another "iexplore.exe" problem, its "un-removability" and huge memory consumptions.

Hi everyone
I am new to this forum, but I do consider myself as some intermediate computer users. Recently, I realize that my computer has become slower than usual, then I check my list of processes in window task manager. Surprisingly, I saw an abnormal iexplore.exe program running, because i did not open any internet explorer window. Of course, I have done research online, and I know that many people seem to share the same problems as me, but out of all the procedures that have been posted, and all the spyware software that have been mentioned, I tried to use them all, but none of them work. Therefore, i am going to post my hijack this log, and I hope some of you will be able to help me, because i need to constantly use my computer to do research online, and all those pops up and slowness really disturb me. Thank you.




Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 12:29:28 PM, on 4/21/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\SiteAdvisor\6066\SAService.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Creative\VoiceCenter\AndreaVC.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\D-Tools\daemon.exe
C:\DOCUME~1\KAFUTP~1\LOCALS~1\Temp\clclean.0001
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\vsnpstd3.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Common Files\AOL\1157332474\ee\AOLSoftware.exe
C:\Program Files\Lexmark 2400 Series\lxcrmon.exe
C:\Program Files\Lexmark 2400 Series\ezprint.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\McAfee\MSK\MskAgent.exe
C:\WINDOWS\system32\lxcrcoms.exe
C:\Program Files\SiteAdvisor\6066\SiteAdv.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Student\Microsoft Student with Encarta Premium 2007 DVD\EDICT.EXE
c:\program files\mcafee\msc\mcuimgr.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\hijackthis\HiJackThis_v2.exe

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {0309638F-93F8-44D3-84CF-240EB1AB7F1F} - C:\WINDOWS\system32\xxywutu.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O2 - BHO: Flashget Catch Url Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: QQBrowserHelperObject Class - {54EBD53A-9BC1-480B-966A-843A333CA162} - C:\Program Files\Tencent\QQ\QQIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Thunder Browser Helper - {889D2FEB-5411-4565-8998-1DD2C5261283} - C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_002.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {9BA85398-D994-46F8-A1C1-D9188350FA30} - C:\WINDOWS\system32\jkkli.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: McAfee Popup Blocker - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - c:\program files\mcafee\mps\mcpopup.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: ?ì3μ(FlashGet) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\Program Files\FlashGet\fgiebar.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe "
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [MBMon] Rundll32 CTMBHA.DLL,MBMon
O4 - HKLM\..\Run: [VoiceCenter] "C:\Program Files\Creative\VoiceCenter\AndreaVC.exe" /tray
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe "
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe "
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe "
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1157332474\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [lxcrmon.exe] "C:\Program Files\Lexmark 2400 Series\lxcrmon.exe "
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2400 Series\ezprint.exe "
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [LXCRCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe "
O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6066\SiteAdv.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe "
O4 - HKLM\..\Run: [DvdIdlePlus16] C:\Documents and Settings\All Users\Application Data\part sect dvd idle\Multi bleh.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [E06AXLRD_3363093] "C:\Program Files\Microsoft Encarta\Encarta Premium DVD 2006\EDICT.EXE" -m
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [L07AXLRD_3336687] "C:\Program Files\Microsoft Student\Microsoft Student with Encarta Premium 2007 DVD\EDICT.EXE" -m
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [IdolCast] C:\DOCUME~1\KAFUTP~1\APPLIC~1\ERRORP~1\axis flaw.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: 腾讯QQ.lnk = C:\Program Files\Tencent\QQ\QQ.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &使用迅雷下载 - C:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm
O8 - Extra context menu item: &使用迅雷下载全部链接 - C:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: 上传到QQ网络硬盘 - C:\Program Files\Tencent\QQ\AddToNetDisk.htm
O8 - Extra context menu item: 添加到QQ自定义面板 - C:\Program Files\Tencent\QQ\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - C:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - C:\Program Files\Tencent\QQ\SendMMS.htm
O9 - Extra button: ???ˉ??à× - {0062C9BD-B349-40DE-91A0-755F37ACD559} - C:\Program Files\Thunder Network\Thunder\Thunder.exe
O9 - Extra 'Tools' menuitem: ???ˉ??à× - {0062C9BD-B349-40DE-91A0-755F37ACD559} - C:\Program Files\Thunder Network\Thunder\Thunder.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Encarta Search Bar - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\QQ\QQ.EXE
O9 - Extra 'Tools' menuitem: ìú??QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\QQ\QQ.EXE
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: ?ì3μ - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: ?ì3μ(FlashGet) - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - C:\Program Files\Tencent\QQ\QQIEHelper.dll
O9 - Extra 'Tools' menuitem: QQì?2ê1¤??ì?éè?? - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - C:\Program Files\Tencent\QQ\QQIEHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {C190FF32-96D0-445F-9F60-5CF288FD3D0F} (ActiveFormX Control) - http://regcat.resnet.stonybrook.edu/CAT/CNICAT.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D30CA0FD-1CA0-11D4-AC78-006008A9A8BC} (WebBasedClientInstall Class) - http://pdc.resnet.stonybrook.edu/sav/webinst.cab
O18 - Protocol: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: cdl - {3DD53D40-7B8B-11D0-B013-00AA0059CE02} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll
O18 - Protocol: file - {79EAC9E7-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: ftp - {79EAC9E3-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: gopher - {79EAC9E4-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: http - {79EAC9E2-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: https - {79EAC9E5-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: ipp - (no CLSID) - (no file)
O18 - Protocol: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll
O18 - Protocol: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: local - {79EAC9E7-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: mailto - {3050F3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: mhtml - {05300401-BCBC-11D0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll
O18 - Protocol: mk - {79EAC9E6-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll
O18 - Protocol: msdaipp - (no CLSID) - (no file)
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
O18 - Protocol: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O18 - Protocol: sysimage - {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll
O18 - Protocol: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll
O20 - Winlogon Notify: jkkli - C:\WINDOWS\system32\jkkli.dll
O20 - Winlogon Notify: xxywutu - C:\WINDOWS\SYSTEM32\xxywutu.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: lxcr_device - - C:\WINDOWS\system32\lxcrcoms.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Program Files\SiteAdvisor\6066\SAService.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 22683 bytes

 

okay, here is another log that you have requested

Logfile of HijackThis v1.99.1
Scan saved at 4:21:19 PM, on 4/21/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\SiteAdvisor\6066\SAService.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Creative\VoiceCenter\AndreaVC.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\DOCUME~1\KAFUTP~1\LOCALS~1\Temp\clclean.0001
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\D-Tools\daemon.exe
C:\WINDOWS\vsnpstd3.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Common Files\AOL\1157332474\ee\AOLSoftware.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Lexmark 2400 Series\lxcrmon.exe
C:\Program Files\Lexmark 2400 Series\ezprint.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\McAfee\MSK\MskAgent.exe
C:\WINDOWS\system32\lxcrcoms.exe
C:\Program Files\SiteAdvisor\6066\SiteAdv.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Symantec AntiVirus\DoScan.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Microsoft Student\Microsoft Student with Encarta Premium 2007 DVD\EDICT.EXE
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
c:\program files\mcafee\msc\mcuimgr.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
G:\HijackThis.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32Info.exe

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: ?ì3μ(FlashGet) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\Program Files\FlashGet\fgiebar.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe "
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [MBMon] Rundll32 CTMBHA.DLL,MBMon
O4 - HKLM\..\Run: [VoiceCenter] "C:\Program Files\Creative\VoiceCenter\AndreaVC.exe" /tray
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe "
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe "
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe "
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1157332474\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [lxcrmon.exe] "C:\Program Files\Lexmark 2400 Series\lxcrmon.exe "
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2400 Series\ezprint.exe "
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [LXCRCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe "
O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6066\SiteAdv.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe "
O4 - HKLM\..\Run: [DvdIdlePlus16] C:\Documents and Settings\All Users\Application Data\part sect dvd idle\Multi bleh.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [E06AXLRD_3363093] "C:\Program Files\Microsoft Encarta\Encarta Premium DVD 2006\EDICT.EXE" -m
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [L07AXLRD_3336687] "C:\Program Files\Microsoft Student\Microsoft Student with Encarta Premium 2007 DVD\EDICT.EXE" -m
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [IdolCast] C:\DOCUME~1\KAFUTP~1\APPLIC~1\ERRORP~1\axis flaw.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - Startup: 腾讯QQ.lnk = C:\Program Files\Tencent\QQ\QQ.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &使用迅雷下载 - C:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm
O8 - Extra context menu item: &使用迅雷下载全部链接 - C:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: 上传到QQ网络硬盘 - C:\Program Files\Tencent\QQ\AddToNetDisk.htm
O8 - Extra context menu item: 添加到QQ自定义面板 - C:\Program Files\Tencent\QQ\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - C:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - C:\Program Files\Tencent\QQ\SendMMS.htm
O9 - Extra button: ???ˉ??à× - {0062C9BD-B349-40DE-91A0-755F37ACD559} - C:\Program Files\Thunder Network\Thunder\Thunder.exe
O9 - Extra 'Tools' menuitem: ???ˉ??à× - {0062C9BD-B349-40DE-91A0-755F37ACD559} - C:\Program Files\Thunder Network\Thunder\Thunder.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Encarta Search Bar - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\QQ\QQ.EXE
O9 - Extra 'Tools' menuitem: ìú??QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\QQ\QQ.EXE
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: ?ì3μ - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: ?ì3μ(FlashGet) - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - C:\Program Files\Tencent\QQ\QQIEHelper.dll
O9 - Extra 'Tools' menuitem: QQì?2ê1¤??ì?éè?? - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - C:\Program Files\Tencent\QQ\QQIEHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {C190FF32-96D0-445F-9F60-5CF288FD3D0F} (ActiveFormX Control) - http://regcat.resnet.stonybrook.edu/CAT/CNICAT.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D30CA0FD-1CA0-11D4-AC78-006008A9A8BC} (WebBasedClientInstall Class) - http://pdc.resnet.stonybrook.edu/sav/webinst.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: lxcr_device - - C:\WINDOWS\system32\lxcrcoms.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Program Files\SiteAdvisor\6066\SAService.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

 

questions

How come there are some files that the hijackthis 1.99.1 is not showing, such as xxywutu.dll, which i believe it maybe a spyware-related file.

 

Hi Justinpoon
Welcome

I believe this is a Vundo infection and it tries to hide from the HJT 1.99.1, This is known and we know how to work around it. Trend is still in Beta and we prefer not to use Beta programs.

So Please do this in the order given.

Please do this.

Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :

• Restart your computer
• After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
• Instead of Windows loading as normal, the Advanced Options Menu should appear;
• Select the first option, to run Windows in Safe Mode, then press Enter.
• Choose your usual account.

• Open the extracted SDFix folder and double click RunThis.bat to start the script.
• Type Y to begin the cleanup process.
• It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
• Press any Key and it will restart the PC.
• When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
• Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
  (Report.txt will also be copied to Clipboard ready for posting back on the forum).
• Finally paste the contents of the Report.txt back on the forum with a new HijackThis log

Then this.

Please download VundoFix.exe to your desktop

• Double-click VundoFix.exe to run it.
• Click the Scan for Vundo button.
• Once it's done scanning, click the Remove Vundo button.
• You will receive a prompt asking if you want to remove the files, click YES
• Once you click yes, your desktop will go blank as it starts removing Vundo.
• When completed, it will prompt that it will reboot your computer, click OK.
• Please post the contents of C:\vundofix.txt and a new HiJackThis log in a reply to this thread.

Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.

Please rename Hijackthis.exe to Killer.exe

Please post the two logs and a New HJT log.

Thanks
Geri

 

logs

VundoFix V6.3.20

Checking Java version...

Java version is 1.4.2.3
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.8
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.10

Scan started at 4:19:41 PM 4/28/2007

Listing files found while scanning....

C:\WINDOWS\system32\xxywutu.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\xxywutu.dll
C:\WINDOWS\system32\xxywutu.dll Could not be deleted.

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\WINDOWS\system32\xxywutu.dll
C:\WINDOWS\system32\xxywutu.dll Has been deleted!

Performing Repairs to the registry.
Done!



SDFix: Version 1.80

Run by KaFutPoon - 04/28/2007 Sat - 13:12:46.95

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:






Modified mswsock.dll Found!

File Locations:

C:\i386\mswsock.dll
C:\WINDOWS\system32\mswsock.dll

Infected files:



Restoring Windows Registry Values
Restoring Windows Default Hosts File


Rebooting...

Normal Mode:
Checking Files:

Below files will be copied to Backups folder then removed:

C:\WINDOWS\odbc.INI - Deleted



Removing Temp Files

ADS Check:

Checking if ADS is attached to system32 Folder
C:\WINDOWS\system32
No streams found.

Checking if ADS is attached to svchost.exe
C:\WINDOWS\system32\svchost.exe
No streams found.



Final Check:

Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "= "%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019 "
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe "= "C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL "
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe "= "C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL "
"C:\\Program Files\\America Online 9.0\\waol.exe "= "C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:AOL "
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe "= "C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0 "
"C:\\Program Files\\MSN Messenger\\msncall.exe "= "C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone) "
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe "= "C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader "
"C:\\Program Files\\Common Files\\AOL\\1157332474\\ee\\aolsoftware.exe "= "C:\\Program Files\\Common Files\\AOL\\1157332474\\ee\\aolsoftware.exe:*:Enabled:AOL Services "
"C:\\Program Files\\Common Files\\AOL\\1157332474\\ee\\aim6.exe "= "C:\\Program Files\\Common Files\\AOL\\1157332474\\ee\\aim6.exe:*:Enabled:AIM "
"C:\\Program Files\\Tencent\\QQ\\QQ.exe "= "C:\\Program Files\\Tencent\\QQ\\QQ.exe:*:Enabled:QQ "
"%windir%\\Network Diagnostic\\xpnetdiag.exe "= "%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000 "
"C:\\Program Files\\mIRC\\mirc.exe "= "C:\\Program Files\\mIRC\\mirc.exe:*:Enabled:mIRC "
"C:\\Program Files\\eMule\\emule.exe "= "C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule "
"C:\\Program Files\\BitLord\\BitLord.exe "= "C:\\Program Files\\BitLord\\BitLord.exe:*:Enabled:BitLord "
"C:\\Program Files\\BitComet\\BitComet.exe "= "C:\\Program Files\\BitComet\\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client "
"C:\\StubInstaller.exe "= "C:\\StubInstaller.exe:*:Enabled:LimeWire swarmed installer "
"C:\\Program Files\\Thunder Network\\Thunder\\Program\\Thunder5.exe "= "C:\\Program Files\\Thunder Network\\Thunder\\Program\\Thunder5.exe:*:Enabled:Thunder "
"C:\\Program Files\\DC++\\DCPlusPlus.exe "= "C:\\Program Files\\DC++\\DCPlusPlus.exe:*:EnabledC++ "
"C:\\Program Files\\TVUPlayer\\TVUPlayer.exe "= "C:\\Program Files\\TVUPlayer\\TVUPlayer.exe:*:Enabled:TVU Player Component "
"C:\\Program Files\\Steam\\steamapps\\dj_justin123@yahoo.com\\counter-strike\\hl.exe "= "C:\\Program Files\\Steam\\steamapps\\dj_justin123@yahoo.com\\counter-strike\\hl.exe:*:Enabled:Half-Life Launcher "
"C:\\Program Files\\Steam\\steamapps\\dj_justin123@yahoo.com\\dedicated server\\hlds.exe "= "C:\\Program Files\\Steam\\steamapps\\dj_justin123@yahoo.com\\dedicated server\\hlds.exe:*:Enabled:HLDS Launcher "
"C:\\Program Files\\FlashGet\\flashget.exe "= "C:\\Program Files\\FlashGet\\flashget.exe:*:Enabled:Flashget "
"C:\\Program Files\\Tencent\\QQGame\\QQGame.exe "= "C:\\Program Files\\Tencent\\QQGame\\QQGame.exe:*:Enabled:QQGame "
"C:\\Program Files\\LimeWire\\LimeWire.exe "= "C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire "
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe "= "C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe:*:Enabled:McAfee Network Agent "
"C:\\Program Files\\Skype\\Phone\\Skype.exe "= "C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype "


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "= "%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019 "
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe "= "C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL "
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe "= "C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL "
"C:\\Program Files\\America Online 9.0\\waol.exe "= "C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:AOL "
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe "= "C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0 "
"C:\\Program Files\\MSN Messenger\\msncall.exe "= "C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone) "
"%windir%\\Network Diagnostic\\xpnetdiag.exe "= "%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000 "


Remaining Files:
---------------

Backups Folder: - C:\SDFix\backups\backups.zip

Checking For Files with Hidden Attributes:

C:\Program Files\Steam\steamapps\dj_justin123@yahoo.com\counter-strike\cstrike\radial.cdb
C:\WINDOWS\system32\SystemDLL.dll
C:\WINDOWS\system32\SystemSaveFile.exe
C:\i386\78831F730D.sys
C:\i386\KGyGaAvL.sys
C:\WINDOWS\system32\78831F730D.sys
C:\WINDOWS\system32\KGyGaAvL.sys
C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp
C:\Documents and Settings\KaFutPoon\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\lock.tmp
C:\Documents and Settings\KaFutPoon\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u2\lock.tmp
C:\Documents and Settings\KaFutPoon\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u3\lock.tmp
C:\Documents and Settings\KaFutPoon\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u4\lock.tmp
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\5a0d771158cfd69be5ddd26d8f58c73b\BITB1.tmp
C:\WINDOWS\system32\RO6D07.tmp.LOG
C:\WINDOWS\system32\RO6D0C.tmp.LOG
C:\WINDOWS\system32\RO6D0F.tmp.LOG
C:\WINDOWS\system32\RO6D14.tmp.LOG
C:\WINDOWS\system32\RO6D17.tmp.LOG
C:\WINDOWS\system32\RO6D1C.tmp.LOG
C:\WINDOWS\system32\RO6D1F.tmp.LOG
C:\WINDOWS\system32\RO6D24.tmp.LOG
C:\WINDOWS\system32\RO6D27.tmp.LOG
C:\WINDOWS\system32\RO6D2C.tmp.LOG
C:\WINDOWS\system32\RO6D2F.tmp.LOG
C:\WINDOWS\system32\RO6D34.tmp.LOG

Finished

 

HJT log

Logfile of HijackThis v1.99.1
Scan saved at 4:48:57 PM, on 4/28/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\SiteAdvisor\6066\SAService.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\conime.exe
c:\program files\mcafee\msc\mcuimgr.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Creative\VoiceCenter\AndreaVC.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\vsnpstd3.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\DOCUME~1\KAFUTP~1\LOCALS~1\Temp\clclean.0001
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Lexmark 2400 Series\lxcrmon.exe
C:\Program Files\Lexmark 2400 Series\ezprint.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\McAfee\MSK\MskAgent.exe
C:\Program Files\Common Files\AOL\1157332474\ee\aolsoftware.exe
C:\Program Files\SiteAdvisor\6066\SiteAdv.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Student\Microsoft Student with Encarta Premium 2007 DVD\EDICT.EXE
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\lxcrcoms.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Documents and Settings\KaFutPoon\Desktop\killer.exe

O2 - BHO: Flashget Catch Url Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: ?ì3μ(FlashGet) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\Program Files\FlashGet\fgiebar.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe "
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [MBMon] Rundll32 CTMBHA.DLL,MBMon
O4 - HKLM\..\Run: [VoiceCenter] "C:\Program Files\Creative\VoiceCenter\AndreaVC.exe" /tray
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe "
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe "
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe "
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1157332474\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [lxcrmon.exe] "C:\Program Files\Lexmark 2400 Series\lxcrmon.exe "
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2400 Series\ezprint.exe "
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [LXCRCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe "
O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6066\SiteAdv.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [E06AXLRD_3363093] "C:\Program Files\Microsoft Encarta\Encarta Premium DVD 2006\EDICT.EXE" -m
O4 - HKCU\..\Run: [L07AXLRD_3336687] "C:\Program Files\Microsoft Student\Microsoft Student with Encarta Premium 2007 DVD\EDICT.EXE" -m
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O4 - Startup: 腾讯QQ.lnk = C:\Program Files\Tencent\QQ\QQ.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &使用迅雷下载 - C:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm
O8 - Extra context menu item: &使用迅雷下载全部链接 - C:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: 上传到QQ网络硬盘 - C:\Program Files\Tencent\QQ\AddToNetDisk.htm
O8 - Extra context menu item: 添加到QQ自定义面板 - C:\Program Files\Tencent\QQ\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - C:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - C:\Program Files\Tencent\QQ\SendMMS.htm
O9 - Extra button: ???ˉ??à× - {0062C9BD-B349-40DE-91A0-755F37ACD559} - C:\Program Files\Thunder Network\Thunder\Thunder.exe
O9 - Extra 'Tools' menuitem: ???ˉ??à× - {0062C9BD-B349-40DE-91A0-755F37ACD559} - C:\Program Files\Thunder Network\Thunder\Thunder.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Encarta Search Bar - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\QQ\QQ.EXE
O9 - Extra 'Tools' menuitem: ìú??QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\QQ\QQ.EXE
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: ?ì3μ - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: ?ì3μ(FlashGet) - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - C:\Program Files\Tencent\QQ\QQIEHelper.dll
O9 - Extra 'Tools' menuitem: QQì?2ê1¤??ì?éè?? - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - C:\Program Files\Tencent\QQ\QQIEHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www.ca.com/us/securityadvisor/pestscan/pestscan.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {C190FF32-96D0-445F-9F60-5CF288FD3D0F} (ActiveFormX Control) - http://regcat.resnet.stonybrook.edu/CAT/CNICAT.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D30CA0FD-1CA0-11D4-AC78-006008A9A8BC} (WebBasedClientInstall Class) - http://pdc.resnet.stonybrook.edu/sav/webinst.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: McAfee Application Installer Cleanup (0223551177779893) (0223551177779893mcinstcleanup) - Unknown owner - C:\WINDOWS\TEMP\022355~1.EXE (file missing)
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: lxcr_device - - C:\WINDOWS\system32\lxcrcoms.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Program Files\SiteAdvisor\6066\SAService.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe



by the way, what is SOfix??

 

Hi
SDFix targets and kills certain trojans.

Please upload these files, I can find no information on them.

Jotti File Submission:

• Please go to Jotti's malware scan
  
• Copy and paste the following file path into the "File to upload & scan "box on the top of the page:
  
  • C:\WINDOWS\system32\SystemDLL.dll
• Click on the submit button
  
• Please post the results in your next reply.

Do the same for these.

C:\WINDOWS\system32\78831F730D.sys
C:\WINDOWS\system32\RO6D07.tmp.LOG

Please post the results back here.

Geri

 

result

for this C:\WINDOWS\system32\RO6D07.tmp.LOG, the link said that it is zero byte, so it can't go through the scanning process.


For systemDLL.dll

Scan taken on 29 Apr 2007 21:15:00 (GMT)
A-Squared Found nothing
AntiVir Found TR/PSW.Agent.CL.12
ArcaVir Found nothing
Avast Found Win32elf-DNR
AVG Antivirus Found PSW.Agent.FWR
BitDefender Found Trojan.Pws.Agent.CL
ClamAV Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found Trojan-PSW.Win32.Agent.cl
Fortinet Found Spy/Agent
Kaspersky Anti-Virus Found Trojan-PSW.Win32.Agent.cl
NOD32 Found nothing
Norman Virus Control Found W32/Agent.BBLI
Panda Antivirus Found nothing
Rising Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found nothing

the second one is okay....

 

Hi
OK do this next. Please follow the instructions carefully.

First download AVG Anti-Spyware from HERE and save that file to your desktop.
This is a 30 day trial of the program

1. Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double-click it to launch the set up program.
2. Once the setup is complete you will need run AVG Anti-Spyware and update the definition files.
3. On the main screen select the icon "Update" then select the "Update now" link.
   • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
4. Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
5. Once in the Settings screen click on "Recommended actions" and then select "Quarantine ".
6. Under "Reports "
   • Select "Automatically generate report after every scan "
   • Un-Select "Only if threats were found "

Close AVG Anti-Spyware, Do Not run a scan just yet, we will shortly.

1. Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.
   IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess:
2. Lauch AVG Anti-Spyware by double-clicking the icon on your desktop.
3. Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan ".
4. AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time.
   Once the scan is complete do the following:
5. If you have any infections you will prompted, then select "Apply all actions "
6. Next select the "Reports" icon at the top.
7. Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
8. Close AVG Anti-Spyware and reboot your system back into Normal Mode and post the results of the AVG Anti-Spyware report scan.
   
   Please post the AVG log and a new HjT log.
   Geri

 

I have problems connecting to the server for AVG, does it mean I dont have to update or i have to reinstall again?

 

Hi Justinpoon

Sorry about that, Try starting with #3 on the AVG instructions, if it doesn't let you update run it as instructed above without the updates.

Then see if you can get any updates. If so run it again with the new updates and post that log.
If you can't update, then please post the log you got.

Thanks
Geri

 

result

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 5:05:54 PM 5/5/2007

+ Scan result:



C:\Program Files\Common Files\Real\WeatherBug\MiniBugTransporter.dll -> Adware.Minibug : No action taken.
:mozilla.118:C:\Documents and Settings\KaFutPoon\Application Data\Mozilla\Firefox\Profiles\dnv4lkeo.default\cookies.txt -> TrackingCookie.247realmedia : No action taken.
:mozilla.172:C:\Documents and Settings\KaFutPoon\Application Data\Mozilla\Firefox\Profiles\dnv4lkeo.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.29:C:\Documents and Settings\KaFutPoon\Application Data\Mozilla\Firefox\Profiles\dnv4lkeo.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.30:C:\Documents and Settings\KaFutPoon\Application Data\Mozilla\Firefox\Profiles\dnv4lkeo.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.31:C:\Documents and Settings\KaFutPoon\Application Data\Mozilla\Firefox\Profiles\dnv4lkeo.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.32:C:\Documents and Settings\KaFutPoon\Application Data\Mozilla\Firefox\Profiles\dnv4lkeo.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.33:C:\Documents and Settings\KaFutPoon\Application Data\Mozilla\Firefox\Profiles\dnv4lkeo.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.34:C:\Documents and Settings\KaFutPoon\Application Data\Mozilla\Firefox\Profiles\dnv4lkeo.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.35:C:\Documents and Settings\KaFutPoon\Application Data\Mozilla\Firefox\Profiles\dnv4lkeo.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.36:C:\Documents and Settings\KaFutPoon\Application Data\Mozilla\Firefox\Profiles\dnv4lkeo.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.37:C:\Documents and Settings\KaFutPoon\Application Data\Mozilla\Firefox\Profiles\dnv4lkeo.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.38:C:\Documents and Settings\KaFutPoon\Application Data\Mozilla\Firefox\Profiles\dnv4lkeo.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.39:C:\Documents and Settings\KaFutPoon\Application Data\Mozilla\Firefox\Profiles\dnv4lkeo.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.40:C:\Documents and Settings\KaFutPoon\Application Data\Mozilla\Firefox\Profiles\dnv4lkeo.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.41:C:\Documents and Settings\KaFutPoon\Application Data\Mozilla\Firefox\Profiles\dnv4lkeo.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.42:C:\Documents and Settings\KaFutPoon\Application Data\Mozilla\Firefox\Profiles\dnv4lkeo.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\KaFutPoon\Cookies\kafutpoon@2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\KaFutPoon\Cookies\kafutpoon@cbs.112.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\KaFutPoon\Cookies\kafutpoon@cnn.122.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\KaFutPoon\Cookies\kafutpoon@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\KaFutPoon\Cookies\kafutpoon@aavalue[2].txt -> TrackingCookie.Aavalue : No action taken.
C:\Documents and Settings\KaFutPoon\Cookies\kafutpoon@grouplotto.aavalue[1].txt -> TrackingCookie.Aavalue : No action taken.
C:\Documents and Settings\KaFutPoon\Cookies\kafutpoon@paidmarketingpanel.aavalue[1].txt -> TrackingCookie.Aavalue : No action taken.
:mozilla.133:C:\Documents and Settings\KaFutPoon\Application Data\Mozilla\Firefox\Profiles\dnv4lkeo.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.134:C:\Documents and Settings\KaFutPoon\Application Data\Mozilla\Firefox\Profiles\dnv4lkeo.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.135:C:\Documents and Settings\KaFutPoon\Application Data\Mozilla\Firefox\Profiles\dnv4lkeo.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.
C:\Documents and Settings\KaFutPoon\Cookies\kafutpoon@adbrite[2].txt -> TrackingCookie.Adbrite : No action taken.
C:\Documents and Settings\KaFutPoon\Cookies\kafutpoon@ads.adbrite[2].txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.501:C:\Documents and Settings\KaFutPoon\Application Data\Mozilla\Firefox\Profiles\dnv4lkeo.default\cookies.txt -> TrackingCookie.Adjuggler : No action taken.
:mozilla.502:C:\Documents and Settings\KaFutPoon\Application Data\Mozilla\Firefox\Profiles\dnv4lkeo.default\cookies.txt -> TrackingCookie.Adjuggler : No action taken.
:mozilla.503:C:\Documents and Settings\KaFutPoon\Application Data\Mozilla\Firefox\Profiles\dnv4lkeo.default\cookies.txt -> TrackingCookie.Adjuggler : No action taken.
:mozilla.504:C:\Documents and Settings\KaFutPoon\Application Data\Mozilla\Firefox\Profiles\dnv4lkeo.default\cookies.txt -> TrackingCookie.Adjuggler : No action taken.
:mozilla.505:C:\Documents and Settings\KaFutPoon\Application Data\Mozilla\Firefox\Profiles\dnv4lkeo.default\cookies.txt -> TrackingCookie.Adjuggler : No action taken.
:mozilla.532:C:\Documents and Settings\KaFutPoon\Application Data\Mozilla\Firefox\Profiles\dnv4lkeo.default\cookies.txt -> TrackingCookie.Adobe : No action taken.
C:\Documents and Settings\KaFutPoon\Cookies\kafutpoon@www.adobe[1].txt -> TrackingCookie.Adobe : No action taken.
:mozilla.102:C:\Documents and Settings\KaFutPoon\Application Data\Mozilla\Firefox\Profiles\dnv4lkeo.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.103:C:\Documents and Settings\KaFutPoon\Application Data\Mozilla\Firefox\Profiles\dnv4lkeo.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.104:C:\Documents and Settings\KaFutPoon\Application Data\Mozilla\Firefox\Profiles\dnv4lkeo.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.105:C:\Documents and Settings\KaFutPoon\Application Data\Mozilla\Firefox\Profiles\dnv4lkeo.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.106:C:\Documents and Settings\KaFutPoon\Application Data\Mozilla\Firefox\Profiles\dnv4lkeo.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.107:C:\Documents and Settings\KaFutPoon\Application Data\Mozilla\Firefox\Profiles\dnv4lkeo.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
C:\Documents and Settings\KaFutPoon\Cookies\kafutpoon@adrevolver[2].txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.71:C:\Documents and Settings\KaFutPoon\Application Data\Mozilla\Firefox\Profiles\dnv4lkeo.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.72:C:\Documents and Settings\KaFutPoon\Application Data\Mozilla\Firefox\Profiles\dnv4lkeo.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.73:C:\Documents and Settings\KaFutPoon\Application Data\Mozilla\Firefox\Profiles\dnv4lkeo.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.74:C:\Documents and Settings\KaFutPoon\Application Data\Mozilla\Firefox\Profiles\dnv4lkeo.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.75:C:\Documents and Settings\KaFutPoon\Application Data\Mozilla\Firefox\Profiles\dnv4lkeo.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
C:\Documents and Settings\KaFutPoon\Cookies\kafutpoon@advertising[1].txt -> TrackingCookie.Advertising : No action taken.
:mozilla.54:C:\Documents and Settings\KaFutPoon\Application Data\Mozilla\Firefox\Profiles\dnv4lkeo.default\cookies.txt -> TrackingCookie.Atdmt : No action taken.
C:\Documents and Settings\KaFutPoon\Cookies\kafutpoon@atdmt[2].txt -> TrackingCookie.Atdmt : No action taken.
C:\Documents and Settings\KaFutPoon\Cookies\kafutpoon@bluestreak[1].txt -> TrackingCookie.Bluestreak : No action taken.
:mozilla.537:C:\Documents and Settings\KaFutPoon\Application Data\Mozilla\Firefox\Profiles\dnv4lkeo.default\cookies.txt -> TrackingCookie.Burstbeacon : No action taken.
:mozilla.101:C:\Documents and Settings\KaFutPoon\Application Data\Mozilla\Firefox\Profiles\dnv4lkeo.default\cookies.txt -> TrackingCookie.Burstnet : No action taken.
:mozilla.95:C:\Documents and Settings\KaFutPoon\Application Data\Mozilla\Firefox\Profiles\dnv4lkeo.default\cookies.txt -> TrackingCookie.Burstnet : No action taken.
:mozilla.96:C:\Documents and Settings\KaFutPoon\Application Data\Mozilla\Firefox\Profiles\dnv4lkeo.default\cookies.txt -> TrackingCookie.Burstnet : No action taken.
:mozilla.113:C:\Documents and Settings\KaFutPoon\Application Data\Mozilla\Firefox\Profiles\dnv4lkeo.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.115:C:\Documents and Settings\KaFutPoon\Application Data\Mozilla\Firefox\Profiles\dnv4lkeo.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.116:C:\Documents and Settings\KaFutPoon\Application Data\Mozilla\Firefox\Profiles\dnv4lkeo.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.425:C:\Documents and Settings\KaFutPoon\Application Data\Mozilla\Firefox\Profiles\dnv4lkeo.default\cookies.txt -> TrackingCookie.Clickhype : No action taken.
:mozilla.185:C:\Documents and Settings\KaFutPoon\Application Data\Mozilla\Firefox\Profiles\dnv4lkeo.default\cookies.txt -> TrackingCookie.Clickzs : No action taken.
:mozilla.186:C:\Documents and Settings\KaFutPoon\Application Data\Mozilla\Firefox\Profiles\dnv4lkeo.default\cookies.txt -> TrackingCookie.Clickzs : No action taken.
:mozilla.426:C:\Documents and Settings\KaFutPoon\Application Data\Mozilla\Firefox\Profiles\dnv4lkeo.default\cookies.txt -> TrackingCookie.Cnn : No action taken.
C:\Documents and Settings\KaFutPoon\Cookies\kafutpoon@ads.cnn[1].txt -> TrackingCookie.Cnn : No action taken.
:mozilla.180:C:\Documents and Settings\KaFutPoon\Application Data\Mozilla\Firefox\Profiles\dnv4lkeo.default\cookies.txt -> TrackingCookie.Com : No action taken.
C:\Documents and Settings\KaFutPoon\Cookies\kafutpoon@com[1].txt -> TrackingCookie.Com : No action taken.
C:\Documents and Settings\KaFutPoon\Cookies\kafutpoon@connextra[1].txt -> TrackingCookie.Connextra : No action taken.
:mozilla.48:C:\Documents and Settings\KaFutPoon\Application Data\Mozilla\Firefox\Profiles\dnv4lkeo.default\cookies.txt -> TrackingCookie.Doubleclick : No action taken.
C:\Documents and Settings\KaFutPoon\Cookies\kafutpoon@doubleclick[1].txt -> TrackingCookie.Doubleclick : No action taken.
:mozilla.141:C:\Documents and Settings\KaFutPoon\Application Data\Mozilla\Firefox\Profiles\dnv4lkeo.default\cookies.txt -> TrackingCookie.Euroclick : No action taken.
:mozilla.142:C:\Documents and Settings\KaFutPoon\Application Data\Mozilla\Firefox\Profiles\dnv4lkeo.default\cookies.txt -> TrackingCookie.Euroclick : No action taken.
C:\Documents and Settings\KaFutPoon\Cookies\kafutpoon@adopt.euroclick[1].txt -> TrackingCookie.Euroclick : No action taken.
C:\Documents and Settings\KaFutPoon\Cookies\kafutpoon@fastclick[2].txt -> TrackingCookie.Fastclick : No action taken.
C:\Documents and Settings\KaFutPoon\Cookies\kafutpoon@ehg-ati.hitbox[2].txt -> TrackingCookie.Hitbox : No action taken.
C:\Documents and Settings\KaFutPoon\Cookies\kafutpoon@ehg-newegg.hitbox[1].txt -> TrackingCookie.Hitbox : No action taken.
C:\Documents and Settings\KaFutPoon\Cookies\kafutpoon@ehg-techtarget.hitbox[1].txt -> TrackingCookie.Hitbox : No action taken.
C:\Documents and Settings\KaFutPoon\Cookies\kafutpoon@ehg-tgpublishing.hitbox[2].txt -> TrackingCookie.Hitbox : No action taken.
C:\Documents and Settings\KaFutPoon\Cookies\kafutpoon@ehg-uniontrib.hitbox[2].txt -> TrackingCookie.Hitbox : No action taken.
C:\Documents and Settings\KaFutPoon\Cookies\kafutpoon@hitbox[1].txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.228:C:\Documents and Settings\KaFutPoon\Application Data\Mozilla\Firefox\Profiles\dnv4lkeo.default\cookies.txt -> TrackingCookie.Hotlog : No action taken.
:mozilla.236:C:\Documents and Settings\KaFutPoon\Application Data\Mozilla\Firefox\Profiles\dnv4lkeo.default\cookies.txt -> TrackingCookie.Imrworldwide : No action taken.
:mozilla.237:C:\Documents and Settings\KaFutPoon\Application Data\Mozilla\Firefox\Profiles\dnv4lkeo.default\cookies.txt -> TrackingCookie.Imrworldwide : No action taken.
:mozilla.109:C:\Documents and Settings\KaFutPoon\Application Data\Mozilla\Firefox\Profiles\dnv4lkeo.default\cookies.txt -> TrackingCookie.Information : No action taken.
:mozilla.110:C:\Documents and Settings\KaFutPoon\Application Data\Mozilla\Firefox\Profiles\dnv4lkeo.default\cookies.txt -> TrackingCookie.Information : No action taken.
:mozilla.111:C:\Documents and Settings\KaFutPoon\Application Data\Mozilla\Firefox\Profiles\dnv4lkeo.default\cookies.txt -> TrackingCookie.Information : No action taken.
:mozilla.112:C:\Documents and Settings\KaFutPoon\Application Data\Mozilla\Firefox\Profiles\dnv4lkeo.default\cookies.txt -> TrackingCookie.Information : No action taken.
:mozilla.117:C:\Documents and Settings\KaFutPoon\Application Data\Mozilla\Firefox\Profiles\dnv4lkeo.default\cookies.txt -> TrackingCookie.Information : No action taken.
:mozilla.514:C:\Documents and Settings\KaFutPoon\Application Data\Mozilla\Firefox\Profiles\dnv4lkeo.default\cookies.txt -> TrackingCookie.Live : No action taken.
:mozilla.515:C:\Documents and Settings\KaFutPoon\Application Data\Mozilla\Firefox\Profiles\dnv4lkeo.default\cookies.txt -> TrackingCookie.Live : No action taken.
:mozilla.516:C:\Documents and Settings\KaFutPoon\Application Data\Mozilla\Firefox\Profiles\dnv4lkeo.default\cookies.txt -> TrackingCookie.Live : No action taken.
C:\Documents and Settings\KaFutPoon\Cookies\kafutpoon@search.live[1].txt -> TrackingCookie.Live : No action taken.
:mozilla.517:C:\Documents and Settings\KaFutPoon\Application Data\Mozilla\Firefox\Profiles\dnv4lkeo.default\cookies.txt -> TrackingCookie.Liveperson : No action taken.
:mozilla.518:C:\Documents and Settings\KaFutPoon\Application Data\Mozilla\Firefox\Profiles\dnv4lkeo.default\cookies.txt -> TrackingCookie.Liveperson : No action taken.
:mozilla.65:C:\Documents and Settings\KaFutPoon\Application Data\Mozilla\Firefox\Profiles\dnv4lkeo.default\cookies.txt -> TrackingCookie.Mediaplex : No action taken.
C:\Documents and Settings\KaFutPoon\Cookies\kafutpoon@mediaplex[2].txt -> TrackingCookie.Mediaplex : No action taken.
C:\Documents and Settings\KaFutPoon\Cookies\kafutpoon@search.msn[2].txt -> TrackingCookie.Msn : No action taken.
:mozilla.415:C:\Documents and Settings\KaFutPoon\Application Data\Mozilla\Firefox\Profiles\dnv4lkeo.default\cookies.txt -> TrackingCookie.Myaffiliateprogram : No action taken.
C:\Documents and Settings\KaFutPoon\Cookies\kafutpoon@www.myaffiliateprogram[1].txt -> TrackingCookie.Myaffiliateprogram : No action taken.
C:\Documents and Settings\KaFutPoon\Cookies\kafutpoon@ssl-hints.netflame[2].txt -> TrackingCookie.Netflame : No action taken.
:mozilla.519:C:\Documents and Settings\KaFutPoon\Application Data\Mozilla\Firefox\Profiles\dnv4lkeo.default\cookies.txt -> TrackingCookie.Onestat : No action taken.
:mozilla.520:C:\Documents and Settings\KaFutPoon\Application Data\Mozilla\Firefox\Profiles\dnv4lkeo.default\cookies.txt -> TrackingCookie.Onestat : No action taken.
:mozilla.306:C:\Documents and Settings\KaFutPoon\Application Data\Mozilla\Firefox\Profiles\dnv4lkeo.default\cookies.txt -> TrackingCookie.Overture : No action taken.
:mozilla.308:C:\Documents and Settings\KaFutPoon\Application Data\Mozilla\Firefox\Profiles\dnv4lkeo.default\cookies.txt -> TrackingCookie.Overture : No action taken.
C:\Documents and Settings\KaFutPoon\Cookies\kafutpoon@data3.perf.overture[1].txt -> TrackingCookie.Overture : No action taken.
C:\Documents and Settings\KaFutPoon\Cookies\kafutpoon@overture[1].txt -> TrackingCookie.Overture : No action taken.
C:\Documents and Settings\KaFutPoon\Cookies\kafutpoon@perf.overture[1].txt -> TrackingCookie.Overture : No action taken.
:mozilla.559:C:\Documents and Settings\KaFutPoon\Application Data\Mozilla\Firefox\Profiles\dnv4lkeo.default\cookies.txt -> TrackingCookie.Paypal : No action taken.
C:\Documents and Settings\KaFutPoon\Cookies\kafutpoon@www.paypal[1].txt -> TrackingCookie.Paypal : No action taken.
:mozilla.66:C:\Documents and Settings\KaFutPoon\Application Data\Mozilla\Firefox\Profiles\dnv4lkeo.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.67:C:\Documents and Settings\KaFutPoon\Application Data\Mozilla\Firefox\Profiles\dnv4lkeo.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.68:C:\Documents and Settings\KaFutPoon\Application Data\Mozilla\Firefox\Profiles\dnv4lkeo.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.69:C:\Documents and Settings\KaFutPoon\Application Data\Mozilla\Firefox\Profiles\dnv4lkeo.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.70:C:\Documents and Settings\KaFutPoon\Application Data\Mozilla\Firefox\Profiles\dnv4lkeo.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
C:\Documents and Settings\KaFutPoon\Cookies\kafutpoon@ads.pointroll[2].txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.321:C:\Documents and Settings\KaFutPoon\Application Data\Mozilla\Firefox\Profiles\dnv4lkeo.default\cookies.txt -> TrackingCookie.Questionmarket : No action taken.
:mozilla.322:C:\Documents and Settings\KaFutPoon\Application Data\Mozilla\Firefox\Profiles\dnv4lkeo.default\cookies.txt -> TrackingCookie.Questionmarket : No action taken.
:mozilla.323:C:\Documents and Settings\KaFutPoon\Application Data\Mozilla\Firefox\Profiles\dnv4lkeo.default\cookies.txt -> TrackingCookie.Questionmarket : No action taken.
C:\Documents and Settings\KaFutPoon\Cookies\kafutpoon@questionmarket[1].txt -> TrackingCookie.Questionmarket : No action taken.
:mozilla.92:C:\Documents and Settings\KaFutPoon\Application Data\Mozilla\Firefox\Profiles\dnv4lkeo.default\cookies.txt -> TrackingCookie.Realmedia : No action taken.
:mozilla.93:C:\Documents and Settings\KaFutPoon\Application Data\Mozilla\Firefox\Profiles\dnv4lkeo.default\cookies.txt -> TrackingCookie.Realmedia : No action taken.
:mozilla.94:C:\Documents and Settings\KaFutPoon\Application Data\Mozilla\Firefox\Profiles\dnv4lkeo.default\cookies.txt -> TrackingCookie.Realmedia : No action taken.
C:\Documents and Settings\KaFutPoon\Cookies\kafutpoon@realmedia[1].txt -> TrackingCookie.Realmedia : No action taken.
:mozilla.114:C:\Documents and Settings\KaFutPoon\Application Data\Mozilla\Firefox\Profiles\dnv4lkeo.default\cookies.txt -> TrackingCookie.Revenue : No action taken.
:mozilla.330:C:\Documents and Settings\KaFutPoon\Application Data\Mozilla\Firefox\Profiles\dnv4lkeo.default\cookies.txt -> TrackingCookie.Revsci : No action taken.
:mozilla.331:C:\Documents and Settings\KaFutPoon\Application Data\Mozilla\Firefox\Profiles\dnv4lkeo.default\cookies.txt -> TrackingCookie.Revsci : No action taken.
:mozilla.332:C:\Documents and Settings\KaFutPoon\Application Data\Mozilla\Firefox\Profiles\dnv4lkeo.default\cookies.txt -> TrackingCookie.Revsci : No action taken.
:mozilla.333:C:\Documents and Settings\KaFutPoon\Application Data\Mozilla\Firefox\Profiles\dnv4lkeo.default\cookies.txt -> TrackingCookie.Revsci : No action taken.
:mozilla.334:C:\Documents and Settings\KaFutPoon\Application Data\Mozilla\Firefox\Profiles\dnv4lkeo.default\cookies.txt -> TrackingCookie.Revsci : No action taken.
:mozilla.335:C:\Documents and Settings\KaFutPoon\Application Data\Mozilla\Firefox\Profiles\dnv4lkeo.default\cookies.txt -> TrackingCookie.Revsci : No action taken.
:mozilla.336:C:\Documents and Settings\KaFutPoon\Application Data\Mozilla\Firefox\Profiles\dnv4lkeo.default\cookies.txt -> TrackingCookie.Revsci : No action taken.
:mozilla.337:C:\Documents and Settings\KaFutPoon\Application Data\Mozilla\Firefox\Profiles\dnv4lkeo.default\cookies.txt -> TrackingCookie.Revsci : No action taken.
:mozilla.427:C:\Documents and Settings\KaFutPoon\Application Data\Mozilla\Firefox\Profiles\dnv4lkeo.default\cookies.txt -> TrackingCookie.Revsci : No action taken.
C:\Documents and Settings\KaFutPoon\Cookies\kafutpoon@revsci[2].txt -> TrackingCookie.Revsci : No action taken.
:mozilla.200:C:\Documents and Settings\KaFutPoon\Application Data\Mozilla\Firefox\Profiles\dnv4lkeo.default\cookies.txt -> TrackingCookie.Ru4 : No action taken.
:mozilla.201:C:\Documents and Settings\KaFutPoon\Application Data\Mozilla\Firefox\Profiles\dnv4lkeo.default\cookies.txt -> TrackingCookie.Ru4 : No action taken.
:mozilla.202:C:\Documents and Settings\KaFutPoon\Application Data\Mozilla\Firefox\Profiles\dnv4lkeo.default\cookies.txt -> TrackingCookie.Ru4 : No action taken.
:mozilla.203:C:\Documents and Settings\KaFutPoon\Application Data\Mozilla\Firefox\Profiles\dnv4lkeo.default\cookies.txt -> TrackingCookie.Ru4 : No action taken.
:mozilla.165:C:\Documents and Settings\KaFutPoon\Application Data\Mozilla\Firefox\Profiles\dnv4lkeo.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.346:C:\Documents and Settings\KaFutPoon\Application Data\Mozilla\Firefox\Profiles\dnv4lkeo.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.347:C:\Documents and Settings\KaFutPoon\Application Data\Mozilla\Firefox\Profiles\dnv4lkeo.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.348:C:\Documents and Settings\KaFutPoon\Application Data\Mozilla\Firefox\Profiles\dnv4lkeo.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.349:C:\Documents and Settings\KaFutPoon\Application Data\Mozilla\Firefox\Profiles\dnv4lkeo.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.350:C:\Documents and Settings\KaFutPoon\Application Data\Mozilla\Firefox\Profiles\dnv4lkeo.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
C:\Documents and Settings\KaFutPoon\Cookies\kafutpoon@bs.serving-sys[2].txt -> TrackingCookie.Serving-sys : No action taken.
C:\Documents and Settings\KaFutPoon\Cookies\kafutpoon@serving-sys[2].txt -> TrackingCookie.Serving-sys : No action taken.
C:\Documents and Settings\KaFutPoon\Cookies\kafutpoon@skype[1].txt -> TrackingCookie.Skype : No action taken.
:mozilla.369:C:\Documents and Settings\KaFutPoon\Application Data\Mozilla\Firefox\Profiles\dnv4lkeo.default\cookies.txt -> TrackingCookie.Specificclick : No action taken.
:mozilla.370:C:\Documents and Settings\KaFutPoon\Application Data\Mozilla\Firefox\Profiles\dnv4lkeo.default\cookies.txt -> TrackingCookie.Specificclick : No action taken.
:mozilla.371:C:\Documents and Settings\KaFutPoon\Application Data\Mozilla\Firefox\Profiles\dnv4lkeo.default\cookies.txt -> TrackingCookie.Specificclick : No action taken.
:mozilla.372:C:\Documents and Settings\KaFutPoon\Application Data\Mozilla\Firefox\Profiles\dnv4lkeo.default\cookies.txt -> TrackingCookie.Specificclick : No action taken.
:mozilla.373:C:\Documents and Settings\KaFutPoon\Application Data\Mozilla\Firefox\Profiles\dnv4lkeo.default\cookies.txt -> TrackingCookie.Specificclick : No action taken.
C:\Documents and Settings\KaFutPoon\Cookies\kafutpoon@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : No action taken.
C:\Documents and Settings\KaFutPoon\Cookies\kafutpoon@specificclick[1].txt -> TrackingCookie.Specificclick : No action taken.
:mozilla.85:C:\Documents and Settings\KaFutPoon\Application Data\Mozilla\Firefox\Profiles\dnv4lkeo.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.100:C:\Documents and Settings\KaFutPoon\Application Data\Mozilla\Firefox\Profiles\dnv4lkeo.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.429:C:\Documents and Settings\KaFutPoon\Application Data\Mozilla\Firefox\Profiles\dnv4lkeo.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.97:C:\Documents and Settings\KaFutPoon\Application Data\Mozilla\Firefox\Profiles\dnv4lkeo.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.98:C:\Documents and Settings\KaFutPoon\Application Data\Mozilla\Firefox\Profiles\dnv4lkeo.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.99:C:\Documents and Settings\KaFutPoon\Application Data\Mozilla\Firefox\Profiles\dnv4lkeo.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
C:\Documents and Settings\KaFutPoon\Cookies\kafutpoon@tacoda[1].txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.391:C:\Documents and Settings\KaFutPoon\Application Data\Mozilla\Firefox\Profiles\dnv4lkeo.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.392:C:\Documents and Settings\KaFutPoon\Application Data\Mozilla\Firefox\Profiles\dnv4lkeo.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.393:C:\Documents and Settings\KaFutPoon\Application Data\Mozilla\Firefox\Profiles\dnv4lkeo.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.394:C:\Documents and Settings\KaFutPoon\Application Data\Mozilla\Firefox\Profiles\dnv4lkeo.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.395:C:\Documents and Settings\KaFutPoon\Application Data\Mozilla\Firefox\Profiles\dnv4lkeo.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.396:C:\Documents and Settings\KaFutPoon\Application Data\Mozilla\Firefox\Profiles\dnv4lkeo.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.397:C:\Documents and Settings\KaFutPoon\Application Data\Mozilla\Firefox\Profiles\dnv4lkeo.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.398:C:\Documents and Settings\KaFutPoon\Application Data\Mozilla\Firefox\Profiles\dnv4lkeo.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.399:C:\Documents and Settings\KaFutPoon\Application Data\Mozilla\Firefox\Profiles\dnv4lkeo.default\cookies.txt -> TrackingCookie.Trafic : No action taken.
C:\Documents and Settings\KaFutPoon\Cookies\kafutpoon@trafic[1].txt -> TrackingCookie.Trafic : No action taken.
:mozilla.400:C:\Documents and Settings\KaFutPoon\Application Data\Mozilla\Firefox\Profiles\dnv4lkeo.default\cookies.txt -> TrackingCookie.Tribalfusion : No action taken.
C:\Documents and Settings\KaFutPoon\Cookies\kafutpoon@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : No action taken.
C:\Documents and Settings\KaFutPoon\Cookies\kafutpoon@m.webtrends[1].txt -> TrackingCookie.Webtrends : No action taken.
:mozilla.421:C:\Documents and Settings\KaFutPoon\Application Data\Mozilla\Firefox\Profiles\dnv4lkeo.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.422:C:\Documents and Settings\KaFutPoon\Application Data\Mozilla\Firefox\Profiles\dnv4lkeo.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.423:C:\Documents and Settings\KaFutPoon\Application Data\Mozilla\Firefox\Profiles\dnv4lkeo.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.424:C:\Documents and Settings\KaFutPoon\Application Data\Mozilla\Firefox\Profiles\dnv4lkeo.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
C:\Documents and Settings\KaFutPoon\Cookies\kafutpoon@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : No action taken.
C:\Documents and Settings\KaFutPoon\Cookies\kafutpoon@zedo[1].txt -> TrackingCookie.Zedo : No action taken.


::Report end

 

Hi
Can I ask why you haven't followed through in this form?
http://forums.spybot.info/showthread.php?t=13129

Shaba seems to have been helping you, so why did you come here?

Geri

 

It is because both of you are giving me two different instructions of solving this problem, and I want to see which one is more effective in dealing with the spyware that i have been infected. Besides, two people will be more efficient in helping me to remove all the spyware. I really worry about my computer, so i want to make sure that my computer is totally free from spyware or virus (brand new), that's why i post mine in two forums. I am sorry if it means something bad to you.

 

Hi Justinpoon

That is not true, One of us is getting Old information. If Shaba has you use killbox to remove something, then the HJT log you have posted for us to look at is out of date because some things have been cleaned after you have posted it.

Go back to Shaba and have him fix your computer, "IF" he can not then come back here for our opinion.

I will ask that this thread be locked.

Geri

 

I'm locking this thread as the OP is getting help in the forum linked above. We cannot have two people helping one person. It is not fair to others seeking assiatance.