Jump to content


Photo

winantispyware/pop-ups/redirect


  • This topic is locked This topic is locked
22 replies to this topic

#1 raphael212

raphael212

    Member

  • Full Member
  • Pip
  • 12 posts

Posted 20 April 2007 - 06:39 PM

Hello,
Raphael here, thanks a lot for reading my problems. When surffing websites there's a "Winantispyware/Winantivirus" pop-up ad. Seems to redirect pages like norton and mcafee. Blocks me from running antivirus programs and hijackthis. Spybot runs okay but the problem is still there after rebooting my PC. I read thru the FAQ section and some other threads where people had a simular problem but still could not fix. Below is my hijackthis log (Had to run Vundofix to launch hijackthis).

Logfile of HijackThis v1.99.1
Scan saved at 04:10:10, on 2007/4/20
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\conime.exe
C:\Program Files\HijackThis\hijackthis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {3F9D0C61-737D-44D1-BD80-91AF857061CC} - C:\WINDOWS\System32\awtuuut.dll (file missing)
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {C6815F0A-076B-4C22-A080-42DA82E740DC} - C:\WINDOWS\System32\ddcyx.dll (file missing)
O3 - Toolbar: ???(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [FinePrint Dispatcher v5] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.sxload.net (HKLM)
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.t...ivex/hcImpl.cab
O16 - DPF: {6A9B2484-3BE4-4FB2-ACF0-CC20B3B9F665} - https://www.my.sony....oad/install.cab
O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://www.winantivi...id=pp_264326082
O16 - DPF: {E0BE586C-7C66-4909-94D6-D18BBBDD6373} (?幺?????????冦) - http://www.filebank....up/win/fbx2.cab
O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - mk:@MSITStore:C:\DOCUME~1\Duke\LOCALS~1\Temp\winfix.chm::/SystemDoctor2006FreeInstall.cab
O20 - Winlogon Notify: atubhrlclbyl - C:\WINDOWS\system32\atubhrlclbyl.dll
O20 - Winlogon Notify: awtuuut - awtuuut.dll (file missing)
O20 - Winlogon Notify: clqgzgenzxpp - C:\WINDOWS\system32\clqgzgenzxpp.dll
O20 - Winlogon Notify: ddcyx - C:\WINDOWS\System32\ddcyx.dll (file missing)
O20 - Winlogon Notify: partnershipreg - C:\Documents and Settings\All Users\Documents\Settings\partnership.dll
O21 - SSODL: DCOM Server 20509 - {2C1CD3D7-86AC-4068-93BC-A02304B20509} - C:\WINDOWS\System32\zkmf.dll
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

#2 raphael212

raphael212

    Member

  • Full Member
  • Pip
  • 12 posts

Posted 21 April 2007 - 04:41 AM

Sorry to bug again, after reading thru a few other threads I tried VundoFix.exe (Atribune.org) and combofix. Worked out pretty well, most of the issues are solved. The only problem left so far is that my browser freezes when logging on to some forums(phpbb based). Anyways, here's my new HJT log. Great jobs you guys are doing for people. Thanks again!

Logfile of HijackThis v1.99.1
Scan saved at 02:33:46 AM, on 2007/4/21
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\PlayOnline\SQUARE\PlayOnlineViewer\pol.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\hjt\hijackthis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {C6815F0A-076B-4C22-A080-42DA82E740DC} - (no file)
O3 - Toolbar: ???(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [FinePrint Dispatcher v5] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.sxload.net (HKLM)
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.t...ivex/hcImpl.cab
O16 - DPF: {6A9B2484-3BE4-4FB2-ACF0-CC20B3B9F665} -
O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} -
O16 - DPF: {E0BE586C-7C66-4909-94D6-D18BBBDD6373} (?幺?????????冦) -
O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} -
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: atubhrlclbyl - C:\WINDOWS\
O20 - Winlogon Notify: awtuuut - C:\WINDOWS\
O20 - Winlogon Notify: clqgzgenzxpp - C:\WINDOWS\
O20 - Winlogon Notify: ddcyx - C:\WINDOWS\
O20 - Winlogon Notify: partnershipreg - C:\WINDOWS\
O21 - SSODL: DCOM Server 20509 - {2C1CD3D7-86AC-4068-93BC-A02304B20509} - (no file)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

#3 SWI Support Robot

SWI Support Robot

    Helper robot

  • SWI Bot
  • PipPipPipPipPip
  • 23,523 posts

Posted 23 April 2007 - 06:30 AM

Welcome to SWI. We apologize for the delay; our helpers have been very busy.
If you have not received help after 3 days, please CLICK HERE, and post a link to your log and the date it was originally posted.

Thank you for your patience.

[this is an automated reply]
This is an automated message. It does not count as help.

#4 teacup61

teacup61

    RIP

  • Emeritus
  • PipPipPipPipPip
  • 4,064 posts

Posted 23 April 2007 - 08:52 PM

Hello,

Welcome to SWI :)

Sorry for the delay.

Please run ComboFix for me again and post the report, along with a new HijackThis log so we can see what's left to deal with.

Thanks,
tea
My help is free, but if you wish to help keep these forums running please consider a donation, see this topic for details.

Posted Image
Posted Image

#5 raphael212

raphael212

    Member

  • Full Member
  • Pip
  • 12 posts

Posted 27 April 2007 - 08:01 PM

Thanks for the response Teacup,

Here's my combofix log:

"Administrator" - 07-04-27 17:52:35 Service Pack 1
ComboFix 07-04-25.4V - Running from: "C:\Downloads\"


(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Program Files\xloadnet\xloadnet.exe
C:\WINDOWS\updater.exe
C:\Program Files\xloadnet


((((((((((((((((((((((((((((((( Files Created from 2007-03-27 to 2007-04-27 ))))))))))))))))))))))))))))))))))


2007-04-26 18:13 <DIR> d-------- C:\Program Files\ue_toolbar
2007-04-26 18:13 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\ue_toolbar
2007-04-26 18:13 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\IDMComp
2007-04-26 18:11 <DIR> d-------- C:\Program Files\IDM Computer Solutions
2007-04-26 17:58 <DIR> d-------- C:\WINDOWS\LastGood
2007-04-26 17:57 <DIR> d-------- C:\WINDOWS\system32\Viewers
2007-04-26 17:56 <DIR> d-------- C:\WINDOWS\ShellNew
2007-04-26 17:56 <DIR> d-------- C:\Program Files\Snapshot Viewer
2007-04-26 17:54 <DIR> d-------- C:\WINDOWS\Twain32
2007-04-26 17:54 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft Web Folders
2007-04-26 17:39 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\AdobeUM
2007-04-25 01:10 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\vlc
2007-04-24 21:32 <DIR> d-------- C:\Program Files\KXploit Tool
2007-04-23 17:47 1,277 --a------ C:\WINDOWS\mozver.dat
2007-04-21 11:10 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Real
2007-04-21 02:30 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Talkback
2007-04-21 01:15 0 --a------ C:\WINDOWS\nsreg.dat
2007-04-21 01:08 <DIR> d-------- C:\Program Files\Common Files\Skype
2007-04-21 01:08 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype
2007-04-20 23:22 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Skype
2007-04-20 21:49 98,752 -ra------ C:\WINDOWS\system32\drivers\aeaudio.sys
2007-04-20 21:49 720,896 -ra------ C:\WINDOWS\system32\a3d.dll
2007-04-20 21:49 57,856 --a------ C:\WINDOWS\system32\drivers\drmk.sys
2007-04-20 21:49 549,672 -ra------ C:\WINDOWS\system32\drivers\smwdm.sys
2007-04-20 21:49 3,744 -ra------ C:\WINDOWS\system32\drivers\smsens.sys
2007-04-20 21:49 134,272 --a------ C:\WINDOWS\system32\drivers\portcls.sys
2007-04-20 20:53 <DIR> d-------- C:\VundoFix Backups
2007-04-20 17:47 <DIR> d-------- C:\WINDOWS\pss
2007-04-20 14:36 <DIR> d-------- C:\Program Files\hjt
2007-04-20 13:55 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-04-20 13:52 <DIR> d-------- C:\Program Files\Enigma Software Group
2007-04-20 05:48 <DIR> d---s---- C:\DOCUME~1\ADMINI~1\UserData
2007-04-20 05:48 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Google
2007-04-19 14:52 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\360safe
2007-04-19 14:46 <DIR> dr------- C:\DOCUME~1\ADMINI~1\「開始」功能表
2007-04-19 14:46 <DIR> d-------- C:\Program Files\Ultimate Fixer
2007-04-19 14:46 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\360Safe
2007-04-19 14:46 <DIR> d-------- C:\DOCUME~1\ADMINI~1\?面
2007-04-19 14:43 1,835,008 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT
2007-04-19 13:59 60,928 --------- C:\WINDOWS\system32\ouzdgf.dll
2007-04-19 13:59 <DIR> d-------- C:\WINDOWS\system32\Fοnts
2007-04-17 17:55 262,144 --a------ C:\WINDOWS\system32\lout.exe
2007-04-17 17:55 <DIR> d-------- C:\WINDOWS\system32\cqsqhwpk
2007-04-17 16:15 <DIR> d-------- C:\DOCUME~1\Duke\APPLIC~1\360Safe
2007-04-17 16:04 <DIR> d-------- C:\DOCUME~1\Duke\.housecall6.6
2007-04-17 15:30 15,360 --a------ C:\WINDOWS\system32\update72513345.exe
2007-04-17 15:15 8,704 --a------ C:\WINDOWS\system32\sporder.dll
2007-04-17 15:15 65,024 --a------ C:\WINDOWS\system32\update67845632.exe
2007-04-17 14:45 39,225 --a------ C:\WINDOWS\system32\update58336742.exe
2007-04-17 14:45 14,336 --a------ C:\WINDOWS\system32\update00178364.exe
2007-04-17 14:45 107,012 --a------ C:\WINDOWS\system32\update69665071.exe
2007-04-17 14:44 91,136 --a------ C:\DOCUME~1\Duke\ie_updater.exe
2007-04-17 14:44 11,776 --a------ C:\WINDOWS\system32\update04080293.exe


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-04-26 22:18 -------- d-------- C:\Program Files\bitcomet
2007-04-26 17:54 -------- d-------- C:\Program Files\microsoft frontpage
2007-04-26 14:12 2560 --a------ C:\WINDOWS\system32\bitcometres.dll
2007-04-21 01:08 -------- d-------- C:\Program Files\skype
2007-04-20 21:45 -------- d--h----- C:\Program Files\installshield installation information
2007-04-19 14:13 -------- d-------- C:\Program Files\google
2007-04-17 16:14 -------- d-------- C:\Program Files\flashget
2007-04-17 15:56 7296 --a------ C:\WINDOWS\system32\drivers\ip6fw.sys
2007-04-09 13:33 69752 --a------ C:\WINDOWS\system32\prfc0404.dat
2007-04-09 13:33 230796 --a------ C:\WINDOWS\system32\prfh0404.dat
2007-03-17 15:21 -------- d-------- C:\Program Files\bblack
2007-03-15 12:23 497496 --a------ C:\WINDOWS\system32\xceedzip.dll
2007-03-15 12:19 526184 --a------ C:\WINDOWS\system32\xceedcry.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} C:\Program Files\BitComet\tools\BitCometBHO_1.1.3.28.dll
{53707962-6F74-2D53-2644-206D7942484F} C:\PROGRA~1\SPYBOT~1\SDHelper.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
{A5366673-E8CA-11D3-9CD9-0090271D075B} C:\PROGRA~1\FlashGet\jccatch.dll
{AA58ED58-01DD-4d91-8333-CF10577473F7} c:\program files\google\googletoolbar1.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"IMJPMIG8.1"="C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32"
"PHIME2002ASync"="C:\\WINDOWS\\System32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC"
"PHIME2002A"="C:\\WINDOWS\\System32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"MessengerPlus3"="\"C:\\Program Files\\Messenger Plus! 3\\MsgPlus.exe\""
"FinePrint Dispatcher v5"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\fpdisp5a.exe"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"LVCOMSX"="C:\\WINDOWS\\System32\\LVCOMSX.EXE"
"LogitechVideoRepair"="C:\\Program Files\\Logitech\\Video\\ISStart.exe"
"LogitechVideoTray"="C:\\Program Files\\Logitech\\Video\\LogiTray.exe"
"LogitechGalleryRepair"="C:\\Program Files\\Logitech\\Video\\ISStart.exe"
"SSC_UserPrompt"="C:\\Program Files\\Common Files\\Symantec Shared\\Security Center\\UsrPrmpt.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"Smapp"="C:\\Program Files\\Analog Devices\\SoundMAX\\Smtray.exe"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_01\\bin\\jusched.exe\""
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"-1739182391.exe"="rem C:\\WINDOWS\\System32\\-1739182391.exe"
"RunOnce2Upd"="rem \"C:\\Documents and Settings\\Duke\\ie_updater.exe\""
"xloadnet"="rem \"C:\\Program Files\\xloadnet\\xloadnet.exe\""
"runner1"="rem C:\\WINDOWS\\updater.exe 61A847B5BBF72810329B385473F001F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310"
"LiveNote"="rem livenote.exe"
"spoolsvv"="rem C:\\WINDOWS\\System32\\spoolsvv.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\System32\\ctfmon.exe"
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"
"SpybotSD TeaTimer"="C:\\Program Files\\Spybot - Search & Destroy\\TeaTimer.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{2188CEDE-B239-484C-8EA6-B84DC1001001}"="atubhrlclbyl"
"{CEDE2188-484C-B239-A68E-DC1B84001001}"="clqgzgenzxpp"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"DCOM Server 20509"="{2C1CD3D7-86AC-4068-93BC-A02304B20509}"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\atubhrlclbyl
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awtuuut
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\clqgzgenzxpp
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddcyx
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\partnershipreg

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0


[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0



Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Symantec NetDetect.job

********************************************************************

catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-04-27 17:54:33
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


********************************************************************

Completion time: 07-04-27 17:54:37
C:\ComboFix-quarantined-files.txt ... 07-04-27 17:54



And HJT Log

Logfile of HijackThis v1.99.1
Scan saved at 06:00:34 PM, on 2007/4/27
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\PlayOnline\SQUARE\PlayOnlineViewer\pol.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\BitComet\BitComet.exe
C:\WINDOWS\System32\conime.exe
C:\Program Files\hjt\hijackthis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.3.28.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {C6815F0A-076B-4C22-A080-42DA82E740DC} - (no file)
O3 - Toolbar: ???(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [FinePrint Dispatcher v5] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O8 - Extra context menu item: &使用BitComet下載本頁視頻 - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: 使用BitComet下載全部鏈接 - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: 使用BitComet下載鏈接(&B) - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java 主控台 - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.t...ivex/hcImpl.cab
O16 - DPF: {6A9B2484-3BE4-4FB2-ACF0-CC20B3B9F665} -
O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} -
O16 - DPF: {E0BE586C-7C66-4909-94D6-D18BBBDD6373} (?幺?????????冦) -
O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} -
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: atubhrlclbyl - C:\WINDOWS\
O20 - Winlogon Notify: awtuuut - C:\WINDOWS\
O20 - Winlogon Notify: clqgzgenzxpp - C:\WINDOWS\
O20 - Winlogon Notify: ddcyx - C:\WINDOWS\
O20 - Winlogon Notify: partnershipreg - C:\WINDOWS\
O21 - SSODL: DCOM Server 20509 - {2C1CD3D7-86AC-4068-93BC-A02304B20509} - (no file)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe


Thanks again!

#6 teacup61

teacup61

    RIP

  • Emeritus
  • PipPipPipPipPip
  • 4,064 posts

Posted 28 April 2007 - 01:17 AM

Hello,

You still have some pretty nasty stuff here. :( Your system has been compromised. If you don't reformat and reinstall, which is your safest and surest course, then it is extremely important to change your passwords and such after it's clean. Your passwords are all known. Don't do it now, or they'll just get stolen again. Keep an eye on any sensitive accounts you might have for nefarious activity.

Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.
  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).
  • Finally paste the contents of the Report.txt back on the forum with a new HijackThis log

Thanks,
tea
My help is free, but if you wish to help keep these forums running please consider a donation, see this topic for details.

Posted Image
Posted Image

#7 raphael212

raphael212

    Member

  • Full Member
  • Pip
  • 12 posts

Posted 30 April 2007 - 02:00 AM

Dear Tea,

Did as you said. Here's the SDFix report:


SDFix: Version 1.81

Run by Administrator - 2007/04/29 Sunday - 23:51:51.87

Microsoft Windows XP [Version 5.1.2600]
Service Pack 1

Running From: C:\SDFix\SDFix

Safe Mode:
Checking Services:






Restoring Windows Registry Values
Restoring Windows Default Hosts File


Rebooting...

Normal Mode:
Checking Files:

Below files will be copied to Backups folder then removed:

C:\WINDOWS\system32\update58336742.exe - Deleted
C:\Documents and Settings\Duke\ie_updater.exe - Deleted
C:\WINDOWS\odbc.INI - Deleted



Removing Temp Files

ADS Check:

Checking if ADS is attached to system32 Folder
C:\WINDOWS\system32
No streams found.

Checking if ADS is attached to svchost.exe
C:\WINDOWS\system32\svchost.exe
No streams found.



Final Check:

Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"


Remaining Files:
---------------

Backups Folder: - C:\SDFix\SDFix\backups\backups.zip

Checking For Files with Hidden Attributes:

C:\Documents and Settings\Duke\Local Settings\Temp\sdexe.exe
C:\Documents and Settings\Duke\Local Settings\Temp\~nsu.tmp\Au_.exe
C:\Documents and Settings\Duke\Local Settings\Temp\~nsu.tmp\Au_.exe
C:\WINDOWS\LastGood.Tmp\INF\oem5.inf
C:\WINDOWS\LastGood.Tmp\INF\oem5.PNF

Finished

And the HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 11:58:29 pm, on 2007/4/29
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\conime.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\hjt\hijackthis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.3.28.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {C6815F0A-076B-4C22-A080-42DA82E740DC} - (no file)
O3 - Toolbar: ???(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [FinePrint Dispatcher v5] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O8 - Extra context menu item: &使用BitComet下載本頁視頻 - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: 使用BitComet下載全部鏈接 - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: 使用BitComet下載鏈接(&B) - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java 主控台 - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.t...ivex/hcImpl.cab
O16 - DPF: {6A9B2484-3BE4-4FB2-ACF0-CC20B3B9F665} -
O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} -
O16 - DPF: {E0BE586C-7C66-4909-94D6-D18BBBDD6373} (?幺?????????冦) -
O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} -
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: atubhrlclbyl - C:\WINDOWS\
O20 - Winlogon Notify: awtuuut - C:\WINDOWS\
O20 - Winlogon Notify: clqgzgenzxpp - C:\WINDOWS\
O20 - Winlogon Notify: ddcyx - C:\WINDOWS\
O20 - Winlogon Notify: partnershipreg - C:\WINDOWS\
O21 - SSODL: DCOM Server 20509 - {2C1CD3D7-86AC-4068-93BC-A02304B20509} - (no file)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

Thanks a lot^^

Raphael

#8 teacup61

teacup61

    RIP

  • Emeritus
  • PipPipPipPipPip
  • 4,064 posts

Posted 01 May 2007 - 11:58 AM

Hello,

I notice that you do not seem to be running Antivirus software. This is somewhat suicidal in today's digital world. That's why I want you to install one!!

AVG, Avira OR Avast are good FREE antivirus. Run a full system scan with the one you chose to install, then post a new HijackThis log and let me know how your computer is running now, please. :)

Thanks,
tea
My help is free, but if you wish to help keep these forums running please consider a donation, see this topic for details.

Posted Image
Posted Image

#9 raphael212

raphael212

    Member

  • Full Member
  • Pip
  • 12 posts

Posted 01 May 2007 - 09:25 PM

Hello,

Downloaded AVG as you suggested, got tons of viruses deleted. Here's my new hjt log:

Logfile of HijackThis v1.99.1
Scan saved at 07:19:00PM, on 2007/5/1
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\conime.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\BitComet\BitComet.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\hjt\hijackthis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.3.28.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {C6815F0A-076B-4C22-A080-42DA82E740DC} - (no file)
O3 - Toolbar: ???(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [FinePrint Dispatcher v5] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O8 - Extra context menu item: &使用BitComet下載本頁視頻 - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: 使用BitComet下載全部鏈接 - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: 使用BitComet下載鏈接(&B) - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java 主控台 - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.t...ivex/hcImpl.cab
O16 - DPF: {6A9B2484-3BE4-4FB2-ACF0-CC20B3B9F665} -
O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} -
O16 - DPF: {E0BE586C-7C66-4909-94D6-D18BBBDD6373} (?幺?????????冦) -
O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} -
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: atubhrlclbyl - C:\WINDOWS\
O20 - Winlogon Notify: awtuuut - C:\WINDOWS\
O20 - Winlogon Notify: clqgzgenzxpp - C:\WINDOWS\
O20 - Winlogon Notify: ddcyx - C:\WINDOWS\
O20 - Winlogon Notify: partnershipreg - C:\WINDOWS\
O21 - SSODL: DCOM Server 20509 - {2C1CD3D7-86AC-4068-93BC-A02304B20509} - (no file)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe


I also switched to Mozilla Firefox, which works great. I think my system is running much faster than before.

Thanks a bunch^^

Raphael

#10 teacup61

teacup61

    RIP

  • Emeritus
  • PipPipPipPipPip
  • 4,064 posts

Posted 01 May 2007 - 10:27 PM

Hello,

All very good to hear! :) Still some to do though..............

I notice that you have Spybot's TeaTimer running. While this is normally a wonderful tool to protect against hijackers, it can also interfere with HijackThis! fixes. So please disable TeaTimer by doing the following:
1) Run Spybot-S&D
2) Go to the Mode menu, and make sure "Advanced Mode" is selected
3) On the left hand side, choose Tools -> Resident
4) Uncheck "Resident TeaTimer" and OK any prompts

You can reenable TeaTimer once your system is clean.

Please download, install, and update AVG Anti-Spyware (formerly Ewido)
  • Load AVG Anti-Spyware and then click the Update tab at the top. Under Manual Update click Start update.
  • After the update finishes (the status bar at the bottom will display "Update successful")
  • Click the settings tab, then click "apply all actions" and choose clean (quarantine)
  • Close AVG. Do not run it yet.
Please reboot your computer into Safe Mode. To boot into Safe Mode, please restart your computer. Tap F8 before Windows loads. Select Safe Mode on the screen that appears.

Please run HijackThis! and click "Scan." Place checks next to the following entries, if present:

O2 - BHO: (no name) - {C6815F0A-076B-4C22-A080-42DA82E740DC} - (no file)
O16 - DPF: {6A9B2484-3BE4-4FB2-ACF0-CC20B3B9F665} -
O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} -
O16 - DPF: {E0BE586C-7C66-4909-94D6-D18BBBDD6373} (???confused.gifconfused.gif???) -
O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} -
O20 - Winlogon Notify: atubhrlclbyl - C:\WINDOWS\
O20 - Winlogon Notify: awtuuut - C:\WINDOWS\
O20 - Winlogon Notify: clqgzgenzxpp - C:\WINDOWS\
O20 - Winlogon Notify: ddcyx - C:\WINDOWS\
O20 - Winlogon Notify: partnershipreg - C:\WINDOWS\
O21 - SSODL: DCOM Server 20509 - {2C1CD3D7-86AC-4068-93BC-A02304B20509} - (no file)


Close all browsers and other windows except for HijackThis!, and click "Fix checked".
  • In Safe Mode, load AVG Anti-Spyware and click on the Scanner tab at the top and then click on Complete System Scan. This scan can take quite a while to run, so be prepared.
  • AVG Anti-Spyware will list any infections found on the left hand side. When the scan has finished, it will automatically set the recommended action. Click the Apply all actions button. AVG Anti-Spyware will display "All actions have been applied" on the right hand side.
  • Click on "Save Report", then "Save Report As". This will create a text file. Make sure you know where to find this file again (like on the Desktop).
  • Restart back into Normal Mode.
In your reply, please post the report from AVG and a new HijackThis log. Please also let me know how your computer is running. :)

Thanks,
tea
My help is free, but if you wish to help keep these forums running please consider a donation, see this topic for details.

Posted Image
Posted Image

#11 raphael212

raphael212

    Member

  • Full Member
  • Pip
  • 12 posts

Posted 03 May 2007 - 07:25 PM

Hello,

Sorry took so long to finish instructions, I could not find some options in AVG antispyware (I got v7.5).
So I manually picked Delete and apply to all when it finished scanning. Anyway, here are my log files:

hjt log:

Logfile of HijackThis v1.99.1
Scan saved at 05:20:06PM, on 2007/5/3
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\hjt\hijackthis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.3.28.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: ???(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [FinePrint Dispatcher v5] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O8 - Extra context menu item: &使用BitComet下載本頁視頻 - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: 使用BitComet下載全部鏈接 - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: 使用BitComet下載鏈接(&B) - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java 主控台 - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.t...ivex/hcImpl.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

and the AVG antispyware report:

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 05:17:16pm 2007/5/3

+ Scan result:



C:\WINDOWS\system32\ouzdgf.dll -> Adware.PurityScan : Cleaned.
C:\WINDOWS\system32\cqsqhwpk\cqsqhwpk1.exe -> Adware.UltimateDefender : Cleaned.
C:\WINDOWS\system32\cqsqhwpk\cqsqhwpk2.exe -> Adware.UltimateDefender : Cleaned.
C:\WINDOWS\system32\cqsqhwpk\cqsqhwpk3.exe -> Adware.UltimateDefender : Cleaned.
C:\Program Files\hjt\backups\backup-20070420-145515-975.dll -> Adware.Virtumonde : Cleaned.
C:\Program Files\hjt\backups\backup-20070420-151537-691.dll -> Adware.Virtumonde : Cleaned.
C:\WINDOWS\system32\update72513345.exe -> Downloader.Delf.bgy : Cleaned.
C:\Program Files\Messenger Plus! 3\Setup.dat/sponsor.exe -> Downloader.Swizzor.ag : Cleaned.
D:\Tools\Msn\MsgPlus-301.exe/sponsor.exe -> Downloader.Swizzor.ag : Cleaned.
C:\Documents and Settings\Duke\Local Settings\Temp\Install-Errorprotector-Free.exe -> Not-A-Virus.Downloader.Win32.WinFixer.l : Cleaned.
C:\WINDOWS\Downloaded Program Files\UWA7P_0001_N91M0809NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned.
:mozilla.156:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1hzp8odt.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.208:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1hzp8odt.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.278:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1hzp8odt.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Duke\Cookies\duke@networksolutions.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Duke\Cookies\duke@www.abcsearch[1].txt -> TrackingCookie.Abcsearch : Cleaned.
:mozilla.100:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1hzp8odt.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.99:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1hzp8odt.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Duke\Cookies\duke@adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.44:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1hzp8odt.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.45:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1hzp8odt.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.46:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1hzp8odt.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.47:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1hzp8odt.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.48:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1hzp8odt.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
C:\Documents and Settings\Duke\Cookies\duke@adrevolver[3].txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.200:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1hzp8odt.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.201:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1hzp8odt.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.202:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1hzp8odt.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\Duke\Cookies\duke@advertising[1].txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.43:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1hzp8odt.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Duke\Cookies\duke@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.369:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1hzp8odt.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.370:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1hzp8odt.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.13:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1hzp8odt.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.14:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1hzp8odt.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.15:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1hzp8odt.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.16:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1hzp8odt.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.95:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1hzp8odt.default\cookies.txt -> TrackingCookie.Clickhype : Cleaned.
C:\Documents and Settings\Duke\Cookies\duke@ad1.clickhype[1].txt -> TrackingCookie.Clickhype : Cleaned.
:mozilla.77:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1hzp8odt.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.339:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1hzp8odt.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.340:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1hzp8odt.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.341:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1hzp8odt.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.342:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1hzp8odt.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned.
C:\Documents and Settings\Duke\Cookies\duke@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.363:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1hzp8odt.default\cookies.txt -> TrackingCookie.Custom-click : Cleaned.
:mozilla.78:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1hzp8odt.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Duke\Cookies\duke@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Duke\Cookies\duke@enhance[2].txt -> TrackingCookie.Enhance : Cleaned.
C:\Documents and Settings\Duke\Cookies\duke@as-eu.falkag[2].txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.335:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1hzp8odt.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\Duke\Cookies\duke@goclick[2].txt -> TrackingCookie.Goclick : Cleaned.
:mozilla.324:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1hzp8odt.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.330:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1hzp8odt.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.325:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1hzp8odt.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.326:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1hzp8odt.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.327:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1hzp8odt.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
C:\Documents and Settings\Duke\Cookies\duke@server.iad.liveperson[1].txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.132:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1hzp8odt.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\Duke\Cookies\duke@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\Duke\Cookies\duke@ie.search.msn[1].txt -> TrackingCookie.Msn : Cleaned.
:mozilla.9:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1hzp8odt.default\cookies.txt -> TrackingCookie.Netflame : Cleaned.
:mozilla.312:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1hzp8odt.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.313:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1hzp8odt.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.110:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1hzp8odt.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@overture[1].txt -> TrackingCookie.Overture : Cleaned.
:mozilla.41:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1hzp8odt.default\cookies.txt -> TrackingCookie.Paypal : Cleaned.
:mozilla.436:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1hzp8odt.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.437:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1hzp8odt.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.438:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1hzp8odt.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.439:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1hzp8odt.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.440:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1hzp8odt.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.441:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1hzp8odt.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.199:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1hzp8odt.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
C:\Documents and Settings\Duke\Cookies\duke@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Cleaned.
C:\Documents and Settings\Duke\Cookies\duke@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.334:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1hzp8odt.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.60:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1hzp8odt.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.61:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1hzp8odt.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.62:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1hzp8odt.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.63:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1hzp8odt.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.64:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1hzp8odt.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.217:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1hzp8odt.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.218:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1hzp8odt.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.408:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1hzp8odt.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.409:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1hzp8odt.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@skype[1].txt -> TrackingCookie.Skype : Cleaned.
:mozilla.288:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1hzp8odt.default\cookies.txt -> TrackingCookie.Spylog : Cleaned.
:mozilla.211:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1hzp8odt.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.212:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1hzp8odt.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.167:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1hzp8odt.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.169:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1hzp8odt.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.170:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1hzp8odt.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.171:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1hzp8odt.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.281:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1hzp8odt.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.282:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1hzp8odt.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.286:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1hzp8odt.default\cookies.txt -> TrackingCookie.Toplist : Cleaned.
:mozilla.102:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1hzp8odt.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.103:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1hzp8odt.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.104:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1hzp8odt.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.105:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1hzp8odt.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.106:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1hzp8odt.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.107:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1hzp8odt.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.108:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1hzp8odt.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.109:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1hzp8odt.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
C:\Documents and Settings\Duke\Cookies\duke@trafficmp[1].txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.216:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1hzp8odt.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.252:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1hzp8odt.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned.
:mozilla.253:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1hzp8odt.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned.
:mozilla.254:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1hzp8odt.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned.
:mozilla.381:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1hzp8odt.default\cookies.txt -> TrackingCookie.Webtrends : Cleaned.
C:\Documents and Settings\Duke\Cookies\duke@m.webtrends[1].txt -> TrackingCookie.Webtrends : Cleaned.
:mozilla.142:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1hzp8odt.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.146:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1hzp8odt.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.18:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1hzp8odt.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.19:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1hzp8odt.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.20:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1hzp8odt.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.21:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1hzp8odt.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.22:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1hzp8odt.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.23:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1hzp8odt.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.24:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1hzp8odt.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.25:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1hzp8odt.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Duke\Cookies\duke@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.333:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1hzp8odt.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
C:\Documents and Settings\Duke\Cookies\duke@c5.zedo[2].txt -> TrackingCookie.Zedo : Cleaned.
C:\Documents and Settings\Duke\Cookies\duke@zedo[1].txt -> TrackingCookie.Zedo : Cleaned.
D:\game\PSP\MPHDowngrader\MPHDowngrader.zip/PSP/PHOTO/overflow.tif -> Trojan.PSPBrick : Cleaned.
D:\game\PSP\MPHDowngrader\PSP\PHOTO\overflow.tif -> Trojan.PSPBrick : Cleaned.


::Report end

Thanks a lot for solving all my questions.

Raphael

#12 raphael212

raphael212

    Member

  • Full Member
  • Pip
  • 12 posts

Posted 03 May 2007 - 07:30 PM

I forgot to mention, my computer is doing well now. The network speed went up so much that it was noticable.
The startup speed of my computer seemed to slow down a bit compared to before procedures this time. Also, I found out that I lost access to shared files from my other PC on my network places (Although I could access them if I put down the who \\123\123 path).

#13 teacup61

teacup61

    RIP

  • Emeritus
  • PipPipPipPipPip
  • 4,064 posts

Posted 03 May 2007 - 10:46 PM

Hello,

Very glad it's so much better. :)

Let's clean everything out with this cool little program. I use it regularly and it beats doing it manually. ;)

Please download ATF Cleaner by Atribune.Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

Now please run ComboFix again and post it's report in your reply.

Thanks,
tea
My help is free, but if you wish to help keep these forums running please consider a donation, see this topic for details.

Posted Image
Posted Image

#14 raphael212

raphael212

    Member

  • Full Member
  • Pip
  • 12 posts

Posted 04 May 2007 - 03:27 AM

Hello,

Done and done.
Combo fix log:


"Administrator" - 07-05-04 1:23:56 Service Pack 1
ComboFix 07-04-25.4V - Running from: "D:\Tools\"


((((((((((((((((((((((((((((((( Files Created from 2007-04-04 to 2007-05-04 ))))))))))))))))))))))))))))))))))


2007-05-03 13:33 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-04-27 17:54 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-04-26 18:13 <DIR> d-------- C:\Program Files\ue_toolbar
2007-04-26 18:13 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\ue_toolbar
2007-04-26 18:13 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\IDMComp
2007-04-26 18:11 <DIR> d-------- C:\Program Files\IDM Computer Solutions
2007-04-26 17:57 <DIR> d-------- C:\WINDOWS\system32\Viewers
2007-04-26 17:56 <DIR> d-------- C:\WINDOWS\ShellNew
2007-04-26 17:56 <DIR> d-------- C:\Program Files\Snapshot Viewer
2007-04-26 17:54 <DIR> d-------- C:\WINDOWS\Twain32
2007-04-26 17:54 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft Web Folders
2007-04-26 17:39 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\AdobeUM
2007-04-25 01:10 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\vlc
2007-04-24 21:32 <DIR> d-------- C:\Program Files\KXploit Tool
2007-04-23 17:47 1,277 --a------ C:\WINDOWS\mozver.dat
2007-04-21 11:10 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Real
2007-04-21 02:30 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Talkback
2007-04-21 01:15 0 --a------ C:\WINDOWS\nsreg.dat
2007-04-21 01:08 <DIR> d-------- C:\Program Files\Common Files\Skype
2007-04-21 01:08 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype
2007-04-20 23:22 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Skype
2007-04-20 21:49 98,752 -ra------ C:\WINDOWS\system32\drivers\aeaudio.sys
2007-04-20 21:49 720,896 -ra------ C:\WINDOWS\system32\a3d.dll
2007-04-20 21:49 57,856 --a------ C:\WINDOWS\system32\drivers\drmk.sys
2007-04-20 21:49 549,672 -ra------ C:\WINDOWS\system32\drivers\smwdm.sys
2007-04-20 21:49 3,744 -ra------ C:\WINDOWS\system32\drivers\smsens.sys
2007-04-20 21:49 134,272 --a------ C:\WINDOWS\system32\drivers\portcls.sys
2007-04-20 20:53 <DIR> d-------- C:\VundoFix Backups
2007-04-20 17:47 <DIR> d-------- C:\WINDOWS\pss
2007-04-20 14:36 <DIR> d-------- C:\Program Files\hjt
2007-04-20 13:55 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-04-20 13:52 <DIR> d-------- C:\Program Files\Enigma Software Group
2007-04-20 05:48 <DIR> d---s---- C:\DOCUME~1\ADMINI~1\UserData
2007-04-20 05:48 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Google
2007-04-19 14:52 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\360safe
2007-04-19 14:46 <DIR> dr------- C:\DOCUME~1\ADMINI~1\「開始」功能表
2007-04-19 14:46 <DIR> d-------- C:\Program Files\Ultimate Fixer
2007-04-19 14:46 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\360Safe
2007-04-19 14:46 <DIR> d-------- C:\DOCUME~1\ADMINI~1\?面
2007-04-19 14:43 2,097,152 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT
2007-04-19 13:59 <DIR> d-------- C:\WINDOWS\system32\Fοnts
2007-04-17 17:55 262,144 --a------ C:\WINDOWS\system32\lout.exe
2007-04-17 17:55 <DIR> d-------- C:\WINDOWS\system32\cqsqhwpk
2007-04-17 16:15 <DIR> d-------- C:\DOCUME~1\Duke\APPLIC~1\360Safe
2007-04-17 16:04 <DIR> d-------- C:\DOCUME~1\Duke\.housecall6.6
2007-04-17 15:15 8,704 --a------ C:\WINDOWS\system32\sporder.dll
2007-04-17 14:45 107,012 --a------ C:\WINDOWS\system32\update69665071.exe


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-05-03 17:16 -------- d-------- C:\Program Files\messenger plus! 3
2007-04-26 22:18 -------- d-------- C:\Program Files\bitcomet
2007-04-26 17:54 -------- d-------- C:\Program Files\microsoft frontpage
2007-04-26 14:12 2560 --a------ C:\WINDOWS\system32\bitcometres.dll
2007-04-21 01:08 -------- d-------- C:\Program Files\skype
2007-04-20 21:45 -------- d--h----- C:\Program Files\installshield installation information
2007-04-19 14:13 -------- d-------- C:\Program Files\google
2007-04-17 16:14 -------- d-------- C:\Program Files\flashget
2007-04-09 13:33 69752 --a------ C:\WINDOWS\system32\prfc0404.dat
2007-04-09 13:33 230796 --a------ C:\WINDOWS\system32\prfh0404.dat
2007-03-17 15:21 -------- d-------- C:\Program Files\bblack
2007-03-15 12:23 497496 --a------ C:\WINDOWS\system32\xceedzip.dll
2007-03-15 12:19 526184 --a------ C:\WINDOWS\system32\xceedcry.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} C:\Program Files\BitComet\tools\BitCometBHO_1.1.3.28.dll
{53707962-6F74-2D53-2644-206D7942484F} C:\PROGRA~1\SPYBOT~1\SDHelper.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
{A5366673-E8CA-11D3-9CD9-0090271D075B} C:\PROGRA~1\FlashGet\jccatch.dll
{AA58ED58-01DD-4d91-8333-CF10577473F7} c:\program files\google\googletoolbar1.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"IMJPMIG8.1"="C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32"
"PHIME2002ASync"="C:\\WINDOWS\\System32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC"
"PHIME2002A"="C:\\WINDOWS\\System32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"MessengerPlus3"="\"C:\\Program Files\\Messenger Plus! 3\\MsgPlus.exe\""
"FinePrint Dispatcher v5"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\fpdisp5a.exe"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"LVCOMSX"="C:\\WINDOWS\\System32\\LVCOMSX.EXE"
"LogitechVideoRepair"="C:\\Program Files\\Logitech\\Video\\ISStart.exe"
"LogitechVideoTray"="C:\\Program Files\\Logitech\\Video\\LogiTray.exe"
"LogitechGalleryRepair"="C:\\Program Files\\Logitech\\Video\\ISStart.exe"
"SSC_UserPrompt"="C:\\Program Files\\Common Files\\Symantec Shared\\Security Center\\UsrPrmpt.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"Smapp"="C:\\Program Files\\Analog Devices\\SoundMAX\\Smtray.exe"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_01\\bin\\jusched.exe\""
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgcc.exe /STARTUP"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
"-1739182391.exe"="rem C:\\WINDOWS\\System32\\-1739182391.exe"
"RunOnce2Upd"="rem \"C:\\Documents and Settings\\Duke\\ie_updater.exe\""
"xloadnet"="rem \"C:\\Program Files\\xloadnet\\xloadnet.exe\""
"runner1"="rem C:\\WINDOWS\\updater.exe 61A847B5BBF72810329B385473F001F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310"
"LiveNote"="rem livenote.exe"
"spoolsvv"="rem C:\\WINDOWS\\System32\\spoolsvv.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\System32\\ctfmon.exe"
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{2188CEDE-B239-484C-8EA6-B84DC1001001}"="atubhrlclbyl"
"{CEDE2188-484C-B239-A68E-DC1B84001001}"="clqgzgenzxpp"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0


[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0



Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Symantec NetDetect.job

********************************************************************

catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-05-04 01:25:40
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


********************************************************************

Completion time: 07-05-04 1:25:44
C:\ComboFix-quarantined-files.txt ... 07-05-04 01:25
C:\ComboFix2.txt ... 07-04-27 17:54


Thanks for the all great help and effort! Computer is running awesome now.

Raphael

#15 teacup61

teacup61

    RIP

  • Emeritus
  • PipPipPipPipPip
  • 4,064 posts

Posted 05 May 2007 - 12:53 AM

Hello,

Please download SmitfraudFix (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

Thanks,
tea
My help is free, but if you wish to help keep these forums running please consider a donation, see this topic for details.

Posted Image
Posted Image

#16 raphael212

raphael212

    Member

  • Full Member
  • Pip
  • 12 posts

Posted 05 May 2007 - 04:32 PM

Hello,

Finished downloading the program, and here are the results:

SmitFraudFix v2.175

Scan done at 14:29:17.64, 2007/05/05 星期六
Run from C:\Documents and Settings\Administrator\?面\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

ササササササササササササササササササササササササ Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\conime.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\cmd.exe

ササササササササササササササササササササササササ hosts


ササササササササササササササササササササササササ C:\


ササササササササササササササササササササササササ C:\WINDOWS


ササササササササササササササササササササササササ C:\WINDOWS\system


ササササササササササササササササササササササササ C:\WINDOWS\Web


ササササササササササササササササササササササササ C:\WINDOWS\system32


ササササササササササササササササササササササササ C:\Documents and Settings\Administrator


ササササササササササササササササササササササササ C:\Documents and Settings\Administrator\Application Data


ササササササササササササササササササササササササ Start Menu


ササササササササササササササササササササササササ


ササササササササササササササササササササササササ Desktop


ササササササササササササササササササササササササ C:\Program Files


ササササササササササササササササササササササササ Corrupted keys


ササササササササササササササササササササササササ Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="目前的首頁"


ササササササササササササササササササササササササ Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{2188CEDE-B239-484C-8EA6-B84DC1001001}"="atubhrlclbyl"

[HKEY_CLASSES_ROOT\CLSID\{2188CEDE-B239-484C-8EA6-B84DC1001001}\InProcServer32]
@="C:\WINDOWS\system32\atubhrlclbyl.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{2188CEDE-B239-484C-8EA6-B84DC1001001}\InProcServer32]
@="C:\WINDOWS\system32\atubhrlclbyl.dll"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{CEDE2188-484C-B239-A68E-DC1B84001001}"="clqgzgenzxpp"

[HKEY_CLASSES_ROOT\CLSID\{CEDE2188-484C-B239-A68E-DC1B84001001}\InProcServer32]
@="C:\WINDOWS\system32\clqgzgenzxpp.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{CEDE2188-484C-B239-A68E-DC1B84001001}\InProcServer32]
@="C:\WINDOWS\system32\clqgzgenzxpp.dll"



ササササササササササササササササササササササササ AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]


ササササササササササササササササササササササササ Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


ササササササササササササササササササササササササ pe386-msguard-lzx32-huy32



ササササササササササササササササササササササササ DNS

Description: Realtek RTL8139 Family PCI Fast Ethernet NIC - Packet Scheduler Miniport
DNS Server Search Order: 168.95.1.1
DNS Server Search Order: 4.2.2.2
DNS Server Search Order: 68.94.156.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{3B47FF8F-1350-4EF2-8F28-9F974B789CB8}: DhcpNameServer=168.95.1.1 4.2.2.2 68.94.156.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{3B47FF8F-1350-4EF2-8F28-9F974B789CB8}: DhcpNameServer=168.95.1.1 4.2.2.2 68.94.156.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{3B47FF8F-1350-4EF2-8F28-9F974B789CB8}: DhcpNameServer=168.95.1.1 4.2.2.2 68.94.156.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{3B47FF8F-1350-4EF2-8F28-9F974B789CB8}: DhcpNameServer=168.95.1.1 4.2.2.2 68.94.156.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=168.95.1.1 4.2.2.2 68.94.156.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=168.95.1.1 4.2.2.2 68.94.156.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=168.95.1.1 4.2.2.2 68.94.156.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=168.95.1.1 4.2.2.2 68.94.156.1


ササササササササササササササササササササササササ Scanning for wininet.dll infection


ササササササササササササササササササササササササ End


Thanks a lot!!

Raphael

#17 teacup61

teacup61

    RIP

  • Emeritus
  • PipPipPipPipPip
  • 4,064 posts

Posted 05 May 2007 - 05:36 PM

Hello,

You're welcome. :) You said it was running well before, so it ought to run even better after this :

You should print out these instructions, or copy them to a Notepad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

Please reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key;
  • Instead of Windows loading as normal, a menu with options should appear;
  • Select the first option, to run Windows in Safe Mode, then press "Enter".
  • Choose your usual account.
Once in Safe Mode, open the SmitfraudFix folder again and double-click smitfraudfix.cmd
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart anyway into normal Windows. A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply along with a new HijackThis log.
The report can also be found at the root of the system drive, usually at C:\rapport.txt

Thanks,
tea
My help is free, but if you wish to help keep these forums running please consider a donation, see this topic for details.

Posted Image
Posted Image

#18 raphael212

raphael212

    Member

  • Full Member
  • Pip
  • 12 posts

Posted 07 May 2007 - 05:53 PM

Hello,

Runned the program and followed the instructions, here are the logs:

Logfile of HijackThis v1.99.1
Scan saved at 03:47:22pm, on 2007/5/7
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\LVCOMSX.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\PROGRA~1\Grisoft\AVG7\avgw.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\hjt\hijackthis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.3.28.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: ???(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [FinePrint Dispatcher v5] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O8 - Extra context menu item: &使用BitComet下載本頁視頻 - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: 使用BitComet下載全部鏈接 - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: 使用BitComet下載鏈接(&B) - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java 主控台 - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.t...ivex/hcImpl.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

and the other one:

SmitFraudFix v2.175

Scan done at 15:42:59.39, 2007/05/07 星期一
Run from C:\Documents and Settings\Administrator\?面\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

ササササササササササササササササササササササササ SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{2188CEDE-B239-484C-8EA6-B84DC1001001}"="atubhrlclbyl"

[HKEY_CLASSES_ROOT\CLSID\{2188CEDE-B239-484C-8EA6-B84DC1001001}\InProcServer32]
@="C:\WINDOWS\system32\atubhrlclbyl.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{2188CEDE-B239-484C-8EA6-B84DC1001001}\InProcServer32]
@="C:\WINDOWS\system32\atubhrlclbyl.dll"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{CEDE2188-484C-B239-A68E-DC1B84001001}"="clqgzgenzxpp"

[HKEY_CLASSES_ROOT\CLSID\{CEDE2188-484C-B239-A68E-DC1B84001001}\InProcServer32]
@="C:\WINDOWS\system32\clqgzgenzxpp.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{CEDE2188-484C-B239-A68E-DC1B84001001}\InProcServer32]
@="C:\WINDOWS\system32\clqgzgenzxpp.dll"


ササササササササササササササササササササササササ Killing process


ササササササササササササササササササササササササ hosts

127.0.0.1 localhost

ササササササササササササササササササササササササ Generic Renos Fix

GenericRenosFix by S!Ri


ササササササササササササササササササササササササ Deleting infected files


ササササササササササササササササササササササササ DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{3B47FF8F-1350-4EF2-8F28-9F974B789CB8}: DhcpNameServer=168.95.1.1 4.2.2.2 68.94.156.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{3B47FF8F-1350-4EF2-8F28-9F974B789CB8}: DhcpNameServer=168.95.1.1 4.2.2.2 68.94.156.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{3B47FF8F-1350-4EF2-8F28-9F974B789CB8}: DhcpNameServer=168.95.1.1 4.2.2.2 68.94.156.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{3B47FF8F-1350-4EF2-8F28-9F974B789CB8}: DhcpNameServer=168.95.1.1 4.2.2.2 68.94.156.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=168.95.1.1 4.2.2.2 68.94.156.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=168.95.1.1 4.2.2.2 68.94.156.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=168.95.1.1 4.2.2.2 68.94.156.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=168.95.1.1 4.2.2.2 68.94.156.1


ササササササササササササササササササササササササ Deleting Temp Files


ササササササササササササササササササササササササ Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


ササササササササササササササササササササササササ Registry Cleaning

Registry Cleaning done.

ササササササササササササササササササササササササ SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{2188CEDE-B239-484C-8EA6-B84DC1001001}"="atubhrlclbyl"

[HKEY_CLASSES_ROOT\CLSID\{2188CEDE-B239-484C-8EA6-B84DC1001001}\InProcServer32]
@="C:\WINDOWS\system32\atubhrlclbyl.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{2188CEDE-B239-484C-8EA6-B84DC1001001}\InProcServer32]
@="C:\WINDOWS\system32\atubhrlclbyl.dll"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{CEDE2188-484C-B239-A68E-DC1B84001001}"="clqgzgenzxpp"

[HKEY_CLASSES_ROOT\CLSID\{CEDE2188-484C-B239-A68E-DC1B84001001}\InProcServer32]
@="C:\WINDOWS\system32\clqgzgenzxpp.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{CEDE2188-484C-B239-A68E-DC1B84001001}\InProcServer32]
@="C:\WINDOWS\system32\clqgzgenzxpp.dll"



ササササササササササササササササササササササササ End


Thanks a lot,

Raphael

#19 teacup61

teacup61

    RIP

  • Emeritus
  • PipPipPipPipPip
  • 4,064 posts

Posted 08 May 2007 - 11:55 AM

Hello Raphael,

That looks much better! How is it running? Popups gone?

Please download ATF Cleaner by Atribune.Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

Please go Here to run Panda's ActiveScan. (You must use IE for this one). http://www.pandasoft.../activescan.htm
Once you are on the Panda site click the Scan your PC button

A new window will open...click the Check Now button.
Enter your State/Providence
Enter your E-mail address and click send.
Select either Home user or Company.

Click the big Scan Now button

* If it wants to install an ActiveX component allow it
* It will start downloading the files it requires for the scan (Note: It may take a few minutes)

When the download is complete, click on My Computer to start the scan.

When the scan completes, if anything malicious is detected, click the See Report button, then Save report and save it to a convenient location (activescan.txt to desktop).

Post the contents of the ActiveScan report, please, and let me know how it's running. :)

Thanks,
tea
My help is free, but if you wish to help keep these forums running please consider a donation, see this topic for details.

Posted Image
Posted Image

#20 raphael212

raphael212

    Member

  • Full Member
  • Pip
  • 12 posts

Posted 08 May 2007 - 07:51 PM

Hello,

Just started to do the online scan process, so I decided to report how my computer is running atm.

I think it's running much more faster now, and no, there are no more popups.

Just started my IE (to run the online scan), it started very slow, but browsing speed was as fast as before.

Nothing else I noticed of.

Thank you,

Raphael

ps. after the last clean with SmitfraudFix, my screensaver and desktop background pic disappeared, but I think that's minor ^^.

#21 raphael212

raphael212

    Member

  • Full Member
  • Pip
  • 12 posts

Posted 09 May 2007 - 05:35 PM

Hi again,

I tried to use the scan, but it always ended up hanging @ c:\ntldr. I tried 4 times and gave up.

before it hangs, it picks up 3 viruses that are not a threat (quarantined?). and twenty something spywares.

Thanks a lot

Raphael

#22 teacup61

teacup61

    RIP

  • Emeritus
  • PipPipPipPipPip
  • 4,064 posts

Posted 20 May 2007 - 11:02 AM

Hello,

I'm so sorry! :weep: I completely overlooked this. Do you still need help?
My help is free, but if you wish to help keep these forums running please consider a donation, see this topic for details.

Posted Image
Posted Image

#23 teacup61

teacup61

    RIP

  • Emeritus
  • PipPipPipPipPip
  • 4,064 posts

Posted 28 May 2007 - 02:06 PM

Since this issue appears resolved ... this Topic is closed.

If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
My help is free, but if you wish to help keep these forums running please consider a donation, see this topic for details.

Posted Image
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button