Berhala's HijackThis Log

berhala · Joined: 29 Apr 2008 Posts: 1 Location: Indonesia

Logfile of HijackThis v1.99.1
Scan saved at 1:23:13 PM, on 4/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\Empowering Technology\admServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\moviemk.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\wamp\apache2\bin\httpd.exe
c:\wamp\mysql\bin\mysqld-nt.exe
C:\wamp\apache2\bin\httpd.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\Acer\Empowering Technology\admtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxext.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\LeechGet 2006\LeechGet.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\wamp\wampmanager.exe
C:\DOCUME~1\Acer\LOCALS~1\Temp\RtkBtMnt.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\MOZILL~2\THUNDE~1.EXE
C:\WINDOWS\system32\e0731.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Notepad++\notepad++.exe
C:\Program Files\cnzz\CSPlatform\CSPlatform.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.30.1.253:8080
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe, "C:\WINDOWS\system32\M5VBVM60.EXE StartUp"
O1 - Hosts: 221.130.185.110 survey88.allyes.com
O1 - Hosts: 221.130.185.110 adtaobao.allyes.com
O1 - Hosts: 221.130.185.110 code.qihoo.com
O1 - Hosts: 221.130.185.110 union.mop.com
O1 - Hosts: 221.130.185.110 js.kkunion.com
O1 - Hosts: 221.130.185.110 v.kkunion.com
O1 - Hosts: 221.130.185.110 v.21cn.com
O1 - Hosts: 221.130.185.110 iplusms.allyes.com
O1 - Hosts: 221.130.185.110 mms.t2t2.com
O1 - Hosts: 221.130.185.110 ivr.dobig.net
O1 - Hosts: 221.130.185.110 www.u8u.com
O1 - Hosts: 221.130.185.110 u.u8u.com
O1 - Hosts: 221.130.185.110 img.zhangxiu.com
O1 - Hosts: 221.130.185.110 tl.linktone.com
O1 - Hosts: 221.130.185.110 channel.e78.com
O1 - Hosts: 221.130.185.110 u.7town.com
O1 - Hosts: 221.130.185.110 union.95ol.com.cn
O1 - Hosts: 221.130.185.110 mms1.95ol.com.cn
O1 - Hosts: 221.130.185.110 mfs.95ol.com.cn
O1 - Hosts: 221.130.185.110 tl.a8.com
O1 - Hosts: 221.130.185.110 ad01.a8.com
O1 - Hosts: 221.130.185.110 u2.caiku.com
O1 - Hosts: 221.130.185.110 mms.caiku.com
O1 - Hosts: 221.130.185.110 code1.caiku.com
O1 - Hosts: 221.130.185.110 pub.lele.com
O1 - Hosts: 221.130.185.110 u.lele.com
O1 - Hosts: 221.130.185.110 7town.com
O1 - Hosts: 221.130.185.110 tvsend.7town.com
O1 - Hosts: 221.130.185.110 ivrsend.7town.com
O1 - Hosts: 221.130.185.110 tlt.7town.com
O1 - Hosts: 221.130.185.110 gsend.7town.com
O1 - Hosts: 221.130.185.110 smssend.7town.com
O1 - Hosts: 221.130.185.110 mmssend.moyu.com
O1 - Hosts: 221.130.185.110 91ivr.com
O1 - Hosts: 221.130.185.110 myad.91ivr.com
O1 - Hosts: 221.130.185.110 u.91ivr.com
O1 - Hosts: 221.130.185.110 union.91ivr.com
O1 - Hosts: 221.130.185.110 cm.p4p.cn.yahoo.com
O1 - Hosts: 221.130.185.110 un.265.com
O1 - Hosts: 221.130.185.110 union.qq.com
O1 - Hosts: 221.130.185.110 view.aliunion.cn.yahoo.com
O1 - Hosts: 221.130.185.110 union.narrowad.com
O1 - Hosts: 221.130.185.110 ln.heima8.com
O1 - Hosts: 221.130.185.110 www.fboat.cn
O1 - Hosts: 221.130.185.110 cpro.baidu.com
O1 - Hosts: 221.130.185.110 unstat.baidu.com
O1 - Hosts: 221.130.185.110 y.cnxad.com
O1 - Hosts: 221.130.185.110 www.ewowo.com
O1 - Hosts: 221.130.185.110 template.union.163.com
O1 - Hosts: 221.130.185.110 new.is686.com
O1 - Hosts: 221.130.185.110 creative.unionsys.bolaa.com
O1 - Hosts: 221.130.185.110 www.qyule.com
O1 - Hosts: 221.130.185.110 99e.cc
O1 - Hosts: 221.130.185.110 www.91ivr.com
O1 - Hosts: 221.130.185.110 mg.ukaka.com
O1 - Hosts: 221.130.185.110 kooxoo2.ad4all.net
O1 - Hosts: 221.130.185.110 www.8fff.com
O1 - Hosts: 221.130.185.110 union.pomoho.com
O1 - Hosts: 221.130.185.110 202.107.233.211
O1 - Hosts: 221.130.185.110 www.end123.com
O1 - Hosts: 221.130.185.110 w1.7clink.com
O1 - Hosts: 221.130.185.110 w2.7clink.com
O1 - Hosts: 221.130.185.110 union01.com
O1 - Hosts: 221.130.185.110 click.8le8le.com
O1 - Hosts: 221.130.185.110 stbanner.allyes.com
O1 - Hosts: 221.130.185.110 mms1.moyu.com
O1 - Hosts: 221.130.185.110 u.moyu.com
O1 - Hosts: 221.130.185.110 mmsu.moyu.com
O1 - Hosts: 221.130.185.110 show.moyu.com
O1 - Hosts: 221.130.185.110 ivrsend.moyu.com
O1 - Hosts: 221.130.185.110 ivru.moyu.com
O1 - Hosts: 221.130.185.110 ivr1.moyu.com
O1 - Hosts: 221.130.185.110 corep.dmcast.com
O1 - Hosts: 221.130.185.110 m081.dmcast.com
O1 - Hosts: 221.130.185.110 dcww.dmcast.com
O1 - Hosts: 221.130.185.110 renren.dmcast.com
O1 - Hosts: 221.130.185.110 files.henbang.net
O1 - Hosts: 221.130.185.110 bannerbox.cn
O1 - Hosts: 221.130.185.110 www.bannerbox.cn
O1 - Hosts: 221.130.185.110 action.coopen.cn
O1 - Hosts: 221.130.185.110 u4.sky99.cn
O1 - Hosts: 221.130.185.110 u1.sky99.cn
O1 - Hosts: 221.130.185.110 u2.sky99.cn
O1 - Hosts: 221.130.185.110 u3.sky99.cn
O1 - Hosts: 221.130.185.110 sky99.cn
O1 - Hosts: 221.130.185.110 u.sky99.cn
O1 - Hosts: 221.130.185.110 u.ete.cn
O1 - Hosts: 221.130.185.110 ip.alexaanywhere.com
O1 - Hosts: 221.130.185.110 www.365tan.com
O1 - Hosts: 221.130.185.110 www.winopen.cn
O1 - Hosts: 221.130.185.110 www.tanip.com
O1 - Hosts: 221.130.185.110 alexaanywhere.com
O1 - Hosts: 221.130.185.110 jssb.alexaanywhere.com
O1 - Hosts: 221.130.185.110 ns250.alexaanywhere.com
O1 - Hosts: 221.130.185.110 sb.alexaanywhere.com
O1 - Hosts: 221.130.185.110 ip.alexaanywhere.com
O1 - Hosts: 221.130.185.110 pop.9v.cn
O1 - Hosts: 221.130.185.110 xuni.myad.cn
O1 - Hosts: 221.130.185.110 iebar.t2t2.com
O1 - Hosts: 221.130.185.110 error.newcell.cn
O1 - Hosts: 221.130.185.110 auto.search.msn.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Info cache - {385AB8C6-FB22-4D17-8834-064E2BA0A6F0} - C:\Documents and Settings\All Users\Application Data\Microsoft\PCTools\pctools.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7605CC7C-00FD-4A5F-BAFD-828342DE6279} - (no file)
O2 - BHO: Browser Security Objects - {986488AF-13D5-9DDF-4FEF-9FB88698CFC1} - C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\USERDATA\aknZEcxJAh.dll
O2 - BHO: bhotest - {E23E35EE-DA31-4361-AE25-9B08ACA46499} - c:\windows\lsas3731.dll
O2 - BHO: Invoke Class - {FFB3D068-F8DA-4370-A71E-83B1C959CDD6} - C:\WINDOWS\system32\de01.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] C:\Program Files\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=051308 serial=DR12WEX-1504397-KTY lang=EN
O4 - HKLM\..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [IdnSvr] C:\Program Files\OCINS\idnsvr.exe
O4 - HKLM\..\Run: [CSPlatform] C:\Program Files\cnzz\CSPlatform\CSPlatform.exe
O4 - HKLM\..\Run: [inquiry] C:\Program Files\cnzz\CSPlatform\CSPlatform.exe /hidden
O4 - HKCU\..\Run: [LeechGet] "C:\Program Files\LeechGet 2006\LeechGet.exe" -intray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: WampServer.lnk = C:\wamp\wampmanager.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Access Internet Keyword - C:\Program Files\OCINS\cnrbtn.html
O8 - Extra context menu item: &Sample Toolband Serach - res://C:\WINDOWS\system32\ToolBand.dll/MENUSEARCH.HTM
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Download using LeechGet - file://C:\Program Files\LeechGet 2006\\AddUrl.html
O8 - Extra context menu item: Download using LeechGet Wizard - file://C:\Program Files\LeechGet 2006\\Wizard.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Parse with LeechGet - file://C:\Program Files\LeechGet 2006\\Parser.html
O9 - Extra button: ÖªÊ¶¿â - {06926B30-424E-4f1c-8EE3-543CD96573DC} - http://blank.la/?h (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O15 - Trusted Zone: http://download.windowsupdate.com
O16 - DPF: {5D2CF9D0-113A-476B-986F-288B54571614} -
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Media Serial Number Services - Unknown owner - C:\WINDOWS\system32\moviemk.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O23 - Service: wampapache - Unknown owner - c:\wamp\apache2\bin\httpd.exe" -k runservice (file missing)
O23 - Service: wampmysqld - Unknown owner - c:\wamp\mysql\bin\mysqld-nt.exe

HJT Analyzer · Joined: 15 Mar 2006 Posts: 610

Hello, visitor!

The Hijack This log analyzer has analyzed your log. Please take a closer look on the results.

Your system seems to be infected with malicious parasites. Please follow the steps below in order to eliminate the infection and clean up your computer.

1. Download the Pocket KillBox utility. You will need it later to delete parasite-related files and folders.
2. Use HijackThis to fix the following entries:

O2 - BHO: Info cache - {385AB8C6-FB22-4D17-8834-064E2BA0A6F0} - C:\Documents and Settings\All Users\Application Data\Microsoft\PCTools\pctools.dll

3. The following entries are not malicious, but some of them are not used anymore. You may use HijackThis to fix a few of them. However, please keep in mind that some of the entries marked as Questionable or Not Needed are fully legitimate and might be required by installed software to work properly, while some others might be related to certain parasites. It is up to you to decide whether you need any of them, or not.
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.30.1.253:8080
O1 - Hosts: 221.130.185.110 survey88.allyes.com
O1 - Hosts: 221.130.185.110 adtaobao.allyes.com
O1 - Hosts: 221.130.185.110 code.qihoo.com
O1 - Hosts: 221.130.185.110 union.mop.com
O1 - Hosts: 221.130.185.110 js.kkunion.com
O1 - Hosts: 221.130.185.110 v.kkunion.com
O1 - Hosts: 221.130.185.110 v.21cn.com
O1 - Hosts: 221.130.185.110 iplusms.allyes.com
O1 - Hosts: 221.130.185.110 mms.t2t2.com
O1 - Hosts: 221.130.185.110 ivr.dobig.net
O1 - Hosts: 221.130.185.110 www.u8u.com
O1 - Hosts: 221.130.185.110 u.u8u.com
O1 - Hosts: 221.130.185.110 img.zhangxiu.com
O1 - Hosts: 221.130.185.110 tl.linktone.com
O1 - Hosts: 221.130.185.110 channel.e78.com
O1 - Hosts: 221.130.185.110 u.7town.com
O1 - Hosts: 221.130.185.110 union.95ol.com.cn
O1 - Hosts: 221.130.185.110 mms1.95ol.com.cn
O1 - Hosts: 221.130.185.110 mfs.95ol.com.cn
O1 - Hosts: 221.130.185.110 tl.a8.com
O1 - Hosts: 221.130.185.110 ad01.a8.com
O1 - Hosts: 221.130.185.110 u2.caiku.com
O1 - Hosts: 221.130.185.110 mms.caiku.com
O1 - Hosts: 221.130.185.110 code1.caiku.com
O1 - Hosts: 221.130.185.110 pub.lele.com
O1 - Hosts: 221.130.185.110 u.lele.com
O1 - Hosts: 221.130.185.110 7town.com
O1 - Hosts: 221.130.185.110 tvsend.7town.com
O1 - Hosts: 221.130.185.110 ivrsend.7town.com
O1 - Hosts: 221.130.185.110 tlt.7town.com
O1 - Hosts: 221.130.185.110 gsend.7town.com
O1 - Hosts: 221.130.185.110 smssend.7town.com
O1 - Hosts: 221.130.185.110 mmssend.moyu.com
O1 - Hosts: 221.130.185.110 91ivr.com
O1 - Hosts: 221.130.185.110 myad.91ivr.com
O1 - Hosts: 221.130.185.110 u.91ivr.com
O1 - Hosts: 221.130.185.110 union.91ivr.com
O1 - Hosts: 221.130.185.110 cm.p4p.cn.yahoo.com
O1 - Hosts: 221.130.185.110 un.265.com
O1 - Hosts: 221.130.185.110 union.qq.com
O1 - Hosts: 221.130.185.110 view.aliunion.cn.yahoo.com
O1 - Hosts: 221.130.185.110 union.narrowad.com
O1 - Hosts: 221.130.185.110 ln.heima8.com
O1 - Hosts: 221.130.185.110 www.fboat.cn
O1 - Hosts: 221.130.185.110 cpro.baidu.com
O1 - Hosts: 221.130.185.110 unstat.baidu.com
O1 - Hosts: 221.130.185.110 y.cnxad.com
O1 - Hosts: 221.130.185.110 www.ewowo.com
O1 - Hosts: 221.130.185.110 template.union.163.com
O1 - Hosts: 221.130.185.110 new.is686.com
O1 - Hosts: 221.130.185.110 creative.unionsys.bolaa.com
O1 - Hosts: 221.130.185.110 www.qyule.com
O1 - Hosts: 221.130.185.110 99e.cc
O1 - Hosts: 221.130.185.110 www.91ivr.com
O1 - Hosts: 221.130.185.110 mg.ukaka.com
O1 - Hosts: 221.130.185.110 kooxoo2.ad4all.net
O1 - Hosts: 221.130.185.110 www.8fff.com
O1 - Hosts: 221.130.185.110 union.pomoho.com
O1 - Hosts: 221.130.185.110 202.107.233.211
O1 - Hosts: 221.130.185.110 www.end123.com
O1 - Hosts: 221.130.185.110 w1.7clink.com
O1 - Hosts: 221.130.185.110 w2.7clink.com
O1 - Hosts: 221.130.185.110 union01.com
O1 - Hosts: 221.130.185.110 click.8le8le.com
O1 - Hosts: 221.130.185.110 stbanner.allyes.com
O1 - Hosts: 221.130.185.110 mms1.moyu.com
O1 - Hosts: 221.130.185.110 u.moyu.com
O1 - Hosts: 221.130.185.110 mmsu.moyu.com
O1 - Hosts: 221.130.185.110 show.moyu.com
O1 - Hosts: 221.130.185.110 ivrsend.moyu.com
O1 - Hosts: 221.130.185.110 ivru.moyu.com
O1 - Hosts: 221.130.185.110 ivr1.moyu.com
O1 - Hosts: 221.130.185.110 corep.dmcast.com
O1 - Hosts: 221.130.185.110 m081.dmcast.com
O1 - Hosts: 221.130.185.110 dcww.dmcast.com
O1 - Hosts: 221.130.185.110 renren.dmcast.com
O1 - Hosts: 221.130.185.110 files.henbang.net
O1 - Hosts: 221.130.185.110 bannerbox.cn
O1 - Hosts: 221.130.185.110 www.bannerbox.cn
O1 - Hosts: 221.130.185.110 action.coopen.cn
O1 - Hosts: 221.130.185.110 u4.sky99.cn
O1 - Hosts: 221.130.185.110 u1.sky99.cn
O1 - Hosts: 221.130.185.110 u2.sky99.cn
O1 - Hosts: 221.130.185.110 u3.sky99.cn
O1 - Hosts: 221.130.185.110 sky99.cn
O1 - Hosts: 221.130.185.110 u.sky99.cn
O1 - Hosts: 221.130.185.110 u.ete.cn
O1 - Hosts: 221.130.185.110 ip.alexaanywhere.com
O1 - Hosts: 221.130.185.110 www.365tan.com
O1 - Hosts: 221.130.185.110 www.winopen.cn
O1 - Hosts: 221.130.185.110 www.tanip.com
O1 - Hosts: 221.130.185.110 alexaanywhere.com
O1 - Hosts: 221.130.185.110 jssb.alexaanywhere.com
O1 - Hosts: 221.130.185.110 ns250.alexaanywhere.com
O1 - Hosts: 221.130.185.110 sb.alexaanywhere.com
O1 - Hosts: 221.130.185.110 ip.alexaanywhere.com
O1 - Hosts: 221.130.185.110 pop.9v.cn
O1 - Hosts: 221.130.185.110 xuni.myad.cn
O1 - Hosts: 221.130.185.110 iebar.t2t2.com
O1 - Hosts: 221.130.185.110 error.newcell.cn
O1 - Hosts: 221.130.185.110 auto.search.msn.com
O2 - BHO: (no name) - {7605CC7C-00FD-4A5F-BAFD-828342DE6279} - (no file)
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O8 - Extra context menu item: Download using LeechGet - file://C:\Program Files\LeechGet 2006\\AddUrl.html
O8 - Extra context menu item: Download using LeechGet Wizard - file://C:\Program Files\LeechGet 2006\\Wizard.html
O8 - Extra context menu item: Parse with LeechGet - file://C:\Program Files\LeechGet 2006\\Parser.html
O9 - Extra button: ÖªÊ¶¿â - {06926B30-424E-4f1c-8EE3-543CD96573DC} - http://blank.la/?h (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra ''Tools'' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra ''Tools'' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra ''Tools'' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O15 - Trusted Zone: http://download.windowsupdate.com
O16 - DPF: {5D2CF9D0-113A-476B-986F-288B54571614} -
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: wampapache - Unknown owner - c:\wamp\apache2\bin\httpd.exe" -k runservice (file missing)

4. Now restart your system in Safe Mode. This step is very important!
5. Use the Pocket KillBox utility to delete the following files:

C:\Documents and Settings\All Users\Application Data\Microsoft\PCTools\pctools.dll

The following files and Windows registry entries are marked as "unknown". Currently, the HijackThis Log Analyzer cannot provide required information on these items. The files and entries in the list below can be both malicious and fully legitimate. Because of this, please do not take any action! Wait for the forum responders or other forum users to provide you with necessary details and further instructions.
C:\Acer\Empowering Technology\admServ.exe
C:\WINDOWS\system32\moviemk.exe
c:\wamp\apache2\bin\httpd.exe
C:\wamp\apache2\bin\httpd.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\wamp\wampmanager.exe
C:\DOCUME~1\Acer\LOCALS~1\Temp\RtkBtMnt.exe
C:\PROGRA~1\MOZILL~2\THUNDE~1.EXE
C:\WINDOWS\system32\e0731.exe
C:\Program Files\Notepad++\notepad++.exe
C:\Program Files\cnzz\CSPlatform\CSPlatform.exe
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Browser Security Objects - {986488AF-13D5-9DDF-4FEF-9FB88698CFC1} - C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\USERDATA\aknZEcxJAh.dll
O2 - BHO: bhotest - {E23E35EE-DA31-4361-AE25-9B08ACA46499} - c:\windows\lsas3731.dll
O2 - BHO: Invoke Class - {FFB3D068-F8DA-4370-A71E-83B1C959CDD6} - C:\WINDOWS\system32\de01.dll
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] C:\Program Files\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=051308 serial=DR12WEX-1504397-KTY lang=EN
O4 - HKLM\..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [IdnSvr] C:\Program Files\OCINS\idnsvr.exe
O4 - HKLM\..\Run: [CSPlatform] C:\Program Files\cnzz\CSPlatform\CSPlatform.exe
O4 - HKLM\..\Run: [inquiry] C:\Program Files\cnzz\CSPlatform\CSPlatform.exe /hidden
O4 - Startup: WampServer.lnk = C:\wamp\wampmanager.exe
O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe
O23 - Service: Media Serial Number Services - Unknown owner - C:\WINDOWS\system32\moviemk.exe
After going through all the steps, run another HijackThis scan and post a fresh log to the HijackThis analyzer. It is possible that some parasites your system was infected with were not removed completely and may restore themselves later.

If you want to see more detailed analysis of your log, click here.

Thank you for using the 2-Spyware.com HijackThis log analyzer!