need serious help

[nikeman]

computer is running slow and has errors when shutting down.


Logfile of HijackThis v1.99.1
Scan saved at 10:39:27 AM, on 2/1/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Startup Mechanic\StartupMonitor.exe
C:\Program Files\Muiltmedia keyboard utility\1.1\KbdAp32A.exe
C:\Program Files\Common Files\AOL\1147027804\ee\AOLSoftware.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\dvd43\dvd43_tray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\BitLord\Downloads\BitLord Pro [UseNext]\Bitlord Pro (UseNext)\Bitlord Pro (UseNext) incl acount-maker 100% working. Download with ur whole bandwitch. Enjoy\svchost.exe
C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\WallaPaper\WallaPaper.exe
C:\windows\system32\rlvknlg.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Java\jre1.5.0_09\bin\jucheck.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Robert Wilmoth\Application Data\Allume Systems\StuffIt\Temp\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.peoplepc.com/search
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://zzz.lx.ro/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://zzz.lx.ro/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://zzz.lx.ro/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://zzz.lx.ro/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: CoTGT_BHO Class - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [Instant Buzz Daemon] C:\Program Files\Instant Buzz\IBDaemon.exe
O4 - HKLM\..\Run: [FLMK08KB] C:\Program Files\Muiltmedia keyboard utility\1.1\MMKEYBD.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Startup Manager Scanner] C:\Program Files\Startup Mechanic\StartupMonitor.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1147027804\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Generic Host Process for Win32 Services] C:\Program Files\BitLord\Downloads\BitLord Pro [UseNext]\Bitlord Pro (UseNext)\Bitlord Pro (UseNext) incl acount-maker 100% working. Download with ur whole bandwitch. Enjoy\svchost.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: WallaPaper.LNK = C:\Program Files\WallaPaper\WallaPaper.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Instant Buzz - {066040F0-5018-4E15-8AA0-81D36136D989} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835
O16 - DPF: {1DF36010-E276-11D4-A7C0-00C04F0453DD} (Stamps.com Secure Postal Account Registration) - https://secure.stamps.com/download/u...4/sdcregie.cab
O16 - DPF: {BE5431D2-0F30-11D4-89D9-00C04F509C0A} (SDCInstaller Class) - https://secure.stamps.com/download/u...ile=stamps.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: NTLOAD - Unknown owner - c:\windows\system32\dllcache\win32\winlogon.exe
O23 - Service: NTSVCMGR - Unknown owner - c:\windows\system32\dllcache\win32\winlogon.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

[Glaswegian]

Hi and welcome to the Security Forum.

Apologies for any delay in replying, but we have been rather busy lately, and, of course, all our helpers are volunteers.

Since it has been a few days since you first posted, please post a fresh HijackThis Log if you still need assistance. In order to provide you with the best possible help, please ensure that HijackThis logs are produced only while in Normal Mode.

Thank you for your patience.

[nikeman]

Logfile of HijackThis v1.99.1
Scan saved at 1:10:06 AM, on 2/6/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Startup Mechanic\StartupMonitor.exe
C:\Program Files\Common Files\AOL\1147027804\ee\AOLSoftware.exe
C:\Program Files\dvd43\dvd43_tray.exe
C:\Program Files\Muiltmedia keyboard utility\1.1\KbdAp32A.exe
C:\Program Files\BitLord\Downloads\BitLord Pro [UseNext]\Bitlord Pro (UseNext)\Bitlord Pro (UseNext) incl acount-maker 100% working. Download with ur whole bandwitch. Enjoy\svchost.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\WallaPaper\WallaPaper.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Documents and Settings\Robert Wilmoth\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.peoplepc.com/search
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://zzz.lx.ro/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://zzz.lx.ro/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://zzz.lx.ro/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://zzz.lx.ro/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: CoTGT_BHO Class - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll
O2 - BHO: OToolbarHelper Class - {EAD3A971-6A23-4246-8691-C9244E858967} - C:\Program Files\PayPal\PayPal Virtual Debit Card\PayPalHelper.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: PayPal Virtual Debit Card - {DC0F2F93-27FA-4f84-ACAA-9416F90B9511} - C:\Program Files\PayPal\PayPal Virtual Debit Card\OToolbar.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [Instant Buzz Daemon] C:\Program Files\Instant Buzz\IBDaemon.exe
O4 - HKLM\..\Run: [FLMK08KB] C:\Program Files\Muiltmedia keyboard utility\1.1\MMKEYBD.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Startup Manager Scanner] C:\Program Files\Startup Mechanic\StartupMonitor.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1147027804\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe
O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
O4 - HKLM\..\Run: [Generic Host Process for Win32 Services] C:\Program Files\BitLord\Downloads\BitLord Pro [UseNext]\Bitlord Pro (UseNext)\Bitlord Pro (UseNext) incl acount-maker 100% working. Download with ur whole bandwitch. Enjoy\svchost.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [PayPal Virtual Debit Card] rundll32.exe C:\PROGRA~1\PayPal\PAYPAL~1\OToolbar.dll,StartUp /dontopenmycards
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: WallaPaper.LNK = C:\Program Files\WallaPaper\WallaPaper.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Instant Buzz - {066040F0-5018-4E15-8AA0-81D36136D989} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls(2)(2).dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls(2)(2).dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls(2)(2).dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls(2)(2).dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls(2)(2).dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls(2)(2).dll
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835
O16 - DPF: {1DF36010-E276-11D4-A7C0-00C04F0453DD} (Stamps.com Secure Postal Account Registration) - https://secure.stamps.com/download/u...4/sdcregie.cab
O16 - DPF: {BE5431D2-0F30-11D4-89D9-00C04F509C0A} (SDCInstaller Class) - https://secure.stamps.com/download/u...ile=stamps.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: NTLOAD - Unknown owner - c:\windows\system32\dllcache\win32\winlogon.exe
O23 - Service: NTSVCMGR - Unknown owner - c:\windows\system32\dllcache\win32\winlogon.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

[Glaswegian]

Hi again nikeman.

My name is Iain and I will be helping you clean your system.

There's not a great deal showing in your log, so we'll do some cleaning and see what may turn up.

You may wish to Subscribe to this thread (Thread Tools > Subscribe to this thread) so that you are notified when you receive a reply.

Please read these instructions carefully and then print out or copy this page to Notepad in order to assist you when carrying out the fix. You should not have any open browsers or live internet connections when you are following the procedures below.

Note that the fix may take several posts. Please continue to respond to my instructions until I confirm that your system is clean. Remember that although your symptoms may vanish, this does NOT mean that your system is clean.

If there is anything you don't understand, please ask BEFORE proceeding with the fixes.

Please ensure that you follow the instructions in the order I have them listed.



P2P - I see you have P2P software (i.e. Bitlord) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation. This page will give you further information.



Anti Virus
I see you appear to have more than one Anti Virus programme on your system – McAfee and AVG. While this may seem to offer extra protection it is not a good idea! There will be conflicts between the programmes and your system may become unstable as a consequence. If you have both installed please uninstall one anti virus - the choice is yours.



Show Hidden Files
Go to My Computer > Tools > Folder Options > View tab and make sure that Show hidden files and folders is enabled. Also make sure that the System files and Folders are showing / visible. Uncheck the Hide protected operating system files option.



Downloads
Please download Cleanup! or use this Alternate Link if the main link does not work and install it. You will use this later.
*NOTE* Cleanup deletes EVERYTHING out of temporary folders and does NOT make backups. If you have any files in any TEMP directory and you need to keep them, then please MOVE THEM NOW!


Download AVG Anti Spyware

Use the link at the bottom of the page under "AVG Anti-Spyware Free for Windows"

• Install AVG Anti Spyware
• Double-click the icon on Desktop to launch AVG
• On the top of the main screen click Shield
• Click the word active to change it to inactive
• On the top of the main screen click Update.
• Then click on Start Update. The update will start and a progress bar will show the updates being installed.
• Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
• Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
• Under "Reports"
  • Select "Automatically generate report after every scan"
  • Un-Select "Only if threats were found"

When you have finished updating, EXIT AVG Anti Spyware.


Download LSPFix.exe. Do not use it yet.



Services
Click Start->Run - type SERVICES.MSC & then click on the OK button

• Locate the service - NTLOAD
• Double-click on it to open the Properties dialog.
  • Under the General tab, note down the name of "Service name". We shall need it later.
• Stop the service by using the Stop button.
• Change the Startup type to Disabled & then click on the OK button

• Then start HiJackThis & go to Config > Misc.Tools...> Delete an NT service...
• In the popup box that appears, type in "Service name", i.e the name of the service you just noted as above, & then click on the OK button

.

Repeat the above for the service NTSVCMGR




Reboot
Reboot your system in Safe Mode.

• Restart the computer. The computer begins processing a set of instructions known as BIOS.
• After hearing your computer beep once during startup, but before the Windows icon appears, press F8 (dependent on your system this may be F5 or another key)
• Instead of Windows loading as normal, a menu should appear
• Use the arrow key to highlight Safe Mode and press Enter.

Uninstall Programmes
Click > Start > Control Panel > Add / Remove Programs and uninstall the following programs (if present):

RelevantKnowledge or similar




HijackThis
Open Hijack This and click on Scan. Look to see if any of the following entries are still showing:

O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls(2)(2).dll

If they still exist, please follow the instructions for running LSPFix below. If not, skip this step and continue with File Deletions.


Instructions for using LSPFix

• Double click on LSPFix.exe to run it.
• Once running, you will be required to tick the disclaimer - "I know what I'm doing".
• You'll find a window with 2 panes.
• In the left pane which is labeled Keep, select all instances of this file
  • rlls(2)(2).dll or any rlls.dll
• Then click on the arrow pointing to the right, >>
• This will move the entry to the right pane labeled Remove
• Click the Finish button to complete the fix.

If you are unsure about removing certain files, click on the red ‘X’ to close the programme (not ‘Finish’), please come back and post the filenames here and I will advise you how to proceed.




File Deletions
Delete the following File indicated in RED if it still exists.

c:\windows\system32\dllcache\win32\winlogon.exe <- - This filename from THIS location ONLY




Run CleanUp!
*NOTE* Cleanup deletes EVERYTHING out of temporary folders and does NOT make backups. If you have any files in any TEMP directory and you need to keep them, then please MOVE THEM NOW!

Open Cleanup! by double-clicking the icon on your desktop (or from Start > All Programs). Set the program up as follows:

Click Options
Move the slider button down to Custom CleanUp!
Check the following:

• Empty Recycle Bins
• Delete Cookies
• Delete Prefetch files
• Cleanup! All Users
• Click on the “Temporary Files” tab and uncheck the box for “Scan drives for file matching” if it’s checked.

Click OK, Press the CleanUp! button to start the program and DO NOT REBOOT when prompted.
Note: CleanUp! deletes EVERYTHING out of your temp/temporary folders, it does not make backups. If you have any documents or programs that are saved in any Temporary Folders, please make a backup of these BEFORE running CleanUp! If you have a 64 bit Operating System do NOT run Cleanup and let me know as we will use another utility.




Run AVG Anti Spyware
Run AVG with it's updated definitions:(...it's important that all windows must be closed)

• Click Scanner
• Click on the Scan tab
• Click Complete System Scan to begin scanning.
• When the scan is complete click Recommended Action and change it to Quarantine
• Then click Apply all actions

Once finished, click the Save report button, then click Save Report As and save it to your desktop.

NOTE: AVG scan may require an hour.



Reboot
Reboot your system in Normal Mode.



Online Scan
Perform an online scan with Internet Explorer with Panda ActiveScan

1. Click on located at the bottom of the page.
2. A "pop up" window will appear. * Please ensure that your pop up blocker doesn't block it *
3. Enter your e-mail address, country, and state & click "Free Online Scan" *The download of the 8 MB Panda's ActiveX control will take place*

Begin the scan by selecting

• If it finds any malware, it will offer you a report.
• Please ignore any entry it finds and the offer to buy the program to remove the entry, as we will address this later.
• Click on then click

* You needn't remain online while it's doing the scan but you have to re-connect after it has finished to see the report.
* Turn off the real time scanner of any existing antivirus program while performing the online scan



Logs required
AVG Log
Panda Log
HijackThis Log

Please also let me know how your system is performing now and if you have any specific problems. In order to provide you with the best possible help, please ensure that HijackThis logs are produced only while in Normal Mode.

[nikeman]

ok, i did all of that except the panda thing because it wouldnt work...

Cleanup:

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 2:42:42 AM 2/7/2007

+ Scan result:



HKU\S-1-5-21-1390067357-1972579041-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EA0D26BD-9029-431A-86E0-83152D67828A} -> Adware.180Solutions : Cleaned with backup (quarantined).
HKU\S-1-5-21-1390067357-1972579041-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EA0D26BD-9029-431A-86E0-83152D67828A} -> Adware.180Solutions : Cleaned with backup (quarantined).
C:\Documents and Settings\Robert Wilmoth\Application Data\Mozilla\Firefox\Profiles\xv57cp2s.default\Cache(3)\ADFC2814d01 -> Adware.Casino : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{066040F0-5018-4E15-8AA0-81D36136D989}\\BandCLSID -> Adware.InstantBuzz : Cleaned with backup (quarantined).
C:\WINDOWS\system32\sockdebug.exe -> Adware.MediaBack : Cleaned with backup (quarantined).
C:\Program Files\themexp\Themexp.org File\NNWDAB638.EXE -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{830FA07E-7156-4B92-923F-D87BDF378A14}\RP724\A0260197.dll -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{830FA07E-7156-4B92-923F-D87BDF378A14}\RP725\A0260210.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{830FA07E-7156-4B92-923F-D87BDF378A14}\RP725\A0260211.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{830FA07E-7156-4B92-923F-D87BDF378A14}\RP725\A0260213.dll -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{830FA07E-7156-4B92-923F-D87BDF378A14}\RP737\A0263296.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{830FA07E-7156-4B92-923F-D87BDF378A14}\RP737\A0263297.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{830FA07E-7156-4B92-923F-D87BDF378A14}\RP724\A0260201.exe -> Adware.Relevant : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{830FA07E-7156-4B92-923F-D87BDF378A14}\RP726\A0260232.exe -> Adware.Relevant : Cleaned with backup (quarantined).
C:\Documents and Settings\Robert Wilmoth\Start Menu\Programs\WhenU -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\Documents and Settings\Robert Wilmoth\Start Menu\Programs\WhenU\Customer Support.lnk -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\Documents and Settings\Robert Wilmoth\Start Menu\Programs\WhenU\Learn More About WhenU Save.url -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\Documents and Settings\Robert Wilmoth\Start Menu\Programs\WhenU\Learn More About WhenU SaveNow.url -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\Documents and Settings\Robert Wilmoth\Start Menu\Programs\WhenU\Uninstall Instructions.lnk -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\Documents and Settings\Robert Wilmoth\Start Menu\Programs\WhenU\WhenU.com Website.url -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\Program Files\Mozilla Firefox\extensions\{BEE3E87E-E1C6-4bfe-BE9D-48E84271AB34}\components\whenu_ff.dll -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\Program Files\Save -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\Program Files\Save\ACM.dll -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\Program Files\Save\ffext.mod -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\Program Files\Save\store.db -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\Program Files\filesubmit\testingxp.zip\VVSNInst.exe -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{830FA07E-7156-4B92-923F-D87BDF378A14}\RP730\A0260375.exe -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBarBHO.dll -> Adware.Viewpoint : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{830FA07E-7156-4B92-923F-D87BDF378A14}\RP755\A0272585.ini -> Backdoor.Zapchast : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{830FA07E-7156-4B92-923F-D87BDF378A14}\RP755\A0272590.ini -> Backdoor.Zapchast : Cleaned with backup (quarantined).
C:\WINDOWS\system32\include\conn.ini -> Backdoor.Zapchast.NY : Cleaned with backup (quarantined).
C:\WINDOWS\system32\include\updater.ini -> Backdoor.Zapchast.NY : Cleaned with backup (quarantined).
C:\WINDOWS\system32\include\Setup.exe -> Downloader.IstBar : Cleaned with backup (quarantined).
C:\data -> Downloader.IstBar.nh : Cleaned with backup (quarantined).
C:\WINDOWS\system32\pcmgrnet.exe -> Hijacker.Small.cp : Cleaned with backup (quarantined).
C:\Program Files\Son zone\Cache\000037e6_43c387e3_000b71b0 -> Not-A-Virus.Exploit.CookStealer.A : Cleaned with backup (quarantined).
C:\WINDOWS\system32\dllcache\win32\psshutdown.exe -> Not-A-Virus.HackTool.Win32.Brumer.e : Cleaned with backup (quarantined).
C:\WINDOWS\system32\Sys\iexplore.exe -> Not-A-Virus.Monitor.Win32.Ardamax : Cleaned with backup (quarantined).
C:\Program Files\BitLord\Downloads\PDF converter 4.0 - Convert PDF to Excel, Word & More\InstallAble2Extract.exe -> Not-A-Virus.Monitor.Win32.Ardamax.k : Cleaned with backup (quarantined).
C:\Documents and Settings\Robert Wilmoth\My Documents\RunMe.exe -> Not-A-Virus.VirTool.Win32.AvSpoffer.a : Cleaned with backup (quarantined).
C:\Program Files\Mozilla Firefox\RunMe.exe -> Not-A-Virus.VirTool.Win32.AvSpoffer.a : Cleaned with backup (quarantined).
:mozilla.138:C:\Documents and Settings\Robert Wilmoth\Application Data\Mozilla\Firefox\Profiles\4t01tdle.Robert\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.139:C:\Documents and Settings\Robert Wilmoth\Application Data\Mozilla\Firefox\Profiles\4t01tdle.Robert\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.140:C:\Documents and Settings\Robert Wilmoth\Application Data\Mozilla\Firefox\Profiles\4t01tdle.Robert\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.141:C:\Documents and Settings\Robert Wilmoth\Application Data\Mozilla\Firefox\Profiles\4t01tdle.Robert\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.142:C:\Documents and Settings\Robert Wilmoth\Application Data\Mozilla\Firefox\Profiles\4t01tdle.Robert\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.151:C:\Documents and Settings\Robert Wilmoth\Application Data\Mozilla\Firefox\Profiles\4t01tdle.Robert\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.114:C:\Documents and Settings\Robert Wilmoth\Application Data\Mozilla\Firefox\Profiles\4t01tdle.Robert\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.115:C:\Documents and Settings\Robert Wilmoth\Application Data\Mozilla\Firefox\Profiles\4t01tdle.Robert\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.116:C:\Documents and Settings\Robert Wilmoth\Application Data\Mozilla\Firefox\Profiles\4t01tdle.Robert\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.117:C:\Documents and Settings\Robert Wilmoth\Application Data\Mozilla\Firefox\Profiles\4t01tdle.Robert\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.118:C:\Documents and Settings\Robert Wilmoth\Application Data\Mozilla\Firefox\Profiles\4t01tdle.Robert\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.119:C:\Documents and Settings\Robert Wilmoth\Application Data\Mozilla\Firefox\Profiles\4t01tdle.Robert\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.88:C:\Documents and Settings\Robert Wilmoth\Application Data\Mozilla\Firefox\Profiles\4t01tdle.Robert\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.89:C:\Documents and Settings\Robert Wilmoth\Application Data\Mozilla\Firefox\Profiles\4t01tdle.Robert\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.90:C:\Documents and Settings\Robert Wilmoth\Application Data\Mozilla\Firefox\Profiles\4t01tdle.Robert\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.91:C:\Documents and Settings\Robert Wilmoth\Application Data\Mozilla\Firefox\Profiles\4t01tdle.Robert\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.52:C:\Documents and Settings\Robert Wilmoth\Application Data\Mozilla\Firefox\Profiles\4t01tdle.Robert\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.152:C:\Documents and Settings\Robert Wilmoth\Application Data\Mozilla\Firefox\Profiles\4t01tdle.Robert\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.51:C:\Documents and Settings\Robert Wilmoth\Application Data\Mozilla\Firefox\Profiles\4t01tdle.Robert\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.55:C:\Documents and Settings\Robert Wilmoth\Application Data\Mozilla\Firefox\Profiles\4t01tdle.Robert\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.57:C:\Documents and Settings\Robert Wilmoth\Application Data\Mozilla\Firefox\Profiles\4t01tdle.Robert\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.106:C:\Documents and Settings\Robert Wilmoth\Application Data\Mozilla\Firefox\Profiles\4t01tdle.Robert\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.107:C:\Documents and Settings\Robert Wilmoth\Application Data\Mozilla\Firefox\Profiles\4t01tdle.Robert\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.108:C:\Documents and Settings\Robert Wilmoth\Application Data\Mozilla\Firefox\Profiles\4t01tdle.Robert\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.109:C:\Documents and Settings\Robert Wilmoth\Application Data\Mozilla\Firefox\Profiles\4t01tdle.Robert\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.13:C:\Documents and Settings\Robert Wilmoth\Application Data\Mozilla\Firefox\Profiles\4t01tdle.Robert\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.94:C:\Documents and Settings\Robert Wilmoth\Application Data\Mozilla\Firefox\Profiles\4t01tdle.Robert\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.95:C:\Documents and Settings\Robert Wilmoth\Application Data\Mozilla\Firefox\Profiles\4t01tdle.Robert\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.96:C:\Documents and Settings\Robert Wilmoth\Application Data\Mozilla\Firefox\Profiles\4t01tdle.Robert\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.97:C:\Documents and Settings\Robert Wilmoth\Application Data\Mozilla\Firefox\Profiles\4t01tdle.Robert\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.98:C:\Documents and Settings\Robert Wilmoth\Application Data\Mozilla\Firefox\Profiles\4t01tdle.Robert\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.187:C:\Documents and Settings\Robert Wilmoth\Application Data\Mozilla\Firefox\Profiles\4t01tdle.Robert\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.188:C:\Documents and Settings\Robert Wilmoth\Application Data\Mozilla\Firefox\Profiles\4t01tdle.Robert\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.189:C:\Documents and Settings\Robert Wilmoth\Application Data\Mozilla\Firefox\Profiles\4t01tdle.Robert\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.153:C:\Documents and Settings\Robert Wilmoth\Application Data\Mozilla\Firefox\Profiles\4t01tdle.Robert\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.154:C:\Documents and Settings\Robert Wilmoth\Application Data\Mozilla\Firefox\Profiles\4t01tdle.Robert\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.101:C:\Documents and Settings\Robert Wilmoth\Application Data\Mozilla\Firefox\Profiles\4t01tdle.Robert\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.102:C:\Documents and Settings\Robert Wilmoth\Application Data\Mozilla\Firefox\Profiles\4t01tdle.Robert\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.104:C:\Documents and Settings\Robert Wilmoth\Application Data\Mozilla\Firefox\Profiles\4t01tdle.Robert\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.99:C:\Documents and Settings\Robert Wilmoth\Application Data\Mozilla\Firefox\Profiles\4t01tdle.Robert\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.63:C:\Documents and Settings\Robert Wilmoth\Application Data\Mozilla\Firefox\Profiles\4t01tdle.Robert\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.64:C:\Documents and Settings\Robert Wilmoth\Application Data\Mozilla\Firefox\Profiles\4t01tdle.Robert\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.172:C:\Documents and Settings\Robert Wilmoth\Application Data\Mozilla\Firefox\Profiles\4t01tdle.Robert\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.173:C:\Documents and Settings\Robert Wilmoth\Application Data\Mozilla\Firefox\Profiles\4t01tdle.Robert\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.174:C:\Documents and Settings\Robert Wilmoth\Application Data\Mozilla\Firefox\Profiles\4t01tdle.Robert\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.26:C:\Documents and Settings\Robert Wilmoth\Application Data\Mozilla\Firefox\Profiles\4t01tdle.Robert\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.27:C:\Documents and Settings\Robert Wilmoth\Application Data\Mozilla\Firefox\Profiles\4t01tdle.Robert\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.50:C:\Documents and Settings\Robert Wilmoth\Application Data\Mozilla\Firefox\Profiles\4t01tdle.Robert\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.53:C:\Documents and Settings\Robert Wilmoth\Application Data\Mozilla\Firefox\Profiles\4t01tdle.Robert\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.54:C:\Documents and Settings\Robert Wilmoth\Application Data\Mozilla\Firefox\Profiles\4t01tdle.Robert\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.56:C:\Documents and Settings\Robert Wilmoth\Application Data\Mozilla\Firefox\Profiles\4t01tdle.Robert\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.121:C:\Documents and Settings\Robert Wilmoth\Application Data\Mozilla\Firefox\Profiles\4t01tdle.Robert\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.122:C:\Documents and Settings\Robert Wilmoth\Application Data\Mozilla\Firefox\Profiles\4t01tdle.Robert\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.123:C:\Documents and Settings\Robert Wilmoth\Application Data\Mozilla\Firefox\Profiles\4t01tdle.Robert\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.124:C:\Documents and Settings\Robert Wilmoth\Application Data\Mozilla\Firefox\Profiles\4t01tdle.Robert\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.125:C:\Documents and Settings\Robert Wilmoth\Application Data\Mozilla\Firefox\Profiles\4t01tdle.Robert\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.126:C:\Documents and Settings\Robert Wilmoth\Application Data\Mozilla\Firefox\Profiles\4t01tdle.Robert\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.127:C:\Documents and Settings\Robert Wilmoth\Application Data\Mozilla\Firefox\Profiles\4t01tdle.Robert\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.130:C:\Documents and Settings\Robert Wilmoth\Application Data\Mozilla\Firefox\Profiles\4t01tdle.Robert\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.41:C:\Documents and Settings\Robert Wilmoth\Application Data\Mozilla\Firefox\Profiles\4t01tdle.Robert\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.81:C:\Documents and Settings\Robert Wilmoth\Application Data\Mozilla\Firefox\Profiles\4t01tdle.Robert\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.82:C:\Documents and Settings\Robert Wilmoth\Application Data\Mozilla\Firefox\Profiles\4t01tdle.Robert\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.83:C:\Documents and Settings\Robert Wilmoth\Application Data\Mozilla\Firefox\Profiles\4t01tdle.Robert\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.84:C:\Documents and Settings\Robert Wilmoth\Application Data\Mozilla\Firefox\Profiles\4t01tdle.Robert\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\WINDOWS\system32\include\ident.txt -> Trojan.Zapchast.p : Cleaned with backup (quarantined).


::Report end



Logfile of HijackThis v1.99.1
Scan saved at 2:57:21 AM, on 2/7/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Startup Mechanic\StartupMonitor.exe
C:\Program Files\Muiltmedia keyboard utility\1.1\KbdAp32A.exe
C:\Program Files\Common Files\AOL\1147027804\ee\AOLSoftware.exe
C:\Program Files\dvd43\dvd43_tray.exe
C:\Program Files\BitLord\Downloads\BitLord Pro [UseNext]\Bitlord Pro (UseNext)\Bitlord Pro (UseNext) incl acount-maker 100% working. Download with ur whole bandwitch. Enjoy\svchost.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\WallaPaper\WallaPaper.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Robert Wilmoth\Desktop\iexplore.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\Robert Wilmoth\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.peoplepc.com/search
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://zzz.lx.ro/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://zzz.lx.ro/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://zzz.lx.ro/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://zzz.lx.ro/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: CoTGT_BHO Class - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll
O2 - BHO: OToolbarHelper Class - {EAD3A971-6A23-4246-8691-C9244E858967} - C:\Program Files\PayPal\PayPal Virtual Debit Card\PayPalHelper.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: PayPal Virtual Debit Card - {DC0F2F93-27FA-4f84-ACAA-9416F90B9511} - C:\Program Files\PayPal\PayPal Virtual Debit Card\OToolbar.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [Instant Buzz Daemon] C:\Program Files\Instant Buzz\IBDaemon.exe
O4 - HKLM\..\Run: [FLMK08KB] C:\Program Files\Muiltmedia keyboard utility\1.1\MMKEYBD.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Startup Manager Scanner] C:\Program Files\Startup Mechanic\StartupMonitor.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1147027804\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe
O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
O4 - HKLM\..\Run: [Generic Host Process for Win32 Services] C:\Program Files\BitLord\Downloads\BitLord Pro [UseNext]\Bitlord Pro (UseNext)\Bitlord Pro (UseNext) incl acount-maker 100% working. Download with ur whole bandwitch. Enjoy\svchost.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [PayPal Virtual Debit Card] rundll32.exe C:\PROGRA~1\PayPal\PAYPAL~1\OToolbar.dll,StartUp /dontopenmycards
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: WallaPaper.LNK = C:\Program Files\WallaPaper\WallaPaper.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Instant Buzz - {066040F0-5018-4E15-8AA0-81D36136D989} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835
O16 - DPF: {1DF36010-E276-11D4-A7C0-00C04F0453DD} (Stamps.com Secure Postal Account Registration) - https://secure.stamps.com/download/u...4/sdcregie.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {BE5431D2-0F30-11D4-89D9-00C04F509C0A} (SDCInstaller Class) - https://secure.stamps.com/download/u...ile=stamps.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Unknown owner - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe



Computer seems to be working pretty good right now..

[Glaswegian]

Hi again

Looks good.

Let’s try this online scan.

Establish an internet connection & perform an online scan with Internet Explorer at Kaspersky WebScanner

Next Click on Kaspersky Online Scanner


A Welcome screen will appear - click 'Accept' at the bottom. You will be prompted to install an ActiveX component from Kaspersky, Click Yes.

• The program will launch and then begin downloading the latest definition files:
• Once the files have been downloaded click on NEXT
• Now click on Scan Settings
• In the scan settings make that the following are selected:

Scan using the following Anti-Virus database:

• Extended

Scan Options:

• Scan Archives
• Scan Mail Bases

Click OK

Now under select a target to scan: Select My Computer

• This will program will start and scan your system.
• The scan will take a while so be patient and let it run.
• Once the scan is complete it will display if your system has been infected.

Now click on the Save as Text button:

• Save the file to your desktop.
• Copy and paste that information in your next post.

Take note of the name(s) and location(s) of any file(s) it detects but fails to clean.

* Turn off the real time scanner of any existing antivirus program while performing the online scan


Please post back with the Kaspersky Log and a fresh HijackThis Log. Please also let me know how your system is performing now and if you have any specific problems. In order to provide you with the best possible help, please ensure that HijackThis logs are produced only while in Normal Mode.