Sign In
Create Account
0
Hello
About a few days ago, I noticed that my computer was slower than usual. So I scanned the computer using Spybot and it found 31 entries of Virtumonde.sdn. Also, Malwarebytes doesn't show the virus.
Please help me!
Thank you very much!
btw, when I scanned using spybot again, there was no more files infected with Virtumonde.sdn.
Logs:
Malwarebytes:
Malwarebytes' Anti-Malware 1.38
Database version: 2306
Windows 5.1.2600 Service Pack 2
2009-6-19 11:57:06
mbam-log-2009-06-19 (11-57-06).txt
Scan type: Quick Scan
Objects scanned: 119748
Time elapsed: 19 minute(s), 43 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
______________________________________________________
HJT Log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:57:49, on 2009-6-19
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Rising\Rav\CCENTER.EXE
C:\Program Files\Rising\Rfw\CCENTER.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Rising\Rav\RavTask.exe
C:\Program Files\Rising\Rfw\RavTask.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Rising\Rfw\rfwsrv.exe
C:\Program Files\Rising\Rav\RavMonD.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Rising\Rav\rsnetsvr.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Rising\Rav\ScanFrm.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Rising\Rav\RsTray.exe
C:\Program Files\Rising\Rfw\RsTray.exe
C:\Program Files\Vimicro Corporation\VMUVC\VMonitor.exe
C:\Program Files\AirPort\APAgent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Windows Live 登录帮助程序 - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: 卡卡上网安全助手 - {98B7C13A-E9CD-4959-8B46-FBEAB41E42A8} - C:\WINDOWS\system32\UrlFilter.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [EPSON Stylus Photo R310 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3F2.EXE /P30 "EPSON Stylus Photo R310 Series" /O6 "USB001" /M "Stylus Photo R310"
O4 - HKLM\..\Run: [runeip] "C:\Program Files\Rising\AntiSpyware\rstray.exe" /startup
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [RavTray] "C:\Program Files\Rising\Rav\RsTray.exe" -system
O4 - HKLM\..\Run: [RFWTray] "C:\Program Files\Rising\Rfw\RsTray.exe" -system
O4 - HKLM\..\Run: [VMonitorVMUVC] "C:\Program Files\Vimicro Corporation\VMUVC\VMonitor.exe" VMUVC
O4 - HKLM\..\Run: [AirPort Base Station Agent] "C:\Program Files\AirPort\APAgent.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\RunOnce: [KKDelay] C:\Program Files\Rising\AntiSpyware\RunOnce.exe
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKLM\..\RunOnce: [SpybotDeletingA2876] command.com /c del "C:\WINDOWS\system32\_004359_.tmp.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3621] cmd.exe /c del "C:\WINDOWS\system32\_004359_.tmp.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA9183] command.com /c del "C:\WINDOWS\system32\_004360_.tmp.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC1941] cmd.exe /c del "C:\WINDOWS\system32\_004360_.tmp.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA8786] command.com /c del "C:\WINDOWS\system32\_004361_.tmp.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC950] cmd.exe /c del "C:\WINDOWS\system32\_004361_.tmp.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA4039] command.com /c del "C:\WINDOWS\system32\_004362_.tmp.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC2026] cmd.exe /c del "C:\WINDOWS\system32\_004362_.tmp.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA2113] command.com /c del "C:\WINDOWS\system32\_004369_.tmp.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC2792] cmd.exe /c del "C:\WINDOWS\system32\_004369_.tmp.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA1798] command.com /c del "C:\WINDOWS\system32\_004371_.tmp.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC8721] cmd.exe /c del "C:\WINDOWS\system32\_004371_.tmp.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA1514] command.com /c del "C:\WINDOWS\system32\_004372_.tmp.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC1876] cmd.exe /c del "C:\WINDOWS\system32\_004372_.tmp.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA5671] command.com /c del "C:\WINDOWS\system32\_004375_.tmp.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3966] cmd.exe /c del "C:\WINDOWS\system32\_004375_.tmp.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA1216] command.com /c del "C:\WINDOWS\system32\_004376_.tmp.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC4512] cmd.exe /c del "C:\WINDOWS\system32\_004376_.tmp.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA1788] command.com /c del "C:\WINDOWS\system32\_004378_.tmp.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC2395] cmd.exe /c del "C:\WINDOWS\system32\_004378_.tmp.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA9579] command.com /c del "C:\WINDOWS\system32\_004379_.tmp.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC8819] cmd.exe /c del "C:\WINDOWS\system32\_004379_.tmp.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA8987] command.com /c del "C:\WINDOWS\system32\_004382_.tmp.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC6182] cmd.exe /c del "C:\WINDOWS\system32\_004382_.tmp.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA9270] command.com /c del "C:\WINDOWS\system32\_004383_.tmp.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC7428] cmd.exe /c del "C:\WINDOWS\system32\_004383_.tmp.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA464] command.com /c del "C:\WINDOWS\system32\_004385_.tmp.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC9868] cmd.exe /c del "C:\WINDOWS\system32\_004385_.tmp.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA4447] command.com /c del "C:\WINDOWS\system32\_004388_.tmp.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC8228] cmd.exe /c del "C:\WINDOWS\system32\_004388_.tmp.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA6271] command.com /c del "C:\WINDOWS\system32\_004389_.tmp.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC2143] cmd.exe /c del "C:\WINDOWS\system32\_004389_.tmp.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA7880] command.com /c del "C:\WINDOWS\system32\_004394_.tmp.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC2917] cmd.exe /c del "C:\WINDOWS\system32\_004394_.tmp.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA5786] command.com /c del "C:\WINDOWS\system32\_004396_.tmp.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC2299] cmd.exe /c del "C:\WINDOWS\system32\_004396_.tmp.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA2016] command.com /c del "C:\WINDOWS\system32\_004398_.tmp.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC1655] cmd.exe /c del "C:\WINDOWS\system32\_004398_.tmp.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA5356] command.com /c del "C:\WINDOWS\system32\_004399_.tmp.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC6040] cmd.exe /c del "C:\WINDOWS\system32\_004399_.tmp.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA5519] command.com /c del "C:\WINDOWS\system32\_004401_.tmp.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC9643] cmd.exe /c del "C:\WINDOWS\system32\_004401_.tmp.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA1106] command.com /c del "C:\WINDOWS\system32\_004403_.tmp.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC4067] cmd.exe /c del "C:\WINDOWS\system32\_004403_.tmp.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA6844] command.com /c del "C:\WINDOWS\system32\_004404_.tmp.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3889] cmd.exe /c del "C:\WINDOWS\system32\_004404_.tmp.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA680] command.com /c del "C:\WINDOWS\system32\_004405_.tmp.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC1483] cmd.exe /c del "C:\WINDOWS\system32\_004405_.tmp.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA3750] command.com /c del "C:\WINDOWS\system32\_004408_.tmp.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC1565] cmd.exe /c del "C:\WINDOWS\system32\_004408_.tmp.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA561] command.com /c del "C:\WINDOWS\system32\_004409_.tmp.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC30] cmd.exe /c del "C:\WINDOWS\system32\_004409_.tmp.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA6748] command.com /c del "C:\WINDOWS\system32\_004410_.tmp.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC7622] cmd.exe /c del "C:\WINDOWS\system32\_004410_.tmp.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA8121] command.com /c del "C:\WINDOWS\system32\_004411_.tmp.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC9052] cmd.exe /c del "C:\WINDOWS\system32\_004411_.tmp.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA7789] command.com /c del "C:\WINDOWS\system32\_004412_.tmp.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC4266] cmd.exe /c del "C:\WINDOWS\system32\_004412_.tmp.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA7505] command.com /c del "C:\WINDOWS\system32\_004417_.tmp.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC106] cmd.exe /c del "C:\WINDOWS\system32\_004417_.tmp.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA512] command.com /c del "C:\WINDOWS\system32\_004419_.tmp.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3492] cmd.exe /c del "C:\WINDOWS\system32\_004419_.tmp.dll"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [EPSON Stylus Photo R310 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3F2.EXE /P30 "EPSON Stylus Photo R310 Series" /M "Stylus Photo R310" /EF "HKCU"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup
O4 - HKCU\..\RunOnce: [SpybotDeletingB1712] command.com /c del "C:\WINDOWS\system32\_004359_.tmp.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1863] cmd.exe /c del "C:\WINDOWS\system32\_004359_.tmp.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB7683] command.com /c del "C:\WINDOWS\system32\_004360_.tmp.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD7134] cmd.exe /c del "C:\WINDOWS\system32\_004360_.tmp.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB9712] command.com /c del "C:\WINDOWS\system32\_004361_.tmp.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD5457] cmd.exe /c del "C:\WINDOWS\system32\_004361_.tmp.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB7614] command.com /c del "C:\WINDOWS\system32\_004362_.tmp.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD8082] cmd.exe /c del "C:\WINDOWS\system32\_004362_.tmp.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB1194] command.com /c del "C:\WINDOWS\system32\_004369_.tmp.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD7813] cmd.exe /c del "C:\WINDOWS\system32\_004369_.tmp.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB5518] command.com /c del "C:\WINDOWS\system32\_004371_.tmp.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD5695] cmd.exe /c del "C:\WINDOWS\system32\_004371_.tmp.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB62] command.com /c del "C:\WINDOWS\system32\_004372_.tmp.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD4170] cmd.exe /c del "C:\WINDOWS\system32\_004372_.tmp.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB3798] command.com /c del "C:\WINDOWS\system32\_004375_.tmp.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD4919] cmd.exe /c del "C:\WINDOWS\system32\_004375_.tmp.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB8812] command.com /c del "C:\WINDOWS\system32\_004376_.tmp.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD7676] cmd.exe /c del "C:\WINDOWS\system32\_004376_.tmp.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB5541] command.com /c del "C:\WINDOWS\system32\_004378_.tmp.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD5299] cmd.exe /c del "C:\WINDOWS\system32\_004378_.tmp.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB849] command.com /c del "C:\WINDOWS\system32\_004379_.tmp.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD2452] cmd.exe /c del "C:\WINDOWS\system32\_004379_.tmp.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB6208] command.com /c del "C:\WINDOWS\system32\_004382_.tmp.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9498] cmd.exe /c del "C:\WINDOWS\system32\_004382_.tmp.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB3739] command.com /c del "C:\WINDOWS\system32\_004383_.tmp.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD3692] cmd.exe /c del "C:\WINDOWS\system32\_004383_.tmp.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB4792] command.com /c del "C:\WINDOWS\system32\_004385_.tmp.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD5636] cmd.exe /c del "C:\WINDOWS\system32\_004385_.tmp.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB8877] command.com /c del "C:\WINDOWS\system32\_004388_.tmp.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9886] cmd.exe /c del "C:\WINDOWS\system32\_004388_.tmp.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB6325] command.com /c del "C:\WINDOWS\system32\_004389_.tmp.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD3055] cmd.exe /c del "C:\WINDOWS\system32\_004389_.tmp.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB8261] command.com /c del "C:\WINDOWS\system32\_004394_.tmp.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD8139] cmd.exe /c del "C:\WINDOWS\system32\_004394_.tmp.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB8553] command.com /c del "C:\WINDOWS\system32\_004396_.tmp.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD250] cmd.exe /c del "C:\WINDOWS\system32\_004396_.tmp.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB1340] command.com /c del "C:\WINDOWS\system32\_004398_.tmp.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD7691] cmd.exe /c del "C:\WINDOWS\system32\_004398_.tmp.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB4998] command.com /c del "C:\WINDOWS\system32\_004399_.tmp.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD4176] cmd.exe /c del "C:\WINDOWS\system32\_004399_.tmp.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB5428] command.com /c del "C:\WINDOWS\system32\_004401_.tmp.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD6343] cmd.exe /c del "C:\WINDOWS\system32\_004401_.tmp.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB1961] command.com /c del "C:\WINDOWS\system32\_004403_.tmp.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD6095] cmd.exe /c del "C:\WINDOWS\system32\_004403_.tmp.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB626] command.com /c del "C:\WINDOWS\system32\_004404_.tmp.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD803] cmd.exe /c del "C:\WINDOWS\system32\_004404_.tmp.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB358] command.com /c del "C:\WINDOWS\system32\_004405_.tmp.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9265] cmd.exe /c del "C:\WINDOWS\system32\_004405_.tmp.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB5319] command.com /c del "C:\WINDOWS\system32\_004408_.tmp.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9737] cmd.exe /c del "C:\WINDOWS\system32\_004408_.tmp.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB7035] command.com /c del "C:\WINDOWS\system32\_004409_.tmp.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD4421] cmd.exe /c del "C:\WINDOWS\system32\_004409_.tmp.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB4379] command.com /c del "C:\WINDOWS\system32\_004410_.tmp.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD5864] cmd.exe /c del "C:\WINDOWS\system32\_004410_.tmp.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB2507] command.com /c del "C:\WINDOWS\system32\_004411_.tmp.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD6749] cmd.exe /c del "C:\WINDOWS\system32\_004411_.tmp.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB3339] command.com /c del "C:\WINDOWS\system32\_004412_.tmp.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD8545] cmd.exe /c del "C:\WINDOWS\system32\_004412_.tmp.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB3155] command.com /c del "C:\WINDOWS\system32\_004417_.tmp.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD4594] cmd.exe /c del "C:\WINDOWS\system32\_004417_.tmp.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB5529] command.com /c del "C:\WINDOWS\system32\_004419_.tmp.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD8084] cmd.exe /c del "C:\WINDOWS\system32\_004419_.tmp.dll"
O4 - HKUS\S-1-5-21-57989841-1303643608-682003330-1006\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Josephine Kwong')
O4 - HKUS\S-1-5-21-57989841-1303643608-682003330-1006\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Josephine Kwong')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\speedb~1\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\speedb~1\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\speedb~1\sblsp.dll
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) -
O16 - DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} (Microsoft Genuine Advantage Self Support Tool) -
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: kmon.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour 服务 (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Inkjet Printer/Scanner Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: iPod 服务 (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: Rav Process Communication Center (RavCCenter) - Beijing Rising Information Technology Co., Ltd. - C:\Program Files\Rising\Rav\CCENTER.EXE
O23 - Service: Rising RavTask Manager (RavTask) - Beijing Rising Information Technology Co., Ltd. - C:\Program Files\Rising\Rav\RavTask.exe
O23 - Service: Rfw Process Communication Center (RfwCCenter) - Beijing Rising Information Technology Co., Ltd. - C:\Program Files\Rising\Rfw\CCENTER.EXE
O23 - Service: Rising Personal Firewall Service (RfwService) - Beijing Rising Information Technology Co., Ltd. - C:\Program Files\Rising\Rfw\rfwsrv.exe
O23 - Service: Rising RfwTask Manager (RfwTask) - Beijing Rising Information Technology Co., Ltd. - C:\Program Files\Rising\Rfw\RavTask.exe
O23 - Service: Rising RealTime Monitor (RsRavMon) - Beijing Rising Information Technology Co., Ltd. - C:\Program Files\Rising\Rav\RavMonD.exe
O23 - Service: Rising Scan Service (RsScanSrv) - Beijing Rising Information Technology Co., Ltd. - C:\Program Files\Rising\Rav\ScanFrm.exe
O23 - Service: VideoAcceleratorService - Speedbit Ltd. - C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe
--
End of file - 21935 bytes
-
This topic is locked
Back to top
#2
Posted 19 June 2009 - 12:15 PM
-
- Administrators
-
- 7,127 posts
Forum Deity
- Gender:Female
- Location:Belgium
Hi,
Please disable your Winpatrol and allow Spybot to deal with the entries after reboot. Because I have the feeling that Winpatrol is interfering here with Spybot after reboot.
Then post a new HijackThislog in your next reply.
Please disable your Winpatrol and allow Spybot to deal with the entries after reboot. Because I have the feeling that Winpatrol is interfering here with Spybot after reboot.
Then post a new HijackThislog in your next reply.
#3
Posted 19 June 2009 - 02:02 PM
-
- Members
-
- 15 posts
New Member
Ok, I didn't know how to disable WinPatrol, so I uninstalled it.
Also, when I restarted the computer after the Spybot scan, the command prompt kept on running and closing for about 30 seconds. So I think you're right that WinPatrol is interfering with Spybot.
Thanks!
HJT:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:58:48, on 2009-6-19
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Rising\Rav\CCENTER.EXE
C:\Program Files\Rising\Rfw\CCENTER.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Rising\Rav\RavTask.exe
C:\Program Files\Rising\Rfw\RavTask.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Rising\Rav\rsnetsvr.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe
C:\WINDOWS\system32\conime.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Rising\AntiSpyware\rstray.exe
C:\Program Files\Rising\Rav\RsTray.exe
C:\Program Files\Rising\Rfw\RsTray.exe
C:\Program Files\Vimicro Corporation\VMUVC\VMonitor.exe
C:\Program Files\AirPort\APAgent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Rising\Rav\CopyRun\RavCopy.exe
C:\PROGRAM FILES\RISING\RAV\Update\Setup.exe
C:\Program Files\Rising\Rav\RavMonD.exe
C:\Program Files\Rising\Rfw\rfwsrv.exe
C:\Program Files\FirstClass\fcc32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Windows Live 登录帮助程序 - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: 卡卡上网安全助手 - {98B7C13A-E9CD-4959-8B46-FBEAB41E42A8} - C:\WINDOWS\system32\UrlFilter.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [EPSON Stylus Photo R310 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3F2.EXE /P30 "EPSON Stylus Photo R310 Series" /O6 "USB001" /M "Stylus Photo R310"
O4 - HKLM\..\Run: [runeip] "C:\Program Files\Rising\AntiSpyware\rstray.exe" /startup
O4 - HKLM\..\Run: [RavTray] "C:\Program Files\Rising\Rav\RsTray.exe" -system
O4 - HKLM\..\Run: [RFWTray] "C:\Program Files\Rising\Rfw\RsTray.exe" -system
O4 - HKLM\..\Run: [VMonitorVMUVC] "C:\Program Files\Vimicro Corporation\VMUVC\VMonitor.exe" VMUVC
O4 - HKLM\..\Run: [AirPort Base Station Agent] "C:\Program Files\AirPort\APAgent.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\RunOnce: [KKDelay] C:\Program Files\Rising\AntiSpyware\RunOnce.exe
O4 - HKLM\..\RunOnce: [Rav] "C:\Program Files\Rising\Rav\Update\Setup.exe" /UPDATE /S /ONCE
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [EPSON Stylus Photo R310 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3F2.EXE /P30 "EPSON Stylus Photo R310 Series" /M "Stylus Photo R310" /EF "HKCU"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\speedb~1\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\speedb~1\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\speedb~1\sblsp.dll
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) -
O16 - DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} (Microsoft Genuine Advantage Self Support Tool) -
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: kmon.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour 服务 (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Inkjet Printer/Scanner Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: iPod 服务 (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: Rav Process Communication Center (RavCCenter) - Beijing Rising Information Technology Co., Ltd. - C:\Program Files\Rising\Rav\CCENTER.EXE
O23 - Service: Rising RavTask Manager (RavTask) - Beijing Rising Information Technology Co., Ltd. - C:\Program Files\Rising\Rav\RavTask.exe
O23 - Service: Rfw Process Communication Center (RfwCCenter) - Beijing Rising Information Technology Co., Ltd. - C:\Program Files\Rising\Rfw\CCENTER.EXE
O23 - Service: Rising Personal Firewall Service (RfwService) - Beijing Rising Information Technology Co., Ltd. - C:\Program Files\Rising\Rfw\rfwsrv.exe
O23 - Service: Rising RfwTask Manager (RfwTask) - Beijing Rising Information Technology Co., Ltd. - C:\Program Files\Rising\Rfw\RavTask.exe
O23 - Service: Rising RealTime Monitor (RsRavMon) - Beijing Rising Information Technology Co., Ltd. - C:\Program Files\Rising\Rav\RavMonD.exe
O23 - Service: Rising Scan Service (RsScanSrv) - Beijing Rising Information Technology Co., Ltd. - C:\Program Files\Rising\Rav\ScanFrm.exe
O23 - Service: VideoAcceleratorService - Speedbit Ltd. - C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe
--
End of file - 8979 bytes
Also, when I restarted the computer after the Spybot scan, the command prompt kept on running and closing for about 30 seconds. So I think you're right that WinPatrol is interfering with Spybot.
Thanks!
HJT:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:58:48, on 2009-6-19
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Rising\Rav\CCENTER.EXE
C:\Program Files\Rising\Rfw\CCENTER.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Rising\Rav\RavTask.exe
C:\Program Files\Rising\Rfw\RavTask.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Rising\Rav\rsnetsvr.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe
C:\WINDOWS\system32\conime.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Rising\AntiSpyware\rstray.exe
C:\Program Files\Rising\Rav\RsTray.exe
C:\Program Files\Rising\Rfw\RsTray.exe
C:\Program Files\Vimicro Corporation\VMUVC\VMonitor.exe
C:\Program Files\AirPort\APAgent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Rising\Rav\CopyRun\RavCopy.exe
C:\PROGRAM FILES\RISING\RAV\Update\Setup.exe
C:\Program Files\Rising\Rav\RavMonD.exe
C:\Program Files\Rising\Rfw\rfwsrv.exe
C:\Program Files\FirstClass\fcc32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Windows Live 登录帮助程序 - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: 卡卡上网安全助手 - {98B7C13A-E9CD-4959-8B46-FBEAB41E42A8} - C:\WINDOWS\system32\UrlFilter.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [EPSON Stylus Photo R310 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3F2.EXE /P30 "EPSON Stylus Photo R310 Series" /O6 "USB001" /M "Stylus Photo R310"
O4 - HKLM\..\Run: [runeip] "C:\Program Files\Rising\AntiSpyware\rstray.exe" /startup
O4 - HKLM\..\Run: [RavTray] "C:\Program Files\Rising\Rav\RsTray.exe" -system
O4 - HKLM\..\Run: [RFWTray] "C:\Program Files\Rising\Rfw\RsTray.exe" -system
O4 - HKLM\..\Run: [VMonitorVMUVC] "C:\Program Files\Vimicro Corporation\VMUVC\VMonitor.exe" VMUVC
O4 - HKLM\..\Run: [AirPort Base Station Agent] "C:\Program Files\AirPort\APAgent.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\RunOnce: [KKDelay] C:\Program Files\Rising\AntiSpyware\RunOnce.exe
O4 - HKLM\..\RunOnce: [Rav] "C:\Program Files\Rising\Rav\Update\Setup.exe" /UPDATE /S /ONCE
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [EPSON Stylus Photo R310 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3F2.EXE /P30 "EPSON Stylus Photo R310 Series" /M "Stylus Photo R310" /EF "HKCU"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\speedb~1\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\speedb~1\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\speedb~1\sblsp.dll
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) -
O16 - DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} (Microsoft Genuine Advantage Self Support Tool) -
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: kmon.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour 服务 (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Inkjet Printer/Scanner Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: iPod 服务 (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: Rav Process Communication Center (RavCCenter) - Beijing Rising Information Technology Co., Ltd. - C:\Program Files\Rising\Rav\CCENTER.EXE
O23 - Service: Rising RavTask Manager (RavTask) - Beijing Rising Information Technology Co., Ltd. - C:\Program Files\Rising\Rav\RavTask.exe
O23 - Service: Rfw Process Communication Center (RfwCCenter) - Beijing Rising Information Technology Co., Ltd. - C:\Program Files\Rising\Rfw\CCENTER.EXE
O23 - Service: Rising Personal Firewall Service (RfwService) - Beijing Rising Information Technology Co., Ltd. - C:\Program Files\Rising\Rfw\rfwsrv.exe
O23 - Service: Rising RfwTask Manager (RfwTask) - Beijing Rising Information Technology Co., Ltd. - C:\Program Files\Rising\Rfw\RavTask.exe
O23 - Service: Rising RealTime Monitor (RsRavMon) - Beijing Rising Information Technology Co., Ltd. - C:\Program Files\Rising\Rav\RavMonD.exe
O23 - Service: Rising Scan Service (RsScanSrv) - Beijing Rising Information Technology Co., Ltd. - C:\Program Files\Rising\Rav\ScanFrm.exe
O23 - Service: VideoAcceleratorService - Speedbit Ltd. - C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe
--
End of file - 8979 bytes
#4
Posted 19 June 2009 - 02:11 PM
-
- Administrators
-
- 7,127 posts
Forum Deity
- Gender:Female
- Location:Belgium
Hi,
Are you still having problems now?
It's just that you didn't allow Spybot runonce deletion in your Winpatrol - so that explains why you got those all the time.
Are you still having problems now?
It's just that you didn't allow Spybot runonce deletion in your Winpatrol - so that explains why you got those all the time.
#5
Posted 19 June 2009 - 02:38 PM
-
- Members
-
- 15 posts
New Member
Hello,
I don't think there's any problem right now since Spybot and Malwarebytes doesn't show any signs of infection. I'm still not sure, but I definitely think my computer is faster before the computer got infected.
Thanks.
I don't think there's any problem right now since Spybot and Malwarebytes doesn't show any signs of infection. I'm still not sure, but I definitely think my computer is faster before the computer got infected.
Thanks.
#6
Posted 19 June 2009 - 02:42 PM
-
- Administrators
-
- 7,127 posts
Forum Deity
- Gender:Female
- Location:Belgium
Hi,
Well I can't see anything suspicious anymore though. Please read my Prevention page with lots of info and tips how to prevent this in the future.
And if you want to improve speed/system performance after malware removal, take a look here.
Extra note: Make sure your programs are up to date - because older versions may contain Security Leaks. To find out what programs need to be updated, please run the Secunia Software Inspector Scan.
Happy Surfing again!
Well I can't see anything suspicious anymore though. Please read my Prevention page with lots of info and tips how to prevent this in the future.
And if you want to improve speed/system performance after malware removal, take a look here.
Extra note: Make sure your programs are up to date - because older versions may contain Security Leaks. To find out what programs need to be updated, please run the Secunia Software Inspector Scan.
Happy Surfing again!
#7
Posted 20 June 2009 - 03:42 AM
-
- Members
-
- 15 posts
New Member
Thanks again!
But I have another problem. Whenever I try to install the Java Applet, the installer won't let me install it...
But I have another problem. Whenever I try to install the Java Applet, the installer won't let me install it...
#8
Posted 20 June 2009 - 07:54 AM
-
- Administrators
-
- 7,127 posts
Forum Deity
- Gender:Female
- Location:Belgium
Quote
Whenever I try to install the Java Applet, the installer won't let me install it...
Can you try the offline installer?
http://javadl.sun.co...?BundleId=31620
#9
Posted 20 June 2009 - 01:39 PM
-
- Members
-
- 15 posts
New Member
No, the offline installer doesn't work too... The error says that before the installer finished, it was disconnected. it needs to be installed in another time. I translated the Chinese words to English, so it's not that accurate.
#10
Posted 20 June 2009 - 02:02 PM
-
- Administrators
-
- 7,127 posts
Forum Deity
- Gender:Female
- Location:Belgium
The offline installer should work though, because it doesn't need Internet connection once you've downloaded it.
Unless we are on a different page here and you mean you have this error while you are downloading the installer and not while installing it.
In that case, please disable your Antivirus / Firewall since they may cause this and interfere with the download - or try with another browser if present (Firefox for example)
Unless we are on a different page here and you mean you have this error while you are downloading the installer and not while installing it.
In that case, please disable your Antivirus / Firewall since they may cause this and interfere with the download - or try with another browser if present (Firefox for example)
#11
Posted 20 June 2009 - 02:10 PM
-
- Members
-
- 15 posts
New Member
No, I completely downloaded the installer. But when I open the installer, it worked, but then it says it was disconnected. I don't know
#12
Posted 20 June 2009 - 02:16 PM
-
- Administrators
-
- 7,127 posts
Forum Deity
- Gender:Female
- Location:Belgium
Looks like it wasn't the offline installer then, because - as I explained, it doesn't need internet connection. Unless you're meaning something else instead of "connected".
Anyway, can you try to install it with your Antivirus, Firewall or any other security program disabled? Also, when you get the error, what does it exactly says that gets "disconnected" What file is it talking about?
Isn't there an error code or whatever?
Anyway, can you try to install it with your Antivirus, Firewall or any other security program disabled? Also, when you get the error, what does it exactly says that gets "disconnected" What file is it talking about?
Isn't there an error code or whatever?
#13
Posted 20 June 2009 - 02:29 PM
-
- Members
-
- 15 posts
New Member
Hello!
There wasn't any error code when the message appeared... Even when the firewall and antivirus was disabled, the installer still won;t let me install java. The installer didn't mention about a file. It said the installer was cancelled or something like that... But I didn't click the cancel button.
There wasn't any error code when the message appeared... Even when the firewall and antivirus was disabled, the installer still won;t let me install java. The installer didn't mention about a file. It said the installer was cancelled or something like that... But I didn't click the cancel button.
#14
Posted 20 June 2009 - 02:37 PM
-
- Administrators
-
- 7,127 posts
Forum Deity
- Gender:Female
- Location:Belgium
Strange. I suggest you try later this week again - could be a temporary issue with the installer, so redownload and try to reinstall it then.
If still the same problem, it may be better to post it in the Sun Java forums: http://forums.sun.co...x.jspa?tab=java
Maybe they are aware of the issue and know how to solve it. Since your OS is a different language, it's more difficult for me to understand the errors if you have to translate it first.
If still the same problem, it may be better to post it in the Sun Java forums: http://forums.sun.co...x.jspa?tab=java
Maybe they are aware of the issue and know how to solve it. Since your OS is a different language, it's more difficult for me to understand the errors if you have to translate it first.
#15
Posted 20 June 2009 - 02:39 PM
-
- Members
-
- 15 posts
New Member
kk, thanks for your help. Ill try to install java next week. I think u can close this topic now.
From,
Kenyas
From,
Kenyas
#16
Posted 20 June 2009 - 02:56 PM
-
- Administrators
-
- 7,127 posts
Forum Deity
- Gender:Female
- Location:Belgium
You're welcome 
Since this issue appears resolved ... this Topic is closed.
If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.
Everyone else please begin a New Topic.
Since this issue appears resolved ... this Topic is closed.
If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.
Everyone else please begin a New Topic.
1 user(s) are reading this topic
0 members, 1 guests, 0 anonymous users
