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\CHANGJIE\CINTLCFG.EXE /CJIMETIPSync
    O4 - HKLM\..\Run: [PHIMETIPSYNC] C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\PHONETIC\TINTLCFG.EXE /PHIMETIPSync
    O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe "
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [ICQ Lite] "C:\Program Files\ICQLite\ICQLite.exe" -minimize
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe "
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe "
    O4 - HKUS\S-1-5-19\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
    O8 - Extra context menu item: &使用BitComet下載本頁視頻 - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
    O8 - Extra context menu item: &使用迅雷下載 - C:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm
    O8 - Extra context menu item: &使用迅雷下載全部鏈接 - C:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm
    O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: 使用BitComet下載全部鏈接 - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
    O8 - Extra context menu item: 使用BitComet下載鏈接(&B) - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
    O8 - Extra context menu item: 傳送到 &Bluetooth 裝置... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
    O8 - Extra context menu item: 匯出至 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
    O9 - Extra 'Tools' menuitem: IBM Java 主控台 - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
    O9 - Extra button: 參考資料 - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
    O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [JAVA_IBM] Java (IBM)
    O14 - IERESET.INF: START_PAGE_URL=http://www.lenovo.com/hk/en/
    O15 - ESC Trusted Zone: http://*.update.microsoft.com
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://chingsim.spaces.live.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://chingsim.spaces.live.com/PhotoUpload/MsnPUpld.cab
    O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Unknown owner - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe (file missing)
    O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exe
    O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
    O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
    O23 - Service: Softex OmniPass Service (omniserv) - Softex Inc. - C:\Program Files\Softex\OmniPass\Omniserv.exe
    O23 - Service: PMSveH - Lenovo - C:\WINDOWS\system32\PMSveH.exe
    O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
    O23 - Service: Sophos Anti-Virus status reporter (SAVAdminService) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
    O23 - Service: Sophos Anti-Virus (SAVService) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
    O23 - Service: Sophos AutoUpdate Service - Sophos Plc - C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
    O23 - Service: TVT Backup Service - Unknown owner - C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
    O23 - Service: TVT Scheduler - Unknown owner - C:\Program Files\IBM ThinkVantage\Common\Scheduler\tvtsched.exe
    O23 - Service: ThinkVantage System Update (UCLauncherService) - Unknown owner - C:\Program Files\ThinkVantage\SystemUpdate\UCLauncherService.exe (file missing)

    --
    End of file - 12506 bytes
     
    ChingChingHo,
    #16
  18. 2007/10/10
    Geri Lifetime Subscription

    Geri Inactive Alumni

    Joined:
    2003/03/02
    Messages:
    4,580
    Likes Received:
    7
    Hi ChingChingHo

    Ok I don't see anything in that account either, Looks Clean.

    Sign into the next account and post it's log.

    Thanks
    Geri
     
    Geri,
    #17
  19. 2007/10/11
    ChingChingHo

    ChingChingHo Inactive Thread Starter

    Joined:
    2007/10/06
    Messages:
    13
    Likes Received:
    0
    Thanks you, Here is the HIJ log of other user:
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 0:44:01, on 12/10/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16544)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exe
    C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Softex\OmniPass\Omniserv.exe
    C:\WINDOWS\system32\PMSveH.exe
    C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
    C:\WINDOWS\system32\PMHandler.exe
    C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
    C:\Program Files\IBM ThinkVantage\Common\Scheduler\tvtsched.exe
    C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\system32\tsnp2std.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\WINDOWS\vsnp2std.exe
    C:\Program Files\Softex\OmniPass\scureapp.exe
    C:\Program Files\ThinkVantage\AMSG\Amsg.exe
    C:\PROGRA~1\Lenovo\LENOVO~2\LPMGR.exe
    C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauthe.exe
    C:\Program Files\Picasa2\PicasaMediaDetector.exe
    C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
    C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
    C:\Program Files\ICQLite\ICQLite.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe
    C:\Program Files\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\Program Files\Sophos\AutoUpdate\ALMon.exe
    C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
    C:\PROGRA~1\Lenovo\BLUETO~1\BTSTAC~1.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.2.7.dll
    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [High Definition Audio 屬性頁捷徑] HDAShCut.exe
    O4 - HKLM\..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPHKMGR.exe
    O4 - HKLM\..\Run: [TPWAUDAP] C:\Program Files\Lenovo\HOTKEY\TpWAudAp.exe
    O4 - HKLM\..\Run: [PMHandler] C:\WINDOWS\system32\PMHandler.exe
    O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\system32\tsnp2std.exe
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe
    O4 - HKLM\..\Run: [suScheduler] C:\Program Files\ThinkVantage\SystemUpdate\UCLauncher.exe /SCHEDULER
    O4 - HKLM\..\Run: [ISUSPM Startup] c:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "c:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [OmniPass] C:\Program Files\Softex\OmniPass\scureapp.exe
    O4 - HKLM\..\Run: [AMSG] C:\Program Files\ThinkVantage\AMSG\Amsg.exe
    O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\Lenovo\LENOVO~2\LPMGR.exe
    O4 - HKLM\..\Run: [cssauthe] "C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauthe.exe" silent
    O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
    O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe "
    O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
    O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
    O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [CJIMETIPSYNC] C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\CHANGJIE\CINTLCFG.EXE /CJIMETIPSync
    O4 - HKLM\..\Run: [PHIMETIPSYNC] C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\PHONETIC\TINTLCFG.EXE /PHIMETIPSync
    O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe "
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [ICQ Lite] "C:\Program Files\ICQLite\ICQLite.exe" -minimize
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" AcPro7_0_7
    O4 - HKUS\S-1-5-19\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: &使用BitComet下載本頁視頻 - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
    O8 - Extra context menu item: &使用迅雷下載 - C:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm
    O8 - Extra context menu item: &使用迅雷下載全部鏈接 - C:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm
    O8 - Extra context menu item: Google 搜尋(&G) - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: 使用BitComet下載全部鏈接 - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
    O8 - Extra context menu item: 使用BitComet下載鏈接(&B) - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
    O8 - Extra context menu item: 傳送到 &Bluetooth 裝置... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
    O8 - Extra context menu item: 匯出至 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: 反向連結 - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: 妏蚚Web捃濘狟婥 - C:\Program Files\Thunder Network\WebThunder\GetUrl.htm
    O8 - Extra context menu item: 妏蚚Web捃濘狟婥窒蟈諉 - C:\Program Files\Thunder Network\WebThunder\GetAllUrl.htm
    O8 - Extra context menu item: 網頁的快取快照 - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: 翻譯英文字詞(&T) - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
    O8 - Extra context menu item: 轉換到現有 PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: 轉換為 Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: 轉換連結目標到現有 PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: 轉換連結目標為 Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: 轉換選定的連結到現有 PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: 轉換選定的連結為 Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: 轉換選擇內容到現有 PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: 轉換選擇內容為 Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: 類似網頁 - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
    O9 - Extra 'Tools' menuitem: IBM Java 主控台 - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
    O9 - Extra button: 參考資料 - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
    O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [JAVA_IBM] Java (IBM)
    O14 - IERESET.INF: START_PAGE_URL=http://www.lenovo.com/hk/en/
    O15 - ESC Trusted Zone: http://*.update.microsoft.com
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://chingsim.spaces.live.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://chingsim.spaces.live.com/PhotoUpload/MsnPUpld.cab
    O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Unknown owner - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe (file missing)
    O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exe
    O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
    O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
    O23 - Service: Softex OmniPass Service (omniserv) - Softex Inc. - C:\Program Files\Softex\OmniPass\Omniserv.exe
    O23 - Service: PMSveH - Lenovo - C:\WINDOWS\system32\PMSveH.exe
    O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
    O23 - Service: Sophos Anti-Virus status reporter (SAVAdminService) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
    O23 - Service: Sophos Anti-Virus (SAVService) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
    O23 - Service: Sophos AutoUpdate Service - Sophos Plc - C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
    O23 - Service: TVT Backup Service - Unknown owner - C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
    O23 - Service: TVT Scheduler - Unknown owner - C:\Program Files\IBM ThinkVantage\Common\Scheduler\tvtsched.exe
    O23 - Service: ThinkVantage System Update (UCLauncherService) - Unknown owner - C:\Program Files\ThinkVantage\SystemUpdate\UCLauncherService.exe (file missing)

    --
    End of file - 12924 bytes
     
    ChingChingHo,
    #18
  20. 2007/10/11
    Geri Lifetime Subscription

    Geri Inactive Alumni

    Joined:
    2003/03/02
    Messages:
    4,580
    Likes Received:
    7
    Hi ChingChingHo

    OK That one looks clean also.


    Run HJT in that account and fix this.

    Please re-open HiJackThis and scan only. Check the boxes next to all the entries listed below.

    R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)

    Now close all windows other than HiJackThis, then click Fix Checked.

    Close HJT.

    Post the other account.
    How many more are left?

    Geri
     
    Geri,
    #19
  21. 2007/10/12
    ChingChingHo

    ChingChingHo Inactive Thread Starter

    Joined:
    2007/10/06
    Messages:
    13
    Likes Received:
    0
    Thanks you so much, I still have 2 accounts. Here is th HIJ log of one account:
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 11:11:01, on 13/10/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16544)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exe
    C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Softex\OmniPass\Omniserv.exe
    C:\WINDOWS\system32\PMSveH.exe
    C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
    C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\PMHandler.exe
    C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
    C:\Program Files\IBM ThinkVantage\Common\Scheduler\tvtsched.exe
    C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\system32\PMHandler.exe
    C:\WINDOWS\system32\tsnp2std.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\WINDOWS\vsnp2std.exe
    C:\Program Files\Softex\OmniPass\scureapp.exe
    C:\Program Files\ThinkVantage\AMSG\Amsg.exe
    C:\PROGRA~1\Lenovo\LENOVO~2\LPMGR.exe
    C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauthe.exe
    C:\Program Files\Picasa2\PicasaMediaDetector.exe
    C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
    C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
    C:\Program Files\Adobe\Acrobat 7.0\Distillr\AcroDist.exe
    C:\Program Files\ICQLite\ICQLite.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\Program Files\Sophos\AutoUpdate\ALMon.exe
    C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
    C:\PROGRA~1\Lenovo\BLUETO~1\BTSTAC~1.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.2.7.dll
    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [High Definition Audio 屬性頁捷徑] HDAShCut.exe
    O4 - HKLM\..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPHKMGR.exe
    O4 - HKLM\..\Run: [TPWAUDAP] C:\Program Files\Lenovo\HOTKEY\TpWAudAp.exe
    O4 - HKLM\..\Run: [PMHandler] C:\WINDOWS\system32\PMHandler.exe
    O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\system32\tsnp2std.exe
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe
    O4 - HKLM\..\Run: [suScheduler] C:\Program Files\ThinkVantage\SystemUpdate\UCLauncher.exe /SCHEDULER
    O4 - HKLM\..\Run: [ISUSPM Startup] c:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "c:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [OmniPass] C:\Program Files\Softex\OmniPass\scureapp.exe
    O4 - HKLM\..\Run: [AMSG] C:\Program Files\ThinkVantage\AMSG\Amsg.exe
    O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\Lenovo\LENOVO~2\LPMGR.exe
    O4 - HKLM\..\Run: [cssauthe] "C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauthe.exe" silent
    O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
    O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe "
    O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
    O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
    O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [CJIMETIPSYNC] C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\CHANGJIE\CINTLCFG.EXE /CJIMETIPSync
    O4 - HKLM\..\Run: [PHIMETIPSYNC] C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\PHONETIC\TINTLCFG.EXE /PHIMETIPSync
    O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe "
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [ICQ Lite] "C:\Program Files\ICQLite\ICQLite.exe" -minimize
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe "
    O4 - HKUS\S-1-5-19\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-21-2464516817-4094875079-1992848042-1010\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'd')
    O4 - HKUS\S-1-5-21-2464516817-4094875079-1992848042-1010\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" AcPro7_0_7 (User 'd')
    O4 - HKUS\S-1-5-21-2464516817-4094875079-1992848042-1019\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '細妹')
    O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
    O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: 傳送到 &Bluetooth 裝置... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
    O8 - Extra context menu item: 匯出至 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
    O9 - Extra 'Tools' menuitem: IBM Java 主控台 - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
    O9 - Extra button: 參考資料 - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
    O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [JAVA_IBM] Java (IBM)
    O14 - IERESET.INF: START_PAGE_URL=http://www.lenovo.com/hk/en/
    O15 - ESC Trusted Zone: http://*.update.microsoft.com
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://chingsim.spaces.live.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://chingsim.spaces.live.com/PhotoUpload/MsnPUpld.cab
    O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Unknown owner - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe (file missing)
    O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exe
    O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
    O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
    O23 - Service: Softex OmniPass Service (omniserv) - Softex Inc. - C:\Program Files\Softex\OmniPass\Omniserv.exe
    O23 - Service: PMSveH - Lenovo - C:\WINDOWS\system32\PMSveH.exe
    O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
    O23 - Service: Sophos Anti-Virus status reporter (SAVAdminService) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
    O23 - Service: Sophos Anti-Virus (SAVService) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
    O23 - Service: Sophos AutoUpdate Service - Sophos Plc - C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
    O23 - Service: TVT Backup Service - Unknown owner - C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
    O23 - Service: TVT Scheduler - Unknown owner - C:\Program Files\IBM ThinkVantage\Common\Scheduler\tvtsched.exe
    O23 - Service: ThinkVantage System Update (UCLauncherService) - Unknown owner - C:\Program Files\ThinkVantage\SystemUpdate\UCLauncherService.exe (file missing)

    --
    End of file - 12439 bytes
     
    ChingChingHo,
    #20
Page 1 of 2

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...