Can anyone do a check for me?

• tim482

  24 Dec 06, 01:34

  HI all
  Got a virus recently but i lazy to remove but now getting serious
  i use anti virus on safe mode no use so i using hijack this anyone can check for me ty
  
  

  Logfile of HijackThis v1.99.1
  Scan saved at 1:32:05 AM, on 24/12/2006
  Platform: Windows XP SP2 (WinNT 5.01.2600)
  MSIE: Internet Explorer v7.00 (7.00.5730.0011)
  
  Running processes:
  C:\WINDOWS\System32\smss.exe
  C:\WINDOWS\system32\winlogon.exe
  C:\WINDOWS\system32\services.exe
  C:\WINDOWS\system32\lsass.exe
  C:\WINDOWS\system32\svchost.exe
  C:\Program Files\Windows Defender\MsMpEng.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\system32\spoolsv.exe
  C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
  C:\Program Files\Alwil Software\Avast4\ashServ.exe
  C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
  C:\Program Files\Windows Media Player\svchost.exe
  C:\WINDOWS\$hf_mig$\svhost32.exe
  C:\WINDOWS\Explorer.EXE
  C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
  C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
  C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
  C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
  C:\WINDOWS\system32\pctspk.exe
  C:\Program Files\Windows Defender\MSASCui.exe
  C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
  C:\Program Files\Winamp\winampa.exe
  C:\WINDOWS\system32\ctfmon.exe
  C:\WINDOWS\twain_32\IntreSca\330p\SCANER32.EXE
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\system32\wuauclt.exe
  C:\WINDOWS\rundl132.exe
  C:\Program Files\Windows Media Player\wmplayer.exe
  C:\WINDOWS\system32\DllHost.exe
  C:\Program Files\Mozilla Firefox\firefox.exe
  C:\Documents and Settings\MeowSusan\Desktop\hijackthis\HijackThis.exe
  
  F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\Program Files\Windows Media Player\svchost.exe,C:\WINDOWS\$hf_mig$\svhost32.exe,C:\WINDOWS\rundl132.exe,
  O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
  O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
  O3 - Toolbar: Yahoo! μ?o?ì? - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
  O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
  O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
  O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
  O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
  O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
  O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
  O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
  O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
  O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
  O4 - HKLM\..\Run: [ryy] C:\WINDOWS\rundl132.exe
  O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
  O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
  O4 - Startup: Intre-Scan 330p Plus Scanner Utilities.lnk = C:\WINDOWS\twain_32\IntreSca\330p\SCANER32.EXE
  O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
  O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
  O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
  O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
  O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
  O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
  O9 - Extra button: Chinese - {0D5C2EA0-EDCD-11D3-86A5-0088CC224026} - C:\PROGRA~1\TRANST~1\APPLIC~1\TransIE.dll
  O9 - Extra 'Tools' menuitem: Chinese - {0D5C2EA0-EDCD-11D3-86A5-0088CC224026} - C:\PROGRA~1\TRANST~1\APPLIC~1\TransIE.dll
  O9 - Extra button: (no name) - {676AB8E0-F5A6-11D3-86A5-0088CC224026} - C:\PROGRA~1\TRANST~1\APPLIC~1\TransIE.dll
  O9 - Extra 'Tools' menuitem: Transtar Help - {676AB8E0-F5A6-11D3-86A5-0088CC224026} - C:\PROGRA~1\TRANST~1\APPLIC~1\TransIE.dll
  O9 - Extra button: English - {C2EDD5E0-EB64-11D3-B4D2-0088CC231035} - C:\PROGRA~1\TRANST~1\APPLIC~1\TransIE.dll
  O9 - Extra 'Tools' menuitem: English - {C2EDD5E0-EB64-11D3-B4D2-0088CC231035} - C:\PROGRA~1\TRANST~1\APPLIC~1\TransIE.dll
  O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O11 - Options group: [INTERNATIONAL] International*
  O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
  O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://honeybunnylovesyou.spaces.live.com//PhotoUpload/MsnPUpld.cab
  O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1155749779604
  O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
  O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
  O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
  O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
  O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
  O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
  O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
  O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe

• MyPillowTalks

  24 Dec 06, 01:56

  from ur logfile, dun seems to have suspicious processes running, use a better anti spyware rather than windows defender that u are using. i tink wait for mayi to come
• R3SsH|n

  24 Dec 06, 01:58

  how come tim482 uses meowsusan profile?
• tim482

  24 Dec 06, 02:00

  Originally posted by R3SsH|n:

  how come tim482 uses meowsusan profile?

  
  my mom
• R3SsH|n

  24 Dec 06, 02:03

  http://www.tomcoyote.org/forums/lofiversion/index.php/t73598.html
  
  scan the file C:\WINDOWS\$hf_mig$\svhost32.exe
  
  to view this file, you probably have to go to my computer->tools->folder options->view->*check* show hidden files and folder
  
  edit:
  C:\WINDOWS\rundl132.exe
  
  oso..
• tim482

  24 Dec 06, 02:13

  walao avast cannot detect wtf
  

  AntiVir
  Found TR/Crypt.NSPM.Gen
  ArcaVir
  Found Trojan.Psw.Nilage.Azl
  Avast
  Found nothing
  AVG Antivirus
  Found PSW.Generic2.VSI
  BitDefender
  Found Trojan.PWS.Gamania.BG
  ClamAV
  Found Trojan.Lineage-372
  Dr.Web
  Found Trojan.PWS.Lineage
  F-Prot Antivirus
  Found Possibly a new variant of W32/PWStealer.gen1
  F-Secure Anti-Virus
  Found Trojan-PSW.Win32.Nilage.azl
  Fortinet
  Found W32/Nilage.AZL!tr.pws
  Kaspersky Anti-Virus
  Found Trojan-PSW.Win32.Nilage.azl
  NOD32
  Found probably a variant of Win32/PSW.Lineage.AJP (probable variant)
  Norman Virus Control
  Found nothing
  VirusBuster
  Found nothing
  VBA32
  Found MalwareScope.Worm.Viking.4

• R3SsH|n

  24 Dec 06, 02:18

  Originally posted by tim482:

  walao avast cannot detect wtf
  

  what u doing?
• tim482

  24 Dec 06, 02:25

  Originally posted by R3SsH|n:

  what u doing?

  busy
  post the scanned file here?
• R3SsH|n

  24 Dec 06, 02:27

  did those virus scan u did detected the above 2 files as trojans?
  if it did..just kill it using http://killbox.net/
• tim482

  24 Dec 06, 02:30

  Originally posted by R3SsH|n:

  did those virus scan u did detected the above 2 files as trojans?
  if it did..just kill it using http://killbox.net/

  ok i will try that in safe mode now and post log back here later
• tim482

  24 Dec 06, 02:49

  back heres the log
  don tell me cannot clear
  

  Logfile of HijackThis v1.99.1
  Scan saved at 2:47:09 AM, on 24/12/2006
  Platform: Windows XP SP2 (WinNT 5.01.2600)
  MSIE: Internet Explorer v7.00 (7.00.5730.0011)
  
  Running processes:
  C:\WINDOWS\System32\smss.exe
  C:\WINDOWS\system32\winlogon.exe
  C:\WINDOWS\system32\services.exe
  C:\WINDOWS\system32\lsass.exe
  C:\WINDOWS\system32\svchost.exe
  C:\Program Files\Windows Defender\MsMpEng.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\system32\spoolsv.exe
  C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
  C:\Program Files\Alwil Software\Avast4\ashServ.exe
  C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
  C:\Program Files\Windows Media Player\svchost.exe
  C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
  C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
  C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
  C:\WINDOWS\system32\pctspk.exe
  C:\Program Files\Windows Defender\MSASCui.exe
  C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
  C:\WINDOWS\rundl132.exe
  C:\Program Files\Winamp\winampa.exe
  C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
  C:\WINDOWS\system32\ctfmon.exe
  C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
  C:\WINDOWS\twain_32\IntreSca\330p\SCANER32.EXE
  C:\WINDOWS\system32\wuauclt.exe
  C:\WINDOWS\system32\wuauclt.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\explorer.exe
  C:\Program Files\Mozilla Firefox\firefox.exe
  C:\Documents and Settings\MeowSusan\Desktop\hijackthis\HijackThis.exe
  
  F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\Program Files\Windows Media Player\svchost.exe,C:\WINDOWS\$hf_mig$\svhost32.exe,C:\WINDOWS\rundl132.exe,
  O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
  O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
  O3 - Toolbar: Yahoo! μ?o?ì? - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
  O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
  O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
  O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
  O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
  O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
  O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
  O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
  O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
  O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
  O4 - HKLM\..\Run: [ryy] C:\WINDOWS\rundl132.exe
  O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
  O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
  O4 - Startup: Intre-Scan 330p Plus Scanner Utilities.lnk = C:\WINDOWS\twain_32\IntreSca\330p\SCANER32.EXE
  O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
  O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
  O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
  O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
  O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
  O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
  O9 - Extra button: Chinese - {0D5C2EA0-EDCD-11D3-86A5-0088CC224026} - C:\PROGRA~1\TRANST~1\APPLIC~1\TransIE.dll
  O9 - Extra 'Tools' menuitem: Chinese - {0D5C2EA0-EDCD-11D3-86A5-0088CC224026} - C:\PROGRA~1\TRANST~1\APPLIC~1\TransIE.dll
  O9 - Extra button: (no name) - {676AB8E0-F5A6-11D3-86A5-0088CC224026} - C:\PROGRA~1\TRANST~1\APPLIC~1\TransIE.dll
  O9 - Extra 'Tools' menuitem: Transtar Help - {676AB8E0-F5A6-11D3-86A5-0088CC224026} - C:\PROGRA~1\TRANST~1\APPLIC~1\TransIE.dll
  O9 - Extra button: English - {C2EDD5E0-EB64-11D3-B4D2-0088CC231035} - C:\PROGRA~1\TRANST~1\APPLIC~1\TransIE.dll
  O9 - Extra 'Tools' menuitem: English - {C2EDD5E0-EB64-11D3-B4D2-0088CC231035} - C:\PROGRA~1\TRANST~1\APPLIC~1\TransIE.dll
  O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O11 - Options group: [INTERNATIONAL] International*
  O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
  O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://honeybunnylovesyou.spaces.live.com//PhotoUpload/MsnPUpld.cab
  O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1155749779604
  O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
  O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
  O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
  O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
  O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
  O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
  O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
  O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
  

• R3SsH|n

  24 Dec 06, 02:55

  Originally posted by tim482:

  back heres the log
  don tell me cannot clear
  

  don't know..u see whether its clear or not lor...
  http://www.bleepingcomputer.com/startups/rundl132.exe-15035.html
• tim482

  24 Dec 06, 03:06

  Originally posted by R3SsH|n:

  don't know..u see whether its clear or not lor...
  http://www.bleepingcomputer.com/startups/rundl132.exe-15035.html

  now i go restart again this time edit the regkey
• tim482

  24 Dec 06, 03:28

  still cannot remove rundl132.exe
  

  Logfile of HijackThis v1.99.1
  Scan saved at 3:26:10 AM, on 24/12/2006
  Platform: Windows XP SP2 (WinNT 5.01.2600)
  MSIE: Internet Explorer v7.00 (7.00.5730.0011)
  
  Running processes:
  C:\WINDOWS\System32\smss.exe
  C:\WINDOWS\system32\winlogon.exe
  C:\WINDOWS\system32\services.exe
  C:\WINDOWS\system32\lsass.exe
  C:\WINDOWS\system32\svchost.exe
  C:\Program Files\Windows Defender\MsMpEng.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\system32\spoolsv.exe
  C:\Program Files\Windows Media Player\svchost.exe
  C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
  C:\Program Files\Alwil Software\Avast4\ashServ.exe
  C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
  C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
  C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
  C:\WINDOWS\system32\pctspk.exe
  C:\Program Files\Windows Defender\MSASCui.exe
  C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
  C:\WINDOWS\rundl132.exe
  C:\Program Files\Winamp\winampa.exe
  C:\WINDOWS\system32\ctfmon.exe
  C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
  C:\WINDOWS\twain_32\IntreSca\330p\SCANER32.EXE
  C:\WINDOWS\system32\svchost.exe
  C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
  C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
  C:\WINDOWS\system32\wuauclt.exe
  C:\WINDOWS\system32\wuauclt.exe
  C:\WINDOWS\explorer.exe
  C:\Program Files\Mozilla Firefox\firefox.exe
  C:\Documents and Settings\MeowSusan\Desktop\hijackthis\HijackThis.exe
  
  F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\Program Files\Windows Media Player\svchost.exe,C:\WINDOWS\$hf_mig$\svhost32.exe,C:\WINDOWS\rundl132.exe,
  O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
  O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
  O3 - Toolbar: Yahoo! μ?o?ì? - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
  O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
  O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
  O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
  O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
  O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
  O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
  O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
  O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
  O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
  O4 - HKLM\..\Run: [ryy] C:\WINDOWS\rundl132.exe
  O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
  O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
  O4 - Startup: Intre-Scan 330p Plus Scanner Utilities.lnk = C:\WINDOWS\twain_32\IntreSca\330p\SCANER32.EXE
  O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
  O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
  O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
  O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
  O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
  O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
  O9 - Extra button: Chinese - {0D5C2EA0-EDCD-11D3-86A5-0088CC224026} - C:\PROGRA~1\TRANST~1\APPLIC~1\TransIE.dll
  O9 - Extra 'Tools' menuitem: Chinese - {0D5C2EA0-EDCD-11D3-86A5-0088CC224026} - C:\PROGRA~1\TRANST~1\APPLIC~1\TransIE.dll
  O9 - Extra button: (no name) - {676AB8E0-F5A6-11D3-86A5-0088CC224026} - C:\PROGRA~1\TRANST~1\APPLIC~1\TransIE.dll
  O9 - Extra 'Tools' menuitem: Transtar Help - {676AB8E0-F5A6-11D3-86A5-0088CC224026} - C:\PROGRA~1\TRANST~1\APPLIC~1\TransIE.dll
  O9 - Extra button: English - {C2EDD5E0-EB64-11D3-B4D2-0088CC231035} - C:\PROGRA~1\TRANST~1\APPLIC~1\TransIE.dll
  O9 - Extra 'Tools' menuitem: English - {C2EDD5E0-EB64-11D3-B4D2-0088CC231035} - C:\PROGRA~1\TRANST~1\APPLIC~1\TransIE.dll
  O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O11 - Options group: [INTERNATIONAL] International*
  O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
  O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://honeybunnylovesyou.spaces.live.com//PhotoUpload/MsnPUpld.cab
  O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1155749779604
  O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
  O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
  O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
  O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
  O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
  O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
  O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
  O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
  

• 022615

  24 Dec 06, 10:09

  Simple. Go safe mode, save a backup of important files. Reinstall widows, update Antivirus program to lastest , rescan your backup files for infection and transfer data.
• ndmmxiaomayi

  24 Dec 06, 21:41

  tim, bad news for you.
  
  You have a backdoor + rootkit. Below is a warning that I use. If you decide to continue, please let me know.
  
  Your computer has multiple infections, including a backdoor. A backdoor gives intruders complete control of your computer, logs your keystrokes, steal personal information, etc.
  
  You are strongly advised to do the following:
  
  

  [*]Disconnect the computer from the Internet and from any networked computers until it is cleaned.
  [*]Back up all your important data except programs. The programs can be reinstalled back from the orignal disc or from the Net.
  [*]Call all your banks, financial institutions, credit card companies and inform them that you may be a victim of identity theft and put a watch on your accounts. If you don't mind the hassle, change all your account numbers.
  [*]From a clean computer, change all your passwords (ISP login password, your email address(es) passwords, financial accounts, PayPal, eBay, Amazon, online groups and forums and any other online activities you carry out which require a username and password).

  Do NOT change your passwords from this computer as the attacker will be able to get all the new passwords and transaction records.
  
  Due to its backdoor functionality, your computer is very likely to have been compromised and there is no way that it can be trusted again. Many experts in the security community believe that once infected with this type of Trojan, the best course of action would be to do a reformat and reinstallation of the operating system (OS). However, if you do not have the resources to reinstall your OS and would like me to attempt to clean your machine, I will be happy to do so.
  
  To help you understand more, please take some time to read the follwing articles:
  
  What are Remote Access Trojans and why are they dangerous
  How do I respond to a possible identity theft and how do I prevent it
  When should do a reformat and reinstallation of my OS
  Where to backup your files
  How to backup your files in Windows XP
  Restoring your backups
• tim482

  24 Dec 06, 23:22

  
  how am gona tell my mom abt this
• alexkusu

  24 Dec 06, 23:28

  merry christmas mom ?
• tim482

  24 Dec 06, 23:30

  Originally posted by alexkusu:

  merry christmas mom ?

  after that say yr chrismas present a virus
• kaobeikaobu

  24 Dec 06, 23:30

  ho ho ho..
• R3SsH|n

  25 Dec 06, 01:20

  guess the best option is to backup your stuff and reformat...
• ndmmxiaomayi

  25 Dec 06, 10:08

  Originally posted by tim482:

  
  how am gona tell my mom abt this

  I don't know. You could show her the warning that I gave, it's simple enough to be understood, I hope.
• davidche

  25 Dec 06, 12:29

  Originally posted by R3SsH|n:

  guess the best option is to backup your stuff and reformat...

  your sig is funny
• davidche

  25 Dec 06, 12:30

  Originally posted by ndmmxiaomayi:

  I don't know. You could show her the warning that I gave, it's simple enough to be understood, I hope.

  How are you going to help the TS with the backdoor?
• ndmmxiaomayi

  25 Dec 06, 12:45

  Originally posted by davidche:

  How are you going to help the TS with the backdoor?

  Backdoor = shortcut to get a lot of things. Even if can solve, no guarantee that sensitive information isn't stolen.
  
  Reformat is the best option.