OK, I actrually did ComboFix after i posted my reply saying that VundoFix can't delete that file, as suggested by a friend, i'll post you the results now.
First VundoFix log:
VundoFix V6.5.4
Checking Java version...
Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.8
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.10
Scan started at 1:33:01 AM 7/6/2007
Listing files found while scanning....
C:\windows\system32\abimmqup.dll
C:\WINDOWS\System32\cltvkgoo.dll
C:\windows\system32\mljhfff.dll
C:\windows\system32\nnnliif.dll
C:\WINDOWS\System32\nnnmp.bak2
C:\WINDOWS\System32\nnnmp.ini
C:\WINDOWS\System32\oogkvtlc.ini
C:\WINDOWS\System32\pmnnn.dll
C:\windows\system32\wvuuttu.dll
Beginning removal...
Attempting to delete C:\windows\system32\abimmqup.dll
C:\windows\system32\abimmqup.dll Has been deleted!
Attempting to delete C:\WINDOWS\System32\cltvkgoo.dll
C:\WINDOWS\System32\cltvkgoo.dll Has been deleted!
Attempting to delete C:\windows\system32\mljhfff.dll
C:\windows\system32\mljhfff.dll Could not be deleted.
Attempting to delete C:\windows\system32\nnnliif.dll
C:\windows\system32\nnnliif.dll Has been deleted!
Attempting to delete C:\WINDOWS\System32\nnnmp.bak2
C:\WINDOWS\System32\nnnmp.bak2 Has been deleted!
Attempting to delete C:\WINDOWS\System32\nnnmp.ini
C:\WINDOWS\System32\nnnmp.ini Has been deleted!
Attempting to delete C:\WINDOWS\System32\oogkvtlc.ini
C:\WINDOWS\System32\oogkvtlc.ini Has been deleted!
Attempting to delete C:\WINDOWS\System32\pmnnn.dll
C:\WINDOWS\System32\pmnnn.dll Could not be deleted.
Attempting to delete C:\windows\system32\wvuuttu.dll
C:\windows\system32\wvuuttu.dll Has been deleted!
Performing Repairs to the registry.
Done!
VundoFix V6.5.4
Checking Java version...
Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.8
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.10
Scan started at 1:39:49 AM 7/6/2007
Listing files found while scanning....
C:\windows\system32\mljhfff.dll
C:\windows\system32\pmnnn.dll
Beginning removal...
Attempting to delete C:\windows\system32\mljhfff.dll
C:\windows\system32\mljhfff.dll Could not be deleted.
Attempting to delete C:\windows\system32\pmnnn.dll
C:\windows\system32\pmnnn.dll Has been deleted!
Performing Repairs to the registry.
Done!
Beginning removal...
Attempting to delete C:\windows\system32\mljhfff.dll
C:\windows\system32\mljhfff.dll Could not be deleted.
Performing Repairs to the registry.
Done!
VundoFix V6.5.4
Checking Java version...
Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.8
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.10
Scan started at 1:47:07 AM 7/6/2007
Listing files found while scanning....
C:\windows\system32\mljhfff.dll
Beginning removal...
Attempting to delete C:\windows\system32\mljhfff.dll
C:\windows\system32\mljhfff.dll Could not be deleted.
Performing Repairs to the registry.
Done!
VundoFix V6.5.4
Checking Java version...
Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.8
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.10
Scan started at 1:52:18 AM 7/6/2007
Listing files found while scanning....
C:\windows\system32\mljhfff.dll
Beginning removal...
Attempting to delete C:\windows\system32\mljhfff.dll
C:\windows\system32\mljhfff.dll Could not be deleted.
Performing Repairs to the registry.
Done!
Beginning removal...
Attempting to delete C:\windows\system32\mljhfff.dll
C:\windows\system32\mljhfff.dll Could not be deleted.
Performing Repairs to the registry.
Done!
Beginning removal...
VundoFix V6.5.4
Checking Java version...
Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.8
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.10
Scan started at 2:04:58 AM 7/6/2007
Listing files found while scanning....
C:\windows\system32\mljhfff.dll
Beginning removal...
Attempting to delete C:\windows\system32\mljhfff.dll
C:\windows\system32\mljhfff.dll Could not be deleted.
Performing Repairs to the registry.
Done!
VundoFix V6.5.4
Checking Java version...
Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.8
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.10
Scan started at 2:26:31 AM 7/6/2007
Listing files found while scanning....
VundoFix V6.5.4
Checking Java version...
Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.8
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.10
Scan started at 2:27:32 AM 7/6/2007
Listing files found while scanning....
No infected files were found.
Beginning removal...
VundoFix V6.5.4
Checking Java version...
Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.8
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.10
Scan started at 2:29:23 AM 7/6/2007
Listing files found while scanning....
No infected files were found.
Beginning removal...
VundoFix V6.5.4
Checking Java version...
Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.8
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.10
Scan started at 12:26:24 PM 7/6/2007
Listing files found while scanning....
No infected files were found.
Beginning removal...
--------------------------------------------------------
ComboFix Log:
"Myself" - 2007-07-06 2:18:08 - ComboFix 07-07-04.4 - Service Pack 1
/wow section - STAGE #3
(((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINDOWS\system32\pmnll.dll
C:\WINDOWS\system32\mljhfff.dll
C:\WINDOWS\system32\llnmp.ini
* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\TEMP
C:\DOCUME~1\Myself\MYDOCU~1.\crosof~1
C:\DOCUME~1\Myself\MYDOCU~1.\crosof~1\ntvdm.exe
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
-------\LEGACY_DOMAINSERVICE
-------\DomainService
((((((((((((((((((((((((( Files Created from 2007-06-05 to 2007-07-05 )))))))))))))))))))))))))))))))
2007-07-06 02:17 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-06 01:33 <DIR> d-------- C:\VundoFix Backups
2007-07-05 17:06 <DIR> d-------- C:\Program Files\CCleaner
2007-07-04 13:42 77,312 --a------ C:\WINDOWS\ua2.dll
2007-07-04 13:23 <DIR> d-------- C:\DOCUME~1\Myself\APPLIC~1\Webroot
2007-07-04 13:21 <DIR> d-------- C:\DOCUME~1\Myself\APPLIC~1\GetRightToGo
2007-07-04 01:10 <DIR> d-------- C:\WINDOWS\ERUNT
2007-07-03 22:38 6,369 ---hs---- C:\WINDOWS\system32\aybeg.bak2
2007-06-25 17:08 <DIR> d-------- C:\Eagle II
2007-06-25 16:13 <DIR> d-------- C:\UserJoy
2007-06-24 13:00 <DIR> d-------- C:\DOCUME~1\Myself\APPLIC~1\Azureus
2007-06-24 13:00 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Azureus
2007-06-24 12:59 <DIR> d-------- C:\Program Files\Azureus
2007-06-23 21:21 <DIR> d-------- C:\WINDOWS\信長之野望12-é©æ–°
2007-06-22 17:21 <DIR> d-------- C:\DOS
2007-06-20 17:31 <DIR> d-------- C:\DOCUME~1\Myself\APPLIC~1\teamspeak2
2007-06-20 17:30 <DIR> d-------- C:\Program Files\Teamspeak2_RC2
2007-06-17 21:05 <DIR> d-------- C:\#Raganarok Battle Offline
2007-06-09 17:26 967 --a------ C:\WINDOWS\ScUnin.pif
2007-06-09 17:26 94,208 --a------ C:\WINDOWS\ScUnin.exe
2007-06-09 17:26 35,398 --a------ C:\WINDOWS\scunin.dat
2007-06-09 17:25 <DIR> d-------- C:\Program Files\Starcraft
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-07-05 16:15:30 -------- d-----w C:\Program Files\lg_fwupdate
2007-07-05 15:24:45 -------- d-----w C:\Program Files\Warcraft III
2007-07-05 07:04:05 -------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-07-03 03:07:00 -------- d-----w C:\Program Files\Norton Internet Security
2007-06-25 06:13:41 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-06-25 06:13:00 -------- d-----w C:\Program Files\ReGetDx
2007-06-24 02:57:10 -------- d-----w C:\Program Files\BitZip
2007-06-21 07:44:20 -------- d-----w C:\Program Files\Granado Espada
2007-05-31 00:28:50 57,320 ----a-w C:\DOCUME~1\Myself\APPLIC~1\GDIPFONTCACHEV1.DAT
2007-05-22 00:47:49 -------- d-----w C:\Program Files\Scions of Fate
2007-05-10 14:49:26 -------- d-----w C:\DOCUME~1\Myself\APPLIC~1\.BitZip
2007-05-01 15:35:12 146,432 ----a-w C:\Program Files\Common Files\Yazzle1162OinAdmin.exe
2007-04-16 12:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-16 12:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-16 12:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-16 12:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-16 12:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-16 12:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-16 12:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-16 12:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-04-16 08:02:41 614 ----a-w C:\WINDOWS\eReg.dat
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
2006-12-18 03:16 59032 --a------ C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{16664845-0E00-11D2-8059-000000000000}]
2005-03-08 15:22 294964 --a------ C:\Program Files\Common Files\ReGet Shared\Catcher.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{65148F21-779E-4146-A3E4-D97F817AF8CC}]
C:\WINDOWS\System32\pmnnn.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
2007-03-14 03:43 501400 --a------ C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8BF884A4-CF81-4E00-B7C1-076FCE6CFDD7}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9ECB9560-04F9-4bbc-943D-298DDF1699E1}]
2004-08-31 09:29 103568 --a------ C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
2007-01-19 22:55 2403392 -ra------ c:\program files\google\googletoolbar4.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
2007-06-18 16:31 325048 --a------ C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B570AAA3-67CA-4F72-A6CD-CC6F8704E151}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BDF3E430-B101-42AD-A544-FADC6B084872}]
2005-10-19 11:54 218736 --a------ C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" [2004-03-17 14:10 C:\WINDOWS\system32\Hdaudpropshortcut.exe]
"ASUS Probe"="C:\Program Files\ASUS\Asus Probe\AsusProb.exe" [2002-12-06 15:07]
"Launch Ai Booster"="C:\Program Files\ASUS\Ai Booster\OverClk.exe" []
"SoundMan"="SOUNDMAN.EXE" [2004-09-24 05:27 C:\WINDOWS\SOUNDMAN.EXE]
"AlcWzrd"="ALCWZRD.EXE" [2004-09-25 04:06 C:\WINDOWS\ALCWZRD.EXE]
"Alcmtr"="ALCMTR.EXE" [2004-09-24 07:44 C:\WINDOWS\ALCMTR.EXE]
"nwiz"="nwiz.exe" [2005-07-20 20:07 C:\WINDOWS\system32\nwiz.exe]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-04-13 13:20]
"SSC_UserPrompt"="C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe" [2004-11-02 15:59]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2006-02-23 16:31]
"RemoteControl"="C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2003-12-08 16:35]
"InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2005-07-09 00:25]
"LGODDFU"="C:\Program Files\lg_fwupdate\fwupdate.exe" [2005-04-12 09:11]
"WinFast Schedule"="C:\Program Files\WinFast\WFTVFM\WFWIZ.exe" [2005-08-15 16:43]
"WinFast2KLoadDefault"="wf2kcpl.dll" [2005-08-24 14:36 C:\WINDOWS\system32\WF2KCPL.dll]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2005-12-11 00:57]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 10:54]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-03-14 19:05]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2002-08-29 20:41]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-18 16:31]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54]
"Rtmh"="C:\DOCUME~1\Myself\MYDOCU~1\CROSOF~1\ntvdm.exe" []
[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"=Narrator.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmnll]
C:\WINDOWS\System32\pmnll.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wincqt32]
wincqt32.dll
Contents of the 'Scheduled Tasks' folder
2007-07-03 02:35:02 C:\WINDOWS\tasks\AppleSoftwareUpdate.job
2007-06-29 11:27:38 C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer - Myself.job
**************************************************************************
catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer,
http://www.gmer.netRootkit scan 2007-07-06 02:22:29
Windows 5.1.2600 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Completion time: 2007-07-06 2:24:18 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-07-06 02:24
--- E O F ---
After i did ComboFix the file - C:\Windows\system32\mljhff.dll - as well as any other Vundos don't appear in VundoFix anymore, i tried it several times and it doesn't appear anymore still. However i continued your suggestion at running SDfix on Safe Mode here are the logs:
SDFix -
SDFix: Version 1.89
Run by Myself on 07/06/2007 Fri at 12:14 PM
Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix
Safe Mode:
Checking Services:
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting...
Normal Mode:
Checking Files:
No Trojan Files Found
Removing Temp Files...
ADS Check:
Checking C:\WINDOWS
C:\WINDOWS
No streams found.
Checking C:\WINDOWS\system32
C:\WINDOWS\system32
No streams found.
Checking C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
No streams found.
Checking C:\WINDOWS\system32\ntoskrnl.exe
C:\WINDOWS\system32\ntoskrnl.exe
No streams found.
Final Check:
Remaining Services:
------------------
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
Remaining Files:
---------------
Files with Hidden Attributes:
C:\Program Files\Autodesk\Autodesk DWF Viewer\_Setupx.dll
C:\Program Files\Autodesk\Autodesk DWF Viewer\Setup.exe
C:\Documents and Settings\Myself\My Documents\Homework\History\City in History\Exam\Exam\~WRL0005.tmp
C:\Documents and Settings\Myself\My Documents\Homework\History\City in History\Exam\Exam\~WRL3921.tmp
C:\WINDOWS\system32\config\default.tmp.LOG
C:\WINDOWS\system32\config\SAM.tmp.LOG
C:\WINDOWS\system32\config\SECURITY.tmp.LOG
C:\WINDOWS\system32\config\software.tmp.LOG
C:\WINDOWS\system32\config\system.tmp.LOG
Finished
Heres another Fresh HiJackThis log:
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 12:36:39 PM, on 7/6/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\conime.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\WINDOWS\System32\WgaTray.exe
C:\Program Files\ASUS\Asus Probe\AsusProb.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\lg_fwupdate\fwupdate.exe
C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Myself\Desktop\HiJackThis_v2.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: ClickCatcher MSIE handler - {16664845-0E00-11D2-8059-000000000000} - C:\Program Files\Common Files\ReGet Shared\Catcher.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8BF884A4-CF81-4E00-B7C1-076FCE6CFDD7} - (no file)
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {B570AAA3-67CA-4F72-A6CD-CC6F8704E151} - (no file)
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: ReGet Bar - {17939A30-18E2-471E-9D3A-56DD725F1215} - C:\Program Files\ReGetDx\iebar.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Asus Probe\AsusProb.exe
O4 - HKLM\..\Run: [Launch Ai Booster] "C:\Program Files\ASUS\Ai Booster\OverClk.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [LGODDFU] "C:\Program Files\lg_fwupdate\fwupdate.exe"
O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
O4 - HKLM\..\Run: [WinFast2KLoadDefault] rundll32.exe wf2kcpl.dll,DllLoadDefaultSettings
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Rtmh] "C:\DOCUME~1\Myself\MYDOCU~1\CROSOF~1\ntvdm.exe" -vt yazb
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Do&wnload by ReGet Deluxe - C:\Program Files\Common Files\ReGet Shared\CC_Link.htm
O8 - Extra context menu item: Download A&ll by ReGet Deluxe - C:\Program Files\Common Files\ReGet Shared\CC_All.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
http://go.microsoft.com/fwlink/?linkid=39204O16 - DPF: {33527649-30BB-4C61-9D70-638D64A6670E} (LaunchLFO Control) -
http://www.littlefighteronline.com/hk/yahoo_hk/LaunchLFO.ocxO16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -
http://by137fd.bay137.Email Removed.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://update.microsoft.com/windowsupdate/...b?1140667347593O16 - DPF: {7C5D062A-7A1E-4A46-A02B-A928084CBD66} (MLauncherNew Class) -
http://legendofares.netgame.com/download/MusaLauncherNew.cabO16 - DPF: {89981B1D-07DA-43C3-9770-06C51E7E5DCE} (NostaleWebStarter Control) -
http://game.nostale.com/sso/NostaleWebLauncher.cabO16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) -
http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cabO16 - DPF: {96D466AB-3121-4072-8570-BAE7871A4D96} (UJActiveXLauncher Control) -
http://www.ujgame.com/ujcasual/game/1.0.1....veXLauncher.ocxO16 - DPF: {A352D8E5-25DE-4B83-872F-98842905DE04} (NlsComm Component Class) -
http://login.hanbiton.com/cab/NLSnSSO.cabO16 - DPF: {ADCC68D4-AAEA-4338-817D-1F261D9FB759} (ENetLauncher Control) -
http://www.dragongemworld.com/Active_X/ENetLauncher.cabO16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) -
http://cdn2.zone.msn.com/binFramework/v10/...ro.cab34246.cabO16 - DPF: {CEA3052D-65B9-44E2-A501-5E14024BC66F} (TricksterActiveX Control) -
http://www.tricksteronline.com/control/tricksterActiveX.cabO16 - DPF: {D88C7675-7CEE-4C9A-BDD4-7A43EED7794D} (Logout Class) -
http://www.egov.go.kr/sso/KALogoutComponent.cabO16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) -
http://download.mcafee.com/molbin/iss-loc/...970/mcfscan.cabO16 - DPF: {F7899FAE-51C9-4EF5-B98C-A64997635235} (GSPRunGame Class) -
http://playinfinity.net/cab/WindyGSPAx.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{175C0EC8-F21F-457A-8992-BCD415FFF92F}: NameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{175C0EC8-F21F-457A-8992-BCD415FFF92F}: NameServer = 192.168.1.1
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: pmnll - C:\WINDOWS\System32\pmnll.dll (file missing)
O20 - Winlogon Notify: wincqt32 - wincqt32.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: WinFast® Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: WMP54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
--
End of file - 13016 bytes
Thanks again.
