Hi there. Recently i have been infected with certain viruses/spyware that makes my computer run very very very slow as well as some restarting issues. Also, there are consistent pop ups from IE from certain sites and something keeps on installing toolbars in my IE no matter how many times I tried to uninstall them. They restart my computer as well! I already ran a few anti-virus/spyware programs but they couldn't get rid of these viruses. I also have norton installed so i don't konw how norton could have let this happen!! Here's my HijackThis log. Any help will be greatly appreciated!!! Many thanks!!!

Logfile of HijackThis v1.99.1
Scan saved at 8:26:53 PM, on 1/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Svchost.exe
C:\WINDOWS\system32\Rpcs11.exe
C:\WINDOWS\SYSTEM32\RUNDLL32.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\svchost.exe
c:\windows\system32\wbem\lsass.exe
C:\WINDOWS\Explorer.EXE
C:\program files\internet explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\conime.exe
C:\WINDOWS\system32F9C1456A.EXEA.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\program files\internet explorer\iexplore.exe
C:\WINDOWS\system32\taskmgr.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\windows\system32\svhostz4.exe
C:\Program Files\BitComet\BitComet.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\rund1132.exe
C:\Program Files\Trend Micro\Tmasy\Tmasy.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32F9C1456A.EXEA.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Owner\Desktop\HijackThis.exe
C:\WINDOWS\system32\drwtsn32.exe

R3 - URLSearchHook: soso - {F5993947-3A35-4C47-8901-E7FD39C5D386} - C:\Program Files\soso\soso.dll
F2 - REG:system.ini: UserInit=userinit.exe,rundll32.exe C:\WINDOWS\system32\winsys16_070109.dll start
O2 - BHO: XBTP02083 - {336BA351-3E92-40d7-8227-53E9F88ED488} - C:\PROGRA~1\ENNEE÷÷11??~~1\soso.dll (file missing)
O2 - BHO: Info cache - {385AB8C6-FB22-4D17-8834-064E2BA0A6F0} - C:\Documents and Settings\All Users\Application Data\Microsoft\PCTools\pctools.dll
O2 - BHO: AppPalus Class - {4073BC3D-25C0-425E-BAA0-C3974145679C} - C:\WINDOWS\jdsthu2.dll
O2 - BHO: XBTP01627 - {4C666711-582C-485c-93BA-33F4DFC19981} - C:\PROGRA~1\soso\soso.dll
O2 - BHO: uhtu - {521D6F42-A27F-4402-8474-7EF6ADBC94FF} - C:\PROGRA~1\aqsa\eude.dll (file missing)
O2 - BHO: CdnForIE Class - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} - C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll (file missing)
O2 - BHO: EμOAENE÷ - {6CFD436C-7AAD-4e50-992F-C0C87A94CAD2} - C:\Program Files\superutilbar\superutilbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {96FC3938-C6CA-475D-8D3B-45F323A6B62B} - (no file)
O2 - BHO: (no name) - {B432D70A-E457-4DBD-823F-B88095FADB54} - C:\WINDOWS\system32\cgpbgjksevvjn.dll
O2 - BHO: baiduba Class - {CE7C3CF0-4B15-11D1-ABED-709549C18686} - C:\WINDOWS\baiduba\baiduba.dll
O2 - BHO: IEHlprObj Class - {DE7C3CF0-4B15-11D1-ABED-709549C10000} - C:\WINDOWS\POPNTS.DLL
O2 - BHO: (no name) - {E5A7A15F-213F-4FCF-8DE7-D388F9FB09EB} - C:\WINDOWS\system32\cnwin.dll (file missing)
O2 - BHO: (no name) - {E9020D2E-DEC9-4EBE-B38D-E1E6AE13D13F} - C:\WINDOWS\system32\wwtjdhwmllllp.dll
O3 - Toolbar: EμOAENE÷1??sIo2.0 - {03465FF5-00AE-411a-9C34-960ED566EC03} - C:\Program Files\superutilbar\superutilbar.dll
O3 - Toolbar: ·j¯A?u‥a? - {50E15C78-DC91-4ABE-A8DC-5261058BB7D8} - C:\Program Files\ENE÷1??sA﹐\soso.dll (file missing)
O3 - Toolbar: soso - {F5993947-3A35-4C47-8901-E7FD39C5D386} - C:\Program Files\soso\soso.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [mhsystem] C:\DOCUME~1\Owner\LOCALS~1\Temp\mhsystem.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [sdafdsafds] D;]XJOEPXT]ufnq]te264/fyf
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [wdfmgr32] C:\WINDOWS\system32\wdfmgr32.exe
O4 - HKLM\..\Run: [dfsf] RUNDLL32.EXE C:\WINDOWS\system\Mvvp.dll,DImmcv
O4 - HKLM\..\Run: [AutoSys] C:\WINDOWS\system32\autosys.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SvcManager] svhostz4.exe
O4 - HKLM\..\Run: [496j97vmv] rundll32.exe C:\WINDOWS\g63s84fhqr.dll _start@16
O4 - HKLM\..\RunOnce: [CPushSetup] "C:\WINDOWS\system32\regsvr32.exe" /s "C:\Program Files\Common Files\CPUSH\cpush.dll"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5
O4 - HKCU\..\Run: [sys001] C:\WINDOWS\rund1132.exe
O4 - HKCU\..\Run: [UUpdate] C:\Program Files\UUSee\UUpdate.exe
O4 - HKCU\..\Run: [updatereal] C:\WINDOWS\realupdate.exe other
O4 - HKCU\..\Run: [winsamps] C:\WINDOWS\winamps.exe
O4 - Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmasy\Tmasy.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Download by NetAnts - C:\PROGRA~1\NetAnts\NAGet.htm
O8 - Extra context menu item: Download &All by NetAnts - C:\PROGRA~1\NetAnts\NAGetAll.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: 訪問通用網址 - C:\Program Files\CNNIC\Cdn\cnnic.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: ·j¯A?u‥a? - {50E15C78-DC91-4ABE-A8DC-5261058BB7D8} - C:\Program Files\ENE÷1??sA﹐\soso.dll (file missing)
O9 - Extra 'Tools' menuitem: ·j¯A?u‥a? - {50E15C78-DC91-4ABE-A8DC-5261058BB7D8} - C:\Program Files\ENE÷1??sA﹐\soso.dll (file missing)
O9 - Extra button: (no name) - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab53083.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab53083.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab53083.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.photolab.ca/Upload/ImageUploader4.cab
O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} (ZPA_TexasHoldem Object) - http://zone.msn.com/bingame/zpagames/zpa_txhe.cab53083.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab53083.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/binframework/v10/StProxy.cab53852.cab
O16 - DPF: {E9A7F56F-C40F-4928-8C6F-7A72F2A25222} (AxRUploadControl Object) - http://www.imagestation.com/common/classes....cab?v=1,0,0,37
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Toolbar) - http://us.dl1.yimg.com/download.companion....bio5_3_16_0.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: ScCardLogn - C:\WINDOWS\ScNotify.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: WebSecurity - {3DD78ACF-0745-4532-94F8-A574457E1A81} - C:\WINDOWS\system32\PvSed.dll (file missing)
O21 - SSODL: SysChunk - {6C5DC6D8-C9AF-43E6-A412-6AA7C582E5C5} - C:\WINDOWS\system32\syschunk.dll
O23 - Service: 68899112 - Unknown owner - C:\WINDOWS\system32\68899112.EXE (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Eraser Service (EraserSvc10633) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: fan.eeewl.com - Unknown owner - C:\WINDOWS\system32\nsvce32.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: pl.eeewl.com - Unknown owner - C:\WINDOWS\system32\nsvce32.exe
O23 - Service: Server Advance (ServerAC) - Unknown owner - C:\WINDOWS\system32\Security.exe (file missing)
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

* First download AVG Anti-Spyware 7.5 from HERE and save that file to your desktop.
This is a 30 day trial of the program

1. Once you have downloaded AVG Anti-Spyware 7.5, locate the icon on the desktop and double-click it to launch the set up program.
2. Once the setup is complete you will need run AVG Anti-Spyware 7.5 and update the definition files.
3. Run AVG Anti-Spyware
4. From the main AVG Anti-Spyware screen, click on Update, then click the Start update button.
5. After the update finishes (the status bar at the bottom will display "Update successful")
6. Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
7. Under "Reports
8. Select "Automatically generate report after every scan"
9. Un-Select "Only if threats were found"

[/list]Close AVG Anti-Spyware 7.5, Do Not run a scan just yet, we will shortly.

* If you do not already have Ad-Aware SE 1.06 installed, follow these download and setup instructions. Also check for updates:
Ad-Aware SE Setup
Again, do NOT run a scan yet.


* Next, please reboot your computer in Safe Mode by doing the following:

1. Restart your computer
2. After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3. Instead of Windows loading as normal, a menu should appear
4. Select the first option, to run Windows in Safe Mode.

* Next, run Ad-aware and perform a full scan. Remove everything found.

1. Lauch AVG Anti-Spyware 7.5 by double-clicking the icon on your desktop.
2. Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
3. AVG Anti-Spyware 7.5 will now begin the scanning process, be patient this may take a little time.
   Once the scan is complete do the following:
4. If you have any infections you will prompted, then select "Apply all actions"
5. Next select the "Reports" icon at the top.
6. Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).

* Restart your computer in normal mode.

* Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 only

Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

If you use Firefox browser

Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

* Now, post a new hijackthis log here with the report of AVG antispyware.

My apologies for gatecrashing this thread, but there are a couple of files we'd like to have a closer look at:

They look to be relatively new parasites, so we'd like to receive samples for analysis!

Please download Killbox.
Click killbox.exe.
Select the option "Delete on reboot".
Click the button: All Files (!important!)

Next, copy the following four bold lines:

C:\Program Files\soso\soso.dll
C:\WINDOWS\jdsthu2.dll
C:\WINDOWS\system32\cgpbgjksevvjn.dll
C:\WINDOWS\system32\wwtjdhwmllllp.dll

Open 'file' in the killboxmenu on top and choose Paste from clipboard

Then press the button that looks like a red circle with a white X in it.
Killbox will tell you that all listed files will be removed on next reboot and asks if you would like to Reboot now, click YES
If you don't get that message, reboot manually.

Your computer should reboot now.

Now please go to this forum

There's no need to register. Just start a new topic, titled "Files for TonyKlein".

In the topic, simply refer to this CCleaner forum thread, and use the Attachment box to upload the C:\Killbox\ file

NOTE: You will not see the files that have been uploaded (including the ones you upload yourself) as they only show to the authorised users who can download them


After that I'll be happy to leave you in Jurgenv's most capable hands!

Thanks!

thanks for the help!!

here's the logs...

Logfile of HijackThis v1.99.1
Scan saved at 11:45:02 PM, on 1/13/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

R3 - URLSearchHook: (no name) - {F5993947-3A35-4C47-8901-E7FD39C5D386} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe,rundll32.exe C:\WINDOWS\system32\winsys16_070112.dll start
O2 - BHO: XBTP02083 - {336BA351-3E92-40d7-8227-53E9F88ED488} - C:\PROGRA~1\ENNEE÷÷11??~~1\soso.dll (file missing)
O2 - BHO: Info cache - {385AB8C6-FB22-4D17-8834-064E2BA0A6F0} - C:\Documents and Settings\All Users\Application Data\Microsoft\PCTools\pctools.dll
O2 - BHO: AppPalus Class - {4073BC3D-25C0-425E-BAA0-C3974145679C} - C:\WINDOWS\jdsthu2.dll
O2 - BHO: uhtu - {521D6F42-A27F-4402-8474-7EF6ADBC94FF} - C:\PROGRA~1\aqsa\eude.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: CdnForIE Class - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} - C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll (file missing)
O2 - BHO: EμOAENE÷ - {6CFD436C-7AAD-4e50-992F-C0C87A94CAD2} - C:\Program Files\superutilbar\superutilbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {96FC3938-C6CA-475D-8D3B-45F323A6B62B} - (no file)
O2 - BHO: (no name) - {B432D70A-E457-4DBD-823F-B88095FADB54} - C:\WINDOWS\system32\cgpbgjksevvjn.dll
O2 - BHO: baiduba Class - {CE7C3CF0-4B15-11D1-ABED-709549C18686} - C:\WINDOWS\baiduba\baiduba.dll
O2 - BHO: IEHlprObj Class - {DE7C3CF0-4B15-11D1-ABED-709549C10000} - C:\WINDOWS\POPNTS.DLL (file missing)
O2 - BHO: (no name) - {E5A7A15F-213F-4FCF-8DE7-D388F9FB09EB} - C:\WINDOWS\system32\cnwin.dll (file missing)
O2 - BHO: (no name) - {E9020D2E-DEC9-4EBE-B38D-E1E6AE13D13F} - C:\WINDOWS\system32\kfhvegxrohiam.dll
O3 - Toolbar: EμOAENE÷1??sIo2.0 - {03465FF5-00AE-411a-9C34-960ED566EC03} - C:\Program Files\superutilbar\superutilbar.dll
O3 - Toolbar: ·j¯A?u‥a? - {50E15C78-DC91-4ABE-A8DC-5261058BB7D8} - C:\Program Files\ENE÷1??sA﹐\soso.dll (file missing)
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [mhsystem] C:\DOCUME~1\Owner\LOCALS~1\Temp\mhsystem.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [sdafdsafds] D;]XJOEPXT]ufnq]te264/fyf
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [dfsf] RUNDLL32.EXE C:\WINDOWS\system\Mvvp.dll,DImmcv
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SvcManager] svhostz4.exe
O4 - HKLM\..\Run: [496j97vmv] rundll32.exe C:\WINDOWS\g63s84fhqr.dll _start@16
O4 - HKLM\..\Run: [e1vls4kdb] rundll32.exe C:\WINDOWS\eo695vc989.dll _start@16
O4 - HKLM\..\RunOnce: [CPushSetup] "C:\WINDOWS\system32\regsvr32.exe" /s "C:\Program Files\Common Files\CPUSH\cpush.dll"
O4 - HKLM\..\RunOnce: [zaxfen67] %systemroot%\system32\Rundll32.exe %systemroot%\system32\zaxfen67.dll,DllUnregisterServer
O4 - HKLM\..\RunOnce: [vbhdpl29] %systemroot%\system32\Rundll32.exe %systemroot%\system32\vbhdpl29.dll,DllUnregisterServer
O4 - HKLM\..\RunOnce: [uoaaeg83] %systemroot%\system32\Rundll32.exe %systemroot%\system32\uoaaeg83.dll,DllUnregisterServer
O4 - HKLM\..\RunOnce: [fwofmd41] %systemroot%\system32\Rundll32.exe %systemroot%\system32\fwofmd41.dll,DllUnregisterServer
O4 - HKLM\..\RunOnce: [bcarqa64] %systemroot%\system32\Rundll32.exe %systemroot%\system32\bcarqa64.dll,DllUnregisterServer
O4 - HKLM\..\RunOnce: [tfiem] %systemroot%\system32\Rundll32.exe %systemroot%\system32\tfiem.dll,DllUnregisterServer
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5
O4 - HKCU\..\Run: [sys001] C:\WINDOWS\rund1132.exe
O4 - HKCU\..\Run: [UUpdate] C:\Program Files\UUSee\UUpdate.exe
O4 - HKCU\..\Run: [updatereal] C:\WINDOWS\realupdate.exe other
O4 - HKCU\..\Run: [winsamps] C:\WINDOWS\winamps.exe
O4 - Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmasy\Tmasy.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Download by NetAnts - C:\PROGRA~1\NetAnts\NAGet.htm
O8 - Extra context menu item: Download &All by NetAnts - C:\PROGRA~1\NetAnts\NAGetAll.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: 訪問通用網址 - C:\Program Files\CNNIC\Cdn\cnnic.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: ·j¯A?u‥a? - {50E15C78-DC91-4ABE-A8DC-5261058BB7D8} - C:\Program Files\ENE÷1??sA﹐\soso.dll (file missing)
O9 - Extra 'Tools' menuitem: ·j¯A?u‥a? - {50E15C78-DC91-4ABE-A8DC-5261058BB7D8} - C:\Program Files\ENE÷1??sA﹐\soso.dll (file missing)
O9 - Extra button: (no name) - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab53083.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab53083.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab53083.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.photolab.ca/Upload/ImageUploader4.cab
O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} (ZPA_TexasHoldem Object) - http://zone.msn.com/bingame/zpagames/zpa_txhe.cab53083.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab53083.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/binframework/v10/StProxy.cab53852.cab
O16 - DPF: {E9A7F56F-C40F-4928-8C6F-7A72F2A25222} (AxRUploadControl Object) - http://www.imagestation.com/common/classes....cab?v=1,0,0,37
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Toolbar) - http://us.dl1.yimg.com/download.companion....bio5_3_16_0.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: ScCardLogn - C:\WINDOWS\ScNotify.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: WebSecurity - {3DD78ACF-0745-4532-94F8-A574457E1A81} - C:\WINDOWS\system32\PvSed.dll (file missing)
O21 - SSODL: SysChunk - {6C5DC6D8-C9AF-43E6-A412-6AA7C582E5C5} - C:\WINDOWS\system32\syschunk.dll
O23 - Service: 68899112 - Unknown owner - C:\WINDOWS\system32\68899112.EXE (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Eraser Service (EraserSvc10633) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: fan.eeewl.com - Unknown owner - C:\WINDOWS\system32\nsvce32.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: pl.eeewl.com - Unknown owner - C:\WINDOWS\system32\nsvce32.exe
O23 - Service: Server Advance (ServerAC) - Unknown owner - C:\WINDOWS\system32\Security.exe (file missing)
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe






---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 11:41:22 PM 1/13/2007

+ Scan result:



C:\System Volume Information\_restore{20A6E07E-6D51-4732-A00C-C07FC8572162}\RP698\A0116261.exe -> Adware.91Cast : Cleaned with backup (quarantined).
C:\WINDOWS\okads064.exe -> Adware.AdMoke : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{20A6E07E-6D51-4732-A00C-C07FC8572162}\RP697\A0106967.dll -> Adware.AlexaBar : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{20A6E07E-6D51-4732-A00C-C07FC8572162}\RP697\A0107073.dll -> Adware.AlexaBar : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{20A6E07E-6D51-4732-A00C-C07FC8572162}\RP698\A0113156.dll -> Adware.AlexaBar : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{20A6E07E-6D51-4732-A00C-C07FC8572162}\RP698\A0113157.dll -> Adware.AlexaBar : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{20A6E07E-6D51-4732-A00C-C07FC8572162}\RP697\A0108955.dll -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{20A6E07E-6D51-4732-A00C-C07FC8572162}\RP697\A0108999.exe -> Adware.CDN : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{20A6E07E-6D51-4732-A00C-C07FC8572162}\RP697\A0109003.exe -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{20A6E07E-6D51-4732-A00C-C07FC8572162}\RP697\A0109005.dll -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{20A6E07E-6D51-4732-A00C-C07FC8572162}\RP697\A0109006.dll -> Adware.CDN : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{20A6E07E-6D51-4732-A00C-C07FC8572162}\RP698\A0116259.dll -> Adware.Eztracks : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{20A6E07E-6D51-4732-A00C-C07FC8572162}\RP698\A0116260.dll -> Adware.Eztracks : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\AutoSys -> Adware.Generic : Cleaned with backup (quarantined).
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C95FE080-8F5D-11D2-A20B-00AA003C157A} -> Adware.Generic : Cleaned with backup (quarantined).
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F1FABE79-25FC-46DE-8C5A-2C6DB9D64333} -> Adware.Generic : Cleaned with backup (quarantined).
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C95FE080-8F5D-11D2-A20B-00AA003C157A} -> Adware.Generic : Cleaned with backup (quarantined).
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F1FABE79-25FC-46DE-8C5A-2C6DB9D64333} -> Adware.Generic : Cleaned with backup (quarantined).
HKU\S-1-5-21-842925246-879983540-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C95FE080-8F5D-11D2-A20B-00AA003C157A} -> Adware.Generic : Cleaned with backup (quarantined).
HKU\S-1-5-21-842925246-879983540-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F1FABE79-25FC-46DE-8C5A-2C6DB9D64333} -> Adware.Generic : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{20A6E07E-6D51-4732-A00C-C07FC8572162}\RP697\A0109002.dll -> Adware.LinkMedia : Cleaned with backup (quarantined).
C:\WINDOWS\system32\sdmAgent30.dll -> Adware.LinkMedia : Cleaned with backup (quarantined).
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CEFF6CD-6F08-4E4D-BCCD-FF7415288C3B} -> Adware.TitanShieldAntispyware : Cleaned with backup (quarantined).
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CEFF6CD-6F08-4E4D-BCCD-FF7415288C3B} -> Adware.TitanShieldAntispyware : Cleaned with backup (quarantined).
HKU\S-1-5-21-842925246-879983540-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CEFF6CD-6F08-4E4D-BCCD-FF7415288C3B} -> Adware.TitanShieldAntispyware : Cleaned with backup (quarantined).
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shcnyttl.dll -> Backdoor.Agent.aex : Cleaned with backup (quarantined).
C:\Program Files\Internet Explorer\giiuvbcs.dll -> Backdoor.Agent.aex : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{20A6E07E-6D51-4732-A00C-C07FC8572162}\RP686\A0102660.dll -> Backdoor.Agent.aex : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{20A6E07E-6D51-4732-A00C-C07FC8572162}\RP686\A0102662.dll -> Backdoor.Agent.aex : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{20A6E07E-6D51-4732-A00C-C07FC8572162}\RP686\A0102663.dll -> Backdoor.Agent.aex : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{20A6E07E-6D51-4732-A00C-C07FC8572162}\RP686\A0102665.dll -> Backdoor.Agent.aex : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{20A6E07E-6D51-4732-A00C-C07FC8572162}\RP686\A0102669.dll -> Backdoor.Agent.aex : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{20A6E07E-6D51-4732-A00C-C07FC8572162}\RP686\A0102670.dll -> Backdoor.Agent.aex : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{20A6E07E-6D51-4732-A00C-C07FC8572162}\RP686\A0102674.dll -> Backdoor.Agent.aex : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{20A6E07E-6D51-4732-A00C-C07FC8572162}\RP683\A0099691.exe -> Backdoor.Agent.ajq : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{20A6E07E-6D51-4732-A00C-C07FC8572162}\RP684\A0100690.exe -> Backdoor.Agent.ajq : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{20A6E07E-6D51-4732-A00C-C07FC8572162}\RP684\A0101593.exe -> Backdoor.Agent.ajq : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{20A6E07E-6D51-4732-A00C-C07FC8572162}\RP685\A0102631.exe -> Backdoor.Agent.ajq : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{20A6E07E-6D51-4732-A00C-C07FC8572162}\RP685\A0102632.exe -> Backdoor.Agent.ajq : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{20A6E07E-6D51-4732-A00C-C07FC8572162}\RP686\A0102656.exe -> Backdoor.Agent.ajq : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{20A6E07E-6D51-4732-A00C-C07FC8572162}\RP686\A0102676.dll -> Backdoor.Agent.ajq : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{20A6E07E-6D51-4732-A00C-C07FC8572162}\RP686\A0103584.dll -> Backdoor.Agent.ajq : Cleaned with backup (quarantined).
C:\WINDOWS\system32\BHO04.dll -> Downloader.Age : Cleaned with backup (quarantined).
C:\Program Files\Common Files\cloader\32vegas\logos\cloader_idrpr.exe -> Downloader.Agent.c : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{20A6E07E-6D51-4732-A00C-C07FC8572162}\RP697\A0107083.exe -> Downloader.Cryptic.f : Cleaned with backup (quarantined).
C:\WINDOWS\system32\wdfmgr32.exe -> Downloader.Cryptic.f : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{20A6E07E-6D51-4732-A00C-C07FC8572162}\RP690\A0106774.dll -> Downloader.QQHelper.ep : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{20A6E07E-6D51-4732-A00C-C07FC8572162}\RP690\A0106775.dll -> Downloader.QQHelper.ep : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{20A6E07E-6D51-4732-A00C-C07FC8572162}\RP690\A0106776.dll -> Downloader.QQHelper.ep : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{20A6E07E-6D51-4732-A00C-C07FC8572162}\RP690\A0106777.dll -> Downloader.QQHelper.ep : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{20A6E07E-6D51-4732-A00C-C07FC8572162}\RP691\A0106782.dll -> Downloader.QQHelper.ob : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{20A6E07E-6D51-4732-A00C-C07FC8572162}\RP691\A0106783.dll -> Downloader.QQHelper.ob : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{20A6E07E-6D51-4732-A00C-C07FC8572162}\RP691\A0106784.dll -> Downloader.QQHelper.ob : Cleaned with backup (quarantined).
C:\WINDOWS\system32\aeqaah05.dll -> Downloader.QQHelper.oc : Cleaned with backup (quarantined).
C:\WINDOWS\system32\efwvzp87.dll -> Downloader.QQHelper.oc : Cleaned with backup (quarantined).
C:\WINDOWS\system32\ekykrx39.dll -> Downloader.QQHelper.oc : Cleaned with backup (quarantined).
C:\WINDOWS\system32\hffpxu99.dll -> Downloader.QQHelper.oc : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{20A6E07E-6D51-4732-A00C-C07FC8572162}\RP686\A0103591.EXE -> Downloader.Small.dha : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{20A6E07E-6D51-4732-A00C-C07FC8572162}\RP698\A0113072.DLL -> Downloader.Small.gt : Cleaned with backup (quarantined).
C:\WINDOWS\POPNTS.DLL -> Downloader.Small.gt : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{pchome}\.setupf\avps.exe/POPNTS.DLL -> Downloader.Small.gt : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{20A6E07E-6D51-4732-A00C-C07FC8572162}\RP687\A0104696.dll -> Downloader.VB.art : Cleaned with backup (quarantined).
C:\WINDOWS\system32\drivers\paraudio.sys -> Rootkit.Startpage.b : Cleaned with backup (quarantined).
:mozilla.50:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\auo3gzy1.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.61:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\auo3gzy1.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.62:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\auo3gzy1.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.22:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\auo3gzy1.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.24:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\auo3gzy1.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.35:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\auo3gzy1.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.21:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\auo3gzy1.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.25:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\auo3gzy1.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.26:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\auo3gzy1.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.27:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\auo3gzy1.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.28:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\auo3gzy1.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.45:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\auo3gzy1.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.46:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\auo3gzy1.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.47:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\auo3gzy1.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.48:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\auo3gzy1.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.49:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\auo3gzy1.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
C:\System Volume Information\_restore{20A6E07E-6D51-4732-A00C-C07FC8572162}\RP682\A0099591.ocx -> Trojan.Agent.abf : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{20A6E07E-6D51-4732-A00C-C07FC8572162}\RP683\A0099661.ocx -> Trojan.Agent.abf : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{20A6E07E-6D51-4732-A00C-C07FC8572162}\RP683\A0099694.ocx -> Trojan.Agent.abf : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{20A6E07E-6D51-4732-A00C-C07FC8572162}\RP684\A0100691.ocx -> Trojan.Agent.abf : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{20A6E07E-6D51-4732-A00C-C07FC8572162}\RP684\A0101594.ocx -> Trojan.Agent.abf : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{20A6E07E-6D51-4732-A00C-C07FC8572162}\RP686\A0102675.dll -> Trojan.Agent.abf : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{20A6E07E-6D51-4732-A00C-C07FC8572162}\RP686\A0103583.dll -> Trojan.Agent.abf : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{20A6E07E-6D51-4732-A00C-C07FC8572162}\RP687\A0104693.ocx -> Trojan.Agent.abf : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{20A6E07E-6D51-4732-A00C-C07FC8572162}\RP687\A0104701.ocx -> Trojan.Agent.abf : Cleaned with backup (quarantined).
C:\Program Files\Common Files\z.exe -> Trojan.Agent.adb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{20A6E07E-6D51-4732-A00C-C07FC8572162}\RP683\A0099660.exe -> Trojan.Agent.adb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{20A6E07E-6D51-4732-A00C-C07FC8572162}\RP683\A0099690.exe -> Trojan.Agent.adb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{20A6E07E-6D51-4732-A00C-C07FC8572162}\RP684\A0100688.exe -> Trojan.Agent.adb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{20A6E07E-6D51-4732-A00C-C07FC8572162}\RP684\A0100689.exe -> Trojan.Agent.adb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{20A6E07E-6D51-4732-A00C-C07FC8572162}\RP684\A0101592.exe -> Trojan.Agent.adb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{20A6E07E-6D51-4732-A00C-C07FC8572162}\RP686\A0103615.exe -> Trojan.Agent.adb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{20A6E07E-6D51-4732-A00C-C07FC8572162}\RP698\A0113070.exe -> Trojan.Agent.tl : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{20A6E07E-6D51-4732-A00C-C07FC8572162}\RP698\A0113071.dll -> Trojan.Agent.tl : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{pchome}\.setupf\avps.exe/dllhosts.dll -> Trojan.Agent.tl : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{pchome}\.setupf\avps.exe/novel.exe -> Trojan.Agent.tl : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{pchome}\.setupf\avps.exe/winamps.exe -> Trojan.Agent.tl : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{pchome}\.setupf\dllhosts.dll -> Trojan.Agent.tl : Cleaned with backup (quarantined).
C:\WINDOWS\system32\{pchome}\.setupf\novel.exe -> Trojan.Agent.tl : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{20A6E07E-6D51-4732-A00C-C07FC8572162}\RP686\A0102678.EXE -> Trojan.Agent.zg : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{20A6E07E-6D51-4732-A00C-C07FC8572162}\RP685\A0102636.exe -> Trojan.Delf.lx : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{20A6E07E-6D51-4732-A00C-C07FC8572162}\RP686\A0103592.exe -> Trojan.Delf.lx : Cleaned with backup (quarantined).
C:\Program Files\Common Files\Microsoft Shared\MSInfo\SysInfo.dll -> Trojan.Delf.su : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{20A6E07E-6D51-4732-A00C-C07FC8572162}\RP686\A0102679.dll -> Trojan.Delf.sv : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{20A6E07E-6D51-4732-A00C-C07FC8572162}\RP682\A0099581.dll -> Trojan.Nilage.axk : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{20A6E07E-6D51-4732-A00C-C07FC8572162}\RP683\A0099648.dll -> Trojan.Nilage.axk : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{20A6E07E-6D51-4732-A00C-C07FC8572162}\RP683\A0099678.dll -> Trojan.Nilage.axk : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{20A6E07E-6D51-4732-A00C-C07FC8572162}\RP684\A0100679.dll -> Trojan.Nilage.axk : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{20A6E07E-6D51-4732-A00C-C07FC8572162}\RP684\A0101586.dll -> Trojan.Nilage.axk : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{20A6E07E-6D51-4732-A00C-C07FC8572162}\RP685\A0102612.dll -> Trojan.Nilage.axk : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{20A6E07E-6D51-4732-A00C-C07FC8572162}\RP686\A0102639.dll -> Trojan.Nilage.axk : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{20A6E07E-6D51-4732-A00C-C07FC8572162}\RP686\A0103581.dll -> Trojan.Nilage.axk : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{20A6E07E-6D51-4732-A00C-C07FC8572162}\RP682\A0099583.dll -> Trojan.Nilage.bbb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{20A6E07E-6D51-4732-A00C-C07FC8572162}\RP683\A0099650.dll -> Trojan.Nilage.bbb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{20A6E07E-6D51-4732-A00C-C07FC8572162}\RP683\A0099680.dll -> Trojan.Nilage.bbb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{20A6E07E-6D51-4732-A00C-C07FC8572162}\RP684\A0100681.dll -> Trojan.Nilage.bbb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{20A6E07E-6D51-4732-A00C-C07FC8572162}\RP684\A0101587.dll -> Trojan.Nilage.bbb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{20A6E07E-6D51-4732-A00C-C07FC8572162}\RP685\A0102614.dll -> Trojan.Nilage.bbb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{20A6E07E-6D51-4732-A00C-C07FC8572162}\RP685\A0102637.exe -> Trojan.Nilage.bbb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{20A6E07E-6D51-4732-A00C-C07FC8572162}\RP686\A0102638.dll -> Trojan.Nilage.bbb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{20A6E07E-6D51-4732-A00C-C07FC8572162}\RP686\A0103582.dll -> Trojan.Nilage.bbb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{20A6E07E-6D51-4732-A00C-C07FC8572162}\RP686\A0103593.exe -> Trojan.Nilage.bbb : Cleaned with backup (quarantined).
C:\Program Files\Common Files\Real\Update_OB\pgfkerss.dll -> Trojan.OnLineGames.bt : Cleaned with backup (quarantined).
C:\Program Files\Internet Explorer\gpwnuodp.dll -> Trojan.OnLineGames.bt : Cleaned with backup (quarantined).
C:\Program Files\Internet Explorer\jlmoikoj.dll -> Trojan.OnLineGames.bt : Cleaned with backup (quarantined).
C:\Program Files\Internet Explorer\lrxehsmu.dll -> Trojan.OnLineGames.bt : Cleaned with backup (quarantined).
C:\Program Files\Internet Explorer\oeqxwmih.dll -> Trojan.OnLineGames.bt : Cleaned with backup (quarantined).
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\knuhyatw.dll -> Trojan.OnLineGames.cw : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{20A6E07E-6D51-4732-A00C-C07FC8572162}\RP686\A0102658.dll -> Trojan.OnLineGames.dc : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{20A6E07E-6D51-4732-A00C-C07FC8572162}\RP686\A0102661.dll -> Trojan.OnLineGames.dc : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{20A6E07E-6D51-4732-A00C-C07FC8572162}\RP686\A0102668.dll -> Trojan.OnLineGames.dc : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{20A6E07E-6D51-4732-A00C-C07FC8572162}\RP686\A0102673.dll -> Trojan.OnLineGames.dc : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{20A6E07E-6D51-4732-A00C-C07FC8572162}\RP697\A0109012.exe -> Trojan.ProcKill.DJ : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{20A6E07E-6D51-4732-A00C-C07FC8572162}\RP697\A0109013.exe -> Trojan.ProcKill.DJ : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{20A6E07E-6D51-4732-A00C-C07FC8572162}\RP698\A0113164.exe -> Trojan.ProcKill.DJ : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{20A6E07E-6D51-4732-A00C-C07FC8572162}\RP684\A0101591.sys -> Trojan.QQPass.pg : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{20A6E07E-6D51-4732-A00C-C07FC8572162}\RP687\A0104659.sys -> Trojan.QQPass.pg : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{20A6E07E-6D51-4732-A00C-C07FC8572162}\RP687\A0104661.sys -> Trojan.QQPass.pg : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{20A6E07E-6D51-4732-A00C-C07FC8572162}\RP682\A0099586.vxd -> Trojan.QQPass.rr : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{20A6E07E-6D51-4732-A00C-C07FC8572162}\RP683\A0099653.vxd -> Trojan.QQPass.rr : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{20A6E07E-6D51-4732-A00C-C07FC8572162}\RP683\A0099682.vxd -> Trojan.QQPass.rr : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{20A6E07E-6D51-4732-A00C-C07FC8572162}\RP684\A0100684.vxd -> Trojan.QQPass.rr : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{20A6E07E-6D51-4732-A00C-C07FC8572162}\RP684\A0101583.vxd -> Trojan.QQPass.rr : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{20A6E07E-6D51-4732-A00C-C07FC8572162}\RP685\A0102611.vxd -> Trojan.QQPass.rr : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{20A6E07E-6D51-4732-A00C-C07FC8572162}\RP686\A0103580.vxd -> Trojan.QQPass.rr : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{20A6E07E-6D51-4732-A00C-C07FC8572162}\RP686\A0102654.exe -> Trojan.QQPass.ru : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{20A6E07E-6D51-4732-A00C-C07FC8572162}\RP683\A0099656.exe -> Trojan.QQPass.sn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{20A6E07E-6D51-4732-A00C-C07FC8572162}\RP683\A0099688.exe -> Trojan.QQPass.sn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{20A6E07E-6D51-4732-A00C-C07FC8572162}\RP684\A0100687.exe -> Trojan.QQPass.sn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{20A6E07E-6D51-4732-A00C-C07FC8572162}\RP684\A0101590.exe -> Trojan.QQPass.sn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{20A6E07E-6D51-4732-A00C-C07FC8572162}\RP686\A0102657.exe -> Trojan.QQPass.sn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{20A6E07E-6D51-4732-A00C-C07FC8572162}\RP697\A0106958.dll -> Trojan.QQRob.lg : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{20A6E07E-6D51-4732-A00C-C07FC8572162}\RP697\A0107968.dll -> Trojan.QQRob.lg : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{20A6E07E-6D51-4732-A00C-C07FC8572162}\RP697\A0108968.dll -> Trojan.QQRob.lg : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{20A6E07E-6D51-4732-A00C-C07FC8572162}\RP697\A0109963.dll -> Trojan.QQRob.lg : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{20A6E07E-6D51-4732-A00C-C07FC8572162}\RP698\A0110051.dll -> Trojan.QQRob.lg : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{20A6E07E-6D51-4732-A00C-C07FC8572162}\RP698\A0111052.dll -> Trojan.QQRob.lg : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{20A6E07E-6D51-4732-A00C-C07FC8572162}\RP698\A0113052.dll -> Trojan.QQRob.lg : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{20A6E07E-6D51-4732-A00C-C07FC8572162}\RP698\A0113175.dll -> Trojan.QQRob.lg : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{20A6E07E-6D51-4732-A00C-C07FC8572162}\RP698\A0114176.dll -> Trojan.QQRob.lg : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{20A6E07E-6D51-4732-A00C-C07FC8572162}\RP698\A0114208.dll -> Trojan.QQRob.lg : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{20A6E07E-6D51-4732-A00C-C07FC8572162}\RP698\A0115208.dll -> Trojan.QQRob.lg : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{20A6E07E-6D51-4732-A00C-C07FC8572162}\RP698\A0116215.dll -> Trojan.QQRob.lg : Cleaned with backup (quarantined).
C:\WINDOWS\system32\Rp11cs.dll -> Trojan.QQRob.lg : Cleaned with backup (quarantined).
C:\WINDOWS\system32\c.dll -> Trojan.Steal : Cleaned with backup (quarantined).


::Report end

Thank you for uploading at SpyKiller's. However, I'm afraid you uploaded the Killbox.exe application itself...

And I apologize for explainjng myself less than clearly. What I need you to upload is the new folder named "!Killbox" created in C:\ (so: C:\!Killbox).

If you did everything as I explained (copying those four files to the clipboard, etcetera), the 4 files now ought to be in that folder.

Please upload that folder. Sorry about that, and thanks a bunch for your cooperation!

TonyKlein,

Sorry, i know this sounds very stupid of me but how to attach the entire folder? Because when i go to choose a file for attachment and when i click the !Killbox folder, the only option i have is to open it. I tried pressing ctrl/shift to select all the files inside that folder but can't do so.

Also, i still can't seem to add soso.dll into killbox. I'm not sure why?

The open button is indeed a bit confusing; all that does is indeed ATTACH, not actually open the object you've highlighted.

Please give it another try; thanks!

This time you somehow uploaded a 0 byte !Killbox folder. I suggest we leave it at that. Thank you very much for the effort.

Jurgen, it's all yours!


Best regards,

Thanks Tony.

Can you post me a fresh hijackthis log xylene?

LOL i'm very sorry TonyKlein. But when i tried to click the entire Killbox folder and when i click the open button, it opened up the folder and i had to choose the items within the folder. it didn't add the entire folder into the attachment like you said. So i just typed in the location. I guess doing that doesn't work.

Logfile of HijackThis v1.99.1
Scan saved at 1:05:19 PM, on 1/16/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

R3 - URLSearchHook: (no name) - {F5993947-3A35-4C47-8901-E7FD39C5D386} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe,rundll32.exe C:\WINDOWS\system32\winsys16_070112.dll start
O2 - BHO: XBTP02083 - {336BA351-3E92-40d7-8227-53E9F88ED488} - C:\PROGRA~1\ENNEE÷÷11??~~1\soso.dll (file missing)
O2 - BHO: Info cache - {385AB8C6-FB22-4D17-8834-064E2BA0A6F0} - C:\Documents and Settings\All Users\Application Data\Microsoft\PCTools\pctools.dll
O2 - BHO: AppPalus Class - {4073BC3D-25C0-425E-BAA0-C3974145679C} - C:\WINDOWS\jdsthu2.dll
O2 - BHO: uhtu - {521D6F42-A27F-4402-8474-7EF6ADBC94FF} - C:\PROGRA~1\aqsa\eude.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: EμOAENE÷ - {6CFD436C-7AAD-4e50-992F-C0C87A94CAD2} - C:\Program Files\superutilbar\superutilbar.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {96FC3938-C6CA-475D-8D3B-45F323A6B62B} - (no file)
O2 - BHO: (no name) - {B432D70A-E457-4DBD-823F-B88095FADB54} - C:\WINDOWS\system32\cgpbgjksevvjn.dll (file missing)
O2 - BHO: baiduba Class - {CE7C3CF0-4B15-11D1-ABED-709549C18686} - C:\WINDOWS\baiduba\baiduba.dll
O2 - BHO: IEHlprObj Class - {DE7C3CF0-4B15-11D1-ABED-709549C10000} - C:\WINDOWS\POPNTS.DLL (file missing)
O2 - BHO: (no name) - {E5A7A15F-213F-4FCF-8DE7-D388F9FB09EB} - C:\WINDOWS\system32\cnwin.dll (file missing)
O2 - BHO: (no name) - {E9020D2E-DEC9-4EBE-B38D-E1E6AE13D13F} - C:\WINDOWS\system32\gpxmnbszgloxs.dll
O3 - Toolbar: EμOAENE÷1??sIo2.0 - {03465FF5-00AE-411a-9C34-960ED566EC03} - C:\Program Files\superutilbar\superutilbar.dll (file missing)
O3 - Toolbar: ·j¯A?u‥a? - {50E15C78-DC91-4ABE-A8DC-5261058BB7D8} - C:\Program Files\ENE÷1??sA﹐\soso.dll (file missing)
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [mhsystem] C:\DOCUME~1\Owner\LOCALS~1\Temp\mhsystem.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [sdafdsafds] D;]XJOEPXT]ufnq]te264/fyf
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [dfsf] RUNDLL32.EXE C:\WINDOWS\system\Mvvp.dll,DImmcv
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SvcManager] svhostz4.exe
O4 - HKLM\..\Run: [496j97vmv] rundll32.exe C:\WINDOWS\g63s84fhqr.dll _start@16
O4 - HKLM\..\Run: [e1vls4kdb] rundll32.exe C:\WINDOWS\eo695vc989.dll _start@16
O4 - HKLM\..\Run: [fe3tohgy] rundll32.exe C:\WINDOWS\fcnm0edm9ehy.dll _start@16
O4 - HKLM\..\Run: [11688989987.exe] C:\WINDOWS\system32\11688989987.exe Auto
O4 - HKLM\..\Run: [11689032897.exe] C:\WINDOWS\system32\11689032897.exe Auto
O4 - HKLM\..\Run: [11689072807.exe] C:\WINDOWS\system32\11689072807.exe Auto
O4 - HKLM\..\RunOnce: [CPushSetup] "C:\WINDOWS\system32\regsvr32.exe" /s "C:\Program Files\Common Files\CPUSH\cpush.dll"
O4 - HKLM\..\RunOnce: [zaxfen67] %systemroot%\system32\Rundll32.exe %systemroot%\system32\zaxfen67.dll,DllUnregisterServer
O4 - HKLM\..\RunOnce: [vbhdpl29] %systemroot%\system32\Rundll32.exe %systemroot%\system32\vbhdpl29.dll,DllUnregisterServer
O4 - HKLM\..\RunOnce: [uoaaeg83] %systemroot%\system32\Rundll32.exe %systemroot%\system32\uoaaeg83.dll,DllUnregisterServer
O4 - HKLM\..\RunOnce: [fwofmd41] %systemroot%\system32\Rundll32.exe %systemroot%\system32\fwofmd41.dll,DllUnregisterServer
O4 - HKLM\..\RunOnce: [bcarqa64] %systemroot%\system32\Rundll32.exe %systemroot%\system32\bcarqa64.dll,DllUnregisterServer
O4 - HKLM\..\RunOnce: [tfiem] %systemroot%\system32\Rundll32.exe %systemroot%\system32\tfiem.dll,DllUnregisterServer
O4 - HKLM\..\RunOnce: [uq_gbc] %systemroot%\system32\rundll32.exe %systemroot%\system32\uq_gbc.dll,Run
O4 - HKLM\..\RunOnce: [ee_pwy] %systemroot%\system32\rundll32.exe %systemroot%\system32\ee_pwy.dll,Run
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5
O4 - HKCU\..\Run: [sys001] C:\WINDOWS\rund1132.exe
O4 - HKCU\..\Run: [UUpdate] C:\Program Files\UUSee\UUpdate.exe
O4 - HKCU\..\Run: [updatereal] C:\WINDOWS\realupdate.exe other
O4 - HKCU\..\Run: [winsamps] C:\WINDOWS\winamps.exe
O4 - Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmasy\Tmasy.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Download by NetAnts - C:\PROGRA~1\NetAnts\NAGet.htm
O8 - Extra context menu item: Download &All by NetAnts - C:\PROGRA~1\NetAnts\NAGetAll.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: 訪問通用網址 - C:\Program Files\CNNIC\Cdn\cnnic.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: ·j¯A?u‥a? - {50E15C78-DC91-4ABE-A8DC-5261058BB7D8} - C:\Program Files\ENE÷1??sA﹐\soso.dll (file missing)
O9 - Extra 'Tools' menuitem: ·j¯A?u‥a? - {50E15C78-DC91-4ABE-A8DC-5261058BB7D8} - C:\Program Files\ENE÷1??sA﹐\soso.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab53083.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab53083.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab53083.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.photolab.ca/Upload/ImageUploader4.cab
O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} (ZPA_TexasHoldem Object) - http://zone.msn.com/bingame/zpagames/zpa_txhe.cab53083.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab53083.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/binframework/v10/StProxy.cab53852.cab
O16 - DPF: {E9A7F56F-C40F-4928-8C6F-7A72F2A25222} (AxRUploadControl Object) - http://www.imagestation.com/common/classes....cab?v=1,0,0,37
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Toolbar) - http://us.dl1.yimg.com/download.companion....bio5_3_16_0.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: ScCardLogn - C:\WINDOWS\ScNotify.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: WebSecurity - {3DD78ACF-0745-4532-94F8-A574457E1A81} - C:\WINDOWS\system32\PvSed.dll (file missing)
O21 - SSODL: SysChunk - {6C5DC6D8-C9AF-43E6-A412-6AA7C582E5C5} - C:\WINDOWS\system32\syschunk.dll
O23 - Service: 68899112 - Unknown owner - C:\WINDOWS\system32\68899112.EXE (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Eraser Service (EraserSvc10633) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: fan.eeewl.com - Unknown owner - C:\WINDOWS\system32\nsvce32.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: pl.eeewl.com - Unknown owner - C:\WINDOWS\system32\nsvce32.exe
O23 - Service: Server Advance (ServerAC) - Unknown owner - C:\WINDOWS\system32\Security.exe (file missing)
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

Is see that this file is still present so you could try to remove it with killbox and send it to Tony:

C:\WINDOWS\jdsthu2.dll

It would be very helpful of you if you try agin to send the file to Tony.

sure i can try to send the files to tony again. but can i upload them individually instead of the entire killbox folder? i still haven't mastered the whole attaching the entire folder thing....sorry for the inconvenience!!!

No just upload this file:

C:\WINDOWS\jdsthu2.dll

okay now my computer isn't even loading my desktop......not even in safemode...

HELPPPPPPPPPPPP PLEASE!!!!!!!!!

Thanks jurgenv for all your help so far but I've decided to format my computer. It's about time.

Thanks again~

Ok, but did you send the file to Tony?

yes i sent him the file a few days ago.

Ok then.