Help!
-
Help!
Hello:
I'm afraid of there are some terrible things in my computer. I try to clean up
my computer by running ad-adware and anti spyware to get rid of dl.exe......There is no
success. I believe you guys are my last resort.
Logfile of HijackThis v1.99.1
Scan saved at 0:01:44, on 2005-10-16
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\G2ProcessFactory.exe
C:\KAV2005\KWatch.EXE
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\System32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\gearsec.exe
C:\Program Files\Expertcity\GoToMyPC\g2svc.exe
C:\KAV2005\KPfwSvc.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$SWDATA\Binn\sqlservr.exe
C:\Program Files\Expertcity\GoToMyPC\g2comm.exe
C:\Program Files\Expertcity\GoToMyPC\g2pre.exe
C:\Program Files\Expertcity\GoToMyPC\g2tray.exe
C:\WINDOWS\System32\NMSSvc.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Expertcity\GoToMyPC\g2svc.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\KAV2005\KAVStart.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\KAV2005\KAVStart.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\KAV2005\KavPFW.exe
C:\Program Files\Thunder Network\Thunder\Thunder.exe
C:\KAV2005\KMailMon.EXE
C:\KAV2005\KMailMon.EXE
C:\KAV2005\KavPFW.exe
C:\PVSW\Bin\w3dbsmgr.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\Thunder Network\Thunder\Thunder.exe
C:\KAV2005\Update.EXE
C:\KAV2005\Update.EXE
C:\WINDOWS\System32\conime.exe
C:\Program Files\SpywareBlaster\spywareblaster.exe
C:\KAV2005\KATMain.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\SHIJIA~1\LOCALS~1\Temp\Rar$EX00.797\Hi jackThis.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: (no name) - {51819320-5B57-49FE-BEB5-B498CBBA1097} - (no file)
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKLM\..\Run: [GoToMyPC] C:\Program Files\Expertcity\GoToMyPC\g2svc.exe -logon
O4 - HKLM\..\Run: [Thunder] "C:\Program Files\Thunder Network\Thunder\ThunderShell.exe" /s
O4 - HKLM\..\Run: [MemoryIdle] C:\Program Files\完美卸载XP\Memory Booster.exe -PowerOn
O4 - HKLM\..\Run: [KavStart] "C:\KAV2005\KAVStart.exe" -startup
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [KavPFW] "C:\KAV2005\KavPFW.exe"
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - Global Startup: Pervasive.SQL Workgroup Engine.lnk = C:\PVSW\Bin\w3dbsmgr.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: &使用迅雷下载 - C:\Program Files\Thunder Network\Thunder\geturl.htm
O8 - Extra context menu item: &使用迅雷下载全部链接 - C:\Program Files\Thunder Network\Thunder\getAllurl.htm
O8 - Extra context menu item: 使用网际快车下载 - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: 使用网际快车下载全部链接 - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: 添加到QQ自定义面板 - C:\Program Files\Tencent\QQ\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - C:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - C:\Program Files\Tencent\QQ\SendMMS.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - C:\Program Files\Tencent\QQ\QQIEHelper.dll
O9 - Extra 'Tools' menuitem: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - C:\Program Files\Tencent\QQ\QQIEHelper.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! Chess - http://download.games.yahoo.com/game...ts/y/ct1_x.cab
O16 - DPF: Yahoo! NFL GameChannel StatTracker - http://aud7.sports.sc5.yahoo.com/jav...gcst1008_x.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {072D3F2E-5FB6-11D3-B461-00C04FA35A21} (CFForm Runtime) - https://www.finova.com/CFIDE/classes/CFJava.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1C955F3B-5B32-4393-A05D-24B4970CD2A1} - http://streamhc.redhotnetworks.com/cabs/videox.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/tech...l/LSSupCtl.cab
O16 - DPF: {2976BDAD-30FD-4ADD-B6AD-DF7BC54767FA} (AMI Conferencing Control 6.0) - https://nws1000.ramaporadiology.com/...conference.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1096833917281
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1126470109062
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yaho...ymmapi_416.dll
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/tech...l/SymAData.cab
O16 - DPF: {E62A47D8-74B1-4A93-963A-E5E43B7CC5C2} (UCSearch.ucUCSearch) - http://www.zuvio.com/UCSearch.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{CE5C6F77-1336-4466-A1BC-3F2667E51446}: NameServer = 151.203.0.84 151.202.0.84
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: GoToMyPC - C:\WINDOWS\SYSTEM32\G2WinLogon.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\system32\gearsec.exe
O23 - Service: GoToMyPC - Unknown owner - C:\Program Files\Expertcity\GoToMyPC\g2svc.exe" -service (file missing)
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kingsoft Personal Firewall Service (KPfwSvc) - Kingsoft Corporation - C:\KAV2005\KPfwSvc.EXE
O23 - Service: Kingsoft Antivirus KWatch Service (KWatchSvc) - Kingsoft Corporation - C:\KAV2005\KWatch.EXE
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: PLSRemote Service (PLSRemoteSvc) - Unknown owner - C:\WINDOWS\SYSTEM32\PLSRemote.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
-
Welcome to DAL,
I see you have Flashget. If you are using the free version it has spyware in it and I would suggest you uninstall it. The paid version is fine. Uninstall thru add/remove program please.
Here's a review of some download managers you might find helpful.
http://www.safer-networking.org/inde...nload-managers
Go into Task Manager and click on process tab and look for dl.exe and conime.exe and end process on it if found.
Get into Task Manager by pressing ctrl+alt+del or right click bottom bar on screen from your desktop and select Task Manager
I need you to submit file(s) to see if it(they) are infected or legit:--http://virusscan.jotti.org/
Files:
C:\Program Files\WinRAR\WinRAR.exe---this one
copy/paste results for me please
Below is a Trojan scanner please run the tool from safe mode explained also below
To reboot into safe mode start tapping your F8 key upon restart and safe mode screen appears, select safe mode and press enter.
Please download, install, update and scan your system with the free version of Ewido trojan scanner: www.ewido.net/en/download/
1. When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
2. When you run ewido for the first time, you will get a warning "Database could not be found!". Click OK. We will fix this in a moment.
3. From the main ewido screen, click on UPDATE in the left menu, then click the Start update button.
4. After the update finishes (the status bar at the bottom will display "Update successful"), click on the Scanner button in the left menu, then click on the Start button. This scan can take quite a while to run.
5. If ewido finds anything, it will pop up a notification. You can select "clean" and check the boxes "Perform action with all infections" and "Create encrypted backup" before clicking on OK.
6. When the scan finishes, click on "Save Report". This will create a text file. Please then paste the contents of the text file to this thread, along with a new HijackThis log.
Make sure you are set to normal startup. Click Start -> Run -> Type Msconfig -> Press Enter -> make sure Startup is set to Normal.
Restart your computer in normal mode and please post a new HijackThis log, as well as the log from the Ewido scan.
Also since you are so infected do these online scanners below and save the logs they make for me to look at please.
Internet Explorer required
Run these two online virus scanners (Panda Activescan) following these instructions below:
http://www.pandasoftware.com/product..._principal.htm
Internet Explorer required
Also this excellent(BitDefender) scanner:http://www.bitdefender.com/scan8/ie.html
I need:
Ewido log
BitDefender log
Panda log
New HJT log---Posting all the logs may take two or more posts or make an attachments.
-
Hi,
Neal. Thank you very much for your help! Now here are some problems of my computer.
I think something is getting worse
1. now I cannot run msconfig to go through details of my computer and cannot run sfc etc......
windows always tells me that msconfig has encounted problem.
2.when I try to shut down or restart my computer normally.there is no any reaction......
3.I make sure some weird programme named dl.exe has already invaded my computer and some
documents have been infected which include some adware-scan programme just like ewido you recommend because I find a copy of dl.exe exsting folder of ewido and cause damage of ewido.
When I try to updare ewido,there always get a dialog box saying at least one part of this document has already been modified......
now what shold I do? thanks in advance.
here is report and log file you need.
File to upload & scan:
Service
Service load: 0% 100%
File: WinRAR.exe
Status: MIGHT BE INFECTED/MALWARE (Sandbox emulation took a long time and/or runtime packers were found, this is suspicious. Normally programs aren't packed and don't force the sandbox into lengthy emulation. Do realize no scanner issued any warning, the file can very well be harmless. Caution is advised, however.)
MD5 940d1cdf95a765e3dc02ee1d7e7a8829
Packers detected: -
Scanner results
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
Fortinet Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
UNA Found nothing
VBA32 Found nothing
BitDefender Online Scanner
Scan report generated at: Sat, Oct 22, 2005 - 13:41:23
Scan path: A:\;C:\;D:\;E:\;
Statistics
Time
01:14:56
Files
263774
Folders
5376
Boot Sectors
3
Archives
1761
Packed Files
40698
Results
Identified Viruses
3
Infected Files
36
Suspect Files
0
Warnings
0
Disinfected
10
Deleted Files
2
Engines Info
Virus Definitions
225455
Engine build
AVCORE v1.0 (build 2292) (i386) (Mar 3 2005 11:57:29)
Scan plugins
13
Archive plugins
39
Unpack plugins
4
E-mail plugins
6
System plugins
1
Scan Settings
First Action
Disinfect
Second Action
Delete
Heuristics
Yes
Enable Warnings
Yes
Scanned Extensions
exe;com;dll;ocx;scr;bin;dat;386;vxd;sys;wdm;cla;cl ass;ovl;ole;hlp;doc;dot;xls;ppt;wbk;wiz;pot;ppa;xl a;xlt;vbs;vbe;mdb;rtf;htm;hta;html;xml;xtp;php;asp ;js;shs;chm;lnk;pif;prc;url;smm;pfd;msi;ini;csc;cm d;bas;
Exclude Extensions
Scan Emails
Yes
Scan Archives
Yes
Scan Packed
Yes
Scan Files
Yes
Scan Boot
Yes
Scanned File
Status
C:\Documents and Settings\All Users\Desktop\ewido security suite.lnk=>C:\Program Files\ewido\security suite\SecuritySuite.exe
Infected with: Win32.Gael.3666
C:\Documents and Settings\All Users\Desktop\ewido security suite.lnk=>C:\Program Files\ewido\security suite\SecuritySuite.exe
Disinfected
C:\Documents and Settings\All Users\Desktop\ewido security suite.lnk
Updated
C:\Documents and Settings\All Users\Desktop\½ðɽÍøïÚ 2005 .lnk=>C:\KAV2005\KAVPFW.EXE
Infected with: Win32.Gael.3666
C:\Documents and Settings\All Users\Desktop\½ðɽÍøïÚ 2005 .lnk=>C:\KAV2005\KAVPFW.EXE
Disinfected
C:\Documents and Settings\All Users\Desktop\½ðɽÍøïÚ 2005 .lnk
Update failed
C:\Documents and Settings\All Users\Start Menu\Programs\GoToMyPC.lnk=>C:\Program Files\Expertcity\GoToMyPC\g2svc.exe
Infected with: Win32.Gael.3666
C:\Documents and Settings\All Users\Start Menu\Programs\GoToMyPC.lnk=>C:\Program Files\Expertcity\GoToMyPC\g2svc.exe
Disinfected
C:\Documents and Settings\All Users\Start Menu\Programs\GoToMyPC.lnk
Update failed
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\mssvp.exe
Infected with: Win32.Worm.Windaus.D
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\mssvp.exe
Deleted
C:\Documents and Settings\All Users\Start Menu\Programs\WinPatrol\WinPatrol.lnk=>C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
Infected with: Win32.Gael.3666
C:\Documents and Settings\All Users\Start Menu\Programs\WinPatrol\WinPatrol.lnk=>C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
Disinfected
C:\Documents and Settings\All Users\Start Menu\Programs\WinPatrol\WinPatrol.lnk
Update failed
C:\Documents and Settings\SHIJIANJIANG\Local Settings\Temporary Internet Files\Content.IE5\4VFNUS1X\MicrosoftAntiSpywareIns tall[1].exe
Infected with: Win32.Gael.3666
C:\Documents and Settings\SHIJIANJIANG\Local Settings\Temporary Internet Files\Content.IE5\4VFNUS1X\MicrosoftAntiSpywareIns tall[1].exe
Disinfected
C:\KAV2005\KAVPFW.EXE
Infected with: Win32.Gael.3666
C:\KAV2005\KAVPFW.EXE
Disinfection failed
C:\KAV2005\KAVPFW.EXE
Delete failed
C:\KAV2005\KAVStart.EXE
Infected with: Win32.Gael.3666
C:\KAV2005\KAVStart.EXE
Disinfection failed
C:\KAV2005\KAVStart.EXE
Delete failed
C:\KAV2005\KMailMon.EXE
Infected with: Win32.Gael.3666
C:\KAV2005\KMailMon.EXE
Disinfection failed
C:\KAV2005\KMailMon.EXE
Delete failed
C:\KAV2005\KPFWSvc.EXE
Infected with: Win32.Gael.3666
C:\KAV2005\KPFWSvc.EXE
Disinfection failed
C:\KAV2005\KPFWSvc.EXE
Delete failed
C:\KAV2005\KWatch.EXE
Infected with: Win32.Gael.3666
C:\KAV2005\KWatch.EXE
Disinfection failed
C:\KAV2005\KWatch.EXE
Delete failed
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
Infected with: Win32.Gael.3666
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
Disinfection failed
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
Delete failed
C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
Infected with: Win32.Gael.3666
C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
Disinfection failed
C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
Delete failed
C:\Program Files\Common Files\Panda Software\PavShld\Install.exe
Infected with: Win32.Gael.3666
C:\Program Files\Common Files\Panda Software\PavShld\Install.exe
Disinfection failed
C:\Program Files\Common Files\Panda Software\PavShld\Install.exe
Delete failed
C:\Program Files\Common Files\Panda Software\PavShld\PavPrSrv.exe
Infected with: Win32.Gael.3666
C:\Program Files\Common Files\Panda Software\PavShld\PavPrSrv.exe
Disinfection failed
C:\Program Files\Common Files\Panda Software\PavShld\PavPrSrv.exe
Delete failed
C:\Program Files\ewido\security suite\ewidoguard.exe
Infected with: Win32.Gael.3666
C:\Program Files\ewido\security suite\ewidoguard.exe
Disinfected
C:\Program Files\ewido\security suite\Uninstall.exe
Infected with: Win32.Gael.3666
C:\Program Files\ewido\security suite\Uninstall.exe
Disinfected
C:\Program Files\ewido-setup.exe
Infected with: Win32.Gael.3666
C:\Program Files\ewido-setup.exe
Disinfected
C:\Program Files\Expertcity\GoToMyPC\g2comm.exe
Infected with: Win32.Gael.3666
C:\Program Files\Expertcity\GoToMyPC\g2comm.exe
Disinfection failed
C:\Program Files\Expertcity\GoToMyPC\g2comm.exe
Delete failed
C:\Program Files\Expertcity\GoToMyPC\g2pre.exe
Infected with: Win32.Gael.3666
C:\Program Files\Expertcity\GoToMyPC\g2pre.exe
Disinfection failed
C:\Program Files\Expertcity\GoToMyPC\g2pre.exe
Delete failed
C:\Program Files\Expertcity\GoToMyPC\g2svc.exe
Infected with: Win32.Gael.3666
C:\Program Files\Expertcity\GoToMyPC\g2svc.exe
Disinfection failed
C:\Program Files\Expertcity\GoToMyPC\g2svc.exe
Delete failed
C:\Program Files\Hewlett-Packard\Digital Imaging\Product\2170.msi=>(Embedded CAB)=>F30597_newupdatehtml.exe.61B36DF2_0416_4DA2_ BDAF_93E719EAEB7E
Infected with: Exploit.UNIX.Imail
C:\Program Files\Hewlett-Packard\Digital Imaging\Product\2170.msi=>(Embedded CAB)=>F30597_newupdatehtml.exe.61B36DF2_0416_4DA2_ BDAF_93E719EAEB7E
Disinfection failed
C:\Program Files\Hewlett-Packard\Digital Imaging\Product\2170.msi=>(Embedded CAB)=>F30597_newupdatehtml.exe.61B36DF2_0416_4DA2_ BDAF_93E719EAEB7E
Deleted
C:\Program Files\Hewlett-Packard\Digital Imaging\Product\2170.msi=>(Embedded CAB)
Update failed
C:\Program Files\Logitech\iTouch\iTouch.exe
Infected with: Win32.Gael.3666
C:\Program Files\Logitech\iTouch\iTouch.exe
Disinfection failed
C:\Program Files\Logitech\iTouch\iTouch.exe
Delete failed
C:\Program Files\Logitech\MouseWare\system\EM_EXEC.EXE
Infected with: Win32.Gael.3666
C:\Program Files\Logitech\MouseWare\system\EM_EXEC.EXE
Disinfection failed
C:\Program Files\Logitech\MouseWare\system\EM_EXEC.EXE
Delete failed
C:\Program Files\Microsoft SQL Server\MSSQL$SWDATA\Binn\sqlservr.exe
Infected with: Win32.Gael.3666
C:\Program Files\Microsoft SQL Server\MSSQL$SWDATA\Binn\sqlservr.exe
Disinfection failed
C:\Program Files\Microsoft SQL Server\MSSQL$SWDATA\Binn\sqlservr.exe
Delete failed
C:\Program Files\MicrosoftAntiSpywareInstall.exe
Infected with: Win32.Gael.3666
C:\Program Files\MicrosoftAntiSpywareInstall.exe
Disinfected
C:\Program Files\Spybot - Search & Destroy\Updates\immufix.exe
Infected with: Win32.Gael.3666
C:\Program Files\Spybot - Search & Destroy\Updates\immufix.exe
Disinfected
C:\Program Files\Thunder Network\Thunder\Thunder.exe
Infected with: Win32.Gael.3666
C:\Program Files\Thunder Network\Thunder\Thunder.exe
Disinfection failed
C:\Program Files\Thunder Network\Thunder\Thunder.exe
Delete failed
C:\WINDOWS\system32\BRSS01A.EXE
Infected with: Win32.Gael.3666
C:\WINDOWS\system32\BRSS01A.EXE
Disinfection failed
C:\WINDOWS\system32\BRSS01A.EXE
Delete failed
C:\WINDOWS\system32\BRSVC01A.EXE
Infected with: Win32.Gael.3666
C:\WINDOWS\system32\BRSVC01A.EXE
Disinfection failed
C:\WINDOWS\system32\BRSVC01A.EXE
Delete failed
C:\WINDOWS\system32\G2ProcessFactory.exe
Infected with: Win32.Gael.3666
C:\WINDOWS\system32\G2ProcessFactory.exe
Disinfection failed
C:\WINDOWS\system32\G2ProcessFactory.exe
Delete failed
C:\WINDOWS\system32\gearsec.exe
Infected with: Win32.Gael.3666
C:\WINDOWS\system32\gearsec.exe
Disinfection failed
C:\WINDOWS\system32\gearsec.exe
Delete failed
C:\WINDOWS\system32\LEXBCES.EXE
Infected with: Win32.Gael.3666
C:\WINDOWS\system32\LEXBCES.EXE
Disinfection failed
C:\WINDOWS\system32\LEXBCES.EXE
Delete failed
C:\WINDOWS\system32\MsPMSPSv.exe
Infected with: Win32.Gael.3666
C:\WINDOWS\system32\MsPMSPSv.exe
Disinfection failed
C:\WINDOWS\system32\MsPMSPSv.exe
Delete failed
C:\WINDOWS\system32\snmp.exe
Infected with: Win32.Gael.3666
C:\WINDOWS\system32\snmp.exe
Disinfection failed
C:\WINDOWS\system32\snmp.exe
Delete failed
C:\WINDOWS\system32\spoolsv.exe
Infected with: Win32.Gael.3666
C:\WINDOWS\system32\spoolsv.exe
Disinfection failed
C:\WINDOWS\system32\spoolsv.exe
Delete failed
-
BTW: I don't know why I can't run panda scan online . so please tell me what's the right way to run it. 
here is HTJ log file:
Logfile of HijackThis v1.99.1
Scan saved at 19:47:21, on 2005-10-23
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\G2ProcessFactory.exe
C:\KAV2005\KWatch.EXE
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\System32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\system32\gearsec.exe
C:\Program Files\Expertcity\GoToMyPC\g2svc.exe
C:\KAV2005\KPfwSvc.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$SWDATA\Binn\sqlservr.exe
C:\Program Files\Expertcity\GoToMyPC\g2comm.exe
C:\Program Files\Expertcity\GoToMyPC\g2pre.exe
C:\Program Files\Expertcity\GoToMyPC\g2tray.exe
C:\WINDOWS\System32\NMSSvc.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\KAV2005\KAVStart.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Expertcity\GoToMyPC\g2svc.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\KAV2005\KAVStart.exe
C:\KAV2005\KavPFW.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\KAV2005\KMailMon.EXE
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\KAV2005\KMailMon.EXE
C:\KAV2005\KavPFW.exe
C:\PVSW\Bin\w3dbsmgr.exe
C:\Program Files\Thunder Network\Thunder\Thunder.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\Thunder Network\Thunder\Thunder.exe
C:\KAV2005\Update.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\SHIJIA~1\LOCALS~1\Temp\Rar$EX00.282\Hi jackThis.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: (no name) - {51819320-5B57-49FE-BEB5-B498CBBA1097} - (no file)
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKLM\..\Run: [GoToMyPC] C:\Program Files\Expertcity\GoToMyPC\g2svc.exe -logon
O4 - HKLM\..\Run: [Thunder] "C:\Program Files\Thunder Network\Thunder\ThunderShell.exe" /s
O4 - HKLM\..\Run: [MemoryIdle] C:\Program Files\完美卸载XP\Memory Booster.exe -PowerOn
O4 - HKLM\..\Run: [KavStart] "C:\KAV2005\KAVStart.exe" -startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [KavPFW] "C:\KAV2005\KavPFW.exe"
O4 - Global Startup: Pervasive.SQL Workgroup Engine.lnk = C:\PVSW\Bin\w3dbsmgr.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: &使用迅雷下载 - C:\Program Files\Thunder Network\Thunder\geturl.htm
O8 - Extra context menu item: &使用迅雷下载全部链接 - C:\Program Files\Thunder Network\Thunder\getAllurl.htm
O8 - Extra context menu item: 使用网际快车下载 - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: 使用网际快车下载全部链接 - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: 添加到QQ自定义面板 - C:\Program Files\Tencent\QQ\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - C:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - C:\Program Files\Tencent\QQ\SendMMS.htm
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - C:\Program Files\Tencent\QQ\QQIEHelper.dll
O9 - Extra 'Tools' menuitem: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - C:\Program Files\Tencent\QQ\QQIEHelper.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! Chess - http://download.games.yahoo.com/game...ts/y/ct1_x.cab
O16 - DPF: Yahoo! NFL GameChannel StatTracker - http://aud7.sports.sc5.yahoo.com/jav...gcst1008_x.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {072D3F2E-5FB6-11D3-B461-00C04FA35A21} (CFForm Runtime) - https://www.finova.com/CFIDE/classes/CFJava.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/tech...l/LSSupCtl.cab
O16 - DPF: {2976BDAD-30FD-4ADD-B6AD-DF7BC54767FA} (AMI Conferencing Control 6.0) - https://nws1000.ramaporadiology.com/...conference.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1096833917281
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1126470109062
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yaho...ymmapi_416.dll
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/tech...l/SymAData.cab
O16 - DPF: {E62A47D8-74B1-4A93-963A-E5E43B7CC5C2} (UCSearch.ucUCSearch) - http://www.zuvio.com/UCSearch.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{CE5C6F77-1336-4466-A1BC-3F2667E51446}: NameServer = 151.203.0.84 151.202.0.84
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: GoToMyPC - C:\WINDOWS\SYSTEM32\G2WinLogon.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\system32\gearsec.exe
O23 - Service: GoToMyPC - Unknown owner - C:\Program Files\Expertcity\GoToMyPC\g2svc.exe" -service (file missing)
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kingsoft Personal Firewall Service (KPfwSvc) - Kingsoft Corporation - C:\KAV2005\KPfwSvc.EXE
O23 - Service: Kingsoft Antivirus KWatch Service (KWatchSvc) - Kingsoft Corporation - C:\KAV2005\KWatch.EXE
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: PLSRemote Service (PLSRemoteSvc) - Unknown owner - C:\WINDOWS\SYSTEM32\PLSRemote.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
-
Make sure you can see hidden files.
In Windows XP
Click Start.
Open My Computer.
Select the Tools menu and click Folder Options.
Select the View Tab.
Under the Hidden files and folders heading select Show hidden files and folders.
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm.
Click OK.
After you're cleaned, please "rehide" them again.
Do a search on your computer click start, click search, click all files/folders and type in dl.exe and see if you can find it and let me know the full path of the file.
Or maybe you already know the full file path
Full path = C:\WINDOWS\System32\smss.exe---something like this
If we can find the full path of the dl.exe maybe we can kill it.
Let me know please.
-
I make sure I can see hidden files.
according to what you said, I ran search and found at least 9 dl.exe
C:\Documents and Settings\flyingox
C:\Documents and Settings\SHIJIANJIANG
C:\KAV2005
C:\Program Files\Wom
C:\WINDOWS\Fonts
C:\WINDOWS\system32
C:\Program Files\iolo\System Mechanic 5
C:\Program Files\Lavasoft\Ad-Aware SE Personal
C:\Program Files\Netease\popo2004
-
Delete those files in those programs: dl.exe
Now reboot into safe mode by tapping your F8 key upon restart and safe mode screen appears, select safe mode and press enter.
Find each one of those files and right click and delete, if it want delete right click select properties and check if it has read only checked if it does uncheck and try again.
Good luck.
-
beautiful!
Neal. according to what u said I tried to delete these dls and restarted my computer last night
I make sure most things are OK. My CPU doesn't keep 100% usage. I mustn't restart my computer
every one or two hours. Windows runs smoothly. I appreciate your instruction. That's cool!
But there are some problems still keep themself in my computer. I don't know how to solve these problems. so it's still very important for me to get your help.
when I try to run msconfig.system always tells me msconfig has encounted problems .so now I have never run msconfig, sfc.
another trouble is that I can't update my system from microsoft.com. I don't know why.
I need help .thanks in advance.
-
Post a new HJT log please.
-
Here is my new HJT log file. one more problem is that I find I can't remove some programme
Logfile of HijackThis v1.99.1
Scan saved at 20:58:23, on 2005-10-25
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\System32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\system32\gearsec.exe
C:\Program Files\Expertcity\GoToMyPC\g2svc.exe
C:\Program Files\Microsoft SQL Server\MSSQL$SWDATA\Binn\sqlservr.exe
C:\Program Files\Expertcity\GoToMyPC\g2comm.exe
C:\Program Files\Expertcity\GoToMyPC\g2pre.exe
C:\Program Files\Expertcity\GoToMyPC\g2tray.exe
C:\WINDOWS\System32\NMSSvc.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
c:\docume~1\alluse~1\startm~1\programs\startup\msu pdate.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\My Downloads\fterm-2004memory\fterm-2004memory\FTERM.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\SHIJIA~1\LOCALS~1\Temp\Rar$EX01.094\Hi jackThis.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: (no name) - {51819320-5B57-49FE-BEB5-B498CBBA1097} - (no file)
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKLM\..\Run: [GoToMyPC] C:\Program Files\Expertcity\GoToMyPC\g2svc.exe -logon
O4 - HKLM\..\Run: [Thunder] "C:\Program Files\Thunder Network\Thunder\ThunderShell.exe" /s
O4 - HKLM\..\Run: [MemoryIdle] C:\Program Files\完美卸载XP\Memory Booster.exe -PowerOn
O4 - HKLM\..\Run: [KavStart] "C:\KAV2005\KAVStart.exe" -startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: msupdate.exe
O4 - Global Startup: Pervasive.SQL Workgroup Engine.lnk = C:\PVSW\Bin\w3dbsmgr.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: &使用迅雷下载 - C:\Program Files\Thunder Network\Thunder\geturl.htm
O8 - Extra context menu item: &使用迅雷下载全部链接 - C:\Program Files\Thunder Network\Thunder\getAllurl.htm
O8 - Extra context menu item: 使用网际快车下载 - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: 使用网际快车下载全部链接 - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: 添加到QQ自定义面板 - C:\Program Files\Tencent\QQ\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - C:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - C:\Program Files\Tencent\QQ\SendMMS.htm
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - C:\Program Files\Tencent\QQ\QQIEHelper.dll
O9 - Extra 'Tools' menuitem: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - C:\Program Files\Tencent\QQ\QQIEHelper.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! Chess - http://download.games.yahoo.com/game...ts/y/ct1_x.cab
O16 - DPF: Yahoo! NFL GameChannel StatTracker - http://aud7.sports.sc5.yahoo.com/jav...gcst1008_x.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {072D3F2E-5FB6-11D3-B461-00C04FA35A21} (CFForm Runtime) - https://www.finova.com/CFIDE/classes/CFJava.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/tech...l/LSSupCtl.cab
O16 - DPF: {2976BDAD-30FD-4ADD-B6AD-DF7BC54767FA} (AMI Conferencing Control 6.0) - https://nws1000.ramaporadiology.com/...conference.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1096833917281
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1126470109062
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yaho...ymmapi_416.dll
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/tech...l/SymAData.cab
O16 - DPF: {E62A47D8-74B1-4A93-963A-E5E43B7CC5C2} (UCSearch.ucUCSearch) - http://www.zuvio.com/UCSearch.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{CE5C6F77-1336-4466-A1BC-3F2667E51446}: NameServer = 151.203.0.84 151.202.0.84
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: GoToMyPC - C:\WINDOWS\SYSTEM32\G2WinLogon.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\system32\gearsec.exe
O23 - Service: GoToMyPC - Unknown owner - C:\Program Files\Expertcity\GoToMyPC\g2svc.exe" -service (file missing)
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: PLSRemote Service (PLSRemoteSvc) - Unknown owner - C:\WINDOWS\SYSTEM32\PLSRemote.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
Newbie
