hjt log pls help cleanup

I am experiencing numerous popups in my system and I wonder there are nasties. Pls help me check the hjt log below for fix.
Thanks,
fox

Logfile of HijackThis v1.99.1
Scan saved at 4:43:20 PM, on 12/13/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINXP\System32\smss.exe
C:\WINXP\system32\winlogon.exe
C:\WINXP\system32\services.exe
C:\WINXP\system32\lsass.exe
C:\WINXP\system32\svchost.exe
C:\WINXP\System32\svchost.exe
C:\WINXP\system32\spoolsv.exe
C:\WINXP\system32\rundll32.exe
C:\WINXP\Explorer.EXE
C:\WINXP\System32\igfxtray.exe
C:\WINXP\System32\hkcmd.exe
C:\WINXP\System32\RunDll32.exe
C:\WINXP\System32\paytime.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\windows\adtech2006a.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINXP\inet20009\services.exe
C:\WINXP\System32\paytime.exe
C:\PROGRA~1\COMMON~1\uouz\uouzm.exe
C:\PROGRA~1\COMMON~1\uouz\uouza.exe
C:\WINXP\system32\ZoneLabs\vsmon.exe
C:\WINXP\System32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINXP\System32\wuauclt.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Documents and Settings\user\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe
F3 - REG:win.ini: run=C:\WINXP\inet20009\services.exe
O2 - BHO: (no name) - {5321E378-FFAD-4999-8C62-03CA8155F0B3} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINXP\System32\msdxm.ocx
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINXP\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINXP\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINXP\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINXP\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [IgfxTray] C:\WINXP\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINXP\System32\hkcmd.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Microsoft tool] C:\WINXP\System32\mstool.exe
O4 - HKLM\..\Run: [PayTime] C:\WINXP\System32\paytime.exe
O4 - HKLM\..\Run: [adtech2006] C:\windows\adtech2006a.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [xp_system] C:\WINXP\inet20009\services.exe
O4 - HKCU\..\Run: [Shell] "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe"
O4 - HKCU\..\Run: [PayTime] C:\WINXP\System32\paytime.exe
O4 - HKCU\..\Run: [uouz] C:\PROGRA~1\COMMON~1\uouz\uouzm.exe
O4 - HKCU\..\Run: [CU1] C:\Program Files\Common Files\VCClient\VCClient.exe
O4 - HKCU\..\Run: [CU2] C:\Program Files\Common Files\VCClient\VCMain.exe
O4 - HKCU\..\Run: [xp_system] C:\WINXP\inet20009\services.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O20 - Winlogon Notify: igfxcui - C:\WINXP\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: Reliability - C:\WINXP\system32\h02olaf31d2.dll
O21 - SSODL: SysTray.Exmr - {73F8D5FF-6F5C-4f5b-B964-E6F214F6F852} - C:\WINXP\System32\glmjfhcg.dll
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINXP\system32\ZoneLabs\vsmon.exe

foxkueh

Junior Poster

105 posts since Aug 2004

Reputation Points: 10

Solved Threads: 0

6 Years Ago

You have quite a few malicious entries in your log, and I also see no indication of any installed anti-virus or anti-spyware programs.

If you really don't have an A-V program, download and install the free edition of AVG anti-virus now.

Next, please do the following:

You will need to close/quit all web browser programs and disconnect from the Internet for the following, so you should print out these instructions or save them into a text file with Notepad.

1. Download and install these utilities (but do not run scans with them yet):

ewido Security Suite (trial version) - http://www.ewido.net/en/download/
Microsoft Anti-Spyware beta - http://www.microsoft.com/downloads/...&displaylang=en
Ad Aware SE Personal - http://www.lavasoftusa.com/
SpyBot Search & Destroy - http://www.safer-networking.org/

- Open ewido. In the main screen, click "Update" and click "Start Update". After the update process completes, exit from Ewido.

- Open MS Antispyware beta. Make sure the "AntiSpyware Autoupdater" feature is enabled, and that it has downloaded the most current antispyware updates. Close the program after you've verified this.

- Open SpyBot and use its update feature to download and install the most current spyware definitions file. Close the program once the update is complete.

- Open AdAware, click the "Check for updates now" button, and follow the prompts to install the most current spyware definition database. Close the program once the update is complete.

- Open AVG and use its Update feature to make sure that you have the most current virus definitions installed. As with the above programs, don't run a scan with it; just close it once it is updated.

3. Download and install the CCleaner utility, but don't run it yet.

4. Run HijackTHis again, put a check mark next to the following entries, and then click the "Fix checked" button. Close HJT once it has finished performing its fixes:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe
F3 - REG:win.ini: run=C:\WINXP\inet20009\services.exe
O2 - BHO: (no name) - {5321E378-FFAD-4999-8C62-03CA8155F0B3} - (no file)
O4 - HKLM\..\Run: [Microsoft tool] C:\WINXP\System32\mstool.exe
O4 - HKLM\..\Run: [PayTime] C:\WINXP\System32\paytime.exe
O4 - HKLM\..\Run: [adtech2006] C:\windows\adtech2006a.exe
O4 - HKLM\..\Run: [xp_system] C:\WINXP\inet20009\services.exe
O4 - HKCU\..\Run: [Shell] "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe"
O4 - HKCU\..\Run: [PayTime] C:\WINXP\System32\paytime.exe
O4 - HKCU\..\Run: [uouz] C:\PROGRA~1\COMMON~1\uouz\uouzm.exe
O4 - HKCU\..\Run: [CU1] C:\Program Files\Common Files\VCClient\VCClient.exe
O4 - HKCU\..\Run: [CU2] C:\Program Files\Common Files\VCClient\VCMain.exe
O4 - HKCU\..\Run: [xp_system] C:\WINXP\inet20009\services.exe
O20 - Winlogon Notify: Reliability - C:\WINXP\system32\h02olaf31d2.dll
O21 - SSODL: SysTray.Exmr - {73F8D5FF-6F5C-4f5b-B964-E6F214F6F852} - C:\WINXP\System32\glmjfhcg.dll

5. Reboot into Safe Mode (you get to the safe mode boot option by hitting the F8 key as your computer is starting up).

6. Run CCleaner. It may take a while for the program to perform its cleaning, so be patient. Close the program when it has finished.

7. Run AVG, SpyBot, ewido, AdAware, and MS Antispyware beta consecutively; have the programs fix all malicious items they find.

When ewido finds the first malicious object on your system, it will ask you if it should clean it. When it asks this, put a checkmark in the lower left corner of the box that says "Perform action on all infections", then choose clean and click OK.
Save the log file that ewido will create after it finishes scanning; you'll be including that log in your next post here.

8. Open Windows Explorer, and in the Folder Options->View settings under the Tools menu, select "show hidden files and folders", and uncheck "Hide protected operating system files" and "Hide extentions for known file types".

- Locate and delete the following files (some of these should already have been deleted by the removal utilities):
c:\secure32.html
C:\WINXP\System32\mstool.exe
C:\WINXP\System32\paytime.exe
C:\windows\adtech2006a.exe
C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe
C:\WINXP\system32\h02olaf31d2.dll
C:\WINXP\System32\glmjfhcg.dll

- Delete the following folders entirely:

C:\WINXP\inet20009
C:\Program Files\Common Files\uouz
C:\Program Files\Common Files\VCClient

9. Empty your Recycle Bin, reboot normally, run HijackThis again, and post the new log. Also post the log that ewido generated.

DMR

Wombat At Large

Team Colleague

7,229 posts since Dec 2003

Reputation Points: 221

Solved Threads: 370

6 Years Ago

You have quite a few malicious entries in your log, and I also see no indication of any installed anti-virus or anti-spyware programs.

If you really don't have an A-V program, download and install the free edition of AVG anti-virus now.

Next, please do the following:

You will need to close/quit all web browser programs and disconnect from the Internet for the following, so you should print out these instructions or save them into a text file with Notepad.

1. Download and install these utilities (but do not run scans with them yet):

ewido Security Suite (trial version) - http://www.ewido.net/en/download/
Microsoft Anti-Spyware beta - http://www.microsoft.com/downloads/...&displaylang=en
Ad Aware SE Personal - http://www.lavasoftusa.com/
SpyBot Search & Destroy - http://www.safer-networking.org/

- Open ewido. In the main screen, click "Update" and click "Start Update". After the update process completes, exit from Ewido.

- Open MS Antispyware beta. Make sure the "AntiSpyware Autoupdater" feature is enabled, and that it has downloaded the most current antispyware updates. Close the program after you've verified this.

- Open SpyBot and use its update feature to download and install the most current spyware definitions file. Close the program once the update is complete.

- Open AdAware, click the "Check for updates now" button, and follow the prompts to install the most current spyware definition database. Close the program once the update is complete.

- Open AVG and use its Update feature to make sure that you have the most current virus definitions installed. As with the above programs, don't run a scan with it; just close it once it is updated.

3. Download and install the CCleaner utility, but don't run it yet.

4. Run HijackTHis again, put a check mark next to the following entries, and then click the "Fix checked" button. Close HJT once it has finished performing its fixes:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe
F3 - REG:win.ini: run=C:\WINXP\inet20009\services.exe
O2 - BHO: (no name) - {5321E378-FFAD-4999-8C62-03CA8155F0B3} - (no file)
O4 - HKLM\..\Run: [Microsoft tool] C:\WINXP\System32\mstool.exe
O4 - HKLM\..\Run: [PayTime] C:\WINXP\System32\paytime.exe
O4 - HKLM\..\Run: [adtech2006] C:\windows\adtech2006a.exe
O4 - HKLM\..\Run: [xp_system] C:\WINXP\inet20009\services.exe
O4 - HKCU\..\Run: [Shell] "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe"
O4 - HKCU\..\Run: [PayTime] C:\WINXP\System32\paytime.exe
O4 - HKCU\..\Run: [uouz] C:\PROGRA~1\COMMON~1\uouz\uouzm.exe
O4 - HKCU\..\Run: [CU1] C:\Program Files\Common Files\VCClient\VCClient.exe
O4 - HKCU\..\Run: [CU2] C:\Program Files\Common Files\VCClient\VCMain.exe
O4 - HKCU\..\Run: [xp_system] C:\WINXP\inet20009\services.exe
O20 - Winlogon Notify: Reliability - C:\WINXP\system32\h02olaf31d2.dll
O21 - SSODL: SysTray.Exmr - {73F8D5FF-6F5C-4f5b-B964-E6F214F6F852} - C:\WINXP\System32\glmjfhcg.dll

5. Reboot into Safe Mode (you get to the safe mode boot option by hitting the F8 key as your computer is starting up).

6. Run CCleaner. It may take a while for the program to perform its cleaning, so be patient. Close the program when it has finished.

7. Run AVG, SpyBot, ewido, AdAware, and MS Antispyware beta consecutively; have the programs fix all malicious items they find.

When ewido finds the first malicious object on your system, it will ask you if it should clean it. When it asks this, put a checkmark in the lower left corner of the box that says "Perform action on all infections", then choose clean and click OK.
Save the log file that ewido will create after it finishes scanning; you'll be including that log in your next post here.

8. Open Windows Explorer, and in the Folder Options->View settings under the Tools menu, select "show hidden files and folders", and uncheck "Hide protected operating system files" and "Hide extentions for known file types".

- Locate and delete the following files (some of these should already have been deleted by the removal utilities):
c:\secure32.html
C:\WINXP\System32\mstool.exe
C:\WINXP\System32\paytime.exe
C:\windows\adtech2006a.exe
C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe
C:\WINXP\system32\h02olaf31d2.dll
C:\WINXP\System32\glmjfhcg.dll

- Delete the following folders entirely:

C:\WINXP\inet20009
C:\Program Files\Common Files\uouz
C:\Program Files\Common Files\VCClient

9. Empty your Recycle Bin, reboot normally, run HijackThis again, and post the new log. Also post the log that ewido generated.

Thanks DMR. : :D Here is the logs for your review:

hjt log:
Logfile of HijackThis v1.99.1
Scan saved at 10:01:15 AM, on 12/16/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINXP\System32\smss.exe
C:\WINXP\system32\winlogon.exe
C:\WINXP\system32\services.exe
C:\WINXP\system32\lsass.exe
C:\WINXP\system32\svchost.exe
C:\WINXP\System32\svchost.exe
C:\WINXP\system32\spoolsv.exe
C:\WINXP\Explorer.EXE
C:\WINXP\System32\RunDll32.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Mercora\MercoraClient.exe
C:\WINXP\System32\RUNDLL32.EXE
C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe
C:\DOCUMENTS AND SETTINGS\USER\MY DOCUMENTS\My Downloads\utorrent.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\WINXP\System32\rundll32.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINXP\System32\nvsvc32.exe
C:\WINXP\System32\ups.exe
C:\WINXP\system32\ZoneLabs\vsmon.exe
C:\WINXP\System32\wuauclt.exe
C:\DOCUME~1\user\LOCALS~1\Temp\gert0.exe
C:\WINXP\System32\drwtsn32.exe
C:\Documents and Settings\user\Desktop\HijackThis.exe

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINXP\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINXP\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINXP\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINXP\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [Mercora] "C:\Program Files\Mercora\MercoraClient.exe" -startup
O4 - HKLM\..\Run: [winlogons.exe] C:\Program Files\CyberLink\PowerDVD\Free KGB Key Logger\winlogons.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINXP\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINXP\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [VGAUtil] C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe
O4 - HKLM\..\Run: [Microsoft tool] C:\WINXP\System32\mstool.exe
O4 - HKCU\..\Run: [µTorrent] "C:\DOCUMENTS AND SETTINGS\USER\MY DOCUMENTS\My Downloads\utorrent.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINXP\SYSTEM32\igfxdev.dll
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINXP\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINXP\system32\ZoneLabs\vsmon.exe

ewido report:
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 9:48:12 AM, 12/16/2005
+ Report-Checksum: 61B99EC9

+ Scan result:

[1412] C:\Program Files\CyberLink\PowerDVD\Free KGB Key Logger\winlogon.dll -> Not-A-Virus.Monitor.KGBSpy.34 : Cleaned with backup
[1580] C:\Program Files\CyberLink\PowerDVD\Free KGB Key Logger\winlogon.dll -> Not-A-Virus.Monitor.KGBSpy.34 : Error during cleaning
[1588] C:\Program Files\CyberLink\PowerDVD\Free KGB Key Logger\winlogon.dll -> Not-A-Virus.Monitor.KGBSpy.34 : Error during cleaning
[1596] C:\Program Files\CyberLink\PowerDVD\Free KGB Key Logger\winlogon.dll -> Not-A-Virus.Monitor.KGBSpy.34 : Error during cleaning
[1640] C:\Program Files\CyberLink\PowerDVD\Free KGB Key Logger\winlogon.dll -> Not-A-Virus.Monitor.KGBSpy.34 : Error during cleaning
[1648] C:\Program Files\CyberLink\PowerDVD\Free KGB Key Logger\winlogon.dll -> Not-A-Virus.Monitor.KGBSpy.34 : Error during cleaning
[1656] C:\Program Files\CyberLink\PowerDVD\Free KGB Key Logger\winlogon.dll -> Not-A-Virus.Monitor.KGBSpy.34 : Error during cleaning
[1672] C:\Program Files\CyberLink\PowerDVD\Free KGB Key Logger\winlogon.dll -> Not-A-Virus.Monitor.KGBSpy.34 : Error during cleaning
[1684] C:\Program Files\CyberLink\PowerDVD\Free KGB Key Logger\winlogon.dll -> Not-A-Virus.Monitor.KGBSpy.34 : Error during cleaning
[1772] C:\Program Files\CyberLink\PowerDVD\Free KGB Key Logger\winlogon.dll -> Not-A-Virus.Monitor.KGBSpy.34 : Error during cleaning
[2632] C:\Program Files\CyberLink\PowerDVD\Free KGB Key Logger\winlogon.dll -> Not-A-Virus.Monitor.KGBSpy.34 : Error during cleaning
C:\WINXP\country.exe -> Trojan.Small : Cleaned with backup
C:\WINXP\dvpd.dll -> Backdoor.Dumador.ej : Cleaned with backup
C:\WINXP\system32\geaecnnm.exe -> Proxy.Wopla.n : Cleaned with backup
C:\WINXP\tool1.exe -> Proxy.Xorpix.e : Cleaned with backup
C:\WINXP\tool2.exe -> Hijacker.Spywad.l : Cleaned with backup
C:\WINXP\tool3.exe -> Downloader.Small.bwr : Cleaned with backup
C:\WINXP\tool4.exe -> Trojan.Small : Cleaned with backup
C:\WINXP\tool5.exe -> Trojan.Small : Cleaned with backup
C:\WINXP\toolbar.exe -> Downloader.Adload.j : Cleaned with backup

::Report End

DMR, when I run ewido security, my system always crashed. Do you know how to overcome this?

foxkueh

Junior Poster

105 posts since Aug 2004

Reputation Points: 10

Solved Threads: 0

6 Years Ago

I don't have an answer for the ewido crashing at the moment (can you give us any more details?), but I do have a question: why are there new program entries in your latest HijackThis log? :

O4 - HKLM\..\Run: [Mercora] "C:\Program Files\Mercora\MercoraClient.exe" -startup
O4 - HKLM\..\Run: [VGAUtil] C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe
O4 - HKCU\..\Run: [µTorrent] "C:\DOCUMENTS AND SETTINGS\USER\MY DOCUMENTS\My Downloads\utorrent.exe"
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart

Please don't install anything during our troubleshooting; it just confuses and complicates things.

I'm logging off for the night right now; I'll check back on this thread tomorrow...

DMR

Wombat At Large

Team Colleague

7,229 posts since Dec 2003

Reputation Points: 221

Solved Threads: 370

6 Years Ago

I don't have an answer for the ewido crashing at the moment (can you give us any more details?), but I do have a question: why are there new program entries in your latest HijackThis log? :

O4 - HKLM\..\Run: [Mercora] "C:\Program Files\Mercora\MercoraClient.exe" -startup
O4 - HKLM\..\Run: [VGAUtil] C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe
O4 - HKCU\..\Run: [µTorrent] "C:\DOCUMENTS AND SETTINGS\USER\MY DOCUMENTS\My Downloads\utorrent.exe"
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart

Please don't install anything during our troubleshooting; it just confuses and complicates things.

I'm logging off for the night right now; I'll check back on this thread tomorrow...

Hi DMR,
Sorry my children didn't know I was trying to fix the problems and instal a new graphic card and some new softwares. If you are not particularly unhappy about it, shall we start the trouble shooting process again. This is my new hjt log:

Logfile of HijackThis v1.99.1
Scan saved at 4:33:06 PM, on 12/17/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINXP\System32\smss.exe
C:\WINXP\system32\winlogon.exe
C:\WINXP\system32\services.exe
C:\WINXP\system32\lsass.exe
C:\WINXP\system32\svchost.exe
C:\WINXP\System32\svchost.exe
C:\WINXP\system32\spoolsv.exe
C:\WINXP\Explorer.EXE
C:\WINXP\System32\RunDll32.exe
C:\Program Files\Mercora\MercoraClient.exe
C:\WINXP\System32\RUNDLL32.EXE
C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINXP\System32\rundll32.exe
C:\DOCUMENTS AND SETTINGS\USER\MY DOCUMENTS\My Downloads\utorrent.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINXP\System32\nvsvc32.exe
C:\WINXP\System32\ups.exe
C:\WINXP\system32\ZoneLabs\vsmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\user\Desktop\HijackThis.exe

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINXP\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINXP\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINXP\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINXP\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Mercora] "C:\Program Files\Mercora\MercoraClient.exe" -startup
O4 - HKLM\..\Run: [winlogons.exe] C:\Program Files\CyberLink\PowerDVD\Free KGB Key Logger\winlogons.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINXP\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINXP\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [VGAUtil] C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe
O4 - HKLM\..\Run: [Microsoft tool] C:\WINXP\System32\mstool.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKCU\..\Run: [µTorrent] "C:\DOCUMENTS AND SETTINGS\USER\MY DOCUMENTS\My Downloads\utorrent.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINXP\SYSTEM32\igfxdev.dll
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINXP\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINXP\system32\ZoneLabs\vsmon.exe

I notice that some of the lines I fixed before appear again. Thanks for your patient.

foxkueh

Junior Poster

105 posts since Aug 2004

Reputation Points: 10

Solved Threads: 0

6 Years Ago

my children didn't know I was trying to fix the problems and instal a new graphic card and some new softwares.

Ah, children- that explains it...I notice that some of the lines I fixed before appear again.Yes, that means that we haven't fully removed all of the infection yet.

- Can you give us more details about the ewido crash? Does it crash at a specific point in the scan (when scanning a particular file, for example)? Are there any error messages? Try uninstalling ewido and reinstalling it; it would really be helpful to have the program working properly.

DMR

Wombat At Large

Team Colleague

7,229 posts since Dec 2003

Reputation Points: 221

Solved Threads: 370

6 Years Ago

Ah, children- that explains it...

Yes, that means that we haven't fully removed all of the infection yet.

- Can you give us more details about the ewido crash? Does it crash at a specific point in the scan (when scanning a particular file, for example)? Are there any error messages? Try uninstalling ewido and reinstalling it; it would really be helpful to have the program working properly.

The ewido only stalled the first time I used it, no error message. Now back to normal. I did the scan and nothing was found.

Can you tell me what should I do now to completely wipe the nasties.

foxkueh :confused:

foxkueh

Junior Poster

105 posts since Aug 2004

Reputation Points: 10

Solved Threads: 0

6 Years Ago

Let's see if we can remove the leftovers:

1. Open your Add/Remove Programs control panel and uninstall the Cyberlink/Key Logger software if you see it listed there.

2. Run HJT again and have it fix:

O4 - HKLM\..\Run: [winlogons.exe] C:\Program Files\CyberLink\PowerDVD\Free KGB Key Logger\winlogons.exe
O4 - HKLM\..\Run: [Microsoft tool] C:\WINXP\System32\mstool.exe

3. Reboot into Safe Mode again.

4. Open Windows Explorer, and in the Folder Options->View settings under the Tools menu, select "show hidden files and folders", and uncheck "Hide protected operating system files" and "Hide extentions for known file types".

- Locate and delete the C:\WINXP\System32\mstool.exe
file.

- Delete the following folder entirely:

C:\Program Files\CyberLink

5. Empty your Recycle Bin, reboot normally, run HijackThis again, and post the new (and hopefully final) log.

DMR

Wombat At Large

Team Colleague

7,229 posts since Dec 2003

Reputation Points: 221

Solved Threads: 370

6 Years Ago

Let's see if we can remove the leftovers:

1. Open your Add/Remove Programs control panel and uninstall the Cyberlink/Key Logger software if you see it listed there.

2. Run HJT again and have it fix:

O4 - HKLM\..\Run: [winlogons.exe] C:\Program Files\CyberLink\PowerDVD\Free KGB Key Logger\winlogons.exe
O4 - HKLM\..\Run: [Microsoft tool] C:\WINXP\System32\mstool.exe

3. Reboot into Safe Mode again.

4. Open Windows Explorer, and in the Folder Options->View settings under the Tools menu, select "show hidden files and folders", and uncheck "Hide protected operating system files" and "Hide extentions for known file types".

- Locate and delete the C:\WINXP\System32\mstool.exe
file.

- Delete the following folder entirely:

C:\Program Files\CyberLink

5. Empty your Recycle Bin, reboot normally, run HijackThis again, and post the new (and hopefully final) log.

Hi DMR,
Power DVD is a programme from the new video card my children stalled. Is it a bad programme?
foxkueh

foxkueh

Junior Poster

105 posts since Aug 2004

Reputation Points: 10

Solved Threads: 0

6 Years Ago

Hi DMR,
Power DVD is a programme from the new video card my children stalled. Is it a bad programme?

The Cyberlink PowerDVD program as a whole is legit, but I definitely question the KGB Keylogger program which your log shows to be running from within the Cyberlink folder.
You may know this already, but keylogger programs are used to capture a user's keystrokes on a computer and save that information so that it can be reviewed by, or sent to, someone else. Obviously, unless you specifically installed the keylogger as a "parental control", you definitely don't want it installed on your computer.

If you know nothing about the keylogger:

- Leave the Cyberlink software installed for now.

- Have HijackThis fix the "[winlogons.exe]" log entry to disable off the keylogger component.

- Follow my instructions concerning removing "mstool.exe".

- Reboot the computer, run hijackThis again, and post the new log.

DMR

Wombat At Large

Team Colleague

7,229 posts since Dec 2003

Reputation Points: 221

Solved Threads: 370

6 Years Ago

The Cyberlink PowerDVD program as a whole is legit, but I definitely question the KGB Keylogger program which your log shows to be running from within the Cyberlink folder.
You may know this already, but keylogger programs are used to capture a user's keystrokes on a computer and save that information so that it can be reviewed by, or sent to, someone else. Obviously, unless you specifically installed the keylogger as a "parental control", you definitely don't want it installed on your computer.

If you know nothing about the keylogger:

- Leave the Cyberlink software installed for now.

- Have HijackThis fix the "[winlogons.exe]" log entry to disable off the keylogger component.

- Follow my instructions concerning removing "mstool.exe".

- Reboot the computer, run hijackThis again, and post the new log.

Hi DMR,

I have deleted the Cyberlink folder, and here is the new log:

Logfile of HijackThis v1.99.1
Scan saved at 11:36:17 PM, on 12/19/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINXP\System32\smss.exe
C:\WINXP\system32\winlogon.exe
C:\WINXP\system32\services.exe
C:\WINXP\system32\lsass.exe
C:\WINXP\system32\svchost.exe
C:\WINXP\System32\svchost.exe
C:\WINXP\system32\spoolsv.exe
C:\WINXP\Explorer.EXE
C:\WINXP\System32\RunDll32.exe
C:\Program Files\Mercora\MercoraClient.exe
C:\WINXP\System32\RUNDLL32.EXE
C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\DOCUMENTS AND SETTINGS\USER\MY DOCUMENTS\My Downloads\utorrent.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\WINXP\System32\rundll32.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINXP\System32\nvsvc32.exe
C:\WINXP\System32\ups.exe
C:\WINXP\system32\ZoneLabs\vsmon.exe
C:\DOCUME~1\user\LOCALS~1\Temp\ins83.tmp
C:\Documents and Settings\user\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.nz/
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINXP\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINXP\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINXP\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINXP\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Mercora] "C:\Program Files\Mercora\MercoraClient.exe" -startup
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINXP\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINXP\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [VGAUtil] C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKCU\..\Run: [µTorrent] "C:\DOCUMENTS AND SETTINGS\USER\MY DOCUMENTS\My Downloads\utorrent.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINXP\SYSTEM32\igfxdev.dll
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINXP\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINXP\system32\ZoneLabs\vsmon.exe

Thanks,
foxkueh

foxkueh

Junior Poster

105 posts since Aug 2004

Reputation Points: 10

Solved Threads: 0

6 Years Ago

1. There's only one entry I see in the latest log that I'm not liking:

C:\DOCUME~1\user\LOCALS~1\Temp\ins83.tmp

The above process hasn't been listed in any of your previous logs, and normal/legitimate programs shouldn't be running from Temp folders, so it could be indicative of something still lingering in the background.

2. There is something in the log that I am not seeing, but that I should be seeing. One of the tools I asked you to download and install was Microsoft Antispyware beta, but there are no indications in your logs that the program is running. Can you shed any light on that?

3. Do one (hopefully) final clean-up sweep:

- Open ewido and MS Antispyware and make sure they both have the most current updates installed.

- Reboot into Safe Mode again and:

* Run CCleaner.

* Run full system scans with ewido and MS Antispyware; have them fix all items they find. Save the new ewido scan report log.

* Empty the Recycle Bin and reboot normally.

- Once rebooted, run HJT and post the new log. Also post the new ewido log.

DMR

Wombat At Large

Team Colleague

7,229 posts since Dec 2003

Reputation Points: 221

Solved Threads: 370

6 Years Ago

Logfile of HijackThis v1.99.1
Scan saved at 2:28:53 PM, on 12/20/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINXP\System32\smss.exe
C:\WINXP\system32\winlogon.exe
C:\WINXP\system32\services.exe
C:\WINXP\system32\lsass.exe
C:\WINXP\system32\svchost.exe
C:\WINXP\System32\svchost.exe
C:\WINXP\system32\spoolsv.exe
C:\WINXP\Explorer.EXE
C:\WINXP\System32\RunDll32.exe
C:\Program Files\Mercora\MercoraClient.exe
C:\WINXP\System32\RUNDLL32.EXE
C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\DOCUMENTS AND SETTINGS\USER\MY DOCUMENTS\My Downloads\utorrent.exe
C:\WINXP\System32\rundll32.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINXP\System32\nvsvc32.exe
C:\WINXP\System32\ups.exe
C:\WINXP\system32\ZoneLabs\vsmon.exe
C:\Documents and Settings\user\Desktop\HijackThis.exe
C:\WINXP\system32\rundll32.exe
C:\WINXP\System32\imapi.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.nz/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.nz/
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINXP\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINXP\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINXP\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINXP\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Mercora] "C:\Program Files\Mercora\MercoraClient.exe" -startup
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINXP\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINXP\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [VGAUtil] C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [µTorrent] "C:\DOCUMENTS AND SETTINGS\USER\MY DOCUMENTS\My Downloads\utorrent.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINXP\SYSTEM32\igfxdev.dll
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINXP\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINXP\system32\ZoneLabs\vsmon.exe

------------------------------------------------------
---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 2:27:14 PM, 12/20/2005
+ Report-Checksum: B69B2AB7

+ Scan result:

C:\Documents and Settings\user\Application Data\Mercora\MercoraClient\Data\MyPictures.dat -> Spyware.Grokster : Cleaned with backup

::Report End

foxkueh

Junior Poster

105 posts since Aug 2004

Reputation Points: 10

Solved Threads: 0

6 Years Ago

I have also been having problems when I try to play a video on the computer. Whenever I open it, it suddenly goes very slow and laggy. It takes about 1 minute before the Ctrl+Alt+Delete menu comes up after I press it. The videos work on my other computer ok and used to work well on this one before I installed the graphics card. Do you know what the problem could be?

foxkueh

Junior Poster

105 posts since Aug 2004

Reputation Points: 10

Solved Threads: 0

6 Years Ago

I'm actually just signing off for the night right now (very early day at work tomorrow), so I'll have to give you a full response tomorrow...

DMR

Wombat At Large

Team Colleague

7,229 posts since Dec 2003

Reputation Points: 221

Solved Threads: 370

This article has been dead for over three months

You