PDA

View Full Version : Is my system clear of rpcc.dll now?


mhl23
2007-01-31, 12:31
Hi,

I was using spybot to scan my computer, and was having trouble to remove "rpcc.dll".
so, I just followed the steps from this thread http://forums.spybot.info/showthread.php?t=9990.

Attached is the report by SDFix.exe.
and a zipped HijackThis log, since if i just post it here, the post will be too long.


Please let me know if i am free of spyware or virus right now

THANKS A LOT !
mhl23
2007-01-31, 21:54
Help please !
I am also having a svchost.exe virus problem.
Detected by Symantic AntiVirus.

And everytime after i restart, the settings are not saved.
like my quick launch would not be showing,
and somtimes, there is a blackwindow popping up and disappearing.

Thanks for the help !
teacup61
2007-02-01, 03:03
Hello mhl23,

Welcome to Safer Networking Forums :)

Youch......you have a lot more to worry about than just that one. :spider: Just the fact that SDFix removed all those things tells me your system is compromised. If you have any sensitive information (passwords to bank accounts, credit card #s, etc....) you should change them from a clean computer. We can get rid of the malware, but with the damage done already I cannot promise you a trustworthy computer in the end. The only way to know for sure would be a reformat and reinstall. If you would rather continue on, then please do the following:

If you don't use the Logitech Desktop Messenger, then please do the following :

Please run HijackThis! and click "Scan." Place checks next to the following entries, if present:

All those 018s related to Desktop Messenger

Close all browsers and other windows except for HijackThis!, and click "Fix Checked".

Delete the following folder:

C:\Program Files\Logitech\Desktop Messenger

This will also help pare down future HijackThis logs. :)

Please download VundoFix.exe (http://www.atribune.org/ccount/click.php?id=4) to your desktop. Double-click VundoFix.exe to run it. Click the Scan for Vundo button. Once it's done scanning, click the Remove Vundo button. You will receive a prompt asking if you want to remove the files, click YES Once you click yes, your desktop will go blank as it starts removing Vundo. When completed, it will prompt that it will reboot your computer, click OK. Please post the contents of C:\vundofix.txt in yur reply.

1. Download this file - combofix.exe (http://download.bleepingcomputer.com/sUBs/combofix.exe)
2. Double click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply please, along with a new HijackThis log.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall.

Please go ahead and post the reports here in the thread, taking as many posts as you need to do it. It really is easier to deal with that way. :)

Thanks,
tea
mhl23
2007-02-01, 06:46
Thanks for your reply,

I removed all the 018s that are related to Desktop Messenger,
But i cannot delete the folder Logitch\Desktop Messenger.
It says "Cannot delete backweb.dll: Access is denied. Make sure th disk is not ful or write-protected and that the file is not currentlyin use."

I don't recall using Logitech Messegner, since I don't think I have chatte with this program before, did the virus make up this folder?

Should i proceed to Vundo, either though i can't delete the folder?

Thanks very much for helping
mhl23
2007-02-01, 07:15
I have gone ahead without deleting the Desktop Messeger
The 3 logs are as follow:

ComboFix:

"manhin lee" - 07-01-31 22:01:00 Service Pack 2
ComboFix 07.01.31 - Running from: "C:\Documents and Settings\manhin lee\Desktop"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Program Files\Common Files\Yazzle1162OinAdmin.exe
C:\Program Files\Common Files\Yazzle1162OinUninstaller.exe
C:\WINDOWS\system32\unsvchosts.lzma
C:\WINDOWS\svchost.exe
C:\Program Files\Outerinfo
C:\Program Files\Common Files\sogou pxp
~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
Folders Quarantined:
C:\qoobox\purity\Program Files\DOBE~1
C:\qoobox\purity\WINDOWS\YSTEM~1
C:\qoobox\purity\WINDOWS\YSTEM~1\attrib.exe
C:\qoobox\purity\WINDOWS\YSTEM~1\?ystem


((((((((((((((((((((((((((((((( Files Created from 2006-12-31 to 2007-01-31 ))))))))))))))))))))))))))))))))))


2007-01-31 22:04 <DIR> d-------- C:\WINDOWS\ERDNT
2007-01-31 21:37 <DIR> d-------- C:\VundoFix Backups
2007-01-31 21:17 277,256 ---hs---- C:\WINDOWS\system32\qopml.dll
2007-01-31 21:17 277,256 ---hs---- C:\WINDOWS\system32\khfda.dll
2007-01-31 21:14 277,256 ---hs---- C:\WINDOWS\system32\byxxx.dll
2007-01-31 20:41 277,120 ---hs---- C:\WINDOWS\system32\fccay.dll
2007-01-31 14:39 277,064 ---hs---- C:\WINDOWS\system32\ddaaa.dll
2007-01-31 14:31 277,064 ---hs---- C:\WINDOWS\system32\rqonm.dll
2007-01-31 14:28 277,273 ---hs---- C:\WINDOWS\system32\mllki.dll
2007-01-31 14:21 277,273 ---hs---- C:\WINDOWS\system32\ursqo.dll
2007-01-31 13:39 277,073 ---hs---- C:\WINDOWS\system32\byxyv.dll
2007-01-31 13:30 277,073 ---hs---- C:\WINDOWS\system32\qoppo.dll
2007-01-31 12:29 277,261 ---hs---- C:\WINDOWS\system32\hgdaw.dll
2007-01-31 12:27 277,261 ---hs---- C:\WINDOWS\system32\gebca.dll
2007-01-31 12:20 277,261 ---hs---- C:\WINDOWS\system32\cbxxy.dll
2007-01-31 11:39 277,139 ---hs---- C:\WINDOWS\system32\nnnmk.dll
2007-01-31 11:38 277,139 ---hs---- C:\WINDOWS\system32\xxyay.dll
2007-01-31 11:33 <DIR> d-------- C:\Program Files\Hijackthis
2007-01-31 09:28 277,254 ---hs---- C:\WINDOWS\system32\xxyyx.dll
2007-01-31 03:31 277,245 ---hs---- C:\WINDOWS\system32\sstsq.dll
2007-01-31 03:21 277,246 ---hs---- C:\WINDOWS\system32\wvwww.dll
2007-01-31 02:58 <DIR> d-------- C:\SDFix
2007-01-31 02:31 277,196 ---hs---- C:\WINDOWS\system32\cbaxy.dll
2007-01-31 02:29 277,196 ---hs---- C:\WINDOWS\system32\rqrsr.dll
2007-01-31 02:20 8,704 --a------ C:\WINDOWS\system32\v6.exe
2007-01-31 02:20 60,416 --a------ C:\WINDOWS\system32\jqnlpds.dll
2007-01-31 02:17 277,196 ---hs---- C:\WINDOWS\system32\mlllk.dll
2007-01-31 01:47 277,257 ---hs---- C:\WINDOWS\system32\efcdd.dll
2007-01-31 01:39 277,296 ---hs---- C:\WINDOWS\system32\cbxyv.dll
2007-01-31 01:38 277,296 ---hs---- C:\WINDOWS\system32\rqrqq.dll
2007-01-30 23:34 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Spybot - Search & Destroy
2007-01-30 22:20 277,264 ---hs---- C:\WINDOWS\system32\hgddb.dll
2007-01-30 22:20 277,264 ---hs---- C:\WINDOWS\system32\ddcby.dll
2007-01-30 22:18 277,242 ---hs---- C:\WINDOWS\system32\cbayv.dll
2007-01-30 22:04 277,082 ---hs---- C:\WINDOWS\system32\ssqnl.dll
2007-01-30 21:42 277,258 ---hs---- C:\WINDOWS\system32\pmklj.dll
2007-01-30 21:30 277,270 ---hs---- C:\WINDOWS\system32\wvuut.dll
2007-01-30 18:08 277,148 ---hs---- C:\WINDOWS\system32\jkkkj.dll
2007-01-30 18:04 277,296 ---hs---- C:\WINDOWS\system32\khfed.dll
2007-01-30 17:41 277,068 ---hs---- C:\WINDOWS\system32\qoppp.dll
2007-01-30 17:31 277,129 ---hs---- C:\WINDOWS\system32\oppon.dll
2007-01-30 17:31 277,129 ---hs---- C:\WINDOWS\system32\awtts.dll
2007-01-30 17:29 277,064 ---hs---- C:\WINDOWS\system32\pmkli.dll
2007-01-30 17:15 277,229 ---hs---- C:\WINDOWS\system32\nnnli.dll
2007-01-30 17:14 277,229 ---hs---- C:\WINDOWS\system32\yayvu.dll
2007-01-30 17:14 277,229 ---hs---- C:\WINDOWS\system32\cbayw.dll
2007-01-30 17:12 277,229 ---hs---- C:\WINDOWS\system32\qopop.dll
2007-01-30 17:07 155,648 ---h----- C:\Program Files\Common Files\svchost.exe
2007-01-30 17:01 620,123 --a------ C:\WINDOWS\system32\RegistryCleanerSetup.exe
2007-01-30 16:57 277,063 ---hs---- C:\WINDOWS\system32\vtspp.dll
2007-01-30 16:56 277,063 ---hs---- C:\WINDOWS\system32\hgday.dll
2007-01-30 16:52 2 --a------ C:\WINDOWS\system32\wnstscc.exe
2007-01-30 16:51 18,944 --a------ C:\WINDOWS\system32\winsxf32.dll
2007-01-22 15:12 21,425 --a------ C:\WINDOWS\system32\drivers\AegisP.sys
2007-01-22 15:12 <DIR> d-------- C:\DOCUME~1\LOCALS~1\Application Data\Intel
2007-01-22 15:12 <DIR> d-------- C:\DOCUME~1\DEFAUL~1\Application Data\Intel
2007-01-22 15:11 <DIR> d-------- C:\DOCUME~1\NETWOR~1\Application Data\Intel
2007-01-22 15:11 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Intel
2007-01-22 15:10 <DIR> d-------- C:\DOCUME~1\MANHIN~1\Application Data\Intel
2007-01-21 18:24 87,608 --a------ C:\DOCUME~1\MANHIN~1\Application Data\ezpinst.exe
2007-01-21 18:24 47,360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys
2007-01-21 18:24 47,360 --a------ C:\DOCUME~1\MANHIN~1\Application Data\pcouffin.sys
2007-01-21 18:24 <DIR> d-------- C:\Program Files\vso
2007-01-21 18:24 <DIR> d-------- C:\DOCUME~1\MANHIN~1\Application Data\Vso
2007-01-16 01:32 <DIR> d-------- C:\DOCUME~1\MANHIN~1\Application Data\Viewpoint
2007-01-14 02:56 <DIR> d-------- C:\Program Files\Common Files\Skype
2007-01-14 02:56 <DIR> d-------- C:\DOCUME~1\MANHIN~1\Application Data\Skype
2007-01-14 02:56 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Skype
2007-01-14 02:55 <DIR> d-------- C:\Program Files\Skype
2007-01-12 11:00 <DIR> d-------- C:\WINDOWS\ie7updates
2007-01-11 01:47 102,400 -ra------ C:\WINDOWS\system32\grdmgr.exe
2007-01-10 06:08 <DIR> d-------- C:\Program Files\Virtual Earth 3D
2007-01-08 06:59 <DIR> d-------- C:\Program Files\Common Files\xing shared
2007-01-07 08:43 <DIR> d-------- C:\DOCUME~1\MANHIN~1\Application Data\Camfrog
2007-01-05 08:02 61,440 --a------ C:\WINDOWS\system32\nod.dll
2007-01-04 05:30 17,024 --a------ C:\WINDOWS\system32\drivers\usbohci.sys
2007-01-04 02:27 1,179,136 --a------ C:\WINDOWS\system32\AutoPartNt.exe
2007-01-04 02:09 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Acronis
2007-01-04 02:01 388,000 --a------ C:\WINDOWS\system32\drivers\timntr.sys
2007-01-04 02:01 32,288 --a------ C:\WINDOWS\system32\drivers\tifsfilt.sys
2007-01-04 02:00 99,776 --a------ C:\WINDOWS\system32\drivers\snapman.sys
2007-01-04 02:00 <DIR> d-------- C:\Program Files\Common Files\Acronis
2007-01-04 02:00 <DIR> d-------- C:\Program Files\Acronis
2007-01-03 22:21 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Real


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-01-31 14:06 -------- d-------- C:\Documents and Settings\manhin lee\Application Data\foobar2000
2007-01-30 21:31 -------- d-------- C:\Program Files\mozilla firefox
2007-01-30 18:52 -------- d-------- C:\Program Files\the weather channel toolbar
2007-01-30 17:06 -------- d-------- C:\Program Files\flashget
2007-01-28 23:51 359808 --a------ C:\WINDOWS\system32\drivers\TCPIP.SYS
2007-01-28 22:29 2560 --a------ C:\WINDOWS\system32\bitcometres.dll
2007-01-28 22:29 -------- d-------- C:\Program Files\bitcomet
2007-01-28 15:18 -------- d-------- C:\Documents and Settings\manhin lee\Application Data\vso
2007-01-26 01:11 -------- d-------- C:\Documents and Settings\manhin lee\Application Data\dvdcss
2007-01-22 15:10 -------- d-------- C:\Documents and Settings\manhin lee\Application Data\intel
2007-01-21 18:24 87608 --a------ C:\Documents and Settings\manhin lee\Application Data\ezpinst.exe
2007-01-21 18:24 7824 --a------ C:\Documents and Settings\manhin lee\Application Data\pcouffin.cat
2007-01-21 18:24 47360 --a------ C:\Documents and Settings\manhin lee\Application Data\pcouffin.sys
2007-01-21 18:24 34 --a------ C:\Documents and Settings\manhin lee\Application Data\pcouffin.log
2007-01-21 18:24 1144 --a------ C:\Documents and Settings\manhin lee\Application Data\pcouffin.inf
2007-01-17 00:21 -------- d-------- C:\Documents and Settings\manhin lee\Application Data\adobeum
2007-01-17 00:08 -------- d-------- C:\Program Files\pplive
2007-01-17 00:08 -------- d-------- C:\Documents and Settings\manhin lee\Application Data\ppstream
2007-01-16 23:50 -------- d-------- C:\Program Files\gaov
2007-01-16 23:47 -------- d-------- C:\Program Files\haali
2007-01-16 01:32 -------- d-------- C:\Documents and Settings\manhin lee\Application Data\viewpoint
2007-01-14 03:11 -------- d-------- C:\Documents and Settings\manhin lee\Application Data\contentguard
2007-01-14 03:03 -------- d-------- C:\Documents and Settings\manhin lee\Application Data\skype
2007-01-10 09:53 -------- d-------- C:\Program Files\viewpoint
2007-01-08 07:00 -------- d-------- C:\Documents and Settings\manhin lee\Application Data\real
2007-01-08 06:59 -------- d-------- C:\Program Files\Common Files\real
2007-01-07 08:43 -------- d-------- C:\Documents and Settings\manhin lee\Application Data\camfrog
2007-01-03 20:53 -------- d--h----- C:\Program Files\installshield installation information
2006-12-24 16:46 -------- d-------- C:\Program Files\nakido
2006-12-22 10:14 1220608 -ra------ C:\WINDOWS\system32\clubbox.exe
2006-12-20 19:11 -------- d-------- C:\Program Files\saitek
2006-12-17 23:26 118784 -r------- C:\WINDOWS\bwunin-7.2.0.157-8876480sl.exe
2006-12-17 18:00 -------- d-------- C:\Program Files\logitech
2006-12-17 17:28 223128 --a------ C:\WINDOWS\system32\drivers\vaxscsi.sys
2006-12-17 16:45 639224 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2006-12-12 17:32 -------- d-------- C:\Program Files\msn messenger
2006-12-08 19:29 118784 -r------- C:\WINDOWS\bwunin-7.2.0.137-8876480sl.exe
2006-12-08 19:26 -------- d-------- C:\Program Files\Common Files\logitech
2006-12-06 22:40 2362184 --a------ C:\WINDOWS\system32\wmvcore.dll
2006-12-04 14:01 77824 --a------ C:\WINDOWS\system32\twctoolbarbho.dll
2006-12-04 14:01 262144 --a------ C:\WINDOWS\system32\twctoolbarie7.dll
2006-12-02 18:30 -------- d-------- C:\Documents and Settings\manhin lee\Application Data\ppmate
2006-12-02 18:29 -------- d-------- C:\Program Files\Common Files\synacast
2006-12-01 11:23 -------- d-------- C:\Documents and Settings\manhin lee\Application Data\u3
2006-11-29 18:48 774144 --a------ C:\Program Files\rnginterstitial.dll
2006-11-29 07:41 327680 -ra------ C:\WINDOWS\system32\grdupdater.exe
2006-11-20 18:59 37027 --a------ C:\WINDOWS\atmoun.exe
2006-11-07 21:06 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-11-07 21:03 6049280 --a------ C:\WINDOWS\system32\ieframe.dll
2006-11-07 21:03 50688 --a------ C:\WINDOWS\system32\msfeedsbs.dll
2006-11-07 21:03 458752 --a------ C:\WINDOWS\system32\msfeeds.dll
2006-11-07 21:03 413696 --a------ C:\WINDOWS\system32\vbscript.dll
2006-11-07 21:03 231424 --a------ C:\WINDOWS\system32\webcheck.dll
2006-11-07 21:03 180736 --a------ C:\WINDOWS\system32\ieui.dll
2006-11-07 21:03 156160 --a------ C:\WINDOWS\system32\msls31.dll
2006-11-07 03:27 382976 --a------ C:\WINDOWS\system32\iedkcs32.dll
2006-11-07 03:27 229376 --a------ C:\WINDOWS\system32\ieaksie.dll
2006-11-07 03:26 71680 --a------ C:\WINDOWS\system32\admparse.dll
2006-11-07 03:26 55296 --a------ C:\WINDOWS\system32\iesetup.dll
2006-11-07 03:26 54784 --a------ C:\WINDOWS\system32\ie4uinit.exe
2006-11-07 03:26 43008 --a------ C:\WINDOWS\system32\iernonce.dll
2006-11-07 03:26 152064 --a------ C:\WINDOWS\system32\ieakeng.dll
2006-11-07 03:26 13312 --a------ C:\WINDOWS\system32\ieudinit.exe
2006-11-07 03:26 123904 --a------ C:\WINDOWS\system32\advpack.dll
2006-11-07 03:25 161792 --a------ C:\WINDOWS\system32\ieakui.dll
2006-11-04 14:14 1245696 --a------ C:\WINDOWS\system32\msxml4.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"Aim6"="\"C:\\Program Files\\AIM6\\aim6.exe\" /d locale=en-US ee://aol/imApp /HIDEBL"
"LDM"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"
"Steam"=""
"Sen"="\"C:\\WINDOWS\\YSTEM~1\\attrib.exe\" -vt yazb"
"Phh"="\"D:\\My Documents\\??stem\\rυndll.exe\" 99001162"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"IMJPMIG8.1"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32"
"MSPY2002"="C:\\WINDOWS\\system32\\IME\\PINTLGNT\\ImScInst.exe /SYNC"
"PHIME2002ASync"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC"
"PHIME2002A"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName"
"vptray"="C:\\PROGRA~1\\SYMANT~1\\SYMANT~1\\vptray.exe"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"LVCOMSX"="C:\\WINDOWS\\system32\\LVCOMSX.EXE"
"LogitechGalleryRepair"="C:\\Program Files\\Logitech\\Video\\ISStart.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"SynTPLpr"="C:\\Program Files\\Synaptics\\SynTP\\SynTPLpr.exe"
"SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"HostManager"="C:\\Program Files\\Common Files\\AOL\\1140810325\\ee\\AOLSoftware.exe"
"BluetoothAuthenticationAgent"="rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent"
"ClubBox"="\"C:\\WINDOWS\\system32\\clubbox.exe\" -l"
"igfxtray"="C:\\WINDOWS\\system32\\igfxtray.exe"
"igfxhkcmd"="C:\\WINDOWS\\system32\\hkcmd.exe"
"igfxpers"="C:\\WINDOWS\\system32\\igfxpers.exe"
"Sony Ericsson PC Suite"="\"D:\\Program Files\\Sony Ericsson\\Mobile2\\Application Launcher\\Application Launcher.exe\" /startoptions"
"HPDJ Taskbar Utility"="C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\hpztsb10.exe"
"ppmate"="D:\\Program Files\\PPMate\\PPMate\\ppmate.exe -autoplay"
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE"
"Profiler"="C:\\Program Files\\Saitek\\Software\\Profiler.exe"
"SaiMfd"="C:\\Program Files\\Saitek\\Software\\SaiMfd.exe"
"TrueImageMonitor.exe"="C:\\Program Files\\Acronis\\TrueImageHome\\TrueImageMonitor.exe"
"AcronisTimounterMonitor"="C:\\Program Files\\Acronis\\TrueImageHome\\TimounterMonitor.exe"
"Acronis Scheduler2 Service"="\"C:\\Program Files\\Common Files\\Acronis\\Schedule2\\schedhlp.exe\""
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"IntelZeroConfig"="\"C:\\Program Files\\Intel\\Wireless\\bin\\ZCfgSvc.exe\""
"IntelWireless"="\"C:\\Program Files\\Intel\\Wireless\\Bin\\ifrmewrk.exe\" /tf Intel PROSet/Wireless"
"syswin"="C:\\WINDOWS\\TEMP\\win62.tmp.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{C0AC5542-A167-4748-BF42-9D1B09723A62}"=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]
"svchost.exe"="C:\\Program Files\\Common Files\\svchost.exe"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winsxf32

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
bthsvcs REG_MULTI_SZ BthServ\0\0
mysee2 REG_MULTI_SZ Mysee2_Runtime\0


Completion time: 07-01-31 22:07:09
mhl23
2007-02-01, 07:16
HijackThis:

Logfile of HijackThis v1.99.1
Scan saved at 10:11:41 PM, on 1/31/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\conime.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\WINDOWS\system32\cba\pds.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\cba\xfr.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\svchost.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Common Files\AOL\1140810325\ee\AOLSoftware.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
D:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\Saitek\Software\Profiler.exe
C:\Program Files\Saitek\Software\SaiMfd.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\system32\fscagent.exe
D:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
D:\Program Files\Logitech\SetPoint\SetPoint.exe
D:\Program Files\3M\PSNLite\PsnLite.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
D:\PROGRA~1\3M\PSNLite\PSNGive.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\Common Files\Teleca Shared\Generic.exe
D:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe

R3 - URLSearchHook: (no name) - {DC7B3E78-F3CC-FD1F-CB46-F8BAD8314695} - C:\WINDOWS\system32\jqnlpds.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - (no file)
O2 - BHO: TwcToolbarBhoApp Class - {AA1F9DDB-E605-4ba6-81D4-E427DEE012AD} - C:\WINDOWS\system32\TwcToolbarBho.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {C0AC5542-A167-4748-BF42-9D1B09723A62} - C:\WINDOWS\system32\khfcbax.dll (file missing)
O2 - BHO: (no name) - {DC7B3E78-F3CC-FD1F-CB46-F8BAD8314695} - C:\WINDOWS\system32\jqnlpds.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: The Weather Channel Toolbar - {2E5E800E-6AC0-411E-940A-369530A35E43} - C:\WINDOWS\system32\TwcToolbarIe7.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1140810325\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [ClubBox] "C:\WINDOWS\system32\clubbox.exe" -l
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "D:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [ppmate] D:\Program Files\PPMate\PPMate\ppmate.exe -autoplay
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Profiler] C:\Program Files\Saitek\Software\Profiler.exe
O4 - HKLM\..\Run: [SaiMfd] C:\Program Files\Saitek\Software\SaiMfd.exe
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [syswin] C:\WINDOWS\TEMP\win62.tmp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp /HIDEBL
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [Sen] "C:\WINDOWS\YSTEM~1\attrib.exe" -vt yazb
O4 - HKCU\..\Run: [Phh] "D:\My Documents\??stem\r£ondll.exe" 99001162
O4 - Global Startup: Acrobat Assistant.lnk = D:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: dlbcserv.lnk = C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: Post-itR Software Notes Lite.lnk = D:\Program Files\3M\PSNLite\PsnLite.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: Aa·N??2EEOAμ3?A÷3cOUIs1U?’ - {022C4009-5283-4365-97BF-144054B40E2E} - http://itv.mop.com (file missing)
O9 - Extra 'Tools' menuitem: 2¥°OμcEO - {022C4009-5283-4365-97BF-144054B40E2E} - http://itv.mop.com (file missing)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: The Weather Channel - {2E5E800E-6AC0-411E-940A-369530A35E43} - (no file)
O9 - Extra 'Tools' menuitem: The Weather Channel - {2E5E800E-6AC0-411E-940A-369530A35E43} - (no file)
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: D.S.Lite - {F8475519-8412-4D40-A46E-692D9D04DF7F} - D:\Downloads\dsl\DSLite.exe
O9 - Extra 'Tools' menuitem: &D.S.Lite - {F8475519-8412-4D40-A46E-692D9D04DF7F} - D:\Downloads\dsl\DSLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: TVShortcutCAB - http://att.mobitv.com/TVShortcut.CAB
O16 - DPF: {0AE0F5F9-8233-49A4-A3C8-004CE190787B} (BMSpeedCheck Control) - http://www.pdbox.co.kr/boxmedia/ctrl_down/BMSpeedCheck.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {39D420B3-E0EB-424C-89AA-C24F8DE7EF79} (KooPlayer Control) - http://www.vivitv.com/KooPlayer.ocx
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {CBD8B1CB-2F5F-415F-93E8-A297B33DCBB2} (CentrinoCheck Control) - http://entriq.vo.llnwd.net/o1/NBCUniversal/cabs/cpucheck_1_0_0_5.cab
O16 - DPF: {CE7D2BF2-D173-4CE2-9DAF-15EA153B5B43} - http://entriq.vo.llnwd.net/o1/NBCUniversal/cabs/Entriq_3_4_0_15_Silent.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DE0FB644-C59B-46D1-B650-88BA945BC98F} - http://entriq.vo.llnwd.net/o1/NBCUniversal/cabs/NBCUniversal_1_0_0_3.cab
O16 - DPF: {DF7E9E9B-A7D8-4B2C-82E0-AC630D9594A5} (JSUpdaterAx Control) - http://www.jceports.com/_app/cab/JSUpdaterAX.cab
O16 - DPF: {FEE1002D-90A5-4A5D-AABE-01803FFBCF7A} (pCastPanel Class) - http://ps.itv.mop.com/dn/files/pCastCtl_1.0.0.87_20060601.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winsxf32 - C:\WINDOWS\SYSTEM32\winsxf32.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel File Transfer - IntelR Corporation - C:\WINDOWS\system32\cba\xfr.exe
O23 - Service: Intel PDS - IntelR Corporation - C:\WINDOWS\system32\cba\pds.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
mhl23
2007-02-01, 07:17
VundoFix:


VundoFix V6.3.5

Checking Java version...

Java version is 1.5.0.5

Java version is 1.5.0.6

Scan started at 9:37:29 PM 1/31/2007

Listing files found while scanning....

C:\WINDOWS\system32\iifecdb.dll
C:\WINDOWS\system32\khfcbax.dll
C:\WINDOWS\system32\tuvtqnn.dll

VundoFix V6.3.5

Checking Java version...

Java version is 1.5.0.5

Java version is 1.5.0.6

Scan started at 9:49:55 PM 1/31/2007

Listing files found while scanning....

C:\WINDOWS\system32\iifecdb.dll
C:\WINDOWS\system32\khfcbax.dll
C:\WINDOWS\system32\tuvtqnn.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\iifecdb.dll
C:\WINDOWS\system32\iifecdb.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\khfcbax.dll
C:\WINDOWS\system32\khfcbax.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\tuvtqnn.dll
C:\WINDOWS\system32\tuvtqnn.dll Has been deleted!

Performing Repairs to the registry.
Done!


Thanks a lot !
teacup61
2007-02-01, 14:43
Hello,

Please download, install, and update AVG Anti-Spyware (formerly Ewido) (http://www.ewido.net/en/download/)


Load AVG Anti-Spyware and then click the Update tab at the top. Under Manual Update click Start update.
After the update finishes (the status bar at the bottom will display "Update successful")
Click the settings tab, then click "apply all actions" and choose clean (quarantine)
Close AVG. Do not run it yet.


Please reboot your computer into Safe Mode. To boot into Safe Mode, please restart your computer. Tap F8 before Windows loads. Select Safe Mode on the screen that appears.

Please run HijackThis! and click "Scan." Place checks next to the following entries, if present:

R3 - URLSearchHook: (no name) - {DC7B3E78-F3CC-FD1F-CB46-F8BAD8314695} - C:\WINDOWS\system32\jqnlpds.dll
O2 - BHO: (no name) - {C0AC5542-A167-4748-BF42-9D1B09723A62} - C:\WINDOWS\system32\khfcbax.dll (file missing)
O2 - BHO: (no name) - {DC7B3E78-F3CC-FD1F-CB46-F8BAD8314695} - C:\WINDOWS\system32\jqnlpds.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O4 - HKLM\..\Run: [syswin] C:\WINDOWS\TEMP\win62.tmp.exe
O4 - HKCU\..\Run: [Sen] "C:\WINDOWS\YSTEM~1\attrib.exe" -vt yazb
O4 - HKCU\..\Run: [Phh] "D:\My Documents\??stem\r?ondll.exe" 99001162
O20 - Winlogon Notify: winsxf32 - C:\WINDOWS\SYSTEM32\winsxf32.dll

Close all browsers and other windows except for HijackThis!, and click "Fix Checked".

Navigate to and delete the following files (if they exist):

C:\WINDOWS\system32\jqnlpds.dll
C:\WINDOWS\TEMP\win62.tmp.exe
D:\My Documents\??stem\r?ondll.exe <----this bolded folder, containing the file r?ondll.exe
C:\WINDOWS\SYSTEM32\winsxf32.dll


In Safe Mode, load AVG Anti-Spyware and click on the Scanner tab at the top and then click on Complete System Scan. This scan can take quite a while to run, so be prepared.
AVG Anti-Spyware will list any infections found on the left hand side. When the scan has finished, it will automatically set the recommended action. Click the Apply all actions button. AVG Anti-Spyware will display "All actions have been applied" on the right hand side.
Click on "Save Report", then "Save Report As". This will create a text file. Make sure you know where to find this file again (like on the Desktop).
Restart back into Normal Mode.


Your Java is way out of date, which leaves your computer vulnerable.

Updating Java Download the latest version of Java Runtime Environment (JRE) 6.0 (http://java.sun.com/javase/downloads/index.jsp). Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications". Click the "Download" button to the right. Check the box that says: "Accept License Agreement". The page will refresh. Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop. Close any programs you may have running - especially your web browser. Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java. Check any item with Java Runtime Environment (JRE or J2SE) in the name. Click the Remove or Change/Remove button. Repeat as many times as necessary to remove each Java versions. Reboot your computer once all Java components are removed. Then from your desktop double-click on jre-6-windows-i586.exe to install the newest version.

In your reply, please post the report from AVG and a new HijackThis log. Please also let me know how your computer is running. :)

Thanks,
tea
mhl23
2007-02-01, 18:33
Hi,

For the third step for AVG, "Click the settings tab, then click "apply all actions" and choose clean (quarantine)",
I cannot find the setting tab, and apply all actions option.

Where can I find it?


Thanks
teacup61
2007-02-02, 00:12
Hello,

Here's the illustrated version ;)

http://forums.security-central.us/showthread.php?t=3165
mhl23
2007-02-02, 04:45
Hi,

I forgot the AVG report, but i ran a complete scan, and applied all actions.
I will do another scan tonight and post the report tomorrow morning.

Meanwhile, here is a new HijackThis report.

Logfile of HijackThis v1.99.1
Scan saved at 7:43:18 PM, on 2/1/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\WINDOWS\system32\cba\pds.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\cba\xfr.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\AOL\1140810325\ee\AOLSoftware.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
D:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Saitek\Software\Profiler.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\Saitek\Software\SaiMfd.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\AIM6\aim6.exe
D:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
D:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\AIM6\aolsoftware.exe
D:\Program Files\3M\PSNLite\PsnLite.exe
D:\PROGRA~1\3M\PSNLite\PSNGive.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\Common Files\Teleca Shared\Generic.exe
D:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {90382AD7-4298-47E0-BC0F-14ACCFF44D2C} - C:\WINDOWS\system32\tuvwvvs.dll
O2 - BHO: TwcToolbarBhoApp Class - {AA1F9DDB-E605-4ba6-81D4-E427DEE012AD} - C:\WINDOWS\system32\TwcToolbarBho.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: The Weather Channel Toolbar - {2E5E800E-6AC0-411E-940A-369530A35E43} - C:\WINDOWS\system32\TwcToolbarIe7.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1140810325\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [ClubBox] "C:\WINDOWS\system32\clubbox.exe" -l
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "D:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [ppmate] D:\Program Files\PPMate\PPMate\ppmate.exe -autoplay
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Profiler] C:\Program Files\Saitek\Software\Profiler.exe
O4 - HKLM\..\Run: [SaiMfd] C:\Program Files\Saitek\Software\SaiMfd.exe
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp /HIDEBL
O4 - Global Startup: Acrobat Assistant.lnk = D:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: dlbcserv.lnk = C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: Post-itR Software Notes Lite.lnk = D:\Program Files\3M\PSNLite\PsnLite.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: Aa·N??2EEOAμ3?A÷3cOUIs1U?’ - {022C4009-5283-4365-97BF-144054B40E2E} - http://itv.mop.com (file missing)
O9 - Extra 'Tools' menuitem: 2¥°OμcEO - {022C4009-5283-4365-97BF-144054B40E2E} - http://itv.mop.com (file missing)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: The Weather Channel - {2E5E800E-6AC0-411E-940A-369530A35E43} - (no file)
O9 - Extra 'Tools' menuitem: The Weather Channel - {2E5E800E-6AC0-411E-940A-369530A35E43} - (no file)
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: D.S.Lite - {F8475519-8412-4D40-A46E-692D9D04DF7F} - D:\Downloads\dsl\DSLite.exe
O9 - Extra 'Tools' menuitem: &D.S.Lite - {F8475519-8412-4D40-A46E-692D9D04DF7F} - D:\Downloads\dsl\DSLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: TVShortcutCAB - http://att.mobitv.com/TVShortcut.CAB
O16 - DPF: {0AE0F5F9-8233-49A4-A3C8-004CE190787B} (BMSpeedCheck Control) - http://www.pdbox.co.kr/boxmedia/ctrl_down/BMSpeedCheck.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {39D420B3-E0EB-424C-89AA-C24F8DE7EF79} (KooPlayer Control) - http://www.vivitv.com/KooPlayer.ocx
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {CBD8B1CB-2F5F-415F-93E8-A297B33DCBB2} (CentrinoCheck Control) - http://entriq.vo.llnwd.net/o1/NBCUniversal/cabs/cpucheck_1_0_0_5.cab
O16 - DPF: {CE7D2BF2-D173-4CE2-9DAF-15EA153B5B43} - http://entriq.vo.llnwd.net/o1/NBCUniversal/cabs/Entriq_3_4_0_15_Silent.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DE0FB644-C59B-46D1-B650-88BA945BC98F} - http://entriq.vo.llnwd.net/o1/NBCUniversal/cabs/NBCUniversal_1_0_0_3.cab
O16 - DPF: {DF7E9E9B-A7D8-4B2C-82E0-AC630D9594A5} (JSUpdaterAx Control) - http://www.jceports.com/_app/cab/JSUpdaterAX.cab
O16 - DPF: {FEE1002D-90A5-4A5D-AABE-01803FFBCF7A} (pCastPanel Class) - http://ps.itv.mop.com/dn/files/pCastCtl_1.0.0.87_20060601.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: tuvwvvs - C:\WINDOWS\SYSTEM32\tuvwvvs.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel File Transfer - IntelR Corporation - C:\WINDOWS\system32\cba\xfr.exe
O23 - Service: Intel PDS - IntelR Corporation - C:\WINDOWS\system32\cba\pds.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe


Please let me know if my computer is still infected by virus or adware.

Thanks
teacup61
2007-02-02, 05:33
Hello,

I forgot the AVG report, but i ran a complete scan, and applied all actions.
I will do another scan tonight and post the report tomorrow morning. Please do....and run VundoFix again, and ComboFix. You are still infected, not in the clear yet. Post the reports from all of them. :bigthumb:

Thanks,
tea
mhl23
2007-02-02, 21:19
I have finished the AVG scan last night,
and here is the report.
and Vundo, ComboFix, and Hijack This report as well.

AVG:

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 9:07:47 AM 2/2/2007

+ Scan result:



C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll -> Adware.Aws : Ignored.
C:\System Volume Information\_restore{85F540A3-B2C7-42EE-9FD6-1BC729CFF25F}\RP524\A0089275.dll -> Adware.PurityScan : Ignored.
C:\System Volume Information\_restore{85F540A3-B2C7-42EE-9FD6-1BC729CFF25F}\RP522\A0088868.exe -> Adware.Sohu : Ignored.
D:\C drive stuff\Program Files\Common Files\Sogou PXP\p2psvr.exe -> Adware.Sohu : Ignored.
C:\System Volume Information\_restore{85F540A3-B2C7-42EE-9FD6-1BC729CFF25F}\RP522\A0088790.dll -> Adware.Virtumonde : Ignored.
C:\System Volume Information\_restore{85F540A3-B2C7-42EE-9FD6-1BC729CFF25F}\RP522\A0088791.dll -> Adware.Virtumonde : Ignored.
C:\System Volume Information\_restore{85F540A3-B2C7-42EE-9FD6-1BC729CFF25F}\RP524\A0089301.exe -> Downloader.PurityScan.dc : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{85F540A3-B2C7-42EE-9FD6-1BC729CFF25F}\RP524\A0089306.exe -> Downloader.PurityScan.dt : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{85F540A3-B2C7-42EE-9FD6-1BC729CFF25F}\RP524\A0089307.exe -> Downloader.PurityScan.dt : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{85F540A3-B2C7-42EE-9FD6-1BC729CFF25F}\RP524\A0089302.exe -> Downloader.Tiny.fk : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{85F540A3-B2C7-42EE-9FD6-1BC729CFF25F}\RP524\A0089303.exe -> Logger.Agent.or : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{85F540A3-B2C7-42EE-9FD6-1BC729CFF25F}\RP524\A0089304.exe -> Logger.Agent.or : Cleaned with backup (quarantined).
D:\System Volume Information\_restore{85F540A3-B2C7-42EE-9FD6-1BC729CFF25F}\RP524\A0089305.exe -> Logger.Agent.or : Cleaned with backup (quarantined).
D:\System Volume Information\_restore{85F540A3-B2C7-42EE-9FD6-1BC729CFF25F}\RP524\A0089310.exe -> Logger.Banker.zn : Cleaned with backup (quarantined).
D:\Downloads\EvidPack\EvID4226Patch.exe -> Not-A-Virus.Hacktool.EvID : Ignored.
D:\Downloaded Files\Alcohol 120% v.1.9.2 Build 1705\1.9.2.1705.Crack\smart_patch.exe -> Not-A-Virus.VirTool.Win32.AvSpoffer.a : Ignored.
C:\Documents and Settings\manhin lee\Cookies\manhin_lee@2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\manhin lee\Cookies\manhin_lee@dealnews.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\manhin lee\Cookies\manhin_lee@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\manhin lee\Cookies\manhin_lee@advertising[1].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\manhin lee\Cookies\manhin_lee@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\manhin lee\Cookies\manhin_lee@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\manhin lee\Cookies\manhin_lee@www.burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\manhin lee\Cookies\manhin_lee@com[1].txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\manhin lee\Cookies\manhin_lee@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\manhin lee\Cookies\manhin_lee@ehg-crain.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\manhin lee\Cookies\manhin_lee@hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\manhin lee\Cookies\manhin_lee@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\manhin lee\Cookies\manhin_lee@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\manhin lee\Cookies\manhin_lee@realmedia[1].txt -> TrackingCookie.Realmedia : Cleaned.
C:\Documents and Settings\manhin lee\Cookies\manhin_lee@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : Cleaned.
C:\Documents and Settings\manhin lee\Cookies\manhin_lee@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\manhin lee\Cookies\manhin_lee@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\System Volume Information\_restore{85F540A3-B2C7-42EE-9FD6-1BC729CFF25F}\RP524\A0089309.dll -> Trojan.Agent.qt : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{85F540A3-B2C7-42EE-9FD6-1BC729CFF25F}\RP524\A0089308.exe -> Trojan.Small : Cleaned with backup (quarantined).


::Report end
mhl23
2007-02-02, 21:21
Logfile of HijackThis v1.99.1
Scan saved at 12:16:33 PM, on 2/2/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\WINDOWS\system32\cba\pds.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\cba\xfr.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\AOL\1140810325\ee\AOLSoftware.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
D:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\Saitek\Software\Profiler.exe
C:\Program Files\Saitek\Software\SaiMfd.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\WINDOWS\system32\fscagent.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\AIM6\aolsoftware.exe
D:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
D:\Program Files\Logitech\SetPoint\SetPoint.exe
D:\Program Files\3M\PSNLite\PsnLite.exe
D:\PROGRA~1\3M\PSNLite\PSNGive.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\Common Files\Teleca Shared\Generic.exe
D:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\WINDOWS\system32\SNDVOL32.EXE
C:\WINDOWS\system32\conime.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Hijackthis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: TwcToolbarBhoApp Class - {AA1F9DDB-E605-4ba6-81D4-E427DEE012AD} - C:\WINDOWS\system32\TwcToolbarBho.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: The Weather Channel Toolbar - {2E5E800E-6AC0-411E-940A-369530A35E43} - C:\WINDOWS\system32\TwcToolbarIe7.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1140810325\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [ClubBox] "C:\WINDOWS\system32\clubbox.exe" -l
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "D:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [ppmate] D:\Program Files\PPMate\PPMate\ppmate.exe -autoplay
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Profiler] C:\Program Files\Saitek\Software\Profiler.exe
O4 - HKLM\..\Run: [SaiMfd] C:\Program Files\Saitek\Software\SaiMfd.exe
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp /HIDEBL
O4 - Global Startup: Acrobat Assistant.lnk = D:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: dlbcserv.lnk = C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: Post-itR Software Notes Lite.lnk = D:\Program Files\3M\PSNLite\PsnLite.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: Aa·N??2EEOAμ3?A÷3cOUIs1U?’ - {022C4009-5283-4365-97BF-144054B40E2E} - http://itv.mop.com (file missing)
O9 - Extra 'Tools' menuitem: 2¥°OμcEO - {022C4009-5283-4365-97BF-144054B40E2E} - http://itv.mop.com (file missing)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: The Weather Channel - {2E5E800E-6AC0-411E-940A-369530A35E43} - (no file)
O9 - Extra 'Tools' menuitem: The Weather Channel - {2E5E800E-6AC0-411E-940A-369530A35E43} - (no file)
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: D.S.Lite - {F8475519-8412-4D40-A46E-692D9D04DF7F} - D:\Downloads\dsl\DSLite.exe
O9 - Extra 'Tools' menuitem: &D.S.Lite - {F8475519-8412-4D40-A46E-692D9D04DF7F} - D:\Downloads\dsl\DSLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: TVShortcutCAB - http://att.mobitv.com/TVShortcut.CAB
O16 - DPF: {0AE0F5F9-8233-49A4-A3C8-004CE190787B} (BMSpeedCheck Control) - http://www.pdbox.co.kr/boxmedia/ctrl_down/BMSpeedCheck.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {39D420B3-E0EB-424C-89AA-C24F8DE7EF79} (KooPlayer Control) - http://www.vivitv.com/KooPlayer.ocx
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {CBD8B1CB-2F5F-415F-93E8-A297B33DCBB2} (CentrinoCheck Control) - http://entriq.vo.llnwd.net/o1/NBCUniversal/cabs/cpucheck_1_0_0_5.cab
O16 - DPF: {CE7D2BF2-D173-4CE2-9DAF-15EA153B5B43} - http://entriq.vo.llnwd.net/o1/NBCUniversal/cabs/Entriq_3_4_0_15_Silent.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DE0FB644-C59B-46D1-B650-88BA945BC98F} - http://entriq.vo.llnwd.net/o1/NBCUniversal/cabs/NBCUniversal_1_0_0_3.cab
O16 - DPF: {DF7E9E9B-A7D8-4B2C-82E0-AC630D9594A5} (JSUpdaterAx Control) - http://www.jceports.com/_app/cab/JSUpdaterAX.cab
O16 - DPF: {FEE1002D-90A5-4A5D-AABE-01803FFBCF7A} (pCastPanel Class) - http://ps.itv.mop.com/dn/files/pCastCtl_1.0.0.87_20060601.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel File Transfer - IntelR Corporation - C:\WINDOWS\system32\cba\xfr.exe
O23 - Service: Intel PDS - IntelR Corporation - C:\WINDOWS\system32\cba\pds.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
mhl23
2007-02-02, 21:27
VundoFix V6.3.5

Checking Java version...

Java version is 1.5.0.5

Java version is 1.5.0.6

Scan started at 9:37:29 PM 1/31/2007

Listing files found while scanning....

C:\WINDOWS\system32\iifecdb.dll
C:\WINDOWS\system32\khfcbax.dll
C:\WINDOWS\system32\tuvtqnn.dll

VundoFix V6.3.5

Checking Java version...

Java version is 1.5.0.5

Java version is 1.5.0.6

Scan started at 9:49:55 PM 1/31/2007

Listing files found while scanning....

C:\WINDOWS\system32\iifecdb.dll
C:\WINDOWS\system32\khfcbax.dll
C:\WINDOWS\system32\tuvtqnn.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\iifecdb.dll
C:\WINDOWS\system32\iifecdb.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\khfcbax.dll
C:\WINDOWS\system32\khfcbax.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\tuvtqnn.dll
C:\WINDOWS\system32\tuvtqnn.dll Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.3.5

Checking Java version...

Scan started at 9:22:54 PM 2/1/2007

Listing files found while scanning....

C:\WINDOWS\system32\tuvwvvs.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\tuvwvvs.dll
C:\WINDOWS\system32\tuvwvvs.dll Could not be deleted.

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\WINDOWS\system32\tuvwvvs.dll
C:\WINDOWS\system32\tuvwvvs.dll Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.3.5

Checking Java version...

Scan started at 9:54:22 PM 2/1/2007

Listing files found while scanning....

No infected files were found.


VundoFix V6.3.5

Checking Java version...

Scan started at 9:22:25 AM 2/2/2007

Listing files found while scanning....

No infected files were found.


VundoFix V6.3.5

Checking Java version...

Scan started at 11:38:36 AM 2/2/2007

Listing files found while scanning....

No infected files were found.
mhl23
2007-02-02, 21:28
"manhin lee" - 07-02-02 12:14:02 Service Pack 2
ComboFix 07.01.31 - Running from: "C:\Documents and Settings\manhin lee\Desktop"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
Folders Quarantined:
C:\qoobox\purity\Program Files\DOBE~1
C:\qoobox\purity\WINDOWS\TSKS~1
C:\qoobox\purity\WINDOWS\YSTEM~1
C:\qoobox\purity\WINDOWS\TSKS~1\T?sks
C:\qoobox\purity\WINDOWS\YSTEM~1\?ystem


((((((((((((((((((((((((((((((( Files Created from 2007-01-02 to 2007-02-02 ))))))))))))))))))))))))))))))))))


2007-02-01 20:45 277,279 ---hs---- C:\WINDOWS\system32\byxwt.dll
2007-02-01 19:35 277,289 ---hs---- C:\WINDOWS\system32\opnkh.dll
2007-02-01 19:32 277,289 ---hs---- C:\WINDOWS\system32\mljgd.dll
2007-02-01 17:04 277,104 ---hs---- C:\WINDOWS\system32\efcya.dll
2007-02-01 17:03 277,104 ---hs---- C:\WINDOWS\system32\pmkhf.dll
2007-02-01 17:02 277,104 ---hs---- C:\WINDOWS\system32\fcyvw.dll
2007-02-01 09:25 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-02-01 09:25 <DIR> d-------- C:\Program Files\Grisoft
2007-02-01 09:21 277,232 ---hs---- C:\WINDOWS\system32\pmkjg.dll
2007-02-01 09:21 277,232 ---hs---- C:\WINDOWS\system32\awtuv.dll
2007-02-01 09:17 277,155 ---hs---- C:\WINDOWS\system32\hggfc.dll
2007-02-01 02:43 <DIR> d-------- C:\Program Files\Java
2007-02-01 02:43 <DIR> d-------- C:\Program Files\Common Files\Java
2007-01-31 22:04 <DIR> d-------- C:\WINDOWS\ERDNT
2007-01-31 21:37 <DIR> d-------- C:\VundoFix Backups
2007-01-31 21:17 277,256 ---hs---- C:\WINDOWS\system32\qopml.dll
2007-01-31 21:17 277,256 ---hs---- C:\WINDOWS\system32\khfda.dll
2007-01-31 21:14 277,256 ---hs---- C:\WINDOWS\system32\byxxx.dll
2007-01-31 20:41 277,120 ---hs---- C:\WINDOWS\system32\fccay.dll
2007-01-31 14:39 277,064 ---hs---- C:\WINDOWS\system32\ddaaa.dll
2007-01-31 14:31 277,064 ---hs---- C:\WINDOWS\system32\rqonm.dll
2007-01-31 14:28 277,273 ---hs---- C:\WINDOWS\system32\mllki.dll
2007-01-31 14:21 277,273 ---hs---- C:\WINDOWS\system32\ursqo.dll
2007-01-31 13:39 277,073 ---hs---- C:\WINDOWS\system32\byxyv.dll
2007-01-31 13:30 277,073 ---hs---- C:\WINDOWS\system32\qoppo.dll
2007-01-31 12:29 277,261 ---hs---- C:\WINDOWS\system32\hgdaw.dll
2007-01-31 12:27 277,261 ---hs---- C:\WINDOWS\system32\gebca.dll
2007-01-31 12:20 277,261 ---hs---- C:\WINDOWS\system32\cbxxy.dll
2007-01-31 11:39 277,139 ---hs---- C:\WINDOWS\system32\nnnmk.dll
2007-01-31 11:38 277,139 ---hs---- C:\WINDOWS\system32\xxyay.dll
2007-01-31 11:33 <DIR> d-------- C:\Program Files\Hijackthis
2007-01-31 09:28 277,254 ---hs---- C:\WINDOWS\system32\xxyyx.dll
2007-01-31 03:31 277,245 ---hs---- C:\WINDOWS\system32\sstsq.dll
2007-01-31 03:21 277,246 ---hs---- C:\WINDOWS\system32\wvwww.dll
2007-01-31 02:58 <DIR> d-------- C:\SDFix
2007-01-31 02:31 277,196 ---hs---- C:\WINDOWS\system32\cbaxy.dll
2007-01-31 02:29 277,196 ---hs---- C:\WINDOWS\system32\rqrsr.dll
2007-01-31 02:17 277,196 ---hs---- C:\WINDOWS\system32\mlllk.dll
2007-01-31 01:47 277,257 ---hs---- C:\WINDOWS\system32\efcdd.dll
2007-01-31 01:39 277,296 ---hs---- C:\WINDOWS\system32\cbxyv.dll
2007-01-31 01:38 277,296 ---hs---- C:\WINDOWS\system32\rqrqq.dll
2007-01-30 23:34 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Spybot - Search & Destroy
2007-01-30 22:20 277,264 ---hs---- C:\WINDOWS\system32\hgddb.dll
2007-01-30 22:20 277,264 ---hs---- C:\WINDOWS\system32\ddcby.dll
2007-01-30 22:18 277,242 ---hs---- C:\WINDOWS\system32\cbayv.dll
2007-01-30 22:04 277,082 ---hs---- C:\WINDOWS\system32\ssqnl.dll
2007-01-30 21:42 277,258 ---hs---- C:\WINDOWS\system32\pmklj.dll
2007-01-30 21:30 277,270 ---hs---- C:\WINDOWS\system32\wvuut.dll
2007-01-30 18:08 277,148 ---hs---- C:\WINDOWS\system32\jkkkj.dll
2007-01-30 18:04 277,296 ---hs---- C:\WINDOWS\system32\khfed.dll
2007-01-30 17:41 277,068 ---hs---- C:\WINDOWS\system32\qoppp.dll
2007-01-30 17:31 277,129 ---hs---- C:\WINDOWS\system32\oppon.dll
2007-01-30 17:31 277,129 ---hs---- C:\WINDOWS\system32\awtts.dll
2007-01-30 17:29 277,064 ---hs---- C:\WINDOWS\system32\pmkli.dll
2007-01-30 17:15 277,229 ---hs---- C:\WINDOWS\system32\nnnli.dll
2007-01-30 17:14 277,229 ---hs---- C:\WINDOWS\system32\yayvu.dll
2007-01-30 17:14 277,229 ---hs---- C:\WINDOWS\system32\cbayw.dll
2007-01-30 17:12 277,229 ---hs---- C:\WINDOWS\system32\qopop.dll
2007-01-30 17:01 620,123 --a------ C:\WINDOWS\system32\RegistryCleanerSetup.exe
2007-01-30 16:57 277,063 ---hs---- C:\WINDOWS\system32\vtspp.dll
2007-01-30 16:56 277,063 ---hs---- C:\WINDOWS\system32\hgday.dll
2007-01-22 15:12 21,425 --a------ C:\WINDOWS\system32\drivers\AegisP.sys
2007-01-22 15:12 <DIR> d-------- C:\DOCUME~1\LOCALS~1\Application Data\Intel
2007-01-22 15:12 <DIR> d-------- C:\DOCUME~1\DEFAUL~1\Application Data\Intel
2007-01-22 15:11 <DIR> d-------- C:\DOCUME~1\NETWOR~1\Application Data\Intel
2007-01-22 15:11 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Intel
2007-01-22 15:10 <DIR> d-------- C:\DOCUME~1\MANHIN~1\Application Data\Intel
2007-01-21 18:24 87,608 --a------ C:\DOCUME~1\MANHIN~1\Application Data\ezpinst.exe
2007-01-21 18:24 47,360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys
2007-01-21 18:24 47,360 --a------ C:\DOCUME~1\MANHIN~1\Application Data\pcouffin.sys
2007-01-21 18:24 <DIR> d-------- C:\Program Files\vso
2007-01-21 18:24 <DIR> d-------- C:\DOCUME~1\MANHIN~1\Application Data\Vso
2007-01-16 01:32 <DIR> d-------- C:\DOCUME~1\MANHIN~1\Application Data\Viewpoint
2007-01-14 02:56 <DIR> d-------- C:\Program Files\Common Files\Skype
2007-01-14 02:56 <DIR> d-------- C:\DOCUME~1\MANHIN~1\Application Data\Skype
2007-01-14 02:56 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Skype
2007-01-14 02:55 <DIR> d-------- C:\Program Files\Skype
2007-01-12 11:00 <DIR> d-------- C:\WINDOWS\ie7updates
2007-01-11 01:47 102,400 -ra------ C:\WINDOWS\system32\grdmgr.exe
2007-01-10 06:08 <DIR> d-------- C:\Program Files\Virtual Earth 3D
2007-01-08 06:59 <DIR> d-------- C:\Program Files\Common Files\xing shared
2007-01-07 08:43 <DIR> d-------- C:\DOCUME~1\MANHIN~1\Application Data\Camfrog
2007-01-05 08:02 61,440 --a------ C:\WINDOWS\system32\nod.dll
2007-01-04 05:30 17,024 --a------ C:\WINDOWS\system32\drivers\usbohci.sys
2007-01-04 02:27 1,179,136 --a------ C:\WINDOWS\system32\AutoPartNt.exe
2007-01-04 02:09 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Acronis
2007-01-04 02:01 388,000 --a------ C:\WINDOWS\system32\drivers\timntr.sys
2007-01-04 02:01 32,288 --a------ C:\WINDOWS\system32\drivers\tifsfilt.sys
2007-01-04 02:00 99,776 --a------ C:\WINDOWS\system32\drivers\snapman.sys
2007-01-04 02:00 <DIR> d-------- C:\Program Files\Common Files\Acronis
2007-01-04 02:00 <DIR> d-------- C:\Program Files\Acronis
2007-01-03 22:21 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Real


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-02-01 02:17 -------- d-------- C:\Program Files\logitech
2007-02-01 01:30 -------- d-------- C:\DOCUME~1\MANHIN~1\Application Data\foobar2000
2007-01-30 21:31 -------- d-------- C:\Program Files\mozilla firefox
2007-01-30 18:52 -------- d-------- C:\Program Files\the weather channel toolbar
2007-01-30 17:06 -------- d-------- C:\Program Files\flashget
2007-01-28 23:51 359808 --a------ C:\WINDOWS\system32\drivers\TCPIP.SYS
2007-01-28 22:29 2560 --a------ C:\WINDOWS\system32\bitcometres.dll
2007-01-28 22:29 -------- d-------- C:\Program Files\bitcomet
2007-01-26 01:11 -------- d-------- C:\DOCUME~1\MANHIN~1\Application Data\dvdcss
2007-01-21 18:24 7824 --a------ C:\DOCUME~1\MANHIN~1\Application Data\pcouffin.cat
2007-01-21 18:24 34 --a------ C:\DOCUME~1\MANHIN~1\Application Data\pcouffin.log
2007-01-21 18:24 1144 --a------ C:\DOCUME~1\MANHIN~1\Application Data\pcouffin.inf
2007-01-17 00:21 -------- d-------- C:\DOCUME~1\MANHIN~1\Application Data\adobeum
2007-01-17 00:08 -------- d-------- C:\Program Files\pplive
2007-01-17 00:08 -------- d-------- C:\DOCUME~1\MANHIN~1\Application Data\ppstream
2007-01-16 23:50 -------- d-------- C:\Program Files\gaov
2007-01-16 23:47 -------- d-------- C:\Program Files\haali
2007-01-14 03:11 -------- d-------- C:\DOCUME~1\MANHIN~1\Application Data\contentguard
2007-01-10 09:53 -------- d-------- C:\Program Files\viewpoint
2007-01-08 07:00 -------- d-------- C:\DOCUME~1\MANHIN~1\Application Data\real
2007-01-08 06:59 -------- d-------- C:\Program Files\Common Files\real
2007-01-03 20:53 -------- d--h----- C:\Program Files\installshield installation information
2006-12-24 16:46 -------- d-------- C:\Program Files\nakido
2006-12-22 10:14 1220608 -ra------ C:\WINDOWS\system32\clubbox.exe
2006-12-20 19:11 -------- d-------- C:\Program Files\saitek
2006-12-17 17:28 223128 --a------ C:\WINDOWS\system32\drivers\vaxscsi.sys
2006-12-17 16:45 639224 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2006-12-12 17:32 -------- d-------- C:\Program Files\msn messenger
2006-12-08 19:29 118784 -r------- C:\WINDOWS\bwunin-7.2.0.137-8876480sl.exe
2006-12-08 19:26 -------- d-------- C:\Program Files\Common Files\logitech
2006-12-06 22:40 2362184 --a------ C:\WINDOWS\system32\wmvcore.dll
2006-12-04 14:01 77824 --a------ C:\WINDOWS\system32\twctoolbarbho.dll
2006-12-04 14:01 262144 --a------ C:\WINDOWS\system32\twctoolbarie7.dll
2006-12-02 18:30 -------- d-------- C:\DOCUME~1\MANHIN~1\Application Data\ppmate
2006-12-02 18:29 -------- d-------- C:\Program Files\Common Files\synacast
2006-11-29 18:48 774144 --a------ C:\Program Files\rnginterstitial.dll
2006-11-29 07:41 327680 -ra------ C:\WINDOWS\system32\grdupdater.exe
2006-11-20 18:59 37027 --a------ C:\WINDOWS\atmoun.exe
2006-11-07 21:06 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-11-07 21:03 6049280 --a------ C:\WINDOWS\system32\ieframe.dll
2006-11-07 21:03 50688 --a------ C:\WINDOWS\system32\msfeedsbs.dll
2006-11-07 21:03 458752 --a------ C:\WINDOWS\system32\msfeeds.dll
2006-11-07 21:03 413696 --a------ C:\WINDOWS\system32\vbscript.dll
2006-11-07 21:03 231424 --a------ C:\WINDOWS\system32\webcheck.dll
2006-11-07 21:03 180736 --a------ C:\WINDOWS\system32\ieui.dll
2006-11-07 21:03 156160 --a------ C:\WINDOWS\system32\msls31.dll
2006-11-07 03:27 382976 --a------ C:\WINDOWS\system32\iedkcs32.dll
2006-11-07 03:27 229376 --a------ C:\WINDOWS\system32\ieaksie.dll
2006-11-07 03:26 71680 --a------ C:\WINDOWS\system32\admparse.dll
2006-11-07 03:26 55296 --a------ C:\WINDOWS\system32\iesetup.dll
2006-11-07 03:26 54784 --a------ C:\WINDOWS\system32\ie4uinit.exe
2006-11-07 03:26 43008 --a------ C:\WINDOWS\system32\iernonce.dll
2006-11-07 03:26 152064 --a------ C:\WINDOWS\system32\ieakeng.dll
2006-11-07 03:26 13312 --a------ C:\WINDOWS\system32\ieudinit.exe
2006-11-07 03:26 123904 --a------ C:\WINDOWS\system32\advpack.dll
2006-11-07 03:25 161792 --a------ C:\WINDOWS\system32\ieakui.dll
2006-11-04 14:14 1245696 --a------ C:\WINDOWS\system32\msxml4.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"Aim6"="\"C:\\Program Files\\AIM6\\aim6.exe\" /d locale=en-US ee://aol/imApp /HIDEBL"
"Steam"=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"IMJPMIG8.1"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32"
"MSPY2002"="C:\\WINDOWS\\system32\\IME\\PINTLGNT\\ImScInst.exe /SYNC"
"PHIME2002ASync"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC"
"PHIME2002A"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName"
"vptray"="C:\\PROGRA~1\\SYMANT~1\\SYMANT~1\\vptray.exe"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"LVCOMSX"="C:\\WINDOWS\\system32\\LVCOMSX.EXE"
"LogitechGalleryRepair"="C:\\Program Files\\Logitech\\Video\\ISStart.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"SynTPLpr"="C:\\Program Files\\Synaptics\\SynTP\\SynTPLpr.exe"
"SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
"HostManager"="C:\\Program Files\\Common Files\\AOL\\1140810325\\ee\\AOLSoftware.exe"
"BluetoothAuthenticationAgent"="rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent"
"ClubBox"="\"C:\\WINDOWS\\system32\\clubbox.exe\" -l"
"igfxtray"="C:\\WINDOWS\\system32\\igfxtray.exe"
"igfxhkcmd"="C:\\WINDOWS\\system32\\hkcmd.exe"
"igfxpers"="C:\\WINDOWS\\system32\\igfxpers.exe"
"Sony Ericsson PC Suite"="\"D:\\Program Files\\Sony Ericsson\\Mobile2\\Application Launcher\\Application Launcher.exe\" /startoptions"
"HPDJ Taskbar Utility"="C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\hpztsb10.exe"
"ppmate"="D:\\Program Files\\PPMate\\PPMate\\ppmate.exe -autoplay"
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE"
"Profiler"="C:\\Program Files\\Saitek\\Software\\Profiler.exe"
"SaiMfd"="C:\\Program Files\\Saitek\\Software\\SaiMfd.exe"
"TrueImageMonitor.exe"="C:\\Program Files\\Acronis\\TrueImageHome\\TrueImageMonitor.exe"
"AcronisTimounterMonitor"="C:\\Program Files\\Acronis\\TrueImageHome\\TimounterMonitor.exe"
"Acronis Scheduler2 Service"="\"C:\\Program Files\\Common Files\\Acronis\\Schedule2\\schedhlp.exe\""
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"IntelZeroConfig"="\"C:\\Program Files\\Intel\\Wireless\\bin\\ZCfgSvc.exe\""
"IntelWireless"="\"C:\\Program Files\\Intel\\Wireless\\Bin\\ifrmewrk.exe\" /tf Intel PROSet/Wireless"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0\\bin\\jusched.exe\""
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{C0AC5542-A167-4748-BF42-9D1B09723A62}"=""
"{90382AD7-4298-47E0-BC0F-14ACCFF44D2C}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]
"svchost.exe"="C:\\Program Files\\Common Files\\svchost.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
bthsvcs REG_MULTI_SZ BthServ\0\0
mysee2 REG_MULTI_SZ Mysee2_Runtime\0


Completion time: 07-02-02 12:16:07
mhl23
2007-02-02, 21:30
Thanks for all the help !
teacup61
2007-02-03, 07:44
Hello,

Wow! What a load of garbage those removed!:bigthumb: Way to go! How is it running now?

Let's clean up and have a scan to see just how things are. :)

Please download ATF Cleaner (http://www.atribune.org/ccount/click.php?id=1) by Atribune.Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

Please go Here to run Panda's ActiveScan. http://www.pandasoftware.com/products/activescan.htm
Once you are on the Panda site click the Scan your PC button

A new window will open...click the Check Now button.
Enter your State/Providence
Enter your E-mail address and click send.
Select either Home user or Company.

Click the big Scan Now button

* If it wants to install an ActiveX component allow it
* It will start downloading the files it requires for the scan (Note: It may take a few minutes)

When the download is complete, click on My Computer to start the scan.

When the scan completes, if anything malicious is detected, click the See Report button, then Save report and save it to a convenient location (activescan.txt to desktop).
Post the contents of the ActiveScan report, please, and a new HijackThis log.

Thanks,
tea
mhl23
2007-02-03, 10:03
Hi,

Thanks for all the help so far.
I have finished the ActiveScan online and ran a new HIjackThis report.
Will post them right now.

But i have a question about my IE toolbars.
I have installed the Weather channel toolbar, but after I found out i am infected by virus or spyware, I can't choose the Toolbar when i right click on the empty area of the toolbar.
I can see the name of the weather channel toolbar, but it is not clickable.
It's in gray shade, sames goes with the Adobe pdf toolbar.
Is this a spyware or virus problem?

Thanks for your patience with me.

Here is the report from Active scan:


Incident Status Location

Adware:adware/dudu Not disinfected Windows Registry
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\manhin lee\Cookies\manhin_lee@adrevolver[1].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\manhin lee\Cookies\manhin_lee@advertising[2].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\manhin lee\Cookies\manhin_lee@atdmt[2].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\manhin lee\Cookies\manhin_lee@atwola[1].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\manhin lee\Cookies\manhin_lee@fastclick[1].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\manhin lee\Cookies\manhin_lee@media.adrevolver[1].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\manhin lee\Cookies\manhin_lee@tribalfusion[1].txt
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\manhin lee\Desktop\SDFix.exe[SDFix\apps\Process.exe]
Potentially unwanted tool:Application/Processor Not disinfected C:\SDFix\apps\Process.exe
Virus:Trj/Qhost.gen Disinfected C:\WINDOWS\system32\drivers\etc\hosts.20070130-235344.backup
Virus:Trj/Qhost.gen Disinfected C:\WINDOWS\system32\drivers\etc\hosts.20070130-235345.backup
Virus:Trj/Agent.DYT Disinfected C:\WINDOWS\system32\RegistryCleanerSetup.exe
Adware:Adware/WinAntivirus2006 Not disinfected C:\WINDOWS\system32\ssqnl.dll
Spyware:Cookie/Sandboxer Not disinfected D:\Cookies\manhin lee@0[3].txt
Spyware:Cookie/64.62.232 Not disinfected D:\Cookies\manhin lee@64.62.232[3].txt
Spyware:Cookie/Hbmediapro Not disinfected D:\Cookies\manhin lee@adopt.hbmediapro[2].txt
Spyware:Cookie/Adrevolver Not disinfected D:\Cookies\manhin lee@adrevolver[2].txt
Spyware:Cookie/adultfriendfinder Not disinfected D:\Cookies\manhin lee@adultfriendfinder[2].txt
Spyware:Cookie/Apmebf Not disinfected D:\Cookies\manhin lee@apmebf[1].txt
Spyware:Cookie/Belnk Not disinfected D:\Cookies\manhin lee@ath.belnk[1].txt
Spyware:Cookie/Atwola Not disinfected D:\Cookies\manhin lee@atwola[1].txt
Spyware:Cookie/Banner Not disinfected D:\Cookies\manhin lee@banner[1].txt
Spyware:Cookie/Belnk Not disinfected D:\Cookies\manhin lee@belnk[2].txt
Spyware:Cookie/Ccbill Not disinfected D:\Cookies\manhin lee@ccbill[1].txt
Spyware:Cookie/did-it Not disinfected D:\Cookies\manhin lee@did-it[2].txt
Spyware:Cookie/Belnk Not disinfected D:\Cookies\manhin lee@dist.belnk[1].txt
Spyware:Cookie/Go Not disinfected D:\Cookies\manhin lee@go[2].txt
Spyware:Cookie/Screensavers Not disinfected D:\Cookies\manhin lee@i.screensavers[1].txt
Spyware:Cookie/Bettersearch Not disinfected D:\Cookies\manhin lee@index[2].txt
Spyware:Cookie/MediaTickets Not disinfected D:\Cookies\manhin lee@kinghost[1].txt
Spyware:Cookie/Maxserving Not disinfected D:\Cookies\manhin lee@maxserving[1].txt
Spyware:Cookie/Tickle Not disinfected D:\Cookies\manhin lee@tickle[2].txt
Spyware:Cookie/WebPower Not disinfected D:\Cookies\manhin lee@webpower[2].txt
Spyware:Cookie/seeqA Not disinfected D:\Cookies\manhin lee@www.seeq[1].txt
Spyware:Cookie/Seeq Not disinfected D:\Cookies\manhin lee@www48.seeq[1].txt
Spyware:Cookie/Xmts Not disinfected D:\Cookies\manhin lee@xmts[2].txt
Hacktool:HackTool/EvID Not disinfected D:\Downloads\EvidPack\EvID4226Patch.exe
Adware:Adware/PurityScan Not disinfected D:\qoobox\purity\My Documents\STEM~1\rυndll.exe
mhl23
2007-02-03, 10:05
Here is the HijackThis report:

Logfile of HijackThis v1.99.1
Scan saved at 12:57:47 AM, on 2/3/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\WINDOWS\system32\cba\pds.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\cba\xfr.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\AOL\1140810325\ee\AOLSoftware.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
D:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\Saitek\Software\Profiler.exe
C:\Program Files\Saitek\Software\SaiMfd.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
D:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
D:\Program Files\Logitech\SetPoint\SetPoint.exe
D:\Program Files\3M\PSNLite\PsnLite.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
D:\PROGRA~1\3M\PSNLite\PSNGive.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
D:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\BitComet\BitComet.exe
C:\Program Files\Hijackthis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: TwcToolbarBhoApp Class - {AA1F9DDB-E605-4ba6-81D4-E427DEE012AD} - C:\WINDOWS\system32\TwcToolbarBho.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: The Weather Channel Toolbar - {2E5E800E-6AC0-411E-940A-369530A35E43} - C:\WINDOWS\system32\TwcToolbarIe7.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1140810325\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [ClubBox] "C:\WINDOWS\system32\clubbox.exe" -l
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "D:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [ppmate] D:\Program Files\PPMate\PPMate\ppmate.exe -autoplay
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Profiler] C:\Program Files\Saitek\Software\Profiler.exe
O4 - HKLM\..\Run: [SaiMfd] C:\Program Files\Saitek\Software\SaiMfd.exe
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp /HIDEBL
O4 - Global Startup: Acrobat Assistant.lnk = D:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: dlbcserv.lnk = C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: Post-itR Software Notes Lite.lnk = D:\Program Files\3M\PSNLite\PsnLite.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: Aa·N??2EEOAμ3?A÷3cOUIs1U?’ - {022C4009-5283-4365-97BF-144054B40E2E} - http://itv.mop.com (file missing)
O9 - Extra 'Tools' menuitem: 2¥°OμcEO - {022C4009-5283-4365-97BF-144054B40E2E} - http://itv.mop.com (file missing)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: The Weather Channel - {2E5E800E-6AC0-411E-940A-369530A35E43} - (no file)
O9 - Extra 'Tools' menuitem: The Weather Channel - {2E5E800E-6AC0-411E-940A-369530A35E43} - (no file)
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: D.S.Lite - {F8475519-8412-4D40-A46E-692D9D04DF7F} - D:\Downloads\dsl\DSLite.exe
O9 - Extra 'Tools' menuitem: &D.S.Lite - {F8475519-8412-4D40-A46E-692D9D04DF7F} - D:\Downloads\dsl\DSLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: TVShortcutCAB - http://att.mobitv.com/TVShortcut.CAB
O16 - DPF: {0AE0F5F9-8233-49A4-A3C8-004CE190787B} (BMSpeedCheck Control) - http://www.pdbox.co.kr/boxmedia/ctrl_down/BMSpeedCheck.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {39D420B3-E0EB-424C-89AA-C24F8DE7EF79} (KooPlayer Control) - http://www.vivitv.com/KooPlayer.ocx
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {CBD8B1CB-2F5F-415F-93E8-A297B33DCBB2} (CentrinoCheck Control) - http://entriq.vo.llnwd.net/o1/NBCUniversal/cabs/cpucheck_1_0_0_5.cab
O16 - DPF: {CE7D2BF2-D173-4CE2-9DAF-15EA153B5B43} - http://entriq.vo.llnwd.net/o1/NBCUniversal/cabs/Entriq_3_4_0_15_Silent.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DE0FB644-C59B-46D1-B650-88BA945BC98F} - http://entriq.vo.llnwd.net/o1/NBCUniversal/cabs/NBCUniversal_1_0_0_3.cab
O16 - DPF: {DF7E9E9B-A7D8-4B2C-82E0-AC630D9594A5} (JSUpdaterAx Control) - http://www.jceports.com/_app/cab/JSUpdaterAX.cab
O16 - DPF: {FEE1002D-90A5-4A5D-AABE-01803FFBCF7A} (pCastPanel Class) - http://ps.itv.mop.com/dn/files/pCastCtl_1.0.0.87_20060601.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel File Transfer - IntelR Corporation - C:\WINDOWS\system32\cba\xfr.exe
O23 - Service: Intel PDS - IntelR Corporation - C:\WINDOWS\system32\cba\pds.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe



Thanks !
teacup61
2007-02-03, 22:05
Hello,

Try uninstalling your Weather Channel stuff and reinstalling it. It could be that infection corrupted it somewhere along the way. I don't use the toolbar, but I do use the program, so I know it can be uninstalled and downloaded again. ;) Let me know how it goes. :)

Regards,
tea
mhl23
2007-02-04, 01:01
Hi,

I did what you said, and now it's back to normal for the weather channel toolbar.

Is my computer clean now? or there are more spywares on my computer?
Since i saw there are 30 or so spywares detected by ActiveScan,
and how should i go about cleaning those up?

Anything else that I can do to further clean up my computer?

Thank you so much for all your help so far !
Really appreciate it a lot !
teacup61
2007-02-04, 04:08
Hello,

I'd like for you to run one more program, please. This one will clean out the registry and other left overs. :)

Download the trial version of Spy Sweeper from
Here (http://www.webroot.com/shoppingcart/tryme.php?bjpc=64011&vcode=DT14)

Install it using the Standard Install option. (You will be asked for your e-mail address, it is safe to give it. If you receive alerts from your firewall, allow all activities for Spy Sweeper)

You will be prompted to check for updated definitions, please do so.
(This may take several minutes)

Click on Options > Sweep Options and check Sweep all Folders on Selected drives. Check Local Disc C. Under What to Sweep, check every box.

Click on Sweep and allow it to fully scan your system.

When the sweep has finished, click Remove. Click Select All and then Next

From 'Results', select the Session Log tab. Click Save to File and save the log somewhere convenient.

Exit Spy Sweeper.

Restart your computer, and then please copy and paste the SpySweeper log into this thread.

How is it running now?

Thanks,
tea
mhl23
2007-02-04, 06:40
Hi,

My system is running better than before,
I think it is slight faster than before when booting up.

Here is the Spy Sweeper seesion logs,
I didn't see a "Delete" option, but rather just Quarantine.

9:29 PM: Removal process completed. Elapsed time 00:00:03
9:29 PM: Quarantining All Traces: tribalfusion cookie
9:29 PM: Quarantining All Traces: tacoda cookie
9:29 PM: Quarantining All Traces: questionmarket cookie
9:29 PM: Quarantining All Traces: atwola cookie
9:29 PM: Quarantining All Traces: atlas dmt cookie
9:29 PM: Quarantining All Traces: advertising cookie
9:29 PM: Quarantining All Traces: adrevolver cookie
9:29 PM: Quarantining All Traces: 2o7.net cookie
9:29 PM: Quarantining All Traces: mysee alert
9:29 PM: Quarantining All Traces: duduaccelerator
9:29 PM: Quarantining All Traces: spysheriff fakealert
9:29 PM: Quarantining All Traces: trojan agent winlogonhook
9:29 PM: Quarantining All Traces: purityscan
9:29 PM: Removal process initiated
9:28 PM: Traces Found: 20
9:28 PM: Custom Sweep has completed. Elapsed time 00:26:51
9:28 PM: File Sweep Complete, Elapsed Time: 00:23:58
9:27 PM: Warning: TCompressedFile.GetStreams(1): Stream read error
9:25 PM: ApplicationMinimized - EXIT
9:25 PM: ApplicationMinimized - EXIT
9:25 PM: ApplicationMinimized - ENTER
9:25 PM: ApplicationMinimized - ENTER
9:19 PM: Warning: SweepDirectories: Cannot find directory "f:". This directory was not added to the list of paths to be scanned.
9:19 PM: Warning: SweepDirectories: Cannot find directory "e:". This directory was not added to the list of paths to be scanned.
9:18 PM: Warning: PCRE_ERROR_BADUTF8
9:18 PM: D:\qoobox\purity\My Documents\STEM~1\rυndll.exe (ID = 450)
9:12 PM: Warning: PCRE_ERROR_BADUTF8
9:12 PM: Warning: PCRE_ERROR_BADUTF8
9:11 PM: Warning: PCRE_ERROR_BADUTF8
9:06 PM: Warning: PCRE_ERROR_BADUTF8
9:04 PM: C:\WINDOWS\system32\secure32.html (ID = 184319)
9:04 PM: Found Adware: spysheriff fakealert
9:04 PM: C:\Program Files\GAOV (ID = 2147525757)
9:04 PM: Starting File Sweep
9:04 PM: Cookie Sweep Complete, Elapsed Time: 00:00:00
9:04 PM: c:\documents and settings\manhin lee\cookies\manhin_lee@tribalfusion[1].txt (ID = 3589)
9:04 PM: Found Spy Cookie: tribalfusion cookie
9:04 PM: c:\documents and settings\manhin lee\cookies\manhin_lee@tacoda[1].txt (ID = 6444)
9:04 PM: Found Spy Cookie: tacoda cookie
9:04 PM: c:\documents and settings\manhin lee\cookies\manhin_lee@questionmarket[2].txt (ID = 3217)
9:04 PM: Found Spy Cookie: questionmarket cookie
9:04 PM: c:\documents and settings\manhin lee\cookies\manhin_lee@media.adrevolver[1].txt (ID = 2089)
9:04 PM: c:\documents and settings\manhin lee\cookies\manhin_lee@atwola[2].txt (ID = 2255)
9:04 PM: c:\documents and settings\manhin lee\cookies\manhin_lee@atwola[1].txt (ID = 2255)
9:04 PM: Found Spy Cookie: atwola cookie
9:04 PM: c:\documents and settings\manhin lee\cookies\manhin_lee@atdmt[3].txt (ID = 2253)
9:04 PM: c:\documents and settings\manhin lee\cookies\manhin_lee@atdmt[2].txt (ID = 2253)
9:04 PM: Found Spy Cookie: atlas dmt cookie
9:04 PM: c:\documents and settings\manhin lee\cookies\manhin_lee@advertising[3].txt (ID = 2175)
9:04 PM: c:\documents and settings\manhin lee\cookies\manhin_lee@advertising[2].txt (ID = 2175)
9:04 PM: Found Spy Cookie: advertising cookie
9:04 PM: c:\documents and settings\manhin lee\cookies\manhin_lee@adrevolver[1].txt (ID = 2088)
9:04 PM: Found Spy Cookie: adrevolver cookie
9:04 PM: c:\documents and settings\manhin lee\cookies\manhin_lee@2o7[2].txt (ID = 1957)
9:04 PM: c:\documents and settings\manhin lee\cookies\manhin_lee@2o7[1].txt (ID = 1957)
9:04 PM: Found Spy Cookie: 2o7.net cookie
9:04 PM: Starting Cookie Sweep
9:04 PM: Registry Sweep Complete, Elapsed Time:00:00:08
9:04 PM: HKLM\software\microsoft\mssmgr\ (ID = 1776755)
9:04 PM: Found Trojan Horse: trojan agent winlogonhook
9:04 PM: HKLM\software\microsoft\windows\currentversion\uninstall\yazzle1162oin\ (ID = 1738184)
9:04 PM: Found Adware: purityscan
9:04 PM: HKLM\software\gaov\ (ID = 1533619)
9:04 PM: Found Adware: mysee alert
9:04 PM: HKLM\software\dudu\ (ID = 659241)
9:04 PM: Found Adware: duduaccelerator
9:04 PM: Starting Registry Sweep
9:04 PM: Memory Sweep Complete, Elapsed Time: 00:02:39
9:03 PM: ApplicationMinimized - EXIT
9:03 PM: ApplicationMinimized - EXIT
9:03 PM: ApplicationMinimized - ENTER
9:03 PM: ApplicationMinimized - ENTER
9:03 PM: ApplicationMinimized - EXIT
9:03 PM: ApplicationMinimized - ENTER
9:03 PM: ApplicationMinimized - EXIT
9:03 PM: ApplicationMinimized - ENTER
9:03 PM: ApplicationMinimized - EXIT
9:03 PM: ApplicationMinimized - ENTER
9:02 PM: ApplicationMinimized - EXIT
9:02 PM: ApplicationMinimized - EXIT
9:02 PM: ApplicationMinimized - ENTER
9:02 PM: ApplicationMinimized - ENTER
9:02 PM: ApplicationMinimized - EXIT
9:02 PM: ApplicationMinimized - ENTER
9:02 PM: ApplicationMinimized - EXIT
9:02 PM: ApplicationMinimized - ENTER
9:02 PM: ApplicationMinimized - EXIT
9:02 PM: ApplicationMinimized - ENTER
9:01 PM: ApplicationMinimized - EXIT
9:01 PM: ApplicationMinimized - EXIT
9:01 PM: ApplicationMinimized - ENTER
9:01 PM: ApplicationMinimized - ENTER
9:01 PM: Starting Memory Sweep
9:01 PM: Start Custom Sweep
9:01 PM: Sweep initiated using definitions version 845
9:00 PM: Access to Hosts file allowed for C:\PROGRAM FILES\GRISOFT\AVG ANTI-SPYWARE 7.5\AVGAS.EXE
Keylogger: Off
BHO Shield: On
IE Security Shield: On
Alternate Data Stream (ADS) Execution Shield: On
Startup Shield: On
Common Ad Sites: Off
Hosts File Shield: On
Internet Communication Shield: On
ActiveX Shield: On
Windows Messenger Service Shield: On
IE Favorites Shield: On
Spy Installation Shield: On
Memory Shield: Off
IE Hijack Shield: On
IE Tracking Cookies Shield: Off
8:54 PM: Shield States
8:54 PM: Spyware Definitions: 845
8:54 PM: Spy Sweeper 5.3.1.2344 started
8:54 PM: Spy Sweeper 5.3.1.2344 started
8:54 PM: | Start of Session, Saturday, February 03, 2007 |
***************


will follow up with a HijackThis report
mhl23
2007-02-04, 06:46
HijackThis log:

Logfile of HijackThis v1.99.1
Scan saved at 9:38:30 PM, on 2/3/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\cba\pds.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\cba\xfr.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\AOL\1140810325\ee\AOLSoftware.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
D:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\Saitek\Software\Profiler.exe
C:\Program Files\Saitek\Software\SaiMfd.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\AIM6\aolsoftware.exe
D:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
D:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
D:\Program Files\3M\PSNLite\PsnLite.exe
C:\WINDOWS\system32\wuauclt.exe
D:\PROGRA~1\3M\PSNLite\PSNGive.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\Common Files\Teleca Shared\Generic.exe
D:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Hijackthis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: TwcToolbarBhoApp Class - {AA1F9DDB-E605-4ba6-81D4-E427DEE012AD} - C:\WINDOWS\system32\TwcToolbarBho.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: The Weather Channel Toolbar - {2E5E800E-6AC0-411E-940A-369530A35E43} - C:\WINDOWS\system32\TwcToolbarIe7.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] "C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /SYNC
O4 - HKLM\..\Run: [PHIME2002A] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /IMEName
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SynTPLpr] "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [HostManager] "C:\Program Files\Common Files\AOL\1140810325\ee\AOLSoftware.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] "rundll32.exe" bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [ClubBox] "C:\WINDOWS\system32\clubbox.exe" -l
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "D:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [ppmate] "D:\Program Files\PPMate\PPMate\ppmate.exe" -autoplay
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Profiler] "C:\Program Files\Saitek\Software\Profiler.exe"
O4 - HKLM\..\Run: [SaiMfd] "C:\Program Files\Saitek\Software\SaiMfd.exe"
O4 - HKLM\..\Run: [TrueImageMonitor.exe] "C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe"
O4 - HKLM\..\Run: [AcronisTimounterMonitor] "C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe"
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp /HIDEBL
O4 - Global Startup: Acrobat Assistant.lnk = D:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: dlbcserv.lnk = C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: Post-itR Software Notes Lite.lnk = D:\Program Files\3M\PSNLite\PsnLite.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: Aa·N??2EEOAμ3?A÷3cOUIs1U?’ - {022C4009-5283-4365-97BF-144054B40E2E} - http://itv.mop.com (file missing)
O9 - Extra 'Tools' menuitem: 2¥°OμcEO - {022C4009-5283-4365-97BF-144054B40E2E} - http://itv.mop.com (file missing)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: The Weather Channel - {2E5E800E-6AC0-411E-940A-369530A35E43} - (no file)
O9 - Extra 'Tools' menuitem: The Weather Channel - {2E5E800E-6AC0-411E-940A-369530A35E43} - (no file)
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: D.S.Lite - {F8475519-8412-4D40-A46E-692D9D04DF7F} - D:\Downloads\dsl\DSLite.exe
O9 - Extra 'Tools' menuitem: &D.S.Lite - {F8475519-8412-4D40-A46E-692D9D04DF7F} - D:\Downloads\dsl\DSLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: TVShortcutCAB - http://att.mobitv.com/TVShortcut.CAB
O16 - DPF: {0AE0F5F9-8233-49A4-A3C8-004CE190787B} (BMSpeedCheck Control) - http://www.pdbox.co.kr/boxmedia/ctrl_down/BMSpeedCheck.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {39D420B3-E0EB-424C-89AA-C24F8DE7EF79} (KooPlayer Control) - http://www.vivitv.com/KooPlayer.ocx
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {CBD8B1CB-2F5F-415F-93E8-A297B33DCBB2} (CentrinoCheck Control) - http://entriq.vo.llnwd.net/o1/NBCUniversal/cabs/cpucheck_1_0_0_5.cab
O16 - DPF: {CE7D2BF2-D173-4CE2-9DAF-15EA153B5B43} - http://entriq.vo.llnwd.net/o1/NBCUniversal/cabs/Entriq_3_4_0_15_Silent.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DE0FB644-C59B-46D1-B650-88BA945BC98F} - http://entriq.vo.llnwd.net/o1/NBCUniversal/cabs/NBCUniversal_1_0_0_3.cab
O16 - DPF: {DF7E9E9B-A7D8-4B2C-82E0-AC630D9594A5} (JSUpdaterAx Control) - http://www.jceports.com/_app/cab/JSUpdaterAX.cab
O16 - DPF: {FEE1002D-90A5-4A5D-AABE-01803FFBCF7A} (pCastPanel Class) - http://ps.itv.mop.com/dn/files/pCastCtl_1.0.0.87_20060601.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel File Transfer - IntelR Corporation - C:\WINDOWS\system32\cba\xfr.exe
O23 - Service: Intel PDS - IntelR Corporation - C:\WINDOWS\system32\cba\pds.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe





Would you recommend any anti-virus and spyware softwares that I should buy?
Would spybot alone be good enough?
Should I uninstall all the software that I have installed when I performed the task above?

I would like to have advices from an expert like you !

Thank you so much for helping.
teacup61
2007-02-04, 07:41
Hello,

SpySweeper is the trial version, so you can uninstall it.

The following are not malware, but fixing them with HijackThis will improve your system's speed, and your bootup time will be a lot quicker. None are necessary at startup, and may be started manually at any time. This is up to you. :)

Please run HijackThis! and click "Scan." Place checks next to the following entries, if present:

O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] "C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /SYNC
O4 - HKLM\..\Run: [PHIME2002A] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /IMEName
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HostManager] "C:\Program Files\Common Files\AOL\1140810325\ee\AOLSoftware.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Profiler] "C:\Program Files\Saitek\Software\Profiler.exe"
O4 - HKLM\..\Run: [TrueImageMonitor.exe] "C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"

Close all browsers and other windows except for HijackThis!, and click "Fix Checked".

Reboot your computer and see if it's faster now. :)

You don't have to buy programs to keep your computer protected! :) Everything I use to protect my computer is free, and just as good (In some cases BETTER) than programs you have to pay for.

Your log looks clean again, so it's time for those recommendations anyway. ;)

Below I have included a number of recommendations on how to protect your computer in order to prevent future malware infections. Please take these recommendations seriously! These few simple steps can stave off the vast majority of spyware problems.

AVG (http://free.grisoft.com/freeweb.php/doc/2/), Avira (http://www.free-av.com/) OR Avast (http://www.avast.com/) are good FREE antivirus.

Some good free Firewalls are :
http://www.sunbelt-software.com/Kerio-Download.cfm
http://www.agnitum.com/products/outpostfree/index.php
http://www.zonelabs.com/store/content/company/products/znalm/freeDownload.jsp?lid=staticcomp_za

In order to protect yourself against spyware, you should consider installing and running the following free programs:

SpywareBlaster (http://www.javacoolsoftware.com/spywareblaster.html)
A tutorial on using SpywareBlaster to prevent spyware from ever installing on your computer may be found here (http://www.bleepingcomputer.com/forums/tutorial49.html).

SpywareGuard (http://www.javacoolsoftware.com/spywareguard.html)
A tutorial on using SpywareGuard for realtime protection against spyware and hijackers may be found here (http://www.bleepingcomputer.com/forums/tutorial50.html).

Spybot-Search & Destroy (http://www.safer-networking.org/en/download)
A tutorial on using Spybot to remove spyware from your computer may be found here (http://www.bleepingcomputer.com/forums/tutorial43.html). Please also remember to enable Spybot's "Immunize" and "TeaTimer" features.

IE/Spyad:
It places over 5000 malicious websites and domains in your IE's restricted zone.
IE/Spyad (http://www.spywarewarrior.com/uiuc/resource.htm)

Make sure to keep these programs up-to-date and to run them regularly, as this can prevent a great deal of spyware hassle.

* Avoid illegal sites, because that's where most malware is present.
* Don't click on links inside popups.
* Don't click on links in spam messages claiming to offer anti-spyware software; because most of these so called removers ARE spyware.
* Download free software only from sites you know and trust. A lot of free software can bundle other software, including spyware.

Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in popup blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from here:
http://www.mozilla.org/products/firefox/

Please make sure to run your antivirus software regularly, and to keep it up-to-date.

If all is good still, then we're done here. :bigthumb:

Take care, and surf safe!
tea
mhl23
2007-02-04, 11:36
Hi,

I have some more questions.
I currently have Symantic Antivirus,
and installed Spybot Search & Destry and Teatime.
and IE/Spyad

Do i need to install both AVG and SpywareGuard at the same time?
or Tea time is good enough, and i don't need AVG and SpywareGuard?

I read that running multiple antivirus and adware programs are not good.

Please let me know what I should do.

I like to use IE because Mozilla wont' let me use the "back" button on my MX revolution mouse. and i love that button.
it might sound silly, but the button is really convenient.

THanks again for all your help !
teacup61
2007-02-04, 21:41
Only use one AntiVirus on your system. What you heard is right....more than one AntiVirus will cause instability, and they won't be able to function at their best.

In your example, are you wanting to run AVG AntiVirus and Spyware Guard? That will be fine, if that's what you're asking. You could also run IE Spyad and Spybot with them and still be all right....just don't over do it :)

It's not silly....you like what you like. :) Just be careful with IE....nothing is perfect, but IE is more targetted than others.
mhl23
2007-02-04, 22:51
I would like to know if I am running spybot search &destroy and TeaTime.
Do I need SpywareGuard? Because I think that TeaTimer and SpywareGuard are kinda doing the same thing?

Also, I have the Symantic Antivirus, then, do I need AVG anti-spyware?
Because I have AVG Anti spyware, not AVG AntiVirus.

So, what I wanna run is this:
Symantic AntiVirus Client, Spybot Search & Destroy with TeaTimer.
and IE/Spyad.

Does this sound good? or maybe I should go with another setup?

Thanks
teacup61
2007-02-05, 00:15
So, what I wanna run is this:
Symantic AntiVirus Client, Spybot Search & Destroy with TeaTimer.
and IE/Spyad. I see now....thank you for clarifying. Sounds good. :bigthumb: Add one of the firewalls to it that I recommended, and that ought to do it....and be safe, of course. Be careful where you go.


Regards,
tea
mhl23
2007-02-05, 20:06
Just to wanna say Thanks!
Thanks for all the help!
teacup61
2007-02-06, 04:24
You're most welcome! :greeting: