Help Remove Malware & Spyware

Hello I am getting constant pop ups from drivecleaner.com, systemdoctor.com broadcaster.com, winantivirus Ameama all related to Vundu

Ive ran CCleaner, Spybot, CounterSpy, SWDoctor, Lavasoft, and Antivirus Scans. I've also run the VundoFix utility version 6.3.9

Below is my current HJT Log:

Code:

Logfile of HijackThis v1.99.1
Scan saved at 5:24:41 PM, on 2/24/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
C:\Program Files\CA\eTrust Antivirus\InoRT.exe
C:\Program Files\CA\eTrust Antivirus\InoTask.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\PROGRA~1\CA\ETRUST~1\realmon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Ahead\ODD Toolkit\DVDTray.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
C:\Program Files\palmOne\Hotsync.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Documents and Settings\Erick Perdomo\Desktop\VundoFix.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\WINDOWS\System32\WScript.exe
C:\Program Files\Hijackthis\HJT.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?linkid=62509
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll
O2 - BHO: (no name) - {657C0630-ECFC-4C17-9E0C-E8ECB5E03D63} - C:\WINDOWS\system32\yabxy.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O2 - BHO: (no name) - {C47A9554-195A-4769-9B13-04F15B450A39} - C:\WINDOWS\system32\xxywvts.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched]  "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe "
O4 - HKLM\..\Run: [RoxioEngineUtility]  "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe "
O4 - HKLM\..\Run: [RoxioDragToDisc]  "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe "
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [iTunesHelper]  "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKLM\..\Run: [QuickTime Task]  "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DVDTray] C:\Program Files\Ahead\ODD Toolkit\DVDTray.exe
O4 - HKLM\..\Run: [RemoteControl]  "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe "
O4 - HKLM\..\Run: [CloneCDTray]  "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [ATICCC]  "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [SBCSTray] C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
O4 - HKLM\..\Run: [SBRegRebootCleaner] C:\Program Files\Sunbelt Software\CounterSpy\SBRC.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr]  "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager]  "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [MSMSGS]  "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Investigador - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.3.102.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: qomkj - C:\WINDOWS\system32\qomkj.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: xxywvts - C:\WINDOWS\SYSTEM32\xxywvts.dll
O20 - Winlogon Notify: yabxy - C:\WINDOWS\system32\yabxy.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apache2Triad Apache2 Service (Apache2) - Unknown owner - C:\apache2triad\bin\apache.exe" -n Apache2 -k runservice (file missing)
O23 - Service: Apache2Triad Apache2 Service with SSL (Apache2SSL) - Unknown owner - C:\apache2triad\bin\apache.exe" -D SSL -n Apache2SSL -k runservice (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Apache2Triad MySql Service (MySql) - Unknown owner - C:\apache2triad\mysql\bin\mysqld.exe
O23 - Service: Apache2Triad PostgreSQL Service (PgSql) - Unknown owner - C:\apache2triad\pgsql\bin\pg_ctl.exe" runservice -N PgSql -D C:\apache2triad\pgsql\data\ (file missing)
O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Apache2Triad Xmail Service (XMail) - Unknown owner - C:\apache2triad\mail\bin\XMail.exe

 

Continued ...
VundoFIX log:

Code:

VundoFix V6.3.9

Checking Java version...

Java version is 1.4.2.4

Java version is 1.5.0.2

Java version is 1.5.0.4

Java version is 1.5.0.6

Java version is 1.5.0.9

Scan started at 2:46:39 AM 2/22/2007

Listing files found while scanning....

C:\WINDOWS\system32\qtwxx.bak1
C:\WINDOWS\system32\qtwxx.bak2
C:\WINDOWS\system32\qtwxx.ini
C:\WINDOWS\system32\xxwtq.dll

Beginning removal...

 Attempting to delete C:\WINDOWS\system32\qtwxx.bak1
C:\WINDOWS\system32\qtwxx.bak1 Has been deleted!

 Attempting to delete C:\WINDOWS\system32\qtwxx.bak2
C:\WINDOWS\system32\qtwxx.bak2 Has been deleted!

 Attempting to delete C:\WINDOWS\system32\qtwxx.ini
C:\WINDOWS\system32\qtwxx.ini Has been deleted!

 Attempting to delete C:\WINDOWS\system32\xxwtq.dll
C:\WINDOWS\system32\xxwtq.dll Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.3.9

Checking Java version...

Java version is 1.4.2.4

Java version is 1.5.0.2

Java version is 1.5.0.4

Java version is 1.5.0.6

Java version is 1.5.0.9

Scan started at 3:24:32 AM 2/22/2007

Listing files found while scanning....

C:\WINDOWS\system32\hgiii.bak1
C:\WINDOWS\system32\hgiii.ini
C:\WINDOWS\system32\iiigh.dll

Beginning removal...

 Attempting to delete C:\WINDOWS\system32\hgiii.bak1
C:\WINDOWS\system32\hgiii.bak1 Has been deleted!

 Attempting to delete C:\WINDOWS\system32\hgiii.ini
C:\WINDOWS\system32\hgiii.ini Has been deleted!

 Attempting to delete C:\WINDOWS\system32\iiigh.dll
C:\WINDOWS\system32\iiigh.dll Could not be deleted.

Performing Repairs to the registry.
Done!

Beginning removal...

 Attempting to delete C:\WINDOWS\system32\iiigh.dll
C:\WINDOWS\system32\iiigh.dll Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...

VundoFix V6.3.9

Checking Java version...

Java version is 1.4.2.4

Java version is 1.5.0.2

Java version is 1.5.0.4

Java version is 1.5.0.6

Java version is 1.5.0.9

Scan started at 4:00:49 AM 2/22/2007

Listing files found while scanning....

C:\WINDOWS\system32\byvvu.dll
C:\WINDOWS\system32\uvvyb.bak1
C:\WINDOWS\system32\uvvyb.ini

Beginning removal...

 Attempting to delete C:\WINDOWS\system32\byvvu.dll
C:\WINDOWS\system32\byvvu.dll Could not be deleted.

 Attempting to delete C:\WINDOWS\system32\uvvyb.bak1
C:\WINDOWS\system32\uvvyb.bak1 Has been deleted!

 Attempting to delete C:\WINDOWS\system32\uvvyb.ini
C:\WINDOWS\system32\uvvyb.ini Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...

 Attempting to delete C:\WINDOWS\system32\byvvu.dll
C:\WINDOWS\system32\byvvu.dll Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.3.9

Checking Java version...

Java version is 1.4.2.4

Java version is 1.5.0.2

Java version is 1.5.0.4

Java version is 1.5.0.6

Java version is 1.5.0.9

Scan started at 4:34:15 AM 2/22/2007

Listing files found while scanning....

C:\WINDOWS\system32\mlmoq.bak1
C:\WINDOWS\system32\mlmoq.ini
C:\WINDOWS\system32\qomlm.dll

Beginning removal...

 Attempting to delete C:\WINDOWS\system32\mlmoq.bak1
C:\WINDOWS\system32\mlmoq.bak1 Has been deleted!

 Attempting to delete C:\WINDOWS\system32\mlmoq.ini
C:\WINDOWS\system32\mlmoq.ini Has been deleted!

 Attempting to delete C:\WINDOWS\system32\qomlm.dll
C:\WINDOWS\system32\qomlm.dll Could not be deleted.

Performing Repairs to the registry.
Done!

Beginning removal...

 Attempting to delete C:\WINDOWS\system32\qomlm.dll
C:\WINDOWS\system32\qomlm.dll Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.3.9

Checking Java version...

Java version is 1.4.2.4

Java version is 1.5.0.2

Java version is 1.5.0.4

Java version is 1.5.0.6

Java version is 1.5.0.9

Scan started at 12:35:00 PM 2/22/2007

Listing files found while scanning....

C:\WINDOWS\system32\nprqr.bak1
C:\WINDOWS\system32\nprqr.ini
C:\WINDOWS\system32\rqrpn.dll

Beginning removal...

 Attempting to delete C:\WINDOWS\system32\nprqr.bak1
C:\WINDOWS\system32\nprqr.bak1 Has been deleted!

 Attempting to delete C:\WINDOWS\system32\nprqr.ini
C:\WINDOWS\system32\nprqr.ini Has been deleted!

 Attempting to delete C:\WINDOWS\system32\rqrpn.dll
C:\WINDOWS\system32\rqrpn.dll Could not be deleted.

Performing Repairs to the registry.
Done!

Beginning removal...

 Attempting to delete C:\WINDOWS\system32\rqrpn.dll
C:\WINDOWS\system32\rqrpn.dll Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.3.9

Checking Java version...

Java version is 1.4.2.4

Java version is 1.5.0.2

Java version is 1.5.0.4

Java version is 1.5.0.6

Java version is 1.5.0.9

Scan started at 1:14:26 PM 2/22/2007

Listing files found while scanning....

C:\WINDOWS\system32\lklnn.bak1
C:\WINDOWS\system32\lklnn.ini
C:\WINDOWS\system32\nnlkl.dll

Beginning removal...

 Attempting to delete C:\WINDOWS\system32\lklnn.bak1
C:\WINDOWS\system32\lklnn.bak1 Has been deleted!

 Attempting to delete C:\WINDOWS\system32\lklnn.ini
C:\WINDOWS\system32\lklnn.ini Has been deleted!

 Attempting to delete C:\WINDOWS\system32\nnlkl.dll
C:\WINDOWS\system32\nnlkl.dll Could not be deleted.

Performing Repairs to the registry.
Done!

Beginning removal...

 Attempting to delete C:\WINDOWS\system32\nnlkl.dll
C:\WINDOWS\system32\nnlkl.dll Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.3.9

Checking Java version...

Java version is 1.4.2.4

Java version is 1.5.0.2

Java version is 1.5.0.4

Java version is 1.5.0.6

Java version is 1.5.0.9

Scan started at 1:32:09 PM 2/22/2007

Listing files found while scanning....

C:\WINDOWS\system32\bbbeg.bak1
C:\WINDOWS\system32\bbbeg.ini
C:\WINDOWS\system32\gebbb.dll

Beginning removal...

 Attempting to delete C:\WINDOWS\system32\bbbeg.bak1
C:\WINDOWS\system32\bbbeg.bak1 Has been deleted!

 Attempting to delete C:\WINDOWS\system32\bbbeg.ini
C:\WINDOWS\system32\bbbeg.ini Has been deleted!

 Attempting to delete C:\WINDOWS\system32\gebbb.dll
C:\WINDOWS\system32\gebbb.dll Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.3.9

Checking Java version...

Java version is 1.4.2.4

Java version is 1.5.0.2

Java version is 1.5.0.4

Java version is 1.5.0.6

Java version is 1.5.0.9

Scan started at 1:50:21 PM 2/22/2007

Listing files found while scanning....

C:\WINDOWS\system32\jijjl.bak1
C:\WINDOWS\system32\jijjl.ini
C:\WINDOWS\system32\ljjij.dll

Beginning removal...

 Attempting to delete C:\WINDOWS\system32\jijjl.bak1
C:\WINDOWS\system32\jijjl.bak1 Has been deleted!

 Attempting to delete C:\WINDOWS\system32\jijjl.ini
C:\WINDOWS\system32\jijjl.ini Has been deleted!

 Attempting to delete C:\WINDOWS\system32\ljjij.dll
C:\WINDOWS\system32\ljjij.dll Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.3.9

Checking Java version...

Java version is 1.4.2.4

Java version is 1.5.0.2

Java version is 1.5.0.4

Java version is 1.5.0.6

Java version is 1.5.0.9

Scan started at 2:07:47 PM 2/22/2007

Listing files found while scanning....

C:\WINDOWS\system32\hihhk.bak1
C:\WINDOWS\system32\hihhk.ini
C:\WINDOWS\system32\khhih.dll

Beginning removal...

 Attempting to delete C:\WINDOWS\system32\hihhk.bak1
C:\WINDOWS\system32\hihhk.bak1 Has been deleted!

 Attempting to delete C:\WINDOWS\system32\hihhk.ini
C:\WINDOWS\system32\hihhk.ini Has been deleted!

 Attempting to delete C:\WINDOWS\system32\khhih.dll
C:\WINDOWS\system32\khhih.dll Could not be deleted.

Performing Repairs to the registry.
Done!

Beginning removal...

 Attempting to delete C:\WINDOWS\system32\khhih.dll
C:\WINDOWS\system32\khhih.dll Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.3.9

Checking Java version...

Java version is 1.4.2.4

Java version is 1.5.0.2

Java version is 1.5.0.4

Java version is 1.5.0.6

Java version is 1.5.0.9

Scan started at 2:24:42 PM 2/22/2007

Listing files found while scanning....

No infected files were found.


VundoFix V6.3.9

Checking Java version...

Java version is 1.4.2.4

Java version is 1.5.0.2

Java version is 1.5.0.4

Java version is 1.5.0.6

Java version is 1.5.0.9

Scan started at 5:20:07 PM 2/22/2007

Listing files found while scanning....

C:\WINDOWS\system32\qtsru.bak1
C:\WINDOWS\system32\qtsru.ini
C:\WINDOWS\system32\urstq.dll

Beginning removal...

 Attempting to delete C:\WINDOWS\system32\qtsru.bak1
C:\WINDOWS\system32\qtsru.bak1 Has been deleted!

 Attempting to delete C:\WINDOWS\system32\qtsru.ini
C:\WINDOWS\system32\qtsru.ini Has been deleted!

 Attempting to delete C:\WINDOWS\system32\urstq.dll
C:\WINDOWS\system32\urstq.dll Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.3.9

Checking Java version...

Java version is 1.4.2.4

Java version is 1.5.0.2

Java version is 1.5.0.4

Java version is 1.5.0.6

Java version is 1.5.0.9

Scan started at 5:52:48 PM 2/22/2007

Listing files found while scanning....

No infected files were found.


VundoFix V6.3.9

Checking Java version...

Java version is 1.4.2.4

Java version is 1.5.0.2

Java version is 1.5.0.4

Java version is 1.5.0.6

Java version is 1.5.0.9

Scan started at 7:48:42 PM 2/22/2007

Listing files found while scanning....

C:\WINDOWS\system32\vwyay.bak1
C:\WINDOWS\system32\vwyay.ini
C:\WINDOWS\system32\yaywv.dll

Beginning removal...

 Attempting to delete C:\WINDOWS\system32\vwyay.bak1
C:\WINDOWS\system32\vwyay.bak1 Has been deleted!

 Attempting to delete C:\WINDOWS\system32\vwyay.ini
C:\WINDOWS\system32\vwyay.ini Has been deleted!

 Attempting to delete C:\WINDOWS\system32\yaywv.dll
C:\WINDOWS\system32\yaywv.dll Could not be deleted.

Performing Repairs to the registry.
Done!

Beginning removal...

 Attempting to delete C:\WINDOWS\system32\yaywv.dll
C:\WINDOWS\system32\yaywv.dll Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.3.9

Checking Java version...

Java version is 1.4.2.4

Java version is 1.5.0.2

Java version is 1.5.0.4

Java version is 1.5.0.6

Java version is 1.5.0.9

Scan started at 8:55:03 PM 2/22/2007

Listing files found while scanning....

C:\WINDOWS\system32\gebbx.dll
C:\WINDOWS\system32\xbbeg.bak1
C:\WINDOWS\system32\xbbeg.ini

Beginning removal...

 Attempting to delete C:\WINDOWS\system32\gebbx.dll
C:\WINDOWS\system32\gebbx.dll Could not be deleted.

 Attempting to delete C:\WINDOWS\system32\gebbx.dll
C:\WINDOWS\system32\gebbx.dll Could not be deleted.

 Attempting to delete C:\WINDOWS\system32\xbbeg.bak1
C:\WINDOWS\system32\xbbeg.bak1 Has been deleted!

 Attempting to delete C:\WINDOWS\system32\xbbeg.ini
C:\WINDOWS\system32\xbbeg.ini Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...

 Attempting to delete C:\WINDOWS\system32\gebbx.dll
C:\WINDOWS\system32\gebbx.dll Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.3.9

Checking Java version...

Java version is 1.4.2.4

Java version is 1.5.0.2

Java version is 1.5.0.4

Java version is 1.5.0.6

Java version is 1.5.0.9

Scan started at 9:19:12 PM 2/22/2007

Listing files found while scanning....

C:\WINDOWS\system32\fcyxu.dll
C:\WINDOWS\system32\uxycf.bak1
C:\WINDOWS\system32\uxycf.ini

Beginning removal...

 Attempting to delete C:\WINDOWS\system32\fcyxu.dll
C:\WINDOWS\system32\fcyxu.dll Could not be deleted.

 Attempting to delete C:\WINDOWS\system32\uxycf.bak1
C:\WINDOWS\system32\uxycf.bak1 Has been deleted!

 Attempting to delete C:\WINDOWS\system32\uxycf.ini
C:\WINDOWS\system32\uxycf.ini Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...

 Attempting to delete C:\WINDOWS\system32\fcyxu.dll
C:\WINDOWS\system32\fcyxu.dll Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.3.9

Checking Java version...

Java version is 1.4.2.4

Java version is 1.5.0.2

Java version is 1.5.0.4

Java version is 1.5.0.6

Java version is 1.5.0.9

Scan started at 9:50:44 PM 2/22/2007

Listing files found while scanning....

No infected files were found.


VundoFix V6.3.9

Checking Java version...

Java version is 1.4.2.4

Java version is 1.5.0.2

Java version is 1.5.0.4

Java version is 1.5.0.6

Java version is 1.5.0.9

Scan started at 11:55:19 PM 2/22/2007

Listing files found while scanning....

C:\WINDOWS\system32\beeeg.bak1
C:\WINDOWS\system32\beeeg.ini
C:\WINDOWS\system32\geeeb.dll

Beginning removal...

 Attempting to delete C:\WINDOWS\system32\beeeg.bak1
C:\WINDOWS\system32\beeeg.bak1 Has been deleted!

 Attempting to delete C:\WINDOWS\system32\beeeg.ini
C:\WINDOWS\system32\beeeg.ini Has been deleted!

 Attempting to delete C:\WINDOWS\system32\geeeb.dll
C:\WINDOWS\system32\geeeb.dll Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.3.9

Checking Java version...

Java version is 1.4.2.4

Java version is 1.5.0.2

Java version is 1.5.0.4

Java version is 1.5.0.6

Java version is 1.5.0.9

Scan started at 1:06:15 PM 2/24/2007

Listing files found while scanning....

C:\Documents and settings\Erick Perdomo\Application Data\SearchToolbarCorp\Toolbar Vision\PageHistory.txt
C:\Documents and settings\Erick Perdomo\Application Data\SearchToolbarCorp\Toolbar Vision\WebHistory.txt
C:\WINDOWS\system32\awvsq.dll
C:\WINDOWS\system32\qscqybml.dll
C:\WINDOWS\system32\qslleisr.ini
C:\WINDOWS\system32\qsvwa.bak1
C:\WINDOWS\system32\qsvwa.bak2
C:\WINDOWS\system32\qsvwa.ini
C:\WINDOWS\system32\rsiellsq.dll

Beginning removal...

 Attempting to delete C:\Documents and settings\Erick Perdomo\Application Data\SearchToolbarCorp\Toolbar Vision\PageHistory.txt
C:\Documents and settings\Erick Perdomo\Application Data\SearchToolbarCorp\Toolbar Vision\PageHistory.txt Has been deleted!

 Attempting to delete C:\Documents and settings\Erick Perdomo\Application Data\SearchToolbarCorp\Toolbar Vision\WebHistory.txt
C:\Documents and settings\Erick Perdomo\Application Data\SearchToolbarCorp\Toolbar Vision\WebHistory.txt Has been deleted!

 Attempting to delete C:\WINDOWS\system32\awvsq.dll
C:\WINDOWS\system32\awvsq.dll Has been deleted!

 Attempting to delete C:\WINDOWS\system32\qscqybml.dll
C:\WINDOWS\system32\qscqybml.dll Has been deleted!

 Attempting to delete C:\WINDOWS\system32\qslleisr.ini
C:\WINDOWS\system32\qslleisr.ini Has been deleted!

 Attempting to delete C:\WINDOWS\system32\qsvwa.bak1
C:\WINDOWS\system32\qsvwa.bak1 Has been deleted!

 Attempting to delete C:\WINDOWS\system32\qsvwa.bak2
C:\WINDOWS\system32\qsvwa.bak2 Has been deleted!

 Attempting to delete C:\WINDOWS\system32\qsvwa.ini
C:\WINDOWS\system32\qsvwa.ini Has been deleted!

 Attempting to delete C:\WINDOWS\system32\rsiellsq.dll
C:\WINDOWS\system32\rsiellsq.dll Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.3.9

Checking Java version...

Java version is 1.4.2.4

Java version is 1.5.0.2

Java version is 1.5.0.4

Java version is 1.5.0.6

Java version is 1.5.0.9

Scan started at 4:53:34 PM 2/24/2007

Listing files found while scanning....

 

Silent Runners Log:

Code:

 "Silent Runners.vbs ", revision R50, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by  "{++} "


Startup items buried in registry:
---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
 "CTFMON.EXE" =  "C:\WINDOWS\system32\ctfmon.exe" [MS]
 "msnmsgr" = " "C:\Program Files\MSN Messenger\msnmsgr.exe" /background" [MS]
 "Yahoo! Pager" = " "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet" [ "Yahoo! Inc."]
 "MSMSGS" = " "C:\Program Files\Messenger\msmsgs.exe" /background" [MS]

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
 "Share-to-Web Namespace Daemon" =  "C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [ "Hewlett-Packard"]
 "Cmaudio" =  "RunDll32 cmicnfg.cpl,CMICtrlWnd" [MS]
 "PCTVOICE" =  "pctspk.exe" [ "PCtel, Inc."]
 "SunJavaUpdateSched" = " "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" " [ "Sun Microsystems, Inc."]
 "RoxioEngineUtility" = " "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe" " [ "Roxio"]
 "RoxioDragToDisc" = " "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" " [ "Roxio"]
 "zBrowser Launcher" =  "C:\Program Files\Logitech\iTouch\iTouch.exe" [ "Logitech Inc."]
 "Logitech Utility" =  "Logi_MwX.Exe" [ "Logitech Inc."]
 "Easy-PrintToolBox" =  "C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon" [ "CANON INC."]
 "Realtime Monitor" =  "C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s" [ "Computer Associates International, Inc."]
 "(Default)" =  "(empty string)" [file not found]
 "iTunesHelper" = " "C:\Program Files\iTunes\iTunesHelper.exe" " [ "Apple Computer, Inc."]
 "QuickTime Task" = " "C:\Program Files\QuickTime\qttask.exe" -atboottime" [ "Apple Computer, Inc."]
 "NeroFilterCheck" =  "C:\WINDOWS\system32\NeroCheck.exe" [ "Ahead Software Gmbh"]
 "DVDTray" =  "C:\Program Files\Ahead\ODD Toolkit\DVDTray.exe" [ "Hewlett-Packard Company"]
 "RemoteControl" = " "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" " [ "Cyberlink Corp."]
 "NWEReboot" =  "(empty string)" [file not found]
 "CloneCDTray" = " "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s" [ "SlySoft, Inc."]
 "ATICCC" = " "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay" [null data]
 "SBCSTray" =  "C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe" [ "Sunbelt Software"]
 "SBRegRebootCleaner" =  "C:\Program Files\Sunbelt Software\CounterSpy\SBRC.exe" [ "Sunbelt Software"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
  -> {HKLM...CLSID} =  "Adobe PDF Reader Link Helper "
                   \InProcServer32\(Default) =  "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" [ "Adobe Systems Incorporated"]
{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
  -> {HKLM...CLSID} = (no title provided)
                   \InProcServer32\(Default) =  "C:\Program Files\Spybot - Search & Destroy\SDHelper.dll" [ "Safer Networking Limited"]
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}\(Default) = (no title provided)
  -> {HKLM...CLSID} =  "Yahoo! IE Services Button "
                   \InProcServer32\(Default) =  "C:\Program Files\Yahoo!\Common\yiesrvc.dll" [ "Yahoo! Inc."]
{5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB}\(Default) = (no title provided)
  -> {HKLM...CLSID} =  "PCTools Site Guard "
                   \InProcServer32\(Default) =  "C:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll" [ "PC Tools"]
{657C0630-ECFC-4C17-9E0C-E8ECB5E03D63}\(Default) = (no title provided)
  -> {HKLM...CLSID} = (no title provided)
                   \InProcServer32\(Default) =  "C:\WINDOWS\system32\yabxy.dll" [null data]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
  -> {HKLM...CLSID} =  "SSVHelper Class "
                   \InProcServer32\(Default) =  "C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll" [ "Sun Microsystems, Inc."]
{9030D464-4C02-4ABF-8ECC-5164760863C6}\(Default) = (no title provided)
  -> {HKLM...CLSID} =  "Windows Live Sign-in Helper "
                   \InProcServer32\(Default) =  "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll" [MS]
{AE7CD045-E861-484f-8273-0445EE161910}\(Default) = (no title provided)
  -> {HKLM...CLSID} =  "AcroIEToolbarHelper Class "
                   \InProcServer32\(Default) =  "C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll" [null data]
{B56A7D7D-6927-48C8-A975-17DF180C71AC}\(Default) = (no title provided)
  -> {HKLM...CLSID} =  "PCTools Browser Monitor "
                   \InProcServer32\(Default) =  "C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll" [ "PC Tools"]
{C47A9554-195A-4769-9B13-04F15B450A39}\(Default) = (no title provided)
  -> {HKLM...CLSID} = (no title provided)
                   \InProcServer32\(Default) =  "C:\WINDOWS\system32\xxywvts.dll" [null data]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
 "{42071714-76d4-11d1-8b24-00a0c9068ff3}" =  "Display Panning CPL Extension "
  -> {HKLM...CLSID} =  "Display Panning CPL Extension "
                   \InProcServer32\(Default) =  "deskpan.dll" [file not found]
 "{88895560-9AA2-1069-930E-00AA0030EBC8}" =  "HyperTerminal Icon Ext "
  -> {HKLM...CLSID} =  "HyperTerminal Icon Ext "
                   \InProcServer32\(Default) =  "C:\WINDOWS\System32\hticons.dll" [ "Hilgraeve, Inc."]
 "{00020D75-0000-0000-C000-000000000046}" =  "Microsoft Office Outlook Desktop Icon Handler "
  -> {HKLM...CLSID} =  "Microsoft Office Outlook "
                   \InProcServer32\(Default) =  "C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL" [MS]
 "{0006F045-0000-0000-C000-000000000046}" =  "Microsoft Office Outlook Custom Icon Handler "
  -> {HKLM...CLSID} =  "Outlook File Icon Extension "
                   \InProcServer32\(Default) =  "C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL" [MS]
 "{42042206-2D85-11D3-8CFF-005004838597}" =  "Microsoft Office HTML Icon Handler "
  -> {HKLM...CLSID} = (no title provided)
                   \InProcServer32\(Default) =  "C:\Program Files\Microsoft Office\OFFICE11\msohev.dll" [MS]
 "{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802}" =  "Adobe.Acrobat.ContextMenu "
  -> {HKLM...CLSID} =  "Acrobat Elements Context Menu "
                   \InProcServer32\(Default) =  "C:\Program Files\Adobe\Acrobat 6.0\Acrobat Elements\ContextMenu.dll" [ "Adobe Systems Inc."]
 "{5E44E225-A408-11CF-B581-008029601108}" =  "Roxio DragToDisc Shell Extension "
  -> {HKLM...CLSID} =  "Roxio DragToDisc Shell Extension "
                   \InProcServer32\(Default) =  "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\shellex.dll" [ "Roxio"]
 "{DCED20BE-3645-11D4-BC95-00C04F0E0588}" =  "InoShell "
  -> {HKLM...CLSID} =  "InoShell "
                   \InProcServer32\(Default) =  "C:\Program Files\CA\eTrust Antivirus\InoShell.dll" [ "Computer Associates International, Inc."]
 "{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}" =  "iTunes "
  -> {HKLM...CLSID} =  "iTunes "
                   \InProcServer32\(Default) =  "C:\Program Files\iTunes\iTunesMiniPlayer.dll" [ "Apple Computer, Inc."]
 "{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D}" =  "Messenger Sharing Folders "
  -> {HKLM...CLSID} =  "My Sharing Folders "
                   \InProcServer32\(Default) =  "C:\Program Files\MSN Messenger\fsshext.8.1.0178.00.dll" [MS]
 "{5464D816-CF16-4784-B9F3-75C0DB52B499}" =  "Yahoo! Mail "
  -> {HKLM...CLSID} =  "YMailShellExt Class "
                   \InProcServer32\(Default) =  "C:\PROGRA~1\Yahoo!\Common\ymmapi.dll" [ "Yahoo! Inc."]
 "{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" =  "Shell Extensions for RealOne Player "
  -> {HKLM...CLSID} =  "RealOne Player Context Menu Class "
                   \InProcServer32\(Default) =  "C:\Program Files\Real\RealPlayer\rpshell.dll" [ "RealNetworks, Inc."]
 "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" =  "WinRAR shell extension "
  -> {HKLM...CLSID} =  "WinRAR "
                   \InProcServer32\(Default) =  "C:\Program Files\WinRAR\rarext.dll" [null data]
 "{8f7261d0-d2b9-11d2-9909-00605205b24c}" =  "CuteFTP 8 Professional Shell Extension "
  -> {HKLM...CLSID} =  "CuteFTP 8 Professional Shell Extension "
                   \InProcServer32\(Default) =  "C:\Program Files\GlobalSCAPE\CuteFTP 8 Professional\CuteShell.dll" [ "GlobalSCAPE Texas, LP."]
 "{5E2121EE-0300-11D4-8D3B-444553540000}" =  "Catalyst Context Menu extension "
  -> {HKLM...CLSID} =  "SimpleShlExt Class "
                   \InProcServer32\(Default) =  "C:\Program Files\ATI Technologies\ATI.ACE\atiacmxx.dll" [empty string]
 "{cc86590a-b60a-48e6-996b-41d25ed39a1e}" =  "Portable Media Devices Menu "
  -> {HKLM...CLSID} =  "Portable Media Devices Menu "
                   \InProcServer32\(Default) =  "C:\WINDOWS\system32\Audiodev.dll" [MS]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
<<!>>  "{93994DE8-8239-4655-B1D1-5F4E91300429}" = (no title provided)
  -> {HKLM...CLSID} =  "DVDIdleShell Class "
                   \InProcServer32\(Default) =  "C:\PROGRA~1\DVDREG~1\DVDShell.dll" [ "Fengtao Software Inc."]
<<!>>  "{C47A9554-195A-4769-9B13-04F15B450A39}" =  "*b" (unwritable string)
  -> {HKLM...CLSID} = (no title provided)
                   \InProcServer32\(Default) =  "C:\WINDOWS\system32\xxywvts.dll" [null data]

HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\
 "WPDShServiceObj" =  "{AAA288BA-9A4C-45B0-95D7-94D524869DB5} "
  -> {HKLM...CLSID} =  "WPDShServiceObj Class "
                   \InProcServer32\(Default) =  "C:\WINDOWS\system32\WPDShServiceObj.dll" [MS]

HKLM\System\CurrentControlSet\Control\Session Manager\
<<!>>  "BootExecute" =  "autocheck autochk * "| "SBBD.exe \Device\HarddiskVolume1\WINDOWS\system32\SBFC.dat -d \Device\HarddiskVolume1\WINDOWS\system32\SBSP.dat" [ "Sunbelt Software"]

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
<<!>> AtiExtEvent\DLLName =  "Ati2evxx.dll" [ "ATI Technologies Inc."]
<<!>> qomkj\DLLName =  "C:\WINDOWS\system32\qomkj.dll" [null data]
<<!>> xxywvts\DLLName =  "xxywvts.dll" [null data]
<<!>> yabxy\DLLName =  "C:\WINDOWS\system32\yabxy.dll" [null data]

HKLM\Software\Classes\PROTOCOLS\Filter\
<<!>> text/xml\CLSID =  "{807553E5-5146-11D5-A672-00B0D022E945} "
  -> {HKLM...CLSID} = (no title provided)
                   \InProcServer32\(Default) =  "C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]

HKLM\Software\Classes\Folder\shellex\ColumnHandlers\
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) =  "PDF Column Info "
  -> {HKLM...CLSID} =  "PDF Shell Extension "
                   \InProcServer32\(Default) =  "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" [ "Adobe Systems, Inc."]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
Adobe.Acrobat.ContextMenu\(Default) =  "{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} "
  -> {HKLM...CLSID} =  "Acrobat Elements Context Menu "
                   \InProcServer32\(Default) =  "C:\Program Files\Adobe\Acrobat 6.0\Acrobat Elements\ContextMenu.dll" [ "Adobe Systems Inc."]
CuteFTP 8 Professional\(Default) =  "{8f7261d0-d2b9-11d2-9909-00605205b24c} "
  -> {HKLM...CLSID} =  "CuteFTP 8 Professional Shell Extension "
                   \InProcServer32\(Default) =  "C:\Program Files\GlobalSCAPE\CuteFTP 8 Professional\CuteShell.dll" [ "GlobalSCAPE Texas, LP."]
InoShell\(Default) =  "{DCED20BE-3645-11D4-BC95-00C04F0E0588} "
  -> {HKLM...CLSID} =  "InoShell "
                   \InProcServer32\(Default) =  "C:\Program Files\CA\eTrust Antivirus\InoShell.dll" [ "Computer Associates International, Inc."]
WinRAR\(Default) =  "{B41DB860-8EE4-11D2-9906-E49FADC173CA} "
  -> {HKLM...CLSID} =  "WinRAR "
                   \InProcServer32\(Default) =  "C:\Program Files\WinRAR\rarext.dll" [null data]
Yahoo! Mail\(Default) =  "{5464D816-CF16-4784-B9F3-75C0DB52B499} "
  -> {HKLM...CLSID} =  "YMailShellExt Class "
                   \InProcServer32\(Default) =  "C:\PROGRA~1\Yahoo!\Common\ymmapi.dll" [ "Yahoo! Inc."]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
CuteFTP 8 Professional\(Default) =  "{8f7261d0-d2b9-11d2-9909-00605205b24c} "
  -> {HKLM...CLSID} =  "CuteFTP 8 Professional Shell Extension "
                   \InProcServer32\(Default) =  "C:\Program Files\GlobalSCAPE\CuteFTP 8 Professional\CuteShell.dll" [ "GlobalSCAPE Texas, LP."]
InoShell\(Default) =  "{DCED20BE-3645-11D4-BC95-00C04F0E0588} "
  -> {HKLM...CLSID} =  "InoShell "
                   \InProcServer32\(Default) =  "C:\Program Files\CA\eTrust Antivirus\InoShell.dll" [ "Computer Associates International, Inc."]
WinRAR\(Default) =  "{B41DB860-8EE4-11D2-9906-E49FADC173CA} "
  -> {HKLM...CLSID} =  "WinRAR "
                   \InProcServer32\(Default) =  "C:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
WinRAR\(Default) =  "{B41DB860-8EE4-11D2-9906-E49FADC173CA} "
  -> {HKLM...CLSID} =  "WinRAR "
                   \InProcServer32\(Default) =  "C:\Program Files\WinRAR\rarext.dll" [null data]


Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------

Note: detected settings may not have any effect.

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\

 "shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}

 "undockwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}


Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
 "Wallpaper" =  "C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Wallpaper1.bmp "

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
 "Wallpaper" =  "C:\Documents and Settings\Erick Perdomo\Local Settings\Application Data\Microsoft\Wallpaper1.bmp "


Enabled Screen Saver:
---------------------

HKCU\Control Panel\Desktop\
 "SCRNSAVE.EXE" =  "C:\WINDOWS\System32\logon.scr" [MS]


Startup items in  "Erick Perdomo" &  "All Users" startup folders:
---------------------------------------------------------------

C:\Documents and Settings\Erick Perdomo\Start Menu\Programs\Startup
 "Adobe Gamma" -> shortcut to:  "C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe" [ "Adobe Systems, Inc."]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
 "Adobe Reader Speed Launch" -> shortcut to:  "C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe" [ "Adobe Systems Incorporated"]
 "DataViz Inc Messenger" -> shortcut to:  "C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe" [ "DataViz, Inc."]
 "HotSync Manager" -> shortcut to:  "C:\Program Files\palmOne\Hotsync.exe -logon" [ "PalmSource, Inc"]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath =  "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath =  "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath =  "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 19
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05


Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKLM\Software\Microsoft\Internet Explorer\Toolbar\
 "{47833539-D0C5-4125-9FA8-0819E2EAAC93}" = (no title provided)
  -> {HKLM...CLSID} =  "Adobe PDF "
                   \InProcServer32\(Default) =  "C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll" [null data]
 "{327C2873-E90D-4C37-AA9D-10AC9BABA46C}" =  "Easy-WebPrint "
  -> {HKLM...CLSID} =  "Easy-WebPrint "
                   \InProcServer32\(Default) =  "C:\Program Files\Canon\Easy-WebPrint\Toolband.dll" [null data]

Explorer Bars

HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\
{182EC0BE-5110-49C8-A062-BEB1D02A220B}\(Default) = (no title provided)
  -> {HKLM...CLSID} =  "Adobe PDF "
                   \InProcServer32\(Default) =  "C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll" [null data]
{9455301C-CF6B-11D3-A266-00C04F689C50}\(Default) = (no title provided)
  -> {HKLM...CLSID} =  "&Investigador de Encarta "
                   \InProcServer32\(Default) =  "C:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\EROPROJ.DLL" [MS]

HKLM\Software\Classes\CLSID\{03C1C47F-0538-4645-8372-D3109B9FC636}\(Default) =  "Easy-WebPrint "
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) =  "C:\Program Files\Canon\Easy-WebPrint\Toolband.dll" [null data]

HKLM\Software\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) =  "&Research "
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) =  "C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL" [MS]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
 "MenuText" =  "Sun Java Console "
 "CLSIDExtension" =  "{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBC} "
  -> {HKCU...CLSID} =  "Java Plug-in 1.5.0_11 "
                   \InProcServer32\(Default) =  "C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll" [ "Sun Microsystems, Inc."]
  -> {HKLM...CLSID} =  "Java Plug-in 1.5.0_11 "
                   \InProcServer32\(Default) =  "C:\Program Files\Java\jre1.5.0_11\bin\npjpi150_11.dll" [ "Sun Microsystems, Inc."]

{2D663D1A-8670-49D9-A1A5-4C56B4E14E84}\
 "ButtonText" =  "Spyware Doctor "
 "CLSIDExtension" =  "{A1EDC4A1-940F-48E0-8DFD-E38F1D501021} "
  -> {HKLM...CLSID} =  "PCTools Browser Monitor "
                   \InProcServer32\(Default) =  "C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll" [ "PC Tools"]

{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}\
 "ButtonText" =  "Yahoo! Services "
 "CLSIDExtension" =  "{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} "
  -> {HKLM...CLSID} =  "Yahoo! IE Services Button "
                   \InProcServer32\(Default) =  "C:\Program Files\Yahoo!\Common\yiesrvc.dll" [ "Yahoo! Inc."]

{85D1F590-48F4-11D9-9669-0800200C9A66}\
 "MenuText" =  "Uninstall BitDefender Online Scanner v8 "
 "Exec" =  "%windir%\bdoscandel.exe" [null data]

{92780B25-18CC-41C8-B9BE-3C9C571A8263}\
 "ButtonText" =  "Research "

{9455301C-CF6B-11D3-A266-00C04F689C50}\
 "ButtonText" =  "Investigador "

{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96}\
 "ButtonText" =  "Yahoo! Messenger "
 "MenuText" =  "Yahoo! Messenger "
 "Exec" =  "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [ "Yahoo! Inc."]

{FB5F1910-F110-11D2-BB9E-00C04F795683}\
 "ButtonText" =  "Messenger "
 "MenuText" =  "Windows Messenger "
 "Exec" =  "C:\Program Files\Messenger\msmsgs.exe" [MS]


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

Ati HotKey Poller, Ati HotKey Poller,  "C:\WINDOWS\system32\Ati2evxx.exe" [ "ATI Technologies Inc."]
eTrust Antivirus Job Server, InoTask, " "C:\Program Files\CA\eTrust Antivirus\InoTask.exe" " [ "Computer Associates International, Inc."]
eTrust Antivirus Realtime Server, InoRT, " "C:\Program Files\CA\eTrust Antivirus\InoRT.exe" " [ "Computer Associates International, Inc."]
eTrust Antivirus RPC Server, InoRPC, " "C:\Program Files\CA\eTrust Antivirus\InoRpc.exe" " [ "Computer Associates International, Inc."]
FTP Publishing, MSFtpsvc,  "C:\WINDOWS\system32\inetsrv\inetinfo.exe" [MS]
iPodService, iPodService,  "C:\Program Files\iPod\bin\iPodService.exe" [ "Apple Computer, Inc."]
LightScribeService Direct Disc Labeling Service, LightScribeService, " "C:\Program Files\Common Files\LightScribe\LSSrvc.exe" " [ "Hewlett-Packard Company"]
Machine Debug Manager, MDM, " "C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE" " [MS]
Messenger Sharing Folders USN Journal Reader service, usnjsvc, " "C:\Program Files\MSN Messenger\usnsvc.exe" " [MS]
PC Tools Spyware Doctor, SDhelper,  "C:\Program Files\Spyware Doctor\sdhelp.exe" [ "PC Tools Research Pty Ltd"]
Sunbelt CounterSpy Antispyware, SBCSSvc, " "C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe" " [ "Sunbelt Software"]
WMDM PMSP Service, WMDM PMSP Service,  "C:\WINDOWS\System32\MsPMSPSv.exe" [MS]


Print Monitors:
---------------

HKLM\System\CurrentControlSet\Control\Print\Monitors\
Adobe PDF Port\Driver =  "C:\WINDOWS\System32\AdobePDF.dll" [ "Adobe Systems Incorporated."]
Canon BJ Language Monitor PIXMA iP2000\Driver =  "CNMLM66.DLL" [ "CANON INC."]
Ice Monitor M\Driver =  "BiMMonNT.dll" [ "Black Ice Software"]
Microsoft Document Imaging Writer Monitor\Driver =  "mdimon.dll" [MS]


----------
<<!>>: Suspicious data at a malware launch point.

+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
  launch it from a command prompt or a shortcut with the -all parameter.
+ The search for DESKTOP.INI DLL launch points on all local fixed drives
  took 1306 seconds.
---------- (total run time: 1601 seconds)

Sorry for the 3 posts but there is a character limit in place ...

I still continue to see pop ups from these sites any help will be much appreciated.

Thank you

 

Hi Technocrat
Welcome to windowsbbs

First, Please don't add your replys in a code box. Just copy and paste them here.
Thanks

Before you run a scan after the set up, Please rename Hijackthis.exe to Killer.exe, then run the scan and post the log here.
Thanks

* Click here to download HJTsetup.exe

• Save HJTsetup.exe to your desktop.
• Doubleclick on the HJTsetup.exe icon on your desktop.
• By default it will install to C:\Program Files\Hijack This.
• Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
• Put a check by Create a desktop icon then click Next again.
• Continue to follow the rest of the prompts from there.
• At the final dialogue box click Finish and it will launch Hijack This.
• Click on the Scan button.
  You will notice the [Scan] button will turn into a [Save Log] button. [/b] It will scan and the log should open in notepad.
• Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
• Come back here to this thread and Paste the log in your next reply.
• DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.

Thanks
Geri

 

Hello thanks for the reply and apologize for the above.

HJT Log:

Logfile of HijackThis v1.99.1
Scan saved at 8:12:05 PM, on 2/24/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
C:\Program Files\CA\eTrust Antivirus\InoRT.exe
C:\Program Files\CA\eTrust Antivirus\InoTask.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\PROGRA~1\CA\ETRUST~1\realmon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Ahead\ODD Toolkit\DVDTray.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
C:\Program Files\palmOne\Hotsync.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Erick Perdomo\Desktop\FixVundo.exe
C:\Program Files\Teamspeak2_RC2\TeamSpeak.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\HJT\Killer.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?linkid=62509
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1B055EC5-9A88-466E-A612-6E7BFC440519} - C:\WINDOWS\system32\iiiif.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll
O2 - BHO: (no name) - {657C0630-ECFC-4C17-9E0C-E8ECB5E03D63} - C:\WINDOWS\system32\yabxy.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O2 - BHO: (no name) - {C47A9554-195A-4769-9B13-04F15B450A39} - C:\WINDOWS\system32\xxywvts.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe "
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe "
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe "
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DVDTray] C:\Program Files\Ahead\ODD Toolkit\DVDTray.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe "
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Investigador - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.3.102.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712....akamai.com/6712/player/install/installer.exe
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: iiiif - C:\WINDOWS\system32\iiiif.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: xxywvts - C:\WINDOWS\SYSTEM32\xxywvts.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apache2Triad Apache2 Service (Apache2) - Unknown owner - C:\apache2triad\bin\apache.exe" -n Apache2 -k runservice (file missing)
O23 - Service: Apache2Triad Apache2 Service with SSL (Apache2SSL) - Unknown owner - C:\apache2triad\bin\apache.exe" -D SSL -n Apache2SSL -k runservice (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Apache2Triad MySql Service (MySql) - Unknown owner - C:\apache2triad\mysql\bin\mysqld.exe
O23 - Service: Apache2Triad PostgreSQL Service (PgSql) - Unknown owner - C:\apache2triad\pgsql\bin\pg_ctl.exe" runservice -N PgSql -D C:\apache2triad\pgsql\data\ (file missing)
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Apache2Triad Xmail Service (XMail) - Unknown owner - C:\apache2triad\mail\bin\XMail.exe

 

Hi Technocrat

• Double-click VundoFix.exe to run it.
  Right click in the white box
  Click on add more files
  * Copy&Paste the 2 entries below into the top 2 boxes
  
  C:\WINDOWS\system32\iiiif.dll
  C:\WINDOWS\system32\xxywvts.dll
  
  * Click Add Files and Click Close Window
• Click the Scan for Vundo button.
• Once it's done scanning, click the Remove Vundo button.
• You will receive a prompt asking if you want to remove the files, click YES
• Once you click yes, your desktop will go blank as it starts removing Vundo.
• When completed, it will prompt that it will reboot your computer, click OK.
• Please post the contents of C:\vundofix.txt and a new HiJackThis log in a reply to this thread.

Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.

Please run HJT again and post a new log here

Geri

 

Thanks below are the new log files ...

VunduFix log:
C:\WINDOWS\system32\fiiii.bak1
C:\WINDOWS\system32\fiiii.ini
C:\WINDOWS\system32\fiiii.tmp
C:\WINDOWS\system32\iiiif.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\fiiii.bak1
C:\WINDOWS\system32\fiiii.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\fiiii.ini
C:\WINDOWS\system32\fiiii.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\iiiif.dll
C:\WINDOWS\system32\iiiif.dll Could not be deleted.

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\WINDOWS\system32\iiiif.dll
C:\WINDOWS\system32\iiiif.dll Has been deleted!

Performing Repairs to the registry.
Done!

HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 3:13:46 AM, on 2/25/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
C:\Program Files\CA\eTrust Antivirus\InoRT.exe
C:\Program Files\CA\eTrust Antivirus\InoTask.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\PROGRA~1\CA\ETRUST~1\realmon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Ahead\ODD Toolkit\DVDTray.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
C:\Program Files\palmOne\Hotsync.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\HJT\Killer.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?linkid=62509
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1B055EC5-9A88-466E-A612-6E7BFC440519} - C:\WINDOWS\system32\iiiif.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll
O2 - BHO: (no name) - {657C0630-ECFC-4C17-9E0C-E8ECB5E03D63} - C:\WINDOWS\system32\yabxy.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O2 - BHO: (no name) - {C47A9554-195A-4769-9B13-04F15B450A39} - C:\WINDOWS\system32\xxywvts.dll (file missing)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe "
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe "
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe "
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DVDTray] C:\Program Files\Ahead\ODD Toolkit\DVDTray.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe "
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Investigador - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.3.102.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712....akamai.com/6712/player/install/installer.exe
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: xxywvts - xxywvts.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apache2Triad Apache2 Service (Apache2) - Unknown owner - C:\apache2triad\bin\apache.exe" -n Apache2 -k runservice (file missing)
O23 - Service: Apache2Triad Apache2 Service with SSL (Apache2SSL) - Unknown owner - C:\apache2triad\bin\apache.exe" -D SSL -n Apache2SSL -k runservice (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Apache2Triad MySql Service (MySql) - Unknown owner - C:\apache2triad\mysql\bin\mysqld.exe
O23 - Service: Apache2Triad PostgreSQL Service (PgSql) - Unknown owner - C:\apache2triad\pgsql\bin\pg_ctl.exe" runservice -N PgSql -D C:\apache2triad\pgsql\data\ (file missing)
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Apache2Triad Xmail Service (XMail) - Unknown owner - C:\apache2triad\mail\bin\XMail.exe

 

Hi Technocrat

Please re-open HiJackThis and scan only. Check the boxes next to all the entries listed below.

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?linkid=62509
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {1B055EC5-9A88-466E-A612-6E7BFC440519} - C:\WINDOWS\system32\iiiif.dll (file missing)
O2 - BHO: (no name) - {657C0630-ECFC-4C17-9E0C-E8ECB5E03D63} - C:\WINDOWS\system32\yabxy.dll (file missing)
O2 - BHO: (no name) - {C47A9554-195A-4769-9B13-04F15B450A39} - C:\WINDOWS\system32\xxywvts.dll (file missing)
O20 - Winlogon Notify: xxywvts - xxywvts.dll (file missing)

Now close all windows other than HiJackThis, then click Fix Checked.

Close HJT.

After that, Reboot.

Please post a New HJT Log into this Thread to make sure Vundo is gone.

Any more pop ups?

Geri

 

Thanks for your assistance below is the new HJT.log file:

Logfile of HijackThis v1.99.1
Scan saved at 9:34:46 PM, on 2/25/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
C:\Program Files\CA\eTrust Antivirus\InoRT.exe
C:\Program Files\CA\eTrust Antivirus\InoTask.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\CA\SHARED~1\SCANEN~1\InoDist.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\PROGRA~1\CA\ETRUST~1\realmon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Program Files\Ahead\ODD Toolkit\DVDTray.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\palmOne\Hotsync.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\HJT\Killer.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe "
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe "
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe "
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DVDTray] C:\Program Files\Ahead\ODD Toolkit\DVDTray.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe "
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Investigador - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.3.102.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712....akamai.com/6712/player/install/installer.exe
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apache2Triad Apache2 Service (Apache2) - Unknown owner - C:\apache2triad\bin\apache.exe" -n Apache2 -k runservice (file missing)
O23 - Service: Apache2Triad Apache2 Service with SSL (Apache2SSL) - Unknown owner - C:\apache2triad\bin\apache.exe" -D SSL -n Apache2SSL -k runservice (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Apache2Triad MySql Service (MySql) - Unknown owner - C:\apache2triad\mysql\bin\mysqld.exe
O23 - Service: Apache2Triad PostgreSQL Service (PgSql) - Unknown owner - C:\apache2triad\pgsql\bin\pg_ctl.exe" runservice -N PgSql -D C:\apache2triad\pgsql\data\ (file missing)
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Apache2Triad Xmail Service (XMail) - Unknown owner - C:\apache2triad\mail\bin\XMail.exe

 

Hi Technocrat

Your log looks clean.
Any more problems? Pop-ups?

Please let me know,
If not then there's just a few more things to do.

We have just a few more things to do, mostly maintenance and then our recommendations:

Delete all your cookies, and empty your recycle bin. But remember, by deleting your cookies, you will have to re-enter any passwords and log-in info for any sites you are usually required to do so with.

This would also be a good time to set a new system restore point for your machine.
Set New System Restore Point. Do not do this unless there are no other user accounts to be diagnosed.

Also, as you are an XP user, if there are any other accounts on this machine, they too, must be cleaned with AdAware, Spybot S&D, then HJT. Not all infections are global, nor are all the HJT fixes global. You can post each user account here into this thread, but please, do only one at a time to avoid confusion. It is very rare that anything significant is ever found.

The following is a list of tools and utilities that I like to suggest to people. This list is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again.

1. Spybot Search & Destroy - Uber powerful tool which can search and annhilate nasties that make it onto your system. Now with an Immunize section that will help prevent future infections.
   
   
2. AdAware - Another very powerful tool which searches and kills nasties that infect your system. AdAware and Spybot Search & Destroy compliment each other very well.
   
   
3. SpywareBlaster - Great prevention tool to keep nasties from installing on your system.
   
   
4. SpywareGuard - Works as a Spyware "Shield" to protect your computer from getting malware in the first place.
   
   
5. IE-SpyAd - puts over 23,000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all,
   and MVPS Hosts File will accomplish a similar tactic and provide another layer of protection.
   
   
6. Install WinPatrol to prevent unknown applications from being inserted to start up on your machine
   
   Now just because you have security apps installed, they are useless unless updated regularly.
   
   
7. Another thing I would suggest, is to install SiteAdvisor. It gives sites a few different 'ratings' and while not fool proof, a good additional layer of information about many sites.
   
   
8. ATF Cleaner by Atribune.
   This program is for XP and Windows 2000 only, Cleans out temporary files all the garbage you collect while surfing the web.
   
   
9. Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
   
   
10. Google Toolbar - Free google toolbar that allows you to use the powerful Google search engine from the bar, but also blocks pop up windows.
    
11. Trillian or Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)

To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein

Surf Safely
Geri

 

Thank you so far I have not noticed any pop-ups. I will follow your recommendations and report back if I notice the pop-ups.

 

Hey Geri, I was hoping for some help on the same problem, I've ran the first step as you suggested before and this is the log thingy that I have.

Logfile of HijackThis v1.99.1
Scan saved at 7:53:38 PM, on 3/23/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\freecell.exe
C:\Program Files\Java\jre1.5.0_08\bin\jucheck.exe
C:\Program Files\Hijackthis\HijackThis.exe

O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe "
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [ShowLOMControl]

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe "
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe "
O4 - HKLM\..\Run: [nietjdi.dll] C:\WINDOWS\system32\rundll32.exe "C:\Documents and Settings\JimmyJ\Local Settings\Application Data\nietjdi.dll ",emjwfab
O4 - HKLM\..\Run: [SoundService] rundll32.exe "C:\WINDOWS\system32\ukqfpesh.dll ",setvm
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {07b7f771-1b8e-4b7b-823e-ffac1732aa9e} - (no file) (HKCU)
O9 - Extra button: (no name) - {07b7f771-1b8e-4b7b-823e-ffac1732aa9f} - (no file) (HKCU)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: COM+ Messages - Unknown owner - C:\WINDOWS\system32\svchosts.exe" -e mc-110-12-0000272 (file missing)
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE



Would love if you could help.

 

Hello Geri. Same problem. This is my scan file. Thank You.


Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 6:31:32 PM, on 3/23/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
C:\Program Files\Lavasoft\Ad-Aware Pro\aawservice.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\totalcmd\TOTALCMD.EXE
c:\PC Tools\Antivirus\HiJackThis\killer.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://esupport.sony.com/US/perl/model-swu.pl?mdl=VGN-FS980
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {195C304F-FCCF-47FF-B40D-03049C0504D4} - (no file)
O2 - BHO: (no name) - {2C58AADB-ED25-4266-859C-89E506FF45F8} - C:\WINDOWS\system32\rqrolli.dll
O2 - BHO: (no name) - {47C93594-0ECC-43A4-80A6-E4E7EC6FFF92} - C:\WINDOWS\system32\kfysbphi.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {A26E7D7E-A735-49C9-B468-CD4D7F9CBD66} - C:\WINDOWS\system32\awtqo.dll
O2 - BHO: (no name) - {A9C3E9A7-DEBF-4AED-BDFA-8FB48C26DD5A} - (no file)
O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~1\TEXTware\QUICKF~1\PlugIns\IEHelp.dll
O2 - BHO: (no name) - {D38439EC-4A7F-42b4-90C2-D810D7778FDD} - (no file)
O2 - BHO: (no name) - {E49980E2-9290-4C68-8AA8-1AD0F3BD7E85} - C:\WINDOWS\system32\kfysbphi.dll
O4 - HKLM\..\Run: [Apoint] "C:\Program Files\Apoint\Apoint.exe "
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AzMixerSel] "C:\Program Files\Realtek\InstallShield\AzMixerSel.exe "
O4 - HKLM\..\Run: [VAIO Recovery] "C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe "
O4 - HKLM\..\Run: [SonyPowerCfg] "C:\Program Files\Sony\VAIO Power Management\SPMgr.exe "
O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe "
O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [PartSeal] "C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe "
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe "
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe "
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SweetIM] "C:\Program Files\Macrogaming\SweetIM\SweetIM.exe "
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe "
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe "
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe "
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKLM\..\Run: [SoundService] rundll32.exe "C:\WINDOWS\system32\lltbegsv.dll ",setvm
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe "
O4 - HKCU\..\Run: [SweetIM] "C:\Program Files\Macrogaming\SweetIM\SweetIM.exe "
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} - http://a516.g.akamai.net/f/516/25175/7d/runaware.download.akamai.com/25175/citrix/wficat-no-eula.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7885BC44-CAAC-43CF-A71E-E9647E2DAA32}: NameServer = 192.168.2.4
O17 - HKLM\System\CCS\Services\Tcpip\..\{FED69837-5A4D-4F09-BFF3-F4AEC1D7BC3E}: NameServer = 192.168.2.4
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: awtqo - C:\WINDOWS\system32\awtqo.dll
O20 - Winlogon Notify: rqrolli - C:\WINDOWS\SYSTEM32\rqrolli.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware Pro\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\Image Converter 2\IcVzMon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe

--
End of file - 11298 bytes

 

Hi JazzyJimmyJ and Docteur
Welcome to windowsbbs

Please each start a thread of your own and post your HJT log.
Some one will be glad to help you out.

Geri

 

Due to resolution this topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

All others who posted into this thread, please do as Geri instructed and begin a new thread for your diagnosis, thanks for cooperating.