Is my system clear of rpcc.dll now?

M

mhl23

New member
Hi,

I was using spybot to scan my computer, and was having trouble to remove "rpcc.dll".
so, I just followed the steps from this thread http://forums.spybot.info/showthread.php?t=9990.

Attached is the report by SDFix.exe.
and a zipped HijackThis log, since if i just post it here, the post will be too long.


Please let me know if i am free of spyware or virus right now

THANKS A LOT !
 
Help please !
I am also having a svchost.exe virus problem.
Detected by Symantic AntiVirus.

And everytime after i restart, the settings are not saved.
like my quick launch would not be showing,
and somtimes, there is a blackwindow popping up and disappearing.

Thanks for the help !
 
Hello mhl23,

Welcome to Safer Networking Forums :)

Youch......you have a lot more to worry about than just that one. :spider: Just the fact that SDFix removed all those things tells me your system is compromised. If you have any sensitive information (passwords to bank accounts, credit card #s, etc....) you should change them from a clean computer. We can get rid of the malware, but with the damage done already I cannot promise you a trustworthy computer in the end. The only way to know for sure would be a reformat and reinstall. If you would rather continue on, then please do the following:

If you don't use the Logitech Desktop Messenger, then please do the following :

Please run HijackThis! and click "Scan." Place checks next to the following entries, if present:

All those 018s related to Desktop Messenger

Close all browsers and other windows except for HijackThis!, and click "Fix Checked".

Delete the following folder:

C:\Program Files\Logitech\Desktop Messenger

This will also help pare down future HijackThis logs. :)

Please download VundoFix.exe to your desktop.
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
  • Please post the contents of C:\vundofix.txt in yur reply.

1. Download this file - combofix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply please, along with a new HijackThis log.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall.

Please go ahead and post the reports here in the thread, taking as many posts as you need to do it. It really is easier to deal with that way. :)

Thanks,
tea
 
Thanks for your reply,

I removed all the 018s that are related to Desktop Messenger,
But i cannot delete the folder Logitch\Desktop Messenger.
It says "Cannot delete backweb.dll: Access is denied. Make sure th disk is not ful or write-protected and that the file is not currentlyin use."

I don't recall using Logitech Messegner, since I don't think I have chatte with this program before, did the virus make up this folder?

Should i proceed to Vundo, either though i can't delete the folder?

Thanks very much for helping
 
I have gone ahead without deleting the Desktop Messeger
The 3 logs are as follow:

ComboFix:

"manhin lee" - 07-01-31 22:01:00 Service Pack 2
ComboFix 07.01.31 - Running from: "C:\Documents and Settings\manhin lee\Desktop"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Program Files\Common Files\Yazzle1162OinAdmin.exe
C:\Program Files\Common Files\Yazzle1162OinUninstaller.exe
C:\WINDOWS\system32\unsvchosts.lzma
C:\WINDOWS\svchost.exe
C:\Program Files\Outerinfo
C:\Program Files\Common Files\sogou pxp
~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
Folders Quarantined:
C:\qoobox\purity\Program Files\DOBE~1
C:\qoobox\purity\WINDOWS\YSTEM~1
C:\qoobox\purity\WINDOWS\YSTEM~1\attrib.exe
C:\qoobox\purity\WINDOWS\YSTEM~1\?ystem


((((((((((((((((((((((((((((((( Files Created from 2006-12-31 to 2007-01-31 ))))))))))))))))))))))))))))))))))


2007-01-31 22:04 <DIR> d-------- C:\WINDOWS\ERDNT
2007-01-31 21:37 <DIR> d-------- C:\VundoFix Backups
2007-01-31 21:17 277,256 ---hs---- C:\WINDOWS\system32\qopml.dll
2007-01-31 21:17 277,256 ---hs---- C:\WINDOWS\system32\khfda.dll
2007-01-31 21:14 277,256 ---hs---- C:\WINDOWS\system32\byxxx.dll
2007-01-31 20:41 277,120 ---hs---- C:\WINDOWS\system32\fccay.dll
2007-01-31 14:39 277,064 ---hs---- C:\WINDOWS\system32\ddaaa.dll
2007-01-31 14:31 277,064 ---hs---- C:\WINDOWS\system32\rqonm.dll
2007-01-31 14:28 277,273 ---hs---- C:\WINDOWS\system32\mllki.dll
2007-01-31 14:21 277,273 ---hs---- C:\WINDOWS\system32\ursqo.dll
2007-01-31 13:39 277,073 ---hs---- C:\WINDOWS\system32\byxyv.dll
2007-01-31 13:30 277,073 ---hs---- C:\WINDOWS\system32\qoppo.dll
2007-01-31 12:29 277,261 ---hs---- C:\WINDOWS\system32\hgdaw.dll
2007-01-31 12:27 277,261 ---hs---- C:\WINDOWS\system32\gebca.dll
2007-01-31 12:20 277,261 ---hs---- C:\WINDOWS\system32\cbxxy.dll
2007-01-31 11:39 277,139 ---hs---- C:\WINDOWS\system32\nnnmk.dll
2007-01-31 11:38 277,139 ---hs---- C:\WINDOWS\system32\xxyay.dll
2007-01-31 11:33 <DIR> d-------- C:\Program Files\Hijackthis
2007-01-31 09:28 277,254 ---hs---- C:\WINDOWS\system32\xxyyx.dll
2007-01-31 03:31 277,245 ---hs---- C:\WINDOWS\system32\sstsq.dll
2007-01-31 03:21 277,246 ---hs---- C:\WINDOWS\system32\wvwww.dll
2007-01-31 02:58 <DIR> d-------- C:\SDFix
2007-01-31 02:31 277,196 ---hs---- C:\WINDOWS\system32\cbaxy.dll
2007-01-31 02:29 277,196 ---hs---- C:\WINDOWS\system32\rqrsr.dll
2007-01-31 02:20 8,704 --a------ C:\WINDOWS\system32\v6.exe
2007-01-31 02:20 60,416 --a------ C:\WINDOWS\system32\jqnlpds.dll
2007-01-31 02:17 277,196 ---hs---- C:\WINDOWS\system32\mlllk.dll
2007-01-31 01:47 277,257 ---hs---- C:\WINDOWS\system32\efcdd.dll
2007-01-31 01:39 277,296 ---hs---- C:\WINDOWS\system32\cbxyv.dll
2007-01-31 01:38 277,296 ---hs---- C:\WINDOWS\system32\rqrqq.dll
2007-01-30 23:34 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Spybot - Search & Destroy
2007-01-30 22:20 277,264 ---hs---- C:\WINDOWS\system32\hgddb.dll
2007-01-30 22:20 277,264 ---hs---- C:\WINDOWS\system32\ddcby.dll
2007-01-30 22:18 277,242 ---hs---- C:\WINDOWS\system32\cbayv.dll
2007-01-30 22:04 277,082 ---hs---- C:\WINDOWS\system32\ssqnl.dll
2007-01-30 21:42 277,258 ---hs---- C:\WINDOWS\system32\pmklj.dll
2007-01-30 21:30 277,270 ---hs---- C:\WINDOWS\system32\wvuut.dll
2007-01-30 18:08 277,148 ---hs---- C:\WINDOWS\system32\jkkkj.dll
2007-01-30 18:04 277,296 ---hs---- C:\WINDOWS\system32\khfed.dll
2007-01-30 17:41 277,068 ---hs---- C:\WINDOWS\system32\qoppp.dll
2007-01-30 17:31 277,129 ---hs---- C:\WINDOWS\system32\oppon.dll
2007-01-30 17:31 277,129 ---hs---- C:\WINDOWS\system32\awtts.dll
2007-01-30 17:29 277,064 ---hs---- C:\WINDOWS\system32\pmkli.dll
2007-01-30 17:15 277,229 ---hs---- C:\WINDOWS\system32\nnnli.dll
2007-01-30 17:14 277,229 ---hs---- C:\WINDOWS\system32\yayvu.dll
2007-01-30 17:14 277,229 ---hs---- C:\WINDOWS\system32\cbayw.dll
2007-01-30 17:12 277,229 ---hs---- C:\WINDOWS\system32\qopop.dll
2007-01-30 17:07 155,648 ---h----- C:\Program Files\Common Files\svchost.exe
2007-01-30 17:01 620,123 --a------ C:\WINDOWS\system32\RegistryCleanerSetup.exe
2007-01-30 16:57 277,063 ---hs---- C:\WINDOWS\system32\vtspp.dll
2007-01-30 16:56 277,063 ---hs---- C:\WINDOWS\system32\hgday.dll
2007-01-30 16:52 2 --a------ C:\WINDOWS\system32\wnstscc.exe
2007-01-30 16:51 18,944 --a------ C:\WINDOWS\system32\winsxf32.dll
2007-01-22 15:12 21,425 --a------ C:\WINDOWS\system32\drivers\AegisP.sys
2007-01-22 15:12 <DIR> d-------- C:\DOCUME~1\LOCALS~1\Application Data\Intel
2007-01-22 15:12 <DIR> d-------- C:\DOCUME~1\DEFAUL~1\Application Data\Intel
2007-01-22 15:11 <DIR> d-------- C:\DOCUME~1\NETWOR~1\Application Data\Intel
2007-01-22 15:11 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Intel
2007-01-22 15:10 <DIR> d-------- C:\DOCUME~1\MANHIN~1\Application Data\Intel
2007-01-21 18:24 87,608 --a------ C:\DOCUME~1\MANHIN~1\Application Data\ezpinst.exe
2007-01-21 18:24 47,360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys
2007-01-21 18:24 47,360 --a------ C:\DOCUME~1\MANHIN~1\Application Data\pcouffin.sys
2007-01-21 18:24 <DIR> d-------- C:\Program Files\vso
2007-01-21 18:24 <DIR> d-------- C:\DOCUME~1\MANHIN~1\Application Data\Vso
2007-01-16 01:32 <DIR> d-------- C:\DOCUME~1\MANHIN~1\Application Data\Viewpoint
2007-01-14 02:56 <DIR> d-------- C:\Program Files\Common Files\Skype
2007-01-14 02:56 <DIR> d-------- C:\DOCUME~1\MANHIN~1\Application Data\Skype
2007-01-14 02:56 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Skype
2007-01-14 02:55 <DIR> d-------- C:\Program Files\Skype
2007-01-12 11:00 <DIR> d-------- C:\WINDOWS\ie7updates
2007-01-11 01:47 102,400 -ra------ C:\WINDOWS\system32\grdmgr.exe
2007-01-10 06:08 <DIR> d-------- C:\Program Files\Virtual Earth 3D
2007-01-08 06:59 <DIR> d-------- C:\Program Files\Common Files\xing shared
2007-01-07 08:43 <DIR> d-------- C:\DOCUME~1\MANHIN~1\Application Data\Camfrog
2007-01-05 08:02 61,440 --a------ C:\WINDOWS\system32\nod.dll
2007-01-04 05:30 17,024 --a------ C:\WINDOWS\system32\drivers\usbohci.sys
2007-01-04 02:27 1,179,136 --a------ C:\WINDOWS\system32\AutoPartNt.exe
2007-01-04 02:09 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Acronis
2007-01-04 02:01 388,000 --a------ C:\WINDOWS\system32\drivers\timntr.sys
2007-01-04 02:01 32,288 --a------ C:\WINDOWS\system32\drivers\tifsfilt.sys
2007-01-04 02:00 99,776 --a------ C:\WINDOWS\system32\drivers\snapman.sys
2007-01-04 02:00 <DIR> d-------- C:\Program Files\Common Files\Acronis
2007-01-04 02:00 <DIR> d-------- C:\Program Files\Acronis
2007-01-03 22:21 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Real


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-01-31 14:06 -------- d-------- C:\Documents and Settings\manhin lee\Application Data\foobar2000
2007-01-30 21:31 -------- d-------- C:\Program Files\mozilla firefox
2007-01-30 18:52 -------- d-------- C:\Program Files\the weather channel toolbar
2007-01-30 17:06 -------- d-------- C:\Program Files\flashget
2007-01-28 23:51 359808 --a------ C:\WINDOWS\system32\drivers\TCPIP.SYS
2007-01-28 22:29 2560 --a------ C:\WINDOWS\system32\bitcometres.dll
2007-01-28 22:29 -------- d-------- C:\Program Files\bitcomet
2007-01-28 15:18 -------- d-------- C:\Documents and Settings\manhin lee\Application Data\vso
2007-01-26 01:11 -------- d-------- C:\Documents and Settings\manhin lee\Application Data\dvdcss
2007-01-22 15:10 -------- d-------- C:\Documents and Settings\manhin lee\Application Data\intel
2007-01-21 18:24 87608 --a------ C:\Documents and Settings\manhin lee\Application Data\ezpinst.exe
2007-01-21 18:24 7824 --a------ C:\Documents and Settings\manhin lee\Application Data\pcouffin.cat
2007-01-21 18:24 47360 --a------ C:\Documents and Settings\manhin lee\Application Data\pcouffin.sys
2007-01-21 18:24 34 --a------ C:\Documents and Settings\manhin lee\Application Data\pcouffin.log
2007-01-21 18:24 1144 --a------ C:\Documents and Settings\manhin lee\Application Data\pcouffin.inf
2007-01-17 00:21 -------- d-------- C:\Documents and Settings\manhin lee\Application Data\adobeum
2007-01-17 00:08 -------- d-------- C:\Program Files\pplive
2007-01-17 00:08 -------- d-------- C:\Documents and Settings\manhin lee\Application Data\ppstream
2007-01-16 23:50 -------- d-------- C:\Program Files\gaov
2007-01-16 23:47 -------- d-------- C:\Program Files\haali
2007-01-16 01:32 -------- d-------- C:\Documents and Settings\manhin lee\Application Data\viewpoint
2007-01-14 03:11 -------- d-------- C:\Documents and Settings\manhin lee\Application Data\contentguard
2007-01-14 03:03 -------- d-------- C:\Documents and Settings\manhin lee\Application Data\skype
2007-01-10 09:53 -------- d-------- C:\Program Files\viewpoint
2007-01-08 07:00 -------- d-------- C:\Documents and Settings\manhin lee\Application Data\real
2007-01-08 06:59 -------- d-------- C:\Program Files\Common Files\real
2007-01-07 08:43 -------- d-------- C:\Documents and Settings\manhin lee\Application Data\camfrog
2007-01-03 20:53 -------- d--h----- C:\Program Files\installshield installation information
2006-12-24 16:46 -------- d-------- C:\Program Files\nakido
2006-12-22 10:14 1220608 -ra------ C:\WINDOWS\system32\clubbox.exe
2006-12-20 19:11 -------- d-------- C:\Program Files\saitek
2006-12-17 23:26 118784 -r------- C:\WINDOWS\bwunin-7.2.0.157-8876480sl.exe
2006-12-17 18:00 -------- d-------- C:\Program Files\logitech
2006-12-17 17:28 223128 --a------ C:\WINDOWS\system32\drivers\vaxscsi.sys
2006-12-17 16:45 639224 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2006-12-12 17:32 -------- d-------- C:\Program Files\msn messenger
2006-12-08 19:29 118784 -r------- C:\WINDOWS\bwunin-7.2.0.137-8876480sl.exe
2006-12-08 19:26 -------- d-------- C:\Program Files\Common Files\logitech
2006-12-06 22:40 2362184 --a------ C:\WINDOWS\system32\wmvcore.dll
2006-12-04 14:01 77824 --a------ C:\WINDOWS\system32\twctoolbarbho.dll
2006-12-04 14:01 262144 --a------ C:\WINDOWS\system32\twctoolbarie7.dll
2006-12-02 18:30 -------- d-------- C:\Documents and Settings\manhin lee\Application Data\ppmate
2006-12-02 18:29 -------- d-------- C:\Program Files\Common Files\synacast
2006-12-01 11:23 -------- d-------- C:\Documents and Settings\manhin lee\Application Data\u3
2006-11-29 18:48 774144 --a------ C:\Program Files\rnginterstitial.dll
2006-11-29 07:41 327680 -ra------ C:\WINDOWS\system32\grdupdater.exe
2006-11-20 18:59 37027 --a------ C:\WINDOWS\atmoun.exe
2006-11-07 21:06 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-11-07 21:03 6049280 --a------ C:\WINDOWS\system32\ieframe.dll
2006-11-07 21:03 50688 --a------ C:\WINDOWS\system32\msfeedsbs.dll
2006-11-07 21:03 458752 --a------ C:\WINDOWS\system32\msfeeds.dll
2006-11-07 21:03 413696 --a------ C:\WINDOWS\system32\vbscript.dll
2006-11-07 21:03 231424 --a------ C:\WINDOWS\system32\webcheck.dll
2006-11-07 21:03 180736 --a------ C:\WINDOWS\system32\ieui.dll
2006-11-07 21:03 156160 --a------ C:\WINDOWS\system32\msls31.dll
2006-11-07 03:27 382976 --a------ C:\WINDOWS\system32\iedkcs32.dll
2006-11-07 03:27 229376 --a------ C:\WINDOWS\system32\ieaksie.dll
2006-11-07 03:26 71680 --a------ C:\WINDOWS\system32\admparse.dll
2006-11-07 03:26 55296 --a------ C:\WINDOWS\system32\iesetup.dll
2006-11-07 03:26 54784 --a------ C:\WINDOWS\system32\ie4uinit.exe
2006-11-07 03:26 43008 --a------ C:\WINDOWS\system32\iernonce.dll
2006-11-07 03:26 152064 --a------ C:\WINDOWS\system32\ieakeng.dll
2006-11-07 03:26 13312 --a------ C:\WINDOWS\system32\ieudinit.exe
2006-11-07 03:26 123904 --a------ C:\WINDOWS\system32\advpack.dll
2006-11-07 03:25 161792 --a------ C:\WINDOWS\system32\ieakui.dll
2006-11-04 14:14 1245696 --a------ C:\WINDOWS\system32\msxml4.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"Aim6"="\"C:\\Program Files\\AIM6\\aim6.exe\" /d locale=en-US ee://aol/imApp /HIDEBL"
"LDM"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"
"Steam"=""
"Sen"="\"C:\\WINDOWS\\YSTEM~1\\attrib.exe\" -vt yazb"
"Phh"="\"D:\\My Documents\\??stem\\rυndll.exe\" 99001162"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"IMJPMIG8.1"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32"
"MSPY2002"="C:\\WINDOWS\\system32\\IME\\PINTLGNT\\ImScInst.exe /SYNC"
"PHIME2002ASync"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC"
"PHIME2002A"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName"
"vptray"="C:\\PROGRA~1\\SYMANT~1\\SYMANT~1\\vptray.exe"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"LVCOMSX"="C:\\WINDOWS\\system32\\LVCOMSX.EXE"
"LogitechGalleryRepair"="C:\\Program Files\\Logitech\\Video\\ISStart.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"SynTPLpr"="C:\\Program Files\\Synaptics\\SynTP\\SynTPLpr.exe"
"SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"HostManager"="C:\\Program Files\\Common Files\\AOL\\1140810325\\ee\\AOLSoftware.exe"
"BluetoothAuthenticationAgent"="rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent"
"ClubBox"="\"C:\\WINDOWS\\system32\\clubbox.exe\" -l"
"igfxtray"="C:\\WINDOWS\\system32\\igfxtray.exe"
"igfxhkcmd"="C:\\WINDOWS\\system32\\hkcmd.exe"
"igfxpers"="C:\\WINDOWS\\system32\\igfxpers.exe"
"Sony Ericsson PC Suite"="\"D:\\Program Files\\Sony Ericsson\\Mobile2\\Application Launcher\\Application Launcher.exe\" /startoptions"
"HPDJ Taskbar Utility"="C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\hpztsb10.exe"
"ppmate"="D:\\Program Files\\PPMate\\PPMate\\ppmate.exe -autoplay"
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE"
"Profiler"="C:\\Program Files\\Saitek\\Software\\Profiler.exe"
"SaiMfd"="C:\\Program Files\\Saitek\\Software\\SaiMfd.exe"
"TrueImageMonitor.exe"="C:\\Program Files\\Acronis\\TrueImageHome\\TrueImageMonitor.exe"
"AcronisTimounterMonitor"="C:\\Program Files\\Acronis\\TrueImageHome\\TimounterMonitor.exe"
"Acronis Scheduler2 Service"="\"C:\\Program Files\\Common Files\\Acronis\\Schedule2\\schedhlp.exe\""
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"IntelZeroConfig"="\"C:\\Program Files\\Intel\\Wireless\\bin\\ZCfgSvc.exe\""
"IntelWireless"="\"C:\\Program Files\\Intel\\Wireless\\Bin\\ifrmewrk.exe\" /tf Intel PROSet/Wireless"
"syswin"="C:\\WINDOWS\\TEMP\\win62.tmp.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{C0AC5542-A167-4748-BF42-9D1B09723A62}"=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]
"svchost.exe"="C:\\Program Files\\Common Files\\svchost.exe"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winsxf32

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
bthsvcs REG_MULTI_SZ BthServ\0\0
mysee2 REG_MULTI_SZ Mysee2_Runtime\0


Completion time: 07-01-31 22:07:09
 
HijackThis:

Logfile of HijackThis v1.99.1
Scan saved at 10:11:41 PM, on 1/31/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\conime.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\WINDOWS\system32\cba\pds.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\cba\xfr.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\svchost.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Common Files\AOL\1140810325\ee\AOLSoftware.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
D:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\Saitek\Software\Profiler.exe
C:\Program Files\Saitek\Software\SaiMfd.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\system32\fscagent.exe
D:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
D:\Program Files\Logitech\SetPoint\SetPoint.exe
D:\Program Files\3M\PSNLite\PsnLite.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
D:\PROGRA~1\3M\PSNLite\PSNGive.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\Common Files\Teleca Shared\Generic.exe
D:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe

R3 - URLSearchHook: (no name) - {DC7B3E78-F3CC-FD1F-CB46-F8BAD8314695} - C:\WINDOWS\system32\jqnlpds.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - (no file)
O2 - BHO: TwcToolbarBhoApp Class - {AA1F9DDB-E605-4ba6-81D4-E427DEE012AD} - C:\WINDOWS\system32\TwcToolbarBho.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {C0AC5542-A167-4748-BF42-9D1B09723A62} - C:\WINDOWS\system32\khfcbax.dll (file missing)
O2 - BHO: (no name) - {DC7B3E78-F3CC-FD1F-CB46-F8BAD8314695} - C:\WINDOWS\system32\jqnlpds.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: The Weather Channel Toolbar - {2E5E800E-6AC0-411E-940A-369530A35E43} - C:\WINDOWS\system32\TwcToolbarIe7.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1140810325\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [ClubBox] "C:\WINDOWS\system32\clubbox.exe" -l
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "D:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [ppmate] D:\Program Files\PPMate\PPMate\ppmate.exe -autoplay
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Profiler] C:\Program Files\Saitek\Software\Profiler.exe
O4 - HKLM\..\Run: [SaiMfd] C:\Program Files\Saitek\Software\SaiMfd.exe
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [syswin] C:\WINDOWS\TEMP\win62.tmp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp /HIDEBL
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [Sen] "C:\WINDOWS\YSTEM~1\attrib.exe" -vt yazb
O4 - HKCU\..\Run: [Phh] "D:\My Documents\??stem\r£ondll.exe" 99001162
O4 - Global Startup: Acrobat Assistant.lnk = D:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: dlbcserv.lnk = C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: Post-itR Software Notes Lite.lnk = D:\Program Files\3M\PSNLite\PsnLite.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: Aa·N??2EEOAμ3?A÷3cOUIs1U?’ - {022C4009-5283-4365-97BF-144054B40E2E} - http://itv.mop.com (file missing)
O9 - Extra 'Tools' menuitem: 2¥°OμcEO - {022C4009-5283-4365-97BF-144054B40E2E} - http://itv.mop.com (file missing)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: The Weather Channel - {2E5E800E-6AC0-411E-940A-369530A35E43} - (no file)
O9 - Extra 'Tools' menuitem: The Weather Channel - {2E5E800E-6AC0-411E-940A-369530A35E43} - (no file)
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: D.S.Lite - {F8475519-8412-4D40-A46E-692D9D04DF7F} - D:\Downloads\dsl\DSLite.exe
O9 - Extra 'Tools' menuitem: &D.S.Lite - {F8475519-8412-4D40-A46E-692D9D04DF7F} - D:\Downloads\dsl\DSLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: TVShortcutCAB - http://att.mobitv.com/TVShortcut.CAB
O16 - DPF: {0AE0F5F9-8233-49A4-A3C8-004CE190787B} (BMSpeedCheck Control) - http://www.pdbox.co.kr/boxmedia/ctrl_down/BMSpeedCheck.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {39D420B3-E0EB-424C-89AA-C24F8DE7EF79} (KooPlayer Control) - http://www.vivitv.com/KooPlayer.ocx
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {CBD8B1CB-2F5F-415F-93E8-A297B33DCBB2} (CentrinoCheck Control) - http://entriq.vo.llnwd.net/o1/NBCUniversal/cabs/cpucheck_1_0_0_5.cab
O16 - DPF: {CE7D2BF2-D173-4CE2-9DAF-15EA153B5B43} - http://entriq.vo.llnwd.net/o1/NBCUniversal/cabs/Entriq_3_4_0_15_Silent.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DE0FB644-C59B-46D1-B650-88BA945BC98F} - http://entriq.vo.llnwd.net/o1/NBCUniversal/cabs/NBCUniversal_1_0_0_3.cab
O16 - DPF: {DF7E9E9B-A7D8-4B2C-82E0-AC630D9594A5} (JSUpdaterAx Control) - http://www.jceports.com/_app/cab/JSUpdaterAX.cab
O16 - DPF: {FEE1002D-90A5-4A5D-AABE-01803FFBCF7A} (pCastPanel Class) - http://ps.itv.mop.com/dn/files/pCastCtl_1.0.0.87_20060601.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winsxf32 - C:\WINDOWS\SYSTEM32\winsxf32.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel File Transfer - IntelR Corporation - C:\WINDOWS\system32\cba\xfr.exe
O23 - Service: Intel PDS - IntelR Corporation - C:\WINDOWS\system32\cba\pds.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
 
VundoFix:


VundoFix V6.3.5

Checking Java version...

Java version is 1.5.0.5

Java version is 1.5.0.6

Scan started at 9:37:29 PM 1/31/2007

Listing files found while scanning....

C:\WINDOWS\system32\iifecdb.dll
C:\WINDOWS\system32\khfcbax.dll
C:\WINDOWS\system32\tuvtqnn.dll

VundoFix V6.3.5

Checking Java version...

Java version is 1.5.0.5

Java version is 1.5.0.6

Scan started at 9:49:55 PM 1/31/2007

Listing files found while scanning....

C:\WINDOWS\system32\iifecdb.dll
C:\WINDOWS\system32\khfcbax.dll
C:\WINDOWS\system32\tuvtqnn.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\iifecdb.dll
C:\WINDOWS\system32\iifecdb.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\khfcbax.dll
C:\WINDOWS\system32\khfcbax.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\tuvtqnn.dll
C:\WINDOWS\system32\tuvtqnn.dll Has been deleted!

Performing Repairs to the registry.
Done!


Thanks a lot !
 
Hello,

Please download, install, and update AVG Anti-Spyware (formerly Ewido)
  1. Load AVG Anti-Spyware and then click the Update tab at the top. Under Manual Update click Start update.
  2. After the update finishes (the status bar at the bottom will display "Update successful")
  3. Click the settings tab, then click "apply all actions" and choose clean (quarantine)
  4. Close AVG. Do not run it yet.

Please reboot your computer into Safe Mode. To boot into Safe Mode, please restart your computer. Tap F8 before Windows loads. Select Safe Mode on the screen that appears.

Please run HijackThis! and click "Scan." Place checks next to the following entries, if present:

R3 - URLSearchHook: (no name) - {DC7B3E78-F3CC-FD1F-CB46-F8BAD8314695} - C:\WINDOWS\system32\jqnlpds.dll
O2 - BHO: (no name) - {C0AC5542-A167-4748-BF42-9D1B09723A62} - C:\WINDOWS\system32\khfcbax.dll (file missing)
O2 - BHO: (no name) - {DC7B3E78-F3CC-FD1F-CB46-F8BAD8314695} - C:\WINDOWS\system32\jqnlpds.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O4 - HKLM\..\Run: [syswin] C:\WINDOWS\TEMP\win62.tmp.exe
O4 - HKCU\..\Run: [Sen] "C:\WINDOWS\YSTEM~1\attrib.exe" -vt yazb
O4 - HKCU\..\Run: [Phh] "D:\My Documents\??stem\r?ondll.exe" 99001162
O20 - Winlogon Notify: winsxf32 - C:\WINDOWS\SYSTEM32\winsxf32.dll

Close all browsers and other windows except for HijackThis!, and click "Fix Checked".

Navigate to and delete the following files (if they exist):

C:\WINDOWS\system32\jqnlpds.dll
C:\WINDOWS\TEMP\win62.tmp.exe
D:\My Documents\??stem\r?ondll.exe <----this bolded folder, containing the file r?ondll.exe
C:\WINDOWS\SYSTEM32\winsxf32.dll

  • In Safe Mode, load AVG Anti-Spyware and click on the Scanner tab at the top and then click on Complete System Scan. This scan can take quite a while to run, so be prepared.
  • AVG Anti-Spyware will list any infections found on the left hand side. When the scan has finished, it will automatically set the recommended action. Click the Apply all actions button. AVG Anti-Spyware will display "All actions have been applied" on the right hand side.
  • Click on "Save Report", then "Save Report As". This will create a text file. Make sure you know where to find this file again (like on the Desktop).
  • Restart back into Normal Mode.

Your Java is way out of date, which leaves your computer vulnerable.

Updating Java
  • Download the latest version of Java Runtime Environment (JRE) 6.0.
  • Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6-windows-i586.exe to install the newest version.

In your reply, please post the report from AVG and a new HijackThis log. Please also let me know how your computer is running. :)

Thanks,
tea
 
Hi,

For the third step for AVG, "Click the settings tab, then click "apply all actions" and choose clean (quarantine)",
I cannot find the setting tab, and apply all actions option.

Where can I find it?


Thanks
 
Hi,

I forgot the AVG report, but i ran a complete scan, and applied all actions.
I will do another scan tonight and post the report tomorrow morning.

Meanwhile, here is a new HijackThis report.

Logfile of HijackThis v1.99.1
Scan saved at 7:43:18 PM, on 2/1/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\WINDOWS\system32\cba\pds.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\cba\xfr.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\AOL\1140810325\ee\AOLSoftware.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
D:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Saitek\Software\Profiler.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\Saitek\Software\SaiMfd.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\AIM6\aim6.exe
D:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
D:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\AIM6\aolsoftware.exe
D:\Program Files\3M\PSNLite\PsnLite.exe
D:\PROGRA~1\3M\PSNLite\PSNGive.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\Common Files\Teleca Shared\Generic.exe
D:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {90382AD7-4298-47E0-BC0F-14ACCFF44D2C} - C:\WINDOWS\system32\tuvwvvs.dll
O2 - BHO: TwcToolbarBhoApp Class - {AA1F9DDB-E605-4ba6-81D4-E427DEE012AD} - C:\WINDOWS\system32\TwcToolbarBho.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: The Weather Channel Toolbar - {2E5E800E-6AC0-411E-940A-369530A35E43} - C:\WINDOWS\system32\TwcToolbarIe7.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1140810325\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [ClubBox] "C:\WINDOWS\system32\clubbox.exe" -l
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "D:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [ppmate] D:\Program Files\PPMate\PPMate\ppmate.exe -autoplay
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Profiler] C:\Program Files\Saitek\Software\Profiler.exe
O4 - HKLM\..\Run: [SaiMfd] C:\Program Files\Saitek\Software\SaiMfd.exe
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp /HIDEBL
O4 - Global Startup: Acrobat Assistant.lnk = D:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: dlbcserv.lnk = C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: Post-itR Software Notes Lite.lnk = D:\Program Files\3M\PSNLite\PsnLite.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: Aa·N??2EEOAμ3?A÷3cOUIs1U?’ - {022C4009-5283-4365-97BF-144054B40E2E} - http://itv.mop.com (file missing)
O9 - Extra 'Tools' menuitem: 2¥°OμcEO - {022C4009-5283-4365-97BF-144054B40E2E} - http://itv.mop.com (file missing)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: The Weather Channel - {2E5E800E-6AC0-411E-940A-369530A35E43} - (no file)
O9 - Extra 'Tools' menuitem: The Weather Channel - {2E5E800E-6AC0-411E-940A-369530A35E43} - (no file)
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: D.S.Lite - {F8475519-8412-4D40-A46E-692D9D04DF7F} - D:\Downloads\dsl\DSLite.exe
O9 - Extra 'Tools' menuitem: &D.S.Lite - {F8475519-8412-4D40-A46E-692D9D04DF7F} - D:\Downloads\dsl\DSLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: TVShortcutCAB - http://att.mobitv.com/TVShortcut.CAB
O16 - DPF: {0AE0F5F9-8233-49A4-A3C8-004CE190787B} (BMSpeedCheck Control) - http://www.pdbox.co.kr/boxmedia/ctrl_down/BMSpeedCheck.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {39D420B3-E0EB-424C-89AA-C24F8DE7EF79} (KooPlayer Control) - http://www.vivitv.com/KooPlayer.ocx
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {CBD8B1CB-2F5F-415F-93E8-A297B33DCBB2} (CentrinoCheck Control) - http://entriq.vo.llnwd.net/o1/NBCUniversal/cabs/cpucheck_1_0_0_5.cab
O16 - DPF: {CE7D2BF2-D173-4CE2-9DAF-15EA153B5B43} - http://entriq.vo.llnwd.net/o1/NBCUniversal/cabs/Entriq_3_4_0_15_Silent.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DE0FB644-C59B-46D1-B650-88BA945BC98F} - http://entriq.vo.llnwd.net/o1/NBCUniversal/cabs/NBCUniversal_1_0_0_3.cab
O16 - DPF: {DF7E9E9B-A7D8-4B2C-82E0-AC630D9594A5} (JSUpdaterAx Control) - http://www.jceports.com/_app/cab/JSUpdaterAX.cab
O16 - DPF: {FEE1002D-90A5-4A5D-AABE-01803FFBCF7A} (pCastPanel Class) - http://ps.itv.mop.com/dn/files/pCastCtl_1.0.0.87_20060601.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: tuvwvvs - C:\WINDOWS\SYSTEM32\tuvwvvs.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel File Transfer - IntelR Corporation - C:\WINDOWS\system32\cba\xfr.exe
O23 - Service: Intel PDS - IntelR Corporation - C:\WINDOWS\system32\cba\pds.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe


Please let me know if my computer is still infected by virus or adware.

Thanks
 
Hello,
I forgot the AVG report, but i ran a complete scan, and applied all actions.
I will do another scan tonight and post the report tomorrow morning.
Click to expand...
Please do....and run VundoFix again, and ComboFix. You are still infected, not in the clear yet. Post the reports from all of them. :bigthumb:

Thanks,
tea
 
I have finished the AVG scan last night,
and here is the report.
and Vundo, ComboFix, and Hijack This report as well.

AVG:

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 9:07:47 AM 2/2/2007

+ Scan result:



C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll -> Adware.Aws : Ignored.
C:\System Volume Information\_restore{85F540A3-B2C7-42EE-9FD6-1BC729CFF25F}\RP524\A0089275.dll -> Adware.PurityScan : Ignored.
C:\System Volume Information\_restore{85F540A3-B2C7-42EE-9FD6-1BC729CFF25F}\RP522\A0088868.exe -> Adware.Sohu : Ignored.
D:\C drive stuff\Program Files\Common Files\Sogou PXP\p2psvr.exe -> Adware.Sohu : Ignored.
C:\System Volume Information\_restore{85F540A3-B2C7-42EE-9FD6-1BC729CFF25F}\RP522\A0088790.dll -> Adware.Virtumonde : Ignored.
C:\System Volume Information\_restore{85F540A3-B2C7-42EE-9FD6-1BC729CFF25F}\RP522\A0088791.dll -> Adware.Virtumonde : Ignored.
C:\System Volume Information\_restore{85F540A3-B2C7-42EE-9FD6-1BC729CFF25F}\RP524\A0089301.exe -> Downloader.PurityScan.dc : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{85F540A3-B2C7-42EE-9FD6-1BC729CFF25F}\RP524\A0089306.exe -> Downloader.PurityScan.dt : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{85F540A3-B2C7-42EE-9FD6-1BC729CFF25F}\RP524\A0089307.exe -> Downloader.PurityScan.dt : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{85F540A3-B2C7-42EE-9FD6-1BC729CFF25F}\RP524\A0089302.exe -> Downloader.Tiny.fk : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{85F540A3-B2C7-42EE-9FD6-1BC729CFF25F}\RP524\A0089303.exe -> Logger.Agent.or : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{85F540A3-B2C7-42EE-9FD6-1BC729CFF25F}\RP524\A0089304.exe -> Logger.Agent.or : Cleaned with backup (quarantined).
D:\System Volume Information\_restore{85F540A3-B2C7-42EE-9FD6-1BC729CFF25F}\RP524\A0089305.exe -> Logger.Agent.or : Cleaned with backup (quarantined).
D:\System Volume Information\_restore{85F540A3-B2C7-42EE-9FD6-1BC729CFF25F}\RP524\A0089310.exe -> Logger.Banker.zn : Cleaned with backup (quarantined).
D:\Downloads\EvidPack\EvID4226Patch.exe -> Not-A-Virus.Hacktool.EvID : Ignored.
D:\Downloaded Files\Alcohol 120% v.1.9.2 Build 1705\1.9.2.1705.Crack\smart_patch.exe -> Not-A-Virus.VirTool.Win32.AvSpoffer.a : Ignored.
C:\Documents and Settings\manhin lee\Cookies\manhin_lee@2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\manhin lee\Cookies\manhin_lee@dealnews.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\manhin lee\Cookies\manhin_lee@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\manhin lee\Cookies\manhin_lee@advertising[1].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\manhin lee\Cookies\manhin_lee@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\manhin lee\Cookies\manhin_lee@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\manhin lee\Cookies\manhin_lee@www.burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\manhin lee\Cookies\manhin_lee@com[1].txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\manhin lee\Cookies\manhin_lee@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\manhin lee\Cookies\manhin_lee@ehg-crain.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\manhin lee\Cookies\manhin_lee@hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\manhin lee\Cookies\manhin_lee@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\manhin lee\Cookies\manhin_lee@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\manhin lee\Cookies\manhin_lee@realmedia[1].txt -> TrackingCookie.Realmedia : Cleaned.
C:\Documents and Settings\manhin lee\Cookies\manhin_lee@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : Cleaned.
C:\Documents and Settings\manhin lee\Cookies\manhin_lee@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\manhin lee\Cookies\manhin_lee@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\System Volume Information\_restore{85F540A3-B2C7-42EE-9FD6-1BC729CFF25F}\RP524\A0089309.dll -> Trojan.Agent.qt : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{85F540A3-B2C7-42EE-9FD6-1BC729CFF25F}\RP524\A0089308.exe -> Trojan.Small : Cleaned with backup (quarantined).


::Report end
 
Logfile of HijackThis v1.99.1
Scan saved at 12:16:33 PM, on 2/2/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\WINDOWS\system32\cba\pds.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\cba\xfr.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\AOL\1140810325\ee\AOLSoftware.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
D:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\Saitek\Software\Profiler.exe
C:\Program Files\Saitek\Software\SaiMfd.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\WINDOWS\system32\fscagent.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\AIM6\aolsoftware.exe
D:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
D:\Program Files\Logitech\SetPoint\SetPoint.exe
D:\Program Files\3M\PSNLite\PsnLite.exe
D:\PROGRA~1\3M\PSNLite\PSNGive.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\Common Files\Teleca Shared\Generic.exe
D:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\WINDOWS\system32\SNDVOL32.EXE
C:\WINDOWS\system32\conime.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Hijackthis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: TwcToolbarBhoApp Class - {AA1F9DDB-E605-4ba6-81D4-E427DEE012AD} - C:\WINDOWS\system32\TwcToolbarBho.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: The Weather Channel Toolbar - {2E5E800E-6AC0-411E-940A-369530A35E43} - C:\WINDOWS\system32\TwcToolbarIe7.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1140810325\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [ClubBox] "C:\WINDOWS\system32\clubbox.exe" -l
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "D:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [ppmate] D:\Program Files\PPMate\PPMate\ppmate.exe -autoplay
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Profiler] C:\Program Files\Saitek\Software\Profiler.exe
O4 - HKLM\..\Run: [SaiMfd] C:\Program Files\Saitek\Software\SaiMfd.exe
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp /HIDEBL
O4 - Global Startup: Acrobat Assistant.lnk = D:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: dlbcserv.lnk = C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: Post-itR Software Notes Lite.lnk = D:\Program Files\3M\PSNLite\PsnLite.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: Aa·N??2EEOAμ3?A÷3cOUIs1U?’ - {022C4009-5283-4365-97BF-144054B40E2E} - http://itv.mop.com (file missing)
O9 - Extra 'Tools' menuitem: 2¥°OμcEO - {022C4009-5283-4365-97BF-144054B40E2E} - http://itv.mop.com (file missing)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: The Weather Channel - {2E5E800E-6AC0-411E-940A-369530A35E43} - (no file)
O9 - Extra 'Tools' menuitem: The Weather Channel - {2E5E800E-6AC0-411E-940A-369530A35E43} - (no file)
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: D.S.Lite - {F8475519-8412-4D40-A46E-692D9D04DF7F} - D:\Downloads\dsl\DSLite.exe
O9 - Extra 'Tools' menuitem: &D.S.Lite - {F8475519-8412-4D40-A46E-692D9D04DF7F} - D:\Downloads\dsl\DSLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: TVShortcutCAB - http://att.mobitv.com/TVShortcut.CAB
O16 - DPF: {0AE0F5F9-8233-49A4-A3C8-004CE190787B} (BMSpeedCheck Control) - http://www.pdbox.co.kr/boxmedia/ctrl_down/BMSpeedCheck.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {39D420B3-E0EB-424C-89AA-C24F8DE7EF79} (KooPlayer Control) - http://www.vivitv.com/KooPlayer.ocx
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {CBD8B1CB-2F5F-415F-93E8-A297B33DCBB2} (CentrinoCheck Control) - http://entriq.vo.llnwd.net/o1/NBCUniversal/cabs/cpucheck_1_0_0_5.cab
O16 - DPF: {CE7D2BF2-D173-4CE2-9DAF-15EA153B5B43} - http://entriq.vo.llnwd.net/o1/NBCUniversal/cabs/Entriq_3_4_0_15_Silent.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DE0FB644-C59B-46D1-B650-88BA945BC98F} - http://entriq.vo.llnwd.net/o1/NBCUniversal/cabs/NBCUniversal_1_0_0_3.cab
O16 - DPF: {DF7E9E9B-A7D8-4B2C-82E0-AC630D9594A5} (JSUpdaterAx Control) - http://www.jceports.com/_app/cab/JSUpdaterAX.cab
O16 - DPF: {FEE1002D-90A5-4A5D-AABE-01803FFBCF7A} (pCastPanel Class) - http://ps.itv.mop.com/dn/files/pCastCtl_1.0.0.87_20060601.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel File Transfer - IntelR Corporation - C:\WINDOWS\system32\cba\xfr.exe
O23 - Service: Intel PDS - IntelR Corporation - C:\WINDOWS\system32\cba\pds.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
 
VundoFix V6.3.5

Checking Java version...

Java version is 1.5.0.5

Java version is 1.5.0.6

Scan started at 9:37:29 PM 1/31/2007

Listing files found while scanning....

C:\WINDOWS\system32\iifecdb.dll
C:\WINDOWS\system32\khfcbax.dll
C:\WINDOWS\system32\tuvtqnn.dll

VundoFix V6.3.5

Checking Java version...

Java version is 1.5.0.5

Java version is 1.5.0.6

Scan started at 9:49:55 PM 1/31/2007

Listing files found while scanning....

C:\WINDOWS\system32\iifecdb.dll
C:\WINDOWS\system32\khfcbax.dll
C:\WINDOWS\system32\tuvtqnn.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\iifecdb.dll
C:\WINDOWS\system32\iifecdb.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\khfcbax.dll
C:\WINDOWS\system32\khfcbax.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\tuvtqnn.dll
C:\WINDOWS\system32\tuvtqnn.dll Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.3.5

Checking Java version...

Scan started at 9:22:54 PM 2/1/2007

Listing files found while scanning....

C:\WINDOWS\system32\tuvwvvs.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\tuvwvvs.dll
C:\WINDOWS\system32\tuvwvvs.dll Could not be deleted.

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\WINDOWS\system32\tuvwvvs.dll
C:\WINDOWS\system32\tuvwvvs.dll Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.3.5

Checking Java version...

Scan started at 9:54:22 PM 2/1/2007

Listing files found while scanning....

No infected files were found.


VundoFix V6.3.5

Checking Java version...

Scan started at 9:22:25 AM 2/2/2007

Listing files found while scanning....

No infected files were found.


VundoFix V6.3.5

Checking Java version...

Scan started at 11:38:36 AM 2/2/2007

Listing files found while scanning....

No infected files were found.
 
"manhin lee" - 07-02-02 12:14:02 Service Pack 2
ComboFix 07.01.31 - Running from: "C:\Documents and Settings\manhin lee\Desktop"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
Folders Quarantined:
C:\qoobox\purity\Program Files\DOBE~1
C:\qoobox\purity\WINDOWS\TSKS~1
C:\qoobox\purity\WINDOWS\YSTEM~1
C:\qoobox\purity\WINDOWS\TSKS~1\T?sks
C:\qoobox\purity\WINDOWS\YSTEM~1\?ystem


((((((((((((((((((((((((((((((( Files Created from 2007-01-02 to 2007-02-02 ))))))))))))))))))))))))))))))))))


2007-02-01 20:45 277,279 ---hs---- C:\WINDOWS\system32\byxwt.dll
2007-02-01 19:35 277,289 ---hs---- C:\WINDOWS\system32\opnkh.dll
2007-02-01 19:32 277,289 ---hs---- C:\WINDOWS\system32\mljgd.dll
2007-02-01 17:04 277,104 ---hs---- C:\WINDOWS\system32\efcya.dll
2007-02-01 17:03 277,104 ---hs---- C:\WINDOWS\system32\pmkhf.dll
2007-02-01 17:02 277,104 ---hs---- C:\WINDOWS\system32\fcyvw.dll
2007-02-01 09:25 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-02-01 09:25 <DIR> d-------- C:\Program Files\Grisoft
2007-02-01 09:21 277,232 ---hs---- C:\WINDOWS\system32\pmkjg.dll
2007-02-01 09:21 277,232 ---hs---- C:\WINDOWS\system32\awtuv.dll
2007-02-01 09:17 277,155 ---hs---- C:\WINDOWS\system32\hggfc.dll
2007-02-01 02:43 <DIR> d-------- C:\Program Files\Java
2007-02-01 02:43 <DIR> d-------- C:\Program Files\Common Files\Java
2007-01-31 22:04 <DIR> d-------- C:\WINDOWS\ERDNT
2007-01-31 21:37 <DIR> d-------- C:\VundoFix Backups
2007-01-31 21:17 277,256 ---hs---- C:\WINDOWS\system32\qopml.dll
2007-01-31 21:17 277,256 ---hs---- C:\WINDOWS\system32\khfda.dll
2007-01-31 21:14 277,256 ---hs---- C:\WINDOWS\system32\byxxx.dll
2007-01-31 20:41 277,120 ---hs---- C:\WINDOWS\system32\fccay.dll
2007-01-31 14:39 277,064 ---hs---- C:\WINDOWS\system32\ddaaa.dll
2007-01-31 14:31 277,064 ---hs---- C:\WINDOWS\system32\rqonm.dll
2007-01-31 14:28 277,273 ---hs---- C:\WINDOWS\system32\mllki.dll
2007-01-31 14:21 277,273 ---hs---- C:\WINDOWS\system32\ursqo.dll
2007-01-31 13:39 277,073 ---hs---- C:\WINDOWS\system32\byxyv.dll
2007-01-31 13:30 277,073 ---hs---- C:\WINDOWS\system32\qoppo.dll
2007-01-31 12:29 277,261 ---hs---- C:\WINDOWS\system32\hgdaw.dll
2007-01-31 12:27 277,261 ---hs---- C:\WINDOWS\system32\gebca.dll
2007-01-31 12:20 277,261 ---hs---- C:\WINDOWS\system32\cbxxy.dll
2007-01-31 11:39 277,139 ---hs---- C:\WINDOWS\system32\nnnmk.dll
2007-01-31 11:38 277,139 ---hs---- C:\WINDOWS\system32\xxyay.dll
2007-01-31 11:33 <DIR> d-------- C:\Program Files\Hijackthis
2007-01-31 09:28 277,254 ---hs---- C:\WINDOWS\system32\xxyyx.dll
2007-01-31 03:31 277,245 ---hs---- C:\WINDOWS\system32\sstsq.dll
2007-01-31 03:21 277,246 ---hs---- C:\WINDOWS\system32\wvwww.dll
2007-01-31 02:58 <DIR> d-------- C:\SDFix
2007-01-31 02:31 277,196 ---hs---- C:\WINDOWS\system32\cbaxy.dll
2007-01-31 02:29 277,196 ---hs---- C:\WINDOWS\system32\rqrsr.dll
2007-01-31 02:17 277,196 ---hs---- C:\WINDOWS\system32\mlllk.dll
2007-01-31 01:47 277,257 ---hs---- C:\WINDOWS\system32\efcdd.dll
2007-01-31 01:39 277,296 ---hs---- C:\WINDOWS\system32\cbxyv.dll
2007-01-31 01:38 277,296 ---hs---- C:\WINDOWS\system32\rqrqq.dll
2007-01-30 23:34 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Spybot - Search & Destroy
2007-01-30 22:20 277,264 ---hs---- C:\WINDOWS\system32\hgddb.dll
2007-01-30 22:20 277,264 ---hs---- C:\WINDOWS\system32\ddcby.dll
2007-01-30 22:18 277,242 ---hs---- C:\WINDOWS\system32\cbayv.dll
2007-01-30 22:04 277,082 ---hs---- C:\WINDOWS\system32\ssqnl.dll
2007-01-30 21:42 277,258 ---hs---- C:\WINDOWS\system32\pmklj.dll
2007-01-30 21:30 277,270 ---hs---- C:\WINDOWS\system32\wvuut.dll
2007-01-30 18:08 277,148 ---hs---- C:\WINDOWS\system32\jkkkj.dll
2007-01-30 18:04 277,296 ---hs---- C:\WINDOWS\system32\khfed.dll
2007-01-30 17:41 277,068 ---hs---- C:\WINDOWS\system32\qoppp.dll
2007-01-30 17:31 277,129 ---hs---- C:\WINDOWS\system32\oppon.dll
2007-01-30 17:31 277,129 ---hs---- C:\WINDOWS\system32\awtts.dll
2007-01-30 17:29 277,064 ---hs---- C:\WINDOWS\system32\pmkli.dll
2007-01-30 17:15 277,229 ---hs---- C:\WINDOWS\system32\nnnli.dll
2007-01-30 17:14 277,229 ---hs---- C:\WINDOWS\system32\yayvu.dll
2007-01-30 17:14 277,229 ---hs---- C:\WINDOWS\system32\cbayw.dll
2007-01-30 17:12 277,229 ---hs---- C:\WINDOWS\system32\qopop.dll
2007-01-30 17:01 620,123 --a------ C:\WINDOWS\system32\RegistryCleanerSetup.exe
2007-01-30 16:57 277,063 ---hs---- C:\WINDOWS\system32\vtspp.dll
2007-01-30 16:56 277,063 ---hs---- C:\WINDOWS\system32\hgday.dll
2007-01-22 15:12 21,425 --a------ C:\WINDOWS\system32\drivers\AegisP.sys
2007-01-22 15:12 <DIR> d-------- C:\DOCUME~1\LOCALS~1\Application Data\Intel
2007-01-22 15:12 <DIR> d-------- C:\DOCUME~1\DEFAUL~1\Application Data\Intel
2007-01-22 15:11 <DIR> d-------- C:\DOCUME~1\NETWOR~1\Application Data\Intel
2007-01-22 15:11 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Intel
2007-01-22 15:10 <DIR> d-------- C:\DOCUME~1\MANHIN~1\Application Data\Intel
2007-01-21 18:24 87,608 --a------ C:\DOCUME~1\MANHIN~1\Application Data\ezpinst.exe
2007-01-21 18:24 47,360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys
2007-01-21 18:24 47,360 --a------ C:\DOCUME~1\MANHIN~1\Application Data\pcouffin.sys
2007-01-21 18:24 <DIR> d-------- C:\Program Files\vso
2007-01-21 18:24 <DIR> d-------- C:\DOCUME~1\MANHIN~1\Application Data\Vso
2007-01-16 01:32 <DIR> d-------- C:\DOCUME~1\MANHIN~1\Application Data\Viewpoint
2007-01-14 02:56 <DIR> d-------- C:\Program Files\Common Files\Skype
2007-01-14 02:56 <DIR> d-------- C:\DOCUME~1\MANHIN~1\Application Data\Skype
2007-01-14 02:56 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Skype
2007-01-14 02:55 <DIR> d-------- C:\Program Files\Skype
2007-01-12 11:00 <DIR> d-------- C:\WINDOWS\ie7updates
2007-01-11 01:47 102,400 -ra------ C:\WINDOWS\system32\grdmgr.exe
2007-01-10 06:08 <DIR> d-------- C:\Program Files\Virtual Earth 3D
2007-01-08 06:59 <DIR> d-------- C:\Program Files\Common Files\xing shared
2007-01-07 08:43 <DIR> d-------- C:\DOCUME~1\MANHIN~1\Application Data\Camfrog
2007-01-05 08:02 61,440 --a------ C:\WINDOWS\system32\nod.dll
2007-01-04 05:30 17,024 --a------ C:\WINDOWS\system32\drivers\usbohci.sys
2007-01-04 02:27 1,179,136 --a------ C:\WINDOWS\system32\AutoPartNt.exe
2007-01-04 02:09 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Acronis
2007-01-04 02:01 388,000 --a------ C:\WINDOWS\system32\drivers\timntr.sys
2007-01-04 02:01 32,288 --a------ C:\WINDOWS\system32\drivers\tifsfilt.sys
2007-01-04 02:00 99,776 --a------ C:\WINDOWS\system32\drivers\snapman.sys
2007-01-04 02:00 <DIR> d-------- C:\Program Files\Common Files\Acronis
2007-01-04 02:00 <DIR> d-------- C:\Program Files\Acronis
2007-01-03 22:21 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Real


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-02-01 02:17 -------- d-------- C:\Program Files\logitech
2007-02-01 01:30 -------- d-------- C:\DOCUME~1\MANHIN~1\Application Data\foobar2000
2007-01-30 21:31 -------- d-------- C:\Program Files\mozilla firefox
2007-01-30 18:52 -------- d-------- C:\Program Files\the weather channel toolbar
2007-01-30 17:06 -------- d-------- C:\Program Files\flashget
2007-01-28 23:51 359808 --a------ C:\WINDOWS\system32\drivers\TCPIP.SYS
2007-01-28 22:29 2560 --a------ C:\WINDOWS\system32\bitcometres.dll
2007-01-28 22:29 -------- d-------- C:\Program Files\bitcomet
2007-01-26 01:11 -------- d-------- C:\DOCUME~1\MANHIN~1\Application Data\dvdcss
2007-01-21 18:24 7824 --a------ C:\DOCUME~1\MANHIN~1\Application Data\pcouffin.cat
2007-01-21 18:24 34 --a------ C:\DOCUME~1\MANHIN~1\Application Data\pcouffin.log
2007-01-21 18:24 1144 --a------ C:\DOCUME~1\MANHIN~1\Application Data\pcouffin.inf
2007-01-17 00:21 -------- d-------- C:\DOCUME~1\MANHIN~1\Application Data\adobeum
2007-01-17 00:08 -------- d-------- C:\Program Files\pplive
2007-01-17 00:08 -------- d-------- C:\DOCUME~1\MANHIN~1\Application Data\ppstream
2007-01-16 23:50 -------- d-------- C:\Program Files\gaov
2007-01-16 23:47 -------- d-------- C:\Program Files\haali
2007-01-14 03:11 -------- d-------- C:\DOCUME~1\MANHIN~1\Application Data\contentguard
2007-01-10 09:53 -------- d-------- C:\Program Files\viewpoint
2007-01-08 07:00 -------- d-------- C:\DOCUME~1\MANHIN~1\Application Data\real
2007-01-08 06:59 -------- d-------- C:\Program Files\Common Files\real
2007-01-03 20:53 -------- d--h----- C:\Program Files\installshield installation information
2006-12-24 16:46 -------- d-------- C:\Program Files\nakido
2006-12-22 10:14 1220608 -ra------ C:\WINDOWS\system32\clubbox.exe
2006-12-20 19:11 -------- d-------- C:\Program Files\saitek
2006-12-17 17:28 223128 --a------ C:\WINDOWS\system32\drivers\vaxscsi.sys
2006-12-17 16:45 639224 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2006-12-12 17:32 -------- d-------- C:\Program Files\msn messenger
2006-12-08 19:29 118784 -r------- C:\WINDOWS\bwunin-7.2.0.137-8876480sl.exe
2006-12-08 19:26 -------- d-------- C:\Program Files\Common Files\logitech
2006-12-06 22:40 2362184 --a------ C:\WINDOWS\system32\wmvcore.dll
2006-12-04 14:01 77824 --a------ C:\WINDOWS\system32\twctoolbarbho.dll
2006-12-04 14:01 262144 --a------ C:\WINDOWS\system32\twctoolbarie7.dll
2006-12-02 18:30 -------- d-------- C:\DOCUME~1\MANHIN~1\Application Data\ppmate
2006-12-02 18:29 -------- d-------- C:\Program Files\Common Files\synacast
2006-11-29 18:48 774144 --a------ C:\Program Files\rnginterstitial.dll
2006-11-29 07:41 327680 -ra------ C:\WINDOWS\system32\grdupdater.exe
2006-11-20 18:59 37027 --a------ C:\WINDOWS\atmoun.exe
2006-11-07 21:06 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-11-07 21:03 6049280 --a------ C:\WINDOWS\system32\ieframe.dll
2006-11-07 21:03 50688 --a------ C:\WINDOWS\system32\msfeedsbs.dll
2006-11-07 21:03 458752 --a------ C:\WINDOWS\system32\msfeeds.dll
2006-11-07 21:03 413696 --a------ C:\WINDOWS\system32\vbscript.dll
2006-11-07 21:03 231424 --a------ C:\WINDOWS\system32\webcheck.dll
2006-11-07 21:03 180736 --a------ C:\WINDOWS\system32\ieui.dll
2006-11-07 21:03 156160 --a------ C:\WINDOWS\system32\msls31.dll
2006-11-07 03:27 382976 --a------ C:\WINDOWS\system32\iedkcs32.dll
2006-11-07 03:27 229376 --a------ C:\WINDOWS\system32\ieaksie.dll
2006-11-07 03:26 71680 --a------ C:\WINDOWS\system32\admparse.dll
2006-11-07 03:26 55296 --a------ C:\WINDOWS\system32\iesetup.dll
2006-11-07 03:26 54784 --a------ C:\WINDOWS\system32\ie4uinit.exe
2006-11-07 03:26 43008 --a------ C:\WINDOWS\system32\iernonce.dll
2006-11-07 03:26 152064 --a------ C:\WINDOWS\system32\ieakeng.dll
2006-11-07 03:26 13312 --a------ C:\WINDOWS\system32\ieudinit.exe
2006-11-07 03:26 123904 --a------ C:\WINDOWS\system32\advpack.dll
2006-11-07 03:25 161792 --a------ C:\WINDOWS\system32\ieakui.dll
2006-11-04 14:14 1245696 --a------ C:\WINDOWS\system32\msxml4.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"Aim6"="\"C:\\Program Files\\AIM6\\aim6.exe\" /d locale=en-US ee://aol/imApp /HIDEBL"
"Steam"=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"IMJPMIG8.1"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32"
"MSPY2002"="C:\\WINDOWS\\system32\\IME\\PINTLGNT\\ImScInst.exe /SYNC"
"PHIME2002ASync"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC"
"PHIME2002A"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName"
"vptray"="C:\\PROGRA~1\\SYMANT~1\\SYMANT~1\\vptray.exe"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"LVCOMSX"="C:\\WINDOWS\\system32\\LVCOMSX.EXE"
"LogitechGalleryRepair"="C:\\Program Files\\Logitech\\Video\\ISStart.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"SynTPLpr"="C:\\Program Files\\Synaptics\\SynTP\\SynTPLpr.exe"
"SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
"HostManager"="C:\\Program Files\\Common Files\\AOL\\1140810325\\ee\\AOLSoftware.exe"
"BluetoothAuthenticationAgent"="rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent"
"ClubBox"="\"C:\\WINDOWS\\system32\\clubbox.exe\" -l"
"igfxtray"="C:\\WINDOWS\\system32\\igfxtray.exe"
"igfxhkcmd"="C:\\WINDOWS\\system32\\hkcmd.exe"
"igfxpers"="C:\\WINDOWS\\system32\\igfxpers.exe"
"Sony Ericsson PC Suite"="\"D:\\Program Files\\Sony Ericsson\\Mobile2\\Application Launcher\\Application Launcher.exe\" /startoptions"
"HPDJ Taskbar Utility"="C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\hpztsb10.exe"
"ppmate"="D:\\Program Files\\PPMate\\PPMate\\ppmate.exe -autoplay"
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE"
"Profiler"="C:\\Program Files\\Saitek\\Software\\Profiler.exe"
"SaiMfd"="C:\\Program Files\\Saitek\\Software\\SaiMfd.exe"
"TrueImageMonitor.exe"="C:\\Program Files\\Acronis\\TrueImageHome\\TrueImageMonitor.exe"
"AcronisTimounterMonitor"="C:\\Program Files\\Acronis\\TrueImageHome\\TimounterMonitor.exe"
"Acronis Scheduler2 Service"="\"C:\\Program Files\\Common Files\\Acronis\\Schedule2\\schedhlp.exe\""
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"IntelZeroConfig"="\"C:\\Program Files\\Intel\\Wireless\\bin\\ZCfgSvc.exe\""
"IntelWireless"="\"C:\\Program Files\\Intel\\Wireless\\Bin\\ifrmewrk.exe\" /tf Intel PROSet/Wireless"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0\\bin\\jusched.exe\""
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{C0AC5542-A167-4748-BF42-9D1B09723A62}"=""
"{90382AD7-4298-47E0-BC0F-14ACCFF44D2C}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]
"svchost.exe"="C:\\Program Files\\Common Files\\svchost.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
bthsvcs REG_MULTI_SZ BthServ\0\0
mysee2 REG_MULTI_SZ Mysee2_Runtime\0


Completion time: 07-02-02 12:16:07
 
Hello,

Wow! What a load of garbage those removed!:bigthumb: Way to go! How is it running now?

Let's clean up and have a scan to see just how things are. :)

Please download ATF Cleaner by Atribune.
  • Double-click ATF-Cleaner.exe to run the program.
    Under Main choose: Select All
    Click the Empty Selected button.
If you use Firefox browser
  • Click Firefox at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser
  • Click Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

Please go Here to run Panda's ActiveScan. http://www.pandasoftware.com/products/activescan.htm
Once you are on the Panda site click the Scan your PC button

A new window will open...click the Check Now button.
Enter your State/Providence
Enter your E-mail address and click send.
Select either Home user or Company.

Click the big Scan Now button

* If it wants to install an ActiveX component allow it
* It will start downloading the files it requires for the scan (Note: It may take a few minutes)

When the download is complete, click on My Computer to start the scan.

When the scan completes, if anything malicious is detected, click the See Report button, then Save report and save it to a convenient location (activescan.txt to desktop).
Post the contents of the ActiveScan report, please, and a new HijackThis log.

Thanks,
tea
 
Hi,

Thanks for all the help so far.
I have finished the ActiveScan online and ran a new HIjackThis report.
Will post them right now.

But i have a question about my IE toolbars.
I have installed the Weather channel toolbar, but after I found out i am infected by virus or spyware, I can't choose the Toolbar when i right click on the empty area of the toolbar.
I can see the name of the weather channel toolbar, but it is not clickable.
It's in gray shade, sames goes with the Adobe pdf toolbar.
Is this a spyware or virus problem?

Thanks for your patience with me.

Here is the report from Active scan:


Incident Status Location

Adware:adware/dudu Not disinfected Windows Registry
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\manhin lee\Cookies\manhin_lee@adrevolver[1].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\manhin lee\Cookies\manhin_lee@advertising[2].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\manhin lee\Cookies\manhin_lee@atdmt[2].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\manhin lee\Cookies\manhin_lee@atwola[1].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\manhin lee\Cookies\manhin_lee@fastclick[1].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\manhin lee\Cookies\manhin_lee@media.adrevolver[1].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\manhin lee\Cookies\manhin_lee@tribalfusion[1].txt
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\manhin lee\Desktop\SDFix.exe[SDFix\apps\Process.exe]
Potentially unwanted tool:Application/Processor Not disinfected C:\SDFix\apps\Process.exe
Virus:Trj/Qhost.gen Disinfected C:\WINDOWS\system32\drivers\etc\hosts.20070130-235344.backup
Virus:Trj/Qhost.gen Disinfected C:\WINDOWS\system32\drivers\etc\hosts.20070130-235345.backup
Virus:Trj/Agent.DYT Disinfected C:\WINDOWS\system32\RegistryCleanerSetup.exe
Adware:Adware/WinAntivirus2006 Not disinfected C:\WINDOWS\system32\ssqnl.dll
Spyware:Cookie/Sandboxer Not disinfected D:\Cookies\manhin lee@0[3].txt
Spyware:Cookie/64.62.232 Not disinfected D:\Cookies\manhin lee@64.62.232[3].txt
Spyware:Cookie/Hbmediapro Not disinfected D:\Cookies\manhin lee@adopt.hbmediapro[2].txt
Spyware:Cookie/Adrevolver Not disinfected D:\Cookies\manhin lee@adrevolver[2].txt
Spyware:Cookie/adultfriendfinder Not disinfected D:\Cookies\manhin lee@adultfriendfinder[2].txt
Spyware:Cookie/Apmebf Not disinfected D:\Cookies\manhin lee@apmebf[1].txt
Spyware:Cookie/Belnk Not disinfected D:\Cookies\manhin lee@ath.belnk[1].txt
Spyware:Cookie/Atwola Not disinfected D:\Cookies\manhin lee@atwola[1].txt
Spyware:Cookie/Banner Not disinfected D:\Cookies\manhin lee@banner[1].txt
Spyware:Cookie/Belnk Not disinfected D:\Cookies\manhin lee@belnk[2].txt
Spyware:Cookie/Ccbill Not disinfected D:\Cookies\manhin lee@ccbill[1].txt
Spyware:Cookie/did-it Not disinfected D:\Cookies\manhin lee@did-it[2].txt
Spyware:Cookie/Belnk Not disinfected D:\Cookies\manhin lee@dist.belnk[1].txt
Spyware:Cookie/Go Not disinfected D:\Cookies\manhin lee@go[2].txt
Spyware:Cookie/Screensavers Not disinfected D:\Cookies\manhin lee@i.screensavers[1].txt
Spyware:Cookie/Bettersearch Not disinfected D:\Cookies\manhin lee@index[2].txt
Spyware:Cookie/MediaTickets Not disinfected D:\Cookies\manhin lee@kinghost[1].txt
Spyware:Cookie/Maxserving Not disinfected D:\Cookies\manhin lee@maxserving[1].txt
Spyware:Cookie/Tickle Not disinfected D:\Cookies\manhin lee@tickle[2].txt
Spyware:Cookie/WebPower Not disinfected D:\Cookies\manhin lee@webpower[2].txt
Spyware:Cookie/seeqA Not disinfected D:\Cookies\manhin lee@www.seeq[1].txt
Spyware:Cookie/Seeq Not disinfected D:\Cookies\manhin lee@www48.seeq[1].txt
Spyware:Cookie/Xmts Not disinfected D:\Cookies\manhin lee@xmts[2].txt
Hacktool:HackTool/EvID Not disinfected D:\Downloads\EvidPack\EvID4226Patch.exe
Adware:Adware/PurityScan Not disinfected D:\qoobox\purity\My Documents\STEM~1\rυndll.exe
 
Here is the HijackThis report:

Logfile of HijackThis v1.99.1
Scan saved at 12:57:47 AM, on 2/3/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\WINDOWS\system32\cba\pds.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\cba\xfr.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\AOL\1140810325\ee\AOLSoftware.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
D:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\Saitek\Software\Profiler.exe
C:\Program Files\Saitek\Software\SaiMfd.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
D:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
D:\Program Files\Logitech\SetPoint\SetPoint.exe
D:\Program Files\3M\PSNLite\PsnLite.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
D:\PROGRA~1\3M\PSNLite\PSNGive.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
D:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\BitComet\BitComet.exe
C:\Program Files\Hijackthis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: TwcToolbarBhoApp Class - {AA1F9DDB-E605-4ba6-81D4-E427DEE012AD} - C:\WINDOWS\system32\TwcToolbarBho.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: The Weather Channel Toolbar - {2E5E800E-6AC0-411E-940A-369530A35E43} - C:\WINDOWS\system32\TwcToolbarIe7.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1140810325\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [ClubBox] "C:\WINDOWS\system32\clubbox.exe" -l
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "D:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [ppmate] D:\Program Files\PPMate\PPMate\ppmate.exe -autoplay
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Profiler] C:\Program Files\Saitek\Software\Profiler.exe
O4 - HKLM\..\Run: [SaiMfd] C:\Program Files\Saitek\Software\SaiMfd.exe
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp /HIDEBL
O4 - Global Startup: Acrobat Assistant.lnk = D:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: dlbcserv.lnk = C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: Post-itR Software Notes Lite.lnk = D:\Program Files\3M\PSNLite\PsnLite.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: Aa·N??2EEOAμ3?A÷3cOUIs1U?’ - {022C4009-5283-4365-97BF-144054B40E2E} - http://itv.mop.com (file missing)
O9 - Extra 'Tools' menuitem: 2¥°OμcEO - {022C4009-5283-4365-97BF-144054B40E2E} - http://itv.mop.com (file missing)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: The Weather Channel - {2E5E800E-6AC0-411E-940A-369530A35E43} - (no file)
O9 - Extra 'Tools' menuitem: The Weather Channel - {2E5E800E-6AC0-411E-940A-369530A35E43} - (no file)
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: D.S.Lite - {F8475519-8412-4D40-A46E-692D9D04DF7F} - D:\Downloads\dsl\DSLite.exe
O9 - Extra 'Tools' menuitem: &D.S.Lite - {F8475519-8412-4D40-A46E-692D9D04DF7F} - D:\Downloads\dsl\DSLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: TVShortcutCAB - http://att.mobitv.com/TVShortcut.CAB
O16 - DPF: {0AE0F5F9-8233-49A4-A3C8-004CE190787B} (BMSpeedCheck Control) - http://www.pdbox.co.kr/boxmedia/ctrl_down/BMSpeedCheck.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {39D420B3-E0EB-424C-89AA-C24F8DE7EF79} (KooPlayer Control) - http://www.vivitv.com/KooPlayer.ocx
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {CBD8B1CB-2F5F-415F-93E8-A297B33DCBB2} (CentrinoCheck Control) - http://entriq.vo.llnwd.net/o1/NBCUniversal/cabs/cpucheck_1_0_0_5.cab
O16 - DPF: {CE7D2BF2-D173-4CE2-9DAF-15EA153B5B43} - http://entriq.vo.llnwd.net/o1/NBCUniversal/cabs/Entriq_3_4_0_15_Silent.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DE0FB644-C59B-46D1-B650-88BA945BC98F} - http://entriq.vo.llnwd.net/o1/NBCUniversal/cabs/NBCUniversal_1_0_0_3.cab
O16 - DPF: {DF7E9E9B-A7D8-4B2C-82E0-AC630D9594A5} (JSUpdaterAx Control) - http://www.jceports.com/_app/cab/JSUpdaterAX.cab
O16 - DPF: {FEE1002D-90A5-4A5D-AABE-01803FFBCF7A} (pCastPanel Class) - http://ps.itv.mop.com/dn/files/pCastCtl_1.0.0.87_20060601.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel File Transfer - IntelR Corporation - C:\WINDOWS\system32\cba\xfr.exe
O23 - Service: Intel PDS - IntelR Corporation - C:\WINDOWS\system32\cba\pds.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe



Thanks !
 
You must log in or register to reply here.
Back
Top