Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help. Numerous Trojans Ie. Trojan-spy.win32@mx


  • Please log in to reply
4 replies to this topic

#1 thehay

thehay

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:09 PM

Posted 18 October 2007 - 09:58 AM

To the Dearest staff here, i really really really need your help.
My computer has gone haywire.. and it seems to me it has contracted millions of trojans and viruses and i am just oh so overwhelmed.. i need to fix this soon so i can do my work.

i think these trojans got on my computer when a forum i was using was hacked and some iframe was put in that lead me to a trojan or virus at everypage i clicked. thats maybe why i have so many problems. BAH.

i started getting system alerts and warnings this afternoon and they wouldnt stop. ive been browsing around the internet for a while.. and ive followed some outside advice.. and some advice from here..

I ran Smitfraudfix.cmd and done option #2 cleanup.
this was the report
SmitFraudFix v2.240

Scan done at 18:55:20.46, Thu 18/10/2007
Run from C:\Documents and Settings\Chungy.KAMPINGHO\My Documents\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts


127.0.0.1	   localhost

»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files


»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{7056B17B-9879-47DE-B7A0-BB43BD549003}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{7056B17B-9879-47DE-B7A0-BB43BD549003}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{7056B17B-9879-47DE-B7A0-BB43BD549003}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
 
Registry Cleaning done. 
 
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End


it didnt work.. so i ran a HJT

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:44:18 PM, on 18/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\SiteAdvisor\6172\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\System\Inst.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\program files\Telstra\Signup\tbpt.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\McAfee\MSK\MskAgent.exe
C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\gdloxe.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Opera\Opera.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride =;localhost;<local>;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_2_0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O3 - Toolbar: (no name) - {74DD705D-6834-439C-A735-A6DBE2677452} - (no file)
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\nszgmfps.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [BuildBU] c:\dell\bldbubg.exe
O4 - HKLM\..\Run: [Inst] C:\WINDOWS\System\Inst.exe install
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Manager about enc bash] C:\Documents and Settings\All Users\Application Data\curbgrimmanagerabout\VC WAVE.exe
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [{F7D90BD2-14A9-11d3-AD9E-00AA0064EC94}] C:\program files\Telstra\Signup\tbpt.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Microsoft Update Machine] gdloxe.exe
O4 - HKLM\..\RunServices: [Microsoft Update Machine] gdloxe.exe
O4 - HKCU\..\Run: [NEWROAM] C:\DOCUME~1\CHUNGY~1.KAM\APPLIC~1\CHINSE~1\MixSlowPlan.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [Microsoft Update Machine] gdloxe.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AutorunsDisabled
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .htm: C:\Program Files\Netscape\Netscape Browser\PLUGINS\npTrident.dll
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://telstra.com
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://download.shockwave.com/pub/otoy/OTOYAX.cab
O16 - DPF: {7D731A83-6C80-4EA4-9646-5E06A0513274} (Sandlot Loader Control) - http://www.shockwave.com/content/snailmail/slgwebinstall.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = vic.bigpond.net.au
O17 - HKLM\System\CS1\Services\VxD\MSTCP: SearchList = vic.bigpond.net.au
O17 - HKLM\System\CCS\Services\VxD\MSTCP: SearchList = vic.bigpond.net.au
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = vic.bigpond.net.au
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\vcvsewhi.exe (file missing)
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: MpService - Canon Inc. - C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation  - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6172\SAService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
O24 - Desktop Component 2: (no name) - C:\Documents and Settings\Chungy.KAMPINGHO\My Documents\My Pictures\Famous ppl\TVXQ\tvxqcute106xg.jpg
O24 - Desktop Component 3: (no name) - C:\Documents and Settings\Chungy.KAMPINGHO\My Documents\My Pictures\Famous ppl\TVXQ\Xiah Jun Su\Xiah48.gif
O24 - Desktop Component 4: (no name) - C:\Documents and Settings\Chungy.KAMPINGHO\My Documents\My Pictures\Famous ppl\TVXQ\Uknow Yun Ho\U-Know3.gif

--
End of file - 13677 bytes

i have also cleaned out my temperorary internet files and cookies. and also my recycle bin.

i also download AVG Anti-Spyware 7.5. did a scan and quarantined the infecteed files..
heres the report

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

 + Created at:	12:12:03 AM 19/10/2007

 + Scan result:	



HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ScreensaversInstaller -> Adware.Generic : Cleaned with backup (quarantined).
:mozilla.12:C:\Documents and Settings\john.KAMPINGHO\Application Data\Netscape\NSB\Profiles\lmxmvz78.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.13:C:\Documents and Settings\john.KAMPINGHO\Application Data\Netscape\NSB\Profiles\lmxmvz78.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.140:C:\Documents and Settings\Chungy.KAMPINGHO\Application Data\Mozilla\Firefox\Profiles\vhdtwp4s.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.64:C:\Documents and Settings\john.KAMPINGHO\Application Data\Mozilla\Firefox\Profiles\xgdoe1bx.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.65:C:\Documents and Settings\john.KAMPINGHO\Application Data\Mozilla\Firefox\Profiles\xgdoe1bx.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.66:C:\Documents and Settings\john.KAMPINGHO\Application Data\Mozilla\Firefox\Profiles\xgdoe1bx.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.67:C:\Documents and Settings\john.KAMPINGHO\Application Data\Mozilla\Firefox\Profiles\xgdoe1bx.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
C:\RECYCLER\S-1-5-21-2965632426-2140513729-1326725172-1006\Dc11.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.130:C:\Documents and Settings\Chungy.KAMPINGHO\Application Data\Mozilla\Firefox\Profiles\vhdtwp4s.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
C:\Documents and Settings\Guest.KAMPINGHO\Cookies\guest@rotator.adjuggler[1].txt -> TrackingCookie.Adjuggler : Cleaned.
C:\RECYCLER\S-1-5-21-2965632426-2140513729-1326725172-1006\Dc225.txt -> TrackingCookie.Adjuggler : Cleaned.
C:\RECYCLER\S-1-5-21-2965632426-2140513729-1326725172-1006\Dc4.txt -> TrackingCookie.Adjuggler : Cleaned.
C:\Documents and Settings\john.KAMPINGHO\Cookies\john@www.adobe[1].txt -> TrackingCookie.Adobe : Cleaned.
C:\RECYCLER\S-1-5-21-2965632426-2140513729-1326725172-1006\Dc141.txt -> TrackingCookie.Adobe : Cleaned.
C:\RECYCLER\S-1-5-21-2965632426-2140513729-1326725172-1006\Dc159.txt -> TrackingCookie.Adserver : Cleaned.
C:\RECYCLER\S-1-5-21-2965632426-2140513729-1326725172-1006\Dc263.txt -> TrackingCookie.Adserver : Cleaned.
C:\RECYCLER\S-1-5-21-2965632426-2140513729-1326725172-1006\Dc392.txt -> TrackingCookie.Adserver : Cleaned.
:mozilla.10:C:\Documents and Settings\hokamping\Application Data\Netscape\NSB\Profiles\6n5p2tqj.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.11:C:\Documents and Settings\hokamping\Application Data\Netscape\NSB\Profiles\6n5p2tqj.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.12:C:\Documents and Settings\hokamping\Application Data\Netscape\NSB\Profiles\6n5p2tqj.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.8:C:\Documents and Settings\Chungy.KAMPINGHO\Application Data\Netscape\NSB\Profiles\bfo6z8xm.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.9:C:\Documents and Settings\Chungy.KAMPINGHO\Application Data\Netscape\NSB\Profiles\bfo6z8xm.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
C:\RECYCLER\S-1-5-21-2965632426-2140513729-1326725172-1006\Dc113.txt -> TrackingCookie.Advertising : Cleaned.
C:\RECYCLER\S-1-5-21-2965632426-2140513729-1326725172-1006\Dc173.txt -> TrackingCookie.Advertising : Cleaned.
C:\RECYCLER\S-1-5-21-2965632426-2140513729-1326725172-1006\Dc231.txt -> TrackingCookie.Advertising : Cleaned.
C:\RECYCLER\S-1-5-21-2965632426-2140513729-1326725172-1006\Dc26.txt -> TrackingCookie.Advertising : Cleaned.
C:\RECYCLER\S-1-5-21-2965632426-2140513729-1326725172-1006\Dc289.txt -> TrackingCookie.Advertising : Cleaned.
C:\RECYCLER\S-1-5-21-2965632426-2140513729-1326725172-1006\Dc358.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.15:C:\Documents and Settings\Guest.KAMPINGHO\Application Data\Mozilla\Firefox\Profiles\qx4ick17.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.16:C:\Documents and Settings\Bonita\Application Data\Mozilla\Firefox\Profiles\faocmurt.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
C:\RECYCLER\S-1-5-21-2965632426-2140513729-1326725172-1006\Dc176.txt -> TrackingCookie.Atdmt : Cleaned.
C:\RECYCLER\S-1-5-21-2965632426-2140513729-1326725172-1006\Dc297.txt -> TrackingCookie.Atdmt : Cleaned.
C:\RECYCLER\S-1-5-21-2965632426-2140513729-1326725172-1006\Dc33.txt -> TrackingCookie.Atdmt : Cleaned.
C:\RECYCLER\S-1-5-21-2965632426-2140513729-1326725172-1006\Dc400.txt -> TrackingCookie.Atdmt : Cleaned.
C:\RECYCLER\S-1-5-21-2965632426-2140513729-1326725172-1006\Dc41.txt -> TrackingCookie.Bluestreak : Cleaned.
:mozilla.55:C:\Documents and Settings\Chungy.KAMPINGHO\Application Data\Mozilla\Firefox\Profiles\vhdtwp4s.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.57:C:\Documents and Settings\Chungy.KAMPINGHO\Application Data\Mozilla\Firefox\Profiles\vhdtwp4s.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.93:C:\Documents and Settings\john.KAMPINGHO\Application Data\Mozilla\Firefox\Profiles\xgdoe1bx.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
C:\RECYCLER\S-1-5-21-2965632426-2140513729-1326725172-1006\Dc304.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.94:C:\Documents and Settings\john.KAMPINGHO\Application Data\Mozilla\Firefox\Profiles\xgdoe1bx.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\S-1-5-21-2965632426-2140513729-1326725172-1006\Dc182.txt -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\S-1-5-21-2965632426-2140513729-1326725172-1006\Dc307.txt -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\S-1-5-21-2965632426-2140513729-1326725172-1006\Dc45.txt -> TrackingCookie.Casalemedia : Cleaned.
C:\RECYCLER\S-1-5-21-2965632426-2140513729-1326725172-1006\Dc49.txt -> TrackingCookie.Clickbank : Cleaned.
:mozilla.100:C:\Documents and Settings\john.KAMPINGHO\Application Data\Mozilla\Firefox\Profiles\xgdoe1bx.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.139:C:\Documents and Settings\Chungy.KAMPINGHO\Application Data\Mozilla\Firefox\Profiles\vhdtwp4s.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.23:C:\Documents and Settings\hokamping\Application Data\Mozilla\Firefox\Profiles\3qg4pf76.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.99:C:\Documents and Settings\john.KAMPINGHO\Application Data\Mozilla\Firefox\Profiles\xgdoe1bx.default\cookies.txt -> TrackingCookie.Com : Cleaned.
C:\RECYCLER\S-1-5-21-2965632426-2140513729-1326725172-1006\Dc133.txt -> TrackingCookie.Coremetrics : Cleaned.
C:\RECYCLER\S-1-5-21-2965632426-2140513729-1326725172-1006\Dc185.txt -> TrackingCookie.Dealtime : Cleaned.
C:\RECYCLER\S-1-5-21-2965632426-2140513729-1326725172-1006\Dc238.txt -> TrackingCookie.Dealtime : Cleaned.
C:\RECYCLER\S-1-5-21-2965632426-2140513729-1326725172-1006\Dc187.txt -> TrackingCookie.Doubleclick : Cleaned.
C:\RECYCLER\S-1-5-21-2965632426-2140513729-1326725172-1006\Dc315.txt -> TrackingCookie.Doubleclick : Cleaned.
C:\RECYCLER\S-1-5-21-2965632426-2140513729-1326725172-1006\Dc404.txt -> TrackingCookie.Doubleclick : Cleaned.
C:\RECYCLER\S-1-5-21-2965632426-2140513729-1326725172-1006\Dc59.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.86:C:\Documents and Settings\john.KAMPINGHO\Application Data\Mozilla\Firefox\Profiles\xgdoe1bx.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
C:\RECYCLER\S-1-5-21-2965632426-2140513729-1326725172-1006\Dc175.txt -> TrackingCookie.Falkag : Cleaned.
C:\RECYCLER\S-1-5-21-2965632426-2140513729-1326725172-1006\Dc18.txt -> TrackingCookie.Falkag : Cleaned.
C:\RECYCLER\S-1-5-21-2965632426-2140513729-1326725172-1006\Dc295.txt -> TrackingCookie.Falkag : Cleaned.
C:\RECYCLER\S-1-5-21-2965632426-2140513729-1326725172-1006\Dc296.txt -> TrackingCookie.Falkag : Cleaned.
C:\RECYCLER\S-1-5-21-2965632426-2140513729-1326725172-1006\Dc32.txt -> TrackingCookie.Falkag : Cleaned.
C:\RECYCLER\S-1-5-21-2965632426-2140513729-1326725172-1006\Dc192.txt -> TrackingCookie.Fastclick : Cleaned.
C:\RECYCLER\S-1-5-21-2965632426-2140513729-1326725172-1006\Dc317.txt -> TrackingCookie.Fastclick : Cleaned.
C:\RECYCLER\S-1-5-21-2965632426-2140513729-1326725172-1006\Dc65.txt -> TrackingCookie.Fastclick : Cleaned.
C:\RECYCLER\S-1-5-21-2965632426-2140513729-1326725172-1006\Dc318.txt -> TrackingCookie.Fortunecity : Cleaned.
C:\RECYCLER\S-1-5-21-2965632426-2140513729-1326725172-1006\Dc198.txt -> TrackingCookie.Hitbox : Cleaned.
C:\RECYCLER\S-1-5-21-2965632426-2140513729-1326725172-1006\Dc219.txt -> TrackingCookie.Hitbox : Cleaned.
C:\RECYCLER\S-1-5-21-2965632426-2140513729-1326725172-1006\Dc324.txt -> TrackingCookie.Hitbox : Cleaned.
C:\RECYCLER\S-1-5-21-2965632426-2140513729-1326725172-1006\Dc346.txt -> TrackingCookie.Hitbox : Cleaned.
C:\RECYCLER\S-1-5-21-2965632426-2140513729-1326725172-1006\Dc50.txt -> TrackingCookie.Hitslink : Cleaned.
:mozilla.10:C:\Documents and Settings\john.KAMPINGHO\Application Data\Mozilla\Firefox\Profiles\xgdoe1bx.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.11:C:\Documents and Settings\john.KAMPINGHO\Application Data\Mozilla\Firefox\Profiles\xgdoe1bx.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.19:C:\Documents and Settings\Guest.KAMPINGHO\Application Data\Mozilla\Firefox\Profiles\qx4ick17.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.19:C:\Documents and Settings\hokamping\Application Data\Mozilla\Firefox\Profiles\3qg4pf76.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.20:C:\Documents and Settings\Guest.KAMPINGHO\Application Data\Mozilla\Firefox\Profiles\qx4ick17.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.20:C:\Documents and Settings\hokamping\Application Data\Mozilla\Firefox\Profiles\3qg4pf76.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.59:C:\Documents and Settings\Chungy.KAMPINGHO\Application Data\Mozilla\Firefox\Profiles\vhdtwp4s.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.60:C:\Documents and Settings\Chungy.KAMPINGHO\Application Data\Mozilla\Firefox\Profiles\vhdtwp4s.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.6:C:\Documents and Settings\Bonita\Application Data\Mozilla\Firefox\Profiles\faocmurt.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.7:C:\Documents and Settings\Bonita\Application Data\Mozilla\Firefox\Profiles\faocmurt.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.71:C:\Documents and Settings\Chungy.KAMPINGHO\Application Data\Mozilla\Firefox\Profiles\vhdtwp4s.default\cookies.txt -> TrackingCookie.Intelli-tracker : Cleaned.
C:\RECYCLER\S-1-5-21-2965632426-2140513729-1326725172-1006\Dc232.txt -> TrackingCookie.Liveperson : Cleaned.
C:\Documents and Settings\Guest.KAMPINGHO\Cookies\guest@lop[1].txt -> TrackingCookie.Lop : Cleaned.
C:\RECYCLER\S-1-5-21-2965632426-2140513729-1326725172-1006\Dc177.txt -> TrackingCookie.Lop : Cleaned.
C:\RECYCLER\S-1-5-21-2965632426-2140513729-1326725172-1006\Dc179.txt -> TrackingCookie.Lop : Cleaned.
C:\RECYCLER\S-1-5-21-2965632426-2140513729-1326725172-1006\Dc202.txt -> TrackingCookie.Lop : Cleaned.
C:\RECYCLER\S-1-5-21-2965632426-2140513729-1326725172-1006\Dc226.txt -> TrackingCookie.Lop : Cleaned.
C:\RECYCLER\S-1-5-21-2965632426-2140513729-1326725172-1006\Dc227.txt -> TrackingCookie.Lop : Cleaned.
C:\RECYCLER\S-1-5-21-2965632426-2140513729-1326725172-1006\Dc246.txt -> TrackingCookie.Lop : Cleaned.
C:\RECYCLER\S-1-5-21-2965632426-2140513729-1326725172-1006\Dc249.txt -> TrackingCookie.Lop : Cleaned.
C:\RECYCLER\S-1-5-21-2965632426-2140513729-1326725172-1006\Dc3.txt -> TrackingCookie.Lop : Cleaned.
C:\RECYCLER\S-1-5-21-2965632426-2140513729-1326725172-1006\Dc328.txt -> TrackingCookie.Lop : Cleaned.
C:\RECYCLER\S-1-5-21-2965632426-2140513729-1326725172-1006\Dc333.txt -> TrackingCookie.Lop : Cleaned.
C:\RECYCLER\S-1-5-21-2965632426-2140513729-1326725172-1006\Dc74.txt -> TrackingCookie.Lop : Cleaned.
C:\RECYCLER\S-1-5-21-2965632426-2140513729-1326725172-1006\Dc82.txt -> TrackingCookie.Lop : Cleaned.
C:\RECYCLER\S-1-5-21-2965632426-2140513729-1326725172-1006\Dc208.txt -> TrackingCookie.Mediaplex : Cleaned.
C:\RECYCLER\S-1-5-21-2965632426-2140513729-1326725172-1006\Dc336.txt -> TrackingCookie.Mediaplex : Cleaned.
C:\RECYCLER\S-1-5-21-2965632426-2140513729-1326725172-1006\Dc85.txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\Bonita\Cookies\bonita@ie.search.msn[1].txt -> TrackingCookie.Msn : Cleaned.
C:\Documents and Settings\Guest.KAMPINGHO\Cookies\guest@search.msn[1].txt -> TrackingCookie.Msn : Cleaned.
C:\RECYCLER\S-1-5-21-2965632426-2140513729-1326725172-1006\Dc229.txt -> TrackingCookie.Msn : Cleaned.
:mozilla.271:C:\Documents and Settings\john.KAMPINGHO\Application Data\Mozilla\Firefox\Profiles\xgdoe1bx.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.272:C:\Documents and Settings\john.KAMPINGHO\Application Data\Mozilla\Firefox\Profiles\xgdoe1bx.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.273:C:\Documents and Settings\john.KAMPINGHO\Application Data\Mozilla\Firefox\Profiles\xgdoe1bx.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
C:\RECYCLER\S-1-5-21-2965632426-2140513729-1326725172-1006\Dc121.txt -> TrackingCookie.Onestat : Cleaned.
C:\RECYCLER\S-1-5-21-2965632426-2140513729-1326725172-1006\Dc100.txt -> TrackingCookie.Overture : Cleaned.
C:\RECYCLER\S-1-5-21-2965632426-2140513729-1326725172-1006\Dc218.txt -> TrackingCookie.Overture : Cleaned.
C:\RECYCLER\S-1-5-21-2965632426-2140513729-1326725172-1006\Dc342.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.22:C:\Documents and Settings\Chungy.KAMPINGHO\Application Data\Mozilla\Firefox\Profiles\vhdtwp4s.default\cookies.txt -> TrackingCookie.Paypal : Cleaned.
:mozilla.317:C:\Documents and Settings\john.KAMPINGHO\Application Data\Mozilla\Firefox\Profiles\xgdoe1bx.default\cookies.txt -> TrackingCookie.Paypal : Cleaned.
C:\RECYCLER\S-1-5-21-2965632426-2140513729-1326725172-1006\Dc170.txt -> TrackingCookie.Pointroll : Cleaned.
C:\RECYCLER\S-1-5-21-2965632426-2140513729-1326725172-1006\Dc102.txt -> TrackingCookie.Qksrv : Cleaned.
C:\RECYCLER\S-1-5-21-2965632426-2140513729-1326725172-1006\Dc220.txt -> TrackingCookie.Qksrv : Cleaned.
C:\RECYCLER\S-1-5-21-2965632426-2140513729-1326725172-1006\Dc349.txt -> TrackingCookie.Qksrv : Cleaned.
:mozilla.171:C:\Documents and Settings\john.KAMPINGHO\Application Data\Mozilla\Firefox\Profiles\xgdoe1bx.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
C:\RECYCLER\S-1-5-21-2965632426-2140513729-1326725172-1006\Dc103.txt -> TrackingCookie.Questionmarket : Cleaned.
C:\RECYCLER\S-1-5-21-2965632426-2140513729-1326725172-1006\Dc221.txt -> TrackingCookie.Questionmarket : Cleaned.
C:\RECYCLER\S-1-5-21-2965632426-2140513729-1326725172-1006\Dc350.txt -> TrackingCookie.Questionmarket : Cleaned.
C:\RECYCLER\S-1-5-21-2965632426-2140513729-1326725172-1006\Dc222.txt -> TrackingCookie.Real : Cleaned.
C:\RECYCLER\S-1-5-21-2965632426-2140513729-1326725172-1006\Dc223.txt -> TrackingCookie.Real : Cleaned.
C:\RECYCLER\S-1-5-21-2965632426-2140513729-1326725172-1006\Dc351.txt -> TrackingCookie.Realmedia : Cleaned.
C:\Documents and Settings\Guest.KAMPINGHO\Cookies\guest@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Cleaned.
C:\RECYCLER\S-1-5-21-2965632426-2140513729-1326725172-1006\Dc124.txt -> TrackingCookie.Reliablestats : Cleaned.
C:\RECYCLER\S-1-5-21-2965632426-2140513729-1326725172-1006\Dc364.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.179:C:\Documents and Settings\john.KAMPINGHO\Application Data\Mozilla\Firefox\Profiles\xgdoe1bx.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.35:C:\Documents and Settings\hokamping\Application Data\Mozilla\Firefox\Profiles\3qg4pf76.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.
C:\RECYCLER\S-1-5-21-2965632426-2140513729-1326725172-1006\Dc105.txt -> TrackingCookie.Revenue : Cleaned.
C:\RECYCLER\S-1-5-21-2965632426-2140513729-1326725172-1006\Dc224.txt -> TrackingCookie.Revenue : Cleaned.
C:\RECYCLER\S-1-5-21-2965632426-2140513729-1326725172-1006\Dc352.txt -> TrackingCookie.Revenue : Cleaned.
C:\RECYCLER\S-1-5-21-2965632426-2140513729-1326725172-1006\Dc5.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.180:C:\Documents and Settings\john.KAMPINGHO\Application Data\Mozilla\Firefox\Profiles\xgdoe1bx.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.181:C:\Documents and Settings\john.KAMPINGHO\Application Data\Mozilla\Firefox\Profiles\xgdoe1bx.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.25:C:\Documents and Settings\hokamping\Application Data\Mozilla\Firefox\Profiles\3qg4pf76.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.26:C:\Documents and Settings\hokamping\Application Data\Mozilla\Firefox\Profiles\3qg4pf76.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.106:C:\Documents and Settings\john.KAMPINGHO\Application Data\Mozilla\Firefox\Profiles\xgdoe1bx.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
C:\RECYCLER\S-1-5-21-2965632426-2140513729-1326725172-1006\Dc62.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.39:C:\Documents and Settings\Chungy.KAMPINGHO\Application Data\Mozilla\Firefox\Profiles\vhdtwp4s.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.40:C:\Documents and Settings\Chungy.KAMPINGHO\Application Data\Mozilla\Firefox\Profiles\vhdtwp4s.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.41:C:\Documents and Settings\Chungy.KAMPINGHO\Application Data\Mozilla\Firefox\Profiles\vhdtwp4s.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.42:C:\Documents and Settings\Chungy.KAMPINGHO\Application Data\Mozilla\Firefox\Profiles\vhdtwp4s.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
C:\RECYCLER\S-1-5-21-2965632426-2140513729-1326725172-1006\Dc115.txt -> TrackingCookie.Serving-sys : Cleaned.
C:\RECYCLER\S-1-5-21-2965632426-2140513729-1326725172-1006\Dc180.txt -> TrackingCookie.Serving-sys : Cleaned.
C:\RECYCLER\S-1-5-21-2965632426-2140513729-1326725172-1006\Dc234.txt -> TrackingCookie.Serving-sys : Cleaned.
C:\RECYCLER\S-1-5-21-2965632426-2140513729-1326725172-1006\Dc303.txt -> TrackingCookie.Serving-sys : Cleaned.
C:\RECYCLER\S-1-5-21-2965632426-2140513729-1326725172-1006\Dc359.txt -> TrackingCookie.Serving-sys : Cleaned.
C:\RECYCLER\S-1-5-21-2965632426-2140513729-1326725172-1006\Dc401.txt -> TrackingCookie.Serving-sys : Cleaned.
C:\RECYCLER\S-1-5-21-2965632426-2140513729-1326725172-1006\Dc413.txt -> TrackingCookie.Serving-sys : Cleaned.
C:\RECYCLER\S-1-5-21-2965632426-2140513729-1326725172-1006\Dc43.txt -> TrackingCookie.Serving-sys : Cleaned.
C:\RECYCLER\S-1-5-21-2965632426-2140513729-1326725172-1006\Dc120.txt -> TrackingCookie.Spylog : Cleaned.
:mozilla.17:C:\Documents and Settings\john.KAMPINGHO\Application Data\Netscape\NSB\Profiles\lmxmvz78.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.201:C:\Documents and Settings\john.KAMPINGHO\Application Data\Mozilla\Firefox\Profiles\xgdoe1bx.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.202:C:\Documents and Settings\john.KAMPINGHO\Application Data\Mozilla\Firefox\Profiles\xgdoe1bx.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.203:C:\Documents and Settings\john.KAMPINGHO\Application Data\Mozilla\Firefox\Profiles\xgdoe1bx.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.204:C:\Documents and Settings\john.KAMPINGHO\Application Data\Mozilla\Firefox\Profiles\xgdoe1bx.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.45:C:\Documents and Settings\Chungy.KAMPINGHO\Application Data\Mozilla\Firefox\Profiles\vhdtwp4s.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.48:C:\Documents and Settings\Chungy.KAMPINGHO\Application Data\Mozilla\Firefox\Profiles\vhdtwp4s.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.49:C:\Documents and Settings\Chungy.KAMPINGHO\Application Data\Mozilla\Firefox\Profiles\vhdtwp4s.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.50:C:\Documents and Settings\Chungy.KAMPINGHO\Application Data\Mozilla\Firefox\Profiles\vhdtwp4s.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.51:C:\Documents and Settings\Chungy.KAMPINGHO\Application Data\Mozilla\Firefox\Profiles\vhdtwp4s.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
C:\RECYCLER\S-1-5-21-2965632426-2140513729-1326725172-1006\Dc122.txt -> TrackingCookie.Statcounter : Cleaned.
C:\RECYCLER\S-1-5-21-2965632426-2140513729-1326725172-1006\Dc239.txt -> TrackingCookie.Statcounter : Cleaned.
C:\RECYCLER\S-1-5-21-2965632426-2140513729-1326725172-1006\Dc363.txt -> TrackingCookie.Statcounter : Cleaned.
C:\RECYCLER\S-1-5-21-2965632426-2140513729-1326725172-1006\Dc243.txt -> TrackingCookie.Tradedoubler : Cleaned.
C:\RECYCLER\S-1-5-21-2965632426-2140513729-1326725172-1006\Dc131.txt -> TrackingCookie.Trafficmp : Cleaned.
C:\RECYCLER\S-1-5-21-2965632426-2140513729-1326725172-1006\Dc368.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.211:C:\Documents and Settings\john.KAMPINGHO\Application Data\Mozilla\Firefox\Profiles\xgdoe1bx.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\RECYCLER\S-1-5-21-2965632426-2140513729-1326725172-1006\Dc132.txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\RECYCLER\S-1-5-21-2965632426-2140513729-1326725172-1006\Dc369.txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\RECYCLER\S-1-5-21-2965632426-2140513729-1326725172-1006\Dc136.txt -> TrackingCookie.Valueclick : Cleaned.
C:\RECYCLER\S-1-5-21-2965632426-2140513729-1326725172-1006\Dc137.txt -> TrackingCookie.Valueclick : Cleaned.
C:\RECYCLER\S-1-5-21-2965632426-2140513729-1326725172-1006\Dc248.txt -> TrackingCookie.Valueclick : Cleaned.
C:\RECYCLER\S-1-5-21-2965632426-2140513729-1326725172-1006\Dc371.txt -> TrackingCookie.Valueclick : Cleaned.
C:\Documents and Settings\Bonita\Cookies\bonita@m.webtrends[2].txt -> TrackingCookie.Webtrends : Cleaned.
C:\Documents and Settings\john.KAMPINGHO\Cookies\john@m.webtrends[2].txt -> TrackingCookie.Webtrends : Cleaned.
C:\RECYCLER\S-1-5-21-2965632426-2140513729-1326725172-1006\Dc125.txt -> TrackingCookie.Webtrendslive : Cleaned.
C:\RECYCLER\S-1-5-21-2965632426-2140513729-1326725172-1006\Dc365.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.225:C:\Documents and Settings\john.KAMPINGHO\Application Data\Mozilla\Firefox\Profiles\xgdoe1bx.default\cookies.txt -> TrackingCookie.Yadro : Cleaned.
:mozilla.56:C:\Documents and Settings\Chungy.KAMPINGHO\Application Data\Mozilla\Firefox\Profiles\vhdtwp4s.default\cookies.txt -> TrackingCookie.Yadro : Cleaned.
:mozilla.236:C:\Documents and Settings\john.KAMPINGHO\Application Data\Mozilla\Firefox\Profiles\xgdoe1bx.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.237:C:\Documents and Settings\john.KAMPINGHO\Application Data\Mozilla\Firefox\Profiles\xgdoe1bx.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.238:C:\Documents and Settings\john.KAMPINGHO\Application Data\Mozilla\Firefox\Profiles\xgdoe1bx.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.239:C:\Documents and Settings\john.KAMPINGHO\Application Data\Mozilla\Firefox\Profiles\xgdoe1bx.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.240:C:\Documents and Settings\john.KAMPINGHO\Application Data\Mozilla\Firefox\Profiles\xgdoe1bx.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.27:C:\Documents and Settings\hokamping\Application Data\Mozilla\Firefox\Profiles\3qg4pf76.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.28:C:\Documents and Settings\hokamping\Application Data\Mozilla\Firefox\Profiles\3qg4pf76.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.29:C:\Documents and Settings\hokamping\Application Data\Mozilla\Firefox\Profiles\3qg4pf76.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.30:C:\Documents and Settings\hokamping\Application Data\Mozilla\Firefox\Profiles\3qg4pf76.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\RECYCLER\S-1-5-21-2965632426-2140513729-1326725172-1006\Dc169.txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\RECYCLER\S-1-5-21-2965632426-2140513729-1326725172-1006\Dc21.txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\RECYCLER\S-1-5-21-2965632426-2140513729-1326725172-1006\Dc285.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.231:C:\Documents and Settings\john.KAMPINGHO\Application Data\Mozilla\Firefox\Profiles\xgdoe1bx.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.232:C:\Documents and Settings\john.KAMPINGHO\Application Data\Mozilla\Firefox\Profiles\xgdoe1bx.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
C:\RECYCLER\S-1-5-21-2965632426-2140513729-1326725172-1006\Dc305.txt -> TrackingCookie.Zedo : Cleaned.
C:\RECYCLER\S-1-5-21-2965632426-2140513729-1326725172-1006\Dc394.txt -> TrackingCookie.Zedo : Cleaned.


::Report end

but. im still getting security alerts and popups.

so i ran another HJT log..

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:32:30 AM, on 19/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\SiteAdvisor\6172\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\System\Inst.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Apoint\Apntex.exe
C:\program files\Telstra\Signup\tbpt.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\McAfee\MSK\MskAgent.exe
C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\gdloxe.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride =;localhost;<local>;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_2_0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O3 - Toolbar: (no name) - {74DD705D-6834-439C-A735-A6DBE2677452} - (no file)
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\nszgmfps.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [BuildBU] c:\dell\bldbubg.exe
O4 - HKLM\..\Run: [Inst] C:\WINDOWS\System\Inst.exe install
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Manager about enc bash] C:\Documents and Settings\All Users\Application Data\curbgrimmanagerabout\VC WAVE.exe
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [{F7D90BD2-14A9-11d3-AD9E-00AA0064EC94}] C:\program files\Telstra\Signup\tbpt.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Microsoft Update Machine] gdloxe.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\RunServices: [Microsoft Update Machine] gdloxe.exe
O4 - HKCU\..\Run: [NEWROAM] C:\DOCUME~1\CHUNGY~1.KAM\APPLIC~1\CHINSE~1\MixSlowPlan.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [Microsoft Update Machine] gdloxe.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AutorunsDisabled
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .htm: C:\Program Files\Netscape\Netscape Browser\PLUGINS\npTrident.dll
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://telstra.com
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://download.shockwave.com/pub/otoy/OTOYAX.cab
O16 - DPF: {7D731A83-6C80-4EA4-9646-5E06A0513274} (Sandlot Loader Control) - http://www.shockwave.com/content/snailmail/slgwebinstall.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = vic.bigpond.net.au
O17 - HKLM\System\CS1\Services\VxD\MSTCP: SearchList = vic.bigpond.net.au
O17 - HKLM\System\CCS\Services\VxD\MSTCP: SearchList = vic.bigpond.net.au
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = vic.bigpond.net.au
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\vcvsewhi.exe (file missing)
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: MpService - Canon Inc. - C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation  - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6172\SAService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
O24 - Desktop Component 2: (no name) - C:\Documents and Settings\Chungy.KAMPINGHO\My Documents\My Pictures\Famous ppl\TVXQ\tvxqcute106xg.jpg
O24 - Desktop Component 3: (no name) - C:\Documents and Settings\Chungy.KAMPINGHO\My Documents\My Pictures\Famous ppl\TVXQ\Xiah Jun Su\Xiah48.gif
O24 - Desktop Component 4: (no name) - C:\Documents and Settings\Chungy.KAMPINGHO\My Documents\My Pictures\Famous ppl\TVXQ\Uknow Yun Ho\U-Know3.gif

--
End of file - 13995 bytes


BC AdBot (Login to Remove)

 


m

#2 thehay

thehay
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:09 PM

Posted 18 October 2007 - 11:26 AM

i also scanned using ComboFix.. heres the report

ComboFix 07-10-18.6 - Chungy 2007-10-19  1:27:50.1 - NTFSx86 
Microsoft Windows XP Home Edition  5.1.2600.2.1252.1.1033.18.164 [GMT 10:00]
Running from: C:\Documents and Settings\Chungy.KAMPINGHO\My Documents\ComboFix.exe
 * Created a new restore point
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\check_LSA7.txt
C:\Documents and Settings\Chungy.KAMPINGHO\Application Data\searchtoolbarcorp
C:\Documents and Settings\Chungy.KAMPINGHO\Application Data\searchtoolbarcorp\Toolbar Vision\PageHistory.txt
C:\Documents and Settings\Chungy.KAMPINGHO\Application Data\searchtoolbarcorp\Toolbar Vision\WebHistory.txt
C:\Program Files\Hammer.dll
C:\Program Files\vsadd-in
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\emytgaik.dll
C:\WINDOWS\SYSTEM32\hjkmp.bak1
C:\WINDOWS\SYSTEM32\hjkmp.bak1
C:\WINDOWS\SYSTEM32\hjkmp.bak2
C:\WINDOWS\SYSTEM32\hjkmp.bak2
C:\WINDOWS\SYSTEM32\hjkmp.ini
C:\WINDOWS\SYSTEM32\hjkmp.ini
C:\WINDOWS\system32\jkhhf.dll
C:\WINDOWS\system32\jswdpmmj.dll
C:\WINDOWS\SYSTEM32\llnmp.bak1
C:\WINDOWS\SYSTEM32\llnmp.bak1
C:\WINDOWS\SYSTEM32\llnmp.bak2
C:\WINDOWS\SYSTEM32\llnmp.bak2
C:\WINDOWS\system32\llnmp.ini
C:\WINDOWS\SYSTEM32\llnmp.ini
C:\WINDOWS\SYSTEM32\llnmp.ini
C:\WINDOWS\system32\mypgqipa.dll
C:\WINDOWS\SYSTEM32\orutv.bak1
C:\WINDOWS\SYSTEM32\orutv.ini
C:\WINDOWS\system32\pmkjh.dll
C:\WINDOWS\system32\pmnll.dll
C:\WINDOWS\system32\qceftchw.dll
C:\WINDOWS\SYSTEM32\qttss.bak1
C:\WINDOWS\SYSTEM32\qttss.bak1
C:\WINDOWS\SYSTEM32\qttss.bak2
C:\WINDOWS\SYSTEM32\qttss.bak2
C:\WINDOWS\SYSTEM32\qttss.ini
C:\WINDOWS\SYSTEM32\qttss.ini
C:\WINDOWS\system32\qtxqwjfo.dll
C:\WINDOWS\system32\ssttq.dll
C:\WINDOWS\system32\urqopmn.dll
C:\WINDOWS\system32\urqopmn.dll

.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_DOMAINSERVICE
-------\DomainService


(((((((((((((((((((((((((   Files Created from 2007-09-18 to 2007-10-18  )))))))))))))))))))))))))))))))
.

2007-10-18 20:52	<DIR>	d--------	C:\Documents and Settings\Chungy.KAMPINGHO\Application Data\Grisoft
2007-10-18 20:51	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\Grisoft
2007-10-18 19:42	<DIR>	d--------	C:\Program Files\Trend Micro
2007-10-18 19:41	<DIR>	d--------	C:\HJT

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-18 16:00	---------	d-----w	C:\Program Files\Microsoft AntiSpyware
2007-10-18 15:03	6,632	----a-w	C:\WINDOWS\SYSTEM32\tmp.reg
2007-10-18 09:05	---------	d-----w	C:\Program Files\McAfee
2007-10-18 07:46	389,184	----a-w	C:\WINDOWS\SYSTEM32\sxdtdvmk.exe
2007-10-18 07:46	339,968	----a-w	C:\WINDOWS\SYSTEM32\nszgmfps.dll
2007-10-08 14:00	---------	d-----w	C:\Documents and Settings\LocalService\Application Data\SiteAdvisor
2007-10-03 23:37	---------	d-----w	C:\Documents and Settings\hokamping\Application Data\AdobeUM
2007-09-29 16:51	---------	d-----w	C:\Documents and Settings\Chungy.KAMPINGHO\Application Data\Azureus
2007-09-26 05:46	---------	d-----w	C:\Program Files\Azureus
2007-09-12 06:45	---------	d-----w	C:\Documents and Settings\All Users\Application Data\FLEXnet
2007-09-12 01:39	---------	d-----w	C:\Program Files\Common Files\Adobe
2007-09-12 01:39	---------	d-----w	C:\Program Files\Bonjour
2007-09-12 01:06	---------	d-----w	C:\Program Files\Common Files\Macrovision Shared
2007-09-11 22:55	---------	d--h--w	C:\Program Files\InstallShield Installation Information
2007-09-07 04:50	---------	d-----w	C:\Program Files\SiteAdvisor
2007-09-07 02:49	---------	d-----w	C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2007-08-30 08:00	---------	d-----w	C:\Documents and Settings\Chungy.KAMPINGHO\Application Data\U3
2007-08-24 06:04	---------	d-----w	C:\Program Files\Minilyrics
2007-08-21 06:15	683,520	----a-w	C:\WINDOWS\SYSTEM32\inetcomm.dll
2007-08-21 06:15	683,520	----a-w	C:\WINDOWS\SYSTEM32\DLLCACHE\inetcomm.dll
2007-08-20 10:04	824,832	----a-w	C:\WINDOWS\SYSTEM32\DLLCACHE\wininet.dll
2007-08-20 10:04	671,232	----a-w	C:\WINDOWS\SYSTEM32\DLLCACHE\mstime.dll
2007-08-20 10:04	63,488	------w	C:\WINDOWS\SYSTEM32\DLLCACHE\icardie.dll
2007-08-20 10:04	6,058,496	------w	C:\WINDOWS\SYSTEM32\DLLCACHE\ieframe.dll
2007-08-20 10:04	52,224	------w	C:\WINDOWS\SYSTEM32\DLLCACHE\msfeedsbs.dll
2007-08-20 10:04	477,696	----a-w	C:\WINDOWS\SYSTEM32\DLLCACHE\mshtmled.dll
2007-08-20 10:04	459,264	------w	C:\WINDOWS\SYSTEM32\DLLCACHE\msfeeds.dll
2007-08-20 10:04	44,544	----a-w	C:\WINDOWS\SYSTEM32\DLLCACHE\iernonce.dll
2007-08-20 10:04	384,512	------w	C:\WINDOWS\SYSTEM32\DLLCACHE\iedkcs32.dll
2007-08-20 10:04	383,488	------w	C:\WINDOWS\SYSTEM32\DLLCACHE\ieapfltr.dll
2007-08-20 10:04	3,584,512	----a-w	C:\WINDOWS\SYSTEM32\DLLCACHE\mshtml.dll
2007-08-20 10:04	27,648	----a-w	C:\WINDOWS\SYSTEM32\DLLCACHE\jsproxy.dll
2007-08-20 10:04	267,776	------w	C:\WINDOWS\SYSTEM32\DLLCACHE\iertutil.dll
2007-08-20 10:04	232,960	------w	C:\WINDOWS\SYSTEM32\DLLCACHE\webcheck.dll
2007-08-20 10:04	230,400	----a-w	C:\WINDOWS\SYSTEM32\DLLCACHE\ieaksie.dll
2007-08-20 10:04	214,528	----a-w	C:\WINDOWS\SYSTEM32\DLLCACHE\dxtrans.dll
2007-08-20 10:04	193,024	----a-w	C:\WINDOWS\SYSTEM32\DLLCACHE\msrating.dll
2007-08-20 10:04	153,088	----a-w	C:\WINDOWS\SYSTEM32\DLLCACHE\ieakeng.dll
2007-08-20 10:04	132,608	----a-w	C:\WINDOWS\SYSTEM32\DLLCACHE\extmgr.dll
2007-08-20 10:04	124,928	------w	C:\WINDOWS\SYSTEM32\DLLCACHE\advpack.dll
2007-08-20 10:04	105,984	------w	C:\WINDOWS\SYSTEM32\DLLCACHE\url.dll
2007-08-20 10:04	102,400	------w	C:\WINDOWS\SYSTEM32\DLLCACHE\occache.dll
2007-08-20 10:04	1,152,000	----a-w	C:\WINDOWS\SYSTEM32\DLLCACHE\urlmon.dll
2007-08-17 10:21	625,152	------w	C:\WINDOWS\SYSTEM32\DLLCACHE\iexplore.exe
2007-08-17 10:20	63,488	------w	C:\WINDOWS\SYSTEM32\DLLCACHE\ie4uinit.exe
2007-08-17 10:20	13,824	------w	C:\WINDOWS\SYSTEM32\DLLCACHE\ieudinit.exe
2007-08-17 07:34	161,792	----a-w	C:\WINDOWS\SYSTEM32\DLLCACHE\ieakui.dll
2007-07-30 09:19	92,504	----a-w	C:\WINDOWS\SYSTEM32\DLLCACHE\cdm.dll
2007-07-30 09:19	92,504	----a-w	C:\WINDOWS\SYSTEM32\cdm.dll
2007-07-30 09:19	549,720	----a-w	C:\WINDOWS\SYSTEM32\wuapi.dll
2007-07-30 09:19	549,720	----a-w	C:\WINDOWS\SYSTEM32\DLLCACHE\wuapi.dll
2007-07-30 09:19	53,080	----a-w	C:\WINDOWS\SYSTEM32\wuauclt.exe
2007-07-30 09:19	53,080	----a-w	C:\WINDOWS\SYSTEM32\DLLCACHE\wuauclt.exe
2007-07-30 09:19	43,352	----a-w	C:\WINDOWS\SYSTEM32\wups2.dll
2007-07-30 09:19	325,976	----a-w	C:\WINDOWS\SYSTEM32\wucltui.dll
2007-07-30 09:19	325,976	----a-w	C:\WINDOWS\SYSTEM32\DLLCACHE\wucltui.dll
2007-07-30 09:19	203,096	----a-w	C:\WINDOWS\SYSTEM32\wuweb.dll
2007-07-30 09:19	203,096	----a-w	C:\WINDOWS\SYSTEM32\DLLCACHE\wuweb.dll
2007-07-30 09:19	1,712,984	----a-w	C:\WINDOWS\SYSTEM32\wuaueng.dll
2007-07-30 09:19	1,712,984	----a-w	C:\WINDOWS\SYSTEM32\DLLCACHE\wuaueng.dll
2007-07-30 09:18	33,624	----a-w	C:\WINDOWS\SYSTEM32\wups.dll
2007-07-30 09:18	33,624	----a-w	C:\WINDOWS\SYSTEM32\DLLCACHE\wups.dll
2006-09-18 11:04	64,544	-c--a-w	C:\Documents and Settings\hokamping\ipsbkp.dat
2006-05-03 10:06:54	163,328	--sha-r	C:\WINDOWS\SYSTEM32\flvDX.dll
2007-06-13 10:23:07	1,356,373	--sha-r	C:\WINDOWS\SYSTEM32\gdloxe.exe
2007-03-11 05:23:25	444,314	-csha-w	C:\WINDOWS\SYSTEM32\nqtss.bak1
2007-03-15 06:03:11	474,260	-csha-w	C:\WINDOWS\SYSTEM32\nqtss.bak2
2007-03-15 06:10:23	468,142	-csha-w	C:\WINDOWS\SYSTEM32\nqtss.ini2
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{171D64B4-A722-00F3-072D-294ECA6D5575}]
			C:\DOCUME~1\CHUNGY~1.KAM\APPLIC~1\HIDEOB~1\BALLBAGS.exe

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1E50D204-ABB5-4ED8-A4CA-64D29A0D5130}]
			C:\WINDOWS\system32\sstqn.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]
2007-10-18 17:46	339968	--a------	C:\WINDOWS\system32\nszgmfps.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C47A9554-195A-4769-9B13-04F15B450A39}]
			C:\WINDOWS\system32\byxwvwx.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{11A69AE4-FBED-4832-A2BF-45AF82825583}"= C:\WINDOWS\system32\nszgmfps.dll [2007-10-18 17:46 339968]

[HKEY_CLASSES_ROOT\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{11A69AE4-FBED-4832-A2BF-45AF82825583}"= C:\WINDOWS\system32\nszgmfps.dll [2007-10-18 17:46 339968]

[HKEY_CLASSES_ROOT\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-10-08 17:31]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-10-08 17:27]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2004-09-13 13:33]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe" [2005-03-04 03:36]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 16:59]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2005-02-07 10:43]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 03:01]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2004-09-15 03:01]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-06 03:05]
"BuildBU"="c:\dell\bldbubg.exe" [2004-02-19 10:23]
"Inst"="C:\WINDOWS\System\Inst.exe" [2002-04-02 17:42]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-05-11 22:10]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 07:00]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 07:00]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 07:00]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 07:00]
"Manager about enc bash"="C:\Documents and Settings\All Users\Application Data\curbgrimmanagerabout\VC WAVE.exe" [2005-10-20 18:12]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\Program Files\Google\Gmail Notifier\gnotify.exe" [2005-07-16 07:48]
"gcasServ"="C:\Program Files\Microsoft AntiSpyware\gcasServ.exe" [2005-11-15 11:12]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46]
"{F7D90BD2-14A9-11d3-AD9E-00AA0064EC94}"="C:\program files\Telstra\Signup\tbpt.exe" [2002-12-09 21:30]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 23:12]
"MskAgentexe"="C:\Program Files\McAfee\MSK\MskAgent.exe" [2007-01-17 16:30]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6172\SiteAdv.exe" [2007-02-09 14:37]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-06-28 09:14]
"Microsoft Update Machine"="gdloxe.exe" [2007-06-13 20:23 C:\WINDOWS\SYSTEM32\gdloxe.exe]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 19:25]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NEWROAM"="C:\DOCUME~1\CHUNGY~1.KAM\APPLIC~1\CHINSE~1\MixSlowPlan.exe" []
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-03-21 18:40]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:00]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-05 19:04]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45]
"Microsoft Update Machine"="gdloxe.exe" [2007-06-13 20:23 C:\WINDOWS\SYSTEM32\gdloxe.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"Microsoft Update Machine"=gdloxe.exe

C:\Documents and Settings\Bonita\Start Menu\Programs\Startup\
WkCalRem.LNK - C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe [2002-06-19 21:21:32]

C:\Documents and Settings\john.KAMPINGHO\Start Menu\Programs\Startup\
Rainlendar.lnk - C:\Program Files\Rainlendar\Rainlendar.exe [2006-01-21 22:31:46]
Stardock ObjectDock.lnk - C:\Program Files\Stardock\ObjectDock\ObjectDock.exe [2006-12-25 20:27:41]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 16:05:26]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2005-04-14 23:42:14]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 23:23:26]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-03-21 18:40:57]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2005-05-11 18:21:06]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\policies\Microsoft\Windows\System\Shutdown]
"HibernateAsDefault"=1 (0x1)
"ShowHibernateButton"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\2]
Source= C:\Documents and Settings\Chungy.KAMPINGHO\My Documents\My Pictures\Famous ppl\TVXQ\tvxqcute106xg.jpg
FriendlyName= 

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\3]
Source= C:\Documents and Settings\Chungy.KAMPINGHO\My Documents\My Pictures\Famous ppl\TVXQ\Xiah Jun Su\Xiah48.gif
FriendlyName= 

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\4]
Source= C:\Documents and Settings\Chungy.KAMPINGHO\My Documents\My Pictures\Famous ppl\TVXQ\Uknow Yun Ho\U-Know3.gif
FriendlyName= 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{C47A9554-195A-4769-9B13-04F15B450A39}"= C:\WINDOWS\system32\byxwvwx.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless] 
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 2004-09-07 18:08 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nszgmfps] 
nszgmfps.dll 2007-10-18 17:46 339968 C:\WINDOWS\SYSTEM32\nszgmfps.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

R1 ppmoucls;ppmoucls;C:\WINDOWS\system32\DRIVERS\ppmoucls.sys
R1 pptchpad;PenPower Touchpad;C:\WINDOWS\system32\DRIVERS\pptchpd5.sys
S3 PID_0920;Logitech QuickCam Express(PID_0920);C:\WINDOWS\system32\DRIVERS\LV532AV.SYS

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4396026b-eae6-11db-8961-00038a000015}]
AutoRun\command - E:\LaunchU3.exe -a

.
Contents of the 'Scheduled Tasks' folder
"2007-10-12 08:30:01 C:\WINDOWS\Tasks\ANZ McAfee.com Scan for Viruses - My Computer (KAMPINGHO-hokamping).job"
- c:\program files\mcafee.com\vso\mcmnhdlr.exe
"2007-10-14 11:00:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
"2007-09-21 10:00:01 C:\WINDOWS\Tasks\McAfee.com Scan for Viruses - My Computer (KAMPINGHO-john).job"
- c:\program files\mcafee.com\vso\mcmnhdlr.exe
"2007-09-15 01:22:50 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe
"2007-09-30 15:02:13 C:\WINDOWS\Tasks\McQcTask.job"
.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-19 01:59:17
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 

scan completed successfully 
hidden files: 0 

**************************************************************************
.
Completion time: 2007-10-19  2:07:49 - machine was rebooted 
.
	--- E O F ---

i did another HJT log..

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:25:40 AM, on 19/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\SiteAdvisor\6172\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\System\Inst.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
C:\program files\Telstra\Signup\tbpt.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\McAfee\MSK\MskAgent.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\gdloxe.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Opera\Opera.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride =;localhost;<local>;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_2_0.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O2 - BHO: (no name) - {171D64B4-A722-00F3-072D-294ECA6D5575} - C:\DOCUME~1\CHUNGY~1.KAM\APPLIC~1\HIDEOB~1\BALLBAGS.exe (file missing)
O2 - BHO: (no name) - {1E50D204-ABB5-4ED8-A4CA-64D29A0D5130} - C:\WINDOWS\system32\sstqn.dll (file missing)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\nszgmfps.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {C47A9554-195A-4769-9B13-04F15B450A39} - C:\WINDOWS\system32\byxwvwx.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_2_0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\nszgmfps.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [BuildBU] c:\dell\bldbubg.exe
O4 - HKLM\..\Run: [Inst] C:\WINDOWS\System\Inst.exe install
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Manager about enc bash] C:\Documents and Settings\All Users\Application Data\curbgrimmanagerabout\VC WAVE.exe
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [{F7D90BD2-14A9-11d3-AD9E-00AA0064EC94}] C:\program files\Telstra\Signup\tbpt.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Microsoft Update Machine] gdloxe.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\RunServices: [Microsoft Update Machine] gdloxe.exe
O4 - HKCU\..\Run: [NEWROAM] C:\DOCUME~1\CHUNGY~1.KAM\APPLIC~1\CHINSE~1\MixSlowPlan.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [Microsoft Update Machine] gdloxe.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AutorunsDisabled
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .htm: C:\Program Files\Netscape\Netscape Browser\PLUGINS\npTrident.dll
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://telstra.com
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://download.shockwave.com/pub/otoy/OTOYAX.cab
O16 - DPF: {7D731A83-6C80-4EA4-9646-5E06A0513274} (Sandlot Loader Control) - http://www.shockwave.com/content/snailmail/slgwebinstall.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = vic.bigpond.net.au
O17 - HKLM\System\CS1\Services\VxD\MSTCP: SearchList = vic.bigpond.net.au
O17 - HKLM\System\CCS\Services\VxD\MSTCP: SearchList = vic.bigpond.net.au
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = vic.bigpond.net.au
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - Winlogon Notify: nszgmfps - C:\WINDOWS\SYSTEM32\nszgmfps.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: MpService - Canon Inc. - C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation  - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6172\SAService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
O24 - Desktop Component 2: (no name) - C:\Documents and Settings\Chungy.KAMPINGHO\My Documents\My Pictures\Famous ppl\TVXQ\tvxqcute106xg.jpg
O24 - Desktop Component 3: (no name) - C:\Documents and Settings\Chungy.KAMPINGHO\My Documents\My Pictures\Famous ppl\TVXQ\Xiah Jun Su\Xiah48.gif
O24 - Desktop Component 4: (no name) - C:\Documents and Settings\Chungy.KAMPINGHO\My Documents\My Pictures\Famous ppl\TVXQ\Uknow Yun Ho\U-Know3.gif

--
End of file - 15581 bytes

and yes. im still getting the security alert and pop ups.. ARGHH..

anyone?? help??

thankyouzzz

#3 thehay

thehay
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:09 PM

Posted 19 October 2007 - 06:26 AM

I ran NoLop and it said "no infected files found" or something like that..

heres the log:

NoLop! Log by Skate_Punk_21

Fix running from: C:\Documents and Settings\Chungy.KAMPINGHO\My Documents
[19/10/2007]
[6:47:06 PM]

---Infection Files Found/Removed---
NO INFECTION FILES FOUND - Cleaning Aborted.

---Listing AppData sub directories---

C:\Documents and Settings\All Users\Application Data\Adobe
C:\Documents and Settings\All Users\Application Data\Apple
C:\Documents and Settings\All Users\Application Data\Apple Computer
C:\Documents and Settings\All Users\Application Data\Azureus
C:\Documents and Settings\All Users\Application Data\Canon
C:\Documents and Settings\All Users\Application Data\Curbgrimmanagerabout
C:\Documents and Settings\All Users\Application Data\Flexnet
C:\Documents and Settings\All Users\Application Data\Google
C:\Documents and Settings\All Users\Application Data\Grisoft
C:\Documents and Settings\All Users\Application Data\Hp
C:\Documents and Settings\All Users\Application Data\Intel
C:\Documents and Settings\All Users\Application Data\Macromedia
C:\Documents and Settings\All Users\Application Data\Macrovision
C:\Documents and Settings\All Users\Application Data\Mcafee
C:\Documents and Settings\All Users\Application Data\Mcafee.com
C:\Documents and Settings\All Users\Application Data\Messenger Plus!
C:\Documents and Settings\All Users\Application Data\Microsoft
C:\Documents and Settings\All Users\Application Data\Popcap
C:\Documents and Settings\All Users\Application Data\Quicktime
C:\Documents and Settings\All Users\Application Data\Sbsi
C:\Documents and Settings\All Users\Application Data\Siteadvisor
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
C:\Documents and Settings\All Users\Application Data\Symantec
C:\Documents and Settings\All Users\Application Data\Viewpoint
C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
C:\Documents and Settings\Bonita\Application Data\Adobe
C:\Documents and Settings\Bonita\Application Data\Adobeum -- EMPTY Directory
C:\Documents and Settings\Bonita\Application Data\Google
C:\Documents and Settings\Bonita\Application Data\Identities
C:\Documents and Settings\Bonita\Application Data\Intel
C:\Documents and Settings\Bonita\Application Data\Leadertech
C:\Documents and Settings\Bonita\Application Data\Macromedia
C:\Documents and Settings\Bonita\Application Data\Microsoft
C:\Documents and Settings\Bonita\Application Data\Mozilla
C:\Documents and Settings\Bonita\Application Data\Opera
C:\Documents and Settings\Bonita\Application Data\Real
C:\Documents and Settings\Bonita\Application Data\Siteadvisor
C:\Documents and Settings\Bonita\Application Data\Sonic
C:\Documents and Settings\Bonita\Application Data\Sun
C:\Documents and Settings\Chungy.kampingho\Application Data\.bittorrent
C:\Documents and Settings\Chungy.kampingho\Application Data\Adobe
C:\Documents and Settings\Chungy.kampingho\Application Data\Adobeaum
C:\Documents and Settings\Chungy.kampingho\Application Data\Adobeum
C:\Documents and Settings\Chungy.kampingho\Application Data\Apple Computer
C:\Documents and Settings\Chungy.kampingho\Application Data\Azureus
C:\Documents and Settings\Chungy.kampingho\Application Data\Chin Sect Camp -- EMPTY Directory
C:\Documents and Settings\Chungy.kampingho\Application Data\Copytodvd -- EMPTY Directory
C:\Documents and Settings\Chungy.kampingho\Application Data\Cyberlink
C:\Documents and Settings\Chungy.kampingho\Application Data\Dvdcss
C:\Documents and Settings\Chungy.kampingho\Application Data\Google
C:\Documents and Settings\Chungy.kampingho\Application Data\Grisoft
C:\Documents and Settings\Chungy.kampingho\Application Data\Hide Obj -- EMPTY Directory
C:\Documents and Settings\Chungy.kampingho\Application Data\Hp
C:\Documents and Settings\Chungy.kampingho\Application Data\Identities
C:\Documents and Settings\Chungy.kampingho\Application Data\Image Zone Express
C:\Documents and Settings\Chungy.kampingho\Application Data\Intel
C:\Documents and Settings\Chungy.kampingho\Application Data\Leadertech
C:\Documents and Settings\Chungy.kampingho\Application Data\Macromedia
C:\Documents and Settings\Chungy.kampingho\Application Data\Media Player Classic
C:\Documents and Settings\Chungy.kampingho\Application Data\Microsoft
C:\Documents and Settings\Chungy.kampingho\Application Data\Mozilla
C:\Documents and Settings\Chungy.kampingho\Application Data\Netscape
C:\Documents and Settings\Chungy.kampingho\Application Data\Opera
C:\Documents and Settings\Chungy.kampingho\Application Data\Real
C:\Documents and Settings\Chungy.kampingho\Application Data\Screenshot Sender
C:\Documents and Settings\Chungy.kampingho\Application Data\Siteadvisor
C:\Documents and Settings\Chungy.kampingho\Application Data\Slysoft
C:\Documents and Settings\Chungy.kampingho\Application Data\Sonic
C:\Documents and Settings\Chungy.kampingho\Application Data\Sun
C:\Documents and Settings\Chungy.kampingho\Application Data\U3
C:\Documents and Settings\Chungy.kampingho\Application Data\Vlc
C:\Documents and Settings\Default User\Application Data\Identities
C:\Documents and Settings\Default User\Application Data\Intel
C:\Documents and Settings\Default User\Application Data\Microsoft
C:\Documents and Settings\Default User\Application Data\Sonic
C:\Documents and Settings\Default User\Application Data\Sun
C:\Documents and Settings\Guest\Application Data\Intel
C:\Documents and Settings\Guest\Application Data\Microsoft
C:\Documents and Settings\Guest\Application Data\Sonic
C:\Documents and Settings\Guest.kampingho\Application Data\Adobe
C:\Documents and Settings\Guest.kampingho\Application Data\Google
C:\Documents and Settings\Guest.kampingho\Application Data\Help -- EMPTY Directory
C:\Documents and Settings\Guest.kampingho\Application Data\Identities
C:\Documents and Settings\Guest.kampingho\Application Data\Intel
C:\Documents and Settings\Guest.kampingho\Application Data\Macromedia
C:\Documents and Settings\Guest.kampingho\Application Data\Microsoft
C:\Documents and Settings\Guest.kampingho\Application Data\Mozilla
C:\Documents and Settings\Guest.kampingho\Application Data\Netscape
C:\Documents and Settings\Guest.kampingho\Application Data\Opera
C:\Documents and Settings\Guest.kampingho\Application Data\Real
C:\Documents and Settings\Guest.kampingho\Application Data\Sonic
C:\Documents and Settings\Guest.kampingho\Application Data\Sun
C:\Documents and Settings\Hokamping\Application Data\1clickdvdcopy -- EMPTY Directory
C:\Documents and Settings\Hokamping\Application Data\Adobe
C:\Documents and Settings\Hokamping\Application Data\Adobe(2)
C:\Documents and Settings\Hokamping\Application Data\Adobeum
C:\Documents and Settings\Hokamping\Application Data\Apple Computer
C:\Documents and Settings\Hokamping\Application Data\Copytodvd -- EMPTY Directory
C:\Documents and Settings\Hokamping\Application Data\Cyberlink
C:\Documents and Settings\Hokamping\Application Data\Google
C:\Documents and Settings\Hokamping\Application Data\Hp
C:\Documents and Settings\Hokamping\Application Data\Identities
C:\Documents and Settings\Hokamping\Application Data\Image Zone Express
C:\Documents and Settings\Hokamping\Application Data\Intel
C:\Documents and Settings\Hokamping\Application Data\Leadertech
C:\Documents and Settings\Hokamping\Application Data\Macromedia
C:\Documents and Settings\Hokamping\Application Data\Microsoft
C:\Documents and Settings\Hokamping\Application Data\Microsoft Web Folders -- EMPTY Directory
C:\Documents and Settings\Hokamping\Application Data\Mozilla
C:\Documents and Settings\Hokamping\Application Data\Netscape
C:\Documents and Settings\Hokamping\Application Data\Opera
C:\Documents and Settings\Hokamping\Application Data\Real
C:\Documents and Settings\Hokamping\Application Data\Siteadvisor
C:\Documents and Settings\Hokamping\Application Data\Slysoft
C:\Documents and Settings\Hokamping\Application Data\Sonic
C:\Documents and Settings\Hokamping\Application Data\Sun
C:\Documents and Settings\Hokamping\Application Data\Template
C:\Documents and Settings\John\Application Data\Intel
C:\Documents and Settings\John\Application Data\Leadertech
C:\Documents and Settings\John\Application Data\Macromedia
C:\Documents and Settings\John\Application Data\Microsoft
C:\Documents and Settings\John\Application Data\Real
C:\Documents and Settings\John\Application Data\Sonic
C:\Documents and Settings\John.kampingho\Application Data\1clickdvdcopy -- EMPTY Directory
C:\Documents and Settings\John.kampingho\Application Data\Adobe
C:\Documents and Settings\John.kampingho\Application Data\Adobeaum
C:\Documents and Settings\John.kampingho\Application Data\Adobeum
C:\Documents and Settings\John.kampingho\Application Data\Apple Computer
C:\Documents and Settings\John.kampingho\Application Data\Chin Sect Camp
C:\Documents and Settings\John.kampingho\Application Data\Cyberlink
C:\Documents and Settings\John.kampingho\Application Data\Google -- EMPTY Directory
C:\Documents and Settings\John.kampingho\Application Data\Hide Obj -- EMPTY Directory
C:\Documents and Settings\John.kampingho\Application Data\Identities
C:\Documents and Settings\John.kampingho\Application Data\Intel
C:\Documents and Settings\John.kampingho\Application Data\Intertrust
C:\Documents and Settings\John.kampingho\Application Data\Leadertech
C:\Documents and Settings\John.kampingho\Application Data\Macromedia
C:\Documents and Settings\John.kampingho\Application Data\Mcafee
C:\Documents and Settings\John.kampingho\Application Data\Microsoft
C:\Documents and Settings\John.kampingho\Application Data\Mozilla
C:\Documents and Settings\John.kampingho\Application Data\Netscape
C:\Documents and Settings\John.kampingho\Application Data\Opera
C:\Documents and Settings\John.kampingho\Application Data\Rainlendar
C:\Documents and Settings\John.kampingho\Application Data\Real
C:\Documents and Settings\John.kampingho\Application Data\Siteadvisor
C:\Documents and Settings\John.kampingho\Application Data\Slysoft
C:\Documents and Settings\John.kampingho\Application Data\Sonic
C:\Documents and Settings\John.kampingho\Application Data\Sun
C:\Documents and Settings\Localservice\Application Data\Chin Sect Camp -- EMPTY Directory
C:\Documents and Settings\Localservice\Application Data\Macromedia
C:\Documents and Settings\Localservice\Application Data\Microsoft
C:\Documents and Settings\Localservice\Application Data\Opera
C:\Documents and Settings\Localservice\Application Data\Siteadvisor
C:\Documents and Settings\Networkservice\Application Data\Microsoft

im also posting the new HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:07:47 PM, on 19/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\SiteAdvisor\6172\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\System\Inst.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\program files\Telstra\Signup\tbpt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\McAfee\MSK\MskAgent.exe
C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\gdloxe.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;localhost;<local>;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_2_0.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O2 - BHO: (no name) - {171D64B4-A722-00F3-072D-294ECA6D5575} - C:\DOCUME~1\CHUNGY~1.KAM\APPLIC~1\HIDEOB~1\BALLBAGS.exe (file missing)
O2 - BHO: (no name) - {1E50D204-ABB5-4ED8-A4CA-64D29A0D5130} - C:\WINDOWS\system32\sstqn.dll (file missing)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\nszgmfps.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {C47A9554-195A-4769-9B13-04F15B450A39} - C:\WINDOWS\system32\byxwvwx.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_2_0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\nszgmfps.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [BuildBU] c:\dell\bldbubg.exe
O4 - HKLM\..\Run: [Inst] C:\WINDOWS\System\Inst.exe install
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Manager about enc bash] C:\Documents and Settings\All Users\Application Data\curbgrimmanagerabout\VC WAVE.exe
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [{F7D90BD2-14A9-11d3-AD9E-00AA0064EC94}] C:\program files\Telstra\Signup\tbpt.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Microsoft Update Machine] gdloxe.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\RunServices: [Microsoft Update Machine] gdloxe.exe
O4 - HKCU\..\Run: [NEWROAM] C:\DOCUME~1\CHUNGY~1.KAM\APPLIC~1\CHINSE~1\MixSlowPlan.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [Microsoft Update Machine] gdloxe.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AutorunsDisabled
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .htm: C:\Program Files\Netscape\Netscape Browser\PLUGINS\npTrident.dll
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://telstra.com
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://download.shockwave.com/pub/otoy/OTOYAX.cab
O16 - DPF: {7D731A83-6C80-4EA4-9646-5E06A0513274} (Sandlot Loader Control) - http://www.shockwave.com/content/sna...webinstall.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary...o.cab47946.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = vic.bigpond.net.au
O17 - HKLM\System\CS1\Services\VxD\MSTCP: SearchList = vic.bigpond.net.au
O17 - HKLM\System\CCS\Services\VxD\MSTCP: SearchList = vic.bigpond.net.au
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = vic.bigpond.net.au
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - Winlogon Notify: nszgmfps - C:\WINDOWS\SYSTEM32\nszgmfps.dll
O23 - Service: McAfee Application Installer Cleanup (0260701192782400) (0260701192782400mcinstcleanup) - McAfee, Inc. - C:\WINDOWS\TEMP\026070~1.EXE
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: MpService - Canon Inc. - C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6172\SAService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
O24 - Desktop Component 2: (no name) - C:\Documents and Settings\Chungy.KAMPINGHO\My Documents\My Pictures\Famous ppl\TVXQ\tvxqcute106xg.jpg
O24 - Desktop Component 3: (no name) - C:\Documents and Settings\Chungy.KAMPINGHO\My Documents\My Pictures\Famous ppl\TVXQ\Xiah Jun Su\Xiah48.gif
O24 - Desktop Component 4: (no name) - C:\Documents and Settings\Chungy.KAMPINGHO\My Documents\My Pictures\Famous ppl\TVXQ\Uknow Yun Ho\U-Know3.gif

--
End of file - 15773 bytes

I also ran The SuperAntiSpyware and heres the Log:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 10/19/2007 at 08:22 PM

Application Version : 3.9.1008

Core Rules Database Version : 3327
Trace Rules Database Version: 1328

Scan type : Complete Scan
Total Scan Time : 00:51:45

Memory items scanned : 640
Memory threats detected : 0
Registry items scanned : 6258
Registry threats detected : 0
File items scanned : 55746
File threats detected : 39

Adware.Tracking Cookie
C:\Documents and Settings\Chungy.KAMPINGHO\Cookies\chungy@pandasoftware.112.2o7[1].txt
C:\Documents and Settings\Chungy.KAMPINGHO\Cookies\chungy@bestsellerantivirus[2].txt
C:\Documents and Settings\Bonita\Cookies\bonita@247realmedia[1].txt
C:\Documents and Settings\Bonita\Cookies\bonita@imrworldwide[2].txt
C:\Documents and Settings\Bonita\Cookies\bonita@media.sensis.com[1].txt
C:\Documents and Settings\Bonita\Cookies\bonita@msnportal.112.2o7[1].txt
C:\Documents and Settings\Guest.KAMPINGHO\Cookies\guest@2o7[2].txt
C:\Documents and Settings\Guest.KAMPINGHO\Cookies\guest@accelerator-media[2].txt
C:\Documents and Settings\Guest.KAMPINGHO\Cookies\guest@ad.yieldmanager[2].txt
C:\Documents and Settings\Guest.KAMPINGHO\Cookies\guest@ad.zanox[1].txt
C:\Documents and Settings\Guest.KAMPINGHO\Cookies\guest@ads.accelerator-media[1].txt
C:\Documents and Settings\Guest.KAMPINGHO\Cookies\guest@ads.pointroll[2].txt
C:\Documents and Settings\Guest.KAMPINGHO\Cookies\guest@adultfriendfinder[1].txt
C:\Documents and Settings\Guest.KAMPINGHO\Cookies\guest@advertising[2].txt
C:\Documents and Settings\Guest.KAMPINGHO\Cookies\guest@atdmt[2].txt
C:\Documents and Settings\Guest.KAMPINGHO\Cookies\guest@atwola[1].txt
C:\Documents and Settings\Guest.KAMPINGHO\Cookies\guest@belnk[1].txt
C:\Documents and Settings\Guest.KAMPINGHO\Cookies\guest@bs.serving-sys[2].txt
C:\Documents and Settings\Guest.KAMPINGHO\Cookies\guest@casalemedia[1].txt
C:\Documents and Settings\Guest.KAMPINGHO\Cookies\guest@dist.belnk[2].txt
C:\Documents and Settings\Guest.KAMPINGHO\Cookies\guest@doubleclick[1].txt
C:\Documents and Settings\Guest.KAMPINGHO\Cookies\guest@etype.adbureau[2].txt
C:\Documents and Settings\Guest.KAMPINGHO\Cookies\guest@fastclick[1].txt
C:\Documents and Settings\Guest.KAMPINGHO\Cookies\guest@jamster.com[1].txt
C:\Documents and Settings\Guest.KAMPINGHO\Cookies\guest@mediaplex[1].txt
C:\Documents and Settings\Guest.KAMPINGHO\Cookies\guest@msnaccountservices.112.2o7[1].txt
C:\Documents and Settings\Guest.KAMPINGHO\Cookies\guest@msninvite.112.2o7[2].txt
C:\Documents and Settings\Guest.KAMPINGHO\Cookies\guest@msnportal.112.2o7[1].txt
C:\Documents and Settings\Guest.KAMPINGHO\Cookies\guest@okcounter[1].txt
C:\Documents and Settings\Guest.KAMPINGHO\Cookies\guest@revenue[1].txt
C:\Documents and Settings\Guest.KAMPINGHO\Cookies\guest@serving-sys[2].txt
C:\Documents and Settings\Guest.KAMPINGHO\Cookies\guest@trafficmp[1].txt
C:\Documents and Settings\Guest.KAMPINGHO\Cookies\guest@tribalfusion[1].txt
C:\Documents and Settings\Guest.KAMPINGHO\Cookies\guest@valueclick[1].txt
C:\Documents and Settings\Guest.KAMPINGHO\Cookies\guest@winfixer[2].txt
C:\Documents and Settings\Guest.KAMPINGHO\Cookies\guest@xiti[1].txt
C:\Documents and Settings\Guest.KAMPINGHO\Cookies\guest@z1.adserver[1].txt
C:\Documents and Settings\john.KAMPINGHO\Cookies\john@statcounter[1].txt
C:\Documents and Settings\john.KAMPINGHO\Cookies\john@stats.liutilities[1].txt


and the new HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:34:52 PM, on 19/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\SiteAdvisor\6172\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\System\Inst.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\program files\Telstra\Signup\tbpt.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\McAfee\MSK\MskAgent.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\gdloxe.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\program files\mcafee\msc\mcupdui.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
c:\program files\mcafee\virusscan\mcinsupd.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;localhost;<local>;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_2_0.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O2 - BHO: (no name) - {171D64B4-A722-00F3-072D-294ECA6D5575} - C:\DOCUME~1\CHUNGY~1.KAM\APPLIC~1\HIDEOB~1\BALLBAGS.exe (file missing)
O2 - BHO: (no name) - {1E50D204-ABB5-4ED8-A4CA-64D29A0D5130} - C:\WINDOWS\system32\sstqn.dll (file missing)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\nszgmfps.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {C47A9554-195A-4769-9B13-04F15B450A39} - C:\WINDOWS\system32\byxwvwx.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_2_0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\nszgmfps.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [BuildBU] c:\dell\bldbubg.exe
O4 - HKLM\..\Run: [Inst] C:\WINDOWS\System\Inst.exe install
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Manager about enc bash] C:\Documents and Settings\All Users\Application Data\curbgrimmanagerabout\VC WAVE.exe
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [{F7D90BD2-14A9-11d3-AD9E-00AA0064EC94}] C:\program files\Telstra\Signup\tbpt.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Microsoft Update Machine] gdloxe.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\RunServices: [Microsoft Update Machine] gdloxe.exe
O4 - HKCU\..\Run: [NEWROAM] C:\DOCUME~1\CHUNGY~1.KAM\APPLIC~1\CHINSE~1\MixSlowPlan.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [Microsoft Update Machine] gdloxe.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AutorunsDisabled
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .htm: C:\Program Files\Netscape\Netscape Browser\PLUGINS\npTrident.dll
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://telstra.com
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://download.shockwave.com/pub/otoy/OTOYAX.cab
O16 - DPF: {7D731A83-6C80-4EA4-9646-5E06A0513274} (Sandlot Loader Control) - http://www.shockwave.com/content/sna...webinstall.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary...o.cab47946.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = vic.bigpond.net.au
O17 - HKLM\System\CS1\Services\VxD\MSTCP: SearchList = vic.bigpond.net.au
O17 - HKLM\System\CCS\Services\VxD\MSTCP: SearchList = vic.bigpond.net.au
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = vic.bigpond.net.au
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: nszgmfps - C:\WINDOWS\SYSTEM32\nszgmfps.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: MpService - Canon Inc. - C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6172\SAService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
O24 - Desktop Component 2: (no name) - C:\Documents and Settings\Chungy.KAMPINGHO\My Documents\My Pictures\Famous ppl\TVXQ\tvxqcute106xg.jpg
O24 - Desktop Component 3: (no name) - C:\Documents and Settings\Chungy.KAMPINGHO\My Documents\My Pictures\Famous ppl\TVXQ\Xiah Jun Su\Xiah48.gif
O24 - Desktop Component 4: (no name) - C:\Documents and Settings\Chungy.KAMPINGHO\My Documents\My Pictures\Famous ppl\TVXQ\Uknow Yun Ho\U-Know3.gif

--
End of file - 15888 bytes


----------

i am still getting the system alert triangle flashing saying i have malware and this and that trojan.. however.. i do appear to no longer get popups every 2minutes with an ad trying to get me to buy their antispyware programs..

help appreciated.. ><

#4 thehay

thehay
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:09 PM

Posted 20 October 2007 - 12:10 AM

hmm.. dont worry.. i got help from another forum.. :D

#5 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,395 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:06:09 AM

Posted 01 November 2007 - 11:48 AM

Sorry for the delay. You definitely have some infections there. Post a brand new log and we will get to work cleaning you up if you have not already received help elsewhere.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users