0

I posted this in someone elses thread, but I'm afraid it'd go unanswered so I made my own. I used to be able to load pages in less than a second, now sometimes the page doesn't load at all. Regarding browsers opening up by itself... I use Mozilla Firefox for all my browsing but random pages I've never been to open up on IE. Can someone help me fix this problem? Thank you.

Logfile of HijackThis v1.99.1
Scan saved at 12:17:44 PM, on 4/7/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\SCardSvr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\PMJ151LA.BIN
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Garmin\gStart.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymSCUI.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Kyle Zhang\Desktop\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com/search/de_srchlft.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gaiaonline.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearch.myway.com/jsp/dellsidebar.jsp?p=DE
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\ntos.exe,
O1 - Hosts: 69.60.124.19 L2authd.lineage2.com
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: Morpheus Toolbar - {119DBEDA-9c41-4F97-94B4-B6BCD01133CF} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SoundService] rundll32.exe "C:\WINDOWS\system32\myabaotc.dll",setvm
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [gStart] C:\Garmin\gStart.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: dlbcserv.lnk = C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Heroplayer Online - C:\HEROSOFT\Hero Super Play\MPURLGET.HTM
O9 - Extra button: (no name) - {0062C9BD-B349-40DE-91A0-755F37ACD559} - (no file)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Morpheus Toolbar - {119DBEDA-9c41-4F97-94B4-B6BCD01133CF} - (no file)
O9 - Extra 'Tools' menuitem: Morpheus Toolbar - {119DBEDA-9c41-4F97-94B4-B6BCD01133CF} - (no file)
O9 - Extra button: hero player - {367E0A21-8601-4986-9C9A-153BF5ACA118} - C:\HEROSOFT\Hero Super Play\MPLAYER.EXE
O9 - Extra 'Tools' menuitem: hero player - {367E0A21-8601-4986-9C9A-153BF5ACA118} - C:\HEROSOFT\Hero Super Play\MPLAYER.EXE
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://behappy2002.spaces.msn.com//P...d/MsnPUpld.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10...o.cab34246.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/game...Plugin9USA.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: PMJ151 AutoLaunch Service (PMJ151LA) - Matsushita Electric Industrial Co. ,Ltd, - C:\WINDOWS\PMJ151LA.BIN
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

2
Contributors
20
Replies
21
Views
10 Years
Discussion Span
Last Post by pacian
0

Hi,
Download CCleaner and install it. Do not run it now!

Make Windows to show all files:-
Go to Start > My Computer.
Go to Tools menu, click Folder Options (Folder Option will be in View Menu in Win98).
Uncheck Hide protected operating system files.
Then, click to select the option Show hidden files and folders.
Click Apply and then click OK to exit.


Reboot in Safe Mode:-
Restart (or switch ON) the PC.
Then, keep tapping the F8 Key.
From the menu that will be displayed, out of which choose Safe Mode and press Enter.

Run HijackThis and click Do only a System scan. Then put a check mark infront of below listed entries:-

R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\ntos.exe,
O3 - Toolbar: Morpheus Toolbar - {119DBEDA-9c41-4F97-94B4-B6BCD01133CF} - (no file)
O4 - HKLM\..\Run: [SoundService] rundll32.exe "C:\WINDOWS\system32\myabaotc.dll",setvm
O9 - Extra button: (no name) - {0062C9BD-B349-40DE-91A0-755F37ACD559} - (no file)
O9 - Extra button: Morpheus Toolbar - {119DBEDA-9c41-4F97-94B4-B6BCD01133CF} - (no file)
O9 - Extra 'Tools' menuitem: Morpheus Toolbar - {119DBEDA-9c41-4F97-94B4-B6BCD01133CF} - (no file)
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\system32\shdocvw.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/game...Plugin9USA.cab

Close all other open programs except Hijackthis and click the button Fix Checked in HijackThis.


Exit from HijackThis. Delete these files:-
C:\WINDOWS\system32\ntos.exe

Run CCleaner, click "Options" button and here go to "Advanced" tab and uncheck the option "Only delete files in Windows Temp folder older than 48 hours". Click OK to exit from the Options. Finally click "Run Cleaner" and click "OK" to continue cleaning.

Reboot to Normal Mode. Perform an online virus scan at Kaspersky Online Scanner (Click on the "Kaspersky Online Scanner" button). Save the log it gives after the scan.

Run HijackThis again, click Do a System scan and save log, and post the fresh log along with the Kaspersky log.

0

Hey, swatkat, I appreciate the help you're lending me. :cheesy:
The only thing that went wrong was that I was unable to delete C:\WINDOWS\system32\ntos.exe and that I couldn't run it in normal Safe Mode since it got stuck on the second black screen. I had to run it on Safe Mode with Networking, I don't know if there's a problem with that, but it worked. I'm still getting the same problem, but it seemed to have fixed the system balloon messages. They recently started appearing at the top left hand corner, but now they're where they're supposed to be.

Here's the fresh log for Hijackthis:

Logfile of HijackThis v1.99.1
Scan saved at 8:30:35 AM, on 4/8/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\SCardSvr.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\PMJ151LA.BIN
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Garmin\gStart.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymSCUI.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\Kyle Zhang\Desktop\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com/search/de_srchlft.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gaiaonline.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearch.myway.com/jsp/dellsidebar.jsp?p=DE
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\Userinit.exe,C:\WINDOWS\system32\ntos.exe,
O1 - Hosts: 69.60.124.19 L2authd.lineage2.com
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SoundService] rundll32.exe "C:\WINDOWS\system32\shjkaecg.dll",setvm
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [gStart] C:\Garmin\gStart.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [userinit] C:\WINDOWS\system32\ntos.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: dlbcserv.lnk = C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Heroplayer Online - C:\HEROSOFT\Hero Super Play\MPURLGET.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: hero player - {367E0A21-8601-4986-9C9A-153BF5ACA118} - C:\HEROSOFT\Hero Super Play\MPLAYER.EXE
O9 - Extra 'Tools' menuitem: hero player - {367E0A21-8601-4986-9C9A-153BF5ACA118} - C:\HEROSOFT\Hero Super Play\MPLAYER.EXE
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://behappy2002.spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: PMJ151 AutoLaunch Service (PMJ151LA) - Matsushita Electric Industrial Co. ,Ltd, - C:\WINDOWS\PMJ151LA.BIN
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

And here's the log from Kapersky:

Eh... It didn't show the scan report. Was I supposed to allow "Kapersky Online Scanner GUI Part" from "Kaspersky Lab (unverified publisher)" add-on install? There was another one from them but it didn't say the (unverified publisher) part so I'm thinking someone's trying to make me install spyware.

0

Sunday, April 08, 2007 9:57:15 AM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 8/04/2007
Kaspersky Anti-Virus database records: 275929

Scan Settings Scan using the following antivirus database standard Scan Archives true Scan Mail Bases true
Scan Target Critical Areas C:\WINDOWS
C:\DOCUME~1\KYLEZH~1\LOCALS~1\Temp\
Scan Statistics Total number of scanned objects 15507 Number of viruses found 2 Number of infected objects 2 / 0 Number of suspicious objects 0 Duration of the scan process 00:17:18
Infected Object Name Virus Name Last Action C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\hfttkyed.dll Infected: Trojan.Win32.BHO.g skipped
C:\WINDOWS\system32\ntos.exe Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\system32\winfja32.dll Infected: Trojan.Win32.Agent.qt skipped
C:\WINDOWS\system32\wsnpoem\audio.dll Object is locked skipped
C:\WINDOWS\system32\wsnpoem\video.dll Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
Scan process completed.

0
Sunday, April 08, 2007 12:42:07 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update:  8/04/2007
Kaspersky Anti-Virus database records: 275929


Scan Settings                           Scan using the following antivirus database             standard                            Scan Archives           true                            Scan Mail Bases             trueScan Target             My Computer                                             C:\
D:\Scan Statistics                          Total number of scanned objects             95746                           Number of viruses found             7                           Number of infected objects          9 / 0                           Number of suspicious objects            0                           Duration of the scan process            02:39:17Infected Object Name            Virus Name          Last Action                             C:\aqfcqnaq.exe                     Infected: Trojan-Spy.Win32.Bancos.aam                       skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat                     Object is locked                        skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat                     Object is locked                        skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\MPLog-12062006-143139.log                       Object is locked                        skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows NT\MSFax\ActivityLog\InboxLOG.txt                        Object is locked                        skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows NT\MSFax\ActivityLog\OutboxLOG.txt                       Object is locked                        skipped
C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare                      Object is locked                        skipped
C:\Documents and Settings\Kyle Zhang\Application Data\Gtek\GTUpdate\AUpdate\DellSupport\DSAgnt.log                      Object is locked                        skipped
C:\Documents and Settings\Kyle Zhang\Application Data\Mozilla\Firefox\Profiles\rjrv6uo9.default\cert8.db                        Object is locked                        skipped
C:\Documents and Settings\Kyle Zhang\Application Data\Mozilla\Firefox\Profiles\rjrv6uo9.default\formhistory.dat                     Object is locked                        skipped
C:\Documents and Settings\Kyle Zhang\Application Data\Mozilla\Firefox\Profiles\rjrv6uo9.default\history.dat                     Object is locked                        skipped
C:\Documents and Settings\Kyle Zhang\Application Data\Mozilla\Firefox\Profiles\rjrv6uo9.default\key3.db                     Object is locked                        skipped
C:\Documents and Settings\Kyle Zhang\Application Data\Mozilla\Firefox\Profiles\rjrv6uo9.default\parent.lock                     Object is locked                        skipped
C:\Documents and Settings\Kyle Zhang\Application Data\Mozilla\Firefox\Profiles\rjrv6uo9.default\search.sqlite                       Object is locked                        skipped
C:\Documents and Settings\Kyle Zhang\Application Data\Mozilla\Firefox\Profiles\rjrv6uo9.default\urlclassifier2.sqlite                       Object is locked                        skipped
C:\Documents and Settings\Kyle Zhang\Application Data\QSWWShare                     Object is locked                        skipped
C:\Documents and Settings\Kyle Zhang\Cookies\index.dat                      Object is locked                        skipped
C:\Documents and Settings\Kyle Zhang\Local Settings\Application Data\AOL OCP\AIM\Storage\All Users\localStorage\common.cls                      Object is locked                        skipped
C:\Documents and Settings\Kyle Zhang\Local Settings\Application Data\AOL OCP\AIM\Storage\data\theunreligion\localStorage\common.cls             Object is locked                        skipped
C:\Documents and Settings\Kyle Zhang\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat                        Object is locked                        skipped
C:\Documents and Settings\Kyle Zhang\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat                     Object is locked                        skipped
C:\Documents and Settings\Kyle Zhang\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG                     Object is locked                        skipped
C:\Documents and Settings\Kyle Zhang\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{9B1DBF30-8153-4DFB-88E1-FFDCACAB1BD6}              Object is locked                        skipped
C:\Documents and Settings\Kyle Zhang\Local Settings\Application Data\Mozilla\Firefox\Profiles\rjrv6uo9.default\Cache\_CACHE_001_            Object is locked                        skipped
C:\Documents and Settings\Kyle Zhang\Local Settings\Application Data\Mozilla\Firefox\Profiles\rjrv6uo9.default\Cache\_CACHE_002_            Object is locked                        skipped
C:\Documents and Settings\Kyle Zhang\Local Settings\Application Data\Mozilla\Firefox\Profiles\rjrv6uo9.default\Cache\_CACHE_003_            Object is locked                        skipped
C:\Documents and Settings\Kyle Zhang\Local Settings\Application Data\Mozilla\Firefox\Profiles\rjrv6uo9.default\Cache\_CACHE_MAP_            Object is locked                        skipped
C:\Documents and Settings\Kyle Zhang\Local Settings\History\History.IE5\index.dat                       Object is locked                        skipped
C:\Documents and Settings\Kyle Zhang\Local Settings\History\History.IE5\MSHist012007040820070409\index.dat                      Object is locked                        skipped
C:\Documents and Settings\Kyle Zhang\Local Settings\Temporary Internet Files\Content.IE5\EUMAZSZ5\Search[1].htm                     Object is locked                        skipped
C:\Documents and Settings\Kyle Zhang\Local Settings\Temporary Internet Files\Content.IE5\index.dat                      Object is locked                        skipped
C:\Documents and Settings\Kyle Zhang\NTUSER.DAT                     Object is locked                        skipped
C:\Documents and Settings\Kyle Zhang\ntuser.dat.LOG                     Object is locked                        skipped
C:\Documents and Settings\Lawrence Zhang\Local Settings\Temporary Internet Files\Content.IE5\ADAPU5GN\50982_spoent-lb120x320[1].swf             Infected: Trojan-Clicker.SWF.Small.a                        skipped
C:\Documents and Settings\Lawrence Zhang\Local Settings\Temporary Internet Files\Content.IE5\WHY38TU3\65654_120x120_newny[1].swf            Infected: Trojan-Clicker.SWF.Small.a                        skipped
C:\Documents and Settings\Lawrence Zhang\Local Settings\Temporary Internet Files\Content.IE5\WHY38TU3\ah[1].js                      Infected: Exploit.HTML.Mht                      skipped
C:\Documents and Settings\Lawrence Zhang\Local Settings\Temporary Internet Files\Content.IE5\ZQQBBUH0\roll[1].swf                       Infected: Trojan-Clicker.SWF.Small.a                        skipped
C:\Documents and Settings\LocalService\Cookies\index.dat                        Object is locked                        skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat                       Object is locked                        skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG                       Object is locked                        skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat                     Object is locked                        skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat                        Object is locked                        skipped
C:\Documents and Settings\LocalService\NTUSER.DAT                       Object is locked                        skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG                       Object is locked                        skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat                      Object is locked                        skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat                     Object is locked                        skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG                     Object is locked                        skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat                       Object is locked                        skipped
C:\Documents and Settings\NetworkService\Local Settings\Temp\Perflib_Perfdata_83c.dat                       Object is locked                        skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat                      Object is locked                        skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT                     Object is locked                        skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG                     Object is locked                        skipped
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\master.mdf                     Object is locked                        skipped
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\mastlog.ldf                        Object is locked                        skipped
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\model.mdf                      Object is locked                        skipped
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\modellog.ldf                       Object is locked                        skipped
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\msdbdata.mdf                       Object is locked                        skipped
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\msdblog.ldf                        Object is locked                        skipped
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\tempdb.mdf                     Object is locked                        skipped
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\templog.ldf                        Object is locked                        skipped
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\LOG\ERRORLOG                        Object is locked                        skipped
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\LOG\log_800.trc                     Object is locked                        skipped
C:\System Volume Information\MountPointManagerRemoteDatabase                        Object is locked                        skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP746\A0157471.exe                      Infected: Trojan-Downloader.Win32.Small.edb                     skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP749\A0158724.dll                      Infected: Trojan-Spy.Win32.VBStat.h                     skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP749\change.log                        Object is locked                        skipped
C:\WINDOWS\Debug\PASSWD.LOG                     Object is locked                        skipped
C:\WINDOWS\SchedLgU.Txt                     Object is locked                        skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log                     Object is locked                        skipped
C:\WINDOWS\Sti_Trace.log                        Object is locked                        skipped
C:\WINDOWS\system32\CatRoot2\edb.log                        Object is locked                        skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb                        Object is locked                        skipped
C:\WINDOWS\system32\config\AppEvent.Evt                     Object is locked                        skipped
C:\WINDOWS\system32\config\DEFAULT                      Object is locked                        skipped
C:\WINDOWS\system32\config\default.LOG                      Object is locked                        skipped
C:\WINDOWS\system32\config\Internet.evt                     Object is locked                        skipped
C:\WINDOWS\system32\config\SAM                      Object is locked                        skipped
C:\WINDOWS\system32\config\SAM.LOG                      Object is locked                        skipped
C:\WINDOWS\system32\config\SecEvent.Evt                     Object is locked                        skipped
C:\WINDOWS\system32\config\SECURITY                     Object is locked                        skipped
C:\WINDOWS\system32\config\SECURITY.LOG                     Object is locked                        skipped
C:\WINDOWS\system32\config\SOFTWARE                     Object is locked                        skipped
C:\WINDOWS\system32\config\software.LOG                     Object is locked                        skipped
C:\WINDOWS\system32\config\SysEvent.Evt                     Object is locked                        skipped
C:\WINDOWS\system32\config\SYSTEM                       Object is locked                        skipped
C:\WINDOWS\system32\config\system.LOG                       Object is locked                        skipped
C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat                      Object is locked                        skipped
C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat                       Object is locked                        skipped
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat                      Object is locked                        skipped
C:\WINDOWS\system32\h323log.txt                     Object is locked                        skipped
C:\WINDOWS\system32\hfttkyed.dll                        Infected: Trojan.Win32.BHO.g                        skipped
C:\WINDOWS\system32\ntos.exe                        Object is locked                        skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR                        Object is locked                        skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP                        Object is locked                        skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER                      Object is locked                        skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP                     Object is locked                        skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP                     Object is locked                        skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA                     Object is locked                        skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP                      Object is locked                        skipped
C:\WINDOWS\system32\winfja32.dll                        Infected: Trojan.Win32.Agent.qt                     skipped
C:\WINDOWS\system32\wsnpoem\audio.dll                       Object is locked                        skipped
C:\WINDOWS\system32\wsnpoem\video.dll                       Object is locked                        skipped
C:\WINDOWS\wiadebug.log                     Object is locked                        skipped
C:\WINDOWS\wiaservc.log                     Object is locked                        skipped
C:\WINDOWS\WindowsUpdate.log                        Object is locked                        skippedScan process completed.

Edited by Nick Evan: Fixed formatting

0

Hi,
Download KillBox, extract it to your desktop.
Open Killbox.exe. Check the following box:-
Delete on Reboot

Highlight/select all the filenames given in the quote box below and then Copy them:

C:\WINDOWS\system32\hfttkyed.dll
C:\WINDOWS\system32\ntos.exe
C:\WINDOWS\system32\winfja32.dll
C:\WINDOWS\system32\wsnpoem\audio.dll
C:\WINDOWS\system32\wsnpoem\video.dll
C:\aqfcqnaq.exe
C:\WINDOWS\system32\shjkaecg.dll
C:\Documents and Settings\Kyle Zhang\Local Settings\Temporary Internet Files\Content.IE5\EUMAZSZ5\Search[1].htm
C:\Documents and Settings\Lawrence Zhang\Local Settings\Temporary Internet Files\Content.IE5\ADAPU5GN\50982_spoent-lb120x320[1].swf
C:\Documents and Settings\Lawrence Zhang\Local Settings\Temporary Internet Files\Content.IE5\WHY38TU3\65654_120x120_newny[1].swf
C:\Documents and Settings\Lawrence Zhang\Local Settings\Temporary Internet Files\Content.IE5\WHY38TU3\ah[1].js
C:\Documents and Settings\Lawrence Zhang\Local Settings\Temporary Internet Files\Content.IE5\ZQQBBUH0\roll[1].swf

Then in Killbox click "File Menu" > "Paste from Clipboard". At this point the "All Files" button should be enabled so you can click it. Click the "All Files" button.

Then click the Red X button and for the confirmation message that will appear, you will need to click "Yes". A second message will ask to Reboot now? You will need to click "Yes" to allow the reboot.

Note: Killbox will let you know if a file does not exist.

[If you have any issues with this method you can copy and paste the lines one at a time into the killbox top box. Then click the "Single File" button. Then click the Red X and for the confirmation message that will appear, you will need to click Yes. A second message will ask to Reboot now? you will need to click No until the last one at which time you click yes to allow the reboot.]

After the reboot, run HijackThis and click Do only a System scan.
Then put a check mark infront of below listed entries:-

F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\Userinit.exe,C:\WINDOWS\system32\ntos.exe,
O4 - HKLM\..\Run: [SoundService] rundll32.exe "C:\WINDOWS\system32\shjkaecg.dll",setvm
O4 - HKCU\..\Run: [userinit] C:\WINDOWS\system32\ntos.exe

Close all other open programs except Hijackthis and click the button Fix Checked in HijackThis.

Reboot the system once again. Run HijackThis again, click Do a System scan and save log, and post the fresh log.

0

Logfile of HijackThis v1.99.1
Scan saved at 3:05:41 PM, on 4/9/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\PMJ151LA.BIN
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymSCUI.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Garmin\gStart.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
C:\Documents and Settings\Kyle Zhang\Desktop\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com/search/de_srchlft.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gaiaonline.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearch.myway.com/jsp/dellsidebar.jsp?p=DE
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: 69.60.124.19 L2authd.lineage2.com
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SoundService] rundll32.exe "C:\WINDOWS\system32\ynxosbie.dll",setvm
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [gStart] C:\Garmin\gStart.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: dlbcserv.lnk = C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Heroplayer Online - C:\HEROSOFT\Hero Super Play\MPURLGET.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: hero player - {367E0A21-8601-4986-9C9A-153BF5ACA118} - C:\HEROSOFT\Hero Super Play\MPLAYER.EXE
O9 - Extra 'Tools' menuitem: hero player - {367E0A21-8601-4986-9C9A-153BF5ACA118} - C:\HEROSOFT\Hero Super Play\MPLAYER.EXE
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://behappy2002.spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: PMJ151 AutoLaunch Service (PMJ151LA) - Matsushita Electric Industrial Co. ,Ltd, - C:\WINDOWS\PMJ151LA.BIN
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

0

I think it's pretty much fixed, everything seems to be running normally, except my laptop's still a bit slower. Thanks for your help! Please tell me if you still see any problems, I'm giving you positive rep. ;D

0

I think it's pretty much fixed, everything seems to be running normally, except my laptop's still a bit slower. Thanks for your help! Please tell me if you still see any problems, I'm giving you positive rep. ;D

Actually, the browsers still pop up, but less often. I haven't seen any real sites pop up, only a browser with like... an IP address on it.

0

I just installed Symantec Norton Antivirus 2007 and scanned. It fixed a tracking cooking and a Backdoor.Trojan, but I'm still getting a few popups every once in a while telling me to "scan for viruses now, your computer is at risk!"

0

Fresher log:

Logfile of HijackThis v1.99.1
Scan saved at 9:30:25 PM, on 4/9/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\PMJ151LA.BIN
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Garmin\gStart.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Kyle Zhang\Desktop\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com/search/de_srchlft.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gaiaonline.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearch.myway.com/jsp/dellsidebar.jsp?p=DE
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: 69.60.124.19 L2authd.lineage2.com
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SoundService] rundll32.exe "C:\WINDOWS\system32\ynxosbie.dll",setvm
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [gStart] C:\Garmin\gStart.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: dlbcserv.lnk = C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Heroplayer Online - C:\HEROSOFT\Hero Super Play\MPURLGET.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: hero player - {367E0A21-8601-4986-9C9A-153BF5ACA118} - C:\HEROSOFT\Hero Super Play\MPLAYER.EXE
O9 - Extra 'Tools' menuitem: hero player - {367E0A21-8601-4986-9C9A-153BF5ACA118} - C:\HEROSOFT\Hero Super Play\MPLAYER.EXE
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://behappy2002.spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: PMJ151 AutoLaunch Service (PMJ151LA) - Matsushita Electric Industrial Co. ,Ltd, - C:\WINDOWS\PMJ151LA.BIN
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

0

Hi,
There are still some malware that needs to cleaned! Download and install AVG Anti-Spyware v7.5
(This is Ewido 4.0 renamed. If you already have Ewido installed, please update to AVG Anti-Spyware which has a special "clean driver" for removing persistent malware.)

  • After download, double click on the file to launch the install process.
  • Choose a language, click "OK" and then click "Next".
  • Read the "License Agreement" and click "I Agree".
  • Accept default installation path: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5, click "Next", then click "Install".
  • After setup completes, click "Finish" to start the program automatically or launch AVG Anti-Spyware by double-clicking its icon on your desktop or in the system tray.
  • The main "Status" menu will appear. Select "Change state" to inactivate 'Resident Shield' and 'Automatic Updates'. As AVG Anti-Spyware may interfere with some of our other fixes, we are temporarily disabling it's active protection features until your system is clean, then you can reenable them.
  • Then right click on AVG Anti-Spyware in the system tray and uncheck "Start with Windows".
  • Go to Start > Run and type: services.msc
  • Press "OK".
  • Click the "Extended tab" and scroll down the list to find AVG Anti-Spyware guard.
  • When you find the guard service, double-click on it.
  • In the Properties Window > General Tab that opens, click the "Stop" button.
  • From the drop-down menu next to "Startup Type", click on "Manual".
  • Now click "Apply", then "OK" and close the Services window.
  • Connect to the Internet, go back to AVG Anti-Spyware, select the "Update" button and click "Start update". Wait until you see the "Update successful" message. If you are having problems with the updater, manually update with the AVG Anti-Spyware Full database installer from here.
  • Exit AVG Anti-Spyware when done - DO NOT perform a scan yet.

Reboot your computer in "SAFE MODE" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Scan with AVG Anti-Spyware as follows:

  • Click on the "Scanner" button and choose the "Settings" tab.
  • Under "How to act?", click on "Recommended actions" and choose "Quarantine" to set default action for detected malware.
  • Under "How to Scan?", "Possibly unwanted software", and What to Scan?" leave all the default settings.
  • Under "Reports" select "Automatically generate report after every scan" and UNcheck "Only if threats were found".
  • Click the "Scan" tab to return to scanning options.
  • Click "Complete System Scan" to start.
  • When the scan has finished you will be presented with a list of infected objects found. Click "Apply all actions" to place the files in Quarantine.

IMPORTANT! Do not save the report before you have clicked the Apply all actions button. If you do, the log that is created will indicate "No action taken", making it more difficult to interpret the report. So be sure you save it only AFTER clicking the "Apply all actions" button.

  • Click on "Save Report" to view all completed scans. Click on the most recent scan you just performed and select "Save report as" - the default file name will be in date/time format as follows: Report-Scan-20060620-142816.txt. Save to your desktop. A copy of each report will also be saved in C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Reports\
  • Exit AVG Anti-Spyware when done, reboot normally and submit the log report in your next response.

Note: Close all open windows, programs, and DO NOT USE the computer while AVG Anti-Spyware is scanning. Doing so can hamper AVG Anti-Spyware's ability to clean properly and may result in reinfection.

AVG Anti-Spyware is free for 30 days and all the extensions of the full version will be activated. After the 30 day trial, active protection extensions will be deactivated and the program will turn into a feature-limited freeware version that you can continue to use as an on-demand scanner or you may purchase a license to use the full version. We are installing AVG AntiSpyware with its real-time protection disabled. Once your system is clean you may renable it so you can continue using this feature for the remainder of the trial period.


After the reboot, download The Avenger and extract it to Desktop.
Copy all the lines of text in the Quotebox below to your by highlighting them and pressing Ctrl+C: Code:

Files to delete:
C:\WINDOWS\system32\ynxosbie.dll

  • Now, start The Avenger program by clicking on its icon on your desktop.
  • Under "Script file to execute" choose "Input Script Manually".
  • Now click on the Magnifying Glass icon which will open a new window titled "View/edit script"
  • Paste the text copied to clipboard into this window by pressing Ctrl+V.
  • Click "Done".
  • Now click on the Green Light to begin execution of the script. Answer "Yes" twice when prompted.

The Avenger will automatically do the following:

  • It will Restart your computer.
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files that are deleted, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.

Please copy/paste the contents of C:\avenger.txt into your next reply along with the AVG AntiSpyware log and a fresh HijackThis log.

0

There wasn't a such file as: C:\WINDOWS\system32\ynxosbie.dll

Logfile of HijackThis v1.99.1
Scan saved at 9:05:45 PM, on 4/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\PMJ151LA.BIN
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Garmin\gStart.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Documents and Settings\Kyle Zhang\Desktop\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com/search/de_srchlft.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gaiaonline.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearch.myway.com/jsp/dellsidebar.jsp?p=DE
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: 69.60.124.19 L2authd.lineage2.com
O2 - BHO: ThunderIEHelper Class - {0005A87D-D626-4B3A-84F9-1D9571695F55} - C:\WINDOWS\system32\xunleibho_v8.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: (no name) - {483CC496-D041-4545-8D9E-2D64294F97B2} - C:\WINDOWS\system32\efcabxx.dll
O2 - BHO: (no name) - {67C55A8D-E808-4caa-9EA7-F77102DE0BB6} - C:\WINDOWS\system32\estqkduh.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {BB043E60-7A28-47E8-97A8-A0522C35353A} - C:\WINDOWS\system32\rqopp.dll
O2 - BHO: XBTBPos00 Class - {E552EEFC-DE97-45D4-BA1A-F534A1B4A579} - (no file)
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [gStart] C:\Garmin\gStart.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: dlbcserv.lnk = C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Heroplayer Online - C:\HEROSOFT\Hero Super Play\MPURLGET.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: hero player - {367E0A21-8601-4986-9C9A-153BF5ACA118} - C:\HEROSOFT\Hero Super Play\MPLAYER.EXE
O9 - Extra 'Tools' menuitem: hero player - {367E0A21-8601-4986-9C9A-153BF5ACA118} - C:\HEROSOFT\Hero Super Play\MPLAYER.EXE
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://behappy2002.spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: efcabxx - C:\WINDOWS\SYSTEM32\efcabxx.dll
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O20 - Winlogon Notify: rqopp - C:\WINDOWS\system32\rqopp.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winfja32 - winfja32.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: PMJ151 AutoLaunch Service (PMJ151LA) - Matsushita Electric Industrial Co. ,Ltd, - C:\WINDOWS\PMJ151LA.BIN
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 5:48:19 PM 4/11/2007

+ Scan result:

C:\Program Files\Common Files\Real\WeatherBug\MiniBugTransporter.dll -> Adware.Minibug : Ignored.
C:\WINDOWS\system32\efcabxx.dll -> Adware.Virtumonde : Ignored.
C:\WINDOWS\system32\mljgday.dll -> Adware.Virtumonde : Ignored.
C:\WINDOWS\system32\qomnmki.dll -> Adware.Virtumonde : Ignored.
C:\WINDOWS\system32\vtutsrr.dll -> Adware.Virtumonde : Ignored.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP746\A0157471.exe -> Downloader.Small.edb : Cleaned with backup (quarantined).
:mozilla.100:C:\Documents and Settings\Lawrence Zhang\Application Data\Mozilla\Firefox\Profiles\ajuxsqhl.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.101:C:\Documents and Settings\Lawrence Zhang\Application Data\Mozilla\Firefox\Profiles\ajuxsqhl.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.102:C:\Documents and Settings\Lawrence Zhang\Application Data\Mozilla\Firefox\Profiles\ajuxsqhl.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.103:C:\Documents and Settings\Lawrence Zhang\Application Data\Mozilla\Firefox\Profiles\ajuxsqhl.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.104:C:\Documents and Settings\Lawrence Zhang\Application Data\Mozilla\Firefox\Profiles\ajuxsqhl.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.105:C:\Documents and Settings\Lawrence Zhang\Application Data\Mozilla\Firefox\Profiles\ajuxsqhl.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.106:C:\Documents and Settings\Lawrence Zhang\Application Data\Mozilla\Firefox\Profiles\ajuxsqhl.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.107:C:\Documents and Settings\Lawrence Zhang\Application Data\Mozilla\Firefox\Profiles\ajuxsqhl.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.108:C:\Documents and Settings\Lawrence Zhang\Application Data\Mozilla\Firefox\Profiles\ajuxsqhl.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.109:C:\Documents and Settings\Lawrence Zhang\Application Data\Mozilla\Firefox\Profiles\ajuxsqhl.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.110:C:\Documents and Settings\Lawrence Zhang\Application Data\Mozilla\Firefox\Profiles\ajuxsqhl.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.111:C:\Documents and Settings\Lawrence Zhang\Application Data\Mozilla\Firefox\Profiles\ajuxsqhl.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.112:C:\Documents and Settings\Lawrence Zhang\Application Data\Mozilla\Firefox\Profiles\ajuxsqhl.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.113:C:\Documents and Settings\Lawrence Zhang\Application Data\Mozilla\Firefox\Profiles\ajuxsqhl.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.114:C:\Documents and Settings\Lawrence Zhang\Application Data\Mozilla\Firefox\Profiles\ajuxsqhl.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.302:C:\Documents and Settings\Lawrence Zhang\Application Data\Mozilla\Firefox\Profiles\ajuxsqhl.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.333:C:\Documents and Settings\Lawrence Zhang\Application Data\Mozilla\Firefox\Profiles\ajuxsqhl.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.355:C:\Documents and Settings\Lawrence Zhang\Application Data\Mozilla\Firefox\Profiles\ajuxsqhl.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.365:C:\Documents and Settings\Lawrence Zhang\Application Data\Mozilla\Firefox\Profiles\ajuxsqhl.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.394:C:\Documents and Settings\Lawrence Zhang\Application Data\Mozilla\Firefox\Profiles\ajuxsqhl.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.474:C:\Documents and Settings\Lawrence Zhang\Application Data\Mozilla\Firefox\Profiles\ajuxsqhl.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.52:C:\Documents and Settings\Lin Yang\Application Data\Mozilla\Firefox\Profiles\6tw10lx9.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.53:C:\Documents and Settings\Lin Yang\Application Data\Mozilla\Firefox\Profiles\6tw10lx9.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.54:C:\Documents and Settings\Lin Yang\Application Data\Mozilla\Firefox\Profiles\6tw10lx9.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.64:C:\Documents and Settings\Kyle Zhang\Application Data\Mozilla\Firefox\Profiles\rjrv6uo9.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.65:C:\Documents and Settings\Kyle Zhang\Application Data\Mozilla\Firefox\Profiles\rjrv6uo9.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.66:C:\Documents and Settings\Kyle Zhang\Application Data\Mozilla\Firefox\Profiles\rjrv6uo9.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.88:C:\Documents and Settings\Lawrence Zhang\Application Data\Mozilla\Firefox\Profiles\ajuxsqhl.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.99:C:\Documents and Settings\Lawrence Zhang\Application Data\Mozilla\Firefox\Profiles\ajuxsqhl.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Kyle Zhang\Cookies\kyle_zhang@gaiainteractive.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.112:C:\Documents and Settings\Kyle Zhang\Application Data\Mozilla\Firefox\Profiles\rjrv6uo9.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.95:C:\Documents and Settings\Kyle Zhang\Application Data\Mozilla\Firefox\Profiles\rjrv6uo9.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.96:C:\Documents and Settings\Kyle Zhang\Application Data\Mozilla\Firefox\Profiles\rjrv6uo9.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.97:C:\Documents and Settings\Kyle Zhang\Application Data\Mozilla\Firefox\Profiles\rjrv6uo9.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.98:C:\Documents and Settings\Kyle Zhang\Application Data\Mozilla\Firefox\Profiles\rjrv6uo9.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.28:C:\Documents and Settings\Lawrence Zhang\Application Data\Mozilla\Firefox\Profiles\ajuxsqhl.default\cookies.txt -> TrackingCookie.Addynamix : Cleaned.
:mozilla.29:C:\Documents and Settings\Lawrence Zhang\Application Data\Mozilla\Firefox\Profiles\ajuxsqhl.default\cookies.txt -> TrackingCookie.Addynamix : Cleaned.
:mozilla.70:C:\Documents and Settings\Kyle Zhang\Application Data\Mozilla\Firefox\Profiles\rjrv6uo9.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.71:C:\Documents and Settings\Kyle Zhang\Application Data\Mozilla\Firefox\Profiles\rjrv6uo9.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.72:C:\Documents and Settings\Kyle Zhang\Application Data\Mozilla\Firefox\Profiles\rjrv6uo9.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.360:C:\Documents and Settings\Lawrence Zhang\Application Data\Mozilla\Firefox\Profiles\ajuxsqhl.default\cookies.txt -> TrackingCookie.Adobe : Cleaned.
:mozilla.203:C:\Documents and Settings\Kyle Zhang\Application Data\Mozilla\Firefox\Profiles\rjrv6uo9.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.204:C:\Documents and Settings\Kyle Zhang\Application Data\Mozilla\Firefox\Profiles\rjrv6uo9.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.205:C:\Documents and Settings\Kyle Zhang\Application Data\Mozilla\Firefox\Profiles\rjrv6uo9.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.206:C:\Documents and Settings\Kyle Zhang\Application Data\Mozilla\Firefox\Profiles\rjrv6uo9.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.207:C:\Documents and Settings\Kyle Zhang\Application Data\Mozilla\Firefox\Profiles\rjrv6uo9.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.208:C:\Documents and Settings\Kyle Zhang\Application Data\Mozilla\Firefox\Profiles\rjrv6uo9.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.253:C:\Documents and Settings\Lawrence Zhang\Application Data\Mozilla\Firefox\Profiles\ajuxsqhl.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.254:C:\Documents and Settings\Lawrence Zhang\Application Data\Mozilla\Firefox\Profiles\ajuxsqhl.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.255:C:\Documents and Settings\Lawrence Zhang\Application Data\Mozilla\Firefox\Profiles\ajuxsqhl.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.256:C:\Documents and Settings\Lawrence Zhang\Application Data\Mozilla\Firefox\Profiles\ajuxsqhl.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.257:C:\Documents and Settings\Lawrence Zhang\Application Data\Mozilla\Firefox\Profiles\ajuxsqhl.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.258:C:\Documents and Settings\Lawrence Zhang\Application Data\Mozilla\Firefox\Profiles\ajuxsqhl.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.198:C:\Documents and Settings\Kyle Zhang\Application Data\Mozilla\Firefox\Profiles\rjrv6uo9.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.199:C:\Documents and Settings\Kyle Zhang\Application Data\Mozilla\Firefox\Profiles\rjrv6uo9.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.19:C:\Documents and Settings\Lawrence Zhang\Application Data\Mozilla\Firefox\Profiles\ajuxsqhl.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.200:C:\Documents and Settings\Kyle Zhang\Application Data\Mozilla\Firefox\Profiles\rjrv6uo9.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.201:C:\Documents and Settings\Kyle Zhang\Application Data\Mozilla\Firefox\Profiles\rjrv6uo9.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.202:C:\Documents and Settings\Kyle Zhang\Application Data\Mozilla\Firefox\Profiles\rjrv6uo9.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.20:C:\Documents and Settings\Lawrence Zhang\Application Data\Mozilla\Firefox\Profiles\ajuxsqhl.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.21:C:\Documents and Settings\Lawrence Zhang\Application Data\Mozilla\Firefox\Profiles\ajuxsqhl.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.21:C:\Documents and Settings\Lin Yang\Application Data\Mozilla\Firefox\Profiles\6tw10lx9.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.22:C:\Documents and Settings\Lawrence Zhang\Application Data\Mozilla\Firefox\Profiles\ajuxsqhl.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.22:C:\Documents and Settings\Lin Yang\Application Data\Mozilla\Firefox\Profiles\6tw10lx9.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.23:C:\Documents and Settings\Lawrence Zhang\Application Data\Mozilla\Firefox\Profiles\ajuxsqhl.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\Kyle Zhang\Cookies\kyle_zhang@advertising[1].txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.14:C:\Documents and Settings\Lin Yang\Application Data\Mozilla\Firefox\Profiles\6tw10lx9.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.47:C:\Documents and Settings\Kyle Zhang\Application Data\Mozilla\Firefox\Profiles\rjrv6uo9.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.58:C:\Documents and Settings\Lawrence Zhang\Application Data\Mozilla\Firefox\Profiles\ajuxsqhl.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Kyle Zhang\Cookies\kyle_zhang@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Lin Yang\Cookies\lin [email]yang@atdmt[2].txt[/email] -> TrackingCookie.Atdmt : Cleaned.
:mozilla.464:C:\Documents and Settings\Lawrence Zhang\Application Data\Mozilla\Firefox\Profiles\ajuxsqhl.default\cookies.txt -> TrackingCookie.Bfast : Cleaned.
:mozilla.72:C:\Documents and Settings\Lin Yang\Application Data\Mozilla\Firefox\Profiles\6tw10lx9.default\cookies.txt -> TrackingCookie.Bfast : Cleaned.
:mozilla.73:C:\Documents and Settings\Lin Yang\Application Data\Mozilla\Firefox\Profiles\6tw10lx9.default\cookies.txt -> TrackingCookie.Bfast : Cleaned.
C:\Documents and Settings\Lin Yang\Cookies\lin [email]yang@bfast[1].txt[/email] -> TrackingCookie.Bfast : Cleaned.
:mozilla.463:C:\Documents and Settings\Lawrence Zhang\Application Data\Mozilla\Firefox\Profiles\ajuxsqhl.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned.
:mozilla.15:C:\Documents and Settings\Lin Yang\Application Data\Mozilla\Firefox\Profiles\6tw10lx9.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.16:C:\Documents and Settings\Lin Yang\Application Data\Mozilla\Firefox\Profiles\6tw10lx9.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.17:C:\Documents and Settings\Lin Yang\Application Data\Mozilla\Firefox\Profiles\6tw10lx9.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.377:C:\Documents and Settings\Lawrence Zhang\Application Data\Mozilla\Firefox\Profiles\ajuxsqhl.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.330:C:\Documents and Settings\Lawrence Zhang\Application Data\Mozilla\Firefox\Profiles\ajuxsqhl.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.213:C:\Documents and Settings\Kyle Zhang\Application Data\Mozilla\Firefox\Profiles\rjrv6uo9.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.214:C:\Documents and Settings\Kyle Zhang\Application Data\Mozilla\Firefox\Profiles\rjrv6uo9.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.215:C:\Documents and Settings\Kyle Zhang\Application Data\Mozilla\Firefox\Profiles\rjrv6uo9.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.266:C:\Documents and Settings\Lawrence Zhang\Application Data\Mozilla\Firefox\Profiles\ajuxsqhl.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.503:C:\Documents and Settings\Lawrence Zhang\Application Data\Mozilla\Firefox\Profiles\ajuxsqhl.default\cookies.txt -> TrackingCookie.Centrport : Cleaned.
:mozilla.169:C:\Documents and Settings\Kyle Zhang\Application Data\Mozilla\Firefox\Profiles\rjrv6uo9.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.11:C:\Documents and Settings\Lin Yang\Application Data\Mozilla\Firefox\Profiles\6tw10lx9.default\cookies.txt -> TrackingCookie.Coremetrics : Cleaned.
:mozilla.374:C:\Documents and Settings\Lawrence Zhang\Application Data\Mozilla\Firefox\Profiles\ajuxsqhl.default\cookies.txt -> TrackingCookie.Coremetrics : Cleaned.
C:\Documents and Settings\Kyle Zhang\Cookies\kyle_zhang@cpvfeed[1].txt -> TrackingCookie.Cpvfeed : Cleaned.
C:\Documents and Settings\Lawrence Zhang\Cookies\lawrence_zhang@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.148:C:\Documents and Settings\Lawrence Zhang\Application Data\Mozilla\Firefox\Profiles\ajuxsqhl.default\cookies.txt -> TrackingCookie.Dealtime : Cleaned.
:mozilla.149:C:\Documents and Settings\Lawrence Zhang\Application Data\Mozilla\Firefox\Profiles\ajuxsqhl.default\cookies.txt -> TrackingCookie.Dealtime : Cleaned.
:mozilla.10:C:\Documents and Settings\Lin Yang\Application Data\Mozilla\Firefox\Profiles\6tw10lx9.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.27:C:\Documents and Settings\Lawrence Zhang\Application Data\Mozilla\Firefox\Profiles\ajuxsqhl.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.42:C:\Documents and Settings\Kyle Zhang\Application Data\Mozilla\Firefox\Profiles\rjrv6uo9.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Kyle Zhang\Cookies\kyle_zhang@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Lawrence Zhang\Cookies\lawrence_zhang@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Lin Yang\Cookies\lin [email]yang@doubleclick[1].txt[/email] -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.146:C:\Documents and Settings\Lawrence Zhang\Application Data\Mozilla\Firefox\Profiles\ajuxsqhl.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.147:C:\Documents and Settings\Lawrence Zhang\Application Data\Mozilla\Firefox\Profiles\ajuxsqhl.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.259:C:\Documents and Settings\Lawrence Zhang\Application Data\Mozilla\Firefox\Profiles\ajuxsqhl.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.263:C:\Documents and Settings\Lawrence Zhang\Application Data\Mozilla\Firefox\Profiles\ajuxsqhl.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.264:C:\Documents and Settings\Lawrence Zhang\Application Data\Mozilla\Firefox\Profiles\ajuxsqhl.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\Kyle Zhang\Cookies\kyle_zhang@fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\Lawrence Zhang\Cookies\lawrence_zhang@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.150:C:\Documents and Settings\Lawrence Zhang\Application Data\Mozilla\Firefox\Profiles\ajuxsqhl.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.131:C:\Documents and Settings\Lawrence Zhang\Application Data\Mozilla\Firefox\Profiles\ajuxsqhl.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.132:C:\Documents and Settings\Lawrence Zhang\Application Data\Mozilla\Firefox\Profiles\ajuxsqhl.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.141:C:\Documents and Settings\Kyle Zhang\Application Data\Mozilla\Firefox\Profiles\rjrv6uo9.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.142:C:\Documents and Settings\Kyle Zhang\Application Data\Mozilla\Firefox\Profiles\rjrv6uo9.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.145:C:\Documents and Settings\Kyle Zhang\Application Data\Mozilla\Firefox\Profiles\rjrv6uo9.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.241:C:\Documents and Settings\Lawrence Zhang\Application Data\Mozilla\Firefox\Profiles\ajuxsqhl.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.242:C:\Documents and Settings\Lawrence Zhang\Application Data\Mozilla\Firefox\Profiles\ajuxsqhl.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.243:C:\Documents and Settings\Lawrence Zhang\Application Data\Mozilla\Firefox\Profiles\ajuxsqhl.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Kyle Zhang\Cookies\kyle_zhang@ehg-maniatv.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Kyle Zhang\Cookies\kyle_zhang@ehg-pcsecurityshield.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Kyle Zhang\Cookies\kyle_zhang@hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Lawrence Zhang\Cookies\lawrence_zhang@ehg-maniatv.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Lawrence Zhang\Cookies\lawrence_zhang@hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.448:C:\Documents and Settings\Lawrence Zhang\Application Data\Mozilla\Firefox\Profiles\ajuxsqhl.default\cookies.txt -> TrackingCookie.Hypertracker : Cleaned.
:mozilla.64:C:\Documents and Settings\Lawrence Zhang\Application Data\Mozilla\Firefox\Profiles\ajuxsqhl.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.67:C:\Documents and Settings\Lawrence Zhang\Application Data\Mozilla\Firefox\Profiles\ajuxsqhl.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
C:\Documents and Settings\Lin Yang\Cookies\lin [email]yang@linksynergy[1].txt[/email] -> TrackingCookie.Linksynergy : Cleaned.
:mozilla.189:C:\Documents and Settings\Lawrence Zhang\Application Data\Mozilla\Firefox\Profiles\ajuxsqhl.default\cookies.txt -> TrackingCookie.Live : Cleaned.
:mozilla.190:C:\Documents and Settings\Lawrence Zhang\Application Data\Mozilla\Firefox\Profiles\ajuxsqhl.default\cookies.txt -> TrackingCookie.Live : Cleaned.
:mozilla.191:C:\Documents and Settings\Lawrence Zhang\Application Data\Mozilla\Firefox\Profiles\ajuxsqhl.default\cookies.txt -> TrackingCookie.Live : Cleaned.
:mozilla.238:C:\Documents and Settings\Lawrence Zhang\Application Data\Mozilla\Firefox\Profiles\ajuxsqhl.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.239:C:\Documents and Settings\Lawrence Zhang\Application Data\Mozilla\Firefox\Profiles\ajuxsqhl.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.240:C:\Documents and Settings\Lawrence Zhang\Application Data\Mozilla\Firefox\Profiles\ajuxsqhl.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.338:C:\Documents and Settings\Lawrence Zhang\Application Data\Mozilla\Firefox\Profiles\ajuxsqhl.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.339:C:\Documents and Settings\Lawrence Zhang\Application Data\Mozilla\Firefox\Profiles\ajuxsqhl.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.69:C:\Documents and Settings\Lin Yang\Application Data\Mozilla\Firefox\Profiles\6tw10lx9.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.78:C:\Documents and Settings\Lin Yang\Application Data\Mozilla\Firefox\Profiles\6tw10lx9.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.79:C:\Documents and Settings\Lin Yang\Application Data\Mozilla\Firefox\Profiles\6tw10lx9.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
C:\Documents and Settings\Lin Yang\Cookies\lin [email]yang@sales.liveperson[2].txt[/email] -> TrackingCookie.Liveperson : Cleaned.
C:\Documents and Settings\Lin Yang\Cookies\lin [email]yang@server.iad.liveperson[2].txt[/email] -> TrackingCookie.Liveperson : Cleaned.
:mozilla.28:C:\Documents and Settings\Kyle Zhang\Application Data\Mozilla\Firefox\Profiles\rjrv6uo9.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.30:C:\Documents and Settings\Lawrence Zhang\Application Data\Mozilla\Firefox\Profiles\ajuxsqhl.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.31:C:\Documents and Settings\Lawrence Zhang\Application Data\Mozilla\Firefox\Profiles\ajuxsqhl.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.56:C:\Documents and Settings\Lin Yang\Application Data\Mozilla\Firefox\Profiles\6tw10lx9.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\Kyle Zhang\Cookies\kyle_zhang@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\Lawrence Zhang\Cookies\lawrence_zhang@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.73:C:\Documents and Settings\Kyle Zhang\Application Data\Mozilla\Firefox\Profiles\rjrv6uo9.default\cookies.txt -> TrackingCookie.Myaffiliateprogram : Cleaned.
:mozilla.74:C:\Documents and Settings\Kyle Zhang\Application Data\Mozilla\Firefox\Profiles\rjrv6uo9.default\cookies.txt -> TrackingCookie.Myaffiliateprogram : Cleaned.
:mozilla.12:C:\Documents and Settings\Kyle Zhang\Application Data\Mozilla\Firefox\Profiles\rjrv6uo9.default\cookies.txt -> TrackingCookie.Netflame : Cleaned.
:mozilla.284:C:\Documents and Settings\Lawrence Zhang\Application Data\Mozilla\Firefox\Profiles\ajuxsqhl.default\cookies.txt -> TrackingCookie.Netflame : Cleaned.
:mozilla.133:C:\Documents and Settings\Lawrence Zhang\Application Data\Mozilla\Firefox\Profiles\ajuxsqhl.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.134:C:\Documents and Settings\Lawrence Zhang\Application Data\Mozilla\Firefox\Profiles\ajuxsqhl.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.135:C:\Documents and Settings\Lawrence Zhang\Application Data\Mozilla\Firefox\Profiles\ajuxsqhl.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.435:C:\Documents and Settings\Lawrence Zhang\Application Data\Mozilla\Firefox\Profiles\ajuxsqhl.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.61:C:\Documents and Settings\Lin Yang\Application Data\Mozilla\Firefox\Profiles\6tw10lx9.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Lin Yang\Cookies\lin [email]yang@data1.perf.overture[2].txt[/email] -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Lin Yang\Cookies\lin [email]yang@data2.perf.overture[1].txt[/email] -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Lin Yang\Cookies\lin [email]yang@overture[1].txt[/email] -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Lin Yang\Cookies\lin [email]yang@perf.overture[1].txt[/email] -> TrackingCookie.Overture : Cleaned.
:mozilla.100:C:\Documents and Settings\Kyle Zhang\Application Data\Mozilla\Firefox\Profiles\rjrv6uo9.default\cookies.txt -> TrackingCookie.Paypal : Cleaned.
:mozilla.18:C:\Documents and Settings\Lawrence Zhang\Application Data\Mozilla\Firefox\Profiles\ajuxsqhl.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.24:C:\Documents and Settings\Lawrence Zhang\Application Data\Mozilla\Firefox\Profiles\ajuxsqhl.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.25:C:\Documents and Settings\Lawrence Zhang\Application Data\Mozilla\Firefox\Profiles\ajuxsqhl.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.26:C:\Documents and Settings\Lawrence Zhang\Application Data\Mozilla\Firefox\Profiles\ajuxsqhl.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.34:C:\Documents and Settings\Lin Yang\Application Data\Mozilla\Firefox\Profiles\6tw10lx9.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.35:C:\Documents and Settings\Lin Yang\Application Data\Mozilla\Firefox\Profiles\6tw10lx9.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.36:C:\Documents and Settings\Lin Yang\Application Data\Mozilla\Firefox\Profiles\6tw10lx9.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.37:C:\Documents and Settings\Lin Yang\Application Data\Mozilla\Firefox\Profiles\6tw10lx9.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.126:C:\Documents and Settings\Lawrence Zhang\Application Data\Mozilla\Firefox\Profiles\ajuxsqhl.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.127:C:\Documents and Settings\Lawrence Zhang\Application Data\Mozilla\Firefox\Profiles\ajuxsqhl.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.48:C:\Documents and Settings\Kyle Zhang\Application Data\Mozilla\Firefox\Profiles\rjrv6uo9.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.49:C:\Documents and Settings\Kyle Zhang\Application Data\Mozilla\Firefox\Profiles\rjrv6uo9.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\Lin Yang\Cookies\lin [email]yang@questionmarket[1].txt[/email] -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.196:C:\Documents and Settings\Lawrence Zhang\Application Data\Mozilla\Firefox\Profiles\ajuxsqhl.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.197:C:\Documents and Settings\Lawrence Zhang\Application Data\Mozilla\Firefox\Profiles\ajuxsqhl.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.198:C:\Documents and Settings\Lawrence Zhang\Application Data\Mozilla\Firefox\Profiles\ajuxsqhl.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.14:C:\Documents and Settings\Kyle Zhang\Application Data\Mozilla\Firefox\Profiles\rjrv6uo9.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.16:C:\Documents and Settings\Kyle Zhang\Application Data\Mozilla\Firefox\Profiles\rjrv6uo9.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.17:C:\Documents and Settings\Kyle Zhang\Application Data\Mozilla\Firefox\Profiles\rjrv6uo9.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.18:C:\Documents and Settings\Kyle Zhang\Application Data\Mozilla\Firefox\Profiles\rjrv6uo9.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.21:C:\Documents and Settings\Kyle Zhang\Application Data\Mozilla\Firefox\Profiles\rjrv6uo9.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.22:C:\Documents and Settings\Kyle Zhang\Application Data\Mozilla\Firefox\Profiles\rjrv6uo9.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.23:C:\Documents and Settings\Kyle Zhang\Application Data\Mozilla\Firefox\Profiles\rjrv6uo9.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.24:C:\Documents and Settings\Kyle Zhang\Application Data\Mozilla\Firefox\Profiles\rjrv6uo9.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.25:C:\Documents and Settings\Kyle Zhang\Application Data\Mozilla\Firefox\Profiles\rjrv6uo9.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.26:C:\Documents and Settings\Kyle Zhang\Application Data\Mozilla\Firefox\Profiles\rjrv6uo9.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.27:C:\Documents and Settings\Kyle Zhang\Application Data\Mozilla\Firefox\Profiles\rjrv6uo9.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
C:\Documents and Settings\Kyle Zhang\Cookies\kyle_zhang@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Cleaned.
C:\Documents and Settings\Lawrence Zhang\Cookies\lawrence_zhang@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.248:C:\Documents and Settings\Lawrence Zhang\Application Data\Mozilla\Firefox\Profiles\ajuxsqhl.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.297:C:\Documents and Settings\Lawrence Zhang\Application Data\Mozilla\Firefox\Profiles\ajuxsqhl.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.298:C:\Documents and Settings\Lawrence Zhang\Application Data\Mozilla\Firefox\Profiles\ajuxsqhl.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.299:C:\Documents and Settings\Lawrence Zhang\Application Data\Mozilla\Firefox\Profiles\ajuxsqhl.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.300:C:\Documents and Settings\Lawrence Zhang\Application Data\Mozilla\Firefox\Profiles\ajuxsqhl.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.301:C:\Documents and Settings\Lawrence Zhang\Application Data\Mozilla\Firefox\Profiles\ajuxsqhl.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.58:C:\Documents and Settings\Kyle Zhang\Application Data\Mozilla\Firefox\Profiles\rjrv6uo9.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.59:C:\Documents and Settings\Kyle Zhang\Application Data\Mozilla\Firefox\Profiles\rjrv6uo9.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.60:C:\Documents and Settings\Kyle Zhang\Application Data\Mozilla\Firefox\Profiles\rjrv6uo9.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.61:C:\Documents and Settings\Kyle Zhang\Application Data\Mozilla\Firefox\Profiles\rjrv6uo9.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.62:C:\Documents and Settings\Kyle Zhang\Application Data\Mozilla\Firefox\Profiles\rjrv6uo9.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
C:\Documents and Settings\Kyle Zhang\Cookies\kyle_zhang@revsci[2].txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.209:C:\Documents and Settings\Kyle Zhang\Application Data\Mozilla\Firefox\Profiles\rjrv6uo9.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.210:C:\Documents and Settings\Kyle Zhang\Application Data\Mozilla\Firefox\Profiles\rjrv6uo9.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.28:C:\Documents and Settings\Lin Yang\Application Data\Mozilla\Firefox\Profiles\6tw10lx9.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.29:C:\Documents and Settings\Lin Yang\Application Data\Mozilla\Firefox\Profiles\6tw10lx9.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.378:C:\Documents and Settings\Lawrence Zhang\Application Data\Mozilla\Firefox\Profiles\ajuxsqhl.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.379:C:\Documents and Settings\Lawrence Zhang\Application Data\Mozilla\Firefox\Profiles\ajuxsqhl.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
C:\Documents and Settings\Kyle Zhang\Cookies\kyle_zhang@edge.ru4[2].txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.178:C:\Documents and Settings\Lawrence Zhang\Application Data\Mozilla\Firefox\Profiles\ajuxsqhl.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.179:C:\Documents and Settings\Lawrence Zhang\Application Data\Mozilla\Firefox\Profiles\ajuxsqhl.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.180:C:\Documents and Settings\Lawrence Zhang\Application Data\Mozilla\Firefox\Profiles\ajuxsqhl.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.181:C:\Documents and Settings\Lawrence Zhang\Application Data\Mozilla\Firefox\Profiles\ajuxsqhl.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.182:C:\Documents and Settings\Lawrence Zhang\Application Data\Mozilla\Firefox\Profiles\ajuxsqhl.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.183:C:\Documents and Settings\Lawrence Zhang\Application Data\Mozilla\Firefox\Profiles\ajuxsqhl.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.362:C:\Documents and Settings\Lawrence Zhang\Application Data\Mozilla\Firefox\Profiles\ajuxsqhl.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.101:C:\Documents and Settings\Kyle Zhang\Application Data\Mozilla\Firefox\Profiles\rjrv6uo9.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.187:C:\Documents and Settings\Kyle Zhang\Application Data\Mozilla\Firefox\Profiles\rjrv6uo9.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.189:C:\Documents and Settings\Kyle Zhang\Application Data\Mozilla\Firefox\Profiles\rjrv6uo9.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Kyle Zhang\Cookies\kyle_zhang@targetnet[2].txt -> TrackingCookie.Targetnet : Cleaned.
:mozilla.113:C:\Documents and Settings\Kyle Zhang\Application Data\Mozilla\Firefox\Profiles\rjrv6uo9.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.114:C:\Documents and Settings\Kyle Zhang\Application Data\Mozilla\Firefox\Profiles\rjrv6uo9.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.115:C:\Documents and Settings\Kyle Zhang\Application Data\Mozilla\Firefox\Profiles\rjrv6uo9.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.116:C:\Documents and Settings\Kyle Zhang\Application Data\Mozilla\Firefox\Profiles\rjrv6uo9.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.117:C:\Documents and Settings\Kyle Zhang\Application Data\Mozilla\Firefox\Profiles\rjrv6uo9.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.118:C:\Documents and Settings\Kyle Zhang\Application Data\Mozilla\Firefox\Profiles\rjrv6uo9.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.119:C:\Documents and Settings\Kyle Zhang\Application Data\Mozilla\Firefox\Profiles\rjrv6uo9.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.380:C:\Documents and Settings\Lawrence Zhang\Application Data\Mozilla\Firefox\Profiles\ajuxsqhl.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.381:C:\Documents and Settings\Lawrence Zhang\Application Data\Mozilla\Firefox\Profiles\ajuxsqhl.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
C:\Documents and Settings\Kyle Zhang\Cookies\kyle_zhang@trafficmp[1].txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.145:C:\Documents and Settings\Lawrence Zhang\Application Data\Mozilla\Firefox\Profiles\ajuxsqhl.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.46:C:\Documents and Settings\Kyle Zhang\Application Data\Mozilla\Firefox\Profiles\rjrv6uo9.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\Kyle Zhang\Cookies\kyle_zhang@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.326:C:\Documents and Settings\Lawrence Zhang\Application Data\Mozilla\Firefox\Profiles\ajuxsqhl.default\cookies.txt -> TrackingCookie.Webtrends : Cleaned.
:mozilla.12:C:\Documents and Settings\Lin Yang\Application Data\Mozilla\Firefox\Profiles\6tw10lx9.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.185:C:\Documents and Settings\Lawrence Zhang\Application Data\Mozilla\Firefox\Profiles\ajuxsqhl.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.106:C:\Documents and Settings\Kyle Zhang\Application Data\Mozilla\Firefox\Profiles\rjrv6uo9.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.107:C:\Documents and Settings\Kyle Zhang\Application Data\Mozilla\Firefox\Profiles\rjrv6uo9.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.175:C:\Documents and Settings\Lawrence Zhang\Application Data\Mozilla\Firefox\Profiles\ajuxsqhl.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.176:C:\Documents and Settings\Lawrence Zhang\Application Data\Mozilla\Firefox\Profiles\ajuxsqhl.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Kyle Zhang\Cookies\kyle_zhang@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.197:C:\Documents and Settings\Kyle Zhang\Application Data\Mozilla\Firefox\Profiles\rjrv6uo9.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.305:C:\Documents and Settings\Lawrence Zhang\Application Data\Mozilla\Firefox\Profiles\ajuxsqhl.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.306:C:\Documents and Settings\Lawrence Zhang\Application Data\Mozilla\Firefox\Profiles\ajuxsqhl.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
C:\Documents and Settings\Kyle Zhang\Cookies\kyle_zhang@zedo[2].txt -> TrackingCookie.Zedo : Cleaned.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP750\A0159935.dll -> Trojan.Agent.qt : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP753\A0160256.dll -> Trojan.Agent.qt : Cleaned with backup (quarantined).


::Report end

0

Hi,
It's the nasty Vundo adware! We will now remove it for good! Please download
VundoFix.exe to your desktop.

  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files,
    click YES
  • Once you click yes, your desktop will go blank as it starts removing
    Vundo.
  • When completed, it will prompt that it will shutdown your computer,
    click OK.
  • Turn your computer back on.
  • Please post the contents of C:\vundofix.txt and a new
    HiJackThis log.

Note: It is possible that VundoFix encountered a file it could not
remove.
In this case, VundoFix will run on reboot, simply follow the above
instructions starting from "Click the Scan for

Vundo button." when VundoFix appears at reboot.

0

VundoFix V6.3.19

Checking Java version...

Java version is 1.4.2.3
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.3
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.10

Scan started at 2:52:33 PM 4/12/2007

Listing files found while scanning....

C:\WINDOWS\system32\estqkduh.dll
C:\WINDOWS\system32\hfttkyed.dll
C:\WINDOWS\system32\ihhjl.bak1
C:\WINDOWS\system32\ihhjl.ini
C:\WINDOWS\system32\jartdrkv.dll
C:\WINDOWS\system32\jkkkk.dll
C:\WINDOWS\system32\kkkkj.bak1
C:\WINDOWS\system32\kkkkj.ini
C:\WINDOWS\system32\ljhhi.dll
C:\WINDOWS\system32\mljgday.dll
C:\WINDOWS\system32\nqbuertr.ini
C:\WINDOWS\system32\rqopp.dll
C:\WINDOWS\system32\rtreubqn.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\estqkduh.dll
C:\WINDOWS\system32\estqkduh.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ihhjl.bak1
C:\WINDOWS\system32\ihhjl.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\ihhjl.ini
C:\WINDOWS\system32\ihhjl.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\jartdrkv.dll
C:\WINDOWS\system32\jartdrkv.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\jkkkk.dll
C:\WINDOWS\system32\jkkkk.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\kkkkj.bak1
C:\WINDOWS\system32\kkkkj.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\kkkkj.ini
C:\WINDOWS\system32\kkkkj.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\ljhhi.dll
C:\WINDOWS\system32\ljhhi.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\mljgday.dll
C:\WINDOWS\system32\mljgday.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\nqbuertr.ini
C:\WINDOWS\system32\nqbuertr.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\rqopp.dll
C:\WINDOWS\system32\rqopp.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\rtreubqn.dll
C:\WINDOWS\system32\rtreubqn.dll Has been deleted!

Performing Repairs to the registry.
Done!

Logfile of HijackThis v1.99.1
Scan saved at 3:17:31 PM, on 4/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\PMJ151LA.BIN
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Garmin\gStart.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\Kyle Zhang\Desktop\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com/search/de_srchlft.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gaiaonline.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearch.myway.com/jsp/dellsidebar.jsp?p=DE
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: 69.60.124.19 L2authd.lineage2.com
O2 - BHO: ThunderIEHelper Class - {0005A87D-D626-4B3A-84F9-1D9571695F55} - C:\WINDOWS\system32\xunleibho_v8.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {232200B3-9D33-4908-8862-BD3DD8F8804B} - C:\WINDOWS\system32\jkkkk.dll (file missing)
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: (no name) - {483CC496-D041-4545-8D9E-2D64294F97B2} - C:\WINDOWS\system32\efcabxx.dll
O2 - BHO: (no name) - {60630D22-A84A-4B1F-8524-4C2E45B38C2F} - C:\WINDOWS\system32\rqopp.dll (file missing)
O2 - BHO: (no name) - {67C55A8D-E808-4caa-9EA7-F77102DE0BB6} - C:\WINDOWS\system32\estqkduh.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {899AD04A-C96E-4378-BFE6-2B2B158DD643} - C:\WINDOWS\system32\ljhhi.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {C7F0B604-357D-45F6-A9B1-9D47FCC161AF} - C:\WINDOWS\system32\rqopp.dll (file missing)
O2 - BHO: XBTBPos00 Class - {E552EEFC-DE97-45D4-BA1A-F534A1B4A579} - (no file)
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [PrintDrive] rundll32.exe "C:\WINDOWS\system32\rtreubqn.dll",setvm
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [gStart] C:\Garmin\gStart.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: dlbcserv.lnk = C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Heroplayer Online - C:\HEROSOFT\Hero Super Play\MPURLGET.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: hero player - {367E0A21-8601-4986-9C9A-153BF5ACA118} - C:\HEROSOFT\Hero Super Play\MPLAYER.EXE
O9 - Extra 'Tools' menuitem: hero player - {367E0A21-8601-4986-9C9A-153BF5ACA118} - C:\HEROSOFT\Hero Super Play\MPLAYER.EXE
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://behappy2002.spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: efcabxx - C:\WINDOWS\SYSTEM32\efcabxx.dll
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winfja32 - winfja32.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: PMJ151 AutoLaunch Service (PMJ151LA) - Matsushita Electric Industrial Co. ,Ltd, - C:\WINDOWS\PMJ151LA.BIN
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

0

Hi,
Please download VirtumundoBeGone.exe:
1. Save it to your Desktop.
2. Locate and double-click VirtumundoBeGone.exe to run it.
3. Follow the instructions. Do not worry if you see a BLUE SCREEN "Fatal Error" Message, it is normal and expected.
4. When finished it will create a log named vbg.txt on your desktop.
5. Reboot your PC.

Run HijackThis and click Do only a System scan. Then put a check mark infront of below listed entries:-

O2 - BHO: ThunderIEHelper Class - {0005A87D-D626-4B3A-84F9-1D9571695F55} - C:\WINDOWS\system32\xunleibho_v8.dll
O2 - BHO: (no name) - {232200B3-9D33-4908-8862-BD3DD8F8804B} - C:\WINDOWS\system32\jkkkk.dll (file missing)
O2 - BHO: (no name) - {483CC496-D041-4545-8D9E-2D64294F97B2} - C:\WINDOWS\system32\efcabxx.dll
O2 - BHO: (no name) - {60630D22-A84A-4B1F-8524-4C2E45B38C2F} - C:\WINDOWS\system32\rqopp.dll (file missing)
O2 - BHO: (no name) - {67C55A8D-E808-4caa-9EA7-F77102DE0BB6} - C:\WINDOWS\system32\estqkduh.dll (file missing)
O2 - BHO: (no name) - {899AD04A-C96E-4378-BFE6-2B2B158DD643} - C:\WINDOWS\system32\ljhhi.dll (file missing)
O2 - BHO: (no name) - {C7F0B604-357D-45F6-A9B1-9D47FCC161AF} - C:\WINDOWS\system32\rqopp.dll (file missing)
O2 - BHO: XBTBPos00 Class - {E552EEFC-DE97-45D4-BA1A-F534A1B4A579} - (no file)
O20 - Winlogon Notify: efcabxx - C:\WINDOWS\SYSTEM32\efcabxx.dll
O20 - Winlogon Notify: winfja32 - winfja32.dll (file missing)

Close all other open programs except Hijackthis and click the button Fix Checked in HijackThis.

Please also download catchme.exe to your desktop from the following link:
CATCHME

  • Double click the catchme.exe to run it
  • Open catchme.log to see results and post its contents in a reply along with vbg.txt and a fresh HijackThis log.
0

Logfile of HijackThis v1.99.1
Scan saved at 2:55:15 PM, on 4/13/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\PMJ151LA.BIN
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Garmin\gStart.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Kyle Zhang\Desktop\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com/search/de_srchlft.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gaiaonline.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearch.myway.com/jsp/dellsidebar.jsp?p=DE
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: 69.60.124.19 L2authd.lineage2.com
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [PrintDrive] rundll32.exe "C:\WINDOWS\system32\rtreubqn.dll",setvm
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [gStart] C:\Garmin\gStart.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: dlbcserv.lnk = C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Heroplayer Online - C:\HEROSOFT\Hero Super Play\MPURLGET.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: hero player - {367E0A21-8601-4986-9C9A-153BF5ACA118} - C:\HEROSOFT\Hero Super Play\MPLAYER.EXE
O9 - Extra 'Tools' menuitem: hero player - {367E0A21-8601-4986-9C9A-153BF5ACA118} - C:\HEROSOFT\Hero Super Play\MPLAYER.EXE
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://behappy2002.spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: PMJ151 AutoLaunch Service (PMJ151LA) - Matsushita Electric Industrial Co. ,Ltd, - C:\WINDOWS\PMJ151LA.BIN
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe


[04/13/2007, 14:38:24] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Kyle Zhang\Desktop\VirtumundoBeGone.exe" )
[04/13/2007, 14:39:06] - Detected System Information:
[04/13/2007, 14:39:06] - Windows Version: 5.1.2600, Service Pack 2
[04/13/2007, 14:39:06] - Current Username: Kyle Zhang (Admin)
[04/13/2007, 14:39:06] - Windows is in NORMAL mode.
[04/13/2007, 14:39:06] - Searching for Browser Helper Objects:
[04/13/2007, 14:39:06] - BHO 1: {0005A87D-D626-4B3A-84F9-1D9571695F55} (ThunderIEHelper Class)
[04/13/2007, 14:39:06] - BHO 2: {02478D38-C3F9-4EFB-9B51-7695ECA05670} (Yahoo! Toolbar Helper)
[04/13/2007, 14:39:06] - BHO 3: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[04/13/2007, 14:39:06] - BHO 4: {232200B3-9D33-4908-8862-BD3DD8F8804B} ()
[04/13/2007, 14:39:06] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/13/2007, 14:39:06] - Checking for HKLM\...\Winlogon\Notify\jkkkk
[04/13/2007, 14:39:06] - Key not found: HKLM\...\Winlogon\Notify\jkkkk, continuing.
[04/13/2007, 14:39:06] - BHO 5: {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} (IeCatch5 Class)
[04/13/2007, 14:39:06] - BHO 6: {483CC496-D041-4545-8D9E-2D64294F97B2} ()
[04/13/2007, 14:39:06] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/13/2007, 14:39:06] - Checking for HKLM\...\Winlogon\Notify\efcabxx
[04/13/2007, 14:39:06] - Found: HKLM\...\Winlogon\Notify\efcabxx - This is probably Virtumundo.
[04/13/2007, 14:39:06] - Assigning {483CC496-D041-4545-8D9E-2D64294F97B2} MSEvents Object
[04/13/2007, 14:39:06] - BHO list has been changed! Starting over...
[04/13/2007, 14:39:06] - BHO 1: {0005A87D-D626-4B3A-84F9-1D9571695F55} (ThunderIEHelper Class)
[04/13/2007, 14:39:06] - BHO 2: {02478D38-C3F9-4EFB-9B51-7695ECA05670} (Yahoo! Toolbar Helper)
[04/13/2007, 14:39:06] - BHO 3: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[04/13/2007, 14:39:06] - BHO 4: {232200B3-9D33-4908-8862-BD3DD8F8804B} ()
[04/13/2007, 14:39:06] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/13/2007, 14:39:06] - Checking for HKLM\...\Winlogon\Notify\jkkkk
[04/13/2007, 14:39:06] - Key not found: HKLM\...\Winlogon\Notify\jkkkk, continuing.
[04/13/2007, 14:39:06] - BHO 5: {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} (IeCatch5 Class)
[04/13/2007, 14:39:06] - BHO 6: {483CC496-D041-4545-8D9E-2D64294F97B2} (MSEvents Object)
[04/13/2007, 14:39:06] - ALERT: Found MSEvents Object!
[04/13/2007, 14:39:06] - BHO 7: {60630D22-A84A-4B1F-8524-4C2E45B38C2F} ()
[04/13/2007, 14:39:06] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/13/2007, 14:39:06] - Checking for HKLM\...\Winlogon\Notify\rqopp
[04/13/2007, 14:39:06] - Key not found: HKLM\...\Winlogon\Notify\rqopp, continuing.
[04/13/2007, 14:39:06] - BHO 8: {66E1191B-3229-4DF0-81F7-9127E8A3FF25} ()
[04/13/2007, 14:39:06] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/13/2007, 14:39:06] - Checking for HKLM\...\Winlogon\Notify\vtuvs
[04/13/2007, 14:39:06] - Found: HKLM\...\Winlogon\Notify\vtuvs - This is probably Virtumundo.
[04/13/2007, 14:39:06] - Assigning {66E1191B-3229-4DF0-81F7-9127E8A3FF25} MSEvents Object
[04/13/2007, 14:39:06] - BHO list has been changed! Starting over...
[04/13/2007, 14:39:06] - BHO 1: {0005A87D-D626-4B3A-84F9-1D9571695F55} (ThunderIEHelper Class)
[04/13/2007, 14:39:06] - BHO 2: {02478D38-C3F9-4EFB-9B51-7695ECA05670} (Yahoo! Toolbar Helper)
[04/13/2007, 14:39:06] - BHO 3: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[04/13/2007, 14:39:06] - BHO 4: {232200B3-9D33-4908-8862-BD3DD8F8804B} ()
[04/13/2007, 14:39:06] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/13/2007, 14:39:06] - Checking for HKLM\...\Winlogon\Notify\jkkkk
[04/13/2007, 14:39:06] - Key not found: HKLM\...\Winlogon\Notify\jkkkk, continuing.
[04/13/2007, 14:39:06] - BHO 5: {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} (IeCatch5 Class)
[04/13/2007, 14:39:06] - BHO 6: {483CC496-D041-4545-8D9E-2D64294F97B2} (MSEvents Object)
[04/13/2007, 14:39:06] - ALERT: Found MSEvents Object!
[04/13/2007, 14:39:06] - BHO 7: {60630D22-A84A-4B1F-8524-4C2E45B38C2F} ()
[04/13/2007, 14:39:06] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/13/2007, 14:39:06] - Checking for HKLM\...\Winlogon\Notify\rqopp
[04/13/2007, 14:39:06] - Key not found: HKLM\...\Winlogon\Notify\rqopp, continuing.
[04/13/2007, 14:39:06] - BHO 8: {66E1191B-3229-4DF0-81F7-9127E8A3FF25} (MSEvents Object)
[04/13/2007, 14:39:06] - ALERT: Found MSEvents Object!
[04/13/2007, 14:39:06] - BHO 9: {67C55A8D-E808-4caa-9EA7-F77102DE0BB6} ()
[04/13/2007, 14:39:06] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/13/2007, 14:39:06] - Checking for HKLM\...\Winlogon\Notify\estqkduh
[04/13/2007, 14:39:06] - Key not found: HKLM\...\Winlogon\Notify\estqkduh, continuing.
[04/13/2007, 14:39:06] - BHO 10: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[04/13/2007, 14:39:06] - BHO 11: {899AD04A-C96E-4378-BFE6-2B2B158DD643} ()
[04/13/2007, 14:39:06] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/13/2007, 14:39:06] - Checking for HKLM\...\Winlogon\Notify\ljhhi
[04/13/2007, 14:39:06] - Key not found: HKLM\...\Winlogon\Notify\ljhhi, continuing.
[04/13/2007, 14:39:06] - BHO 12: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[04/13/2007, 14:39:06] - BHO 13: {C7F0B604-357D-45F6-A9B1-9D47FCC161AF} ()
[04/13/2007, 14:39:07] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/13/2007, 14:39:07] - Checking for HKLM\...\Winlogon\Notify\rqopp
[04/13/2007, 14:39:07] - Key not found: HKLM\...\Winlogon\Notify\rqopp, continuing.
[04/13/2007, 14:39:07] - BHO 14: {E552EEFC-DE97-45D4-BA1A-F534A1B4A579} (XBTBPos00 Class)
[04/13/2007, 14:39:07] - Finished Searching Browser Helper Objects
[04/13/2007, 14:39:07] - *** Detected MSEvents Object
[04/13/2007, 14:39:07] - Trying to remove MSEvents Object...
[04/13/2007, 14:39:08] - Terminating Process: IEXPLORE.EXE
[04/13/2007, 14:39:08] - Terminating Process: RUNDLL32.EXE
[04/13/2007, 14:39:09] - Disabling Automatic Shell Restart
[04/13/2007, 14:39:09] - Terminating Process: EXPLORER.EXE
[04/13/2007, 14:39:09] - Suspending the NT Session Manager System Service
[04/13/2007, 14:39:09] - Terminating Windows NT Logon/Logoff Manager
[04/13/2007, 14:39:10] - Re-enabling Automatic Shell Restart
[04/13/2007, 14:39:10] - File to disable: C:\WINDOWS\system32\efcabxx.dll
[04/13/2007, 14:39:10] - Removing HKLM\...\Browser Helper Objects\{483CC496-D041-4545-8D9E-2D64294F97B2}
[04/13/2007, 14:39:11] - Removing HKCR\CLSID\{483CC496-D041-4545-8D9E-2D64294F97B2}
[04/13/2007, 14:39:11] - Adding Kill Bit for ActiveX for GUID: {483CC496-D041-4545-8D9E-2D64294F97B2}
[04/13/2007, 14:39:12] - Deleting ATLEvents/MSEvents Registry entries
[04/13/2007, 14:39:12] - Removing HKLM\...\Winlogon\Notify\efcabxx
[04/13/2007, 14:39:12] - Searching for Browser Helper Objects:
[04/13/2007, 14:39:12] - BHO 1: {0005A87D-D626-4B3A-84F9-1D9571695F55} (ThunderIEHelper Class)
[04/13/2007, 14:39:12] - BHO 2: {02478D38-C3F9-4EFB-9B51-7695ECA05670} (Yahoo! Toolbar Helper)
[04/13/2007, 14:39:12] - BHO 3: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[04/13/2007, 14:39:12] - BHO 4: {232200B3-9D33-4908-8862-BD3DD8F8804B} ()
[04/13/2007, 14:39:12] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/13/2007, 14:39:12] - Checking for HKLM\...\Winlogon\Notify\jkkkk
[04/13/2007, 14:39:12] - Key not found: HKLM\...\Winlogon\Notify\jkkkk, continuing.
[04/13/2007, 14:39:12] - BHO 5: {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} (IeCatch5 Class)
[04/13/2007, 14:39:12] - BHO 6: {60630D22-A84A-4B1F-8524-4C2E45B38C2F} ()
[04/13/2007, 14:39:12] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/13/2007, 14:39:12] - Checking for HKLM\...\Winlogon\Notify\rqopp
[04/13/2007, 14:39:12] - Key not found: HKLM\...\Winlogon\Notify\rqopp, continuing.
[04/13/2007, 14:39:12] - BHO 7: {66E1191B-3229-4DF0-81F7-9127E8A3FF25} (MSEvents Object)
[04/13/2007, 14:39:12] - ALERT: Found MSEvents Object!
[04/13/2007, 14:39:12] - BHO 8: {67C55A8D-E808-4caa-9EA7-F77102DE0BB6} ()
[04/13/2007, 14:39:12] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/13/2007, 14:39:12] - Checking for HKLM\...\Winlogon\Notify\estqkduh
[04/13/2007, 14:39:12] - Key not found: HKLM\...\Winlogon\Notify\estqkduh, continuing.
[04/13/2007, 14:39:12] - BHO 9: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[04/13/2007, 14:39:12] - BHO 10: {899AD04A-C96E-4378-BFE6-2B2B158DD643} ()
[04/13/2007, 14:39:12] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/13/2007, 14:39:12] - Checking for HKLM\...\Winlogon\Notify\ljhhi
[04/13/2007, 14:39:12] - Key not found: HKLM\...\Winlogon\Notify\ljhhi, continuing.
[04/13/2007, 14:39:12] - BHO 11: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[04/13/2007, 14:39:12] - BHO 12: {C7F0B604-357D-45F6-A9B1-9D47FCC161AF} ()
[04/13/2007, 14:39:12] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/13/2007, 14:39:12] - Checking for HKLM\...\Winlogon\Notify\rqopp
[04/13/2007, 14:39:12] - Key not found: HKLM\...\Winlogon\Notify\rqopp, continuing.
[04/13/2007, 14:39:12] - BHO 13: {E552EEFC-DE97-45D4-BA1A-F534A1B4A579} (XBTBPos00 Class)
[04/13/2007, 14:39:12] - Finished Searching Browser Helper Objects
[04/13/2007, 14:39:12] - *** Detected MSEvents Object
[04/13/2007, 14:39:12] - Trying to remove MSEvents Object...
[04/13/2007, 14:39:13] - Terminating Process: IEXPLORE.EXE
[04/13/2007, 14:39:14] - Terminating Process: RUNDLL32.EXE
[04/13/2007, 14:39:14] - Disabling Automatic Shell Restart
[04/13/2007, 14:39:14] - Terminating Process: EXPLORER.EXE
[04/13/2007, 14:39:14] - Suspending the NT Session Manager System Service
[04/13/2007, 14:39:14] - Terminating Windows NT Logon/Logoff Manager
[04/13/2007, 14:39:14] - Re-enabling Automatic Shell Restart
[04/13/2007, 14:39:14] - File to disable: C:\WINDOWS\system32\vtuvs.dll
[04/13/2007, 14:39:14] - Renaming C:\WINDOWS\system32\vtuvs.dll -> C:\WINDOWS\system32\vtuvs.dll.vir
[04/13/2007, 14:39:15] - File successfully renamed!
[04/13/2007, 14:39:15] - Removing HKLM\...\Browser Helper Objects\{66E1191B-3229-4DF0-81F7-9127E8A3FF25}
[04/13/2007, 14:39:15] - Removing HKCR\CLSID\{66E1191B-3229-4DF0-81F7-9127E8A3FF25}
[04/13/2007, 14:39:15] - Adding Kill Bit for ActiveX for GUID: {66E1191B-3229-4DF0-81F7-9127E8A3FF25}
[04/13/2007, 14:39:15] - Deleting ATLEvents/MSEvents Registry entries
[04/13/2007, 14:39:15] - Removing HKLM\...\Winlogon\Notify\vtuvs
[04/13/2007, 14:39:15] - Searching for Browser Helper Objects:
[04/13/2007, 14:39:15] - BHO 1: {0005A87D-D626-4B3A-84F9-1D9571695F55} (ThunderIEHelper Class)
[04/13/2007, 14:39:15] - BHO 2: {02478D38-C3F9-4EFB-9B51-7695ECA05670} (Yahoo! Toolbar Helper)
[04/13/2007, 14:39:15] - BHO 3: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[04/13/2007, 14:39:15] - BHO 4: {232200B3-9D33-4908-8862-BD3DD8F8804B} ()
[04/13/2007, 14:39:15] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/13/2007, 14:39:15] - Checking for HKLM\...\Winlogon\Notify\jkkkk
[04/13/2007, 14:39:15] - Key not found: HKLM\...\Winlogon\Notify\jkkkk, continuing.
[04/13/2007, 14:39:15] - BHO 5: {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} (IeCatch5 Class)
[04/13/2007, 14:39:15] - BHO 6: {60630D22-A84A-4B1F-8524-4C2E45B38C2F} ()
[04/13/2007, 14:39:15] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/13/2007, 14:39:15] - Checking for HKLM\...\Winlogon\Notify\rqopp
[04/13/2007, 14:39:15] - Key not found: HKLM\...\Winlogon\Notify\rqopp, continuing.
[04/13/2007, 14:39:15] - BHO 7: {67C55A8D-E808-4caa-9EA7-F77102DE0BB6} ()
[04/13/2007, 14:39:15] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/13/2007, 14:39:15] - Checking for HKLM\...\Winlogon\Notify\estqkduh
[04/13/2007, 14:39:15] - Key not found: HKLM\...\Winlogon\Notify\estqkduh, continuing.
[04/13/2007, 14:39:15] - BHO 8: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[04/13/2007, 14:39:15] - BHO 9: {899AD04A-C96E-4378-BFE6-2B2B158DD643} ()
[04/13/2007, 14:39:15] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/13/2007, 14:39:15] - Checking for HKLM\...\Winlogon\Notify\ljhhi
[04/13/2007, 14:39:15] - Key not found: HKLM\...\Winlogon\Notify\ljhhi, continuing.
[04/13/2007, 14:39:15] - BHO 10: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[04/13/2007, 14:39:15] - BHO 11: {C7F0B604-357D-45F6-A9B1-9D47FCC161AF} ()
[04/13/2007, 14:39:15] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/13/2007, 14:39:15] - Checking for HKLM\...\Winlogon\Notify\rqopp
[04/13/2007, 14:39:15] - Key not found: HKLM\...\Winlogon\Notify\rqopp, continuing.
[04/13/2007, 14:39:15] - BHO 12: {E552EEFC-DE97-45D4-BA1A-F534A1B4A579} (XBTBPos00 Class)
[04/13/2007, 14:39:15] - Finished Searching Browser Helper Objects
[04/13/2007, 14:39:15] - Finishing up...
[04/13/2007, 14:39:15] - A restart is needed.
[04/13/2007, 14:39:15] - Automatic Reboot on STOP Error is not set. User will have to manually restart.
[04/13/2007, 14:39:27] - Attempting to Restart via STOP error (Blue Screen!)

catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006
http://www.gmer.net

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

0

Hi,

Log's looking good. There's one more thing to remove now! Reboot in Safe Mode:-
Restart (or switch ON) the PC. Then, keep tapping the F8 Key. From the menu that will be displayed, out of which choose Safe Mode and press Enter key.


Run HijackThis and click Do only a System scan. Then put a check mark infront of below listed entries:-

O4 - HKLM\..\Run: [PrintDrive] rundll32.exe "C:\WINDOWS\system32\rtreubqn.dll",setvm

Close all other open programs except Hijackthis and click the button Fix Checked in HijackThis.

Make Windows to show all files:-
Go to Start > My Computer. Go to Tools menu, click Folder Options. Uncheck Hide protected operating system files. Then, click to select the option Show hidden files and folders. Click Apply and then click OK to exit.

Exit from HijackThis. Delete this file:-
C:\WINDOWS\system32\rtreubqn.dll

Run CCleaner, click "Options" button and here go to "Advanced" tab and uncheck the option "Only delete files in Windows Temp folder older than 48 hours". Click OK to exit from the Options. Finally click "Run Cleaner" and click "OK" to continue cleaning.

Reboot to Normal Mode. Rename HijackThis executable to something else (like Xyz.exe) and run it. Click Do a System scan and save log, and post the fresh log.

0

Hey, I haven't been getting anymore browser problems! Hopefully this log will show that my computer's perfectly fine now. :D

Logfile of HijackThis v1.99.1
Scan saved at 5:20:11 PM, on 4/15/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\PMJ151LA.BIN
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Garmin\gStart.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Documents and Settings\Kyle Zhang\Desktop\HijackThis\Getaloadofthis.exe.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com/search/de_srchlft.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gaiaonline.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearch.myway.com/jsp/dellsidebar.jsp?p=DE
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: 69.60.124.19 L2authd.lineage2.com
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [gStart] C:\Garmin\gStart.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: dlbcserv.lnk = C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Heroplayer Online - C:\HEROSOFT\Hero Super Play\MPURLGET.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: hero player - {367E0A21-8601-4986-9C9A-153BF5ACA118} - C:\HEROSOFT\Hero Super Play\MPLAYER.EXE
O9 - Extra 'Tools' menuitem: hero player - {367E0A21-8601-4986-9C9A-153BF5ACA118} - C:\HEROSOFT\Hero Super Play\MPLAYER.EXE
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://behappy2002.spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: PMJ151 AutoLaunch Service (PMJ151LA) - Matsushita Electric Industrial Co. ,Ltd, - C:\WINDOWS\PMJ151LA.BIN
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.