Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

TRd ww problem.. [RESOLVED]


  • This topic is locked This topic is locked

#1
dragonofsky

dragonofsky

    New Member

  • Member
  • Pip
  • 9 posts
here is my hijack logs... my problem is shows TRd WW apears like it is in my MSN Messenger or Any DVD folder.. but i guess its just a falk location..



Logfile of HijackThis v1.99.1
Scan saved at 上午 06:34:06, on 2005/5/29
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\Fmctrl.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\wsearch\Search.exe
C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe
C:\WINDOWS\system32\CTFMON.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\FlashGet-v1.65\flashget.exe
C:\Program Files\BitComet\BitComet.exe
C:\WINDOWS\system32\remote.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\DOCUMENTS AND SETTINGS\JERRY\桌面\HijackThis.exe

R3 - URLSearchHook: 奻厙翑忒 - {BB936323-19FA-4521-BA29-ECA6A121BC78} - C:\PROGRA~1\3721\Assist\asbar.dll
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - D:\Program Files\TechSmith\SnagItBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: AssistII - {BB936323-19FA-4521-BA29-ECA6A121BC78} - C:\PROGRA~1\3721\Assist\asbar.dll
O2 - BHO: IE - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - C:\WINDOWS\downlo~1\CnsHook.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Save Flash - {4064EA35-578D-4073-A834-C96D82CBCF40} - C:\Program Files\Save Flash\SaveFlash.dll
O3 - Toolbar: 奻厙翑忒 - {BB936323-19FA-4521-BA29-ECA6A121BC78} - C:\PROGRA~1\3721\Assist\asbar.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - D:\Program Files\TechSmith\SnagItIEAddin.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [FmctrlTray] Fmctrl.EXE
O4 - HKLM\..\Run: [CJIMETIPSYNC] C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\CHANGJIE\CINTLCFG.EXE /CJIMETIPSync
O4 - HKLM\..\Run: [PHIMETIPSYNC] C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\PHONETIC\TINTLCFG.EXE /PHIMETIPSync
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [LVRemote] C:\WINDOWS\system32\remote.exe
O4 - HKLM\..\Run: [RecSche] "C:\Program Files\TV Walker\RecSche.exe"
O4 - HKLM\..\Run: [helper.dll] C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\3721\helper.dll,Rundll32
O4 - HKLM\..\Run: [MoveSearch] C:\Program Files\wsearch\Search.exe
O4 - HKLM\..\Run: [TotalRecorderScheduler] "C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe"
O4 - HKLM\..\Run: [CnsMin] Rundll32.exe C:\WINDOWS\downlo~1\CnsMin.dll,Rundll32
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O8 - Extra context menu item: !搜一搜 - res://C:\WINDOWS\downlo~1\CnsMinEx.dll/1003
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: 下載編碼內容(&D.S.Lite) - C:\Documents and Settings\Jerry\袤醱\DSLite2\dl_text.html
O8 - Extra context menu item: 下載編碼檔案內容(&D.S.Lite) - C:\Documents and Settings\Jerry\袤醱\DSLite2\dl_url.html
O8 - Extra context menu item: 下载编码内容(&D.S.Lite) - C:\Documents and Settings\Jerry\袤醱\DSLite2\dl_text.html
O8 - Extra context menu item: 下载编码文件内容(&D.S.Lite) - C:\Documents and Settings\Jerry\袤醱\DSLite2\dl_url.html
O8 - Extra context menu item: 使用 FlashGet 下載 - C:\Program Files\FlashGet-v1.65\jc_link.htm
O8 - Extra context menu item: 使用网际快车下载 - C:\Program Files\FlashGet-v1.65\jc_link.htm
O8 - Extra context menu item: 使用网际快车下载全部链接 - C:\Program Files\FlashGet-v1.65\jc_all.htm
O8 - Extra context menu item: 全部使用 FlashGet 下載 - C:\Program Files\FlashGet-v1.65\jc_all.htm
O8 - Extra context menu item: 匯出至 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: 忒?傻陓 - {00000000-0000-0001-0001-596BAEDD1289} - http://sms.3721.com/...?pid=U_3721home (file missing)
O9 - Extra button: Yahoo 1G?赩 - {507F9113-CD77-4866-BA92-0E86DA3D0B97} - http://cn.mail.yahoo.com/promo/rd1 (file missing)
O9 - Extra button: ????嗣 - {59BC54A2-56B3-44a0-93E5-432D58746E26} - http://hot.3721.com/rd/shop_btn.htm (file missing)
O9 - Extra button: 奻鋒翑忒 - {5D73EE86-05F1-49ed-B850-E423120EC338} - http://assistant.372...ndex.htm?fb=Cns (file missing)
O9 - Extra button: ?蕉揃蹋 - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ?劓謐毞 - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - http://cn.rd.yahoo.c...nger.yahoo.com/ (file missing)
O9 - Extra button: (no name) - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://assistant.372...ity1.htm?fb=Cns (file missing)
O9 - Extra 'Tools' menuitem: 党?罜? - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://assistant.372...ity1.htm?fb=Cns (file missing)
O9 - Extra button: D.S.Lite - {F8475519-8412-4D40-A46E-692D9D04DF7F} - C:\Documents and Settings\Jerry\袤醱\DSLite2\DSLite.exe (file missing)
O9 - Extra 'Tools' menuitem: &D.S.Lite - {F8475519-8412-4D40-A46E-692D9D04DF7F} - C:\Documents and Settings\Jerry\袤醱\DSLite2\DSLite.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://assistant.372...ean1.htm?fb=Cns (file missing)
O9 - Extra 'Tools' menuitem: ?燴奻鋒?? - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://assistant.372...ean1.htm?fb=Cns (file missing)
O11 - Options group: [!CNS] 奻鋒翑忒-華硊?刲坰
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pdownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab34246.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/z...s/heartbeat.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4532E221-EEE0-4F6B-9DE3-94594A494344}: NameServer = 192.168.0.1
O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
  • 0

Advertisements


#2
dragonofsky

dragonofsky

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
hmm its falling kinda too fast... push it my selfs.. realy need to get problem done >)_<
  • 0

#3
ukbiker

ukbiker

    Rest in Peace, ukbiker

  • Retired Staff
  • 2,014 posts
Hello and welcome to Geeks To Go.

I am UKBiker and will be helping you with this log.

Lets start out with some general scans and see if we cant clean things up a little.

+++++ Step 1 +++++

Please download Ewido security suite it is a trial version of the program.
  • Install Ewido security suite
  • Launch Ewido, there should be an icon on your desktop double-click it.
  • The program will prompt you to update click the OK button
  • The program will now go to the main screen
You will need to update ewido to the latest definition files.
  • On the left hand side of the main screen click update
  • Click on Start
The update will start and a progress bar will show the updates being installed.
Once the updates are installed do the following:
  • Click on scanner
  • Make sure the following boxes are checked before scanning:
    • Binder
    • Crypter
    • Archives
  • Click on Start Scan
  • Let the program scan the machine
While the scan is in progress you will be prompted to clean files, click OK

Once the scan has completed, there will be a button located on the bottom of the screen named Save report
  • Click Save report
  • Save the report to your desktop
+++++ Step 2 +++++

Please run an on-line virus scan at Kaspersky OnLine Scan or if that doesnt work, you can use TrendMicro or BitDefender. (Please post the results of the scan(s) in your next reply)

+++++ Step 3 +++++

Update HiJackThis
  • Open HiJackThis
  • Click Open the Misc Tools Section
  • Click Check for update online
+++++ Step 4 +++++

After that, I will need to see two different logs from HiJackThis. The first is the normal log like you posted here. To get the other one, follow these directions.

Open HijackThis, click Config, click Misc Tools
Click "Open Uninstall Manager"
Click "Save List" (generates uninstall_list.txt)
Click Save, copy and paste the results in your next post.

Post back with those logs and we can continue from there.

If you have recieved help elsewhere or no longer need our assistance, please let us know.

UKBiker
  • 0

#4
dragonofsky

dragonofsky

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
thx for reply im following all those steps right now, acroding to the scan speed ill post reports and logs ^^ ill edit this post for paste reports and logs on

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 下午 05:20:55, 2005/6/12
+ Report-Checksum: 279A94E0

+ Date of database: 2005/6/12
+ Version of scan engine: v3.0

+ Duration: 43 min
+ Scanned Files: 94596
+ Speed: 36.19 Files/Second
+ Infected files: 9
+ Removed files: 9
+ Files put in quarantine: 9
+ Files that could not be opened: 0
+ Files that could not be cleaned: 0

+ Binder: Yes
+ Crypter: Yes
+ Archives: Yes

+ Scanned items:
C:\
D:\
E:\

+ Scan result:
C:\Documents and Settings\Jerry\Cookies\jerry@geocities[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Jerry\Cookies\jerry@hb.lycos[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Jerry\Cookies\jerry@realguide.real[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Jerry\Cookies\jerry@real[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Jerry\Cookies\jerry@zwsw.3721[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Program Files\wsearch\mUninstall.exe -> Spyware.WSearch.a -> Cleaned with backup
D:\MU\GameGuard\npggNT.des -> Trojan.Lmir.by -> Cleaned with backup
D:\MU.rar/MU\GameGuard\npggNT.des -> Trojan.Lmir.by -> Cleaned with backup
E:\Diablo II\showcdkey.exe -> TrojanSpy.Lucyfer -> Cleaned with backup


::Report End

-----------------------------------------------------------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 下午 05:22:06, on 2005/6/12
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Fmctrl.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\TV Walker\RecSche.exe
C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\securitysuite.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINDOWS\system32\remote.exe
C:\WINDOWS\system32\NOTEPAD.EXE
E:\新資料夾\HijackThis.exe

O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - D:\Program Files\TechSmith\SnagItBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Save Flash - {4064EA35-578D-4073-A834-C96D82CBCF40} - C:\Program Files\Save Flash\SaveFlash.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - D:\Program Files\TechSmith\SnagItIEAddin.dll
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [FmctrlTray] Fmctrl.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LVRemote] C:\WINDOWS\system32\remote.exe
O4 - HKLM\..\Run: [RecSche] "C:\Program Files\TV Walker\RecSche.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [StormCodec_Helper] "C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O8 - Extra context menu item: 使用 FlashGet 下載 - C:\Program Files\FlashGet-v1.65\jc_link.htm
O8 - Extra context menu item: 全部使用 FlashGet 下載 - C:\Program Files\FlashGet-v1.65\jc_all.htm
O9 - Extra button: Yahoo 1G電郵 - {507F9113-CD77-4866-BA92-0E86DA3D0B97} - http://cn.mail.yahoo.com/promo/rd1 (file missing)
O9 - Extra button: 參考資料 - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: 情景聊天 - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - http://cn.rd.yahoo.c...nger.yahoo.com/ (file missing)
O9 - Extra button: D.S.Lite - {F8475519-8412-4D40-A46E-692D9D04DF7F} - C:\Documents and Settings\Jerry\桌面\DSLite2\DSLite.exe
O9 - Extra 'Tools' menuitem: &D.S.Lite - {F8475519-8412-4D40-A46E-692D9D04DF7F} - C:\Documents and Settings\Jerry\桌面\DSLite2\DSLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {7BA7BCE2-D359-4407-82D9-CDF9A74C487A} (DownLoadStub Class) - http://www.hpphoto.c...nloadPhotos.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pdownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab34246.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/z...s/heartbeat.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4532E221-EEE0-4F6B-9DE3-94594A494344}: NameServer = 192.168.0.1
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

-----------------------------------------------------------------------------------------------

Adobe Acrobat 5.0
Age of Mythology
Age of Mythology - The Titans Expansion
BitComet 0.56
Cabos
CEO
Codec Pack - All In 1 6.0.2.6
DiscJuggler
DivX
DivX 5.0 Pro Bundle
ewido security suite
Google Toolbar for Internet Explorer
HijackThis 1.99.1
J2SE Runtime Environment 5.0 Update 1
Kaspersky Anti-Virus Personal
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Chinese (Traditional) Lang. Pack
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft Office Professional Edition 2003
Microsoft Windows 筆記本檢視器
Mozilla Firefox (1.0.4)
MSN Messenger 7.0
MSXML4 Parser
Nero 6 Ultra Edition
NVIDIA Drivers
PowerDVD
RealOne Player
Save Flash 3.0
SnagIt 7
Spy Sweeper
Storm Codec
TOM-Skype 1.2
Total Recorder 5.1
Total Recorder Pro 5.0
Ulead PhotoImpact 10 試用版
Winamp (僅供移除)
WinAVI VideoConverter
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Media Connect
Windows Media Connect
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB886677
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB887797
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
WinRAR 壓縮工具
XMPEG 5.0

-----------------------------------------------------------------------------------------------

dragonofsky

Edited by dragonofsky, 12 June 2005 - 10:01 PM.

  • 0

#5
dragonofsky

dragonofsky

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
KAV scan report


Report:
C:\Documents and Settings\Jerry\Local Settings\Temp\ir_ext_temp_0\AutoPlay\autorun.cdd;password protected
C:\Documents and Settings\Jerry\Local Settings\Temp\ir_ext_temp_0\AutoPlay\autorun.cdd;password protected
C:\Documents and Settings\Jerry\Local Settings\Temp\ir_ext_temp_0\AutoPlay\autorun.cdd;password protected
C:\Documents and Settings\Jerry\\DSLite2\Downloads\CloneCD.exe\CloneCD 5.2.2.1.exe;password protected
C:\Documents and Settings\Jerry\\DSLite2\Downloads\CloneCD.exe\Key CloneCD 5.2.2.1.clonecd;password protected
D:\Downloads\kapersky.exe\AutoPlay/autorun.cdd\_detect.dat;password protected
D:\Downloads\kapersky.exe\AutoPlay/autorun.cdd\_proj.dat;password protected
D:\Downloads\kapersky.exe\AutoPlay/autorun.cdd\_fonts.dat;password protected
D:\Downloads\AD002.rar;password protected
D:\Downloads\SN.zip;password protected
D:\Downloads\myeven.rar;password protected
D:\Downloads\myeven.rar;password protected
D:\Downloads\myeven.rar;password protected
D:\Downloads\myeven.rar;password protected
D:\Downloads\myeven.rar;password protected
D:\Downloads\myeven.rar;password protected
D:\Downloads\myeven.rar;password protected
D:\Downloads\myeven.rar;password protected
D:\Downloads\myeven.rar;password protected
D:\Downloads\myeven.rar;password protected
D:\Downloads\myeven.rar;password protected
D:\Downloads\myeven.rar;password protected
D:\Downloads\myeven.rar;password protected
D:\Downloads\myeven.rar;password protected
D:\Downloads\myeven.rar;password protected
D:\Downloads\myeven.rar;password protected
D:\Downloads\myeven.rar;password protected
D:\Downloads\myeven.rar;password protected
D:\Downloads\myeven.rar;password protected
D:\Downloads\myeven.rar;password protected
D:\Downloads\myeven.rar;password protected
D:\Downloads\myeven.rar;password protected
D:\Downloads\myeven.rar;password protected
D:\Downloads\myeven.rar;password protected
D:\Downloads\myeven.rar;password protected
D:\Downloads\myeven.rar;password protected
D:\Downloads\myeven.rar;password protected
D:\Downloads\myeven.rar;password protected
D:\Downloads\myeven.rar;password protected
D:\Downloads\myeven.rar;password protected
D:\Downloads\myeven.rar;password protected
D:\Downloads\myeven.rar;password protected
D:\Downloads\myeven.rar;password protected
D:\Downloads\myeven.rar;password protected
D:\Downloads\myeven.rar;password protected
D:\Downloads\myeven.rar;password protected
D:\Downloads\myeven.rar;password protected
D:\Downloads\myeven.rar;password protected
D:\Downloads\myeven.rar;password protected
D:\Downloads\myeven.rar;password protected
D:\Downloads\myeven.rar;password protected
D:\Downloads\myeven.rar;password protected
D:\Downloads\myeven.rar;password protected
D:\Downloads\myeven.rar;password protected
D:\Downloads\myeven.rar;password protected
D:\Downloads\myeven.rar;password protected
D:\Downloads\rmcr.rar;password protected
D:\Downloads\rmcr.rar;password protected
D:\Downloads\rmcr.rar;password protected
D:\Downloads\www.machifamily.com.rar;password protected
D:\Downloads\www.machifamily.com.rar;password protected
D:\Downloads\www.machifamily.com.rar;password protected
D:\Downloads\www.machifamily.com.rar;password protected
D:\Downloads\www.machifamily.com.rar;password protected
E:\rmcr.rar;password protected
E:\rmcr.rar;password protected
E:\rmcr.rar;password protected
E:\System Volume Information\_restore{5FE49EF0-F2FC-40C5-A710-7C42AEFBA451}\RP5\A0008236.exe;password protected
E:\super DVD back ups\spyr.exe\Spy Sweeper 4.0.3.363\說明.txt;password protected
E:\super DVD back ups\spyr.exe\Spy Sweeper 4.0.3.363\Language.exe;password protected
E:\super DVD back ups\spyr.exe\Spy Sweeper 4.0.3.363\Spy Sweeper v4.0.3.363.exe;password protected
E:\super DVD back ups\spyr.exe\Spy Sweeper 4.0.3.363\破解至2015年.exe;password protected
  • 0

#6
ukbiker

ukbiker

    Rest in Peace, ukbiker

  • Retired Staff
  • 2,014 posts
Hi There dragonofsky

Thanks for posting the log and scan results. :tazz:

I have analysed your HJT log and cannot find any obvious signs of malware, but to be fair, I am not familiar with some of the applications that you have installed. Can you tell me please wheteher you have installed the following applications, and if so, what are they for?

Flash Get
DSlite
Storm Codec helper
LVremote

I would also be gratefull if you could describe to me in detail the problem that you are experienceing, and how your system is running.

Thanks

UKBiker
  • 0

#7
dragonofsky

dragonofsky

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
thx.. for the analysis ^^ here are some discriptions of those softwere and my problem down there

Flash Get : its a multi point download program can seperate files in like 1-99 seccions and download it.. so u got best speed as posible.

DSlite .. other downloading software, it make u can download from a e-mail direction or public spaces, it has its own coding for the softwere .. an DSLite code can be like this WE@#GSRFGVO#$@#$PPWGSJFJPSDfs > and the original word well like >>> pop3.com/msn.exe

Storm Codec helper <-- storm codec is a media player base on Windows media player clasic it containted almost all necesery codec for any type of meida files.. such like rmbv, rm, wav, mp3, mp4, divX,vob, ram, ra, wam... etc. storm codec helper well be the Q&A helper of that media player.



LVremote >>> i dont no wats that really nither lol... but i guess its Live Vidio ( TV tuner USB2.0) i have... its the remote system of the external tuner..

... the problem i got.. as i said when i try to showdown the system or reboot it.. always apear a window with a title TRd WW and windows cant shut it down automaticly unless i click X on the window.. to close that crap.. in the window apear a directory=.= but its where my msn 7.0 is installed i scaned that part with many softwere such like Sky Sweeper 4.0.. nothing apear.. nither KAV can find it..and last time as AnyDVD is installed ,... apaer first window w/ msn directory then apear another one with anydvd directory after i close msn one.... well its not effecting the system but just feel gayed that i cant close my windows normaly ...ill get u a screen shoot later .. thx..

dragonofsky

Edited by dragonofsky, 13 June 2005 - 06:28 PM.

  • 0

#8
ukbiker

ukbiker

    Rest in Peace, ukbiker

  • Retired Staff
  • 2,014 posts
Hi there dragonofsky

Ok, i think i know whats going on here. When you try to close down the computer, you get a message box with the TRD ww line and also a filepath. What is happening is that something isnt shutting down automatically, thats why you have to close it manually. Do you also get a Dr watson error message for a moment?

I need to know the full path of the file that appears with the TRD WW message.

Thanks.

UKBiker
  • 0

#9
dragonofsky

dragonofsky

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
ok

now

it shows exactly wat im gonna type.. ill simulate the window :tazz:
____________________________________________________________
[shotting down program TRd ww:C:\program files\MSN Messenger\...][X]
_____________________________________________________________
the program is not responding.

windows cant shutdown the program

click cancel to check the program



[report] [shutdown][cancel]

_____________________________________________________________

and before i got that it log my MSN off first ~''~


dragonofsky

Edited by dragonofsky, 13 June 2005 - 07:20 PM.

  • 0

#10
ukbiker

ukbiker

    Rest in Peace, ukbiker

  • Retired Staff
  • 2,014 posts
Hi There dragonofsky

You dont have a malware problem here, your HJT log is clean. :tazz:
For some reason, Msnmessenger is not shutting down properly when you try to close down. Can i suggest that you post a question in the part of the forum that deals with software and application problems as they will be able to help you better than i can.

UKBiker

this is the forum here
  • 0

#11
ukbiker

ukbiker

    Rest in Peace, ukbiker

  • Retired Staff
  • 2,014 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :tazz:

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP