[resolved]Help with Trojan virus!!!
My computer is popping up advertisements and downloading random stuffs.... I need help!!! I am new to this forum, just searching for help right now... 
Thanks!!
Thanks!! 0
This discussion has been closed.
Comments
Logfile of HijackThis v1.99.1
Scan saved at 13:40:29, on 20/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\S24EvMon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
C:\WINDOWS\System32\QCONSVC.EXE
C:\WINDOWS\system32\RegSrvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\WINDOWS\system32\TpShocks.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\IBMTOOLS\UTILS\ibmprc.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\PROGRA~1\ThinkPad\CONNEC~1\QCTray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\{94455A41-063A-3076-1029-040410060354}\Update.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
C:\DOCUME~1\Kei\MYDOCU~1\SCURIT~1\scanregw.exe
C:\Documents and Settings\Kei\My Documents\?racle\m?iexec.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe
R3 - URLSearchHook: (no name) - _{855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
R3 - URLSearchHook: (no name) - {8DD7249F-9371-EC8E-2423-9A5B235E3194} - (no file)
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - {D0BE6923-DE99-FA39-9A88-80FA49A86DC0} - C:\WINDOWS\system32\jdkoi.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: (no name) - {D0BE6923-DE99-FA39-9A88-80FA49A86DC0} - C:\WINDOWS\system32\jdkoi.dll
O3 - Toolbar: (no name) - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - (no file)
O3 - Toolbar: (no name) - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - (no file)
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [S3TRAY2] S3Tray2.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
O4 - HKLM\..\Run: [QCWLICON] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
O4 - HKLM\..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE
O4 - HKLM\..\Run: [BMMMONWND] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAutonomicMonitor
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [IBMPRC] C:\IBMTOOLS\UTILS\ibmprc.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Damepmo] C:\Program Files\Vhshm\Afpt.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [QCTray] C:\PROGRA~1\ThinkPad\CONNEC~1\QCTray.exe
O4 - HKLM\..\Run: [outlook] C:\Program Files\outlook\outlook.exe /auto
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IpWins] C:\Program Files\ipwins\ipwins.exe
O4 - HKLM\..\Run: [{94455A41-063A-3076-1029-040410060354}] "C:\Program Files\Common Files\{94455A41-063A-3076-1029-040410060354}\Update.exe" mc-110-12-0000137
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [PRONoMgrWired] C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\RunServices: [p2p networking] p2pnetworking.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WhenUSave] "C:\Program Files\Save\Save.exe"
O4 - HKCU\..\Run: [Emet] "C:\DOCUME~1\Kei\MYDOCU~1\SCURIT~1\scanregw.exe" -vt tzt
O4 - HKCU\..\Run: [Grmaujm] C:\Documents and Settings\Kei\My Documents\?racle\m?iexec.exe
O4 - HKCU\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java 主控台 - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: QConGina - C:\WINDOWS\SYSTEM32\QConGina.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Command Service (cmdService) - CMD Technology, Inc. - (no file)
O23 - Service: COM+ Messages - Unknown owner - C:\WINDOWS\system32\svchosts.exe" -e mc-110-12-0000137 (file missing)
O23 - Service: IBM Rapid Restore Ultra Service - Unknown owner - C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Firewall - Unknown owner - C:\Program Files\McAfee\McAfee Firewall\CPD.EXE" /SERVICE (file missing)
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Network Monitor - Intel(R) Corporation - (no file)
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - (no file)
O23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\System32\QCONSVC.EXE
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\system32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\system32\S24EvMon.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
Scan saved at 21:26:38, on 20/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\S24EvMon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
C:\WINDOWS\System32\QCONSVC.EXE
C:\WINDOWS\system32\RegSrvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\TpShocks.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\IBMTOOLS\UTILS\ibmprc.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\PROGRA~1\ThinkPad\CONNEC~1\QCTray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\{94455A41-063A-3076-1029-040410060354}\Update.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
C:\Documents and Settings\Kei\My Documents\?racle\m?iexec.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\MCROSO~1\winspool.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hijackthis\HijackThis.exe
R3 - URLSearchHook: (no name) - _{855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
R3 - URLSearchHook: (no name) - {8DD7249F-9371-EC8E-2423-9A5B235E3194} - (no file)
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - {D0BE6923-DE99-FA39-9A88-80FA49A86DC0} - C:\WINDOWS\system32\jdkoi.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: (no name) - {D0BE6923-DE99-FA39-9A88-80FA49A86DC0} - C:\WINDOWS\system32\jdkoi.dll
O3 - Toolbar: (no name) - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - (no file)
O3 - Toolbar: (no name) - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - (no file)
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [S3TRAY2] S3Tray2.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
O4 - HKLM\..\Run: [QCWLICON] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
O4 - HKLM\..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE
O4 - HKLM\..\Run: [BMMMONWND] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAutonomicMonitor
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [IBMPRC] C:\IBMTOOLS\UTILS\ibmprc.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Damepmo] C:\Program Files\Vhshm\Afpt.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [QCTray] C:\PROGRA~1\ThinkPad\CONNEC~1\QCTray.exe
O4 - HKLM\..\Run: [outlook] C:\Program Files\outlook\outlook.exe /auto
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IpWins] C:\Program Files\ipwins\ipwins.exe
O4 - HKLM\..\Run: [{94455A41-063A-3076-1029-040410060354}] "C:\Program Files\Common Files\{94455A41-063A-3076-1029-040410060354}\Update.exe" mc-110-12-0000137
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [PRONoMgrWired] C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\RunServices: [p2p networking] p2pnetworking.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WhenUSave] "C:\Program Files\Save\Save.exe"
O4 - HKCU\..\Run: [Emet] "C:\WINDOWS\system32\MCROSO~1\winspool.exe" -vt tzt
O4 - HKCU\..\Run: [Grmaujm] C:\Documents and Settings\Kei\My Documents\?racle\m?iexec.exe
O4 - HKCU\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java 主控台 - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O20 - Winlogon Notify: QConGina - C:\WINDOWS\SYSTEM32\QConGina.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Command Service (cmdService) - CMD Technology, Inc. - (no file)
O23 - Service: COM+ Messages - Unknown owner - C:\WINDOWS\system32\svchosts.exe" -e mc-110-12-0000137 (file missing)
O23 - Service: IBM Rapid Restore Ultra Service - Unknown owner - C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Firewall - Unknown owner - C:\Program Files\McAfee\McAfee Firewall\CPD.EXE" /SERVICE (file missing)
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Network Monitor - Intel(R) Corporation - (no file)
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - (no file)
O23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\System32\QCONSVC.EXE
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\system32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\system32\S24EvMon.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
to your desktop.
- Double-click VundoFix.exe to run it.
- Click the Scan for Vundo button.
- Once it's done scanning, click the Remove Vundo button.
- You will receive a prompt asking if you want to remove the files, click YES
- Once you click yes, your desktop will go blank as it starts removing Vundo.
- When completed, it will prompt that it will reboot your computer, click OK.
- Please post the contents of C:\vundofix.txt and a new HiJackThis log.
Note: It is possible that VundoFix encountered a file it could not remove.In this case, VundoFix will run on reboot, simply follow the above
instructions starting from "Click the Scan for Vundo button." when
VundoFix appears at reboot.
VundoFix V6.2.13
Checking Java version...
Java version is 1.5.0.6
Java version is 1.5.0.9
Scan started at 8:05:26 21/12/2006
Listing files found while scanning....
No infected files were found.
Beginning removal...
VundoFix V6.2.13
Checking Java version...
Java version is 1.5.0.6
Java version is 1.5.0.9
Scan started at 17:45:27 21/12/2006
Listing files found while scanning....
No infected files were found.
Beginning removal...
Logfile of HijackThis v1.99.1
Scan saved at 17:49:04, on 21/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
C:\WINDOWS\System32\QCONSVC.EXE
C:\WINDOWS\system32\RegSrvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\TpShocks.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\IBMTOOLS\UTILS\ibmprc.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\PROGRA~1\ThinkPad\CONNEC~1\QCTray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\MCROSO~1\winspool.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe
R3 - URLSearchHook: (no name) - {8DD7249F-9371-EC8E-2423-9A5B235E3194} - (no file)
R3 - URLSearchHook: (no name) - {D0BE6923-DE99-FA39-9A88-80FA49A86DC0} - C:\WINDOWS\system32\jdkoi.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: (no name) - {D0BE6923-DE99-FA39-9A88-80FA49A86DC0} - C:\WINDOWS\system32\jdkoi.dll
O3 - Toolbar: (no name) - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - (no file)
O3 - Toolbar: (no name) - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - (no file)
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [S3TRAY2] S3Tray2.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
O4 - HKLM\..\Run: [QCWLICON] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
O4 - HKLM\..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE
O4 - HKLM\..\Run: [BMMMONWND] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAutonomicMonitor
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [IBMPRC] C:\IBMTOOLS\UTILS\ibmprc.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Damepmo] C:\Program Files\Vhshm\Afpt.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [QCTray] C:\PROGRA~1\ThinkPad\CONNEC~1\QCTray.exe
O4 - HKLM\..\Run: [outlook] C:\Program Files\outlook\outlook.exe /auto
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [PRONoMgrWired] C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
O4 - HKCU\..\Run: [Emet] "C:\WINDOWS\system32\MCROSO~1\winspool.exe" -vt tzt
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java 主控台 - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O20 - Winlogon Notify: QConGina - C:\WINDOWS\SYSTEM32\QConGina.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: COM+ Messages - Unknown owner - C:\WINDOWS\system32\svchosts.exe" -e mc-110-12-0000137 (file missing)
O23 - Service: IBM Rapid Restore Ultra Service - Unknown owner - C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Firewall - Unknown owner - C:\Program Files\McAfee\McAfee Firewall\CPD.EXE" /SERVICE (file missing)
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Network Monitor - Intel(R) Corporation - (no file)
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - (no file)
O23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\System32\QCONSVC.EXE
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\system32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\system32\S24EvMon.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
Think, regarding your question about Firewalls in the other..no it is not OK; you should not be running two Firewalls together. I suggest you turn off Windows Firewall and keep McAfee.
Since you started running AVG and Panda, let them finish and post the logs.
In addition to those, I need to see another log from HijackThis.
Incident Status Location
Spyware:Spyware/BetterInet Not disinfected c:\windows\system32\mcroso~1\winspool.exe
Adware:Adware/PurityScan Not disinfected C:\WINDOWS\system32\jdkoi.dll
Potentially unwanted tool:application/regclean32 Not disinfected C:\Documents and Settings\Kei\Application Data\Registry Cleaner
Adware:adware/dyfuca Not disinfected Windows Registry
Adware:adware/commad Not disinfected Windows Registry
Adware:adware/savenow Not disinfected Windows Registry
Potentially unwanted tool:application/mywebsearch Not disinfected hkey_classes_root\clsid\{147A976E-EEE1-4377-8EA7-4716E4CDD239}
Adware:adware/ist.istbar Not disinfected Windows Registry
Adware:adware/ncase Not disinfected Windows Registry
Adware:adware/sqwire Not disinfected Windows Registry
Spyware:Spyware/BetterInet Not disinfected C:\Documents and Settings\Kei\My Documents\s?curity\scanregw.exe
Adware:Adware/PurityScan Not disinfected C:\Documents and Settings\Kei\My Documents\?racle\m?iexec.exe
Adware:Adware/Sqwire Not disinfected C:\Program Files\Common Files\ofkm\ofkmd\ofkmc.dll
Adware:Adware/Sqwire Not disinfected C:\Program Files\Common Files\ofkm\ofkml.exe
Adware:Adware/Sqwire Not disinfected C:\Program Files\Common Files\ofkm\ofkmp.exe
Adware:Adware/YazzleSudoku Not disinfected C:\Program Files\Common Files\Yazzle1122OinAdmin.exe
Adware:Adware/Mytoolbar Not disinfected C:\Program Files\Common Files\{94455A41-063A-3076-1029-040410060354}\system.dll
Adware:Adware/Maxifiles Not disinfected C:\Program Files\ipwins\Uninst.exe[2UC\nsProcess.dll]
Adware:Adware/Mytoolbar Not disinfected C:\RECYCLER\S-1-5-18\Dc1\system.dll
Adware:Adware/CommAd Not disinfected C:\WINDOWS\S2Vp\mZpD.vbs
Adware:Adware/Mytoolbar Not disinfected C:\WINDOWS\system32\install.exe
Spyware:Spyware/BetterInet Not disinfected C:\WINDOWS\system32\M?crosoft\winspool.exe
AVG Anti-Spyware - Scan Report
+ Created at: 11:52:53 22/12/2006
+ Scan result:
C:\System Volume Information\_restore{54D9503A-3D5E-4E0D-9AEC-84EAF5021451}\RP545\A0103576.exe -> Adware.Casino : Ignored.
C:\Program Files\Common Files\Yazzle1122OinUninstaller.exe -> Adware.ClickSpring : Ignored.
C:\System Volume Information\_restore{54D9503A-3D5E-4E0D-9AEC-84EAF5021451}\RP541\A0103186.exe -> Adware.Comet : Ignored.
C:\Program Files\Hotbar -> Adware.HotBar : Ignored.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Rotue -> Adware.InternetOptimizer : Ignored.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\AMeOpt -> Adware.InternetOptimizer : Ignored.
C:\System Volume Information\_restore{54D9503A-3D5E-4E0D-9AEC-84EAF5021451}\RP536\A0102366.exe -> Adware.Maxifiles : Ignored.
C:\System Volume Information\_restore{54D9503A-3D5E-4E0D-9AEC-84EAF5021451}\RP545\A0103593.exe -> Adware.NewDotNet : Ignored.
C:\System Volume Information\_restore{54D9503A-3D5E-4E0D-9AEC-84EAF5021451}\RP545\A0103594.exe -> Adware.NewDotNet : Ignored.
C:\System Volume Information\_restore{54D9503A-3D5E-4E0D-9AEC-84EAF5021451}\RP545\A0103595.exe -> Adware.NewDotNet : Ignored.
C:\System Volume Information\_restore{54D9503A-3D5E-4E0D-9AEC-84EAF5021451}\RP536\A0102368.dll -> Adware.PurityScan : Ignored.
C:\WINDOWS\system32\jdkoi.dll -> Adware.PurityScan : Ignored.
HKLM\SOFTWARE\WhenUSave -> Adware.SaveNow : Ignored.
HKLM\SOFTWARE\WhenUSave\Partners -> Adware.SaveNow : Ignored.
HKLM\SOFTWARE\WhenUSave\Partners\SNYG -> Adware.SaveNow : Ignored.
C:\Program Files\Common Files\{94455A41-063A-3076-1029-040410060354}\system.dll -> Adware.Softomate : Ignored.
C:\RECYCLER\S-1-5-18\Dc1\system.dll -> Adware.Softomate : Ignored.
C:\System Volume Information\_restore{54D9503A-3D5E-4E0D-9AEC-84EAF5021451}\RP533\A0101280.dll -> Adware.Softomate : Ignored.
C:\System Volume Information\_restore{54D9503A-3D5E-4E0D-9AEC-84EAF5021451}\RP533\A0101281.exe -> Adware.Softomate : Ignored.
C:\System Volume Information\_restore{54D9503A-3D5E-4E0D-9AEC-84EAF5021451}\RP533\A0101282.dll -> Adware.Softomate : Ignored.
C:\System Volume Information\_restore{54D9503A-3D5E-4E0D-9AEC-84EAF5021451}\RP533\A0101283.exe -> Adware.Softomate : Ignored.
C:\System Volume Information\_restore{54D9503A-3D5E-4E0D-9AEC-84EAF5021451}\RP533\A0101284.dll -> Adware.Softomate : Ignored.
C:\System Volume Information\_restore{54D9503A-3D5E-4E0D-9AEC-84EAF5021451}\RP533\A0101285.exe -> Adware.Softomate : Ignored.
C:\System Volume Information\_restore{54D9503A-3D5E-4E0D-9AEC-84EAF5021451}\RP533\A0101286.dll -> Adware.Softomate : Ignored.
C:\System Volume Information\_restore{54D9503A-3D5E-4E0D-9AEC-84EAF5021451}\RP533\A0101287.exe -> Adware.Softomate : Ignored.
C:\System Volume Information\_restore{54D9503A-3D5E-4E0D-9AEC-84EAF5021451}\RP533\A0101288.dll -> Adware.Softomate : Ignored.
C:\System Volume Information\_restore{54D9503A-3D5E-4E0D-9AEC-84EAF5021451}\RP533\A0101289.exe -> Adware.Softomate : Ignored.
C:\System Volume Information\_restore{54D9503A-3D5E-4E0D-9AEC-84EAF5021451}\RP535\A0101316.dll -> Adware.Softomate : Ignored.
C:\System Volume Information\_restore{54D9503A-3D5E-4E0D-9AEC-84EAF5021451}\RP535\A0101317.exe -> Adware.Softomate : Ignored.
C:\System Volume Information\_restore{54D9503A-3D5E-4E0D-9AEC-84EAF5021451}\RP536\A0102353.dll -> Adware.Softomate : Ignored.
C:\System Volume Information\_restore{54D9503A-3D5E-4E0D-9AEC-84EAF5021451}\RP536\A0102354.exe -> Adware.Softomate : Ignored.
C:\System Volume Information\_restore{54D9503A-3D5E-4E0D-9AEC-84EAF5021451}\RP536\A0102369.dll -> Adware.Softomate : Ignored.
C:\System Volume Information\_restore{54D9503A-3D5E-4E0D-9AEC-84EAF5021451}\RP536\A0102378.exe -> Adware.Softomate : Ignored.
C:\System Volume Information\_restore{54D9503A-3D5E-4E0D-9AEC-84EAF5021451}\RP536\A0102379.exe -> Adware.Softomate : Ignored.
C:\System Volume Information\_restore{54D9503A-3D5E-4E0D-9AEC-84EAF5021451}\RP544\A0103374.dll -> Adware.Softomate : Ignored.
C:\System Volume Information\_restore{54D9503A-3D5E-4E0D-9AEC-84EAF5021451}\RP553\A0103692.exe -> Adware.Softomate : Ignored.
C:\Program Files\Common Files\ofkm\ofkmd\ofkmc.dll -> Adware.TargetServer : Ignored.
C:\System Volume Information\_restore{54D9503A-3D5E-4E0D-9AEC-84EAF5021451}\RP507\A0095923.exe -> Adware.Trymedia : Ignored.
C:\System Volume Information\_restore{54D9503A-3D5E-4E0D-9AEC-84EAF5021451}\RP512\A0098045.exe -> Backdoor.EggDrop.v : Ignored.
C:\System Volume Information\_restore{54D9503A-3D5E-4E0D-9AEC-84EAF5021451}\RP533\A0101260.exe -> Backdoor.EggDrop.v : Ignored.
C:\System Volume Information\_restore{54D9503A-3D5E-4E0D-9AEC-84EAF5021451}\RP545\A0103592.exe -> Backdoor.EggDrop.v : Ignored.
C:\System Volume Information\_restore{54D9503A-3D5E-4E0D-9AEC-84EAF5021451}\RP512\A0098008.exe -> Backdoor.IRCBot.dd : Ignored.
C:\System Volume Information\_restore{54D9503A-3D5E-4E0D-9AEC-84EAF5021451}\RP531\A0101174.exe -> Backdoor.IRCBot.dd : Ignored.
C:\System Volume Information\_restore{54D9503A-3D5E-4E0D-9AEC-84EAF5021451}\RP536\A0102365.exe -> Backdoor.IRCBot.dd : Ignored.
C:\System Volume Information\_restore{54D9503A-3D5E-4E0D-9AEC-84EAF5021451}\RP536\A0102665.exe -> Backdoor.IRCBot.dd : Ignored.
C:\System Volume Information\_restore{54D9503A-3D5E-4E0D-9AEC-84EAF5021451}\RP545\A0103591.exe -> Backdoor.IRCBot.dd : Ignored.
C:\System Volume Information\_restore{54D9503A-3D5E-4E0D-9AEC-84EAF5021451}\RP536\A0102380.exe -> Backdoor.IRCBot.qc : Ignored.
C:\System Volume Information\_restore{54D9503A-3D5E-4E0D-9AEC-84EAF5021451}\RP545\A0103596.exe -> Backdoor.IRCBot.qc : Ignored.
C:\System Volume Information\_restore{54D9503A-3D5E-4E0D-9AEC-84EAF5021451}\RP541\A0103195.exe -> Downloader.Agent.bca : Ignored.
C:\Documents and Settings\Kei\My Documents\sеcurity\scanregw.exe -> Downloader.PurityScan.dx : Ignored.
C:\WINDOWS\system32\Mіcrosoft\winspool.exe -> Downloader.PurityScan.dx : Ignored.
C:\System Volume Information\_restore{54D9503A-3D5E-4E0D-9AEC-84EAF5021451}\RP536\A0102367.dll -> Downloader.Small.ece : Ignored.
C:\Program Files\Common Files\ofkm\ofkmp.exe -> Downloader.TSUpdate.f : Ignored.
C:\Program Files\Common Files\ofkm\ofkmd\vocabulary -> Downloader.TSUpdate.j : Ignored.
C:\Program Files\Common Files\ofkm\ofkml.exe -> Downloader.TSUpdate.r : Ignored.
C:\Program Files\ipwins\Uninst.exe -> Dropper.DollarR.b : Ignored.
C:\Program Files\Common Files\Yazzle1122OinAdmin.exe -> Dropper.Small : Ignored.
C:\System Volume Information\_restore{54D9503A-3D5E-4E0D-9AEC-84EAF5021451}\RP536\A0102381.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{54D9503A-3D5E-4E0D-9AEC-84EAF5021451}\RP545\A0103513.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{54D9503A-3D5E-4E0D-9AEC-84EAF5021451}\RP545\A0103514.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{54D9503A-3D5E-4E0D-9AEC-84EAF5021451}\RP545\A0103515.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{54D9503A-3D5E-4E0D-9AEC-84EAF5021451}\RP545\A0103516.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{54D9503A-3D5E-4E0D-9AEC-84EAF5021451}\RP545\A0103517.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{54D9503A-3D5E-4E0D-9AEC-84EAF5021451}\RP545\A0103518.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{54D9503A-3D5E-4E0D-9AEC-84EAF5021451}\RP545\A0103519.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{54D9503A-3D5E-4E0D-9AEC-84EAF5021451}\RP545\A0103520.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{54D9503A-3D5E-4E0D-9AEC-84EAF5021451}\RP545\A0103521.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{54D9503A-3D5E-4E0D-9AEC-84EAF5021451}\RP545\A0103522.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{54D9503A-3D5E-4E0D-9AEC-84EAF5021451}\RP545\A0103523.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{54D9503A-3D5E-4E0D-9AEC-84EAF5021451}\RP545\A0103524.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{54D9503A-3D5E-4E0D-9AEC-84EAF5021451}\RP545\A0103525.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{54D9503A-3D5E-4E0D-9AEC-84EAF5021451}\RP545\A0103526.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{54D9503A-3D5E-4E0D-9AEC-84EAF5021451}\RP545\A0103527.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{54D9503A-3D5E-4E0D-9AEC-84EAF5021451}\RP545\A0103528.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{54D9503A-3D5E-4E0D-9AEC-84EAF5021451}\RP545\A0103529.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{54D9503A-3D5E-4E0D-9AEC-84EAF5021451}\RP545\A0103530.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{54D9503A-3D5E-4E0D-9AEC-84EAF5021451}\RP545\A0103531.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{54D9503A-3D5E-4E0D-9AEC-84EAF5021451}\RP545\A0103532.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{54D9503A-3D5E-4E0D-9AEC-84EAF5021451}\RP545\A0103533.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{54D9503A-3D5E-4E0D-9AEC-84EAF5021451}\RP545\A0103534.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{54D9503A-3D5E-4E0D-9AEC-84EAF5021451}\RP545\A0103535.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{54D9503A-3D5E-4E0D-9AEC-84EAF5021451}\RP545\A0103536.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{54D9503A-3D5E-4E0D-9AEC-84EAF5021451}\RP545\A0103537.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{54D9503A-3D5E-4E0D-9AEC-84EAF5021451}\RP545\A0103538.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{54D9503A-3D5E-4E0D-9AEC-84EAF5021451}\RP545\A0103539.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{54D9503A-3D5E-4E0D-9AEC-84EAF5021451}\RP545\A0103540.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{54D9503A-3D5E-4E0D-9AEC-84EAF5021451}\RP545\A0103541.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{54D9503A-3D5E-4E0D-9AEC-84EAF5021451}\RP545\A0103542.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{54D9503A-3D5E-4E0D-9AEC-84EAF5021451}\RP545\A0103543.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{54D9503A-3D5E-4E0D-9AEC-84EAF5021451}\RP545\A0103544.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{54D9503A-3D5E-4E0D-9AEC-84EAF5021451}\RP545\A0103545.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{54D9503A-3D5E-4E0D-9AEC-84EAF5021451}\RP545\A0103546.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{54D9503A-3D5E-4E0D-9AEC-84EAF5021451}\RP545\A0103547.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{54D9503A-3D5E-4E0D-9AEC-84EAF5021451}\RP545\A0103548.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{54D9503A-3D5E-4E0D-9AEC-84EAF5021451}\RP545\A0103549.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{54D9503A-3D5E-4E0D-9AEC-84EAF5021451}\RP545\A0103550.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{54D9503A-3D5E-4E0D-9AEC-84EAF5021451}\RP545\A0103551.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{54D9503A-3D5E-4E0D-9AEC-84EAF5021451}\RP545\A0103552.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{54D9503A-3D5E-4E0D-9AEC-84EAF5021451}\RP545\A0103553.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{54D9503A-3D5E-4E0D-9AEC-84EAF5021451}\RP545\A0103554.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{54D9503A-3D5E-4E0D-9AEC-84EAF5021451}\RP545\A0103555.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{54D9503A-3D5E-4E0D-9AEC-84EAF5021451}\RP545\A0103556.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{54D9503A-3D5E-4E0D-9AEC-84EAF5021451}\RP545\A0103557.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{54D9503A-3D5E-4E0D-9AEC-84EAF5021451}\RP545\A0103558.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{54D9503A-3D5E-4E0D-9AEC-84EAF5021451}\RP545\A0103559.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{54D9503A-3D5E-4E0D-9AEC-84EAF5021451}\RP545\A0103560.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{54D9503A-3D5E-4E0D-9AEC-84EAF5021451}\RP545\A0103561.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{54D9503A-3D5E-4E0D-9AEC-84EAF5021451}\RP545\A0103562.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{54D9503A-3D5E-4E0D-9AEC-84EAF5021451}\RP545\A0103563.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{54D9503A-3D5E-4E0D-9AEC-84EAF5021451}\RP545\A0103564.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{54D9503A-3D5E-4E0D-9AEC-84EAF5021451}\RP545\A0103565.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{54D9503A-3D5E-4E0D-9AEC-84EAF5021451}\RP545\A0103566.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{54D9503A-3D5E-4E0D-9AEC-84EAF5021451}\RP545\A0103567.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{54D9503A-3D5E-4E0D-9AEC-84EAF5021451}\RP545\A0103568.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{54D9503A-3D5E-4E0D-9AEC-84EAF5021451}\RP545\A0103569.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{54D9503A-3D5E-4E0D-9AEC-84EAF5021451}\RP545\A0103570.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{54D9503A-3D5E-4E0D-9AEC-84EAF5021451}\RP545\A0103571.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{54D9503A-3D5E-4E0D-9AEC-84EAF5021451}\RP545\A0103572.exe -> Dropper.VB.lu : Ignored.
C:\System Volume Information\_restore{54D9503A-3D5E-4E0D-9AEC-84EAF5021451}\RP512\A0098049.exe -> Hijacker.VB.fl : Ignored.
C:\System Volume Information\_restore{54D9503A-3D5E-4E0D-9AEC-84EAF5021451}\RP545\A0103575.exe -> Hijacker.VB.fl : Ignored.
C:\System Volume Information\_restore{54D9503A-3D5E-4E0D-9AEC-84EAF5021451}\RP536\A0102756.exe -> Trojan.Small : Ignored.
C:\System Volume Information\_restore{54D9503A-3D5E-4E0D-9AEC-84EAF5021451}\RP562\A0104197.vbs -> Trojan.Small : Ignored.
C:\WINDOWS\S2Vp\mZpD.vbs -> Trojan.Small : Ignored.
C:\WINDOWS\system32\wcpsvtr.exe -> Trojan.Small : Ignored.
C:\System Volume Information\_restore{54D9503A-3D5E-4E0D-9AEC-84EAF5021451}\RP536\A0102364.exe -> Trojan.Small.cy : Ignored.
::Report end
Logfile of HijackThis v1.99.1
Scan saved at 21:10:23, on 23/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\S24EvMon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
C:\WINDOWS\System32\QCONSVC.EXE
C:\WINDOWS\system32\RegSrvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\TpShocks.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\IBMTOOLS\UTILS\ibmprc.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\PROGRA~1\ThinkPad\CONNEC~1\QCTray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hijackthis\HijackThis.exe
R3 - URLSearchHook: (no name) - {8DD7249F-9371-EC8E-2423-9A5B235E3194} - (no file)
R3 - URLSearchHook: (no name) - {D0BE6923-DE99-FA39-9A88-80FA49A86DC0} - C:\WINDOWS\system32\jdkoi.dll (file missing)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: (no name) - {D0BE6923-DE99-FA39-9A88-80FA49A86DC0} - C:\WINDOWS\system32\jdkoi.dll (file missing)
O3 - Toolbar: (no name) - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - (no file)
O3 - Toolbar: (no name) - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - (no file)
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [S3TRAY2] S3Tray2.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
O4 - HKLM\..\Run: [QCWLICON] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
O4 - HKLM\..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE
O4 - HKLM\..\Run: [BMMMONWND] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAutonomicMonitor
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [IBMPRC] C:\IBMTOOLS\UTILS\ibmprc.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Damepmo] C:\Program Files\Vhshm\Afpt.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [QCTray] C:\PROGRA~1\ThinkPad\CONNEC~1\QCTray.exe
O4 - HKLM\..\Run: [outlook] C:\Program Files\outlook\outlook.exe /auto
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [PRONoMgrWired] C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java 主控台 - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - Winlogon Notify: QConGina - C:\WINDOWS\SYSTEM32\QConGina.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: COM+ Messages - Unknown owner - C:\WINDOWS\system32\svchosts.exe" -e mc-110-12-0000137 (file missing)
O23 - Service: IBM Rapid Restore Ultra Service - Unknown owner - C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Firewall - Unknown owner - C:\Program Files\McAfee\McAfee Firewall\CPD.EXE" /SERVICE (file missing)
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - (no file)
O23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\System32\QCONSVC.EXE
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\system32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\system32\S24EvMon.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
This is the scan from Bundo.
AVG Anti-Spyware - Scan Report
+ Created at: 21:05:18 23/12/2006
+ Scan result:
C:\System Volume Information\_restore{54D9503A-3D5E-4E0D-9AEC-84EAF5021451}\RP545\A0103576.exe -> Adware.Casino : Cleaned with backup (quarantined).
C:\Program Files\Common Files\Yazzle1122OinUninstaller.exe -> Adware.ClickSpring : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{54D9503A-3D5E-4E0D-9AEC-84EAF5021451}\RP541\A0103186.exe -> Adware.Comet : Cleaned with backup (quarantined).
C:\Program Files\Hotbar -> Adware.HotBar : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Rotue -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\AMeOpt -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{54D9503A-3D5E-4E0D-9AEC-84EAF5021451}\RP536\A0102366.exe -> Adware.Maxifiles : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{54D9503A-3D5E-4E0D-9AEC-84EAF5021451}\RP545\A0103593.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{54D9503A-3D5E-4E0D-9AEC-84EAF5021451}\RP545\A0103594.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{54D9503A-3D5E-4E0D-9AEC-84EAF5021451}\RP545\A0103595.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{54D9503A-3D5E-4E0D-9AEC-84EAF5021451}\RP536\A0102368.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\WINDOWS\system32\jdkoi.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
HKLM\SOFTWARE\WhenUSave -> Adware.SaveNow : Cleaned with backup (quarantined).
HKLM\SOFTWARE\WhenUSave\Partners -> Adware.SaveNow : Cleaned with backup (quarantined).
HKLM\SOFTWARE\WhenUSave\Partners\SNYG -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\Program Files\Common Files\{94455A41-063A-3076-1029-040410060354}\system.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-18\Dc1\system.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{54D9503A-3D5E-4E0D-9AEC-84EAF5021451}\RP533\A0101280.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{54D9503A-3D5E-4E0D-9AEC-84EAF5021451}\RP533\A0101281.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{54D9503A-3D5E-4E0D-9AEC-84EAF5021451}\RP533\A0101282.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{54D9503A-3D5E-4E0D-9AEC-84EAF5021451}\RP533\A0101283.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{54D9503A-3D5E-4E0D-9AEC-84EAF5021451}\RP533\A0101284.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{54D9503A-3D5E-4E0D-9AEC-84EAF5021451}\RP533\A0101285.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{54D9503A-3D5E-4E0D-9AEC-84EAF5021451}\RP533\A0101286.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{54D9503A-3D5E-4E0D-9AEC-84EAF5021451}\RP533\A0101287.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{54D9503A-3D5E-4E0D-9AEC-84EAF5021451}\RP533\A0101288.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{54D9503A-3D5E-4E0D-9AEC-84EAF5021451}\RP533\A0101289.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{54D9503A-3D5E-4E0D-9AEC-84EAF5021451}\RP535\A0101316.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{54D9503A-3D5E-4E0D-9AEC-84EAF5021451}\RP535\A0101317.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{54D9503A-3D5E-4E0D-9AEC-84EAF5021451}\RP536\A0102353.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{54D9503A-3D5E-4E0D-9AEC-84EAF5021451}\RP536\A0102354.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{54D9503A-3D5E-4E0D-9AEC-84EAF5021451}\RP536\A0102369.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{54D9503A-3D5E-4E0D-9AEC-84EAF5021451}\RP536\A0102378.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{54D9503A-3D5E-4E0D-9AEC-84EAF5021451}\RP536\A0102379.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{54D9503A-3D5E-4E0D-9AEC-84EAF5021451}\RP544\A0103374.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{54D9503A-3D5E-4E0D-9AEC-84EAF5021451}\RP553\A0103692.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\Program Files\Common Files\ofkm\ofkmd\ofkmc.dll -> Adware.TargetServer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{54D9503A-3D5E-4E0D-9AEC-84EAF5021451}\RP507\A0095923.exe -> Adware.Trymedia : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{54D9503A-3D5E-4E0D-9AEC-84EAF5021451}\RP512\A0098045.exe -> Backdoor.EggDrop.v : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{54D9503A-3D5E-4E0D-9AEC-84EAF5021451}\RP533\A0101260.exe -> Backdoor.EggDrop.v : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{54D9503A-3D5E-4E0D-9AEC-84EAF5021451}\RP545\A0103592.exe -> Backdoor.EggDrop.v : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{54D9503A-3D5E-4E0D-9AEC-84EAF5021451}\RP512\A0098008.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{54D9503A-3D5E-4E0D-9AEC-84EAF5021451}\RP531\A0101174.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{54D9503A-3D5E-4E0D-9AEC-84EAF5021451}\RP536\A0102365.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{54D9503A-3D5E-4E0D-9AEC-84EAF5021451}\RP536\A0102665.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{54D9503A-3D5E-4E0D-9AEC-84EAF5021451}\RP545\A0103591.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{54D9503A-3D5E-4E0D-9AEC-84EAF5021451}\RP536\A0102380.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{54D9503A-3D5E-4E0D-9AEC-84EAF5021451}\RP545\A0103596.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{54D9503A-3D5E-4E0D-9AEC-84EAF5021451}\RP541\A0103195.exe -> Downloader.Agent.bca : Cleaned with backup (quarantined).
C:\Documents and Settings\Kei\My Documents\sеcurity\scanregw.exe -> Downloader.PurityScan.dx : Cleaned with backup (quarantined).
C:\WINDOWS\system32\Mіcrosoft\winspool.exe -> Downloader.PurityScan.dx : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{54D9503A-3D5E-4E0D-9AEC-84EAF5021451}\RP536\A0102367.dll -> Downloader.Small.ece : Cleaned with backup (quarantined).
C:\Program Files\Common Files\ofkm\ofkmp.exe -> Downloader.TSUpdate.f : Cleaned with backup (quarantined).
C:\Program Files\Common Files\ofkm\ofkmd\vocabulary -> Downloader.TSUpdate.j : Cleaned with backup (quarantined).
C:\Program Files\Common Files\ofkm\ofkml.exe -> Downloader.TSUpdate.r : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{54D9503A-3D5E-4E0D-9AEC-84EAF5021451}\RP565\A0104394.exe -> Dropper.DollarR.b : Cleaned with backup (quarantined).
C:\Program Files\Common Files\Yazzle1122OinAdmin.exe -> Dropper.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{54D9503A-3D5E-4E0D-9AEC-84EAF5021451}\RP536\A0102381.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{54D9503A-3D5E-4E0D-9AEC-84EAF5021451}\RP545\A0103513.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{54D9503A-3D5E-4E0D-9AEC-84EAF5021451}\RP545\A0103514.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{54D9503A-3D5E-4E0D-9AEC-84EAF5021451}\RP545\A0103515.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{54D9503A-3D5E-4E0D-9AEC-84EAF5021451}\RP545\A0103516.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{54D9503A-3D5E-4E0D-9AEC-84EAF5021451}\RP545\A0103517.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{54D9503A-3D5E-4E0D-9AEC-84EAF5021451}\RP545\A0103518.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{54D9503A-3D5E-4E0D-9AEC-84EAF5021451}\RP545\A0103519.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{54D9503A-3D5E-4E0D-9AEC-84EAF5021451}\RP545\A0103520.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{54D9503A-3D5E-4E0D-9AEC-84EAF5021451}\RP545\A0103521.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{54D9503A-3D5E-4E0D-9AEC-84EAF5021451}\RP545\A0103522.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{54D9503A-3D5E-4E0D-9AEC-84EAF5021451}\RP545\A0103523.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{54D9503A-3D5E-4E0D-9AEC-84EAF5021451}\RP545\A0103524.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{54D9503A-3D5E-4E0D-9AEC-84EAF5021451}\RP545\A0103525.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{54D9503A-3D5E-4E0D-9AEC-84EAF5021451}\RP545\A0103526.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{54D9503A-3D5E-4E0D-9AEC-84EAF5021451}\RP545\A0103527.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{54D9503A-3D5E-4E0D-9AEC-84EAF5021451}\RP545\A0103528.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{54D9503A-3D5E-4E0D-9AEC-84EAF5021451}\RP545\A0103529.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{54D9503A-3D5E-4E0D-9AEC-84EAF5021451}\RP545\A0103530.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{54D9503A-3D5E-4E0D-9AEC-84EAF5021451}\RP545\A0103531.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{54D9503A-3D5E-4E0D-9AEC-84EAF5021451}\RP545\A0103532.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{54D9503A-3D5E-4E0D-9AEC-84EAF5021451}\RP545\A0103533.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{54D9503A-3D5E-4E0D-9AEC-84EAF5021451}\RP545\A0103534.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{54D9503A-3D5E-4E0D-9AEC-84EAF5021451}\RP545\A0103535.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{54D9503A-3D5E-4E0D-9AEC-84EAF5021451}\RP545\A0103536.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{54D9503A-3D5E-4E0D-9AEC-84EAF5021451}\RP545\A0103537.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{54D9503A-3D5E-4E0D-9AEC-84EAF5021451}\RP545\A0103538.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{54D9503A-3D5E-4E0D-9AEC-84EAF5021451}\RP545\A0103539.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{54D9503A-3D5E-4E0D-9AEC-84EAF5021451}\RP545\A0103540.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{54D9503A-3D5E-4E0D-9AEC-84EAF5021451}\RP545\A0103541.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{54D9503A-3D5E-4E0D-9AEC-84EAF5021451}\RP545\A0103542.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{54D9503A-3D5E-4E0D-9AEC-84EAF5021451}\RP545\A0103543.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{54D9503A-3D5E-4E0D-9AEC-84EAF5021451}\RP545\A0103544.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{54D9503A-3D5E-4E0D-9AEC-84EAF5021451}\RP545\A0103545.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{54D9503A-3D5E-4E0D-9AEC-84EAF5021451}\RP545\A0103546.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{54D9503A-3D5E-4E0D-9AEC-84EAF5021451}\RP545\A0103547.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{54D9503A-3D5E-4E0D-9AEC-84EAF5021451}\RP545\A0103548.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{54D9503A-3D5E-4E0D-9AEC-84EAF5021451}\RP545\A0103549.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{54D9503A-3D5E-4E0D-9AEC-84EAF5021451}\RP545\A0103550.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{54D9503A-3D5E-4E0D-9AEC-84EAF5021451}\RP545\A0103551.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{54D9503A-3D5E-4E0D-9AEC-84EAF5021451}\RP545\A0103552.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{54D9503A-3D5E-4E0D-9AEC-84EAF5021451}\RP545\A0103553.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{54D9503A-3D5E-4E0D-9AEC-84EAF5021451}\RP545\A0103554.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{54D9503A-3D5E-4E0D-9AEC-84EAF5021451}\RP545\A0103555.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{54D9503A-3D5E-4E0D-9AEC-84EAF5021451}\RP545\A0103556.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{54D9503A-3D5E-4E0D-9AEC-84EAF5021451}\RP545\A0103557.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{54D9503A-3D5E-4E0D-9AEC-84EAF5021451}\RP545\A0103558.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{54D9503A-3D5E-4E0D-9AEC-84EAF5021451}\RP545\A0103559.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{54D9503A-3D5E-4E0D-9AEC-84EAF5021451}\RP545\A0103560.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{54D9503A-3D5E-4E0D-9AEC-84EAF5021451}\RP545\A0103561.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{54D9503A-3D5E-4E0D-9AEC-84EAF5021451}\RP545\A0103562.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{54D9503A-3D5E-4E0D-9AEC-84EAF5021451}\RP545\A0103563.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{54D9503A-3D5E-4E0D-9AEC-84EAF5021451}\RP545\A0103564.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{54D9503A-3D5E-4E0D-9AEC-84EAF5021451}\RP545\A0103565.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{54D9503A-3D5E-4E0D-9AEC-84EAF5021451}\RP545\A0103566.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{54D9503A-3D5E-4E0D-9AEC-84EAF5021451}\RP545\A0103567.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{54D9503A-3D5E-4E0D-9AEC-84EAF5021451}\RP545\A0103568.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{54D9503A-3D5E-4E0D-9AEC-84EAF5021451}\RP545\A0103569.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{54D9503A-3D5E-4E0D-9AEC-84EAF5021451}\RP545\A0103570.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{54D9503A-3D5E-4E0D-9AEC-84EAF5021451}\RP545\A0103571.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{54D9503A-3D5E-4E0D-9AEC-84EAF5021451}\RP545\A0103572.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{54D9503A-3D5E-4E0D-9AEC-84EAF5021451}\RP512\A0098049.exe -> Hijacker.VB.fl : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{54D9503A-3D5E-4E0D-9AEC-84EAF5021451}\RP545\A0103575.exe -> Hijacker.VB.fl : Cleaned with backup (quarantined).
C:\Documents and Settings\Kei\Cookies\kei@cz5.clickzs[1].txt -> TrackingCookie.Clickzs : Cleaned.
C:\Documents and Settings\Kei\Cookies\kei@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\System Volume Information\_restore{54D9503A-3D5E-4E0D-9AEC-84EAF5021451}\RP536\A0102756.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{54D9503A-3D5E-4E0D-9AEC-84EAF5021451}\RP562\A0104197.vbs -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\S2Vp\mZpD.vbs -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\wcpsvtr.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{54D9503A-3D5E-4E0D-9AEC-84EAF5021451}\RP536\A0102364.exe -> Trojan.Small.cy : Cleaned with backup (quarantined).
::Report end
Access IBM Message Center
Ad-Aware SE Personal
Adobe Download Manager 2.0 (Remove Only)
Adobe Photoshop Album 2.0 Starter Edition
Adobe Reader 7.0
Alarm 2.0.0
Apple Software Update
ArcSoft PhotoImpression
ArcSoft PhotoImpression
ArcSoft VideoImpression 1.6
ASUS Wireless Router Utilities
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
ATI HYDRAVISION
AVG Anti-Spyware 7.5
CCleaner (remove only)
CIF USB CAMERA
DAEMON Tools
Default
Fish Aquarium 3D Screensaver 1.0
Full Tilt Poker
GameTower 明星3缺1 online 香港版
GameTower 遊戲大廳 香港版
Hijackthis 1.99.1
HijackThis 1.99.1
Hotfix for Windows XP (KB915865)
IBM 32-bit Runtime Environment for Java 2, v1.4.1
IBM Access Connections
IBM Active Protection System
IBM DLA
IBM Integrated 56K Modem
IBM RecordNow!
IBM Rescue and Recovery with Rapid Restore
IBM Themes
IBM ThinkPad Battery MaxiMiser and Power Management Features
IBM ThinkPad Configuration
IBM ThinkPad EasyEject Utility
IBM ThinkPad Keyboard Customizer Utility
IBM ThinkPad Power Management Driver
IBM ThinkPad Presentation Director
IBM ThinkPad UltraNav Driver
IBM ThinkPad UltraNav Wizard
IBM ThinkVantage Technologies Welcome Message
IBM TrackPoint Accessibility Features
ICQ 5.1
Intel(R) PRO Network Adapters and Drivers
Intel(R) PROSet for Wired Connections
Intel(R) Sebring API
InterActual Player
InterVideo WinDVD
IpWins
iTunes
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
Kaspersky Online Scanner
Macromedia Flash Player 8
Macromedia Shockwave Player
Maple 10
Mathematica 5.2 for Students
McAfee Firewall
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Chinese (Traditional) Lang. Pack
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 Premium
Mouse 210
MSN Messenger 7.0
MSXML 4.0 SP2 (KB927978)
Outerinfo
Panda ActiveScan
PCFriendly
QuickTime
Solar System 3D Screensaver 1.2
Sonic Update Manager
SoundMAX
SpywareBlaster v3.5.1
ThinkPad FullScreen Magnifier
ThinkPad Software Installer
ThinkPad_Features Screen Saver
UltimateBet
USB PC CAM-168
Windows Defender
Windows Installer 3.1 (KB893803)
Windows Media Player 6.4 安全性更新 (KB925398)
Windows Media Player 9 安全性更新 (KB911565)
Windows Media Player 9 安全性更新 (KB917734)
Windows Media Player 安全性更新 (KB911564)
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB886677
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Hotfix (KB914440)
Windows XP 安全性更新 (KB883939)
Windows XP 安全性更新 (KB890046)
Windows XP 安全性更新 (KB893756)
Windows XP 安全性更新 (KB896358)
Windows XP 安全性更新 (KB896422)
Windows XP 安全性更新 (KB896423)
Windows XP 安全性更新 (KB896424)
Windows XP 安全性更新 (KB896428)
Windows XP 安全性更新 (KB896688)
Windows XP 安全性更新 (KB899587)
Windows XP 安全性更新 (KB899588)
Windows XP 安全性更新 (KB899589)
Windows XP 安全性更新 (KB899591)
Windows XP 安全性更新 (KB900725)
Windows XP 安全性更新 (KB901017)
Windows XP 安全性更新 (KB901190)
Windows XP 安全性更新 (KB901214)
Windows XP 安全性更新 (KB902400)
Windows XP 安全性更新 (KB903235)
Windows XP 安全性更新 (KB904706)
Windows XP 安全性更新 (KB905414)
Windows XP 安全性更新 (KB905749)
Windows XP 安全性更新 (KB905915)
Windows XP 安全性更新 (KB908519)
Windows XP 安全性更新 (KB911280)
Windows XP 安全性更新 (KB911562)
Windows XP 安全性更新 (KB911567)
Windows XP 安全性更新 (KB911927)
Windows XP 安全性更新 (KB912812)
Windows XP 安全性更新 (KB912919)
Windows XP 安全性更新 (KB913446)
Windows XP 安全性更新 (KB913580)
Windows XP 安全性更新 (KB914388)
Windows XP 安全性更新 (KB914389)
Windows XP 安全性更新 (KB916281)
Windows XP 安全性更新 (KB917159)
Windows XP 安全性更新 (KB917344)
Windows XP 安全性更新 (KB917422)
Windows XP 安全性更新 (KB917953)
Windows XP 安全性更新 (KB918439)
Windows XP 安全性更新 (KB918899)
Windows XP 安全性更新 (KB919007)
Windows XP 安全性更新 (KB920213)
Windows XP 安全性更新 (KB920214)
Windows XP 安全性更新 (KB920670)
Windows XP 安全性更新 (KB920683)
Windows XP 安全性更新 (KB920685)
Windows XP 安全性更新 (KB921398)
Windows XP 安全性更新 (KB921883)
Windows XP 安全性更新 (KB922616)
Windows XP 安全性更新 (KB922760)
Windows XP 安全性更新 (KB922819)
Windows XP 安全性更新 (KB923191)
Windows XP 安全性更新 (KB923414)
Windows XP 安全性更新 (KB923689)
Windows XP 安全性更新 (KB923694)
Windows XP 安全性更新 (KB923980)
Windows XP 安全性更新 (KB924191)
Windows XP 安全性更新 (KB924270)
Windows XP 安全性更新 (KB924496)
Windows XP 安全性更新 (KB925454)
Windows XP 安全性更新 (KB925486)
Windows XP 安全性更新 (KB926255)
Windows XP 更新 (KB894391)
Windows XP 更新 (KB896727)
Windows XP 更新 (KB898461)
Windows XP 更新 (KB900485)
Windows XP 更新 (KB904942)
Windows XP 更新 (KB908531)
Windows XP 更新 (KB910437)
Windows XP 更新 (KB916595)
Windows XP 更新 (KB920872)
Windows XP 更新 (KB922582)
WinRAR 壓縮程式
Wolfram Notebook Indexer 1.1
yepp studio
適用於 Windows 的 PC-Doctor
Thank you and the same to you.
Please do the following...
Click Start > Run > type in appwiz.cpl and hit enter. From the list uninstall the following, if present:
Outerinfo
IpWins
I also recommend removing some of these Poker games, as they are likely the cause of infection;
Full Tilt Poker
UltimateBet
_________________________________
Download Brute Force Uninstaller to your desktop.
- Right click the file on your Desktop, and choose Extract All.
- Click Next.
- In the box to choose where to extract the files to:
- Click Browse.
- Click on the + sign next to My Computer
- Click on Local Disk C: or whatever your primary drive is.
- Click Make New Folder
- Type in BFU
- Click Next, and uncheck the Show Extracted Files box and then click Finish.
RIGHT-CLICK HERE and choose "Save As" (in IE it's "Save Target As") in order to download Alcra PLUS Remover.Save it in the same folder you made earlier (c:\BFU).
Go to Start > My Computer and navigate to the C:\BFU folder.
- Start the Brute Force Uninstaller by doubleclicking BFU.exe
- Behind the scriptline to execute field click the folder icon
and select alcanshorty.bfu
- Press Execute and let the program do it's job. (You ought to see a progress bar if you did this correctly.)
- Wait for the complete script execution box to pop up and press OK.
- Press exit to terminate the BFU program.
_________________________________Please copy (Ctrl+C) and paste (Ctrl+V) the following text in the quote to Notepad. Save it as "All Files" and name it FixServices.bat. Please save it on your desktop. Double click FixServices.bat. A window will open and close. This is normal.
_________________________________
Open HijackThis
- Click the Do a system scan only button
- Check the following entries (below)
R3 - URLSearchHook: (no name) - {8DD7249F-9371-EC8E-2423-9A5B235E3194} - (no file)
R3 - URLSearchHook: (no name) - {D0BE6923-DE99-FA39-9A88-80FA49A86DC0} - C:\WINDOWS\system32\jdkoi.dll (file missing)
O2 - BHO: (no name) - {D0BE6923-DE99-FA39-9A88-80FA49A86DC0} - C:\WINDOWS\system32\jdkoi.dll (file missing)
O3 - Toolbar: (no name) - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - (no file)
O3 - Toolbar: (no name) - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - (no file)
O23 - Service: COM+ Messages - Unknown owner - C:\WINDOWS\system32\svchosts.exe" -e mc-110-12-0000137 (file missing)
- Close ALL open windows (especially Internet Explorer!)
- Click Fix Checked
Close HiajckThis
_________________________________
Run HijackThis again and click on Open the Misc Tools section.
Click on Delete a file on reboot...
Copy and paste the following into the "File name:" text box and then click Open:
C:\WINDOWS\system32\svchosts.exe
When you are asked "Do you want to restart your computer now?", click OK.
Your PC MUST reboot to delete the file!
_________________________________
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update to the latest version...
Updating Java:
- Download the latest version of Java Runtime Environment (JRE) 6.
- Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications."
- Click the "Download" button to the right.
- Check the box that says: "Accept License Agreement."
- The page will refresh.
- Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
- Close any programs you may have running - especially your web browser.
- Go to Start > Control Panel double-click on Add/Remove programs and remove the following...
- J2SE Runtime Environment 5.0 Update 6
- J2SE Runtime Environment 5.0 Update 9
- Reboot your computer once all Java components are removed.
- Then from your desktop double-click on jre-6-windows-i586.exe to install the newest version.
_________________________________Please post a new HijackThis log.
Logfile of HijackThis v1.99.1
Scan saved at 18:32:29, on 28/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\S24EvMon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
C:\WINDOWS\System32\QCONSVC.EXE
C:\WINDOWS\system32\RegSrvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\TpShocks.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\IBMTOOLS\UTILS\ibmprc.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\PROGRA~1\ThinkPad\CONNEC~1\QCTray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\conime.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\Hijackthis\HijackThis.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [S3TRAY2] S3Tray2.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
O4 - HKLM\..\Run: [QCWLICON] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
O4 - HKLM\..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE
O4 - HKLM\..\Run: [BMMMONWND] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAutonomicMonitor
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [IBMPRC] C:\IBMTOOLS\UTILS\ibmprc.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [QCTray] C:\PROGRA~1\ThinkPad\CONNEC~1\QCTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [PRONoMgrWired] C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java 主控台 - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: QConGina - C:\WINDOWS\SYSTEM32\QConGina.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: IBM Rapid Restore Ultra Service - Unknown owner - C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Firewall - Unknown owner - C:\Program Files\McAfee\McAfee Firewall\CPD.EXE" /SERVICE (file missing)
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - (no file)
O23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\System32\QCONSVC.EXE
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\system32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\system32\S24EvMon.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
How are things?
This topic is now closed. If you wish it reopened, please send a Private Message (PM) to one of the Spyware Mods with a link to your thread.
Do not bother contacting us if you are not the topic starter. A valid, working link to the closed topic is required.
If you are not the user who started this thread, you must start a new Thread instead
Would you also be interested to join Short-Media (Team #93) with the Folding@Home Project? More information available at this link:
http://www.short-media.com/forum/showthread.php?t=29803