http://forum.lowyat.net/ Wed, 25 Nov 2009 03:00:26 +0800 FeedCreator 1.7.2 http://forum.lowyat.net/topic/467134 yesterday as i transfer the log from my frens brontok infected com to my desktop to post here...the thumb drive tat got infected actually infected my com too...then i ran system restore to the day b4...so it was fine..but then my com is acting very weird...when i start my com and when it reaches the loading screen..the BSOD will appear and it will restart all over again...i cant see BSOD coz it dissapear too fast..wat i did was start in safe mode but it will hang..then press the restart button then run windows normally..then only can log in to window...after logging in...a few minutes after tat my audio driver will be missing and my desktop theme will change to windows classic theme...when i wan to change back to xp theme it is missing..<br /><br />below is the logs...<br /><br />HJT log<br /><!--SPOILER BEGIN--><div class="spoilertop" onClick="openClose('58b802a51c35324028e154e3839d69c6')" style="font-weight: bold"><u>&raquo; Click to show Spoiler - click again to hide... &laquo;</u></div><div class="spoilermain" id="58b802a51c35324028e154e3839d69c6" style="display:none"><!--SPOILER END-->Logfile of HijackThis v1.99.1<br />Scan saved at 9:40:54 PM, on 6/3/2007<br />Platform: Windows XP SP2 (WinNT 5.01.2600)<br />MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)<br /><br />Running processes:<br />C:&#092;WINDOWS1&#092;System32&#092;smss.exe<br />C:&#092;WINDOWS1&#092;system32&#092;winlogon.exe<br />C:&#092;WINDOWS1&#092;system32&#092;services.exe<br />C:&#092;WINDOWS1&#092;system32&#092;lsass.exe<br />C:&#092;WINDOWS1&#092;system32&#092;svchost.exe<br />C:&#092;WINDOWS1&#092;System32&#092;svchost.exe<br />C:&#092;WINDOWS1&#092;system32&#092;spoolsv.exe<br />C:&#092;WINDOWS1&#092;Explorer.EXE<br />C:&#092;WINDOWS1&#092;SOUNDMAN.EXE<br />C:&#092;PROGRA~1&#092;TEXTBR~1.0&#092;Bin&#092;INSTAN~1.EXE<br />C:&#092;Program Files&#092;Winamp&#092;winampa.exe<br />C:&#092;Program Files&#092;Common Files&#092;Real&#092;Update_OB&#092;realsched.exe<br />C:&#092;Program Files&#092;AOL&#092;Active Virus Shield&#092;avp.exe<br />C:&#092;WINDOWS1&#092;system32&#092;ctfmon.exe<br />C:&#092;Program Files&#092;Common Files&#092;Ahead&#092;lib&#092;NMBgMonitor.exe<br />C:&#092;Program Files&#092;AOL&#092;Active Virus Shield&#092;avp.exe<br />C:&#092;Program Files&#092;TextBridge Pro 8.0&#092;Ereg&#092;REMIND32.EXE<br />C:&#092;WINDOWS1&#092;system32&#092;wscntfy.exe<br />C:&#092;WINDOWS1&#092;System32&#092;svchost.exe<br />C:&#092;Program Files&#092;MSN Messenger&#092;usnsvc.exe<br />C:&#092;Program Files&#092;Hijackthis&#092;HijackThis.exe<br /><br />R0 - HKCU&#092;Software&#092;Microsoft&#092;Internet Explorer&#092;Main,Start Page = <a href='http://www.yahoo.com/' target='_blank'>http://www.yahoo.com/</a><br />O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:&#092;Program Files&#092;Adobe&#092;Acrobat 7.0&#092;ActiveX&#092;AcroIEHelper.dll<br />O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:&#092;Program Files&#092;BitComet&#092;tools&#092;BitCometBHO_1.1.3.28.dll<br />O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:&#092;Program Files&#092;Common Files&#092;Microsoft Shared&#092;Windows Live&#092;WindowsLiveLogin.dll<br />O4 - HKLM&#092;..&#092;Run: [IMJPMIG8.1] &quot;C:&#092;WINDOWS1&#092;IME&#092;imjp8_1&#092;IMJPMIG.EXE&quot; /Spoil /RemAdvDef /Migration32<br />O4 - HKLM&#092;..&#092;Run: [PHIME2002ASync] C:&#092;WINDOWS1&#092;system32&#092;IME&#092;TINTLGNT&#092;TINTSETP.EXE /SYNC<br />O4 - HKLM&#092;..&#092;Run: [PHIME2002A] C:&#092;WINDOWS1&#092;system32&#092;IME&#092;TINTLGNT&#092;TINTSETP.EXE /IMEName<br />O4 - HKLM&#092;..&#092;Run: [SoundMan] SOUNDMAN.EXE<br />O4 - HKLM&#092;..&#092;Run: [InstantAccess] C:&#092;PROGRA~1&#092;TEXTBR~1.0&#092;Bin&#092;INSTAN~1.EXE /h<br />O4 - HKLM&#092;..&#092;Run: [RegisterDropHandler] C:&#092;PROGRA~1&#092;TEXTBR~1.0&#092;Bin&#092;REGIST~1.EXE<br />O4 - HKLM&#092;..&#092;Run: [NeroFilterCheck] C:&#092;WINDOWS1&#092;system32&#092;NeroCheck.exe<br />O4 - HKLM&#092;..&#092;Run: [WinampAgent] C:&#092;Program Files&#092;Winamp&#092;winampa.exe<br />O4 - HKLM&#092;..&#092;Run: [TkBellExe] &quot;C:&#092;Program Files&#092;Common Files&#092;Real&#092;Update_OB&#092;realsched.exe&quot; -osboot<br />O4 - HKLM&#092;..&#092;Run: [aol] &quot;C:&#092;Program Files&#092;AOL&#092;Active Virus Shield&#092;avp.exe&quot;<br />O4 - HKLM&#092;..&#092;RunServices: [RegisterDropHandler] C:&#092;PROGRA~1&#092;TEXTBR~1.0&#092;Bin&#092;REGIST~1.EXE<br />O4 - HKCU&#092;..&#092;Run: [CTFMON.EXE] C:&#092;WINDOWS1&#092;system32&#092;ctfmon.exe<br />O4 - HKCU&#092;..&#092;Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] &quot;C:&#092;Program Files&#092;Common Files&#092;Ahead&#092;lib&#092;NMBgMonitor.exe&quot;<br />O4 - Startup: reminder-ScanSoft Product Registration.lnk = C:&#092;Program Files&#092;TextBridge Pro 8.0&#092;Ereg&#092;REMIND32.EXE<br />O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:&#092;Program Files&#092;Adobe&#092;Acrobat 7.0&#092;Reader&#092;reader_sl.exe<br />O8 - Extra context menu item: &amp;D&amp;ownload &amp;with BitComet - res://C:&#092;Program Files&#092;BitComet&#092;BitComet.exe/AddLink.htm<br />O8 - Extra context menu item: &amp;D&amp;ownload all video with BitComet - res://C:&#092;Program Files&#092;BitComet&#092;BitComet.exe/AddVideo.htm<br />O8 - Extra context menu item: &amp;D&amp;ownload all with BitComet - res://C:&#092;Program Files&#092;BitComet&#092;BitComet.exe/AddAllLink.htm<br />O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:&#092;PROGRA~1&#092;MICROS~2&#092;OFFICE11&#092;REFIEBAR.DLL<br />O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:&#092;Documents and Settings&#092;Calvin.CALVIN-F5560AEC&#092;Start Menu&#092;Programs&#092;IMVU&#092;Run IMVU.lnk<br />O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%&#092;Network Diagnostic&#092;xpnetdiag.exe (file missing)<br />O9 - Extra &#39;Tools&#39; menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%&#092;Network Diagnostic&#092;xpnetdiag.exe (file missing)<br />O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:&#092;Program Files&#092;Messenger&#092;msmsgs.exe<br />O9 - Extra &#39;Tools&#39; menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:&#092;Program Files&#092;Messenger&#092;msmsgs.exe<br />O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - <a href='http://www.e-games.com.my/com/EGamesPlugin.cab' target='_blank'>http://www.e-games.com.my/com/EGamesPlugin.cab</a><br />O17 - HKLM&#092;System&#092;CCS&#092;Services&#092;Tcpip&#092;..&#092;{E2551C3D-960A-4364-BFD0-7B813A026A61}: NameServer = 202.188.0.133 202.188.1.5<br />O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:&#092;PROGRA~1&#092;MSNMES~1&#092;MSGRAP~1.DLL<br />O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:&#092;PROGRA~1&#092;MSNMES~1&#092;MSGRAP~1.DLL<br />O20 - Winlogon Notify: klogon - C:&#092;WINDOWS1&#092;system32&#092;klogon.dll<br />O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:&#092;Program Files&#092;Ares&#092;chatServer.exe<br />O23 - Service: Active Virus Shield (AVP) - Unknown owner - C:&#092;Program Files&#092;AOL&#092;Active Virus Shield&#092;avp.exe&quot; -r (file missing)<br /><br /><!--SPOILER DIV--></div><!--SPOILER DIV--><br /><br />and the combo fix log<br /><!--SPOILER BEGIN--><div class="spoilertop" onClick="openClose('de8dbd0dc3dacd65b15466b2157f20d3')" style="font-weight: bold"><u>&raquo; Click to show Spoiler - click again to hide... &laquo;</u></div><div class="spoilermain" id="de8dbd0dc3dacd65b15466b2157f20d3" style="display:none"><!--SPOILER END-->&quot;Calvin&quot; - 2007-06-03 21:41:38 Service Pack 2 <br />ComboFix 07-05.21.6.V - Running from: &quot;C:&#092;Documents and Settings&#092;Calvin.CALVIN-F5560AEC&#092;Desktop&#092;&quot;<br /><br /><br />((((((((((((((((((((((((((((((( Files Created from 2007-05-03 to 2007-06-03 ))))))))))))))))))))))))))))))))))<br /><br /><br />2007-06-02 21:36 6,688 --ahs---- C:&#092;WINDOWS1&#092;system32&#092;drivers&#092;fidbox2.dat<br />2007-06-02 21:36 2,354,720 --ahs---- C:&#092;WINDOWS1&#092;system32&#092;drivers&#092;fidbox.dat<br />2007-06-02 21:36 &lt;DIR&gt; d-------- C:&#092;DOCUME~1&#092;ALLUSE~1.WIN&#092;APPLIC~1&#092;AOL<br />2007-06-01 21:21 3,031,040 --a------ C:&#092;DOCUME~1&#092;CALVIN~1.CAL&#092;ntuser.dat<br />2007-05-22 00:02 49,152 --a------ C:&#092;WINDOWS1&#092;nircmd.exe<br />2007-05-12 21:48 &lt;DIR&gt; d-------- C:&#092;WINDOWS1&#092;pss<br />2007-05-10 00:19 &lt;DIR&gt; d-------- C:&#092;DOCUME~1&#092;CALVIN~1.CAL&#092;APPLIC~1&#092;AdobeUM<br />2007-05-08 18:37 &lt;DIR&gt; d-------- C:&#092;Program Files&#092;Xinox Software<br />2007-05-08 18:37 &lt;DIR&gt; d-------- C:&#092;DOCUME~1&#092;CALVIN~1.CAL&#092;APPLIC~1&#092;Help<br /><br /><br />(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))<br /><br />2007-05-16 09:56:16 -------- d-----w C:&#092;DOCUME~1&#092;CALVIN~1.CAL&#092;APPLIC~1&#092;Real<br />2007-05-15 13:25:13 -------- d-----w C:&#092;DOCUME~1&#092;CALVIN~1.CAL&#092;APPLIC~1&#092;Ahead<br />2007-05-05 15:41:02 -------- d-----w C:&#092;DOCUME~1&#092;CALVIN~1.CAL&#092;APPLIC~1&#092;IMVU<br />2007-05-01 10:38:01 -------- d-----w C:&#092;Program Files&#092;MSECache<br />2007-04-27 11:55:41 -------- d-----w C:&#092;Program Files&#092;e-Games<br />2007-04-27 11:55:40 -------- d--h--w C:&#092;Program Files&#092;InstallShield Installation Information<br />2007-04-27 10:25:25 -------- d-----w C:&#092;DOCUME~1&#092;CALVIN~1.CAL&#092;APPLIC~1&#092;Media Player Classic<br />2007-04-26 16:22:09 -------- d-----w C:&#092;Program Files&#092;IMVU<br />2007-04-25 14:51:37 -------- d-----w C:&#092;Program Files&#092;9you<br />2007-04-25 14:36:44 -------- d-----w C:&#092;Program Files&#092;BitComet<br />2007-04-25 14:34:15 2,560 ----a-w C:&#092;WINDOWS1&#092;system32&#092;BitCometRes.dll<br />2007-04-25 14:20:40 -------- d-----w C:&#092;Program Files&#092;Common Files&#092;xing shared<br />2007-04-25 14:20:37 -------- d-----w C:&#092;Program Files&#092;Common Files&#092;Real<br />2007-04-25 14:20:15 -------- d-----w C:&#092;Program Files&#092;Real<br />2007-04-25 14:18:50 -------- d-----w C:&#092;Program Files&#092;Ares<br />2007-04-25 14:16:59 499,712 ----a-w C:&#092;WINDOWS1&#092;system32&#092;msvcp71.dll<br />2007-04-25 14:14:21 -------- d-----w C:&#092;Program Files&#092;MSN Messenger<br />2007-04-25 14:13:18 -------- d-----w C:&#092;Program Files&#092;K-Lite Codec Pack<br />2007-04-25 14:11:23 -------- d-----w C:&#092;Program Files&#092;Winamp<br />2007-04-25 14:02:02 -------- d-----w C:&#092;Program Files&#092;Common Files&#092;Ahead<br />2007-04-25 14:02:01 -------- d-----w C:&#092;Program Files&#092;Nero<br />2007-04-25 13:33:02 -------- d-----w C:&#092;Program Files&#092;MGI<br />2007-04-25 13:31:31 -------- d-----w C:&#092;Program Files&#092;TextBridge Pro 8.0<br />2007-04-25 13:15:54 -------- d-----w C:&#092;Program Files&#092;Realtek Sound Manager<br />2007-04-25 13:15:54 -------- d-----w C:&#092;Program Files&#092;AvRack<br />2007-04-25 13:15:44 -------- d-----w C:&#092;Program Files&#092;Realtek AC97<br />2007-04-25 03:29:17 -------- d-----w C:&#092;Program Files&#092;Windows Media Connect 2<br />2007-04-25 03:09:11 -------- d-----w C:&#092;Program Files&#092;Movie Maker<br />2007-04-25 03:08:09 21,640 ----a-w C:&#092;WINDOWS1&#092;system32&#092;emptyregdb.dat<br />2007-04-25 03:07:35 -------- d-----w C:&#092;Program Files&#092;Online Services<br />2007-04-25 03:06:52 -------- d-----w C:&#092;Program Files&#092;Messenger<br />2007-04-25 03:06:38 -------- d-----w C:&#092;Program Files&#092;Windows NT<br />2007-04-24 04:27:35 -------- d-----w C:&#092;Program Files&#092;VIA<br /><br /><br />(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))<br /> <br /> <br />*Note* empty entries &amp; legit default entries are not shown <br /><br />[HKEY_LOCAL_MACHINE&#092;SOFTWARE&#092;Microsoft&#092;Windows&#092;CurrentVersion&#092;Explorer&#092;Browser Helper Objects]<br />{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:&#092;Program Files&#092;Adobe&#092;Acrobat 7.0&#092;ActiveX&#092;AcroIEHelper.dll [2004-12-14 01:56]<br />{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}=C:&#092;Program Files&#092;BitComet&#092;tools&#092;BitCometBHO_1.1.3.28.dll [2007-03-29 22:31]<br />{9030D464-4C02-4ABF-8ECC-5164760863C6}=C:&#092;Program Files&#092;Common Files&#092;Microsoft Shared&#092;Windows Live&#092;WindowsLiveLogin.dll [2006-08-31 20:33]<br /><br />[HKEY_LOCAL_MACHINE&#092;SOFTWARE&#092;Microsoft&#092;Windows&#092;CurrentVersion&#092;Run]<br />&quot;IMJPMIG8.1&quot;=&quot;C:&#092;WINDOWS1&#092;IME&#092;imjp8_1&#092;IMJPMIG.exe&quot; [2006-10-15 23:40]<br />&quot;PHIME2002ASync&quot;=&quot;C:&#092;WINDOWS1&#092;system32&#092;IME&#092;TINTLGNT&#092;TINTSETP.exe&quot; [2004-08-04 04:32]<br />&quot;PHIME2002A&quot;=&quot;C:&#092;WINDOWS1&#092;system32&#092;IME&#092;TINTLGNT&#092;TINTSETP.exe&quot; [2004-08-04 04:32]<br />&quot;SoundMan&quot;=&quot;SOUNDMAN.EXE&quot; []<br />&quot;InstantAccess&quot;=&quot;C:&#092;PROGRA~1&#092;TEXTBR~1.0&#092;Bin&#092;INSTAN~1.exe&quot; [1998-12-10 13:57]<br />&quot;RegisterDropHandler&quot;=&quot;C:&#092;PROGRA~1&#092;TEXTBR~1.0&#092;Bin&#092;REGIST~1.EXE&quot; [1998-12-10 12:33]<br />&quot;NWEReboot&quot;=&quot;&quot; []<br />&quot;NeroFilterCheck&quot;=&quot;C:&#092;WINDOWS1&#092;system32&#092;NeroCheck.exe&quot; [2001-07-09 11:50]<br />&quot;WinampAgent&quot;=&quot;C:&#092;Program Files&#092;Winamp&#092;winampa.exe&quot; [2007-02-14 02:29]<br />&quot;TkBellExe&quot;=&quot;C:&#092;Program Files&#092;Common Files&#092;Real&#092;Update_OB&#092;realsched.exe&quot; [2007-04-25 22:20]<br />&quot;aol&quot;=&quot;C:&#092;Program Files&#092;AOL&#092;Active Virus Shield&#092;avp.exe&quot; [2006-05-30 11:13]<br />&quot;@&quot;=&quot;&quot; []<br /><br />[HKEY_CURRENT_USER&#092;SOFTWARE&#092;Microsoft&#092;Windows&#092;CurrentVersion&#092;Run]<br />&quot;CTFMON.EXE&quot;=&quot;C:&#092;WINDOWS1&#092;system32&#092;ctfmon.exe&quot; [2004-08-04 06:56]<br />&quot;BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}&quot;=&quot;C:&#092;Program Files&#092;Common Files&#092;Ahead&#092;lib&#092;NMBgMonitor.exe&quot; [2005-09-03 15:18]<br /><br />[HKEY_LOCAL_MACHINE&#092;software&#092;microsoft&#092;windows&#092;currentversion&#092;runservices]<br />&quot;RegisterDropHandler&quot;=C:&#092;PROGRA~1&#092;TEXTBR~1.0&#092;Bin&#092;REGIST~1.EXE<br /><br />[HKEY_CURRENT_USER&#092;software&#092;microsoft&#092;windows&#092;currentversion&#092;policies&#092;explorer]<br />&quot;RestrictRun&quot;=0 (0x0)<br /> <br /><br />Contents of the &#39;Scheduled Tasks&#39; folder<br />2007-06-02 11:41:05 C:&#092;WINDOWS1&#092;tasks&#092;At1.job<br /><br />********************************************************************<br /><br />catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, <a href='http://www.gmer.net' target='_blank'>http://www.gmer.net</a><br />Rootkit scan 2007-06-03 21:43:27<br />Windows 5.1.2600 Service Pack 2 NTFS<br /><br />scanning hidden processes ...<br /><br /> ? [348]<br /><br /><br />scanning hidden autostart entries ...<br /><br />scanning hidden files ...<br /><br />scan completed successfully<br />hidden files: 0<br /><br /><br />********************************************************************<br /><br />Completion time: 2007-06-03 21:44:04<br /><br /> --- E O F ---<br />((((((((((((((((((((((((((((((( Files Created from 06/0-01-07 to 06/03/2007 ))))))))))))))))))))))))))))))))))<br /><br /><br /><!--SPOILER DIV--></div><!--SPOILER DIV--><br /><br />sempurna i already pm u....so hope u can help me again...hehe... <!--emo&:D--><img src='http://static.lowyat.net/style_emoticons/default/biggrin.gif' border='0' style='vertical-align:middle' alt='biggrin.gif' /><!--endemo--> mryellow19 Technical Support Sun, 03 Jun 2007 21:50:22 +0800 http://forum.lowyat.net/topic/466611 my frens com got brontok coz he told me missing folder option and regedit has been disabled....so i used dr web cureit to clean the thing...but it seems tat after the scan and i restart the com...when the com start in the window...there is nothing on the desktop...not even the start toolbar...it oni pop out the my documents folder...since i cant navigate the desktop i navigated it through the folder to run hijakthis...coz as long as i close the my document folder nth can be done aleidi to restart the com..even ctrl+alt+delete function disabled...so i hope someone can help me here to solve the problem...below is the hijackthis log for my frens computer... <!--emo&:help:--><img src='http://static.lowyat.net/style_emoticons/default/icon_question.gif' border='0' style='vertical-align:middle' alt='icon_question.gif' /><!--endemo--> <br /><br />Logfile of Trend Micro HijackThis v2.0.0 (BETA)<br />Scan saved at 05:21:57 PM, on 02/06/2007<br />Platform: Windows XP SP2 (WinNT 5.01.2600)<br />Boot mode: Normal<br /><br />Running processes:<br />C:&#092;WINDOWS&#092;System32&#092;smss.exe<br />C:&#092;WINDOWS&#092;system32&#092;winlogon.exe<br />C:&#092;WINDOWS&#092;system32&#092;services.exe<br />C:&#092;WINDOWS&#092;system32&#092;lsass.exe<br />C:&#092;WINDOWS&#092;system32&#092;svchost.exe<br />C:&#092;WINDOWS&#092;System32&#092;svchost.exe<br />C:&#092;Program Files&#092;Ahead&#092;InCD&#092;InCDsrv.exe<br />C:&#092;WINDOWS&#092;system32&#092;spoolsv.exe<br />C:&#092;WINDOWS&#092;Explorer.EXE<br />C:&#092;WINDOWS&#092;system32&#092;wscntfy.exe<br />C:&#092;Documents and Settings&#092;Gary&#092;Desktop&#092;HiJackThis_v2.exe<br /><br />R0 - HKCU&#092;Software&#092;Microsoft&#092;Internet Explorer&#092;Main,Start Page = <a href='http://runonce.msn.com/?v=msgrv75' target='_blank'>http://runonce.msn.com/?v=msgrv75</a><br />F2 - REG:system.ini: Shell=<br />O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:&#092;Program Files&#092;Adobe&#092;Acrobat 7.0&#092;ActiveX&#092;AcroIEHelper.dll<br />O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:&#092;Program Files&#092;Common Files&#092;Microsoft Shared&#092;Windows Live&#092;WindowsLiveLogin.dll<br />O2 - BHO: DownloadBHO T2BHO - {B1D147E7-873E-4909-8127-695D9BB78728} - C:&#092;WINDOWS&#092;Downloaded Program Files&#092;barhelp24.0.dll<br />O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:&#092;Program Files&#092;Windows Live Toolbar&#092;msntb.dll<br />O3 - Toolbar: ÌìÏÂËÑË÷ - {56A7DC70-E102-4408-A34A-AE06FEF01586} - C:&#092;WINDOWS&#092;DOWNLO~1&#092;IEBAR2~1.DLL<br />O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:&#092;Program Files&#092;Windows Live Toolbar&#092;msntb.dll<br />O4 - HKLM&#092;..&#092;Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe<br />O4 - HKLM&#092;..&#092;Run: [IMJPMIG8.1] &quot;C:&#092;WINDOWS&#092;IME&#092;imjp8_1&#092;IMJPMIG.EXE&quot; /Spoil /RemAdvDef /Migration32<br />O4 - HKLM&#092;..&#092;Run: [PHIME2002ASync] C:&#092;WINDOWS&#092;system32&#092;IME&#092;TINTLGNT&#092;TINTSETP.EXE /SYNC<br />O4 - HKLM&#092;..&#092;Run: [PHIME2002A] C:&#092;WINDOWS&#092;system32&#092;IME&#092;TINTLGNT&#092;TINTSETP.EXE /IMEName<br />O4 - HKLM&#092;..&#092;Run: [IgfxTray] C:&#092;WINDOWS&#092;system32&#092;igfxtray.exe<br />O4 - HKLM&#092;..&#092;Run: [HotKeysCmds] C:&#092;WINDOWS&#092;system32&#092;hkcmd.exe<br />O4 - HKLM&#092;..&#092;Run: [SoundMan] SOUNDMAN.EXE<br />O4 - HKLM&#092;..&#092;Run: [AlcWzrd] ALCWZRD.EXE<br />O4 - HKLM&#092;..&#092;Run: [Alcmtr] ALCMTR.EXE<br />O4 - HKLM&#092;..&#092;Run: [NeroFilterCheck] C:&#092;WINDOWS&#092;system32&#092;NeroCheck.exe<br />O4 - HKLM&#092;..&#092;Run: [InCD] C:&#092;Program Files&#092;Ahead&#092;InCD&#092;InCD.exe<br />O4 - HKLM&#092;..&#092;Run: [PCTVOICE] pctspk.exe<br />O4 - HKLM&#092;..&#092;Run: [Sony Ericsson PC Suite] &quot;C:&#092;Program Files&#092;Sony Ericsson&#092;Mobile2&#092;Application Launcher&#092;Application Launcher.exe&quot; /startoptions<br />O4 - HKLM&#092;..&#092;Run: [Adobe Photo Downloader] &quot;C:&#092;Program Files&#092;Adobe&#092;Photoshop Album Starter Edition&#092;3.0&#092;Apps&#092;apdproxy.exe&quot;<br />O4 - HKLM&#092;..&#092;Run: [Messaging] C:&#092;Program Files&#092;Instant Messenger Names&#092;IM-svr.EXE<br />O4 - HKLM&#092;..&#092;Run: [AutomatedSurfer] C:&#092;WINDOWS&#092;system32&#092;SurferClient.exe<br />O4 - HKLM&#092;..&#092;Run: [StormCodec_Helper] &quot;C:&#092;Program Files&#092;Ringz Studio&#092;Storm Codec&#092;StormSet.exe&quot; /S /opti<br />O4 - HKCU&#092;..&#092;Run: [MsnMsgr] &quot;C:&#092;Program Files&#092;MSN Messenger&#092;MsnMsgr.Exe&quot; /background<br />O4 - HKCU&#092;..&#092;Run: [ctfmon.exe] C:&#092;WINDOWS&#092;system32&#092;ctfmon.exe<br />O4 - HKCU&#092;..&#092;Run: [updateMgr] &quot;C:&#092;Program Files&#092;Adobe&#092;Acrobat 7.0&#092;Reader&#092;AdobeUpdateManager.exe&quot; AcRdB7_0_9 -reboot 1<br />O4 - HKCU&#092;..&#092;Run: [AutomatedSurfer] C:&#092;WINDOWS&#092;system32&#092;SurferClient.exe<br />O4 - HKCU&#092;..&#092;Run: [KKBOX Tray Icon] C:&#092;Program Files&#092;KKBOX&#092;KKBOX_Tray.exe<br />O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:&#092;Program Files&#092;Adobe&#092;Acrobat 7.0&#092;Reader&#092;reader_sl.exe<br />O7 - HKCU&#092;Software&#092;Microsoft&#092;Windows&#092;CurrentVersion&#092;Policies&#092;System, DisableRegedit=1<br />O8 - Extra context menu item: &amp;Windows Live Search - res://C:&#092;Program Files&#092;Windows Live Toolbar&#092;msntb.dll/search.htm<br />O8 - Extra context menu item: E&amp;xport to Microsoft Excel - res://C:&#092;PROGRA~1&#092;MICROS~2&#092;OFFICE11&#092;EXCEL.EXE/3000<br />O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:&#092;PROGRA~1&#092;MICROS~2&#092;OFFICE11&#092;REFIEBAR.DLL<br />O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%&#092;Network Diagnostic&#092;xpnetdiag.exe (file missing)<br />O9 - Extra &#39;Tools&#39; menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%&#092;Network Diagnostic&#092;xpnetdiag.exe (file missing)<br />O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:&#092;Program Files&#092;Messenger&#092;msmsgs.exe<br />O9 - Extra &#39;Tools&#39; menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:&#092;Program Files&#092;Messenger&#092;msmsgs.exe<br />O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - <a href='http://garycshmil.spaces.live.com//PhotoUpload/MsnPUpld.cab' target='_blank'>http://garycshmil.spaces.live.com//PhotoUpload/MsnPUpld.cab</a><br />O16 - DPF: {56A7DC70-E102-4408-A34A-AE06FEF01586} (ÌìÏÂËÑË÷) - <a href='http://iebar.t2t2.com/iebar.cab' target='_blank'>http://iebar.t2t2.com/iebar.cab</a><br />O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - <a href='http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab' target='_blank'>http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab</a><br />O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:&#092;WINDOWS&#092;system32&#092;browseui.dll<br />O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:&#092;WINDOWS&#092;system32&#092;browseui.dll<br />O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:&#092;Program Files&#092;Common Files&#092;InstallShield&#092;Driver&#092;11&#092;Intel 32&#092;IDriverT.exe<br />O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:&#092;Program Files&#092;Ahead&#092;InCD&#092;InCDsrv.exe<br /><br />--<br />End of file - 5206 bytes<br /><br />tq in advance for ur help...hope u can und the situation i posted.... <!--emo&:help:--><img src='http://static.lowyat.net/style_emoticons/default/icon_question.gif' border='0' style='vertical-align:middle' alt='icon_question.gif' /><!--endemo--> mryellow19 Technical Support Sat, 02 Jun 2007 19:03:03 +0800 http://forum.lowyat.net/topic/460488 My com got infected wif trojan.download...avg detected it and i clicked heal..not sure whether its still in my com coz sometimes my IE will suddenly close...can someone pls help me to check it... <!--emo&:help:--><img src='http://static.lowyat.net/style_emoticons/default/icon_question.gif' border='0' style='vertical-align:middle' alt='icon_question.gif' /><!--endemo--> ...thanks a lot...here is the HJT log...<br /><br />Logfile of HijackThis v1.99.1<br />Scan saved at 9:16:01 PM, on 5/21/2007<br />Platform: Windows XP SP2 (WinNT 5.01.2600)<br />MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)<br /><br />Running processes:<br />C:&#092;WINDOWS1&#092;System32&#092;smss.exe<br />C:&#092;WINDOWS1&#092;system32&#092;winlogon.exe<br />C:&#092;WINDOWS1&#092;system32&#092;services.exe<br />C:&#092;WINDOWS1&#092;system32&#092;lsass.exe<br />C:&#092;WINDOWS1&#092;system32&#092;winsersec.exe<br />C:&#092;WINDOWS1&#092;system32&#092;svchost.exe<br />C:&#092;WINDOWS1&#092;System32&#092;svchost.exe<br />C:&#092;WINDOWS1&#092;system32&#092;spoolsv.exe<br />C:&#092;WINDOWS1&#092;Explorer.EXE<br />C:&#092;WINDOWS1&#092;SOUNDMAN.EXE<br />C:&#092;PROGRA~1&#092;TEXTBR~1.0&#092;Bin&#092;INSTAN~1.EXE<br />C:&#092;WINDOWS1&#092;sdaemon.exe<br />C:&#092;WINDOWS1&#092;winwd.exe<br />C:&#092;Program Files&#092;Winamp&#092;winampa.exe<br />C:&#092;PROGRA~1&#092;Grisoft&#092;AVG7&#092;avgcc.exe<br />C:&#092;Program Files&#092;Common Files&#092;Real&#092;Update_OB&#092;realsched.exe<br />C:&#092;WINDOWS1&#092;system32&#092;ctfmon.exe<br />C:&#092;Program Files&#092;Common Files&#092;Ahead&#092;lib&#092;NMBgMonitor.exe<br />C:&#092;Program Files&#092;TextBridge Pro 8.0&#092;Ereg&#092;REMIND32.EXE<br />C:&#092;PROGRA~1&#092;Grisoft&#092;AVG7&#092;avgamsvr.exe<br />C:&#092;PROGRA~1&#092;Grisoft&#092;AVG7&#092;avgupsvc.exe<br />C:&#092;PROGRA~1&#092;Grisoft&#092;AVG7&#092;avgemc.exe<br />C:&#092;WINDOWS1&#092;system32&#092;wscntfy.exe<br />C:&#092;Program Files&#092;MSN Messenger&#092;msnmsgr.exe<br />C:&#092;Program Files&#092;MSN Messenger&#092;usnsvc.exe<br />C:&#092;Program Files&#092;Internet Explorer&#092;iexplore.exe<br />C:&#092;Program Files&#092;Common Files&#092;Microsoft Shared&#092;Windows Live&#092;WLLoginProxy.exe<br />C:&#092;Program Files&#092;Hijackthis&#092;HijackThis.exe<br /><br />R0 - HKCU&#092;Software&#092;Microsoft&#092;Internet Explorer&#092;Main,Start Page = <a href='http://www.yahoo.com/' target='_blank'>http://www.yahoo.com/</a><br />O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:&#092;Program Files&#092;Adobe&#092;Acrobat 7.0&#092;ActiveX&#092;AcroIEHelper.dll<br />O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:&#092;Program Files&#092;BitComet&#092;tools&#092;BitCometBHO_1.1.3.28.dll<br />O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)<br />O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:&#092;Program Files&#092;Common Files&#092;Microsoft Shared&#092;Windows Live&#092;WindowsLiveLogin.dll<br />O4 - HKLM&#092;..&#092;Run: [IMJPMIG8.1] &quot;C:&#092;WINDOWS1&#092;IME&#092;imjp8_1&#092;IMJPMIG.EXE&quot; /Spoil /RemAdvDef /Migration32<br />O4 - HKLM&#092;..&#092;Run: [PHIME2002ASync] C:&#092;WINDOWS1&#092;system32&#092;IME&#092;TINTLGNT&#092;TINTSETP.EXE /SYNC<br />O4 - HKLM&#092;..&#092;Run: [PHIME2002A] C:&#092;WINDOWS1&#092;system32&#092;IME&#092;TINTLGNT&#092;TINTSETP.EXE /IMEName<br />O4 - HKLM&#092;..&#092;Run: [SoundMan] SOUNDMAN.EXE<br />O4 - HKLM&#092;..&#092;Run: [InstantAccess] C:&#092;PROGRA~1&#092;TEXTBR~1.0&#092;Bin&#092;INSTAN~1.EXE /h<br />O4 - HKLM&#092;..&#092;Run: [RegisterDropHandler] C:&#092;PROGRA~1&#092;TEXTBR~1.0&#092;Bin&#092;REGIST~1.EXE<br />O4 - HKLM&#092;..&#092;Run: [NeroFilterCheck] C:&#092;WINDOWS1&#092;system32&#092;NeroCheck.exe<br />O4 - HKLM&#092;..&#092;Run: [SDaemon] C:&#092;WINDOWS1&#092;sdaemon.exe<br />O4 - HKLM&#092;..&#092;Run: [SWd] C:&#092;WINDOWS1&#092;winwd.exe<br />O4 - HKLM&#092;..&#092;Run: [WinampAgent] C:&#092;Program Files&#092;Winamp&#092;winampa.exe<br />O4 - HKLM&#092;..&#092;Run: [AVG7_CC] C:&#092;PROGRA~1&#092;Grisoft&#092;AVG7&#092;avgcc.exe /STARTUP<br />O4 - HKLM&#092;..&#092;Run: [TkBellExe] &quot;C:&#092;Program Files&#092;Common Files&#092;Real&#092;Update_OB&#092;realsched.exe&quot; -osboot<br />O4 - HKLM&#092;..&#092;RunServices: [RegisterDropHandler] C:&#092;PROGRA~1&#092;TEXTBR~1.0&#092;Bin&#092;REGIST~1.EXE<br />O4 - HKCU&#092;..&#092;Run: [CTFMON.EXE] C:&#092;WINDOWS1&#092;system32&#092;ctfmon.exe<br />O4 - HKCU&#092;..&#092;Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] &quot;C:&#092;Program Files&#092;Common Files&#092;Ahead&#092;lib&#092;NMBgMonitor.exe&quot;<br />O4 - Startup: reminder-ScanSoft Product Registration.lnk = C:&#092;Program Files&#092;TextBridge Pro 8.0&#092;Ereg&#092;REMIND32.EXE<br />O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:&#092;Program Files&#092;Adobe&#092;Acrobat 7.0&#092;Reader&#092;reader_sl.exe<br />O8 - Extra context menu item: &amp;D&amp;ownload &amp;with BitComet - res://C:&#092;Program Files&#092;BitComet&#092;BitComet.exe/AddLink.htm<br />O8 - Extra context menu item: &amp;D&amp;ownload all video with BitComet - res://C:&#092;Program Files&#092;BitComet&#092;BitComet.exe/AddVideo.htm<br />O8 - Extra context menu item: &amp;D&amp;ownload all with BitComet - res://C:&#092;Program Files&#092;BitComet&#092;BitComet.exe/AddAllLink.htm<br />O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:&#092;PROGRA~1&#092;MICROS~2&#092;OFFICE11&#092;REFIEBAR.DLL<br />O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:&#092;Documents and Settings&#092;Calvin.CALVIN-F5560AEC&#092;Start Menu&#092;Programs&#092;IMVU&#092;Run IMVU.lnk<br />O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%&#092;Network Diagnostic&#092;xpnetdiag.exe (file missing)<br />O9 - Extra &#39;Tools&#39; menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%&#092;Network Diagnostic&#092;xpnetdiag.exe (file missing)<br />O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:&#092;Program Files&#092;Messenger&#092;msmsgs.exe<br />O9 - Extra &#39;Tools&#39; menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:&#092;Program Files&#092;Messenger&#092;msmsgs.exe<br />O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - <a href='http://www.e-games.com.my/com/EGamesPlugin.cab' target='_blank'>http://www.e-games.com.my/com/EGamesPlugin.cab</a><br />O17 - HKLM&#092;System&#092;CCS&#092;Services&#092;Tcpip&#092;..&#092;{E2551C3D-960A-4364-BFD0-7B813A026A61}: NameServer = 202.188.0.133 202.188.1.5<br />O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:&#092;PROGRA~1&#092;MSNMES~1&#092;MSGRAP~1.DLL<br />O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:&#092;PROGRA~1&#092;MSNMES~1&#092;MSGRAP~1.DLL<br />O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:&#092;Program Files&#092;Ares&#092;chatServer.exe<br />O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:&#092;PROGRA~1&#092;Grisoft&#092;AVG7&#092;avgamsvr.exe<br />O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:&#092;PROGRA~1&#092;Grisoft&#092;AVG7&#092;avgupsvc.exe<br />O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:&#092;PROGRA~1&#092;Grisoft&#092;AVG7&#092;avgemc.exe<br />O23 - Service: winser - Unknown owner - C:&#092;WINDOWS1&#092;system32&#092;winsersec.exe mryellow19 Technical Support Mon, 21 May 2007 21:21:05 +0800 http://forum.lowyat.net/topic/457932 i juz bought a acer aspire series lappy in pc fair...then these few days gila aleidi...not sure wats happening...when i start computer there is the windows log in sound...but after a few minutes when i on windows media player an error came out stating tat no mixer is found and cant play the song...when i click on volume control it states that no mixer is found and ask me to go control panel to add hardware...but i cant seem to add any hardware...even uninstall and installing back the sound driver does not work...dunno wats happening..<br /><br />secondly after i log in...after 5 minutes my desktop appereance will change automatically to windows classic theme..when i wan to change back to windows xp theme in properties the windows xp theme does not exist...i try going to appearance and change the windows xp style but it also not exist...after a while it will suddenly change back to the xp theme....dunno wats happening oso...<br /><br />pls help me here...i dunno wat to do and sorry for my bad english..hope u guys out there can und and help me.... mryellow19 Technical Support Wed, 16 May 2007 18:16:55 +0800