Lavasoft Support Forums > Winvirus Pro 2007 Big Problem

Full Version: Winvirus Pro 2007 Big Problem

Lavasoft Support Forums > Archived Topics > Archives: Resolved/Inactive Topics > Resolved/Inactive HijackThis Logs

Ghengisconrad

Jul 15 2007, 12:32 PM

okay, so heres my Hijack this report

Logfile of HijackThis v1.99.1
Scan saved at 20:43:55, on 2007/07/15
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Justsystem\OpenMG BeatJam\Plugin\bgsvclib.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\Creoapp\MrnTS_Sync5.exe
C:\Program Files\Fujitsu\MyMedia\MyMedia Server Tool\MyMediaServer.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Common Files\Panasonic\PSSCore.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panasonic\TVfunSTUDIO\VrService.exe
C:\Program Files\Fujitsu\Mr.WLANner\Xwlanner.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Fujitsu RF comfort keyboard\KPDrv4XP.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
C:\Program Files\Fujitsu\Fujitsu Quick Touch\QuickTouch.exe
C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
C:\Program Files\Fujitsu\リモコンマネージャー\IRRCManager.exe
C:\Program Files\Fujitsu\PowerUtility\schedule\PUSCKAPLEXE.exe
C:\Program Files\Fujitsu\PowerUtility\schedule\PUSCDaemon.exe
C:\Program Files\Fujitsu\iNetConDsp\iNetConDsp.exe
C:\Program Files\Fujitsu\chitose\updatenv.exe
C:\Program Files\FUJITSU\Mr.WLANner\mwlanrun.exe
C:\Program Files\Fujitsu\MyMedia\MyMedia Server Tool\MyMediaServerHelper.exe
C:\Program Files\Fujitsu RF comfort keyboard\mmkbd.exe
C:\WINDOWS\vsnpstd.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Panasonic\TVfunSTUDIO\eTVtimer.exe
C:\Program Files\uTorrent\utorrent.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Owner\デスクトップ\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {6ED63687-EB85-4687-A8D0-17E9792B20CA} - C:\WINDOWS\system32\yaywttt.dll
O2 - BHO: (no name) - {938A8A03-A938-4019-B764-03FF8D167D79} - C:\WINDOWS\system32\tyyodqix.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {EE0900E9-0596-45E5-B6A8-E94A60FD2B52} - C:\WINDOWS\system32\mljgf.dll (file missing)
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [KPDrv4Xp] "C:\Program Files\Fujitsu RF comfort keyboard\KPDrv4XP.EXE"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [LoadFUJ02E3] C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
O4 - HKLM\..\Run: [LoadFujitsuQuickTouch] C:\Program Files\Fujitsu\Fujitsu Quick Touch\QuickTouch.exe
O4 - HKLM\..\Run: [LoadBtnHnd] C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
O4 - HKLM\..\Run: [IMJPMIG9.0] C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMJP9\IMJPMIG.EXE /Preload /Migration32
O4 - HKLM\..\Run: [IRRCManager] C:\Program Files\Fujitsu\リモコンマネージャー\IRRCManager.exe
O4 - HKLM\..\Run: [PUSCKAPLEXE] C:\Program Files\Fujitsu\PowerUtility\schedule\PUSCKAPLEXE.exe
O4 - HKLM\..\Run: [LoadPUSCDaemon] C:\Program Files\Fujitsu\PowerUtility\schedule\PUSCDaemon.exe
O4 - HKLM\..\Run: [INETCONDSP] "C:\Program Files\Fujitsu\iNetConDsp\iNetConDsp.exe"
O4 - HKLM\..\Run: [FJUPDNV_Chitose] C:\Program Files\Fujitsu\chitose\updatenv.exe
O4 - HKLM\..\Run: [WLANNER] "C:\Program Files\FUJITSU\Mr.WLANner\mwlanrun.exe"
O4 - HKLM\..\Run: [MyMedia Server Helper] "C:\Program Files\Fujitsu\MyMedia\MyMedia Server Tool\MyMediaServerHelper.exe"
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SCDEmuApp.exe] C:\Program Files\PowerISO\SCDEmuApp.exe
O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvxaw.dll,startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O8 - Extra context menu item: Microsoft Excel にエクスポート(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun の Java コンソール - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: リサーチ - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D0FD5E32-CABD-4A6E-BD0F-94ACE89CCE03} (HGPluginJP23 Class) - http://down.hangame.co.jp/jp/dist/hgstart/HGPluginJP23.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C54DA55D-CFE9-4AE9-816D-EFC8CEFD44B6}: NameServer = 128.121.159.12 210.248.132.242
O18 - Protocol: msjwwdat - {BAAB02DC-913E-40AA-B9ED-8068DEE42CFA} - C:\Program Files\Microsoft Office\Home Style\JWW\JWWData.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: PUSCSRVC - C:\WINDOWS\SYSTEM32\PUSCSRVC.dll
O20 - Winlogon Notify: winjhe32 - C:\WINDOWS\SYSTEM32\winjhe32.dll
O20 - Winlogon Notify: yaywttt - C:\WINDOWS\SYSTEM32\yaywttt.dll
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\ACS.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: BeatJam Music Server - HTTP (BeatJamMusicStreamingServer) - Justsystem Corporation - C:\Program Files\Justsystem\BeatJam Music Server\BeatJamHttpService.exe
O23 - Service: BeatJam Music Server - UPnP (BeatJamUPnPMusicServer) - Justsystem Corporation - C:\Program Files\Justsystem\BeatJam Music Server\BeatJamUPnPService.exe
O23 - Service: B's Recorder GOLD Library Service (bgsvclib) - B.H.A Corporation - C:\Program Files\Justsystem\OpenMG BeatJam\Plugin\bgsvclib.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Morrin Thumbnail Synchronized Service 5 (MrnTS_Sync5) - 株式会社モーリン - C:\Program Files\Common Files\Creoapp\MrnTS_Sync5.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: MyMedia Server - DigiOn - C:\Program Files\Fujitsu\MyMedia\MyMedia Server Tool\MyMediaServer.exe
O23 - Service: Norton AntiVirus Auto-Protect サービス (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PSS Core - Matsushita Electric Industry Co., LTD. - C:\Program Files\Common Files\Panasonic\PSSCore.exe
O23 - Service: PowerUtility Remote Power Management Service (putlrsrv) - FUJITSU LIMITED - C:\PROGRA~1\Fujitsu\POWERU~1\remote\PUTLRSRV.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: VRService - Matsushita Electric Industrial Co., Ltd. - C:\Program Files\Panasonic\TVfunSTUDIO\VrService.exe
O23 - Service: Mr.WLANner Service (Xwlanner) - FUJITSU LIMITED - C:\Program Files\Fujitsu\Mr.WLANner\Xwlanner.exe

ususally I can take care of virii/adware/ ect on my own but this one is even stronger than Google. So... I am, for the first time ever, asking for help. Please. I beg of you. Help me get back my PC!

Gratitude

Conrad J. Klinkhammer

jurgenv

Jul 16 2007, 02:58 PM

1. Download this file - combofix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply with a new hijackthis log.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

Ghengisconrad

Jul 16 2007, 04:48 PM

404 Not Found
The requested URL '/sUBs/combofix.exe' was not found on this server.

Broken link :`(

jurgenv

Jul 16 2007, 04:53 PM

Try this one: http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe

Ghengisconrad

Jul 16 2007, 06:10 PM

My Hijack this:

Logfile of HijackThis v1.99.1
Scan saved at 2:22:54, on 2007/07/17
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\conime.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Fujitsu RF comfort keyboard\KPDrv4XP.EXE
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
C:\Program Files\Fujitsu\Fujitsu Quick Touch\QuickTouch.exe
C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
C:\Program Files\Fujitsu\リモコンマネージャー\IRRCManager.exe
C:\Program Files\Fujitsu\PowerUtility\schedule\PUSCKAPLEXE.exe
C:\Program Files\Fujitsu\PowerUtility\schedule\PUSCDaemon.exe
C:\Program Files\Fujitsu\iNetConDsp\iNetConDsp.exe
C:\Program Files\Fujitsu\chitose\updatenv.exe
C:\Program Files\FUJITSU\Mr.WLANner\mwlanrun.exe
C:\Program Files\Fujitsu\MyMedia\MyMedia Server Tool\MyMediaServerHelper.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\PowerISO\SCDEmuApp.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Panasonic\TVfunSTUDIO\eTVtimer.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Justsystem\OpenMG BeatJam\Plugin\bgsvclib.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\Creoapp\MrnTS_Sync5.exe
C:\Program Files\Fujitsu\MyMedia\MyMedia Server Tool\MyMediaServer.exe
C:\Program Files\Common Files\Panasonic\PSSCore.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panasonic\TVfunSTUDIO\VrService.exe
C:\Program Files\Fujitsu\Mr.WLANner\Xwlanner.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Fujitsu RF comfort keyboard\mmkbd.exe
C:\Program Files\uTorrent\utorrent.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Owner\デスクトップ\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {11497DED-038F-4639-A30A-ED7786BC6ECD} - C:\WINDOWS\system32\jkhfg.dll (file missing)
O2 - BHO: (no name) - {91ABE126-4814-4906-BD67-959908A72EC5} - C:\WINDOWS\system32\mllmk.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {EE0900E9-0596-45E5-B6A8-E94A60FD2B52} - C:\WINDOWS\system32\mljgf.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [KPDrv4Xp] "C:\Program Files\Fujitsu RF comfort keyboard\KPDrv4XP.EXE"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [LoadFUJ02E3] C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
O4 - HKLM\..\Run: [LoadFujitsuQuickTouch] C:\Program Files\Fujitsu\Fujitsu Quick Touch\QuickTouch.exe
O4 - HKLM\..\Run: [LoadBtnHnd] C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
O4 - HKLM\..\Run: [IMJPMIG9.0] C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMJP9\IMJPMIG.EXE /Preload /Migration32
O4 - HKLM\..\Run: [IRRCManager] C:\Program Files\Fujitsu\リモコンマネージャー\IRRCManager.exe
O4 - HKLM\..\Run: [PUSCKAPLEXE] C:\Program Files\Fujitsu\PowerUtility\schedule\PUSCKAPLEXE.exe
O4 - HKLM\..\Run: [LoadPUSCDaemon] C:\Program Files\Fujitsu\PowerUtility\schedule\PUSCDaemon.exe
O4 - HKLM\..\Run: [INETCONDSP] "C:\Program Files\Fujitsu\iNetConDsp\iNetConDsp.exe"
O4 - HKLM\..\Run: [FJUPDNV_Chitose] C:\Program Files\Fujitsu\chitose\updatenv.exe
O4 - HKLM\..\Run: [WLANNER] "C:\Program Files\FUJITSU\Mr.WLANner\mwlanrun.exe"
O4 - HKLM\..\Run: [MyMedia Server Helper] "C:\Program Files\Fujitsu\MyMedia\MyMedia Server Tool\MyMediaServerHelper.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SCDEmuApp.exe] C:\Program Files\PowerISO\SCDEmuApp.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O8 - Extra context menu item: Microsoft Excel にエクスポート(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun の Java コンソール - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: リサーチ - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D0FD5E32-CABD-4A6E-BD0F-94ACE89CCE03} (HGPluginJP23 Class) - http://down.hangame.co.jp/jp/dist/hgstart/HGPluginJP23.cab
O18 - Protocol: msjwwdat - {BAAB02DC-913E-40AA-B9ED-8068DEE42CFA} - C:\Program Files\Microsoft Office\Home Style\JWW\JWWData.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: PUSCSRVC - C:\WINDOWS\SYSTEM32\PUSCSRVC.dll
O20 - Winlogon Notify: winjhe32 - winjhe32.dll (file missing)
O20 - Winlogon Notify: yaywttt - yaywttt.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\ACS.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: BeatJam Music Server - HTTP (BeatJamMusicStreamingServer) - Justsystem Corporation - C:\Program Files\Justsystem\BeatJam Music Server\BeatJamHttpService.exe
O23 - Service: BeatJam Music Server - UPnP (BeatJamUPnPMusicServer) - Justsystem Corporation - C:\Program Files\Justsystem\BeatJam Music Server\BeatJamUPnPService.exe
O23 - Service: B's Recorder GOLD Library Service (bgsvclib) - B.H.A Corporation - C:\Program Files\Justsystem\OpenMG BeatJam\Plugin\bgsvclib.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Morrin Thumbnail Synchronized Service 5 (MrnTS_Sync5) - 株式会社モーリン - C:\Program Files\Common Files\Creoapp\MrnTS_Sync5.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: MyMedia Server - DigiOn - C:\Program Files\Fujitsu\MyMedia\MyMedia Server Tool\MyMediaServer.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PSS Core - Matsushita Electric Industry Co., LTD. - C:\Program Files\Common Files\Panasonic\PSSCore.exe
O23 - Service: PowerUtility Remote Power Management Service (putlrsrv) - FUJITSU LIMITED - C:\PROGRA~1\Fujitsu\POWERU~1\remote\PUTLRSRV.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: VRService - Matsushita Electric Industrial Co., Ltd. - C:\Program Files\Panasonic\TVfunSTUDIO\VrService.exe
O23 - Service: Mr.WLANner Service (Xwlanner) - FUJITSU LIMITED - C:\Program Files\Fujitsu\Mr.WLANner\Xwlanner.exe

My Combo fix

"Owner" - 2007-07-17 2:13:40 - ComboFix 07-07-16.4 - Service Pack 2 NTFS

(((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))

C:\WINDOWS\system32\eufwqvfv.dll
C:\WINDOWS\system32\fcimalfm.dll
C:\WINDOWS\system32\ffuyooen.dll
C:\WINDOWS\system32\giafdchk.dll
C:\WINDOWS\system32\icjwbsgb.dll
C:\WINDOWS\system32\ltvrwkqk.dll
C:\WINDOWS\system32\nootslmr.dll
C:\WINDOWS\system32\rvylpnbe.dll
C:\WINDOWS\system32\tasirknm.dll
C:\WINDOWS\system32\tbhwskev.dll
C:\WINDOWS\system32\tyyodqix.dll
C:\WINDOWS\system32\ukedxgfx.dll

* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\DOCUME~1\Owner\APPLIC~1.\macromedia\Flash Player\#SharedObjects\SYKFJZMX\www.broadcaster.com
C:\DOCUME~1\Owner\APPLIC~1.\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\DOCUME~1\Owner\APPLIC~1.\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol

((((((((((((((((((((((((( Files Created from 2007-06-16 to 2007-07-16 )))))))))))))))))))))))))))))))

2007-07-17 02:13 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-16 23:24 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\AntiVir PersonalEdition Classic
2007-07-16 23:15 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-07-16 23:15 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-07-16 23:15 4,686 --a------ C:\WINDOWS\system32\tmp.reg
2007-07-16 23:15 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-07-16 13:05 1,023,286 --ahs---- C:\WINDOWS\system32\kmllm.bak2
2007-07-16 01:10 56 -r-hs---- C:\WINDOWS\system32\7E6CB27E4C.sys
2007-07-16 01:05 6,369 --ahs---- C:\WINDOWS\system32\kmllm.bak1
2007-07-15 21:19 848 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2007-07-15 20:51 <DIR> d-------- C:\Program Files\Lavasoft
2007-07-15 20:51 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2007-07-15 20:50 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-07-15 20:17 <DIR> d-------- C:\Program Files\RogueRemover
2007-07-15 16:38 <DIR> d-------- C:\VundoFix Backups
2007-07-15 05:54 <DIR> d-------- C:\Program Files\Enterbrain
2007-07-15 05:53 <DIR> d-------- C:\Program Files\Common Files\Enterbrain
2007-07-15 03:37 3,675,464 --a------ C:\Program Files\lbwvlcr.exe
2007-07-15 03:33 <DIR> d-------- C:\Program Files\新しいフォルダ
2007-07-14 05:13 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\Gamelab
2007-07-14 03:07 <DIR> d--hs---- C:\WINDOWS\ftpcache
2007-07-14 03:07 <DIR> d-------- C:\Program Files\Nanny Mania
2007-07-14 03:07 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\Sandlot Games
2007-07-14 03:06 <DIR> d-------- C:\Program Files\Burger Island
2007-07-14 03:04 <DIR> d-------- C:\Program Files\Miss Management
2007-07-14 02:00 <DIR> d-------- C:\Program Files\Diner Dash
2007-07-14 01:59 <DIR> d-------- C:\Program Files\bfgclient
2007-07-14 01:59 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\BigFishGamesCache
2007-07-13 23:45 <DIR> d-------- C:\Program Files\BFG
2007-06-28 19:22 4,096 --a------ C:\WINDOWS\d3dx.dat
2007-06-27 05:09 <DIR> d-------- C:\Program Files\Common Files\Oberon Media
2007-06-27 05:09 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sandlot Games
2007-06-26 20:29 106,496 --a------ C:\WINDOWS\system32\ssdinerdash2.scr
2007-06-24 14:49 <DIR> d-------- C:\Program Files\PlayFirst
2007-06-24 14:48 <DIR> d-------- C:\Program Files\RarZilla Free Unrar
2007-06-23 12:52 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Trymedia
2007-06-22 20:32 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\iWin
2007-06-22 20:32 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\iWin
2007-06-21 17:51 <DIR> d-------- C:\Program Files\Yahoo!ゲームダウンロードゲーム
2007-06-20 20:12 <DIR> d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2007-06-20 20:11 <DIR> d-------- C:\Program Files\GameChu

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-16 17:17:42 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\uTorrent
2007-07-16 17:03:56 -------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-07-16 14:43:19 -------- d-----w C:\Program Files\Symantec
2007-07-15 10:18:36 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\AdobeUM
2007-07-15 10:17:18 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-07-15 10:17:17 -------- d-----w C:\Program Files\Fujitsu
2007-07-15 10:16:47 -------- d-----w C:\Program Files\Common Files\Creoapp
2007-07-14 18:33:34 -------- d-----w C:\Program Files\新しいフォルダ
2007-07-07 20:15:03 54,410 ----a-w C:\WINDOWS\system32\perfc011.dat
2007-07-07 20:15:03 191,198 ----a-w C:\WINDOWS\system32\perfh011.dat
2007-06-27 13:36:22 -------- d-----w C:\Program Files\Soulseek
2007-06-23 20:37:00 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\PlayFirst
2007-06-22 14:44:17 -------- d-----w C:\Program Files\Final Fantasy VII
2007-06-22 12:29:40 -------- d-----w C:\Program Files\Firaxis Games
2007-06-21 08:51:08 -------- d-----w C:\Program Files\Yahoo!ゲームダウンロードゲーム
2007-06-20 11:01:04 -------- d-----w C:\Program Files\Yahoo!
2007-06-20 11:00:53 -------- d-----w C:\Program Files\BoontyGames
2007-06-20 10:59:08 -------- d-----w C:\Program Files\ATLASP2006
2007-06-20 10:59:03 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\Fujitsu
2007-06-18 08:49:08 -------- d-----w C:\Program Files\NewzToolz
2007-06-05 14:35:46 -------- d--h--w C:\DOCUME~1\Owner\APPLIC~1\Hangame
2007-06-04 06:18:48 9,344 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2007-06-04 06:17:02 8,320 ----a-w C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-06-04 06:14:56 6,272 ----a-w C:\WINDOWS\system32\drivers\AWRTPD.sys
2007-06-02 12:15:53 -------- d-----w C:\Program Files\Bigle 3D
2007-05-16 22:25:17 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\dvdcss
2007-05-16 15:11:50 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-05-15 20:20:46 2,920 ----a-w C:\WINDOWS\system32\SpoonUninstall-dBpoweramp FLAC Codec.dat
2007-05-15 20:20:35 507,256 ----a-w C:\WINDOWS\system32\SpoonUninstall.exe
2007-05-15 20:17:18 13,015 ----a-w C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Music Converter.dat
2007-04-25 14:22:27 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-18 16:14:13 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-16 13:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-16 13:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-16 13:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-16 13:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-16 13:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-16 13:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-16 13:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-16 13:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-04-16 13:44:20 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll
2007-04-16 13:44:18 208,248 ----a-w C:\WINDOWS\system32\muweb.dll
2006-11-19 11:22:20 774,144 ----a-w C:\Program Files\RngInterstitial.dll

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
2006-12-18 04:16 59032 --a------ C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{11497DED-038F-4639-A30A-ED7786BC6ECD}]
C:\WINDOWS\system32\jkhfg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{91ABE126-4814-4906-BD67-959908A72EC5}]
C:\WINDOWS\system32\mllmk.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
2007-01-19 23:56 2403392 -ra------ c:\program files\google\googletoolbar3.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
2007-05-28 00:14 325048 --a------ C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EE0900E9-0596-45E5-B6A8-E94A60FD2B52}]
C:\WINDOWS\system32\mljgf.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2005-07-22 15:00 C:\WINDOWS\SOUNDMAN.EXE]
"AGRSMMSG"="AGRSMMSG.exe" [2004-12-20 15:10 C:\WINDOWS\AGRSMMSG.exe]
"KPDrv4Xp"="C:\Program Files\Fujitsu RF comfort keyboard\KPDrv4XP.EXE" [2005-02-21 19:15]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe" [2005-08-26 18:14]
"LoadFUJ02E3"="C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe" [2005-06-08 09:20]
"LoadFujitsuQuickTouch"="C:\Program Files\Fujitsu\Fujitsu Quick Touch\QuickTouch.exe" [2005-09-20 09:26]
"LoadBtnHnd"="C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe" [2005-09-20 09:25]
"IMJPMIG9.0"="C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMJP9\IMJPMIG.exe" [2005-03-18 06:40]
"IRRCManager"="C:\Program Files\Fujitsu\リモコンマネージャー\IRRCManager.exe" [2005-10-24 08:26]
"PUSCKAPLEXE"="C:\Program Files\Fujitsu\PowerUtility\schedule\PUSCKAPLEXE.exe" [2005-09-16 16:00]
"LoadPUSCDaemon"="C:\Program Files\Fujitsu\PowerUtility\schedule\PUSCDaemon.exe" [2005-10-20 11:05]
"INETCONDSP"="C:\Program Files\Fujitsu\iNetConDsp\iNetConDsp.exe" [2005-01-14 20:48]
"FJUPDNV_Chitose"="C:\Program Files\Fujitsu\chitose\updatenv.exe" [2005-10-12 06:39]
"WLANNER"="C:\Program Files\FUJITSU\Mr.WLANner\mwlanrun.exe" [2005-10-07 18:18]
"MyMedia Server Helper"="C:\Program Files\Fujitsu\MyMedia\MyMedia Server Tool\MyMediaServerHelper.exe" [2005-10-07 19:14]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2006-11-06 17:27]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 18:58]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-10-30 09:36]
"SCDEmuApp.exe"="C:\Program Files\PowerISO\SCDEmuApp.exe" [2005-10-16 10:15]
"avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [2007-04-02 10:35]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 21:00]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-14 01:24]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2006-01-24 20:25]
"BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" []
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" []
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-28 00:14]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 19:48]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PUSCSRVC]
PUSCSRVC.dll --a------ 2005-09-16 16:00 77824 C:\WINDOWS\system32\PUSCSRVC.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winjhe32]
winjhe32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\yaywttt]
yaywttt.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\aawservice]

**************************************************************************

catchme 0.3.1017 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-17 02:18:56
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-07-17 2:21:00 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-07-17 02:21

--- E O F ---

and as an added bonus, my AntiVir Log

AntiVir PersonalEdition Classic
Report file date: 2007年7月16日 23:57

Scanning for 943526 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: Owner
Computer name: FM-A058E6E1FC0F

Version information:
BUILD.DAT : 247 14437 Bytes 2007/05/10 11:55:00
AVSCAN.EXE : 7.0.4.15 282664 Bytes 2007/04/20 04:37:14
AVSCAN.DLL : 7.0.4.4 33832 Bytes 2007/03/27 04:31:54
LUKE.DLL : 7.0.4.11 143400 Bytes 2007/03/27 04:26:04
LUKERES.DLL : 7.0.4.0 10280 Bytes 2007/03/19 04:18:59
ANTIVIR0.VDF : 6.35.0.1 7371264 Bytes 2006/05/31 06:08:58
ANTIVIR1.VDF : 6.39.0.129 7251968 Bytes 2007/07/10 14:55:48
ANTIVIR2.VDF : 6.39.0.148 395776 Bytes 2007/07/16 14:55:48
ANTIVIR3.VDF : 6.39.0.152 11264 Bytes 2007/07/16 14:55:48
AVEWIN32.DLL : 7.4.0.42 2490880 Bytes 2007/07/16 14:55:48
AVWINLL.DLL : 1.0.0.7 14376 Bytes 2007/02/26 02:36:26
AVPREF.DLL : 7.0.2.1 24616 Bytes 2007/03/27 04:31:50
AVREP.DLL : 7.0.0.1 155688 Bytes 2007/04/16 05:16:24
AVPACK32.DLL : 7.3.0.13 360488 Bytes 2007/07/16 14:55:49
AVREG.DLL : 7.0.1.2 31784 Bytes 2007/03/15 01:05:08
AVEVTLOG.DLL : 7.0.0.18 86056 Bytes 2007/03/27 04:16:05
AVARKT.DLL : 1.0.0.17 278568 Bytes 2007/05/02 03:32:26
NETNT.DLL : 7.0.0.0 7720 Bytes 2007/03/08 03:09:42
RCIMAGE.DLL : 7.0.1.15 2228264 Bytes 2007/03/13 02:46:18
RCTEXT.DLL : 7.0.45.0 86056 Bytes 2007/03/19 04:42:42

Configuration settings for the scan:
Jobname..........................: Local Drives
Configuration file...............: C:\Program Files\AntiVir PersonalEdition Classic\alldrives.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: H:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: 2007年7月16日 23:57

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'utorrent.exe' - '1' Module(s) have been scanned
Scan process 'eTVtimer.exe' - '1' Module(s) have been scanned
Scan process 'daemon.exe' - '1' Module(s) have been scanned
Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'iPodService.exe' - '1' Module(s) have been scanned
Scan process 'msmsgs.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
Scan process 'qttask.exe' - '1' Module(s) have been scanned
Scan process 'PWRISOVM.EXE' - '1' Module(s) have been scanned
Scan process 'vsnpstd.exe' - '1' Module(s) have been scanned
Scan process 'MyMediaServerHelper.exe' - '1' Module(s) have been scanned
Scan process 'mwlanrun.exe' - '1' Module(s) have been scanned
Scan process 'updatenv.exe' - '1' Module(s) have been scanned
Scan process 'mmkbd.exe' - '1' Module(s) have been scanned
Scan process 'iNetConDsp.exe' - '1' Module(s) have been scanned
Scan process 'PUSCDaemon.exe' - '1' Module(s) have been scanned
Scan process 'PUSCKAPLEXE.exe' - '1' Module(s) have been scanned
Scan process 'IRRCManager.exe' - '1' Module(s) have been scanned
Scan process 'BtnHnd.exe' - '1' Module(s) have been scanned
Scan process 'QuickTouch.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'FUJ02E3.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'KPDrv4XP.exe' - '1' Module(s) have been scanned
Scan process 'AGRSMMSG.exe' - '1' Module(s) have been scanned
Scan process 'SOUNDMAN.EXE' - '1' Module(s) have been scanned
Scan process 'Xwlanner.exe' - '1' Module(s) have been scanned
Scan process 'VRService.exe' - '1' Module(s) have been scanned
Scan process 'wdfmgr.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'StarWindService.exe' - '1' Module(s) have been scanned
Scan process 'PSSCore.exe' - '1' Module(s) have been scanned
Scan process 'MyMediaServer.exe' - '1' Module(s) have been scanned
Scan process 'MrnTS_Sync5.exe' - '1' Module(s) have been scanned
Scan process 'MDM.EXE' - '1' Module(s) have been scanned
Scan process 'bgsvclib.exe' - '1' Module(s) have been scanned
Scan process 'aawservice.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
56 processes with 56 modules were scanned

Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Boot sector 'D:\'
[NOTE] No virus was found!
Boot sector 'I:\'
[NOTE] No virus was found!

Starting to scan the registry.
The registry was scanned ( '42' files ).

Starting the file scan:

Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\Owner\Local Settings\Temp\mst153.tmp
[DETECTION] Is the Trojan horse TR/Agent.QT.76
[INFO] The file was deleted!
C:\Documents and Settings\Owner\Local Settings\Temp\run.exe
[DETECTION] Contains signature of the worm WORM/Agent.V.2
[INFO] The file was deleted!
C:\Documents and Settings\Owner\Local Settings\Temp\td.exe
[DETECTION] Is the Trojan horse TR/Agent.38912.10
[INFO] The file was deleted!
C:\Documents and Settings\Owner\Local Settings\Temp\win14F.tmp.exe
[DETECTION] The file name contains an executable file extension disguised as a harmless one HEUR-DBLEXT/Crypted
[INFO] The file was moved to '4709897a.qua'!
C:\Documents and Settings\Owner\Local Settings\Temp\wnd147.tmp
[DETECTION] Is the Trojan horse TR/Crypt.PEC2X.Gen
[INFO] The file was deleted!
C:\Documents and Settings\Owner\Local Settings\Temp\zgo.exe
[DETECTION] Is the Trojan horse TR/Agent.35328.1
[INFO] The file was deleted!
C:\Documents and Settings\Owner\デスクトップ\crack.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was deleted!
C:\Documents and Settings\Owner\デスクトップ\Diner Dash - Flo On The Go 1[1].0.rar
[0] Archive type: RAR
--> keygen.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
--> crack.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
--> patch.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was deleted!
C:\Documents and Settings\Owner\デスクトップ\diner dash 3 crack.zip
[0] Archive type: ZIP
--> diner dash 3 crack.exe
[DETECTION] Contains signature of the dropper DR/Agent.V
[1] Archive type: ZIP SFX (self extracting)
--> td.exe
[DETECTION] Is the Trojan horse TR/Agent.38912.10
--> run.exe
[DETECTION] Contains signature of the worm WORM/Agent.V.2
--> zgo.exe
[DETECTION] Is the Trojan horse TR/Agent.35328.1
[INFO] The file was deleted!
C:\Documents and Settings\Owner\デスクトップ\keygen.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was deleted!
C:\Documents and Settings\Owner\デスクトップ\patch.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was deleted!
C:\Program Files\Hero\XPatch.exe
[DETECTION] Contains signature of the worm WORM/Luder.E
[INFO] The file was deleted!
C:\VundoFix Backups\jkhfg.dll.bad
[DETECTION] Is the Trojan horse TR/Mon.Virtumonde.II
[INFO] The file was deleted!
C:\VundoFix Backups\mljgf.dll.bad
[DETECTION] Is the Trojan horse TR/Mon.Virtumonde.II
[INFO] The file was deleted!
C:\VundoFix Backups\mllmk.dll.bad
[DETECTION] Is the Trojan horse TR/Mon.Virtumonde.II
[INFO] The file was deleted!
C:\WINDOWS\system32\ageitsqh.exe
[DETECTION] Is the Trojan horse TR/Agent.AAOA
[INFO] The file was deleted!
C:\WINDOWS\system32\cmawpymp.exe
[DETECTION] Is the Trojan horse TR/Agent.AAOA
[INFO] The file was deleted!
C:\WINDOWS\system32\cxaorujm.dll
[DETECTION] Is the Trojan horse TR/JuanSearch.B
[INFO] The file was deleted!
C:\WINDOWS\system32\ejhrubaf.exe
[DETECTION] Is the Trojan horse TR/Agent.AAOA
[INFO] The file was deleted!
C:\WINDOWS\system32\fccbcyv.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was deleted!
C:\WINDOWS\system32\fpvoqhju.dll
[DETECTION] Is the Trojan horse TR/PSW.Gamania.B
[INFO] The file was deleted!
C:\WINDOWS\system32\kwbokmaf.exe
[DETECTION] Is the Trojan horse TR/Agent.AAOA
[INFO] The file was deleted!
C:\WINDOWS\system32\qxoletsk.dll
[DETECTION] Is the Trojan horse TR/PSW.Gamania.B
[INFO] The file was deleted!
C:\WINDOWS\system32\resyfosy.dll
[DETECTION] Is the Trojan horse TR/PSW.Gamania.B
[INFO] The file was deleted!
C:\WINDOWS\system32\rpbkbiwr.exe
[DETECTION] Is the Trojan horse TR/Agent.AAOA
[INFO] The file was deleted!
C:\WINDOWS\system32\uqcokwfq.exe
[DETECTION] Is the Trojan horse TR/Agent.AAOA
[INFO] The file was deleted!
C:\WINDOWS\system32\urqqomm.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was deleted!
C:\WINDOWS\system32\vuoltuth.exe
[DETECTION] Is the Trojan horse TR/Click.Agent.NP
[INFO] The file was deleted!
C:\WINDOWS\system32\winjhe32.VIR
[DETECTION] Is the Trojan horse TR/Crypt.PEC2X.Gen
[WARNING] The file could not be deleted!
C:\WINDOWS\system32\xibseedh.exe
[DETECTION] Is the Trojan horse TR/Agent.AAOA
[INFO] The file was deleted!
C:\WINDOWS\system32\yaywttt.VIR
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[WARNING] The file could not be deleted!
C:\WINDOWS\system32\ylftmmvi.dll
[DETECTION] Is the Trojan horse TR/PSW.Gamania.B
[INFO] The file was deleted!
C:\WINDOWS\system32\drivers\sptd.sys
[WARNING] The file could not be opened!
C:\WINDOWS\system32\drivers\vaxscsi.sys
[WARNING] The file could not be opened!
C:\WINDOWS\Temp\win385.tmp.exe
[DETECTION] The file name contains an executable file extension disguised as a harmless one HEUR-DBLEXT/Crypted
[INFO] The file was moved to '4709a0e1.qua'!
C:\WINDOWS\Temp\win7A2.tmp.exe
[DETECTION] Is the Trojan horse TR/Dldr.Small.dod.1
[INFO] The file was deleted!
C:\WINDOWS\Temp\winC60.tmp.exe
[DETECTION] The file name contains an executable file extension disguised as a harmless one HEUR-DBLEXT/Crypted
[INFO] The file was moved to '4709a0ed.qua'!
Begin scan in 'D:\'
Begin scan in 'I:\'
Begin scan in 'E:\' <ClickToDVD>
Begin scan in 'F:\'
Search path F:\ could not be opened!
デバイスの準備ができていません。

Begin scan in 'G:\'
Search path G:\ could not be opened!
デバイスの準備ができていません。

Begin scan in 'H:\'
Search path H:\ could not be opened!
デバイスの準備ができていません。

End of the scan: 2007年7月17日 01:59
Used time: 2:01:47 min

The scan has been done completely.

9310 Scanning directories
324128 Files were scanned
40 viruses and/or unwanted programs were found
3 classified as suspicious:
30 files were deleted
0 files were repaired
3 files were moved to quarantine
0 files were renamed
3 Files cannot be scanned
324085 Files not concerned
8564 Archives were scanned
5 Warnings
49 Notes
0 Hidden objects were found

------------------------------------------------------------

Thank you so much for the quick help.

jurgenv

Jul 16 2007, 06:22 PM

* Download OTMoveIt.exe from here and place it on your desktop:
http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe

* Open OTMoveIt.exe.
In the left pane where it says: "Paste List of Files/Folders to be Moved", copy and paste next part:

C:\WINDOWS\system32\kmllm.bak2
C:\WINDOWS\system32\kmllm.bak1
C:\Program Files\lbwvlcr.exe

Then click the MoveIt button below.
In case you get a "Bad Image" error, just click OK at the promt. It will move the file anyway.
When done, it will create a log (********_******.log -- * stands for date and time) in next folder: C:\_OTMoveIt\MovedFiles.
Copy and paste this log in your next reply with a new hijackthis log.

Ghengisconrad

Jul 16 2007, 06:28 PM

Move it log:

C:\WINDOWS\system32\kmllm.bak2 moved successfully.
C:\WINDOWS\system32\kmllm.bak1 moved successfully.
C:\Program Files\lbwvlcr.exe moved successfully.

Created on 07/17/2007 02:44:05

Hijack this log:

Logfile of HijackThis v1.99.1
Scan saved at 2:45:13, on 2007/07/17
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\conime.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Fujitsu RF comfort keyboard\KPDrv4XP.EXE
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
C:\Program Files\Fujitsu\Fujitsu Quick Touch\QuickTouch.exe
C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
C:\Program Files\Fujitsu\リモコンマネージャー\IRRCManager.exe
C:\Program Files\Fujitsu\PowerUtility\schedule\PUSCKAPLEXE.exe
C:\Program Files\Fujitsu\PowerUtility\schedule\PUSCDaemon.exe
C:\Program Files\Fujitsu\iNetConDsp\iNetConDsp.exe
C:\Program Files\Fujitsu\chitose\updatenv.exe
C:\Program Files\FUJITSU\Mr.WLANner\mwlanrun.exe
C:\Program Files\Fujitsu\MyMedia\MyMedia Server Tool\MyMediaServerHelper.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\PowerISO\SCDEmuApp.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Panasonic\TVfunSTUDIO\eTVtimer.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Justsystem\OpenMG BeatJam\Plugin\bgsvclib.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\Creoapp\MrnTS_Sync5.exe
C:\Program Files\Fujitsu\MyMedia\MyMedia Server Tool\MyMediaServer.exe
C:\Program Files\Common Files\Panasonic\PSSCore.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panasonic\TVfunSTUDIO\VrService.exe
C:\Program Files\Fujitsu\Mr.WLANner\Xwlanner.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Fujitsu RF comfort keyboard\mmkbd.exe
C:\Program Files\uTorrent\utorrent.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Owner\デスクトップ\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {11497DED-038F-4639-A30A-ED7786BC6ECD} - C:\WINDOWS\system32\jkhfg.dll (file missing)
O2 - BHO: (no name) - {91ABE126-4814-4906-BD67-959908A72EC5} - C:\WINDOWS\system32\mllmk.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {EE0900E9-0596-45E5-B6A8-E94A60FD2B52} - C:\WINDOWS\system32\mljgf.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [KPDrv4Xp] "C:\Program Files\Fujitsu RF comfort keyboard\KPDrv4XP.EXE"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [LoadFUJ02E3] C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
O4 - HKLM\..\Run: [LoadFujitsuQuickTouch] C:\Program Files\Fujitsu\Fujitsu Quick Touch\QuickTouch.exe
O4 - HKLM\..\Run: [LoadBtnHnd] C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
O4 - HKLM\..\Run: [IMJPMIG9.0] C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMJP9\IMJPMIG.EXE /Preload /Migration32
O4 - HKLM\..\Run: [IRRCManager] C:\Program Files\Fujitsu\リモコンマネージャー\IRRCManager.exe
O4 - HKLM\..\Run: [PUSCKAPLEXE] C:\Program Files\Fujitsu\PowerUtility\schedule\PUSCKAPLEXE.exe
O4 - HKLM\..\Run: [LoadPUSCDaemon] C:\Program Files\Fujitsu\PowerUtility\schedule\PUSCDaemon.exe
O4 - HKLM\..\Run: [INETCONDSP] "C:\Program Files\Fujitsu\iNetConDsp\iNetConDsp.exe"
O4 - HKLM\..\Run: [FJUPDNV_Chitose] C:\Program Files\Fujitsu\chitose\updatenv.exe
O4 - HKLM\..\Run: [WLANNER] "C:\Program Files\FUJITSU\Mr.WLANner\mwlanrun.exe"
O4 - HKLM\..\Run: [MyMedia Server Helper] "C:\Program Files\Fujitsu\MyMedia\MyMedia Server Tool\MyMediaServerHelper.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SCDEmuApp.exe] C:\Program Files\PowerISO\SCDEmuApp.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O8 - Extra context menu item: Microsoft Excel にエクスポート(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun の Java コンソール - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: リサーチ - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D0FD5E32-CABD-4A6E-BD0F-94ACE89CCE03} (HGPluginJP23 Class) - http://down.hangame.co.jp/jp/dist/hgstart/HGPluginJP23.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C54DA55D-CFE9-4AE9-816D-EFC8CEFD44B6}: NameServer = 128.121.159.12 210.248.132.242
O18 - Protocol: msjwwdat - {BAAB02DC-913E-40AA-B9ED-8068DEE42CFA} - C:\Program Files\Microsoft Office\Home Style\JWW\JWWData.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: PUSCSRVC - C:\WINDOWS\SYSTEM32\PUSCSRVC.dll
O20 - Winlogon Notify: winjhe32 - winjhe32.dll (file missing)
O20 - Winlogon Notify: yaywttt - yaywttt.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\ACS.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: BeatJam Music Server - HTTP (BeatJamMusicStreamingServer) - Justsystem Corporation - C:\Program Files\Justsystem\BeatJam Music Server\BeatJamHttpService.exe
O23 - Service: BeatJam Music Server - UPnP (BeatJamUPnPMusicServer) - Justsystem Corporation - C:\Program Files\Justsystem\BeatJam Music Server\BeatJamUPnPService.exe
O23 - Service: B's Recorder GOLD Library Service (bgsvclib) - B.H.A Corporation - C:\Program Files\Justsystem\OpenMG BeatJam\Plugin\bgsvclib.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Morrin Thumbnail Synchronized Service 5 (MrnTS_Sync5) - 株式会社モーリン - C:\Program Files\Common Files\Creoapp\MrnTS_Sync5.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: MyMedia Server - DigiOn - C:\Program Files\Fujitsu\MyMedia\MyMedia Server Tool\MyMediaServer.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PSS Core - Matsushita Electric Industry Co., LTD. - C:\Program Files\Common Files\Panasonic\PSSCore.exe
O23 - Service: PowerUtility Remote Power Management Service (putlrsrv) - FUJITSU LIMITED - C:\PROGRA~1\Fujitsu\POWERU~1\remote\PUTLRSRV.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: VRService - Matsushita Electric Industrial Co., Ltd. - C:\Program Files\Panasonic\TVfunSTUDIO\VrService.exe
O23 - Service: Mr.WLANner Service (Xwlanner) - FUJITSU LIMITED - C:\Program Files\Fujitsu\Mr.WLANner\Xwlanner.exe

--------------------------------

You are a God.

Much thanks for all this help man.

jurgenv

Jul 16 2007, 06:33 PM

Your Java Runtime Environment is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

Updating Java:

Download the latest version of Java Runtime Environment (JRE) 6u2.
Scroll down to where it says "Java Runtime Enviroinment (JRE) 6u2, The Java SE Runtime Environment (JRE) allows end-users to run Java applications".
Click the "Download" button to the right.
Check the box that says: "Accept License Agreement".
The page will refresh.
Click on the link to download Windows Offline Installation, Multi-language and save it to your desktop (13.16 MB).
Close any programs you may have running - especially any web browsers.
Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
Check any item with Java Runtime Environment (JRE or J2SE) in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on jre-6u2-windows-i586-p.exe to install the newest version.

* Please open hijackthis and put a check next to the following:

O2 - BHO: (no name) - {11497DED-038F-4639-A30A-ED7786BC6ECD} - C:\WINDOWS\system32\jkhfg.dll (file missing)
O2 - BHO: (no name) - {91ABE126-4814-4906-BD67-959908A72EC5} - C:\WINDOWS\system32\mllmk.dll (file missing)
O2 - BHO: (no name) - {EE0900E9-0596-45E5-B6A8-E94A60FD2B52} - C:\WINDOWS\system32\mljgf.dll (file missing)
O20 - Winlogon Notify: winjhe32 - winjhe32.dll (file missing)
O20 - Winlogon Notify: yaywttt - yaywttt.dll (file missing)

* After you check the items you want to fix, close all browsers and windows, except for HijackThis, then click on the Fix Checked button on HijackThis.

* Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 only

ATF-Cleaner.exe

Main

Select All

Empty Selected

If you use Firefox browser

Firefox

Select All

Empty Selected

NOTE:

If you use Opera browser

Opera

Select All

Empty Selected

NOTE:

Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

* Finally, reboot and tell me how everything is working.

Ghengisconrad

Jul 16 2007, 07:16 PM

Logfile of HijackThis v1.99.1
Scan saved at 3:24:06, on 2007/07/17
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Fujitsu RF comfort keyboard\KPDrv4XP.EXE
C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
C:\Program Files\Fujitsu\Fujitsu Quick Touch\QuickTouch.exe
C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
C:\Program Files\Fujitsu\リモコンマネージャー\IRRCManager.exe
C:\Program Files\Fujitsu\PowerUtility\schedule\PUSCKAPLEXE.exe
C:\Program Files\Fujitsu\PowerUtility\schedule\PUSCDaemon.exe
C:\Program Files\Fujitsu\iNetConDsp\iNetConDsp.exe
C:\Program Files\Fujitsu\chitose\updatenv.exe
C:\Program Files\FUJITSU\Mr.WLANner\mwlanrun.exe
C:\Program Files\Fujitsu\MyMedia\MyMedia Server Tool\MyMediaServerHelper.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Panasonic\TVfunSTUDIO\eTVtimer.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Justsystem\OpenMG BeatJam\Plugin\bgsvclib.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\Creoapp\MrnTS_Sync5.exe
C:\Program Files\Fujitsu\MyMedia\MyMedia Server Tool\MyMediaServer.exe
C:\Program Files\Common Files\Panasonic\PSSCore.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panasonic\TVfunSTUDIO\VrService.exe
C:\Program Files\Fujitsu\Mr.WLANner\Xwlanner.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Fujitsu RF comfort keyboard\mmkbd.exe
C:\Program Files\uTorrent\utorrent.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\Owner\デスクトップ\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [KPDrv4Xp] "C:\Program Files\Fujitsu RF comfort keyboard\KPDrv4XP.EXE"
O4 - HKLM\..\Run: [LoadFUJ02E3] C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
O4 - HKLM\..\Run: [LoadFujitsuQuickTouch] C:\Program Files\Fujitsu\Fujitsu Quick Touch\QuickTouch.exe
O4 - HKLM\..\Run: [LoadBtnHnd] C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
O4 - HKLM\..\Run: [IMJPMIG9.0] C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMJP9\IMJPMIG.EXE /Preload /Migration32
O4 - HKLM\..\Run: [IRRCManager] C:\Program Files\Fujitsu\リモコンマネージャー\IRRCManager.exe
O4 - HKLM\..\Run: [PUSCKAPLEXE] C:\Program Files\Fujitsu\PowerUtility\schedule\PUSCKAPLEXE.exe
O4 - HKLM\..\Run: [LoadPUSCDaemon] C:\Program Files\Fujitsu\PowerUtility\schedule\PUSCDaemon.exe
O4 - HKLM\..\Run: [INETCONDSP] "C:\Program Files\Fujitsu\iNetConDsp\iNetConDsp.exe"
O4 - HKLM\..\Run: [FJUPDNV_Chitose] C:\Program Files\Fujitsu\chitose\updatenv.exe
O4 - HKLM\..\Run: [WLANNER] "C:\Program Files\FUJITSU\Mr.WLANner\mwlanrun.exe"
O4 - HKLM\..\Run: [MyMedia Server Helper] "C:\Program Files\Fujitsu\MyMedia\MyMedia Server Tool\MyMediaServerHelper.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SCDEmuApp.exe] C:\Program Files\PowerISO\SCDEmuApp.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O8 - Extra context menu item: Microsoft Excel にエクスポート(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun の Java コンソール - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: リサーチ - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D0FD5E32-CABD-4A6E-BD0F-94ACE89CCE03} (HGPluginJP23 Class) - http://down.hangame.co.jp/jp/dist/hgstart/HGPluginJP23.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C54DA55D-CFE9-4AE9-816D-EFC8CEFD44B6}: NameServer = 128.121.159.12 210.248.132.242
O18 - Protocol: msjwwdat - {BAAB02DC-913E-40AA-B9ED-8068DEE42CFA} - C:\Program Files\Microsoft Office\Home Style\JWW\JWWData.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: PUSCSRVC - C:\WINDOWS\SYSTEM32\PUSCSRVC.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\ACS.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: BeatJam Music Server - HTTP (BeatJamMusicStreamingServer) - Justsystem Corporation - C:\Program Files\Justsystem\BeatJam Music Server\BeatJamHttpService.exe
O23 - Service: BeatJam Music Server - UPnP (BeatJamUPnPMusicServer) - Justsystem Corporation - C:\Program Files\Justsystem\BeatJam Music Server\BeatJamUPnPService.exe
O23 - Service: B's Recorder GOLD Library Service (bgsvclib) - B.H.A Corporation - C:\Program Files\Justsystem\OpenMG BeatJam\Plugin\bgsvclib.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Morrin Thumbnail Synchronized Service 5 (MrnTS_Sync5) - 株式会社モーリン - C:\Program Files\Common Files\Creoapp\MrnTS_Sync5.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: MyMedia Server - DigiOn - C:\Program Files\Fujitsu\MyMedia\MyMedia Server Tool\MyMediaServer.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PSS Core - Matsushita Electric Industry Co., LTD. - C:\Program Files\Common Files\Panasonic\PSSCore.exe
O23 - Service: PowerUtility Remote Power Management Service (putlrsrv) - FUJITSU LIMITED - C:\PROGRA~1\Fujitsu\POWERU~1\remote\PUTLRSRV.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: VRService - Matsushita Electric Industrial Co., Ltd. - C:\Program Files\Panasonic\TVfunSTUDIO\VrService.exe
O23 - Service: Mr.WLANner Service (Xwlanner) - FUJITSU LIMITED - C:\Program Files\Fujitsu\Mr.WLANner\Xwlanner.exe

----------------------------------------------------------------------------------------------------------------------------------------------------------

Seems to be working great. Really your amazing.

I BOW BEFORE YOUR GREATNESS

my HI JACK THIS script shows like no more bad things right?

Do you like spend all day helping people or what? Your like a super-hero.

Again many thanks.

If... uh... you ever need anything photoshoped or uh... like a 3d model made or something... I dont know. Thats all I can really do. Wish I could repay the favor. You CSIS people are terrific.

So yeah. Just completly shell-shocked. Ive been dealing with this problem for like a month now. Much thanks. Now I will sleep.

Gratitude

Conrad J. Klinkhammer

jurgenv

Jul 16 2007, 07:28 PM

You're welcome.

QUOTE

Do you like spend all day helping people or what? Your like a super-hero.

If I have the time I'm on it.

Below I have included a number of recommendations for how to protect your computer in order to prevent future malware infections. Please take these recommendations seriously; these few simple steps can stave off the vast majority of spyware problems. As happy as we at Lavasoftsupport are to help you, for your sake we would rather not have repeat customers.

1) Please navigate to http://windowsupdate.microsoft.com and download all the "critical updates" for Windows. This can patch many of the security holes through which attackers can gain access to your computer.

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates , or get into the habit of checking for Windows updates regularly. I cannot stress enough how important this is.

2) In order to protect yourself against spyware, you should consider installing and running the following free programs:

Ad-Aware SE
A tutorial on using Ad-Aware to remove spyware from your computer may be found here.

Spybot-Search & Destroy
A tutorial on using Spybot to remove spyware from your computer may be found here. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features.

SpywareBlaster
A tutorial on using SpywareBlaster to prevent spyware from ever installing on your computer may be found here.

SpywareGuard
A tutorial on using SpywareGuard for realtime protection against spyware and hijackers may be found here.

Make sure to keep these programs up-to-date and to run them regularly, as this can prevent a great deal of spyware hassle.

3) Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in popup blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from here:
http://www.mozilla.org/products/firefox/

4) Also make sure to run your antivirus software regularly, and to keep it up-to-date.

5) Finally, consider maintaining a firewall. Some good free firewalls are ZoneAlarm, Kerio, or
Outpost
A tutorial on understanding and using firewalls may be found here.

Please also read Tony Klein's excellent article: How I got Infected in the First Place

Hopefully this should take care of your problems! Good luck.

This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.