Is my system clear of rpcc.dll now?

[teacup61]

Hello,

Try uninstalling your Weather Channel stuff and reinstalling it. It could be that infection corrupted it somewhere along the way. I don't use the toolbar, but I do use the program, so I know it can be uninstalled and downloaded again. Let me know how it goes.

Regards,
tea

 

[mhl23]

Hi,

I did what you said, and now it's back to normal for the weather channel toolbar.

Is my computer clean now? or there are more spywares on my computer?
Since i saw there are 30 or so spywares detected by ActiveScan,
and how should i go about cleaning those up?

Anything else that I can do to further clean up my computer?

Thank you so much for all your help so far !
Really appreciate it a lot !

 

[teacup61]

Hello,

I'd like for you to run one more program, please. This one will clean out the registry and other left overs.

Download the trial version of Spy Sweeper from
Here

Install it using the Standard Install option. (You will be asked for your e-mail address, it is safe to give it. If you receive alerts from your firewall, allow all activities for Spy Sweeper)

You will be prompted to check for updated definitions, please do so.
(This may take several minutes)

Click on Options > Sweep Options and check Sweep all Folders on Selected drives. Check Local Disc C. Under What to Sweep, check every box.

Click on Sweep and allow it to fully scan your system.

When the sweep has finished, click Remove. Click Select All and then Next

From 'Results', select the Session Log tab. Click Save to File and save the log somewhere convenient.

Exit Spy Sweeper.

Restart your computer, and then please copy and paste the SpySweeper log into this thread.

How is it running now?

Thanks,
tea

 

[mhl23]

Hi,

My system is running better than before,
I think it is slight faster than before when booting up.

Here is the Spy Sweeper seesion logs,
I didn't see a "Delete" option, but rather just Quarantine.

9:29 PM: Removal process completed. Elapsed time 00:00:03
9:29 PM: Quarantining All Traces: tribalfusion cookie
9:29 PM: Quarantining All Traces: tacoda cookie
9:29 PM: Quarantining All Traces: questionmarket cookie
9:29 PM: Quarantining All Traces: atwola cookie
9:29 PM: Quarantining All Traces: atlas dmt cookie
9:29 PM: Quarantining All Traces: advertising cookie
9:29 PM: Quarantining All Traces: adrevolver cookie
9:29 PM: Quarantining All Traces: 2o7.net cookie
9:29 PM: Quarantining All Traces: mysee alert
9:29 PM: Quarantining All Traces: duduaccelerator
9:29 PM: Quarantining All Traces: spysheriff fakealert
9:29 PM: Quarantining All Traces: trojan agent winlogonhook
9:29 PM: Quarantining All Traces: purityscan
9:29 PM: Removal process initiated
9:28 PM: Traces Found: 20
9:28 PM: Custom Sweep has completed. Elapsed time 00:26:51
9:28 PM: File Sweep Complete, Elapsed Time: 00:23:58
9:27 PM: Warning: TCompressedFile.GetStreams(1): Stream read error
9:25 PM: ApplicationMinimized - EXIT
9:25 PM: ApplicationMinimized - EXIT
9:25 PM: ApplicationMinimized - ENTER
9:25 PM: ApplicationMinimized - ENTER
9:19 PM: Warning: SweepDirectories: Cannot find directory "f:". This directory was not added to the list of paths to be scanned.
9:19 PM: Warning: SweepDirectories: Cannot find directory "e:". This directory was not added to the list of paths to be scanned.
9:18 PM: Warning: PCRE_ERROR_BADUTF8
9:18 PM: D:\qoobox\purity\My Documents\STEM~1\rυndll.exe (ID = 450)
9:12 PM: Warning: PCRE_ERROR_BADUTF8
9:12 PM: Warning: PCRE_ERROR_BADUTF8
9:11 PM: Warning: PCRE_ERROR_BADUTF8
9:06 PM: Warning: PCRE_ERROR_BADUTF8
9:04 PM: C:\WINDOWS\system32\secure32.html (ID = 184319)
9:04 PM: Found Adware: spysheriff fakealert
9:04 PM: C:\Program Files\GAOV (ID = 2147525757)
9:04 PM: Starting File Sweep
9:04 PM: Cookie Sweep Complete, Elapsed Time: 00:00:00
9:04 PM: c:\documents and settings\manhin lee\cookies\manhin_lee@tribalfusion[1].txt (ID = 3589)
9:04 PM: Found Spy Cookie: tribalfusion cookie
9:04 PM: c:\documents and settings\manhin lee\cookies\manhin_lee@tacoda[1].txt (ID = 6444)
9:04 PM: Found Spy Cookie: tacoda cookie
9:04 PM: c:\documents and settings\manhin lee\cookies\manhin_lee@questionmarket[2].txt (ID = 3217)
9:04 PM: Found Spy Cookie: questionmarket cookie
9:04 PM: c:\documents and settings\manhin lee\cookies\manhin_lee@media.adrevolver[1].txt (ID = 2089)
9:04 PM: c:\documents and settings\manhin lee\cookies\manhin_lee@atwola[2].txt (ID = 2255)
9:04 PM: c:\documents and settings\manhin lee\cookies\manhin_lee@atwola[1].txt (ID = 2255)
9:04 PM: Found Spy Cookie: atwola cookie
9:04 PM: c:\documents and settings\manhin lee\cookies\manhin_lee@atdmt[3].txt (ID = 2253)
9:04 PM: c:\documents and settings\manhin lee\cookies\manhin_lee@atdmt[2].txt (ID = 2253)
9:04 PM: Found Spy Cookie: atlas dmt cookie
9:04 PM: c:\documents and settings\manhin lee\cookies\manhin_lee@advertising[3].txt (ID = 2175)
9:04 PM: c:\documents and settings\manhin lee\cookies\manhin_lee@advertising[2].txt (ID = 2175)
9:04 PM: Found Spy Cookie: advertising cookie
9:04 PM: c:\documents and settings\manhin lee\cookies\manhin_lee@adrevolver[1].txt (ID = 2088)
9:04 PM: Found Spy Cookie: adrevolver cookie
9:04 PM: c:\documents and settings\manhin lee\cookies\manhin_lee@2o7[2].txt (ID = 1957)
9:04 PM: c:\documents and settings\manhin lee\cookies\manhin_lee@2o7[1].txt (ID = 1957)
9:04 PM: Found Spy Cookie: 2o7.net cookie
9:04 PM: Starting Cookie Sweep
9:04 PM: Registry Sweep Complete, Elapsed Time:00:00:08
9:04 PM: HKLM\software\microsoft\mssmgr\ (ID = 1776755)
9:04 PM: Found Trojan Horse: trojan agent winlogonhook
9:04 PM: HKLM\software\microsoft\windows\currentversion\uninstall\yazzle1162oin\ (ID = 1738184)
9:04 PM: Found Adware: purityscan
9:04 PM: HKLM\software\gaov\ (ID = 1533619)
9:04 PM: Found Adware: mysee alert
9:04 PM: HKLM\software\dudu\ (ID = 659241)
9:04 PM: Found Adware: duduaccelerator
9:04 PM: Starting Registry Sweep
9:04 PM: Memory Sweep Complete, Elapsed Time: 00:02:39
9:03 PM: ApplicationMinimized - EXIT
9:03 PM: ApplicationMinimized - EXIT
9:03 PM: ApplicationMinimized - ENTER
9:03 PM: ApplicationMinimized - ENTER
9:03 PM: ApplicationMinimized - EXIT
9:03 PM: ApplicationMinimized - ENTER
9:03 PM: ApplicationMinimized - EXIT
9:03 PM: ApplicationMinimized - ENTER
9:03 PM: ApplicationMinimized - EXIT
9:03 PM: ApplicationMinimized - ENTER
9:02 PM: ApplicationMinimized - EXIT
9:02 PM: ApplicationMinimized - EXIT
9:02 PM: ApplicationMinimized - ENTER
9:02 PM: ApplicationMinimized - ENTER
9:02 PM: ApplicationMinimized - EXIT
9:02 PM: ApplicationMinimized - ENTER
9:02 PM: ApplicationMinimized - EXIT
9:02 PM: ApplicationMinimized - ENTER
9:02 PM: ApplicationMinimized - EXIT
9:02 PM: ApplicationMinimized - ENTER
9:01 PM: ApplicationMinimized - EXIT
9:01 PM: ApplicationMinimized - EXIT
9:01 PM: ApplicationMinimized - ENTER
9:01 PM: ApplicationMinimized - ENTER
9:01 PM: Starting Memory Sweep
9:01 PM: Start Custom Sweep
9:01 PM: Sweep initiated using definitions version 845
9:00 PM: Access to Hosts file allowed for C:\PROGRAM FILES\GRISOFT\AVG ANTI-SPYWARE 7.5\AVGAS.EXE
Keylogger: Off
BHO Shield: On
IE Security Shield: On
Alternate Data Stream (ADS) Execution Shield: On
Startup Shield: On
Common Ad Sites: Off
Hosts File Shield: On
Internet Communication Shield: On
ActiveX Shield: On
Windows Messenger Service Shield: On
IE Favorites Shield: On
Spy Installation Shield: On
Memory Shield: Off
IE Hijack Shield: On
IE Tracking Cookies Shield: Off
8:54 PM: Shield States
8:54 PM: Spyware Definitions: 845
8:54 PM: Spy Sweeper 5.3.1.2344 started
8:54 PM: Spy Sweeper 5.3.1.2344 started
8:54 PM: | Start of Session, Saturday, February 03, 2007 |
***************


will follow up with a HijackThis report

 

[mhl23]

HijackThis log:

Logfile of HijackThis v1.99.1
Scan saved at 9:38:30 PM, on 2/3/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\cba\pds.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\cba\xfr.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\AOL\1140810325\ee\AOLSoftware.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
D:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\Saitek\Software\Profiler.exe
C:\Program Files\Saitek\Software\SaiMfd.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\AIM6\aolsoftware.exe
D:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
D:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
D:\Program Files\3M\PSNLite\PsnLite.exe
C:\WINDOWS\system32\wuauclt.exe
D:\PROGRA~1\3M\PSNLite\PSNGive.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\Common Files\Teleca Shared\Generic.exe
D:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Hijackthis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: TwcToolbarBhoApp Class - {AA1F9DDB-E605-4ba6-81D4-E427DEE012AD} - C:\WINDOWS\system32\TwcToolbarBho.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: The Weather Channel Toolbar - {2E5E800E-6AC0-411E-940A-369530A35E43} - C:\WINDOWS\system32\TwcToolbarIe7.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] "C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /SYNC
O4 - HKLM\..\Run: [PHIME2002A] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /IMEName
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SynTPLpr] "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [HostManager] "C:\Program Files\Common Files\AOL\1140810325\ee\AOLSoftware.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] "rundll32.exe" bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [ClubBox] "C:\WINDOWS\system32\clubbox.exe" -l
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "D:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [ppmate] "D:\Program Files\PPMate\PPMate\ppmate.exe" -autoplay
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Profiler] "C:\Program Files\Saitek\Software\Profiler.exe"
O4 - HKLM\..\Run: [SaiMfd] "C:\Program Files\Saitek\Software\SaiMfd.exe"
O4 - HKLM\..\Run: [TrueImageMonitor.exe] "C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe"
O4 - HKLM\..\Run: [AcronisTimounterMonitor] "C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe"
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp /HIDEBL
O4 - Global Startup: Acrobat Assistant.lnk = D:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: dlbcserv.lnk = C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: Post-itR Software Notes Lite.lnk = D:\Program Files\3M\PSNLite\PsnLite.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: Aa·N??2EEOAμ3?A÷3cOUIs1U?’ - {022C4009-5283-4365-97BF-144054B40E2E} - http://itv.mop.com (file missing)
O9 - Extra 'Tools' menuitem: 2￥°OμcEO - {022C4009-5283-4365-97BF-144054B40E2E} - http://itv.mop.com (file missing)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: The Weather Channel - {2E5E800E-6AC0-411E-940A-369530A35E43} - (no file)
O9 - Extra 'Tools' menuitem: The Weather Channel - {2E5E800E-6AC0-411E-940A-369530A35E43} - (no file)
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: D.S.Lite - {F8475519-8412-4D40-A46E-692D9D04DF7F} - D:\Downloads\dsl\DSLite.exe
O9 - Extra 'Tools' menuitem: &D.S.Lite - {F8475519-8412-4D40-A46E-692D9D04DF7F} - D:\Downloads\dsl\DSLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: TVShortcutCAB - http://att.mobitv.com/TVShortcut.CAB
O16 - DPF: {0AE0F5F9-8233-49A4-A3C8-004CE190787B} (BMSpeedCheck Control) - http://www.pdbox.co.kr/boxmedia/ctrl_down/BMSpeedCheck.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {39D420B3-E0EB-424C-89AA-C24F8DE7EF79} (KooPlayer Control) - http://www.vivitv.com/KooPlayer.ocx
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {CBD8B1CB-2F5F-415F-93E8-A297B33DCBB2} (CentrinoCheck Control) - http://entriq.vo.llnwd.net/o1/NBCUniversal/cabs/cpucheck_1_0_0_5.cab
O16 - DPF: {CE7D2BF2-D173-4CE2-9DAF-15EA153B5B43} - http://entriq.vo.llnwd.net/o1/NBCUniversal/cabs/Entriq_3_4_0_15_Silent.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DE0FB644-C59B-46D1-B650-88BA945BC98F} - http://entriq.vo.llnwd.net/o1/NBCUniversal/cabs/NBCUniversal_1_0_0_3.cab
O16 - DPF: {DF7E9E9B-A7D8-4B2C-82E0-AC630D9594A5} (JSUpdaterAx Control) - http://www.jceports.com/_app/cab/JSUpdaterAX.cab
O16 - DPF: {FEE1002D-90A5-4A5D-AABE-01803FFBCF7A} (pCastPanel Class) - http://ps.itv.mop.com/dn/files/pCastCtl_1.0.0.87_20060601.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel File Transfer - IntelR Corporation - C:\WINDOWS\system32\cba\xfr.exe
O23 - Service: Intel PDS - IntelR Corporation - C:\WINDOWS\system32\cba\pds.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe





Would you recommend any anti-virus and spyware softwares that I should buy?
Would spybot alone be good enough?
Should I uninstall all the software that I have installed when I performed the task above?

I would like to have advices from an expert like you !

Thank you so much for helping.

 

[teacup61]

Hello,

SpySweeper is the trial version, so you can uninstall it.

The following are not malware, but fixing them with HijackThis will improve your system's speed, and your bootup time will be a lot quicker. None are necessary at startup, and may be started manually at any time. This is up to you.

Please run HijackThis! and click "Scan." Place checks next to the following entries, if present:

O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] "C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /SYNC
O4 - HKLM\..\Run: [PHIME2002A] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /IMEName
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HostManager] "C:\Program Files\Common Files\AOL\1140810325\ee\AOLSoftware.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Profiler] "C:\Program Files\Saitek\Software\Profiler.exe"
O4 - HKLM\..\Run: [TrueImageMonitor.exe] "C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"

Close all browsers and other windows except for HijackThis!, and click "Fix Checked".

Reboot your computer and see if it's faster now.

You don't have to buy programs to keep your computer protected! Everything I use to protect my computer is free, and just as good (In some cases BETTER) than programs you have to pay for.

Your log looks clean again, so it's time for those recommendations anyway.

Below I have included a number of recommendations on how to protect your computer in order to prevent future malware infections. Please take these recommendations seriously! These few simple steps can stave off the vast majority of spyware problems.

AVG, Avira OR Avast are good FREE antivirus.

Some good free Firewalls are :
http://www.sunbelt-software.com/Kerio-Download.cfm
http://www.agnitum.com/products/outpostfree/index.php
http://www.zonelabs.com/store/content/company/products/znalm/freeDownload.jsp?lid=staticcomp_za

In order to protect yourself against spyware, you should consider installing and running the following free programs:

SpywareBlaster
A tutorial on using SpywareBlaster to prevent spyware from ever installing on your computer may be found here.

SpywareGuard
A tutorial on using SpywareGuard for realtime protection against spyware and hijackers may be found here.

Spybot-Search & Destroy
A tutorial on using Spybot to remove spyware from your computer may be found here. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features.

IE/Spyad:
It places over 5000 malicious websites and domains in your IE's restricted zone.
IE/Spyad

Make sure to keep these programs up-to-date and to run them regularly, as this can prevent a great deal of spyware hassle.

* Avoid illegal sites, because that's where most malware is present.
* Don't click on links inside popups.
* Don't click on links in spam messages claiming to offer anti-spyware software; because most of these so called removers ARE spyware.
* Download free software only from sites you know and trust. A lot of free software can bundle other software, including spyware.

Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in popup blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from here:
http://www.mozilla.org/products/firefox/

Please make sure to run your antivirus software regularly, and to keep it up-to-date.

If all is good still, then we're done here. :bigthumb:

Take care, and surf safe!
tea

 

[mhl23]

Hi,

I have some more questions.
I currently have Symantic Antivirus,
and installed Spybot Search & Destry and Teatime.
and IE/Spyad

Do i need to install both AVG and SpywareGuard at the same time?
or Tea time is good enough, and i don't need AVG and SpywareGuard?

I read that running multiple antivirus and adware programs are not good.

Please let me know what I should do.

I like to use IE because Mozilla wont' let me use the "back" button on my MX revolution mouse. and i love that button.
it might sound silly, but the button is really convenient.

THanks again for all your help !

 

[teacup61]

Only use one AntiVirus on your system. What you heard is right....more than one AntiVirus will cause instability, and they won't be able to function at their best.

In your example, are you wanting to run AVG AntiVirus and Spyware Guard? That will be fine, if that's what you're asking. You could also run IE Spyad and Spybot with them and still be all right....just don't over do it

It's not silly....you like what you like. Just be careful with IE....nothing is perfect, but IE is more targetted than others.

 

[mhl23]

I would like to know if I am running spybot search &destroy and TeaTime.
Do I need SpywareGuard? Because I think that TeaTimer and SpywareGuard are kinda doing the same thing?

Also, I have the Symantic Antivirus, then, do I need AVG anti-spyware?
Because I have AVG Anti spyware, not AVG AntiVirus.

So, what I wanna run is this:
Symantic AntiVirus Client, Spybot Search & Destroy with TeaTimer.
and IE/Spyad.

Does this sound good? or maybe I should go with another setup?

Thanks

 

[teacup61]

So, what I wanna run is this:
Symantic AntiVirus Client, Spybot Search & Destroy with TeaTimer.
and IE/Spyad.

I see now....thank you for clarifying. Sounds good. :bigthumb: Add one of the firewalls to it that I recommended, and that ought to do it....and be safe, of course. Be careful where you go.


Regards,
tea

 

[mhl23]

Just to wanna say Thanks!
Thanks for all the help!

 

[teacup61]

You're most welcome! :greeting: