45 replies to this topic

[labtop]

I intend to install bitdefender v 10 but i cant run it although i already installed, i cant uninstall it either, so i guess i'm encounter virus, pls help me.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:50:40 PM, on 7/18/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\necmfk\necmfk.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\Apoint2K\HidFind.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Xerox\Xerox WorkCentre PE220 Series\RCP\Scan2Pc.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Softwin\BitDefender10\bdagent.exe
C:\WINDOWS\NCLAUNCH.EXe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: AddTask Class - {24F06550-65E3-4D1C-8CFE-839C296B5530} - C:\Program Files\eREAD6.0\eREAD6.0\IEeREAD.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: Nothing - {686a161d-5bd1-4999-8832-6393f41e564c} - C:\WINDOWS\System32\hp100.tmp (file missing)
O2 - BHO: AddTask Class - {6A19C29D-ED45-4483-8999-9F939C8161F2} - C:\Program Files\eREAD6.0\eREAD6.0\WebHook.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {83314D5C-DFD5-4D66-9F6D-8311F004C905} - (no file)
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll (file missing)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [NECMFK] C:\Program Files\necmfk\necmfk.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [AdwareAlert] C:\Program Files\AdwareAlert\AdwareAlert.Exe -boot
O4 - HKLM\..\Run: [BDSwitchAgent] "C:\PROGRA~1\Softwin\BITDEF~1\bdswitch.exe"
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [WhitneyXerox_S2P] C:\Program Files\Xerox\Xerox WorkCentre PE220 Series\RCP\Scan2Pc.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [BDMCon] C:\PROGRA~1\Softwin\BITDEF~2\bdmcon.exe
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe
O4 - HKCU\..\Run: [lbvlxnl] c:\windows\grljimb.exe
O4 - HKCU\..\Run: [wqgroix] c:\windows\grljimb.exe
O4 - HKCU\..\Run: [ehokasy] c:\windows\grljimb.exe
O4 - HKCU\..\Run: [mvquqbt] c:\windows\grljimb.exe
O4 - HKCU\..\Run: [gubluig] c:\windows\grljimb.exe
O4 - HKCU\..\Run: [ffjdrbc] c:\windows\grljimb.exe
O4 - HKCU\..\Run: [yjfmwel] c:\windows\grljimb.exe
O4 - HKCU\..\Run: [aatntai] c:\windows\grljimb.exe
O4 - HKCU\..\Run: [adpkavi] c:\windows\grljimb.exe
O4 - HKCU\..\Run: [wfiugqi] c:\windows\grljimb.exe
O4 - HKCU\..\Run: [vmdlfeu] c:\windows\grljimb.exe
O4 - HKCU\..\Run: [bvbqlhj] c:\windows\grljimb.exe
O4 - HKCU\..\Run: [ljebmxs] c:\windows\grljimb.exe
O4 - HKCU\..\Run: [bowbayl] c:\windows\grljimb.exe <---- too many this lines, i cut the middle part

O4 - HKCU\..\Run: [yyoalje] c:\windows\gfcgnoh.exe
O4 - HKCU\..\Run: [srwxmia] c:\windows\gfcgnoh.exe
O4 - HKCU\..\Run: [fjmpxoq] c:\windows\gfcgnoh.exe
O4 - HKCU\..\Run: [hnwmroh] c:\windows\gfcgnoh.exe
O4 - HKCU\..\Run: [wmbyend] c:\windows\gfcgnoh.exe
O4 - HKCU\..\Run: [eyrpmxw] c:\windows\gfcgnoh.exe
O4 - HKCU\..\Run: [dnjrkpk] c:\windows\gfcgnoh.exe
O4 - HKCU\..\Run: [gbiedjt] c:\windows\gfcgnoh.exe
O4 - HKCU\..\Run: [hcbehwm] c:\windows\gfcgnoh.exe
O4 - HKCU\..\Run: [adrflne] c:\windows\gfcgnoh.exe
O4 - HKCU\..\Run: [blltldy] c:\windows\gfcgnoh.exe
O4 - HKCU\..\Run: [fhisooe] c:\windows\gfcgnoh.exe
O4 - HKCU\..\Run: [lkehuwt] c:\windows\gfcgnoh.exe
O4 - HKCU\..\Run: [rsgrpex] c:\windows\gfcgnoh.exe
O4 - HKCU\..\Run: [rpvlbvd] c:\windows\gfcgnoh.exe
O4 - HKCU\..\Run: [ydghwhx] c:\windows\gfcgnoh.exe
O4 - HKCU\..\Run: [vsmmnxv] c:\windows\gfcgnoh.exe
O4 - HKCU\..\Run: [fgmokly] c:\windows\gfcgnoh.exe
O4 - HKCU\..\Run: [iussetb] c:\windows\gfcgnoh.exe
O4 - HKCU\..\Run: [rngcpsv] c:\windows\gfcgnoh.exe
O4 - HKCU\..\Run: [cptlcya] c:\windows\gfcgnoh.exe
O4 - HKCU\..\Run: [mphrjyb] c:\windows\gfcgnoh.exe
O4 - HKCU\..\Run: [svlhgqn] c:\windows\gfcgnoh.exe
O4 - HKCU\..\Run: [kcidoxe] c:\windows\gfcgnoh.exe
O4 - HKCU\..\Run: [kbrknwi] c:\windows\gfcgnoh.exe
O4 - HKCU\..\Run: [iktepsb] c:\windows\gfcgnoh.exe
O4 - HKCU\..\Run: [psccajd] c:\windows\gfcgnoh.exe
O4 - HKCU\..\Run: [tmvgqaw] c:\windows\gfcgnoh.exe
O4 - HKCU\..\Run: [nebyvys] c:\windows\gfcgnoh.exe
O4 - HKCU\..\Run: [wrenrnc] c:\windows\gfcgnoh.exe
O4 - HKCU\..\Run: [neepall] c:\windows\gfcgnoh.exe
O4 - HKCU\..\Run: [rtiampw] c:\windows\gfcgnoh.exe
O4 - HKCU\..\Run: [envcwgd] c:\windows\gfcgnoh.exe
O4 - HKCU\..\Run: [oyflfpv] c:\windows\gfcgnoh.exe
O4 - HKCU\..\Run: [kcgpnje] c:\windows\gfcgnoh.exe
O4 - HKCU\..\Run: [cyyqbnd] c:\windows\gfcgnoh.exe
O4 - HKCU\..\Run: [ymocycv] c:\windows\gfcgnoh.exe
O4 - HKCU\..\Run: [lcgrnuq] c:\windows\gfcgnoh.exe
O4 - HKCU\..\Run: [ibubcdh] c:\windows\gfcgnoh.exe
O4 - HKCU\..\Run: [plqcnxv] c:\windows\gfcgnoh.exe
O4 - HKCU\..\Run: [vvkjmmm] c:\windows\gfcgnoh.exe
O4 - HKCU\..\Run: [hhlfkfr] c:\windows\gfcgnoh.exe
O4 - HKCU\..\Run: [eqrecpn] c:\windows\gfcgnoh.exe
O4 - HKCU\..\Run: [chbrrut] c:\windows\gfcgnoh.exe
O4 - HKCU\..\Run: [bdhqqok] c:\windows\gfcgnoh.exe
O4 - HKCU\..\Run: [xxaxsmf] c:\windows\gfcgnoh.exe
O4 - HKCU\..\Run: [ixbgudc] c:\windows\gfcgnoh.exe
O4 - HKCU\..\Run: [pwdlyqg] c:\windows\gfcgnoh.exe
O4 - HKCU\..\Run: [nafqhbr] c:\windows\gfcgnoh.exe
O4 - HKCU\..\Run: [dshtgkr] c:\windows\gfcgnoh.exe
O4 - HKCU\..\Run: [iwttrpg] c:\windows\gfcgnoh.exe
O4 - HKCU\..\Run: [vgbrupj] c:\windows\gfcgnoh.exe
O4 - HKCU\..\Run: [vxjehqn] c:\windows\gfcgnoh.exe
O4 - HKCU\..\Run: [gibldcb] c:\windows\gfcgnoh.exe
O4 - HKCU\..\Run: [rwkciji] c:\windows\gfcgnoh.exe
O4 - HKCU\..\Run: [xmkdoyk] c:\windows\gfcgnoh.exe
O4 - HKCU\..\Run: [uhjynne] c:\windows\gfcgnoh.exe
O4 - HKCU\..\Run: [wrorttu] c:\windows\gfcgnoh.exe
O4 - HKCU\..\Run: [icppbgy] c:\windows\gfcgnoh.exe
O4 - HKCU\..\Run: [cfntcvt] c:\windows\gfcgnoh.exe
O4 - HKCU\..\Run: [ycjtlpj] c:\windows\gfcgnoh.exe
O4 - HKCU\..\Run: [pmavmvh] c:\windows\gfcgnoh.exe
O4 - HKCU\..\Run: [mveomhg] c:\windows\gfcgnoh.exe
O4 - HKCU\..\Run: [lbmxmgf] c:\windows\gfcgnoh.exe
O4 - HKCU\..\Run: [rfjcrik] c:\windows\gfcgnoh.exe
O4 - HKCU\..\Run: [oogbbru] c:\windows\gfcgnoh.exe
O4 - HKCU\..\Run: [kggaoaw] c:\windows\gfcgnoh.exe
O4 - HKCU\..\Run: [kaobtuc] c:\windows\gfcgnoh.exe
O4 - HKCU\..\Run: [kyfgwsg] c:\windows\gfcgnoh.exe
O4 - HKCU\..\Run: [imobnuw] c:\windows\gfcgnoh.exe
O4 - HKCU\..\Run: [vlntuxm] c:\windows\gfcgnoh.exe
O4 - HKCU\..\Run: [sxdqmcq] c:\windows\gfcgnoh.exe
O4 - HKCU\..\Run: [qnaijcx] c:\windows\gfcgnoh.exe
O4 - HKCU\..\Run: [jvigyij] c:\windows\gfcgnoh.exe
O4 - HKCU\..\Run: [weljiwr] c:\windows\gfcgnoh.exe
O4 - HKCU\..\Run: [xyyklbx] c:\windows\gfcgnoh.exe
O4 - HKCU\..\Run: [ogcaqhm] c:\windows\gfcgnoh.exe
O4 - HKCU\..\Run: [ypolyrq] c:\windows\gfcgnoh.exe
O4 - HKCU\..\Run: [rckalrj] c:\windows\gfcgnoh.exe
O4 - HKCU\..\Run: [danwole] c:\windows\gfcgnoh.exe
O4 - HKCU\..\Run: [rhjrjij] c:\windows\gfcgnoh.exe
O4 - HKCU\..\Run: [swwcmpv] c:\windows\gfcgnoh.exe
O4 - HKCU\..\Run: [ajwigju] c:\windows\gfcgnoh.exe
O4 - HKCU\..\Run: [pbysgjb] c:\windows\gfcgnoh.exe
O4 - HKCU\..\Run: [lwmevpm] c:\windows\gfcgnoh.exe
O4 - HKCU\..\Run: [iavukbc] c:\windows\gfcgnoh.exe
O4 - HKCU\..\Run: [ayqqjqu] c:\windows\gfcgnoh.exe
O4 - HKCU\..\Run: [psnghmo] c:\windows\gfcgnoh.exe
O4 - HKCU\..\Run: [cvyutol] c:\windows\gfcgnoh.exe
O4 - HKCU\..\Run: [ffbtkfo] c:\windows\gfcgnoh.exe
O4 - HKCU\..\Run: [xfaptlc] c:\windows\gfcgnoh.exe
O4 - HKCU\..\Run: [apmsptp] c:\windows\gfcgnoh.exe
O4 - HKCU\..\Run: [ibjiwyt] c:\windows\gfcgnoh.exe
O4 - HKCU\..\Run: [ixjglgs] c:\windows\gfcgnoh.exe
O4 - HKCU\..\Run: [tcwhfgg] c:\windows\gfcgnoh.exe
O4 - HKCU\..\Run: [xxnctqw] c:\windows\gfcgnoh.exe
O4 - HKCU\..\Run: [usnxuly] c:\windows\gfcgnoh.exe
O4 - HKCU\..\Run: [rhdwonp] c:\windows\gfcgnoh.exe
O4 - HKCU\..\Run: [vtdbeqc] c:\windows\gfcgnoh.exe
O4 - HKCU\..\Run: [lpxbqpe] c:\windows\gfcgnoh.exe
O4 - HKCU\..\Run: [bevxktw] c:\windows\gfcgnoh.exe
O4 - HKCU\..\Run: [fnfiphu] c:\windows\gfcgnoh.exe
O4 - HKCU\..\Run: [tcpohos] c:\windows\gfcgnoh.exe
O4 - HKCU\..\Run: [kbotjpm] c:\windows\gfcgnoh.exe
O4 - HKCU\..\Run: [bvfawnu] c:\windows\gfcgnoh.exe
O4 - HKCU\..\Run: [eojjtvw] c:\windows\gfcgnoh.exe
O4 - HKCU\..\Run: [uwkrjau] c:\windows\gfcgnoh.exe
O4 - HKCU\..\Run: [ykiesml] c:\windows\gfcgnoh.exe
O4 - HKCU\..\Run: [wblxfjn] c:\windows\gfcgnoh.exe
O4 - HKCU\..\Run: [gdkxkcj] c:\windows\gfcgnoh.exe
O4 - HKCU\..\Run: [vmbjqeu] c:\windows\gfcgnoh.exe
O4 - HKCU\..\Run: [gbembjf] c:\windows\gfcgnoh.exe
O4 - HKCU\..\Run: [pgkpslv] c:\windows\gfcgnoh.exe
O4 - HKCU\..\Run: [wogrscd] c:\windows\gfcgnoh.exe
O4 - HKCU\..\Run: [wfsqycy] c:\windows\gfcgnoh.exe
O4 - HKCU\..\Run: [fyinsfr] c:\windows\gfcgnoh.exe
O4 - HKCU\..\Run: [ppcxfcl] c:\windows\gfcgnoh.exe
O4 - HKCU\..\Run: [dyfjhgk] c:\windows\gfcgnoh.exe
O4 - HKCU\..\Run: [uokqbbs] c:\windows\gfcgnoh.exe
O4 - HKCU\..\Run: [fjmjeea] c:\windows\gfcgnoh.exe
O4 - HKCU\..\Run: [qiwwdvf] c:\windows\gfcgnoh.exe
O4 - HKCU\..\Run: [hvfmbya] c:\windows\gfcgnoh.exe
O4 - HKCU\..\Run: [cbxhjyt] c:\windows\gfcgnoh.exe
O4 - HKCU\..\Run: [rubkcyi] c:\windows\gfcgnoh.exe
O4 - HKCU\..\Run: [iewfrik] c:\windows\gfcgnoh.exe
O4 - HKCU\..\Run: [oivkqco] c:\windows\gfcgnoh.exe
O4 - HKCU\..\Run: [ssutbtl] c:\windows\xuktlgf.exe
O4 - HKCU\..\Run: [axgjikd] c:\windows\xuktlgf.exe
O4 - HKCU\..\Run: [fvndiqr] c:\windows\xuktlgf.exe
O4 - HKCU\..\Run: [atqahnk] c:\windows\xuktlgf.exe
O4 - HKCU\..\Run: [frlerqj] c:\windows\xuktlgf.exe
O4 - HKCU\..\Run: [rfgjojs] c:\windows\xuktlgf.exe
O4 - HKCU\..\Run: [eeeeldu] c:\windows\xuktlgf.exe
O4 - HKCU\..\Run: [syrtgtu] c:\windows\pfivjeq.exe
O4 - HKCU\..\Run: [ingbdtp] c:\windows\pfivjeq.exe
O4 - HKCU\..\Run: [gxhbtfl] c:\windows\pfivjeq.exe
O4 - HKCU\..\Run: [abrtoly] c:\windows\pfivjeq.exe
O4 - HKCU\..\Run: [srglsdu] c:\windows\pfivjeq.exe
O4 - HKCU\..\Run: [cgwudrd] c:\windows\pfivjeq.exe
O4 - HKCU\..\Run: [obnqrsp] c:\windows\pfivjeq.exe
O4 - HKCU\..\Run: [dbbvaqo] c:\windows\pfivjeq.exe
O4 - HKCU\..\Run: [uarjfhk] c:\windows\pfivjeq.exe
O4 - HKCU\..\Run: [hpwrnln] c:\windows\pfivjeq.exe
O4 - HKCU\..\Run: [swjsopa] c:\windows\pfivjeq.exe
O4 - HKCU\..\Run: [dhajpix] c:\windows\pfivjeq.exe
O4 - HKCU\..\Run: [pvcbqrj] c:\windows\pfivjeq.exe
O4 - HKCU\..\Run: [rleplvb] c:\windows\pfivjeq.exe
O4 - HKCU\..\Run: [pfljaph] c:\windows\pfivjeq.exe
O4 - HKCU\..\Run: [ymjgtby] c:\windows\pfivjeq.exe
O4 - HKCU\..\Run: [davfnci] c:\windows\pfivjeq.exe
O4 - HKCU\..\Run: [sutpftv] c:\windows\pfivjeq.exe
O4 - HKCU\..\Run: [qntecnb] c:\windows\pfivjeq.exe
O4 - HKCU\..\Run: [gvflpru] c:\windows\afpaifw.exe
O4 - HKCU\..\Run: [shonfxy] c:\windows\afpaifw.exe
O4 - HKCU\..\Run: [cjifica] c:\windows\afpaifw.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
O4 - HKLM\..\Policies\Explorer\Run: [dcomcfg.exe] dcomcfg.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\microsoft office\office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Add to &Windows Live Favorites - http://favorites.liv...m/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {03B39B10-9AB9-4DBB-8189-7F76E0CE5F3F} (FavImport Class) - https://favorites.li...?v=13,0,0831,02
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://huiyek.spaces...ad/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) - http://aolsvc.aol.com/onlinegames/trydiner...h2.1.0.0.48.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9F356F9F-2747-4F2E-93B1-4B23B9F9BA91}: NameServer = 69.50.176.198,195.225.176.153
O17 - HKLM\System\CCS\Services\Tcpip\..\{E703F5ED-56BC-496C-B9F2-6342C2757A14}: NameServer = 202.188.0.133 202.188.1.5
O17 - HKLM\System\CS1\Services\Tcpip\..\{9F356F9F-2747-4F2E-93B1-4B23B9F9BA91}: NameServer = 69.50.176.198,195.225.176.153
O22 - SharedTaskScheduler: chromatodysopia - {55059d4f-a1ac-4837-ae07-4859101f598d} - C:\WINDOWS\System32\icima.dll (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe (file missing)
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SymWMI Service (SymWSC) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe (file missing)
O24 - Desktop Component 0: (no name) - http://pages.videotr.../tiber/nani.jpg

--
End of file - 188204 bytes

[rridgely]

Welcome to the forum.
This computer is really bad and to be honest you would be much better off if you just reformatted it instead of trying to clean it up. I will help you clean it up though but there are no guarantees that it will work.(and its probably going to be very time consuming as well).

That being said if you do want to try to fix this please create a new hijackthis log and attach it to the forum instead of copying and pasting. That way I can see the whole thing.

[labtop]

Hi rridgely, thanks for your reply, I'm using NEC Versa E2000 laptop, not sure can I reformat it because I remembered the sale man told me to use the NEC cd to restore instead of reformat, so I'm not sure the procedure. Surprisingly, I run hijackthis again, this is the logfile, much more shorter this time, so I can straight away copy and paste, could it be I installed CCleaner? but I still cant uninstall the bitdefender.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:47:16 PM, on 7/19/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\necmfk\necmfk.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Softwin\BitDefender10\bdagent.exe
C:\WINDOWS\NCLAUNCH.EXe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Apoint2K\HidFind.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\CCleaner\CCleaner.exe
C:\WINDOWS\System32\msiexec.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: AddTask Class - {24F06550-65E3-4D1C-8CFE-839C296B5530} - C:\Program Files\eREAD6.0\eREAD6.0\IEeREAD.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: (no name) - {686a161d-5bd1-4999-8832-6393f41e564c} - (no file)
O2 - BHO: AddTask Class - {6A19C29D-ED45-4483-8999-9F939C8161F2} - C:\Program Files\eREAD6.0\eREAD6.0\WebHook.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {83314D5C-DFD5-4D66-9F6D-8311F004C905} - (no file)
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)
O3 - Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [NECMFK] C:\Program Files\necmfk\necmfk.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe
O4 - HKLM\..\Policies\Explorer\Run: [dcomcfg.exe] dcomcfg.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\microsoft office\office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Add to &Windows Live Favorites - http://favorites.liv...m/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {03B39B10-9AB9-4DBB-8189-7F76E0CE5F3F} (FavImport Class) - https://favorites.li...?v=13,0,0831,02
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://huiyek.spaces...ad/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) - http://aolsvc.aol.com/onlinegames/trydiner...h2.1.0.0.48.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9F356F9F-2747-4F2E-93B1-4B23B9F9BA91}: NameServer = 69.50.176.198,195.225.176.153
O17 - HKLM\System\CS1\Services\Tcpip\..\{9F356F9F-2747-4F2E-93B1-4B23B9F9BA91}: NameServer = 69.50.176.198,195.225.176.153
O22 - SharedTaskScheduler: chromatodysopia - {55059d4f-a1ac-4837-ae07-4859101f598d} - (no file)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe (file missing)
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SymWMI Service (SymWSC) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe (file missing)
O24 - Desktop Component 0: (no name) - http://pages.videotr.../tiber/nani.jpg

--
End of file - 8140 bytes

[labtop]

I've deleted Adobe photoshop and from the previous hijackthis, i checked a few toolbar file and selected fix checked. I then run hijackthis again, this is the new log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:48:12 PM, on 7/19/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\necmfk\necmfk.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\NCLAUNCH.EXe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Apoint2K\HidFind.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: AddTask Class - {24F06550-65E3-4D1C-8CFE-839C296B5530} - C:\Program Files\eREAD6.0\eREAD6.0\IEeREAD.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: (no name) - {686a161d-5bd1-4999-8832-6393f41e564c} - (no file)
O2 - BHO: AddTask Class - {6A19C29D-ED45-4483-8999-9F939C8161F2} - C:\Program Files\eREAD6.0\eREAD6.0\WebHook.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {83314D5C-DFD5-4D66-9F6D-8311F004C905} - (no file)
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [NECMFK] C:\Program Files\necmfk\necmfk.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe
O4 - HKLM\..\Policies\Explorer\Run: [dcomcfg.exe] dcomcfg.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Add to &Windows Live Favorites - http://favorites.liv...m/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {03B39B10-9AB9-4DBB-8189-7F76E0CE5F3F} (FavImport Class) - https://favorites.li...?v=13,0,0831,02
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewi...oOnlineScan.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://huiyek.spaces...ad/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) - http://aolsvc.aol.com/onlinegames/trydiner...h2.1.0.0.48.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9F356F9F-2747-4F2E-93B1-4B23B9F9BA91}: NameServer = 69.50.176.198,195.225.176.153
O17 - HKLM\System\CS1\Services\Tcpip\..\{9F356F9F-2747-4F2E-93B1-4B23B9F9BA91}: NameServer = 69.50.176.198,195.225.176.153
O22 - SharedTaskScheduler: chromatodysopia - {55059d4f-a1ac-4837-ae07-4859101f598d} - (no file)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe (file missing)
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SymWMI Service (SymWSC) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe (file missing)

--
End of file - 7595 bytes

[labtop]

as you can see from previous hijackthis log, i was running ewido anti-spyware online scan, so many spyware, there's one trojon somemore. Here is the hijackthis log after the scan.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:50:20 PM, on 7/19/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\necmfk\necmfk.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\NCLAUNCH.EXe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Apoint2K\HidFind.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: AddTask Class - {24F06550-65E3-4D1C-8CFE-839C296B5530} - C:\Program Files\eREAD6.0\eREAD6.0\IEeREAD.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: (no name) - {686a161d-5bd1-4999-8832-6393f41e564c} - (no file)
O2 - BHO: AddTask Class - {6A19C29D-ED45-4483-8999-9F939C8161F2} - C:\Program Files\eREAD6.0\eREAD6.0\WebHook.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {83314D5C-DFD5-4D66-9F6D-8311F004C905} - (no file)
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [NECMFK] C:\Program Files\necmfk\necmfk.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe
O4 - HKLM\..\Policies\Explorer\Run: [dcomcfg.exe] dcomcfg.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Add to &Windows Live Favorites - http://favorites.liv...m/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewi...oOnlineScan.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://huiyek.spaces...ad/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9F356F9F-2747-4F2E-93B1-4B23B9F9BA91}: NameServer = 69.50.176.198,195.225.176.153
O17 - HKLM\System\CS1\Services\Tcpip\..\{9F356F9F-2747-4F2E-93B1-4B23B9F9BA91}: NameServer = 69.50.176.198,195.225.176.153
O22 - SharedTaskScheduler: chromatodysopia - {55059d4f-a1ac-4837-ae07-4859101f598d} - (no file)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe (file missing)
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SymWMI Service (SymWSC) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe (file missing)

--
End of file - 7244 bytes

[labtop]

This time i managed to complete the bitdefender online scan and there's no virus found.

So does this mean my window is clean?

[labtop]

I tried to uninstalled bidefender v10, still cant make it, it says "fatal error during installation"

[rridgely]

The cd you have is probably just a restore cd and it should make your computer exactly the way it was when you took it out of the box.
If you want to clean it up then do the below:


Download Superantispyware

• Load Superantispyware and click the check for updates button.
  
• Once the update is finished click the scan your computer button.
  
• Check Perform Complete Scan and then next.
  
• Superantispyware will now scan your computer and when its finished it will list all the infections it has found.
  
• Make sure that they all have a check next to them and press next.
  
• Click finish and you will be taken back to the main interface.
  
• Click Preferences and then click the statistics/logs tab. Click the dated log and press view log and a text file will appear.
  
• Copy and paste the log onto the forum.

Post the superantispyware log and a new hijackthis log.

[labtop]

here are the log files:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 07/20/2007 at 12:40 PM

Application Version : 3.9.1008

Core Rules Database Version : 3271
Trace Rules Database Version: 1282

Scan type : Complete Scan
Total Scan Time : 00:46:53

Memory items scanned : 314
Memory threats detected : 1
Registry items scanned : 5308
Registry threats detected : 20
File items scanned : 33872
File threats detected : 4

Trojan.WINTEMS
C:\WINDOWS\SYSTEM32\WINTEMS.EXE
C:\WINDOWS\SYSTEM32\WINTEMS.EXE
[german.exe] C:\WINDOWS\SYSTEM32\WINTEMS.EXE
C:\WINDOWS\Prefetch\WINTEMS.EXE-377E42D4.pf

Trojan.Homepage
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{686a161d-5bd1-4999-8832-6393f41e564c}

Malware.SpywareQuake
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler#{55059d4f-a1ac-4837-ae07-4859101f598d}
HKCR\CLSID\{5B55C4E3-C179-BA0B-B4FD-F2DB862D6202}
HKCR\CLSID\{5B55C4E3-C179-BA0B-B4FD-F2DB862D6202}\adArrkbkk
HKCR\CLSID\{5B55C4E3-C179-BA0B-B4FD-F2DB862D6202}\aGrQvWv
HKCR\CLSID\{5B55C4E3-C179-BA0B-B4FD-F2DB862D6202}\DarYgtfndI
HKCR\CLSID\{5B55C4E3-C179-BA0B-B4FD-F2DB862D6202}\ekekoUzbn
HKCR\CLSID\{5B55C4E3-C179-BA0B-B4FD-F2DB862D6202}\hgxqUymt
HKCR\CLSID\{5B55C4E3-C179-BA0B-B4FD-F2DB862D6202}\InprocServer32
HKCR\CLSID\{5B55C4E3-C179-BA0B-B4FD-F2DB862D6202}\InprocServer32#ThreadingModel
HKCR\CLSID\{5B55C4E3-C179-BA0B-B4FD-F2DB862D6202}\nOGk
HKCR\CLSID\{5B55C4E3-C179-BA0B-B4FD-F2DB862D6202}\ohlaLm
HKCR\CLSID\{5B55C4E3-C179-BA0B-B4FD-F2DB862D6202}\oYvnasuvlqrv
HKCR\CLSID\{5B55C4E3-C179-BA0B-B4FD-F2DB862D6202}\rvvzhtf
HKCR\CLSID\{5B55C4E3-C179-BA0B-B4FD-F2DB862D6202}\vhqi
HKCR\CLSID\{5B55C4E3-C179-BA0B-B4FD-F2DB862D6202}\VjRtckYdibuYk
HKCR\CLSID\{5B55C4E3-C179-BA0B-B4FD-F2DB862D6202}\VwCtKwr
HKCR\CLSID\{5B55C4E3-C179-BA0B-B4FD-F2DB862D6202}\ylyszFPttaz

Trojan.DCOMCfg
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run#dcomcfg.exe [ dcomcfg.exe ]

Trojan.Unknown Origin
C:\WINDOWS\SYSTEM32\OT.ICO
C:\WINDOWS\SYSTEM32\TS.ICO




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:50:52 PM, on 7/20/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\necmfk\necmfk.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Apoint2K\HidFind.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\NCLAUNCH.EXe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\notepad.exe
C:\WINDOWS\System32\taskmgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: AddTask Class - {24F06550-65E3-4D1C-8CFE-839C296B5530} - C:\Program Files\eREAD6.0\eREAD6.0\IEeREAD.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: AddTask Class - {6A19C29D-ED45-4483-8999-9F939C8161F2} - C:\Program Files\eREAD6.0\eREAD6.0\WebHook.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {83314D5C-DFD5-4D66-9F6D-8311F004C905} - (no file)
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [NECMFK] C:\Program Files\necmfk\necmfk.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Add to &Windows Live Favorites - http://favorites.liv...m/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewi...oOnlineScan.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://huiyek.spaces...ad/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9F356F9F-2747-4F2E-93B1-4B23B9F9BA91}: NameServer = 69.50.176.198,195.225.176.153
O17 - HKLM\System\CS1\Services\Tcpip\..\{9F356F9F-2747-4F2E-93B1-4B23B9F9BA91}: NameServer = 69.50.176.198,195.225.176.153
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe (file missing)
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SymWMI Service (SymWSC) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe (file missing)

--
End of file - 7118 bytes

[rridgely]

Run Kaspersky WebScanner

• Please go HERE and click Kaspersky Online Scanner
  
• Read and Accept the Agreement
  
• You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  
• If you see a Windows dialog asking if you want to install this software, click the Install button.
  
• The program will launch and then begin downloading the latest definition files,
  
• When the "Update progress" line changes to "Ready" and the "NEXT ->" button becomes available, please click on it.
  
• Click on the Scan Settings button, and in the next window select the Extended database, and click Ok.
  
• Under "Please select a target to scan:", click My Computer to start the scan.
  
• When the scan is finished, click the "Save as Text" button, and save the file as kavscan.txt to your Desktop, close the Kaspersky On-line Scanner window.
  
• Paste kaspersky log onto forum.

[labtop]

KASPERSKY ONLINE SCANNER REPORT
Friday, July 20, 2007 2:52:22 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 1 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 20/07/2007
Kaspersky Anti-Virus database records: 365434
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
Q:\

Scan Statistics:
Total number of scanned objects: 52987
Number of viruses found: 2
Number of infected objects: 8 / 0
Number of suspicious objects: 0
Duration of the scan process: 01:00:00

Infected Object Name / Virus Name / Last Action
C:\APPS\Monitor.exe Object is locked skipped
C:\Documents and Settings\HUiYUe\Application Data\Mozilla\Firefox\Profiles\xhhr5mvy.huiyue\cert8.db Object is locked skipped
C:\Documents and Settings\HUiYUe\Application Data\Mozilla\Firefox\Profiles\xhhr5mvy.huiyue\formhistory.dat Object is locked skipped
C:\Documents and Settings\HUiYUe\Application Data\Mozilla\Firefox\Profiles\xhhr5mvy.huiyue\history.dat Object is locked skipped
C:\Documents and Settings\HUiYUe\Application Data\Mozilla\Firefox\Profiles\xhhr5mvy.huiyue\key3.db Object is locked skipped
C:\Documents and Settings\HUiYUe\Application Data\Mozilla\Firefox\Profiles\xhhr5mvy.huiyue\parent.lock Object is locked skipped
C:\Documents and Settings\HUiYUe\Application Data\Mozilla\Firefox\Profiles\xhhr5mvy.huiyue\search.sqlite Object is locked skipped
C:\Documents and Settings\HUiYUe\Application Data\Mozilla\Firefox\Profiles\xhhr5mvy.huiyue\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\HUiYUe\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SUPERANTISPYWARE.LOG Object is locked skipped
C:\Documents and Settings\HUiYUe\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\HUiYUe\Local Settings\Application Data\Microsoft\Messenger\hui_yue@hotmail.com\SharingMetadata\Logs\Dfsr00005.log Object is locked skipped
C:\Documents and Settings\HUiYUe\Local Settings\Application Data\Microsoft\Messenger\hui_yue@hotmail.com\SharingMetadata\pending.dat Object is locked skipped
C:\Documents and Settings\HUiYUe\Local Settings\Application Data\Microsoft\Messenger\hui_yue@hotmail.com\SharingMetadata\Working\database_DEA4_E523_A4E4_FF41\dfsr.db Object is locked skipped
C:\Documents and Settings\HUiYUe\Local Settings\Application Data\Microsoft\Messenger\hui_yue@hotmail.com\SharingMetadata\Working\database_DEA4_E523_A4E4_FF41\fsr.log Object is locked skipped
C:\Documents and Settings\HUiYUe\Local Settings\Application Data\Microsoft\Messenger\hui_yue@hotmail.com\SharingMetadata\Working\database_DEA4_E523_A4E4_FF41\fsrtmp.log Object is locked skipped
C:\Documents and Settings\HUiYUe\Local Settings\Application Data\Microsoft\Messenger\hui_yue@hotmail.com\SharingMetadata\Working\database_DEA4_E523_A4E4_FF41\tmp.edb Object is locked skipped
C:\Documents and Settings\HUiYUe\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\HUiYUe\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\HUiYUe\Local Settings\Application Data\Microsoft\Windows Live Contacts\hui_yue@hotmail.com\real\members.stg Object is locked skipped
C:\Documents and Settings\HUiYUe\Local Settings\Application Data\Microsoft\Windows Live Contacts\hui_yue@hotmail.com\shadow\members.stg Object is locked skipped
C:\Documents and Settings\HUiYUe\Local Settings\Application Data\Mozilla\Firefox\Profiles\xhhr5mvy.huiyue\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\HUiYUe\Local Settings\Application Data\Mozilla\Firefox\Profiles\xhhr5mvy.huiyue\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\HUiYUe\Local Settings\Application Data\Mozilla\Firefox\Profiles\xhhr5mvy.huiyue\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\HUiYUe\Local Settings\Application Data\Mozilla\Firefox\Profiles\xhhr5mvy.huiyue\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\HUiYUe\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\HUiYUe\Local Settings\History\History.IE5\MSHist012007072020070721\index.dat Object is locked skipped
C:\Documents and Settings\HUiYUe\Local Settings\Temp\KB380008.TMP Object is locked skipped
C:\Documents and Settings\HUiYUe\Local Settings\Temp\~DF4AEF.tmp Object is locked skipped
C:\Documents and Settings\HUiYUe\Local Settings\Temp\~DF4AF7.tmp Object is locked skipped
C:\Documents and Settings\HUiYUe\Local Settings\Temp\~DF5524.tmp Object is locked skipped
C:\Documents and Settings\HUiYUe\Local Settings\Temp\~DF552C.tmp Object is locked skipped
C:\Documents and Settings\HUiYUe\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\HUiYUe\ntuser.dat Object is locked skipped
C:\Documents and Settings\HUiYUe\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\DRV\Monitor.exe Object is locked skipped
C:\ILS\buf_pro.DBF Object is locked skipped
C:\ILS\DATA\ACEC.DBF Object is locked skipped
C:\ILS\DATA\ADHOC_P.CDX Object is locked skipped
C:\ILS\DATA\ADHOC_P.DBF Object is locked skipped
C:\ILS\DATA\AI_CLASS.CDX Object is locked skipped
C:\ILS\DATA\AI_CLASS.DBF Object is locked skipped
C:\ILS\DATA\AI_INDUS.DBF Object is locked skipped
C:\ILS\DATA\APP_INFO.CDX Object is locked skipped
C:\ILS\DATA\APP_INFO.DBF Object is locked skipped
C:\ILS\DATA\CALRID01.CDX Object is locked skipped
C:\ILS\DATA\CALRID01.DBF Object is locked skipped
C:\ILS\DATA\CALRID02.CDX Object is locked skipped
C:\ILS\DATA\CALRID02.DBF Object is locked skipped
C:\ILS\DATA\CALRID03.CDX Object is locked skipped
C:\ILS\DATA\CALRID03.DBF Object is locked skipped
C:\ILS\DATA\CALRID04.CDX Object is locked skipped
C:\ILS\DATA\CALRID04.DBF Object is locked skipped
C:\ILS\DATA\CALRID05.CDX Object is locked skipped
C:\ILS\DATA\CALRID05.DBF Object is locked skipped
C:\ILS\DATA\CALRID06.CDX Object is locked skipped
C:\ILS\DATA\CALRID06.DBF Object is locked skipped
C:\ILS\DATA\CALRID08.CDX Object is locked skipped
C:\ILS\DATA\CALRID08.DBF Object is locked skipped
C:\ILS\DATA\CASHVAL.CDX Object is locked skipped
C:\ILS\DATA\CASHVAL.DBF Object is locked skipped
C:\ILS\DATA\CHECK.DBF Object is locked skipped
C:\ILS\DATA\CLR.DBF Object is locked skipped
C:\ILS\DATA\covpg2.DBF Object is locked skipped
C:\ILS\DATA\COVPG3.CDX Object is locked skipped
C:\ILS\DATA\COVPG3.DBF Object is locked skipped
C:\ILS\DATA\DIVDVAL.CDX Object is locked skipped
C:\ILS\DATA\DIVDVAL.DBF Object is locked skipped
C:\ILS\DATA\DTR_PREM.CDX Object is locked skipped
C:\ILS\DATA\DTR_PREM.DBF Object is locked skipped
C:\ILS\DATA\EAPPATH.DBF Object is locked skipped
C:\ILS\DATA\EAPPFILE.DBF Object is locked skipped
C:\ILS\DATA\eapp_info.DBF Object is locked skipped
C:\ILS\DATA\EC_OPT.DBF Object is locked skipped
C:\ILS\DATA\EXTRA_P.CDX Object is locked skipped
C:\ILS\DATA\EXTRA_P.DBF Object is locked skipped
C:\ILS\DATA\F_PL_RID.DBF Object is locked skipped
C:\ILS\DATA\HS_OCC.DBF Object is locked skipped
C:\ILS\DATA\IDB_HS1.DBF Object is locked skipped
C:\ILS\DATA\ID_HB1.DBF Object is locked skipped
C:\ILS\DATA\ID_HB2.DBF Object is locked skipped
C:\ILS\DATA\ID_HS1.DBF Object is locked skipped
C:\ILS\DATA\ID_HS2.DBF Object is locked skipped
C:\ILS\DATA\MHIALL.DBF Object is locked skipped
C:\ILS\DATA\MHICI.DBF Object is locked skipped
C:\ILS\DATA\MHIEPB.DBF Object is locked skipped
C:\ILS\DATA\MHIRDI.DBF Object is locked skipped
C:\ILS\DATA\MHISIR.DBF Object is locked skipped
C:\ILS\DATA\MII.CDX Object is locked skipped
C:\ILS\DATA\MII.DBF Object is locked skipped
C:\ILS\DATA\MODFAC.DBF Object is locked skipped
C:\ILS\DATA\MORTAL.CDX Object is locked skipped
C:\ILS\DATA\MORTAL.DBF Object is locked skipped
C:\ILS\DATA\MORTEPB.CDX Object is locked skipped
C:\ILS\DATA\MORTEPB.DBF Object is locked skipped
C:\ILS\DATA\MSA_FAC.DBF Object is locked skipped
C:\ILS\DATA\NOFILE.DBF Object is locked skipped
C:\ILS\DATA\NONSMOK.CDX Object is locked skipped
C:\ILS\DATA\NONSMOK.DBF Object is locked skipped
C:\ILS\DATA\NOP.DBF Object is locked skipped
C:\ILS\DATA\NOP.FPT Object is locked skipped
C:\ILS\DATA\PLANMAST.CDX Object is locked skipped
C:\ILS\DATA\PLANMAST.DBF Object is locked skipped
C:\ILS\DATA\PLANRIDE.CDX Object is locked skipped
C:\ILS\DATA\PLANRIDE.DBF Object is locked skipped
C:\ILS\DATA\PREMRATE.CDX Object is locked skipped
C:\ILS\DATA\PREMRATE.DBF Object is locked skipped
C:\ILS\DATA\PROPOSAL.DBF Object is locked skipped
C:\ILS\DATA\PRO_INFO.CDX Object is locked skipped
C:\ILS\DATA\pro_info.DBF Object is locked skipped
C:\ILS\DATA\PYSP_OR.DBF Object is locked skipped
C:\ILS\DATA\PYSP_P.DBF Object is locked skipped
C:\ILS\DATA\RIDERMAS.CDX Object is locked skipped
C:\ILS\DATA\RIDERMAS.DBF Object is locked skipped
C:\ILS\DATA\RID_CASH.DBF Object is locked skipped
C:\ILS\DATA\RID_RID.DBF Object is locked skipped
C:\ILS\DATA\SISYS.DBF Object is locked skipped
C:\ILS\DATA\SIZEDISC.DBF Object is locked skipped
C:\ILS\DATA\sp_info.DBF Object is locked skipped
C:\ILS\DATA\SS_PRATE.DBF Object is locked skipped
C:\ILS\DATA\SURRDIVD.DBF Object is locked skipped
C:\ILS\DATA\SUSTAIN.DBF Object is locked skipped
C:\ILS\DATA\TEMOCCSP.DBF Object is locked skipped
C:\ILS\DATA\TEMPOCC.DBF Object is locked skipped
C:\ILS\DATA\TERMDIVD.DBF Object is locked skipped
C:\ILS\DATA\TOPUP_P.CDX Object is locked skipped
C:\ILS\DATA\topup_p.DBF Object is locked skipped
C:\ILS\DATA\TPDLOAD.DBF Object is locked skipped
C:\ILS\DATA\t_covpg2.DBF Object is locked skipped
C:\ILS\DATA\UDR_EPB.CDX Object is locked skipped
C:\ILS\DATA\UDR_EPB.DBF Object is locked skipped
C:\ILS\DATA\UDR_NOR.CDX Object is locked skipped
C:\ILS\DATA\UDR_NOR.DBF Object is locked skipped
C:\ILS\DATA\UL.DBF Object is locked skipped
C:\ILS\DATA\ULMEC.DBF Object is locked skipped
C:\ILS\DATA\ULMGP.DBF Object is locked skipped
C:\ILS\DATA\ULSURR.DBF Object is locked skipped
C:\ILS\DATA\ULTP.DBF Object is locked skipped
C:\ILS\DATA\WPUL.DBF Object is locked skipped
C:\Program Files\eMule\Incoming\Personal Document Organizer v3.3.979.English.Incl.[r-ITS0dAY.zip/pdopatcher.exe Infected: Trojan.Win32.Agent.acw skipped
C:\Program Files\eMule\Incoming\Personal Document Organizer v3.3.979.English.Incl.[r-ITS0dAY.zip ZIP: infected - 1 skipped
C:\WINDOWS\Debug\oakley.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\exefld\10682400.exe Infected: Trojan-Downloader.Win32.Bagle.cc skipped
C:\WINDOWS\exefld\10688118.exe Infected: Trojan-Downloader.Win32.Bagle.cc skipped
C:\WINDOWS\exefld\1071160.exe Infected: Trojan-Downloader.Win32.Bagle.cc skipped
C:\WINDOWS\exefld\240495.exe Infected: Trojan-Downloader.Win32.Bagle.cc skipped
C:\WINDOWS\exefld\531424.exe Infected: Trojan-Downloader.Win32.Bagle.cc skipped
C:\WINDOWS\exefld\784658.exe Infected: Trojan-Downloader.Win32.Bagle.cc skipped
C:\WINDOWS\PREFETCH\AUTOEXEC.NT Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped

Scan process completed.

[labtop]

after scanned by superantispyware, my taskbar is not well function, programs that i opened could not show in the taskbar.

[rridgely]

Find and delete the following:

C:\Program Files\eMule\Incoming\Personal Document Organizer v3.3.979.English.Incl.[r-ITS0dAY.zip ZIP
C:\WINDOWS\exefld\10682400.exe
C:\WINDOWS\exefld\10688118.exe
C:\WINDOWS\exefld\1071160.exe
C:\WINDOWS\exefld\240495.exe
C:\WINDOWS\exefld\531424.exe
C:\WINDOWS\exefld\784658.exe

Then reboot your computer. Post a new hijackthis log and let me know if your task bar problem is fixed.

[labtop]

I'm sorry to tell you the problem is not fixed, really appreciate you help
here's the hijackthis log.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:47:10 PM, on 7/21/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\necmfk\necmfk.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Apoint2K\HidFind.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\NCLAUNCH.EXe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\SopCast\SopCast.exe
C:\Documents and Settings\HUiYUe\Application Data\SopCast\adv\SopAdver.exe
C:\WINDOWS\System32\taskmgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aiadirect.com.my
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: AddTask Class - {24F06550-65E3-4D1C-8CFE-839C296B5530} - C:\Program Files\eREAD6.0\eREAD6.0\IEeREAD.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: AddTask Class - {6A19C29D-ED45-4483-8999-9F939C8161F2} - C:\Program Files\eREAD6.0\eREAD6.0\WebHook.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {83314D5C-DFD5-4D66-9F6D-8311F004C905} - (no file)
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [NECMFK] C:\Program Files\necmfk\necmfk.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Add to &Windows Live Favorites - http://favorites.liv...m/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewi...oOnlineScan.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://huiyek.spaces...ad/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9F356F9F-2747-4F2E-93B1-4B23B9F9BA91}: NameServer = 69.50.176.198,195.225.176.153
O17 - HKLM\System\CS1\Services\Tcpip\..\{9F356F9F-2747-4F2E-93B1-4B23B9F9BA91}: NameServer = 69.50.176.198,195.225.176.153
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe (file missing)
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SymWMI Service (SymWSC) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe (file missing)

--
End of file - 7511 bytes

[rridgely]

Go ahead and uninstall superantispyware. Maybe its conflicting causing the taskbar problem.

Download AVG Anti-Spyware

• Load AVG antispyware and then click the Update tab at the top. Under Manual Update click Start update.
  
• After the update finishes (the status bar at the bottom will display "Update successful")
  
• Click on the Scanner tab at the top and then click on Complete System Scan
  
• Ewido will list any infections found on the left, when the scan has finished, it will automatically set the recommended action. Click the Apply all actions button. AVG antispyware will then display "All actions have been applied" on the right.
  
• Click on "Save Report", then "Save Report As". This will create a text file which you can then save to the Desktop and post back

Note that this is not AVG antivirus but the program formally known as Ewido.

Post the avg log and a new hijackthis log.

[labtop]

here is the reports:

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 4:22:44 PM 7/24/2007

+ Scan result:



C:\Documents and Settings\HUiYUe\Application Data\hidires\hidr.exe -> Worm.Bagle.ir : Cleaned with backup (quarantined).


::Report end



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:27:06 PM, on 7/24/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\necmfk\necmfk.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\Apoint2K\HidFind.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\NCLAUNCH.EXe
C:\WINDOWS\System32\taskmgr.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Documents and Settings\HUiYUe\Application Data\SopCast\adv\SopAdver.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aiadirect.com.my
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: AddTask Class - {24F06550-65E3-4D1C-8CFE-839C296B5530} - C:\Program Files\eREAD6.0\eREAD6.0\IEeREAD.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: AddTask Class - {6A19C29D-ED45-4483-8999-9F939C8161F2} - C:\Program Files\eREAD6.0\eREAD6.0\WebHook.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {83314D5C-DFD5-4D66-9F6D-8311F004C905} - (no file)
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [NECMFK] C:\Program Files\necmfk\necmfk.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe
O4 - HKCU\..\Run: [drvsyskit] C:\Documents and Settings\HUiYUe\Application Data\hidires\hidr.exe
O4 - HKCU\..\Run: [hldrrr] C:\WINDOWS\System32\hldrrr.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Add to &Windows Live Favorites - http://favorites.liv...m/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewi...oOnlineScan.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://huiyek.spaces...ad/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9F356F9F-2747-4F2E-93B1-4B23B9F9BA91}: NameServer = 69.50.176.198,195.225.176.153
O17 - HKLM\System\CS1\Services\Tcpip\..\{9F356F9F-2747-4F2E-93B1-4B23B9F9BA91}: NameServer = 69.50.176.198,195.225.176.153
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe (file missing)
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SymWMI Service (SymWSC) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe (file missing)

--
End of file - 7818 bytes

[rridgely]

Run a scan with hijackthis. Then check off the following:

O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {83314D5C-DFD5-4D66-9F6D-8311F004C905} - (no file)
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)
O4 - HKCU\..\Run: [drvsyskit] C:\Documents and Settings\HUiYUe\Application Data\hidires\hidr.exe
O4 - HKCU\..\Run: [hldrrr] C:\WINDOWS\System32\hldrrr.exe

Then press fix checked and exit hijackthis.

----------------

Find and delete the following files:

C:\Documents and Settings\HUiYUe\Application Data\hidires\hidr.exe
C:\WINDOWS\System32\hldrrr.exe

-------

Reboot the computer and come back with a new hijackthis log. Let me know if the computer is back to normal.

[labtop]

i could not find these files

C:\Documents and Settings\HUiYUe\Application Data\hidires\hidr.exe
C:\WINDOWS\System32\hldrrr.exe

so i just fixed the 6 item, after reboot, i still cant uninstall the bindefender v 10 (do u think i need to delete it manually?) and also the task bar is not functioning well. here is the hijackthis log.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:50:26 PM, on 7/25/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\necmfk\necmfk.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\NCLAUNCH.EXe
C:\Program Files\Apoint2K\HidFind.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\taskmgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aiadirect.com.my
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: AddTask Class - {24F06550-65E3-4D1C-8CFE-839C296B5530} - C:\Program Files\eREAD6.0\eREAD6.0\IEeREAD.dll
O2 - BHO: AddTask Class - {6A19C29D-ED45-4483-8999-9F939C8161F2} - C:\Program Files\eREAD6.0\eREAD6.0\WebHook.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [NECMFK] C:\Program Files\necmfk\necmfk.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Add to &Windows Live Favorites - http://favorites.liv...m/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewi...oOnlineScan.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://huiyek.spaces...ad/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9F356F9F-2747-4F2E-93B1-4B23B9F9BA91}: NameServer = 69.50.176.198,195.225.176.153
O17 - HKLM\System\CS1\Services\Tcpip\..\{9F356F9F-2747-4F2E-93B1-4B23B9F9BA91}: NameServer = 69.50.176.198,195.225.176.153
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe (file missing)
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SymWMI Service (SymWSC) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe (file missing)

--
End of file - 7202 bytes

[rridgely]

Download this:
http://djlizard.net/...-v0.60.0.24.zip

Unzip the file and open up dial a fix.exe

Once dial a fix is open press the green checkmarks and press go. Let me know if that fixes some of the problems your having with your taskbar and stuff.

[labtop]

hi, the problem remains.