037ileo

Hi all, the the past month my computer has been running extreme slow...
internet popups happens everytime i start internet explorer or firefox... (most popups are titiled "Cid"
when i try to run some program, its very slow, usually the computer stop responding for half minute before something pops up...
please instruct me how to fix this problem, thax a ton!

Logfile of HijackThis v1.99.1
Scan saved at 2:17:29 PM, on 17/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\lxctcoms.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\x_o37ileo_x\Desktop\HijackThis\HijackThis.exe

O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O3 - Toolbar: &VSAdd-in - {74DD705D-6834-439C-A735-A6DBE2677452} - C:\Program Files\VSAdd-in\VSAdd-in.dll
O4 - HKLM\..\Run: [LXCTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCTtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [j5261030] rundll32 C:\WINDOWS\system32\j5261030.dll sook
O4 - HKLM\..\Run: [GPLv3] rundll32.exe "C:\WINDOWS\system32\luqovqbd.dll",realset
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Infocopy] C:\DOCUME~1\X_O37I~1\APPLIC~1\BIASFU~1\ante mfcd save.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: ???QQ?? - C:\Documents and Settings\x_o37ileo_x\Desktop\Entertainment\QQ FOld\QQ CN\AddEmotion.htm
O8 - Extra context menu item: ???QQ???? - C:\Documents and Settings\x_o37ileo_x\Desktop\Entertainment\QQ FOld\QQ CN\AddToNetDisk.htm
O8 - Extra context menu item: ???QQ????? - C:\Documents and Settings\x_o37ileo_x\Desktop\Entertainment\QQ FOld\QQ CN\AddPanel.htm
O8 - Extra context menu item: ?QQ??????? - C:\Documents and Settings\x_o37ileo_x\Desktop\Entertainment\QQ FOld\QQ CN\SendMMS.htm
O8 - Extra context menu item: Add to QQ Customized Emoticons - C:\Program Files\QQ\AddEmotion.htm
O8 - Extra context menu item: Add to QQ Customized Panel - C:\Program Files\QQ\AddPanel.htm
O8 - Extra context menu item: Add to QQ Emotions - C:\Program Files\QQ\AddEmotion.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send picture by MMS - C:\Program Files\QQ\SendMMS.htm
O8 - Extra context menu item: Send Picture with QQ MMS - C:\Program Files\QQ\SendMMS.htm
O8 - Extra context menu item: Upload to QQ Network Hard Disk - C:\Program Files\QQ\AddToNetDisk.htm
O8 - Extra context menu item: 上传到QQ网络硬盘 - C:\Documents and Settings\x_o37ileo_x\Desktop\Entertainment\QQ FOld\QQ CN\AddToNetDisk.htm
O8 - Extra context menu item: 添加到QQ自定义面板 - C:\Documents and Settings\x_o37ileo_x\Desktop\Entertainment\QQ FOld\QQ CN\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - C:\Documents and Settings\x_o37ileo_x\Desktop\Entertainment\QQ FOld\QQ CN\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - C:\Documents and Settings\x_o37ileo_x\Desktop\Entertainment\QQ FOld\QQ CN\SendMMS.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\QQ\QQ.EXE
O9 - Extra 'Tools' menuitem: Tencent QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\QQ\QQ.EXE
O9 - Extra button: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - C:\Program Files\QQ\QQIEHelper.dll
O9 - Extra 'Tools' menuitem: QQ¨??2¨o1?è??¨??¨|¨¨?? - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - C:\Program Files\QQ\QQIEHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1169170438751
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: KuGoo3 - {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} - C:\PROGRA~1\KuGoo3\InExtend\KUGOO3~1.OCX
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: lxct_device - - C:\WINDOWS\system32\lxctcoms.exe

037ileo

anyone?!

sUBs

1. Download this file -> http://download.bleepingcomputer.com...a/ComboFix.exe

2. Double click on combofix.exe & follow the prompts.

3. When finished, it shall produce a log for you. Post that log & a fresh HJT log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

037ileo

NEW HijackThis log:

Logfile of HijackThis v1.99.1
Scan saved at 9:33:57 PM, on 20/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\conime.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\aywpvome.exe
C:\WINDOWS\system32\lxctcoms.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\x_o37ileo_x\Desktop\HijackThis\HijackThis.exe

O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Infocopy] C:\DOCUME~1\X_O37I~1\APPLIC~1\BIASFU~1\ante mfcd save.exe
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: ???QQ?? - C:\Documents and Settings\x_o37ileo_x\Desktop\Entertainment\QQ FOld\QQ CN\AddEmotion.htm
O8 - Extra context menu item: ???QQ???? - C:\Documents and Settings\x_o37ileo_x\Desktop\Entertainment\QQ FOld\QQ CN\AddToNetDisk.htm
O8 - Extra context menu item: ???QQ????? - C:\Documents and Settings\x_o37ileo_x\Desktop\Entertainment\QQ FOld\QQ CN\AddPanel.htm
O8 - Extra context menu item: ?QQ??????? - C:\Documents and Settings\x_o37ileo_x\Desktop\Entertainment\QQ FOld\QQ CN\SendMMS.htm
O8 - Extra context menu item: Add to QQ Customized Emoticons - C:\Program Files\QQ\AddEmotion.htm
O8 - Extra context menu item: Add to QQ Customized Panel - C:\Program Files\QQ\AddPanel.htm
O8 - Extra context menu item: Add to QQ Emotions - C:\Program Files\QQ\AddEmotion.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send picture by MMS - C:\Program Files\QQ\SendMMS.htm
O8 - Extra context menu item: Send Picture with QQ MMS - C:\Program Files\QQ\SendMMS.htm
O8 - Extra context menu item: Upload to QQ Network Hard Disk - C:\Program Files\QQ\AddToNetDisk.htm
O8 - Extra context menu item: 上传到QQ网络硬盘 - C:\Documents and Settings\x_o37ileo_x\Desktop\Entertainment\QQ FOld\QQ CN\AddToNetDisk.htm
O8 - Extra context menu item: 添加到QQ自定义面板 - C:\Documents and Settings\x_o37ileo_x\Desktop\Entertainment\QQ FOld\QQ CN\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - C:\Documents and Settings\x_o37ileo_x\Desktop\Entertainment\QQ FOld\QQ CN\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - C:\Documents and Settings\x_o37ileo_x\Desktop\Entertainment\QQ FOld\QQ CN\SendMMS.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1169170438751
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: KuGoo3 - {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} - C:\PROGRA~1\KuGoo3\InExtend\KUGOO3~1.OCX
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: DomainService - - C:\WINDOWS\system32\aywpvome.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: lxct_device - - C:\WINDOWS\system32\lxctcoms.exe


COMBFIX log:

ComboFix 07-06-21 - C:\X37 Downloads\ComboFix.exe
"x_o37ileo_x" - 2007-06-20 21:09:26 - Service Pack 2 NTFS


(((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\ablgkkkg.dll
C:\WINDOWS\system32\aekvxlal.dll
C:\WINDOWS\system32\ahcqhspk.dll
C:\WINDOWS\system32\auirguqp.dll
C:\WINDOWS\system32\axvjbdmp.dll
C:\WINDOWS\system32\begjgxox.dll
C:\WINDOWS\system32\behprlcl.dll
C:\WINDOWS\system32\bemwhpcm.dll
C:\WINDOWS\system32\bgrgaovw.dll
C:\WINDOWS\system32\bjjapysa.dll
C:\WINDOWS\system32\bwlkbxde.dll
C:\WINDOWS\system32\ccjwkceg.dll
C:\WINDOWS\system32\cmatohdr.dll
C:\WINDOWS\system32\djlxhqqq.dll
C:\WINDOWS\system32\doojfuyw.dll
C:\WINDOWS\system32\drhejmyp.dll
C:\WINDOWS\system32\ebaurnma.dll
C:\WINDOWS\system32\ebvkoxin.dll
C:\WINDOWS\system32\edxuonrs.dll
C:\WINDOWS\system32\egapgqap.dll
C:\WINDOWS\system32\elgjsebc.dll
C:\WINDOWS\system32\enquyemp.dll
C:\WINDOWS\system32\esxdgwig.dll
C:\WINDOWS\system32\etmeruml.dll
C:\WINDOWS\system32\fdbfhmlp.dll
C:\WINDOWS\system32\fdkkbsfa.dll
C:\WINDOWS\system32\ffdltmfn.dll
C:\WINDOWS\system32\gdcobvjh.dll
C:\WINDOWS\system32\gjqkrhfl.dll
C:\WINDOWS\system32\hhbnbadv.dll
C:\WINDOWS\system32\hlayhnjc.dll
C:\WINDOWS\system32\ibknejlf.dll
C:\WINDOWS\system32\ibwpefxs.dll
C:\WINDOWS\system32\icxviivu.dll
C:\WINDOWS\system32\ilgcmgic.dll
C:\WINDOWS\system32\irndyull.dll
C:\WINDOWS\system32\ixbksmlx.dll
C:\WINDOWS\system32\jhsleiqk.dll
C:\WINDOWS\system32\jjhhmxkw.dll
C:\WINDOWS\system32\jnqyaryq.dll
C:\WINDOWS\system32\kgdmvskt.dll
C:\WINDOWS\system32\kuealhwh.dll
C:\WINDOWS\system32\kwqgxlix.dll
C:\WINDOWS\system32\lijwjbjh.dll
C:\WINDOWS\system32\luqovqbd.dll
C:\WINDOWS\system32\lvsbtmpl.dll
C:\WINDOWS\system32\lwdkednc.dll
C:\WINDOWS\system32\lwqlppld.dll
C:\WINDOWS\system32\miypxwca.dll
C:\WINDOWS\system32\moblbkbo.dll
C:\WINDOWS\system32\nfkabcyk.dll
C:\WINDOWS\system32\nndpjlpx.dll
C:\WINDOWS\system32\nydsqcdt.dll
C:\WINDOWS\system32\oamxquhi.dll
C:\WINDOWS\system32\obgkpnhu.dll
C:\WINDOWS\system32\oebchtip.dll
C:\WINDOWS\system32\pbghyxvq.dll
C:\WINDOWS\system32\pbrseuqy.dll
C:\WINDOWS\system32\pduydqdq.dll
C:\WINDOWS\system32\pivpbsqb.dll
C:\WINDOWS\system32\pjwukwwj.dll
C:\WINDOWS\system32\poeycgyc.dll
C:\WINDOWS\system32\ppgvleds.dll
C:\WINDOWS\system32\qacqomjq.dll
C:\WINDOWS\system32\qcgnaadh.dll
C:\WINDOWS\system32\qcqqbdju.dll
C:\WINDOWS\system32\rnwqvfyx.dll
C:\WINDOWS\system32\rwhighkf.dll
C:\WINDOWS\system32\rxpyfnno.dll
C:\WINDOWS\system32\sbjfdvht.dll
C:\WINDOWS\system32\sfhtumfh.dll
C:\WINDOWS\system32\tfjonmlv.dll
C:\WINDOWS\system32\tfrctafs.dll
C:\WINDOWS\system32\tqoevmej.dll
C:\WINDOWS\system32\ttklwgfv.dll
C:\WINDOWS\system32\tucpfmlo.dll
C:\WINDOWS\system32\ucxinrpv.dll
C:\WINDOWS\system32\ujktfltu.dll
C:\WINDOWS\system32\upwhkgal.dll
C:\WINDOWS\system32\vdinkvpm.dll
C:\WINDOWS\system32\whtbvsac.dll
C:\WINDOWS\system32\wlahyqdf.dll
C:\WINDOWS\system32\worjsebj.dll
C:\WINDOWS\system32\wtthwqat.dll
C:\WINDOWS\system32\wxsnpjao.dll
C:\WINDOWS\system32\xukdnngc.dll
C:\WINDOWS\system32\yaojiece.dll
C:\WINDOWS\system32\ybolyexf.dll
C:\WINDOWS\system32\ycwxqjap.dll
C:\WINDOWS\system32\yigpctpq.dll
C:\WINDOWS\system32\gkkkglba.ini
C:\WINDOWS\system32\lclrpheb.ini
C:\WINDOWS\system32\geckwjcc.ini
C:\WINDOWS\system32\rdhotamc.ini
C:\WINDOWS\system32\cjnhyalh.ini
C:\WINDOWS\system32\lluydnri.ini
C:\WINDOWS\system32\xilxgqwk.ini
C:\WINDOWS\system32\hjbjwjil.ini
C:\WINDOWS\system32\dbqvoqul.ini
C:\WINDOWS\system32\lpmtbsvl.ini
C:\WINDOWS\system32\thvdfjbs.ini
C:\WINDOWS\system32\casvbthw.ini
C:\WINDOWS\system32\eceijoay.ini
C:\WINDOWS\system32\qptcpgiy.ini
C:\WINDOWS\system32\baadd.bak1
C:\WINDOWS\system32\baadd.bak2
C:\WINDOWS\system32\baadd.ini
C:\WINDOWS\system32\baadd.ini2
C:\WINDOWS\system32\baadd.tmp
C:\WINDOWS\system32\baadd.bak1
C:\WINDOWS\system32\baadd.bak2
C:\WINDOWS\system32\baadd.ini
C:\WINDOWS\system32\baadd.ini2
C:\WINDOWS\system32\baadd.tmp


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\DOCUME~1\LOCALS~1\APPLIC~1\netmon
C:\DOCUME~1\LOCALS~1\APPLIC~1\netmon\domains.txt
C:\DOCUME~1\LOCALS~1\APPLIC~1\netmon\log.txt
C:\DOCUME~1\X_O37I~1\APPLIC~1.\crosof~1
C:\DOCUME~1\X_O37I~1\APPLIC~1.\macromedia\Flash Player\#SharedObjects\H562GB89\www.broadcaster.com
C:\DOCUME~1\X_O37I~1\APPLIC~1.\macromedia\Flash Player\#SharedObjects\H562GB89\www.broadcaster.com\played_list.sol
C:\DOCUME~1\X_O37I~1\APPLIC~1.\macromedia\Flash Player\#SharedObjects\H562GB89\www.broadcaster.com\video_queue.sol
C:\DOCUME~1\X_O37I~1\APPLIC~1.\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\DOCUME~1\X_O37I~1\APPLIC~1.\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
C:\DOCUME~1\X_O37I~1\APPLIC~1.\searchtoolbarcorp
C:\DOCUME~1\X_O37I~1\APPLIC~1.\searchtoolbarcorp\Toolbar Vision\PageHistory.txt
C:\DOCUME~1\X_O37I~1\APPLIC~1.\searchtoolbarcorp\Toolbar Vision\WebHistory.txt
C:\Program Files\Common Files\{3C2DD~1
C:\Program Files\download plugin
C:\Program Files\download plugin\DlPlugin-Moz\buddy.dat
C:\Program Files\download plugin\DlPlugin-Moz\buddy.exe
C:\Program Files\download plugin\DlPlugin-Moz\npdlplug.dll
C:\Program Files\download plugin\DlPlugin-Moz\setup2.exe
C:\Program Files\download plugin\DlPlugin-Moz\vendor.txt
C:\Program Files\network monitor
C:\Program Files\vsadd-in
C:\Program Files\vsadd-in\VSAdd-in.dll
C:\WINDOWS\NDNuninstall6_38.exe
C:\WINDOWS\NDNuninstall7_48.exe
C:\WINDOWS\system32\crosof~1
C:\WINDOWS\system32\j5261030.dll
C:\WINDOWS\system32\msxml3a.dll
C:\WINDOWS\system32\racle~1
C:\WINDOWS\system32\unsvchosts.lzma
C:\WINDOWS\uninstall_nmon.vbs


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_CMDSERVICE
-------\LEGACY_NETWORK_MONITOR


((((((((((((((((((((((((( Files Created from 2007-05-21 to 2007-06-21 )))))))))))))))))))))))))))))))


2007-06-20 21:10 122,900 --a------ C:\WINDOWS\system32\aijvljel.exe
2007-06-20 21:03 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-06-20 12:54 122,900 --a------ C:\WINDOWS\system32\drwmayvk.exe
2007-06-20 07:28 122,900 --a------ C:\WINDOWS\system32\ejjakcwq.exe
2007-06-20 07:19 122,900 --a------ C:\WINDOWS\system32\aywpvome.exe
2007-06-16 17:28 88,340 --a------ C:\WINDOWS\system32\pfqodygf.exe
2007-06-16 16:40 <DIR> d-------- C:\WINDOWS\CSC
2007-06-16 16:34 <DIR> d-------- C:\ie-spyad2
2007-06-16 16:34 <DIR> d-------- C:\Deckard
2007-06-16 16:27 910,336 --a------ C:\vx2cleaner.dll
2007-06-16 16:27 164,864 --a------ C:\UNWISE.EXE
2007-06-16 16:20 <DIR> d-------- C:\Program Files\Lavasoft
2007-06-16 16:20 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2007-06-16 16:18 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-06-16 16:18 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-06-07 20:07 <DIR> d-------- C:\Program Files\Windows Live
2007-06-05 10:56 14,868 --a------ C:\WINDOWS\system32\iobsoekt.exe
2007-06-04 15:18 9,344 --a------ C:\WINDOWS\system32\drivers\NSDriver.sys
2007-06-04 15:17 8,320 --a------ C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-06-04 15:14 6,272 --a------ C:\WINDOWS\system32\drivers\AWRTPD.sys
2007-06-04 13:04 2,580 --a------ C:\WINDOWS\system32\krbylcgb.exe
2007-06-03 21:46 2,580 --a------ C:\WINDOWS\system32\txqgpoqh.exe
2007-06-03 15:01 2,580 --a------ C:\WINDOWS\system32\dpxnfbna.exe
2007-06-03 14:44 2,580 --a------ C:\WINDOWS\system32\wsonhmgy.exe
2007-06-03 13:03 2,580 --a------ C:\WINDOWS\system32\pgbprsex.exe
2007-05-26 16:37 <DIR> d-------- C:\spoolerlogs
2007-05-24 19:52 <DIR> d-------- C:\Program Files\Microsoft Cartoon Maker
2007-05-23 22:52 <DIR> d-------- C:\DOCUME~1\X_O37I~1\APPLIC~1\AdShield
2007-05-23 22:48 299,520 --a------ C:\WINDOWS\uninst.exe
2007-05-23 22:48 <DIR> d-------- C:\Program Files\AllStar
2007-05-23 22:48 <DIR> d-------- C:\Program Files\AdsNoMore
2007-05-22 19:52 96,256 --a------ C:\WINDOWS\system32\drivers\sptd7597.sys
2007-05-22 19:52 642,560 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-05-21 12:54 <DIR> d-------- C:\DOCUME~1\X_O37I~1\APPLIC~1\5400 Series
2007-05-21 12:33 <DIR> d-------- C:\Program Files\Lx_cats
2007-05-21 12:32 40,960 --a------ C:\WINDOWS\system32\lxctvs.dll
2007-05-21 12:32 344,064 --a------ C:\WINDOWS\system32\lxctcoin.dll
2007-05-21 12:31 87,040 --a------ C:\WINDOWS\system32\wiafbdrv.dll
2007-05-21 12:31 692,224 --a------ C:\WINDOWS\system32\lxctdrs.dll
2007-05-21 12:31 65,536 --a------ C:\WINDOWS\system32\lxctcaps.dll
2007-05-21 12:31 61,440 --a------ C:\WINDOWS\system32\lxctcnv4.dll
2007-05-21 12:31 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2007-05-21 12:30 98,345 --a------ C:\WINDOWS\system32\IMHOST32.DLL
2007-05-21 12:30 45,056 --a------ C:\WINDOWS\system32\lxctpmon.dll
2007-05-21 12:30 339,968 --a------ C:\WINDOWS\system32\IMGMAN32.DLL
2007-05-21 12:30 32,768 --a------ C:\WINDOWS\system32\LXCTFXPU.DLL
2007-05-21 12:30 12,288 --a------ C:\WINDOWS\system32\lxctpmrc.dll
2007-05-21 12:30 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\5400 Series
2007-05-21 12:29 <DIR> d-------- C:\Program Files\Lexmark Toolbar
2007-05-21 12:28 <DIR> d-------- C:\Program Files\Abbyy FineReader 6.0 Sprint
2007-05-21 12:27 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2007-05-21 12:26 991,232 --a------ C:\WINDOWS\system32\lxctusb1.dll
2007-05-21 12:26 983,107 --a------ C:\WINDOWS\system32\lxctgf.dll
2007-05-21 12:26 94,208 --a------ C:\WINDOWS\system32\lxctpplc.dll
2007-05-21 12:26 86,016 --a------ C:\WINDOWS\system32\lxctcub.dll
2007-05-21 12:26 77,824 --a------ C:\WINDOWS\system32\lxctcu.dll
2007-05-21 12:26 77,824 --a------ C:\WINDOWS\system32\LXCTcfg.dll
2007-05-21 12:26 696,320 --a------ C:\WINDOWS\system32\lxcthbn3.dll
2007-05-21 12:26 684,032 --a------ C:\WINDOWS\system32\lxctcomc.dll
2007-05-21 12:26 643,072 --a------ C:\WINDOWS\system32\lxctpmui.dll
2007-05-21 12:26 585,728 --a------ C:\WINDOWS\system32\lxctlmpm.dll
2007-05-21 12:26 537,520 --a------ C:\WINDOWS\system32\lxctcoms.exe
2007-05-21 12:26 462,848 --a------ C:\WINDOWS\system32\lxctutil.dll
2007-05-21 12:26 421,888 --a------ C:\WINDOWS\system32\lxctcomm.dll
2007-05-21 12:26 413,696 --a------ C:\WINDOWS\system32\lxctinpa.dll
2007-05-21 12:26 397,312 --a------ C:\WINDOWS\system32\lxctiesc.dll
2007-05-21 12:26 385,968 --a------ C:\WINDOWS\system32\lxctih.exe
2007-05-21 12:26 381,872 --a------ C:\WINDOWS\system32\lxctcfg.exe
2007-05-21 12:26 36,864 --a------ C:\WINDOWS\system32\lxctcur.dll
2007-05-21 12:26 323,584 --a------ C:\WINDOWS\system32\LXCThcp.dll
2007-05-21 12:26 274,432 --a------ C:\WINDOWS\system32\LXCTinst.dll
2007-05-21 12:26 204,800 --a------ C:\WINDOWS\system32\lxctgrd.dll
2007-05-21 12:26 200,704 --a------ C:\WINDOWS\system32\lxctinsb.dll
2007-05-21 12:26 176,128 --a------ C:\WINDOWS\system32\lxctins.dll
2007-05-21 12:26 163,840 --a------ C:\WINDOWS\system32\lxctprox.dll
2007-05-21 12:26 147,456 --a------ C:\WINDOWS\system32\lxctjswr.dll
2007-05-21 12:26 106,496 --a------ C:\WINDOWS\system32\lxctinsr.dll
2007-05-21 12:26 1,224,704 --a------ C:\WINDOWS\system32\lxctserv.dll
2007-05-21 12:26 <DIR> d-------- C:\Program Files\Lexmark 5400 Series
2007-05-20 13:54 <DIR> d-------- C:\Program Files\bias funk bolt


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-21 04:27:12 62,516 ----a-w C:\WINDOWS\system32\nphdxfvh.dll
2007-06-21 04:27:01 124,436 ----a-w C:\WINDOWS\system32\tbtdnxup.dll
2007-06-21 04:26:51 122,900 ----a-w C:\WINDOWS\system32\vwxnpbyo.exe
2007-06-21 04:26:44 1,185,261 --sh--w C:\WINDOWS\system32\baadd.bak1
2007-06-18 05:55:55 5,256 ----a-w C:\WINDOWS\LoginUsers.dat
2007-06-17 21:30:30 -------- d-----w C:\Program Files\KuGoo3
2007-06-08 03:07:30 -------- d-----w C:\Program Files\MSN Messenger
2007-06-08 03:07:30 -------- d-----w C:\Program Files\Messenger Plus! Live
2007-05-28 02:01:53 -------- d-----w C:\Program Files\BitComet
2007-05-23 03:54:52 -------- d-----w C:\Program Files\SpywareGuard
2007-05-23 03:51:42 -------- d-----w C:\Program Files\SpywareBlaster
2007-05-20 20:54:39 -------- d-----w C:\DOCUME~1\X_O37I~1\APPLIC~1\bias funk bolt
2007-05-19 05:59:25 -------- d-----w C:\Program Files\Common Files\Xuisoft
2007-05-19 05:59:18 -------- d-----w C:\Program Files\GifCreator
2007-05-19 04:49:15 -------- d-----w C:\Program Files\Active GIF Creator 3.0
2007-05-18 05:36:29 -------- d-----w C:\DOCUME~1\X_O37I~1\APPLIC~1\Tencent
2007-05-18 05:36:04 -------- d-----w C:\Program Files\Tencent
2007-05-17 06:34:15 -------- d-----w C:\DOCUME~1\X_O37I~1\APPLIC~1\Help
2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-05-15 22:32:56 2,696 ----a-w C:\WINDOWS\mslistenido.dat
2007-05-14 21:16:21 -------- d-----w C:\Program Files\Picasa2
2007-05-13 19:08:15 -------- d-----w C:\Program Files\Google
2007-05-13 07:00:32 -------- d-----w C:\Program Files\Update
2007-05-13 07:00:32 -------- d-----w C:\Program Files\QQ
2007-05-13 00:52:05 -------- d-----w C:\Program Files\Microsoft Calculator Plus
2007-05-12 04:51:40 286,720 ----a-w C:\WINDOWS\iun506.exe
2007-05-10 06:32:23 -------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-05-02 20:40:16 -------- d-----w C:\Program Files\Intel
2007-05-02 20:40:14 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-05-02 20:33:27 -------- d-----w C:\Program Files\Common Files\Intel Shared
2007-05-02 20:28:39 4,608 ----a-w C:\WINDOWS\system32\w95inf32.dll
2007-05-02 20:28:39 2,272 ----a-w C:\WINDOWS\system32\w95inf16.dll
2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-13 22:19:52 7,680 ----a-w C:\WINDOWS\system32\lsdelete.exe
2005-07-30 00:24:26 472 --sha-r C:\WINDOWS\MDM3aWxlbyA\gGgauqU5vVE.vbs
2007-01-24 00:31:49 277,208 --sha-w C:\WINDOWS\system32\ddaab.dll
2007-02-05 02:49:32 22,555 --sha-w C:\WINDOWS\system32\khfffgf.dll
2007-02-05 02:49:33 43 --sha-w C:\WINDOWS\Temp\removalfile.bat


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{1017A80C-6F09-4548-A84D-EDD6AC9525F0}=C:\Program Files\Lexmark Toolbar\toolband.dll [2006-08-09 07:37]
{35BAA7F5-409C-4C0D-8ED4-B758EBEED45E}=C:\WINDOWS\system32\ddaab.dll [2007-01-23 17:31]
{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}=C:\Program Files\BitComet\tools\BitCometBHO_1.1.2.7.dll [2007-02-07 22:04]
{4A368E80-174F-4872-96B5-0B27DDD11DB2}=C:\Program Files\SpywareGuard\dlprotect.dll [2003-08-03 00:24]
{53707962-6F74-2D53-2644-206D7942484F}=C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2004-05-12 02:03]
{5ADF3862-9E2E-4ad3-86F7-4510E6550CD0}=C:\WINDOWS\system32\nphdxfvh.dll [2007-06-20 21:27]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll [2006-07-26 04:17]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GPLv3"="C:\WINDOWS\system32\tbtdnxup.dll" [2007-06-20 21:27]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 13:54]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:56]
"Infocopy"="C:\DOCUME~1\X_O37I~1\APPLIC~1\BIASFU~1\ante mfcd save.exe" [2007-05-20 13:53]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"="C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [2006-10-27 01:48]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddaab]
C:\WINDOWS\system32\ddaab.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fccyyaw]
fccyyaw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winahc32]
winahc32.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\aawservice]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^x_o37ileo_x^Start Menu^Programs^Startup^Bitcomet Ultra Accelerator.lnk]
backup=C:\WINDOWS\pss\Bitcomet Ultra Accelerator.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^x_o37ileo_x^Start Menu^Programs^Startup^Reboot.exe]
backup=C:\WINDOWS\pss\Reboot.exeStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^x_o37ileo_x^Start Menu^Programs^Startup^SpywareGuard.lnk]
backup=C:\WINDOWS\pss\SpywareGuard.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^x_o37ileo_x^Start Menu^Programs^Startup^Tencent QQ.lnk]
backup=C:\WINDOWS\pss\Tencent QQ.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]
"C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\2chkdsk]
rundll32.exe "C:\WINDOWS\system32\tbykhxvu.dll",setvm

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
"C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Burn Window Software Camp]
C:\Documents and Settings\All Users\Application Data\Dale Inside Burn Window\NewCake.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
"C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cmaudio]
RunDll32 cmicnfg.dll,CMICtrlWnd

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTDrive]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DllRunning]
rundll32.exe "C:\WINDOWS\system32\wjxyjcts.dll",setvm

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzPrint]
"C:\Program Files\Lexmark 5400 Series\ezprint.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\filmcreativeplatformgram]
C:\Documents and Settings\All Users\Application Data\MeetMessFilmCreative\Dog jugs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Genuine]
rundll32.exe "C:\WINDOWS\system32\ccjwkceg.dll",realset

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
"C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Infocopy]
C:\DOCUME~1\X_O37I~1\APPLIC~1\BIASFU~1\ante mfcd save.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KuGoo3]
C:\Program Files\KuGoo3\KuGoo.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark 5400 Series Fax Server]
"C:\Program Files\Lexmark 5400 Series\fm3032.exe" /s

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxctmon.exe]
"C:\Program Files\Lexmark 5400 Series\lxctmon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
"C:\Program Files\MSN Messenger\msnmsgr.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\New.net Startup]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\osCheck]
"C:\Program Files\Norton AntiVirus\osCheck.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Qmrd]
"C:\Documents and Settings\x_o37ileo_x\Application Data\Μ?crosoft\dеxplore.exe" 99001122

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RelevantKnowledge]
C:\windows\system32\rlvknlg.exe -boot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Rhrc]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\setup]
rundll32.exe "C:\WINDOWS\system32\lijwjbjh.dll",realset

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiSUSBRG]
C:\WINDOWS\SiSUSBrg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Vfpjhmji]
"C:\WINDOWS\system32\Οracle\аttrib.exe" 99001162

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WhenUSave]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Usnsvc usnsvc


Contents of the 'Scheduled Tasks' folder
2007-06-21 04:00:00 C:\WINDOWS\tasks\A9AB050091A4BC88.job

**************************************************************************

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-20 21:25:38
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

C:\WINDOWS\system32\tbtdnxup.dll
C:\WINDOWS\system32\vwxnpbyo.exe

scan completed successfully
hidden files: 2

**************************************************************************

Completion time: 2007-06-20 21:29:09 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-06-20 21:29

--- E O F ---

sUBs

Go to Start → Control Panel → Add or Remove Programs and uninstall the following programs:

• Kugoo

Please note any other programs that you dont recognize in that list in your next response


---------------


Do a HijackThis scan & place a check next to these items and select "Fix checked":

O2 - BHO: 0 - {384FFDB1-63D0-4FB8-9496-17E19ED0142E} - (no file)
O4 - HKLM\..\Run: [poolsv] "C:\WINDOWS\poolsv.exe"
O20 - Winlogon Notify: ddayy - C:\WINDOWS\
O20 - Winlogon Notify: efcyvtu - efcyvtu.dll (file missing)
O20 - Winlogon Notify: ssttt - C:\WINDOWS\system32\ssttt.dll (file missing)
O20 - Winlogon Notify: vturq - C:\WINDOWS\system32\vturq.dll (file missing)
O24 - Desktop Component 0: (no name) - C:\Program Files\Messenger\progyrtaq.html


---------------


Open notepad and copy/paste the text in the quotebox below into it:

Save this as ComboFix-Do.txt




Refering to the picture above, drag ComboFix-Do.txt into ComboFix.exe
Then post the resultant log


---------------


Please perform an online scan using Internet Explorer at http://www.kaspersky.com/virusscanner

Answer Yes, when prompted to install an ActiveX component.

• The program will then begin downloading the latest definition files.
• Once the files have been downloaded click on NEXT
• Locate the Scan Settings button & configure to:
  • Scan using the following Anti-Virus database:
    • Extended
  • Scan Options:
    • Scan Archives
    • Scan Mail Bases
• Click OK & have it scan My Computer
• Once the scan is complete, it will display if your system has been infected. We only require a report from it.
  It does not provide an option to clean/disinfect.
• Click the Save as Text button to save the file to your desktop so that you may post it in your next reply

* Turn off the real time scanner of any existing antivirus program while performing the online scan

Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.


---------------


In your next post, please include fresh logs from:

1. Fresh Hijackthis log taken just before replying
2. Online scan
3. ComboFix's log

Please provide details of any problems you encountered whilst performing the above steps & update us on how the computer behaves now