Need help with HijackThis Log.. Thanks!

Started by Nwanda, Jun 14 2007 08:26 AM

You cannot reply to this topic

12 replies to this topic

#1 OFFLINE Nwanda

Newbie

Members
9 posts

Posted 14 June 2007 - 08:26 AM

Hi. My startup's slower than I'd like it to be and recently, I could have accidentally installed some malware on my comp while downloading something. I've ran SpyBot but I want to be entirely sure my comp's clean.

Would also like to speed up my startup. Pls advice.

Thanks!

Logfile of HijackThis v1.99.1
Scan saved at 3:55:37 PM, on 14/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\j3241931.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\samsung\Samsung Network Manager\SNMWLANService.exe
C:\Program Files\SRS Labs\WOWXT and TSXT Driver\SRS_PostInstaller.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Samsung\Samsung Battery Manager\BatteryManager.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\Samsung\DisplayManager\DisplayManager.exe
C:\Program Files\SAMSUNG\MagicKBD\MagicKBD.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\igfxext.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Mingwei\My Documents\Setups\utorrent.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.singnet.com.sg:8080
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [Starter] C:\WINDOWS\System32\Starter.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [MagicKeyboard] C:\Program Files\SAMSUNG\MagicKBD\PreMKBD.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [BatteryManager] C:\Program Files\Samsung\Samsung Battery Manager\BatteryManager.exe
O4 - HKLM\..\Run: [DisplayManager] C:\Program Files\Samsung\DisplayManager\DMLoader.exe
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Explorer] C:\WINDOWS\iexplorer.exe
O4 - HKLM\..\Run: [GPLv3] rundll32.exe "C:\WINDOWS\system32\armwnmpu.dll",realset
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [µTorrent] "C:\Documents and Settings\Mingwei\My Documents\Setups\utorrent.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/...UI.cab55579.cab
O16 - DPF: {1EF9F042-C2EB-4293-8213-474CAEEF531D} (TmHcmsX Control) - http://www.trendsecure.com/framework/contr...vex/TmHcmsX.CAB
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/...dy.cab55579.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/...at.cab55579.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zon...1/GAME_UNO1.cab
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotion...anner371180.cab
O16 - DPF: {8C279F4E-917E-4CD2-8DF0-D9C73C0CE763} (ZPA_WheelOfFortune Object) - http://zone.msn.com/...of.cab55579.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zon...ot.cab57213.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/...xy.cab55579.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: dns cache reader (DNSCacheReader) - Unknown owner - C:\WINDOWS\system32\j3241931.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Samsung Update Plus - Unknown owner - C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SNM WLAN Service - Unknown owner - C:\Program Files\samsung\Samsung Network Manager\SNMWLANService.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SRS PostInstaller Service (SRS_PostInstaller) - SRS Labs, Inc. - C:\Program Files\SRS Labs\WOWXT and TSXT Driver\SRS_PostInstaller.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

#2 OFFLINE rridgely

I hate computers

Moderators
8,858 posts

Gender:Male

Posted 14 June 2007 - 09:11 PM

Welcome to the forum.

Please download VundoFix.exe
to your desktop.

Double-click VundoFix.exe to run it.
Click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will reboot your computer, click OK.
Please post the contents of C:\vundofix.txt into your next reply

Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above
instructions starting from "Click the Scan for Vundo button." when
VundoFix appears at reboot.

Post the vundofix log and a new hijackthis log.

#3 OFFLINE Nwanda

Newbie

Members
9 posts

Posted 15 June 2007 - 12:38 PM

Hi. Thanks for the prompt reply. Here are the results:

VundoFix log

VundoFix V6.5.0

Checking Java version...

Java version is 1.5.0.10

Java version is 1.5.0.11

Scan started at 7:16:38 PM 15/06/2007

Listing files found while scanning....

C:\windows\system32\eovnjqhh.exe
C:\windows\system32\flrhjpsr.exe
C:\WINDOWS\system32\gebyy.dll
C:\windows\system32\j3241931.exe
C:\windows\system32\qdwfdaal.dll
C:\windows\system32\yayabyw.dll
C:\WINDOWS\system32\yybeg.bak1
C:\WINDOWS\system32\yybeg.bak2
C:\windows\system32\yybeg.ini

Beginning removal...

Attempting to delete C:\windows\system32\eovnjqhh.exe
C:\windows\system32\eovnjqhh.exe Has been deleted!

Attempting to delete C:\windows\system32\flrhjpsr.exe
C:\windows\system32\flrhjpsr.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\gebyy.dll
C:\WINDOWS\system32\gebyy.dll Has been deleted!

Attempting to delete C:\windows\system32\j3241931.exe
C:\windows\system32\j3241931.exe Could not be deleted.

Attempting to delete C:\windows\system32\qdwfdaal.dll
C:\windows\system32\qdwfdaal.dll Has been deleted!

Attempting to delete C:\windows\system32\yayabyw.dll
C:\windows\system32\yayabyw.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\yybeg.bak1
C:\WINDOWS\system32\yybeg.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\yybeg.bak2
C:\WINDOWS\system32\yybeg.bak2 Has been deleted!

Attempting to delete C:\windows\system32\yybeg.ini
C:\windows\system32\yybeg.ini Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\windows\system32\j3241931.exe
C:\windows\system32\j3241931.exe Could not be deleted.

Performing Repairs to the registry.
Done!

Beginning removal...

HijackThis log

Logfile of HijackThis v1.99.1
Scan saved at 8:34:31 PM, on 15/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\j3241931.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\samsung\Samsung Network Manager\SNMWLANService.exe
C:\Program Files\SRS Labs\WOWXT and TSXT Driver\SRS_PostInstaller.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Samsung\Samsung Battery Manager\BatteryManager.exe
C:\Program Files\SAMSUNG\MagicKBD\MagicKBD.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\Samsung\DisplayManager\DisplayManager.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Mingwei\My Documents\Setups\utorrent.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\PROGRA~1\NORTON~1\Navw32.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.singnet.com.sg:8080
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5ADF3862-9E2E-4ad3-86F7-4510E6550CD0} - C:\WINDOWS\system32\kdsvowps.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8A61098D-612B-4EF2-943D-64E920684061} - C:\WINDOWS\system32\yayabyw.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {B4E10D6D-5C9E-4A14-8484-59ECBBF87A87} - C:\WINDOWS\system32\gebyy.dll (file missing)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [Starter] C:\WINDOWS\System32\Starter.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [MagicKeyboard] C:\Program Files\SAMSUNG\MagicKBD\PreMKBD.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [BatteryManager] C:\Program Files\Samsung\Samsung Battery Manager\BatteryManager.exe
O4 - HKLM\..\Run: [DisplayManager] C:\Program Files\Samsung\DisplayManager\DMLoader.exe
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Explorer] C:\WINDOWS\iexplorer.exe
O4 - HKLM\..\Run: [GPLv3] rundll32.exe "C:\WINDOWS\system32\epghbkra.dll",realset
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [µTorrent] "C:\Documents and Settings\Mingwei\My Documents\Setups\utorrent.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/...UI.cab55579.cab
O16 - DPF: {1EF9F042-C2EB-4293-8213-474CAEEF531D} (TmHcmsX Control) - http://www.trendsecure.com/framework/contr...vex/TmHcmsX.CAB
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/...dy.cab55579.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/...at.cab55579.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zon...1/GAME_UNO1.cab
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotion...anner371180.cab
O16 - DPF: {8C279F4E-917E-4CD2-8DF0-D9C73C0CE763} (ZPA_WheelOfFortune Object) - http://zone.msn.com/...of.cab55579.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zon...ot.cab57213.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/...xy.cab55579.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winwil32 - C:\WINDOWS\SYSTEM32\winwil32.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: dns cache reader (DNSCacheReader) - Unknown owner - C:\WINDOWS\system32\j3241931.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Samsung Update Plus - Unknown owner - C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SNM WLAN Service - Unknown owner - C:\Program Files\samsung\Samsung Network Manager\SNMWLANService.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SRS PostInstaller Service (SRS_PostInstaller) - SRS Labs, Inc. - C:\Program Files\SRS Labs\WOWXT and TSXT Driver\SRS_PostInstaller.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

#4 OFFLINE rridgely

I hate computers

Moderators
8,858 posts

Gender:Male

Posted 16 June 2007 - 06:55 AM

Nicely done but this computer still is really infected.
I want you to follow my spyware removal guide here:
http://forum.pirifor...?showtopic=6329

Come back with all of the reports and post them in your next reply.
Here is a checklist:

Bitdefender
AVG Antispyware
Superantispyware
Fresh Hijackthis log taken after all 3 scans

Do not run them at the same time. Do them one after the other.

#5 OFFLINE Nwanda

Newbie

Members
9 posts

Posted 17 June 2007 - 01:14 PM

I redid the Bitdefender scan because I didn't save the log for the 1st scan. This is the log for the 2nd scan.

Here are the reports:

Bitdefender

<HTML>
<HEAD>
<TITLE>BitDefender Online Scanner -Scan Report</TITLE>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
<meta name="generator" content="Namo WebEditor v5.0(Trial)">
</HEAD>
<BODY BGCOLOR=#FFFFFF leftmargin="10" marginwidth="0" topmargin="20" marginheight="0" >

<table align="center" border="0" cellpadding="0" cellspacing="0" width="90%">
<tr>
<td width="458">
BitDefender
Online Scanner
</td>
<td width="40%">
 
</td>
<td width="10%">
 
</td>
</tr>
<tr>
<td colspan="3" width="912">
Scan report generated
at: Sun, Jun 17, 2007 - 14:41:30
</td>
</tr>

<tr>
<td width="458">
 
</td>
<td width="40%">
 
</td>
<td width="10%">
 
</td>
</tr>

<tr>
<td width="458">
Scan
path: C:\;D:\;
</td>
<td width="40%">
 
</td>
<td width="10%">
 
</td>
</tr>

<tr>
<td width="458">
 
</td>
<td width="40%">
 
</td>
<td width="10%">
 
</td>
</tr>

<tr>
<td width="458">
<table border="1" cellspacing="0" bordercolordark="white" bordercolorlight="black" width="100%">
<tr>
<td width="451" colspan="2" bgcolor="#CCCCCC">
Statistics
</td>
</tr>
<tr>
<td width="57%">
Time
</td>
<td width="43%" align="right">
01:16:15
</td>
</tr>
<tr>
<td width="57%">
Files
</td>
<td width="43%" align="right">
348744
</td>
</tr>
<tr>
<td width="57%">
Folders
</td>
<td width="43%" align="right">
5828
</td>
</tr>
<tr>
<td width="57%">
Boot Sectors
</td>
<td width="43%" align="right">
3
</td>
</tr>
<tr>
<td width="57%">
Archives
</td>
<td width="43%" align="right">
8080
</td>
</tr>
<tr>
<td width="57%">
Packed Files
</td>
<td width="43%" align="right">
29209
</td>
</tr>
</table>
</td>
<td width="40%">
 
</td>
<td width="10%">
 
</td>
</tr>

<tr>
<td width="458">
<table border="1" cellspacing="0" bordercolordark="white" bordercolorlight="black" width="100%">
<tr>
<td width="451" colspan="2" bgcolor="#CCCCCC">
Results
</td>
</tr>
<tr>
<td width="57%">
Identified Viruses 
</td>
<td width="43%" align="right">
7
</td>
</tr>
<tr>
<td width="57%">
Infected Files 
</td>
<td width="43%" align="right">
7
</td>
</tr>
<tr>
<td width="57%">
Suspect Files 
</td>
<td width="43%" align="right">
1
</td>
</tr>
<tr>
<td width="57%">
Warnings
</td>
<td width="43%" align="right">
0
</td>
</tr>
<tr>
<td width="57%">
Disinfected
</td>
<td width="43%" align="right">
0
</td>
</tr>
<tr>
<td width="57%">
Deleted Files
</td>
<td width="43%" align="right">
7
</td>
</tr>
</table>
</td>
<td width="40%">
 
</td>
<td width="10%">
 
</td>
</tr>

<tr>
<td width="458">
<table border="1" cellspacing="0" bordercolordark="white" bordercolorlight="black" width="100%">
<tr>
<td width="451" colspan="2" bgcolor="#CCCCCC">
Engines Info
</td>
</tr>
<tr>
<td width="57%">
Virus Definitions
</td>
<td width="43%" align="right">
514000
</td>
</tr>
<tr>
<td width="57%">
Engine build
</td>
<td width="43%" align="right">
AVCORE v1.0 (build 2410) (i386) (Jun 12 2007 21:08:27)
</td>
</tr>
<tr>
<td width="57%">
Scan plugins
</td>
<td width="43%" align="right">
14
</td>
</tr>
<tr>
<td width="57%">
Archive plugins
</td>
<td width="43%" align="right">
38
</td>
</tr>
<tr>
<td width="57%">
Unpack plugins
</td>
<td width="43%" align="right">
6
</td>
</tr>
<tr>
<td width="57%">
E-mail plugins
</td>
<td width="43%" align="right">
6
</td>
</tr>
<tr>
<td width="57%">
System plugins
</td>
<td width="43%" align="right">
1
</td>
</tr>
</table>
</td>
<td width="40%">
 
</td>
<td width="10%">
 
</td>
</tr>

<tr>
<td width="458">
<table border="1" cellspacing="0" bordercolordark="white" bordercolorlight="black" width="100%">
<tr>
<td width="451" colspan="2" bgcolor="#CCCCCC">
Scan Settings
</td>
</tr>
<tr>
<td width="57%">
First Action
</td>
<td width="43%" align="right">
Disinfect
</td>
</tr>
<tr>
<td width="57%">
Second Action
</td>
<td width="43%" align="right">
Delete
</td>
</tr>
<tr>
<td width="57%">
Heuristics
</td>
<td width="43%" align="right">
Yes
</td>
</tr>
<tr>
<td width="57%">
Enable Warnings
</td>
<td width="43%" align="right">
Yes
</td>
</tr>
<tr>
<td width="57%">
Scanned Extensions
</td>
<td width="43%" align="right">
*;
</td>
</tr>

<tr>
<td width="57%">
Exclude Extensions
</td>
<td width="43%" align="right">
 
</td>
</tr>
<tr>
<td width="57%">
Scan Emails
</td>
<td width="43%" align="right">
Yes
</td>
</tr>
<tr>
<td width="57%">
Scan Archives
</td>
<td width="43%" align="right">
Yes
</td>
</tr>
<tr>
<td width="57%">
Scan Packed
</td>
<td width="43%" align="right">
Yes
</td>
</tr>
<tr>
<td width="57%">
Scan Files
</td>
<td width="43%" align="right">
Yes
</td>
</tr>
<tr>
<td width="57%">
Scan Boot
</td>
<td width="43%" align="right">
Yes
</td>
</tr>
</table>
</td>
<td width="40%">
 
</td>
<td width="10%">
 
</td>
</tr>

<tr>
<td colspan=2>
<table border="1" cellspacing="0" bordercolordark="white" bordercolorlight="black" width="100%">
<tr>
<td width="252" bgcolor="#CCCCCC">
Scanned File
</td>
<td width="195" bgcolor="#CCCCCC" align="right">
 Status
</td>
</tr>
<tr>
<td width="57%">
C:\Documents and Settings\Mingwei\My Documents\Setups\Nero_7.8.5.0_Premium_keygen.exe=>(RAR Sfx o)=>keygen.exe
</td>
<td width="43%" align="left">
Infected with: Trojan.Vundo.DMA
</td>
</tr><tr>
<td width="57%">
C:\Documents and Settings\Mingwei\My Documents\Setups\Nero_7.8.5.0_Premium_keygen.exe=>(RAR Sfx o)=>keygen.exe
</td>
<td width="43%" align="left">
Disinfection failed
</td>
</tr><tr>
<td width="57%">
C:\Documents and Settings\Mingwei\My Documents\Setups\Nero_7.8.5.0_Premium_keygen.exe=>(RAR Sfx o)=>keygen.exe
</td>
<td width="43%" align="left">
Deleted
</td>
</tr><tr>
<td width="57%">
C:\Documents and Settings\Mingwei\My Documents\Setups\Nero_7.8.5.0_Premium_keygen.exe=>(RAR Sfx o)
</td>
<td width="43%" align="left">
Update failed
</td>
</tr><tr>
<td width="57%">
C:\Documents and Settings\Mingwei\My Documents\Setups\Nero_7.8.5.0_Premium_keygen.exe=>(RAR Sfx o)=>crack.exe
</td>
<td width="43%" align="left">
Infected with: Generic.Malware.dld!!.D9E1AFE9
</td>
</tr><tr>
<td width="57%">
C:\Documents and Settings\Mingwei\My Documents\Setups\Nero_7.8.5.0_Premium_keygen.exe=>(RAR Sfx o)=>crack.exe
</td>
<td width="43%" align="left">
Disinfection failed
</td>
</tr><tr>
<td width="57%">
C:\Documents and Settings\Mingwei\My Documents\Setups\Nero_7.8.5.0_Premium_keygen.exe=>(RAR Sfx o)=>crack.exe
</td>
<td width="43%" align="left">
Deleted
</td>
</tr><tr>
<td width="57%">
C:\Documents and Settings\Mingwei\My Documents\Setups\Nero_7.8.5.0_Premium_keygen.exe=>(RAR Sfx o)
</td>
<td width="43%" align="left">
Update failed
</td>
</tr><tr>
<td width="57%">
C:\Documents and Settings\Mingwei\My Documents\Setups\Nero_7.8.5.0_Premium_keygen.exe=>(RAR Sfx o)=>install.exe
</td>
<td width="43%" align="left">
Infected with: Trojan.Downloader.Agent.YEG
</td>
</tr><tr>
<td width="57%">
C:\Documents and Settings\Mingwei\My Documents\Setups\Nero_7.8.5.0_Premium_keygen.exe=>(RAR Sfx o)=>install.exe
</td>
<td width="43%" align="left">
Disinfection failed
</td>
</tr><tr>
<td width="57%">
C:\Documents and Settings\Mingwei\My Documents\Setups\Nero_7.8.5.0_Premium_keygen.exe=>(RAR Sfx o)=>install.exe
</td>
<td width="43%" align="left">
Deleted
</td>
</tr><tr>
<td width="57%">
C:\Documents and Settings\Mingwei\My Documents\Setups\Nero_7.8.5.0_Premium_keygen.exe=>(RAR Sfx o)
</td>
<td width="43%" align="left">
Update failed
</td>
</tr><tr>
<td width="57%">
C:\Program Files\Norton AntiVirus\Quarantine\635149F9=>(Quarantine-2)
</td>
<td width="43%" align="left">
Infected with: Worm.RJump.J
</td>
</tr><tr>
<td width="57%">
C:\Program Files\Norton AntiVirus\Quarantine\635149F9=>(Quarantine-2)
</td>
<td width="43%" align="left">
Disinfection failed
</td>
</tr><tr>
<td width="57%">
C:\Program Files\Norton AntiVirus\Quarantine\635149F9=>(Quarantine-2)
</td>
<td width="43%" align="left">
Deleted
</td>
</tr><tr>
<td width="57%">
C:\Program Files\Norton AntiVirus\Quarantine\Incoming\AP0
</td>
<td width="43%" align="left">
Suspected of: Worm.RJump.A
</td>
</tr><tr>
<td width="57%">
C:\Program Files\Norton AntiVirus\Quarantine\Incoming\AP0
</td>
<td width="43%" align="left">
Disinfection failed
</td>
</tr><tr>
<td width="57%">
C:\Program Files\Norton AntiVirus\Quarantine\Incoming\AP0
</td>
<td width="43%" align="left">
Deleted
</td>
</tr><tr>
<td width="57%">
C:\System Volume Information\_restore{02C0D5F4-73DB-4B54-88B9-8D20EF01B553}\RP155\A0035546.dll
</td>
<td width="43%" align="left">
Infected with: DeepScan:Generic.Malware.dld!Z.BBC28D08
</td>
</tr><tr>
<td width="57%">
C:\System Volume Information\_restore{02C0D5F4-73DB-4B54-88B9-8D20EF01B553}\RP155\A0035546.dll
</td>
<td width="43%" align="left">
Disinfection failed
</td>
</tr><tr>
<td width="57%">
C:\System Volume Information\_restore{02C0D5F4-73DB-4B54-88B9-8D20EF01B553}\RP155\A0035546.dll
</td>
<td width="43%" align="left">
Deleted
</td>
</tr><tr>
<td width="57%">
C:\WINDOWS\system32\j3241931.exe
</td>
<td width="43%" align="left">
Infected with: Trojan.Small.NCV
</td>
</tr><tr>
<td width="57%">
C:\WINDOWS\system32\j3241931.exe
</td>
<td width="43%" align="left">
Disinfection failed
</td>
</tr><tr>
<td width="57%">
C:\WINDOWS\system32\j3241931.exe
</td>
<td width="43%" align="left">
Delete failed
</td>
</tr><tr>
<td width="57%">
C:\WINDOWS\system32\winwil32.dll
</td>
<td width="43%" align="left">
Infected with: Trojan.Dialer.QN
</td>
</tr><tr>
<td width="57%">
C:\WINDOWS\system32\winwil32.dll
</td>
<td width="43%" align="left">
Disinfection failed
</td>
</tr><tr>
<td width="57%">
C:\WINDOWS\system32\winwil32.dll
</td>
<td width="43%" align="left">
Delete failed
</td>
</tr>
</table>
</td>

<td width="10%">
 
</td>
</tr>

<tr>
<td width="458">
 
</td>
<td width="40%">
 
</td>
<td width="10%">
 
</td>
</tr>

<tr>
<td width="458">
 
</td>
<td width="40%">
 
</td>
<td width="10%">
 
</td>
</tr>

</table>
 

</body>
</html>

SuperAntispyware

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 06/17/2007 at 06:06 PM

Application Version : 3.8.1002

Core Rules Database Version : 3256
Trace Rules Database Version: 1267

Scan type : Complete Scan
Total Scan Time : 00:51:34

Memory items scanned : 385
Memory threats detected : 1
Registry items scanned : 5482
Registry threats detected : 31
File items scanned : 37876
File threats detected : 30

Trojan.Mezzia/Resident
C:\WINDOWS\SYSTEM32\WINWIL32.DLL
C:\WINDOWS\SYSTEM32\WINWIL32.DLL

Unclassified.Unknown Origin
HKLM\Software\Classes\CLSID\{5ADF3862-9E2E-4ad3-86F7-4510E6550CD0}
HKCR\CLSID\{5ADF3862-9E2E-4AD3-86F7-4510E6550CD0}
HKCR\CLSID\{5ADF3862-9E2E-4AD3-86F7-4510E6550CD0}\InprocServer32
HKCR\CLSID\{5ADF3862-9E2E-4AD3-86F7-4510E6550CD0}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\KDSVOWPS.DLL
HKLM\Software\Classes\CLSID\{8A61098D-612B-4EF2-943D-64E920684061}
HKCR\CLSID\{8A61098D-612B-4EF2-943D-64E920684061}
HKCR\CLSID\{8A61098D-612B-4EF2-943D-64E920684061}\InprocServer32
HKCR\CLSID\{8A61098D-612B-4EF2-943D-64E920684061}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\YAYABYW.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5ADF3862-9E2E-4ad3-86F7-4510E6550CD0}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8A61098D-612B-4EF2-943D-64E920684061}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks#{8A61098D-612B-4EF2-943D-64E920684061}
HKCR\CLSID\{5ADF3862-9E2E-4AD3-86F7-4510E6550CD0}
HKCR\CLSID\{8A61098D-612B-4EF2-943D-64E920684061}

Adware.Vundo Variant
HKLM\Software\Classes\CLSID\{B4E10D6D-5C9E-4A14-8484-59ECBBF87A87}
HKCR\CLSID\{B4E10D6D-5C9E-4A14-8484-59ECBBF87A87}
HKCR\CLSID\{B4E10D6D-5C9E-4A14-8484-59ECBBF87A87}\InprocServer32
HKCR\CLSID\{B4E10D6D-5C9E-4A14-8484-59ECBBF87A87}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\GEBYY.DLL
HKLM\Software\Classes\CLSID\{E12BFF69-38A7-406e-A8EF-2738107A7831}
HKCR\CLSID\{E12BFF69-38A7-406E-A8EF-2738107A7831}
HKCR\CLSID\{E12BFF69-38A7-406E-A8EF-2738107A7831}\InprocServer32
HKCR\CLSID\{E12BFF69-38A7-406E-A8EF-2738107A7831}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\QDWFDAAL.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4E10D6D-5C9E-4A14-8484-59ECBBF87A87}
HKCR\CLSID\{E12BFF69-38A7-406E-A8EF-2738107A7831}

Trojan.Net-NanoKill
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler#{8D5849A2-93F3-429D-FF34-260A2068897C}

Adware.Tracking Cookie
C:\Documents and Settings\Mingwei\Cookies\mingwei@adbrite[1].txt
C:\Documents and Settings\Mingwei\Cookies\mingwei@pcstats[1].txt
C:\Documents and Settings\Mingwei\Cookies\mingwei@bs.serving-sys[1].txt
C:\Documents and Settings\Mingwei\Cookies\mingwei@ads.pointroll[2].txt
C:\Documents and Settings\Mingwei\Cookies\mingwei@adtech[2].txt
C:\Documents and Settings\Mingwei\Cookies\mingwei@tribalfusion[2].txt
C:\Documents and Settings\Mingwei\Cookies\mingwei@tacoda[1].txt
C:\Documents and Settings\Mingwei\Cookies\mingwei@data3.perf.overture[1].txt
C:\Documents and Settings\Mingwei\Cookies\mingwei@questionmarket[2].txt
C:\Documents and Settings\Mingwei\Cookies\mingwei@sixapart.adbureau[1].txt
C:\Documents and Settings\Mingwei\Cookies\mingwei@paypal.112.2o7[1].txt
C:\Documents and Settings\Mingwei\Cookies\mingwei@ad.uk.tangozebra[1].txt
C:\Documents and Settings\Mingwei\Cookies\mingwei@2o7[2].txt
C:\Documents and Settings\Mingwei\Cookies\mingwei@ads.auctionads[1].txt
C:\Documents and Settings\Mingwei\Cookies\mingwei@metacafe.122.2o7[1].txt
C:\Documents and Settings\Mingwei\Cookies\mingwei@perf.overture[1].txt
C:\Documents and Settings\Mingwei\Cookies\mingwei@multiply.112.2o7[1].txt
C:\Documents and Settings\Mingwei\Cookies\mingwei@mediaplex[1].txt
C:\Documents and Settings\Mingwei\Cookies\mingwei@trafficmp[2].txt
C:\Documents and Settings\Mingwei\Cookies\mingwei@cpvfeed[2].txt
C:\Documents and Settings\Mingwei\Cookies\mingwei@imrworldwide[1].txt
C:\Documents and Settings\Mingwei\Cookies\mingwei@serving-sys[1].txt
C:\Documents and Settings\Mingwei\Cookies\mingwei@msnportal.112.2o7[1].txt
C:\Documents and Settings\Mingwei\Cookies\mingwei@realmedia[2].txt
C:\Documents and Settings\Mingwei\Cookies\mingwei@3.adbrite[1].txt

Trojan.Unknown Origin
HKLM\SOFTWARE\Microsoft\MSSMGR
HKLM\SOFTWARE\Microsoft\MSSMGR#Brnd
HKLM\SOFTWARE\Microsoft\MSSMGR#BPTV
HKLM\SOFTWARE\Microsoft\MSSMGR#LSTV
HKLM\SOFTWARE\Microsoft\MSSMGR#PSTV
HKLM\SOFTWARE\Microsoft\MSSMGR#BSTV
HKLM\SOFTWARE\Microsoft\MSSMGR#SSTV

AVG

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 8:11:59 PM 17/06/2007

+ Scan result:

C:\System Volume Information\_restore{02C0D5F4-73DB-4B54-88B9-8D20EF01B553}\RP148\A0032277.exe -> Adware.Softomate : Ignored.
C:\Documents and Settings\Mingwei\My Documents\Setups\Nero_7.8.5.0_Premium_keygen.exe/keygen.exe -> Adware.Virtumonde : Ignored.
:mozilla.347:C:\Documents and Settings\Mingwei\Application Data\Mozilla\Firefox\Profiles\80vtm25p.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.348:C:\Documents and Settings\Mingwei\Application Data\Mozilla\Firefox\Profiles\80vtm25p.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.349:C:\Documents and Settings\Mingwei\Application Data\Mozilla\Firefox\Profiles\80vtm25p.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.350:C:\Documents and Settings\Mingwei\Application Data\Mozilla\Firefox\Profiles\80vtm25p.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.351:C:\Documents and Settings\Mingwei\Application Data\Mozilla\Firefox\Profiles\80vtm25p.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.357:C:\Documents and Settings\Mingwei\Application Data\Mozilla\Firefox\Profiles\80vtm25p.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.445:C:\Documents and Settings\Mingwei\Application Data\Mozilla\Firefox\Profiles\80vtm25p.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.533:C:\Documents and Settings\Mingwei\Application Data\Mozilla\Firefox\Profiles\80vtm25p.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.204:C:\Documents and Settings\Mingwei\Application Data\Mozilla\Firefox\Profiles\80vtm25p.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.205:C:\Documents and Settings\Mingwei\Application Data\Mozilla\Firefox\Profiles\80vtm25p.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.259:C:\Documents and Settings\Mingwei\Application Data\Mozilla\Firefox\Profiles\80vtm25p.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.260:C:\Documents and Settings\Mingwei\Application Data\Mozilla\Firefox\Profiles\80vtm25p.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.271:C:\Documents and Settings\Mingwei\Application Data\Mozilla\Firefox\Profiles\80vtm25p.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.272:C:\Documents and Settings\Mingwei\Application Data\Mozilla\Firefox\Profiles\80vtm25p.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.277:C:\Documents and Settings\Mingwei\Application Data\Mozilla\Firefox\Profiles\80vtm25p.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.278:C:\Documents and Settings\Mingwei\Application Data\Mozilla\Firefox\Profiles\80vtm25p.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.279:C:\Documents and Settings\Mingwei\Application Data\Mozilla\Firefox\Profiles\80vtm25p.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.238:C:\Documents and Settings\Mingwei\Application Data\Mozilla\Firefox\Profiles\80vtm25p.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.430:C:\Documents and Settings\Mingwei\Application Data\Mozilla\Firefox\Profiles\80vtm25p.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.431:C:\Documents and Settings\Mingwei\Application Data\Mozilla\Firefox\Profiles\80vtm25p.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.432:C:\Documents and Settings\Mingwei\Application Data\Mozilla\Firefox\Profiles\80vtm25p.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.438:C:\Documents and Settings\Mingwei\Application Data\Mozilla\Firefox\Profiles\80vtm25p.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.440:C:\Documents and Settings\Mingwei\Application Data\Mozilla\Firefox\Profiles\80vtm25p.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.126:C:\Documents and Settings\Mingwei\Application Data\Mozilla\Firefox\Profiles\80vtm25p.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.127:C:\Documents and Settings\Mingwei\Application Data\Mozilla\Firefox\Profiles\80vtm25p.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.128:C:\Documents and Settings\Mingwei\Application Data\Mozilla\Firefox\Profiles\80vtm25p.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.129:C:\Documents and Settings\Mingwei\Application Data\Mozilla\Firefox\Profiles\80vtm25p.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.130:C:\Documents and Settings\Mingwei\Application Data\Mozilla\Firefox\Profiles\80vtm25p.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.131:C:\Documents and Settings\Mingwei\Application Data\Mozilla\Firefox\Profiles\80vtm25p.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.132:C:\Documents and Settings\Mingwei\Application Data\Mozilla\Firefox\Profiles\80vtm25p.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.133:C:\Documents and Settings\Mingwei\Application Data\Mozilla\Firefox\Profiles\80vtm25p.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.597:C:\Documents and Settings\Mingwei\Application Data\Mozilla\Firefox\Profiles\80vtm25p.default\cookies.txt -> TrackingCookie.Clickhype : Cleaned.
:mozilla.237:C:\Documents and Settings\Mingwei\Application Data\Mozilla\Firefox\Profiles\80vtm25p.default\cookies.txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\Mingwei\Cookies\mingwei@com[1].txt -> TrackingCookie.Com : Cleaned.
:mozilla.155:C:\Documents and Settings\Mingwei\Application Data\Mozilla\Firefox\Profiles\80vtm25p.default\cookies.txt -> TrackingCookie.Connextra : Cleaned.
:mozilla.156:C:\Documents and Settings\Mingwei\Application Data\Mozilla\Firefox\Profiles\80vtm25p.default\cookies.txt -> TrackingCookie.Connextra : Cleaned.
:mozilla.219:C:\Documents and Settings\Mingwei\Application Data\Mozilla\Firefox\Profiles\80vtm25p.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.481:C:\Documents and Settings\Mingwei\Application Data\Mozilla\Firefox\Profiles\80vtm25p.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.482:C:\Documents and Settings\Mingwei\Application Data\Mozilla\Firefox\Profiles\80vtm25p.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.483:C:\Documents and Settings\Mingwei\Application Data\Mozilla\Firefox\Profiles\80vtm25p.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.484:C:\Documents and Settings\Mingwei\Application Data\Mozilla\Firefox\Profiles\80vtm25p.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.261:C:\Documents and Settings\Mingwei\Application Data\Mozilla\Firefox\Profiles\80vtm25p.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.262:C:\Documents and Settings\Mingwei\Application Data\Mozilla\Firefox\Profiles\80vtm25p.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.263:C:\Documents and Settings\Mingwei\Application Data\Mozilla\Firefox\Profiles\80vtm25p.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.256:C:\Documents and Settings\Mingwei\Application Data\Mozilla\Firefox\Profiles\80vtm25p.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.257:C:\Documents and Settings\Mingwei\Application Data\Mozilla\Firefox\Profiles\80vtm25p.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.258:C:\Documents and Settings\Mingwei\Application Data\Mozilla\Firefox\Profiles\80vtm25p.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.274:C:\Documents and Settings\Mingwei\Application Data\Mozilla\Firefox\Profiles\80vtm25p.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.275:C:\Documents and Settings\Mingwei\Application Data\Mozilla\Firefox\Profiles\80vtm25p.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.276:C:\Documents and Settings\Mingwei\Application Data\Mozilla\Firefox\Profiles\80vtm25p.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.380:C:\Documents and Settings\Mingwei\Application Data\Mozilla\Firefox\Profiles\80vtm25p.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.524:C:\Documents and Settings\Mingwei\Application Data\Mozilla\Firefox\Profiles\80vtm25p.default\cookies.txt -> TrackingCookie.Hotlog : Cleaned.
:mozilla.83:C:\Documents and Settings\Mingwei\Application Data\Mozilla\Firefox\Profiles\80vtm25p.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.84:C:\Documents and Settings\Mingwei\Application Data\Mozilla\Firefox\Profiles\80vtm25p.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.449:C:\Documents and Settings\Mingwei\Application Data\Mozilla\Firefox\Profiles\80vtm25p.default\cookies.txt -> TrackingCookie.Information : Cleaned.
C:\Documents and Settings\Mingwei\Cookies\mingwei@search.live[2].txt -> TrackingCookie.Live : Cleaned.
:mozilla.221:C:\Documents and Settings\Mingwei\Application Data\Mozilla\Firefox\Profiles\80vtm25p.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\Mingwei\Cookies\mingwei@search.msn[1].txt -> TrackingCookie.Msn : Cleaned.
:mozilla.463:C:\Documents and Settings\Mingwei\Application Data\Mozilla\Firefox\Profiles\80vtm25p.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.464:C:\Documents and Settings\Mingwei\Application Data\Mozilla\Firefox\Profiles\80vtm25p.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.325:C:\Documents and Settings\Mingwei\Application Data\Mozilla\Firefox\Profiles\80vtm25p.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.425:C:\Documents and Settings\Mingwei\Application Data\Mozilla\Firefox\Profiles\80vtm25p.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.147:C:\Documents and Settings\Mingwei\Application Data\Mozilla\Firefox\Profiles\80vtm25p.default\cookies.txt -> TrackingCookie.Paypal : Cleaned.
C:\Documents and Settings\Mingwei\Cookies\mingwei@www.paypal[1].txt -> TrackingCookie.Paypal : Cleaned.
:mozilla.365:C:\Documents and Settings\Mingwei\Application Data\Mozilla\Firefox\Profiles\80vtm25p.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.366:C:\Documents and Settings\Mingwei\Application Data\Mozilla\Firefox\Profiles\80vtm25p.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.367:C:\Documents and Settings\Mingwei\Application Data\Mozilla\Firefox\Profiles\80vtm25p.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.368:C:\Documents and Settings\Mingwei\Application Data\Mozilla\Firefox\Profiles\80vtm25p.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.369:C:\Documents and Settings\Mingwei\Application Data\Mozilla\Firefox\Profiles\80vtm25p.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.226:C:\Documents and Settings\Mingwei\Application Data\Mozilla\Firefox\Profiles\80vtm25p.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.227:C:\Documents and Settings\Mingwei\Application Data\Mozilla\Firefox\Profiles\80vtm25p.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.228:C:\Documents and Settings\Mingwei\Application Data\Mozilla\Firefox\Profiles\80vtm25p.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.248:C:\Documents and Settings\Mingwei\Application Data\Mozilla\Firefox\Profiles\80vtm25p.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.249:C:\Documents and Settings\Mingwei\Application Data\Mozilla\Firefox\Profiles\80vtm25p.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.250:C:\Documents and Settings\Mingwei\Application Data\Mozilla\Firefox\Profiles\80vtm25p.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.251:C:\Documents and Settings\Mingwei\Application Data\Mozilla\Firefox\Profiles\80vtm25p.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.252:C:\Documents and Settings\Mingwei\Application Data\Mozilla\Firefox\Profiles\80vtm25p.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.253:C:\Documents and Settings\Mingwei\Application Data\Mozilla\Firefox\Profiles\80vtm25p.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.254:C:\Documents and Settings\Mingwei\Application Data\Mozilla\Firefox\Profiles\80vtm25p.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.255:C:\Documents and Settings\Mingwei\Application Data\Mozilla\Firefox\Profiles\80vtm25p.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.448:C:\Documents and Settings\Mingwei\Application Data\Mozilla\Firefox\Profiles\80vtm25p.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.180:C:\Documents and Settings\Mingwei\Application Data\Mozilla\Firefox\Profiles\80vtm25p.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.181:C:\Documents and Settings\Mingwei\Application Data\Mozilla\Firefox\Profiles\80vtm25p.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.182:C:\Documents and Settings\Mingwei\Application Data\Mozilla\Firefox\Profiles\80vtm25p.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.183:C:\Documents and Settings\Mingwei\Application Data\Mozilla\Firefox\Profiles\80vtm25p.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.184:C:\Documents and Settings\Mingwei\Application Data\Mozilla\Firefox\Profiles\80vtm25p.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.185:C:\Documents and Settings\Mingwei\Application Data\Mozilla\Firefox\Profiles\80vtm25p.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.100:C:\Documents and Settings\Mingwei\Application Data\Mozilla\Firefox\Profiles\80vtm25p.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.101:C:\Documents and Settings\Mingwei\Application Data\Mozilla\Firefox\Profiles\80vtm25p.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.96:C:\Documents and Settings\Mingwei\Application Data\Mozilla\Firefox\Profiles\80vtm25p.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.97:C:\Documents and Settings\Mingwei\Application Data\Mozilla\Firefox\Profiles\80vtm25p.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.98:C:\Documents and Settings\Mingwei\Application Data\Mozilla\Firefox\Profiles\80vtm25p.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.99:C:\Documents and Settings\Mingwei\Application Data\Mozilla\Firefox\Profiles\80vtm25p.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.389:C:\Documents and Settings\Mingwei\Application Data\Mozilla\Firefox\Profiles\80vtm25p.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.631:C:\Documents and Settings\Mingwei\Application Data\Mozilla\Firefox\Profiles\80vtm25p.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned.
:mozilla.632:C:\Documents and Settings\Mingwei\Application Data\Mozilla\Firefox\Profiles\80vtm25p.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned.
:mozilla.633:C:\Documents and Settings\Mingwei\Application Data\Mozilla\Firefox\Profiles\80vtm25p.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned.
:mozilla.294:C:\Documents and Settings\Mingwei\Application Data\Mozilla\Firefox\Profiles\80vtm25p.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.295:C:\Documents and Settings\Mingwei\Application Data\Mozilla\Firefox\Profiles\80vtm25p.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.296:C:\Documents and Settings\Mingwei\Application Data\Mozilla\Firefox\Profiles\80vtm25p.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.297:C:\Documents and Settings\Mingwei\Application Data\Mozilla\Firefox\Profiles\80vtm25p.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.298:C:\Documents and Settings\Mingwei\Application Data\Mozilla\Firefox\Profiles\80vtm25p.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.166:C:\Documents and Settings\Mingwei\Application Data\Mozilla\Firefox\Profiles\80vtm25p.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.167:C:\Documents and Settings\Mingwei\Application Data\Mozilla\Firefox\Profiles\80vtm25p.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.168:C:\Documents and Settings\Mingwei\Application Data\Mozilla\Firefox\Profiles\80vtm25p.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.169:C:\Documents and Settings\Mingwei\Application Data\Mozilla\Firefox\Profiles\80vtm25p.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.170:C:\Documents and Settings\Mingwei\Application Data\Mozilla\Firefox\Profiles\80vtm25p.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.405:C:\Documents and Settings\Mingwei\Application Data\Mozilla\Firefox\Profiles\80vtm25p.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.406:C:\Documents and Settings\Mingwei\Application Data\Mozilla\Firefox\Profiles\80vtm25p.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.407:C:\Documents and Settings\Mingwei\Application Data\Mozilla\Firefox\Profiles\80vtm25p.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.409:C:\Documents and Settings\Mingwei\Application Data\Mozilla\Firefox\Profiles\80vtm25p.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.239:C:\Documents and Settings\Mingwei\Application Data\Mozilla\Firefox\Profiles\80vtm25p.default\cookies.txt -> TrackingCookie.Toplist : Cleaned.
:mozilla.281:C:\Documents and Settings\Mingwei\Application Data\Mozilla\Firefox\Profiles\80vtm25p.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.433:C:\Documents and Settings\Mingwei\Application Data\Mozilla\Firefox\Profiles\80vtm25p.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.434:C:\Documents and Settings\Mingwei\Application Data\Mozilla\Firefox\Profiles\80vtm25p.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.435:C:\Documents and Settings\Mingwei\Application Data\Mozilla\Firefox\Profiles\80vtm25p.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.436:C:\Documents and Settings\Mingwei\Application Data\Mozilla\Firefox\Profiles\80vtm25p.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.437:C:\Documents and Settings\Mingwei\Application Data\Mozilla\Firefox\Profiles\80vtm25p.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.439:C:\Documents and Settings\Mingwei\Application Data\Mozilla\Firefox\Profiles\80vtm25p.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.605:C:\Documents and Settings\Mingwei\Application Data\Mozilla\Firefox\Profiles\80vtm25p.default\cookies.txt -> TrackingCookie.Webtrends : Cleaned.
C:\Documents and Settings\Mingwei\Cookies\mingwei@m.webtrends[1].txt -> TrackingCookie.Webtrends : Cleaned.
:mozilla.410:C:\Documents and Settings\Mingwei\Application Data\Mozilla\Firefox\Profiles\80vtm25p.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.267:C:\Documents and Settings\Mingwei\Application Data\Mozilla\Firefox\Profiles\80vtm25p.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.268:C:\Documents and Settings\Mingwei\Application Data\Mozilla\Firefox\Profiles\80vtm25p.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.269:C:\Documents and Settings\Mingwei\Application Data\Mozilla\Firefox\Profiles\80vtm25p.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.270:C:\Documents and Settings\Mingwei\Application Data\Mozilla\Firefox\Profiles\80vtm25p.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\WINDOWS\system32\j3241931.exe -> Trojan.Agent.aom : Cleaned with backup (quarantined).
[352] C:\WINDOWS\system32\j3241931.exe -> Trojan.Agent.aom : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02C0D5F4-73DB-4B54-88B9-8D20EF01B553}\RP157\A0037624.dll -> Trojan.Dialer.qn : Cleaned with backup (quarantined).

::Report end

HijackThis

Logfile of HijackThis v1.99.1
Scan saved at 8:34:46 PM, on 17/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe
C:\Program Files\samsung\Samsung Network Manager\SNMWLANService.exe
C:\Program Files\SRS Labs\WOWXT and TSXT Driver\SRS_PostInstaller.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Samsung\Samsung Battery Manager\BatteryManager.exe
C:\Program Files\SAMSUNG\MagicKBD\MagicKBD.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Samsung\DisplayManager\DisplayManager.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\igfxext.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijackthis\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.singnet.com.sg:8080
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [Starter] C:\WINDOWS\System32\Starter.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [MagicKeyboard] C:\Program Files\SAMSUNG\MagicKBD\PreMKBD.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [BatteryManager] C:\Program Files\Samsung\Samsung Battery Manager\BatteryManager.exe
O4 - HKLM\..\Run: [DisplayManager] C:\Program Files\Samsung\DisplayManager\DMLoader.exe
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Explorer] C:\WINDOWS\iexplorer.exe
O4 - HKLM\..\Run: [GPLv3] rundll32.exe "C:\WINDOWS\system32\epghbkra.dll",realset
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [µTorrent] "C:\Documents and Settings\Mingwei\My Documents\Setups\utorrent.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/...UI.cab55579.cab
O16 - DPF: {1EF9F042-C2EB-4293-8213-474CAEEF531D} (TmHcmsX Control) - http://www.trendsecure.com/framework/contr...vex/TmHcmsX.CAB
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/...dy.cab55579.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/...at.cab55579.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zon...1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotion...anner371180.cab
O16 - DPF: {8C279F4E-917E-4CD2-8DF0-D9C73C0CE763} (ZPA_WheelOfFortune Object) - http://zone.msn.com/...of.cab55579.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zon...ot.cab57213.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/...xy.cab55579.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winwil32 - winwil32.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: dns cache reader (DNSCacheReader) - Unknown owner - C:\WINDOWS\system32\j3241931.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Samsung Update Plus - Unknown owner - C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SNM WLAN Service - Unknown owner - C:\Program Files\samsung\Samsung Network Manager\SNMWLANService.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SRS PostInstaller Service (SRS_PostInstaller) - SRS Labs, Inc. - C:\Program Files\SRS Labs\WOWXT and TSXT Driver\SRS_PostInstaller.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

#6 OFFLINE rridgely

I hate computers

Moderators
8,858 posts

Gender:Male

Posted 17 June 2007 - 08:45 PM

Open hijackthis and click Open the Misc Tools section

Then click Delete a file on reboot

In the File Name field, copy and paste this:

C:\WINDOWS\system32\epghbkra.dll

Then click Open

Hijackthis will tell you that this file will be deleted when the system reboots and ask you if you want to reboot now. Click Yes

Your system should then reboot

-------------------

Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :

Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, the Advanced Options Menu should appear;
Select the first option, to run Windows in Safe Mode, then press Enter.
Choose your usual account.

Open the extracted SDFix folder and double click RunThis.bat to start the script.
Type Y to begin the cleanup process.
It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
(Report.txt will also be copied to Clipboard ready for posting back on the forum).
Finally paste the contents of the Report.txt back on the forum with a new HijackThis log

-------------

Run Kaspersky WebScanner

Please go HERE and click Kaspersky Online Scanner
Read and Accept the Agreement
You will be promted to install an ActiveX component from Kaspersky, Click Yes.
If you see a Windows dialog asking if you want to install this software, click the Install button.
The program will launch and then begin downloading the latest definition files,
When the "Update progress" line changes to "Ready" and the "NEXT ->" button becomes available, please click on it.
Click on the Scan Settings button, and in the next window select the Extended database, and click Ok.
Under "Please select a target to scan:", click My Computer to start the scan.
When the scan is finished, click the "Save as Text" button, and save the file as kavscan.txt to your Desktop, close the Kaspersky On-line Scanner window.
Paste kaspersky log onto forum.

Post the kaspersky log, sdfix log, and a new hijackthis log.

#7 OFFLINE Nwanda

Newbie

Members
9 posts

Posted 18 June 2007 - 05:09 AM

On startup I have a RUNDLL error message that says C:\WINDOWS\system32\epghbkra.dll can't be found.

Here are the reports:

SDFix

Rebooting...

Normal Mode:
Checking Files:

Below files will be copied to Backups folder then removed:

C:\WINDOWS\Temp\win9B3.tmp.exe - Deleted
C:\WINDOWS\Temp\win9B3.tmp.exe - Deleted
C:\DOCUME~1\Mingwei\LOCALS~1\Temp\xfdskef.tmp - Deleted
C:\WINDOWS\Temp\win*.tmp - Deleted
C:\DOCUME~1\Mingwei\LOCALS~1\Temp\win*.tmp - Deleted

Removing Temp Files...

ADS Check:

Checking C:\WINDOWS\
C:\WINDOWS
No streams found.

Checking C:\WINDOWS\system32
C:\WINDOWS\system32
No streams found.

Checking C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
No streams found.

Checking C:\WINDOWS\system32\ntoskrnl.exe
C:\WINDOWS\system32\ntoskrnl.exe
No streams found.

Final Check:

Remaining Services:
------------------

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"="C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE:*:Enabled:Internet Explorer"
"C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe:*:Enabled:hposid01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Documents and Settings\\Mingwei\\My Documents\\Setups\\utorrent.exe"="C:\\Documents and Settings\\Mingwei\\My Documents\\Setups\\utorrent.exe:*:Enabled:æTorrent"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\DOCUME~1\\Mingwei\\LOCALS~1\\Temp\\win14.tmp.exe"="C:\\DOCUME~1\\Mingwei\\LOCALS~1\\Temp\\win14.tmp.exe:*:Enabled:win14.tmp"
"C:\\WINDOWS\\TEMP\\win64.tmp.exe"="C:\\WINDOWS\\TEMP\\win64.tmp.exe:*:Enabled:win64.tmp"
"C:\\WINDOWS\\TEMP\\win95.tmp.exe"="C:\\WINDOWS\\TEMP\\win95.tmp.exe:*:Enabled:win95.tmp"
"C:\\WINDOWS\\TEMP\\win167.tmp.exe"="C:\\WINDOWS\\TEMP\\win167.tmp.exe:*:Enabled:win167.tmp"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

Remaining Files:
---------------

Listing Files with Hidden Attributes:

C:\Documents and Settings\Mingwei\Local Settings\Application Data\Microsoft\Messenger\mgiggs11@hotmail.com\Sharing Folders\pepsi_13@hotmail.com\New Folder (2)\Thumbs.db
C:\Documents and Settings\Mingwei\Local Settings\Application Data\Microsoft\Messenger\mgiggs11@hotmail.com\Sharing Folders\sharonxiao_111@hotmail.com\Thumbs.db
C:\Program Files\Common Files\Motorola Shared\MotPCSDrivers\difxapi.dll
C:\Program Files\eRightSoft\SUPER\cygwin1.dll
C:\Program Files\eRightSoft\SUPER\cygz.dll
C:\Program Files\eRightSoft\SUPER\mencoder\14_43260.dll
C:\Program Files\eRightSoft\SUPER\mencoder\28_83260.dll
C:\Program Files\eRightSoft\SUPER\mencoder\atrc3260.dll
C:\Program Files\eRightSoft\SUPER\mencoder\cook3260.dll
C:\Program Files\eRightSoft\SUPER\mencoder\ddnt3260.dll
C:\Program Files\eRightSoft\SUPER\mencoder\dnet3260.dll
C:\Program Files\eRightSoft\SUPER\mencoder\drv13260.dll
C:\Program Files\eRightSoft\SUPER\mencoder\drv23260.dll
C:\Program Files\eRightSoft\SUPER\mencoder\drv33260.dll
C:\Program Files\eRightSoft\SUPER\mencoder\drv43260.dll
C:\Program Files\eRightSoft\SUPER\mencoder\dspr3260.dll
C:\Program Files\eRightSoft\SUPER\mencoder\ivvideo.dll
C:\Program Files\eRightSoft\SUPER\mencoder\qtmlClient.dll
C:\Program Files\eRightSoft\SUPER\mencoder\raac.dll
C:\Program Files\eRightSoft\SUPER\mencoder\rnco3260.dll
C:\Program Files\eRightSoft\SUPER\mencoder\rnlt3260.dll
C:\Program Files\eRightSoft\SUPER\mencoder\rv103260.dll
C:\Program Files\eRightSoft\SUPER\mencoder\rv203260.dll
C:\Program Files\eRightSoft\SUPER\mencoder\rv303260.dll
C:\Program Files\eRightSoft\SUPER\mencoder\rv403260.dll
C:\Program Files\eRightSoft\SUPER\mencoder\sipr3260.dll
C:\Program Files\eRightSoft\SUPER\mencoder\tokr3260.dll
C:\WINDOWS\system32\flvDX.dll
C:\WINDOWS\system32\msfDX.dll
C:\Program Files\eRightSoft\SUPER\Setup.exe
C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp
C:\Documents and Settings\Mingwei\My Documents\My Received Files\~WRL2753.tmp
C:\Documents and Settings\Mingwei\My Documents\School\~WRL0002.tmp
C:\Documents and Settings\Mingwei\My Documents\School\~WRL0004.tmp
C:\Documents and Settings\Mingwei\My Documents\School\~WRL0015.tmp
C:\Documents and Settings\Mingwei\My Documents\School\~WRL0211.tmp
C:\Documents and Settings\Mingwei\My Documents\School\~WRL0248.tmp
C:\Documents and Settings\Mingwei\My Documents\School\~WRL0382.tmp
C:\Documents and Settings\Mingwei\My Documents\School\~WRL0555.tmp
C:\Documents and Settings\Mingwei\My Documents\School\~WRL0600.tmp
C:\Documents and Settings\Mingwei\My Documents\School\~WRL0603.tmp
C:\Documents and Settings\Mingwei\My Documents\School\~WRL0772.tmp
C:\Documents and Settings\Mingwei\My Documents\School\~WRL0860.tmp
C:\Documents and Settings\Mingwei\My Documents\School\~WRL0963.tmp
C:\Documents and Settings\Mingwei\My Documents\School\~WRL0977.tmp
C:\Documents and Settings\Mingwei\My Documents\School\~WRL1162.tmp
C:\Documents and Settings\Mingwei\My Documents\School\~WRL1302.tmp
C:\Documents and Settings\Mingwei\My Documents\School\~WRL1370.tmp
C:\Documents and Settings\Mingwei\My Documents\School\~WRL1503.tmp
C:\Documents and Settings\Mingwei\My Documents\School\~WRL1512.tmp
C:\Documents and Settings\Mingwei\My Documents\School\~WRL1637.tmp
C:\Documents and Settings\Mingwei\My Documents\School\~WRL1714.tmp
C:\Documents and Settings\Mingwei\My Documents\School\~WRL1758.tmp
C:\Documents and Settings\Mingwei\My Documents\School\~WRL1859.tmp
C:\Documents and Settings\Mingwei\My Documents\School\~WRL2010.tmp
C:\Documents and Settings\Mingwei\My Documents\School\~WRL2012.tmp
C:\Documents and Settings\Mingwei\My Documents\School\~WRL2040.tmp
C:\Documents and Settings\Mingwei\My Documents\School\~WRL2515.tmp
C:\Documents and Settings\Mingwei\My Documents\School\~WRL2592.tmp
C:\Documents and Settings\Mingwei\My Documents\School\~WRL2658.tmp
C:\Documents and Settings\Mingwei\My Documents\School\~WRL2741.tmp
C:\Documents and Settings\Mingwei\My Documents\School\~WRL2961.tmp
C:\Documents and Settings\Mingwei\My Documents\School\~WRL3066.tmp
C:\Documents and Settings\Mingwei\My Documents\School\~WRL3188.tmp
C:\Documents and Settings\Mingwei\My Documents\School\~WRL3411.tmp
C:\Documents and Settings\Mingwei\My Documents\School\~WRL3855.tmp
C:\Documents and Settings\Mingwei\My Documents\School\~WRL3918.tmp
C:\Documents and Settings\Mingwei\My Documents\School\Mass Media Research\~WRL0002.tmp
C:\Documents and Settings\Mingwei\My Documents\School\Mass Media Research\~WRL0073.tmp
C:\Documents and Settings\Mingwei\My Documents\School\Mass Media Research\~WRL0080.tmp
C:\Documents and Settings\Mingwei\My Documents\School\Mass Media Research\~WRL0090.tmp
C:\Documents and Settings\Mingwei\My Documents\School\Mass Media Research\~WRL0099.tmp
C:\Documents and Settings\Mingwei\My Documents\School\Mass Media Research\~WRL0105.tmp
C:\Documents and Settings\Mingwei\My Documents\School\Mass Media Research\~WRL0111.tmp
C:\Documents and Settings\Mingwei\My Documents\School\Mass Media Research\~WRL0175.tmp
C:\Documents and Settings\Mingwei\My Documents\School\Mass Media Research\~WRL0185.tmp
C:\Documents and Settings\Mingwei\My Documents\School\Mass Media Research\~WRL0223.tmp
C:\Documents and Settings\Mingwei\My Documents\School\Mass Media Research\~WRL0248.tmp
C:\Documents and Settings\Mingwei\My Documents\School\Mass Media Research\~WRL0282.tmp
C:\Documents and Settings\Mingwei\My Documents\School\Mass Media Research\~WRL0372.tmp
C:\Documents and Settings\Mingwei\My Documents\School\Mass Media Research\~WRL0421.tmp
C:\Documents and Settings\Mingwei\My Documents\School\Mass Media Research\~WRL0441.tmp
C:\Documents and Settings\Mingwei\My Documents\School\Mass Media Research\~WRL0478.tmp
C:\Documents and Settings\Mingwei\My Documents\School\Mass Media Research\~WRL0546.tmp
C:\Documents and Settings\Mingwei\My Documents\School\Mass Media Research\~WRL0618.tmp
C:\Documents and Settings\Mingwei\My Documents\School\Mass Media Research\~WRL0638.tmp
C:\Documents and Settings\Mingwei\My Documents\School\Mass Media Research\~WRL0675.tmp
C:\Documents and Settings\Mingwei\My Documents\School\Mass Media Research\~WRL0686.tmp
C:\Documents and Settings\Mingwei\My Documents\School\Mass Media Research\~WRL0769.tmp
C:\Documents and Settings\Mingwei\My Documents\School\Mass Media Research\~WRL0838.tmp
C:\Documents and Settings\Mingwei\My Documents\School\Mass Media Research\~WRL0847.tmp
C:\Documents and Settings\Mingwei\My Documents\School\Mass Media Research\~WRL0848.tmp
C:\Documents and Settings\Mingwei\My Documents\School\Mass Media Research\~WRL0864.tmp
C:\Documents and Settings\Mingwei\My Documents\School\Mass Media Research\~WRL0865.tmp
C:\Documents and Settings\Mingwei\My Documents\School\Mass Media Research\~WRL0925.tmp
C:\Documents and Settings\Mingwei\My Documents\School\Mass Media Research\~WRL0928.tmp
C:\Documents and Settings\Mingwei\My Documents\School\Mass Media Research\~WRL0948.tmp
C:\Documents and Settings\Mingwei\My Documents\School\Mass Media Research\~WRL1041.tmp
C:\Documents and Settings\Mingwei\My Documents\School\Mass Media Research\~WRL1082.tmp
C:\Documents and Settings\Mingwei\My Documents\School\Mass Media Research\~WRL1171.tmp
C:\Documents and Settings\Mingwei\My Documents\School\Mass Media Research\~WRL1238.tmp
C:\Documents and Settings\Mingwei\My Documents\School\Mass Media Research\~WRL1249.tmp
C:\Documents and Settings\Mingwei\My Documents\School\Mass Media Research\~WRL1298.tmp
C:\Documents and Settings\Mingwei\My Documents\School\Mass Media Research\~WRL1411.tmp
C:\Documents and Settings\Mingwei\My Documents\School\Mass Media Research\~WRL1461.tmp
C:\Documents and Settings\Mingwei\My Documents\School\Mass Media Research\~WRL1595.tmp
C:\Documents and Settings\Mingwei\My Documents\School\Mass Media Research\~WRL1609.tmp
C:\Documents and Settings\Mingwei\My Documents\School\Mass Media Research\~WRL1623.tmp
C:\Documents and Settings\Mingwei\My Documents\School\Mass Media Research\~WRL1635.tmp
C:\Documents and Settings\Mingwei\My Documents\School\Mass Media Research\~WRL1664.tmp
C:\Documents and Settings\Mingwei\My Documents\School\Mass Media Research\~WRL1672.tmp
C:\Documents and Settings\Mingwei\My Documents\School\Mass Media Research\~WRL1676.tmp
C:\Documents and Settings\Mingwei\My Documents\School\Mass Media Research\~WRL1695.tmp
C:\Documents and Settings\Mingwei\My Documents\School\Mass Media Research\~WRL1725.tmp
C:\Documents and Settings\Mingwei\My Documents\School\Mass Media Research\~WRL1730.tmp
C:\Documents and Settings\Mingwei\My Documents\School\Mass Media Research\~WRL1739.tmp
C:\Documents and Settings\Mingwei\My Documents\School\Mass Media Research\~WRL1791.tmp
C:\Documents and Settings\Mingwei\My Documents\School\Mass Media Research\~WRL1919.tmp
C:\Documents and Settings\Mingwei\My Documents\School\Mass Media Research\~WRL1971.tmp
C:\Documents and Settings\Mingwei\My Documents\School\Mass Media Research\~WRL1987.tmp
C:\Documents and Settings\Mingwei\My Documents\School\Mass Media Research\~WRL2019.tmp
C:\Documents and Settings\Mingwei\My Documents\School\Mass Media Research\~WRL2040.tmp
C:\Documents and Settings\Mingwei\My Documents\School\Mass Media Research\~WRL2063.tmp
C:\Documents and Settings\Mingwei\My Documents\School\Mass Media Research\~WRL2080.tmp
C:\Documents and Settings\Mingwei\My Documents\School\Mass Media Research\~WRL2107.tmp
C:\Documents and Settings\Mingwei\My Documents\School\Mass Media Research\~WRL2150.tmp
C:\Documents and Settings\Mingwei\My Documents\School\Mass Media Research\~WRL2167.tmp
C:\Documents and Settings\Mingwei\My Documents\School\Mass Media Research\~WRL2179.tmp
C:\Documents and Settings\Mingwei\My Documents\School\Mass Media Research\~WRL2205.tmp
C:\Documents and Settings\Mingwei\My Documents\School\Mass Media Research\~WRL2265.tmp
C:\Documents and Settings\Mingwei\My Documents\School\Mass Media Research\~WRL2271.tmp
C:\Documents and Settings\Mingwei\My Documents\School\Mass Media Research\~WRL2277.tmp
C:\Documents and Settings\Mingwei\My Documents\School\Mass Media Research\~WRL2375.tmp
C:\Documents and Settings\Mingwei\My Documents\School\Mass Media Research\~WRL2387.tmp
C:\Documents and Settings\Mingwei\My Documents\School\Mass Media Research\~WRL2389.tmp
C:\Documents and Settings\Mingwei\My Documents\School\Mass Media Research\~WRL2420.tmp
C:\Documents and Settings\Mingwei\My Documents\School\Mass Media Research\~WRL2428.tmp
C:\Documents and Settings\Mingwei\My Documents\School\Mass Media Research\~WRL2445.tmp
C:\Documents and Settings\Mingwei\My Documents\School\Mass Media Research\~WRL2528.tmp
C:\Documents and Settings\Mingwei\My Documents\School\Mass Media Research\~WRL2616.tmp
C:\Documents and Settings\Mingwei\My Documents\School\Mass Media Research\~WRL2626.tmp
C:\Documents and Settings\Mingwei\My Documents\School\Mass Media Research\~WRL2744.tmp
C:\Documents and Settings\Mingwei\My Documents\School\Mass Media Research\~WRL2776.tmp
C:\Documents and Settings\Mingwei\My Documents\School\Mass Media Research\~WRL2781.tmp
C:\Documents and Settings\Mingwei\My Documents\School\Mass Media Research\~WRL2826.tmp
C:\Documents and Settings\Mingwei\My Documents\School\Mass Media Research\~WRL2866.tmp
C:\Documents and Settings\Mingwei\My Documents\School\Mass Media Research\~WRL2958.tmp
C:\Documents and Settings\Mingwei\My Documents\School\Mass Media Research\~WRL2981.tmp
C:\Documents and Settings\Mingwei\My Documents\School\Mass Media Research\~WRL3022.tmp
C:\Documents and Settings\Mingwei\My Documents\School\Mass Media Research\~WRL3036.tmp
C:\Documents and Settings\Mingwei\My Documents\School\Mass Media Research\~WRL3047.tmp
C:\Documents and Settings\Mingwei\My Documents\School\Mass Media Research\~WRL3095.tmp
C:\Documents and Settings\Mingwei\My Documents\School\Mass Media Research\~WRL3142.tmp
C:\Documents and Settings\Mingwei\My Documents\School\Mass Media Research\~WRL3247.tmp
C:\Documents and Settings\Mingwei\My Documents\School\Mass Media Research\~WRL3304.tmp
C:\Documents and Settings\Mingwei\My Documents\School\Mass Media Research\~WRL3307.tmp
C:\Documents and Settings\Mingwei\My Documents\School\Mass Media Research\~WRL3353.tmp
C:\Documents and Settings\Mingwei\My Documents\School\Mass Media Research\~WRL3436.tmp
C:\Documents and Settings\Mingwei\My Documents\School\Mass Media Research\~WRL3461.tmp
C:\Documents and Settings\Mingwei\My Documents\School\Mass Media Research\~WRL3464.tmp
C:\Documents and Settings\Mingwei\My Documents\School\Mass Media Research\~WRL3515.tmp
C:\Documents and Settings\Mingwei\My Documents\School\Mass Media Research\~WRL3654.tmp
C:\Documents and Settings\Mingwei\My Documents\School\Mass Media Research\~WRL3657.tmp
C:\Documents and Settings\Mingwei\My Documents\School\Mass Media Research\~WRL3677.tmp
C:\Documents and Settings\Mingwei\My Documents\School\Mass Media Research\~WRL3724.tmp
C:\Documents and Settings\Mingwei\My Documents\School\Mass Media Research\~WRL3730.tmp
C:\Documents and Settings\Mingwei\My Documents\School\Mass Media Research\~WRL3749.tmp
C:\Documents and Settings\Mingwei\My Documents\School\Mass Media Research\~WRL3759.tmp
C:\Documents and Settings\Mingwei\My Documents\School\Mass Media Research\~WRL3807.tmp
C:\Documents and Settings\Mingwei\My Documents\School\Mass Media Research\~WRL3836.tmp
C:\Documents and Settings\Mingwei\My Documents\School\Mass Media Research\~WRL3837.tmp
C:\Documents and Settings\Mingwei\My Documents\School\Mass Media Research\~WRL3882.tmp
C:\Documents and Settings\Mingwei\My Documents\School\Mass Media Research\~WRL3890.tmp
C:\Documents and Settings\Mingwei\My Documents\School\Mass Media Research\~WRL3958.tmp
C:\Documents and Settings\Mingwei\My Documents\School\Mass Media Research\~WRL3998.tmp
C:\Documents and Settings\Mingwei\My Documents\School\Mass Media Research\~WRL4049.tmp
C:\Documents and Settings\Mingwei\My Documents\School\Mass Media Research\~WRL4084.tmp
C:\Documents and Settings\Mingwei\My Documents\School\Mass Media Research\~WRL4095.tmp
C:\Documents and Settings\Mingwei\My Documents\School\Mass Media Research\Assignment\~WRL0002.tmp
C:\Documents and Settings\Mingwei\My Documents\School\Mass Media Research\Assignment\~WRL0004.tmp
C:\Documents and Settings\Mingwei\My Documents\School\Mass Media Research\Assignment\~WRL0252.tmp
C:\Documents and Settings\Mingwei\My Documents\School\Print Media\~WRL0001.tmp
C:\Documents and Settings\Mingwei\My Documents\School\Print Media\~WRL0068.tmp
C:\Documents and Settings\Mingwei\My Documents\School\Print Media\~WRL0069.tmp
C:\Documents and Settings\Mingwei\My Documents\School\Print Media\~WRL0193.tmp
C:\Documents and Settings\Mingwei\My Documents\School\Print Media\~WRL0223.tmp
C:\Documents and Settings\Mingwei\My Documents\School\Print Media\~WRL0251.tmp
C:\Documents and Settings\Mingwei\My Documents\School\Print Media\~WRL0264.tmp
C:\Documents and Settings\Mingwei\My Documents\School\Print Media\~WRL0515.tmp
C:\Documents and Settings\Mingwei\My Documents\School\Print Media\~WRL0529.tmp
C:\Documents and Settings\Mingwei\My Documents\School\Print Media\~WRL0636.tmp
C:\Documents and Settings\Mingwei\My Documents\School\Print Media\~WRL1433.tmp
C:\Documents and Settings\Mingwei\My Documents\School\Print Media\~WRL1468.tmp
C:\Documents and Settings\Mingwei\My Documents\School\Print Media\~WRL1534.tmp
C:\Documents and Settings\Mingwei\My Documents\School\Print Media\~WRL1552.tmp
C:\Documents and Settings\Mingwei\My Documents\School\Print Media\~WRL1688.tmp
C:\Documents and Settings\Mingwei\My Documents\School\Print Media\~WRL1730.tmp
C:\Documents and Settings\Mingwei\My Documents\School\Print Media\~WRL1807.tmp
C:\Documents and Settings\Mingwei\My Documents\School\Print Media\~WRL1830.tmp
C:\Documents and Settings\Mingwei\My Documents\School\Print Media\~WRL1960.tmp
C:\Documents and Settings\Mingwei\My Documents\School\Print Media\~WRL2085.tmp
C:\Documents and Settings\Mingwei\My Documents\School\Print Media\~WRL2113.tmp
C:\Documents and Settings\Mingwei\My Documents\School\Print Media\~WRL2160.tmp
C:\Documents and Settings\Mingwei\My Documents\School\Print Media\~WRL2224.tmp
C:\Documents and Settings\Mingwei\My Documents\School\Print Media\~WRL2259.tmp
C:\Documents and Settings\Mingwei\My Documents\School\Print Media\~WRL2298.tmp
C:\Documents and Settings\Mingwei\My Documents\School\Print Media\~WRL2321.tmp
C:\Documents and Settings\Mingwei\My Documents\School\Print Media\~WRL2486.tmp
C:\Documents and Settings\Mingwei\My Documents\School\Print Media\~WRL2499.tmp
C:\Documents and Settings\Mingwei\My Documents\School\Print Media\~WRL2514.tmp
C:\Documents and Settings\Mingwei\My Documents\School\Print Media\~WRL2640.tmp
C:\Documents and Settings\Mingwei\My Documents\School\Print Media\~WRL2819.tmp
C:\Documents and Settings\Mingwei\My Documents\School\Print Media\~WRL2872.tmp
C:\Documents and Settings\Mingwei\My Documents\School\Print Media\~WRL3032.tmp
C:\Documents and Settings\Mingwei\My Documents\School\Print Media\~WRL3492.tmp
C:\Documents and Settings\Mingwei\My Documents\School\Print Media\~WRL3501.tmp
C:\Documents and Settings\Mingwei\My Documents\School\Print Media\~WRL3533.tmp
C:\Documents and Settings\Mingwei\My Documents\School\Print Media\~WRL3562.tmp
C:\Documents and Settings\Mingwei\My Documents\School\Print Media\~WRL3700.tmp
C:\Documents and Settings\Mingwei\My Documents\School\Print Media\~WRL3907.tmp
C:\Documents and Settings\Mingwei\My Documents\School\Print Media\~WRL4017.tmp
C:\Documents and Settings\Mingwei\My Documents\School\Print Media\~WRL4044.tmp

Listing User Accounts:

User accounts for \\SAMSUNG

Administrator Guest HelpAssistant
Mingwei SUPPORT_388945a0

Finished

HijackThis

Logfile of HijackThis v1.99.1
Scan saved at 10:23:25 AM, on 18/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe
C:\Program Files\samsung\Samsung Network Manager\SNMWLANService.exe
C:\Program Files\SRS Labs\WOWXT and TSXT Driver\SRS_PostInstaller.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\SAMSUNG\MagicKBD\MagicKBD.exe
C:\Program Files\Samsung\Samsung Battery Manager\BatteryManager.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Samsung\DisplayManager\DisplayManager.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\igfxext.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.singnet.com.sg:8080
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [MagicKeyboard] C:\Program Files\SAMSUNG\MagicKBD\PreMKBD.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [BatteryManager] C:\Program Files\Samsung\Samsung Battery Manager\BatteryManager.exe
O4 - HKLM\..\Run: [DisplayManager] C:\Program Files\Samsung\DisplayManager\DMLoader.exe
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [GPLv3] rundll32.exe "C:\WINDOWS\system32\epghbkra.dll",realset
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [µTorrent] "C:\Documents and Settings\Mingwei\My Documents\Setups\utorrent.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/...UI.cab55579.cab
O16 - DPF: {1EF9F042-C2EB-4293-8213-474CAEEF531D} (TmHcmsX Control) - http://www.trendsecure.com/framework/contr...vex/TmHcmsX.CAB
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/...dy.cab55579.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/...at.cab55579.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zon...1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotion...anner371180.cab
O16 - DPF: {8C279F4E-917E-4CD2-8DF0-D9C73C0CE763} (ZPA_WheelOfFortune Object) - http://zone.msn.com/...of.cab55579.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zon...ot.cab57213.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/...xy.cab55579.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winwil32 - winwil32.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: dns cache reader (DNSCacheReader) - Unknown owner - C:\WINDOWS\system32\j3241931.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Samsung Update Plus - Unknown owner - C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SNM WLAN Service - Unknown owner - C:\Program Files\samsung\Samsung Network Manager\SNMWLANService.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SRS PostInstaller Service (SRS_PostInstaller) - SRS Labs, Inc. - C:\Program Files\SRS Labs\WOWXT and TSXT Driver\SRS_PostInstaller.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Kaspersky

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Monday, June 18, 2007 12:54:33 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 18/06/2007
Kaspersky Anti-Virus database records: 347856
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\

Scan Statistics:
Total number of scanned objects: 85619
Number of viruses found: 9
Number of infected objects: 17 / 0
Number of suspicious objects: 2
Duration of the scan process: 01:24:56

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinAgentqt1.zip/retadpu2000352.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinAgentqt1.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2007-06-18_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Mingwei\Application Data\Mozilla\Firefox\Profiles\80vtm25p.default\cert8.db Object is locked skipped
C:\Documents and Settings\Mingwei\Application Data\Mozilla\Firefox\Profiles\80vtm25p.default\history.dat Object is locked skipped
C:\Documents and Settings\Mingwei\Application Data\Mozilla\Firefox\Profiles\80vtm25p.default\key3.db Object is locked skipped
C:\Documents and Settings\Mingwei\Application Data\Mozilla\Firefox\Profiles\80vtm25p.default\parent.lock Object is locked skipped
C:\Documents and Settings\Mingwei\Application Data\Mozilla\Firefox\Profiles\80vtm25p.default\search.sqlite Object is locked skipped
C:\Documents and Settings\Mingwei\Application Data\Mozilla\Firefox\Profiles\80vtm25p.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\Mingwei\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Mingwei\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\Mingwei\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Mingwei\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Mingwei\Local Settings\Application Data\Mozilla\Firefox\Profiles\80vtm25p.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Mingwei\Local Settings\Application Data\Mozilla\Firefox\Profiles\80vtm25p.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Mingwei\Local Settings\Application Data\Mozilla\Firefox\Profiles\80vtm25p.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Mingwei\Local Settings\Application Data\Mozilla\Firefox\Profiles\80vtm25p.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Mingwei\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Mingwei\Local Settings\History\History.IE5\MSHist012007061820070619\index.dat Object is locked skipped
C:\Documents and Settings\Mingwei\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Mingwei\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Mingwei\My Documents\Setups\Nero_7.8.5.0_Premium_keygen.exe/data.rar/keygen.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped
C:\Documents and Settings\Mingwei\My Documents\Setups\Nero_7.8.5.0_Premium_keygen.exe/data.rar/patch.exe Infected: Trojan-Downloader.Win32.Agent.brf skipped
C:\Documents and Settings\Mingwei\My Documents\Setups\Nero_7.8.5.0_Premium_keygen.exe/data.rar/crack.exe Infected: Trojan-Downloader.Win32.Nurech.ak skipped
C:\Documents and Settings\Mingwei\My Documents\Setups\Nero_7.8.5.0_Premium_keygen.exe/data.rar/install.exe Infected: Trojan-Downloader.Win32.Agent.brf skipped
C:\Documents and Settings\Mingwei\My Documents\Setups\Nero_7.8.5.0_Premium_keygen.exe/data.rar Infected: Trojan-Downloader.Win32.Agent.brf skipped
C:\Documents and Settings\Mingwei\My Documents\Setups\Nero_7.8.5.0_Premium_keygen.exe RarSFX: infected - 5 skipped
C:\Documents and Settings\Mingwei\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Mingwei\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDALRT.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDCON.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDDBG.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDFW.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDIDS.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDSYS.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPPolicy.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPStart.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPStop.log Object is locked skipped
C:\Program Files\Norton AntiVirus\AVApp.log Object is locked skipped
C:\Program Files\Norton AntiVirus\AVError.log Object is locked skipped
C:\Program Files\Norton AntiVirus\AVVirus.log Object is locked skipped
C:\Program Files\Norton AntiVirus\Quarantine\3A055E5F.tmp Infected: Trojan-Spy.Win32.VB.qq skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{02C0D5F4-73DB-4B54-88B9-8D20EF01B553}\RP148\A0032277.exe/stream/data0004 Infected: not-a-virus:AdWare.Win32.Softomate.u skipped
C:\System Volume Information\_restore{02C0D5F4-73DB-4B54-88B9-8D20EF01B553}\RP148\A0032277.exe/stream Infected: not-a-virus:AdWare.Win32.Softomate.u skipped
C:\System Volume Information\_restore{02C0D5F4-73DB-4B54-88B9-8D20EF01B553}\RP148\A0032277.exe NSIS: infected - 2 skipped
C:\System Volume Information\_restore{02C0D5F4-73DB-4B54-88B9-8D20EF01B553}\RP151\A0034560.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{02C0D5F4-73DB-4B54-88B9-8D20EF01B553}\RP153\A0034931.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{02C0D5F4-73DB-4B54-88B9-8D20EF01B553}\RP154\A0035201.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{02C0D5F4-73DB-4B54-88B9-8D20EF01B553}\RP154\A0035275.dll Infected: Trojan.Win32.BHO.bd skipped
C:\System Volume Information\_restore{02C0D5F4-73DB-4B54-88B9-8D20EF01B553}\RP157\A0037655.exe Infected: Trojan.Win32.Agent.aom skipped
C:\System Volume Information\_restore{02C0D5F4-73DB-4B54-88B9-8D20EF01B553}\RP157\A0037737.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{02C0D5F4-73DB-4B54-88B9-8D20EF01B553}\RP157\change.log Object is locked skipped
C:\VundoFix Backups\qdwfdaal.dll.bad Infected: Trojan.Win32.BHO.bd skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Internet Logs\fwdbglog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\fwpktlog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\IAMDB.RDB Object is locked skipped
C:\WINDOWS\Internet Logs\SAMSUNG.ldb Object is locked skipped
C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{02B42987-13A2-4A1B-9DC7-6D9E0EBE4649}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\ZLT0426c.TMP Object is locked skipped
C:\WINDOWS\Temp\ZLT0426f.TMP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

#8 OFFLINE rridgely

I hate computers

Moderators
8,858 posts

Gender:Male

Posted 19 June 2007 - 05:51 AM

I'm just going to tell you outright to stay away from software cracks/hacks.
If you need some software your much better off either paying for the software or looking for freeware alternatives.(look around the software part of the forum for lots of freeware info). Using cracked software is how this computer got infected.

Sorry for the lecture but its good advice.

Now back to work.

-----------------------------

Find and delete the following files:

C:\Documents and Settings\Mingwei\My Documents\Setups\Nero_7.8.5.0_Premium_keygen.exe
C:\VundoFix Backups

The clear your quarantine in norton.

Spybot has some sort of copy protected .exe file in its recovery/quarantine. If you don't know what it is your going to need to delete that too.

--------

Open hijackthis and run a system scan. Then check off the following entries:

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [GPLv3] rundll32.exe "C:\WINDOWS\system32\epghbkra.dll",realset
O20 - Winlogon Notify: winwil32 - winwil32.dll (file missing)
O23 - Service: dns cache reader (DNSCacheReader) - Unknown owner - C:\WINDOWS\system32\j3241931.exe (file missing)

--------

Lastly clear your restore points as they are infected:

To Flush the infected restore points:

Click Start Menu > All Programs > Accessories > System Tools > SystemRestore

Choose Create a Restore Point then click Next. Name it and click Create, when the confirmation screen shows the restore point has been created click Close.

Next goto Start Menu > Run > type

cleanmgr

Click OK, Disk Cleanup will open and start calculating the amount of space that can be freed, Once thats finished it will open the Disk Cleanup options screen, click the More Options tab then click Clean up on the system restore area and choose Yes at the confirmation window which will remove all the restore points except the one we just created.

Reboot your computer and let me know if all your error messages are gone and if your computer is running like it should.

#9 OFFLINE Nwanda

Newbie

Members
9 posts

Posted 19 June 2007 - 07:00 AM

Thanks for the advice. I realize my mistake!

O23 - Service: dns cache reader (DNSCacheReader) - Unknown owner - C:\WINDOWS\system32\j3241931.exe (file missing)

This line is still there even after I checked it off. What should I do?

Any other tips on how to improve my startup speed? It's still not as fast as I want it to be.

Now I've AVG, Norton and ZoneAlarm running at the same time at startup. Which programs do I keep?

#10 OFFLINE rridgely

I hate computers

Moderators
8,858 posts

Gender:Male

Posted 20 June 2007 - 12:27 AM

Go to start>run> enter in the below and press enter:

sc delete DNSCacheReader

Then reboot and see if that entry is gone from hijackthis.(post a log)

----------------

Just uninstall Zone Alarm and use the windows firewall. ZA and most software firewalls aren't going to protect your computer any better then just the built in one. Plus software firewalls are all buggy and bloated. Trust me you wont regret dropping it.

Do you like norton? Its a pretty heavy application in my opinion.(plus it misses lots of viruses.. obviously.

)
Keep it if you want but you would have a faster, better protected, and more stable computer if you got either AVG free AV, Avast free, or Antivir.(you can find links in my signature under "recommended security applications" )

AVG Antispyware you can disable from start up by going to the icon in the system try and clicking it and choosing for it not to run at start up. Then go to start>run> type services.msc find the AVG entry and right click>properties. Set its start up type to manual. Then reboot your computer.

You should have a much safer more stable computer after all that.

Look in my signature links for more security related help/info.

#11 OFFLINE Nwanda

Newbie

Members
9 posts

Posted 20 June 2007 - 04:10 AM

Comp seems alright now. I've disabled ZA, Norton and AVG anti-spyware and have enabled Windows Firewall and AVG AV Free.

Hope this better protects my comp.

Thanks for the help! Appreciate it a lot.

HijackThis Log

Logfile of HijackThis v1.99.1
Scan saved at 12:04:55 PM, on 20/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\samsung\Samsung Network Manager\SNMWLANService.exe
C:\Program Files\SRS Labs\WOWXT and TSXT Driver\SRS_PostInstaller.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Samsung\Samsung Battery Manager\BatteryManager.exe
C:\Program Files\SAMSUNG\MagicKBD\MagicKBD.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\Samsung\DisplayManager\DisplayManager.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\igfxext.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\Program Files\Hijackthis\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.singnet.com.sg:8080
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [MagicKeyboard] C:\Program Files\SAMSUNG\MagicKBD\PreMKBD.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [BatteryManager] C:\Program Files\Samsung\Samsung Battery Manager\BatteryManager.exe
O4 - HKLM\..\Run: [DisplayManager] C:\Program Files\Samsung\DisplayManager\DMLoader.exe
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [µTorrent] "C:\Documents and Settings\Mingwei\My Documents\Setups\utorrent.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/...UI.cab55579.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {1EF9F042-C2EB-4293-8213-474CAEEF531D} (TmHcmsX Control) - http://www.trendsecure.com/framework/contr...vex/TmHcmsX.CAB
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/...dy.cab55579.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/...at.cab55579.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zon...1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotion...anner371180.cab
O16 - DPF: {8C279F4E-917E-4CD2-8DF0-D9C73C0CE763} (ZPA_WheelOfFortune Object) - http://zone.msn.com/...of.cab55579.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zon...ot.cab57213.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/...xy.cab55579.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Samsung Update Plus - Unknown owner - C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SNM WLAN Service - Unknown owner - C:\Program Files\samsung\Samsung Network Manager\SNMWLANService.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SRS PostInstaller Service (SRS_PostInstaller) - SRS Labs, Inc. - C:\Program Files\SRS Labs\WOWXT and TSXT Driver\SRS_PostInstaller.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

#12 OFFLINE rridgely

I hate computers

Moderators
8,858 posts

Gender:Male

Posted 20 June 2007 - 04:54 AM

If your going to use AVG then you need to go ahead and uninstall norton.
Having them both installed could cause major problems down the road. I would go ahead and uninstall zone alarm too.

Anyway good luck

#13 OFFLINE Nwanda

Newbie

Members
9 posts

Posted 20 June 2007 - 07:07 AM

Thanks for your help once again!

Back to Spyware Hell