Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 




Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Security Center > HijackThis Log Help > Resolved HJT Threads
Pop ups, slow comp, various problems. Pop ups, slow comp, various problems.
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read

Resolved HJT Threads Resolved spyware and popup issues.

 
 
Thread Tools
Old 05-10-2007, 02:57 PM   #1 (permalink)
Registered User
 
Join Date: May 2007
Posts: 8
OS: XP


Pop ups, slow comp, various problems.
HI, I was wondering if techsupport forum could have a look at my hijackthis log. ive been having various problems with my computer. Thanks.

Logfile of HijackThis v1.99.1
Scan saved at 17:55:05, on 10/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\System32\GEARSec.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\hp\drivers\keyboard\PS2.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\hp\drivers\webcam\LVComS.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\VoyagerModem100Drivers\Drivers\Voyager100\drivers\LAN Driver\dsldrv\gsicon.exe
C:\Program Files\VoyagerTest\fts.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://65.243.103.60/trafc-2/rfe.php...7344&lid=&url=
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\hp\drivers\keyboard\PS2.EXE
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\Scansoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [GSICONEXE] C:\Program Files\VoyagerModem100Drivers\Drivers\Voyager100\drivers\LAN Driver\dsldrv\gsicon.exe
O4 - HKLM\..\Run: [%FP%Friendly fts.exe] "C:\Program Files\VoyagerTest\fts.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Salestart] "C:\Program Files\Common Files\SystemDoctor\dcpasmon.exe"
O4 - HKLM\..\Run: [uwa7pcw] "C:\Program Files\Common Files\WinAntiVirus Pro 2007\uwa7pcw.exe" -c
O4 - HKLM\..\Run: [WindowsService] rundll32.exe "C:\WINDOWS\system32\ibjipyqd.dll",realset
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.tesco.net
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aolsvc.aol.co.uk/comput...up/qdiagcc.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.av.aolsvc.co.uk/molb...4/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by123fd.bay123.hotmail.msn.co...s/MsnPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
blapman is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 05-12-2007, 12:04 PM   #2 (permalink)
Moderator, Analyst, Security Team ; Rangemaster, TSF Academy
 
amateur's Avatar
 
Join Date: Jun 2006
Location: Rhode Island, USA
Posts: 3,628
OS: XP Home SP3, XP MCE SP3, XP Pro SP3


Re: Pop ups, slow comp, various problems.
Hello and welcome to TSF.
  1. Please download ComboFix

    Note: It is important that it is saved directly to your desktop.

    Close all browsers.
    • Double click combofix.exe & follow the prompts.
    • When finished, it will produce a log for you. Post that log in your next reply
    • Note: Do not mouseclick combofix's window while it's running. That may cause it to stall.
__________________
My services are free. However, you can donate to TSF to help keep it running and prospering.
ASAP

amateur is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 05-12-2007, 01:33 PM   #3 (permalink)
Registered User
 
Join Date: May 2007
Posts: 8
OS: XP


Re: Pop ups, slow comp, various problems.
Hi, here is the log.

"test" - 2007-05-12 20:27:13 Service Pack 2
ComboFix 07-05.12V - Running from: "C:\Documents and Settings\test\Desktop\"


(((((((((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\bntkvwqr.dll
C:\WINDOWS\system32\ejfluhjt.dll
C:\WINDOWS\system32\eqmnpggo.dll
C:\WINDOWS\system32\erdqakiv.dll
C:\WINDOWS\system32\exgseits.dll
C:\WINDOWS\system32\huwdgsew.dll
C:\WINDOWS\system32\ifttsqcn.dll
C:\WINDOWS\system32\iohsgbpx.dll
C:\WINDOWS\system32\jhyebjyp.dll
C:\WINDOWS\system32\lbipcnso.dll
C:\WINDOWS\system32\lfnhgjnd.dll
C:\WINDOWS\system32\lvqxgahg.dll
C:\WINDOWS\system32\mbukfosj.dll
C:\WINDOWS\system32\mxyiuryt.dll
C:\WINDOWS\system32\oqgxtnun.dll
C:\WINDOWS\system32\rpyjeock.dll
C:\WINDOWS\system32\svbhdjis.dll
C:\WINDOWS\system32\tdfksmdi.dll
C:\WINDOWS\system32\tiqwawnb.dll
C:\WINDOWS\system32\tsicnwbk.dll
C:\WINDOWS\system32\uicdgfvx.dll
C:\WINDOWS\system32\vsqonvim.dll
C:\WINDOWS\system32\wrcadvvr.dll
C:\WINDOWS\system32\xhirvauw.dll
C:\WINDOWS\system32\xpibaxda.dll
C:\WINDOWS\system32\yhpkdaqn.dll
C:\WINDOWS\system32\sijdhbvs.ini
C:\WINDOWS\system32\rvvdacrw.ini


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


((((((((((((((((((((((((((((((( Files Created from 2007-04-05 to 2007-05-12 ))))))))))))))))))))))))))))))))))


2007-05-12 19:20 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\Uniblue
2007-05-12 18:58 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\Prevx
2007-05-12 17:15 <DIR> d-------- C:\DOCUME~1\test\APPLIC~1\Prevx
2007-05-12 17:14 77,312 --a------ C:\WINDOWS\ua2.dll
2007-05-12 17:14 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Prevx
2007-05-10 00:49 <DIR> d-------- C:\DOCUME~1\test\APPLIC~1\Template
2007-05-10 00:18 <DIR> d-------- C:\DOCUME~1\test\APPLIC~1\Lavasoft
2007-05-10 00:12 974,207 ---hs---- C:\WINDOWS\system32\vvvwa.ini2
2007-05-09 21:19 4,508 --a------ C:\WINDOWS\system32\tmp.reg
2007-05-09 20:26 <DIR> d-------- C:\Program Files\CheckIt
2007-05-09 19:34 <DIR> d-------- C:\DOCUME~1\test\APPLIC~1\Teleca
2007-05-09 19:34 <DIR> d-------- C:\DOCUME~1\test\APPLIC~1\Help
2007-05-09 19:33 <DIR> d-------- C:\DOCUME~1\test\APPLIC~1\Real
2007-05-09 19:32 1,572,864 --ah----- C:\DOCUME~1\test\NTUSER.DAT
2007-05-09 19:32 <DIR> d-a------ C:\DOCUME~1\test\WINDOWS
2007-05-09 19:32 <DIR> d-a------ C:\DOCUME~1\test\APPLIC~1\Symantec
2007-05-09 19:32 <DIR> d-a------ C:\DOCUME~1\test\APPLIC~1\Sonic
2007-05-09 19:32 <DIR> d-a------ C:\DOCUME~1\test\APPLIC~1\SampleView
2007-05-09 19:32 <DIR> d-a------ C:\DOCUME~1\test\.javaws
2007-05-04 01:52 283,648 --a------ C:\DOCUME~1\Owner\ttt.exe
2007-05-03 20:07 276,480 --a------ C:\DOCUME~1\Owner\lo.exe
2007-04-29 09:18 267,776 --a------ C:\WINDOWS\system32\uuu.exe
2007-04-26 16:31 <DIR> d-------- C:\Program Files\Common Files\Companion Wizard
2007-04-26 16:31 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\WinAntiVirus Pro 2007
2007-04-24 17:35 279,040 --a------ C:\DOCUME~1\Owner\co.exe
2007-04-23 17:06 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\SystemDoctor Free
2007-04-23 16:56 <DIR> d-------- C:\Program Files\SystemDoctor Free
2007-04-23 16:56 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SystemDoctor Free
2007-04-23 07:14 973,832 ---hs---- C:\WINDOWS\system32\vvvwa.bak2
2007-04-23 03:28 30,781 --------- C:\DOCUME~1\Owner\top.exe
2007-04-22 18:37 903,738 ---hs---- C:\WINDOWS\system32\vvvwa.bak1
2007-04-12 20:02 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\Command & Conquer 3 Tiberium Wars
2007-04-12 20:00 98,304 --a------ C:\WINDOWS\system32CmdLineExt.dll
2007-04-12 20:00 <DIR> dr-h----- C:\DOCUME~1\Owner\APPLIC~1\SecuROM
2007-04-12 18:22 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-05-03 19:17:01 -------- d-----w C:\Program Files\MSN Messenger
2007-04-13 11:54:59 -------- d-----w C:\Program Files\LimeWire
2007-04-11 17:22:20 646,392 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2007-03-30 14:26:15 -------- d-----w C:\Program Files\Silkroad
2007-03-17 13:43:01 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll
2007-03-08 15:36:28 577,536 ----a-w C:\WINDOWS\system32\user32.dll
2007-03-08 15:36:28 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll
2007-03-08 15:36:28 281,600 ----a-w C:\WINDOWS\system32\gdi32.dll
2007-03-08 13:47:48 1,843,584 ----a-w C:\WINDOWS\system32\win32k.sys
2007-02-05 20:17:02 185,344 ----a-w C:\WINDOWS\system32\upnphost.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{04686369-82B0-48DA-A6DB-CA895D4D89A7}=C:\WINDOWS\system32\uicdgfvx.dll []
{364B2C97-3842-4122-97BA-215A7A247C57}=C:\WINDOWS\system32\uicdgfvx.dll []
{53707962-6F74-2D53-2644-206D7942484F}=C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2005-05-31 01:04]
{55EA1964-F5E4-4D6A-B9B2-125B37655FCB}=C:\Documents and Settings\All Users\Application Data\Prevx\pxbho.dll [2006-01-10 12:09]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0\bin\ssv.dll [2007-02-11 17:20]
{9030D464-4C02-4ABF-8ECC-5164760863C6}=C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-08-31 21:33]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0\\bin\\jusched.exe\""
"Recguard"="C:\\WINDOWS\\SMINST\\RECGUARD.EXE"
"PS2"="C:\\hp\\drivers\\keyboard\\PS2.EXE"
"PHIME2002ASync"="C:\\WINDOWS\\System32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC"
"PHIME2002A"="C:\\WINDOWS\\System32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName"
"MSPY2002"="C:\\WINDOWS\\System32\\IME\\PINTLGNT\\ImScInst.exe /SYNC"
"LogitechVideoTray"="C:\\Program Files\\Logitech\\Video\\LogiTray.exe"
"LogitechVideoRepair"="C:\\Program Files\\Logitech\\Video\\ISStart.exe"
"IndexSearch"="C:\\Program Files\\Scansoft\\PaperPort\\IndexSearch.exe"
"IMJPMIG8.1"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32"
"hpsysdrv"="c:\\windows\\system\\hpsysdrv.exe"
"HotKeysCmds"="C:\\WINDOWS\\System32\\hkcmd.exe"
"GSICONEXE"="C:\\Program Files\\VoyagerModem100Drivers\\Drivers\\Voyager100\\drivers\\LAN Driver\\dsldrv\\gsicon.exe"
"%FP%Friendly fts.exe"="\"C:\\Program Files\\VoyagerTest\\fts.exe\""
@=""
"Sony Ericsson PC Suite"="\"C:\\Program Files\\Sony Ericsson\\Mobile2\\Application Launcher\\Application Launcher.exe\" /startoptions"
"ATIPTA"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"SpeedTouch USB Diagnostics"="\"C:\\Program Files\\Thomson\\SpeedTouch USB\\Dragdiag.exe\" /icon"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"AOLDialer"="; C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"
"PrevxOne"="\"C:\\Program Files\\Prevx1\\PXConsole.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-02-05 16:27]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0\bin\jusched.exe" [2007-02-11 17:20]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2002-09-14 05:42]
"PS2"="C:\hp\drivers\keyboard\PS2.EXE" [2002-08-01 04:28]
"PHIME2002ASync"="C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE" [2003-01-21 08:18]
"PHIME2002A"="C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE" [2003-01-21 08:18]
"MSPY2002"="C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe" [2003-01-21 07:59]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2003-12-16 22:39]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2003-12-16 22:37]
"IndexSearch"="C:\Program Files\Scansoft\PaperPort\IndexSearch.exe" [2002-09-23 10:50]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 06:31]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-08 00:04]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2003-04-07 15:07]
"GSICONEXE"="C:\Program Files\VoyagerModem100Drivers\Drivers\Voyager100\drivers\LAN Driver\dsldrv\gsicon.exe" [2003-05-14 21:26]
"%FP%Friendly fts.exe"="C:\Program Files\VoyagerTest\fts.exe" [2003-05-06 09:28]
"@"="" [])
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 18:17]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-07-19 22:10]
"SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 12:38]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 19:58]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-10-30 10:36]
"AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [2004-11-10 00:22]
"PrevxOne"="C:\Program Files\Prevx1\PXConsole.exe" [2007-03-27 11:16]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIEW"="nview.dll" [])
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:56]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"NVIEW"="rundll32.exe nview.dll,nViewLoadHook"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"MsnMsgr"="; \"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Symantec Network Driver Update Warning"="C:\\PROGRA~1\\Symantec\\LIVEUP~1\\SNDWarn.EXE"
"Symantec NetDriver Warning"="C:\\PROGRA~1\\Symantec\\LIVEUP~1\\SNDWarn.EXE"
"ALUAlert"="C:\\Program Files\\Symantec\\LiveUpdate\\ALUNotify.exe"


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awvvv
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rqrqpom
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"appinit_dlls"="wbsys.dll"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages msv1_0\0\0
Security Packages kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages scecli\0\0

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\c:^documents and settings^all users^start menu^programs^startup^logitech desktop messenger.lnk
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe /start

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\c:^documents and settings^owner^start menu^programs^startup^limewire on startup.lnk
C:\PROGRA~1\LimeWire\LimeWire.exe -startup

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\windowsupdate
rundll32.exe "C:\WINDOWS\system32\rfjldpes.dll",realset


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SymWSC"=dword:00000002
"NISUM"=dword:00000002
"ccPxySvc"=dword:00000002
"ccEvtMgr"=dword:00000002
"Speed Disk service"=dword:00000002
"SPBBCSvc"=dword:00000003
"SNDSrvc"=dword:00000003
"SAVScan"=dword:00000003
"NSCService"=dword:00000003
"NProtectService"=dword:00000002
"NPFMntor"=dword:00000002
"Norton Ghost"=dword:00000002
"navapsvc"=dword:00000002
"ccSetMgr"=dword:00000002
"comHost"=dword:00000003
"ccProxy"=dword:00000002
"ccISPwdSvc"=dword:00000003

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService DnsCache\0\0
rpcss RpcSs\0\0
imgsvc StiSvc\0\0
termsvcs TermService\0\0
HTTPFilter HTTPFilter\0\0
DcomLaunch DcomLaunch\0TermService\0\0

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job

********************************************************************

catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-05-12 20:31:05
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


********************************************************************

Completion time: 2007-05-12 20:31:13
C:\ComboFix-quarantined-files.txt ... 2007-05-12 20:31
C:\ComboFix2.txt ... 2007-02-06 16:59
blapman is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 05-12-2007, 02:54 PM   #4 (permalink)
Moderator, Analyst, Security Team ; Rangemaster, TSF Academy
 
amateur's Avatar
 
Join Date: Jun 2006
Location: Rhode Island, USA
Posts: 3,628
OS: XP Home SP3, XP MCE SP3, XP Pro SP3


Re: Pop ups, slow comp, various problems.
Hi,

The previous HijackThis log you posted is done with a Beta version. Please Click on HERE to download a self extractable version of hijackthis . Double click on hijackthis.exe to extract hijackthis to folder c:\hijackthis. It will extract it to that folder and open the folder for you. It will also create a shortcut on your desktop to hijackthis.

Scan with HijackThis. Save the log and post it here in this thread please.
__________________
My services are free. However, you can donate to TSF to help keep it running and prospering.
ASAP

amateur is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 05-12-2007, 03:19 PM   #5 (permalink)
Registered User
 
Join Date: May 2007
Posts: 8
OS: XP


Re: Pop ups, slow comp, various problems.
Hi, I did the what you said, here is the log:

Logfile of HijackThis v1.99.1
Scan saved at 22:19:37, on 12/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Prevx1\PXAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\hp\drivers\keyboard\PS2.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\VoyagerModem100Drivers\Drivers\Voyager100\drivers\LAN Driver\dsldrv\gsicon.exe
C:\Program Files\VoyagerTest\fts.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\hp\drivers\webcam\LVComS.exe
C:\Program Files\Prevx1\PXConsole.exe
C:\WINDOWS\system32\lexpps.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://65.243.103.60/trafc-2/rfe.php...7344&lid=&url=
O2 - BHO: (no name) - {04686369-82B0-48DA-A6DB-CA895D4D89A7} - C:\WINDOWS\system32\uicdgfvx.dll (file missing)
O2 - BHO: (no name) - {364B2C97-3842-4122-97BA-215A7A247C57} - C:\WINDOWS\system32\uicdgfvx.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {542DC36D-1337-49F4-B2E5-5DA7BF0F3468} - (no file)
O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - C:\Documents and Settings\All Users\Application Data\Prevx\pxbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\hp\drivers\keyboard\PS2.EXE
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\Scansoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [GSICONEXE] C:\Program Files\VoyagerModem100Drivers\Drivers\Voyager100\drivers\LAN Driver\dsldrv\gsicon.exe
O4 - HKLM\..\Run: [%FP%Friendly fts.exe] "C:\Program Files\VoyagerTest\fts.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AOLDialer] ; C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [PrevxOne] "C:\Program Files\Prevx1\PXConsole.exe"
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] ; "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.tesco.net
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aolsvc.aol.co.uk/comput...up/qdiagcc.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.av.aolsvc.co.uk/molb...4/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by123fd.bay123.hotmail.msn.co...s/MsnPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O20 - Winlogon Notify: awvvv - C:\WINDOWS\
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: rqrqpom - C:\WINDOWS\
O20 - Winlogon Notify: WB - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Prevx Agent (PREVXAgent) - Unknown owner - C:\Program Files\Prevx1\PXAgent.exe" -f (file missing)
blapman is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 05-12-2007, 07:24 PM   #6 (permalink)
Moderator, Analyst, Security Team ; Rangemaster, TSF Academy
 
amateur's Avatar
 
Join Date: Jun 2006
Location: Rhode Island, USA
Posts: 3,628
OS: XP Home SP3, XP MCE SP3, XP Pro SP3


Re: Pop ups, slow comp, various problems.
Hi,

You might like to print these instructions so that you'll have access to them at all times, especially when you're in Safe Mode later.

Go to My Computer> Tools> Folder Options> View>"Uncheck" Hide protected operating system files. Click Apply>OK.

===================================

Please download the Suspicious File Packer from:
http://www.safer-networking.org/files/sfp.zip
Unzip it to the desktop and run it.
Paste the following list of filepaths into the Suspicious File Packer window:

C:\WINDOWS\system32\vvvwa.bak1
C:\WINDOWS\system32\vvvwa.bak2
C:\WINDOWS\system32\vvvwa.ini2
C:\WINDOWS\system32\rfjldpes.dll

Allow SFP to pack the files. This will generate a CAB archive on your desktop.
Please submit it to this site:
http://www.bleepingcomputer.com/subm....php?channel=4
Please include a link to this topic in the message.

==================================

Now, run HijackThis. Close all windows and browsers except HijackThis.
Go to Config > Misc tools
Click on Delete a File On Reboot
Click once on the file below to select it:
C:\WINDOWS\system32\rfjldpes.dll
Click on the Back button to exit Process Manager

Now, back at the main screen of HijackThis, click on Scan and put a check in front of the following

O2 - BHO: (no name) - {04686369-82B0-48DA-A6DB-CA895D4D89A7} - C:\WINDOWS\system32\uicdgfvx.dll (file missing)
O2 - BHO: (no name) - {364B2C97-3842-4122-97BA-215A7A247C57} - C:\WINDOWS\system32\uicdgfvx.dll (file missing)
O2 - BHO: (no name) - {542DC36D-1337-49F4-B2E5-5DA7BF0F3468} - (no file)
O20 - Winlogon Notify: awvvv - C:\WINDOWS\
O20 - Winlogon Notify: rqrqpom - C:\WINDOWS\

Close all other windows/browsers/applications, except HijackThis and click on Fix checked.

==================================

Please download Ccleaner and save it to your desktop.
Tutorial for CCleaner
During the installation be sure to UN-check the box for "Ccleaner Yahoo Toolbar" unless you want it. Do not scan with it yet.

==================================

Download AVG Anti Spyware

Use the link at the bottom of the page under "AVG Anti-Spyware Free for Windows"


  • Install AVG Anti Spyware
  • Double-click the icon on Desktop to launch AVG
  • On the top of the main screen click Shield
  • Click the word active to change it to inactive
  • On the top of the main screen click Update.
  • Then click on Start Update. The update will start and a progress bar will show the updates being installed.
  • Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  • Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
  • Under "Reports"
    • Select "Automatically generate report after every scan"
    • Un-Select "Only if threats were found"

When you have finished updating, EXIT AVG Anti Spyware. Do Not run a scan just yet, we will shortly.

========================================

Reboot your computer in Safe Mode using the F8 method below.
a. If the computer is running, shut down Windows, and then turn off the power.
b. Wait 30 seconds, and then turn the computer on.
c. Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
d. Ensure that the Safe Mode option is selected.
e. Press Enter. The computer then begins to start in Safe mode.

======================================

From Safe Mode run Ccleaner
  • Click on Options,
  • Select Advanced
  • Now UNCHECK "Only delete files in Windows Temp folders older than 48 hours"
  • Make sure the Cleaner block on the left is selected.
  • Do not use the "Issues" block . It's meant for professionals.
  • Choose the Windows tab.
  • Check everything EXCEPT Advanced part of the Menu.
  • Click on "Analyze". This process could take a while.
  • If you don't want to loose your login passwords to certain sites, click on Options
  • Select cookies and move the ones you want to keep to the "cookies to keep" section, by highlighting and using the arrows in the middle.
  • Choose Run Cleaner.
When CCleaner shows how much has been removed, cleaning is finished. Click Exit.
If you have more than one users, run Ccleaner for every user

========================================

IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess:
  • Launch AVG Anti-Spyware by double-clicking the icon on your desktop.
  • Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
  • AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time.
    Once the scan is complete do the following:
  • If you have any infections you will prompted, **Please ensure it is set to Quarantine then select "Apply all actions"
  • Next select the "Reports" icon at the top.
  • Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
  • Close AVG Anti-Spyware.

=========================================

Reboot in Normal Mode.

=========================================

Perform an online scan using Internet Explorer with Panda ActiveScan
  • Click on located at the bottom of the page.
  • A "pop up" window will appear. Please ensure that your pop up blocker doesn't block it
  • Enter your e-mail address, country, and state & click "Free Online Scan" The download of the 8 MB Panda's ActiveX control will take place
Begin the scan by selecting
  • If it finds any malware, it will offer you a report.
  • Please ignore any entry it finds and the offer to buy the program to remove the entry, as we will address this later.
  • Click on then click and post back the contents please.
* You needn't remain online while it's doing the scan but you have to re-connect after it has finished to see the report.

==========================================

Please post back the results from AVG Anti-Spyware and Panda online scans, and a fresh HijackThis log.
__________________
My services are free. However, you can donate to TSF to help keep it running and prospering.
ASAP

amateur is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 05-13-2007, 09:39 AM   #7 (permalink)
Registered User
 
Join Date: May 2007
Posts: 8
OS: XP


Re: Pop ups, slow comp, various problems.
Here is the Hijack This log::

Logfile of HijackThis v1.99.1
Scan saved at 16:31:10, on 13/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Prevx1\PXAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\WINDOWS\System32\svchost.exe
C:\hp\drivers\keyboard\PS2.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\VoyagerModem100Drivers\Drivers\Voyager100\drivers\LAN Driver\dsldrv\gsicon.exe
C:\Program Files\VoyagerTest\fts.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Prevx1\PXConsole.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\hp\drivers\webcam\LVComS.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://65.243.103.60/trafc-2/rfe.php...7344&lid=&url=
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - C:\Documents and Settings\All Users\Application Data\Prevx\pxbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\hp\drivers\keyboard\PS2.EXE
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\Scansoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [GSICONEXE] C:\Program Files\VoyagerModem100Drivers\Drivers\Voyager100\drivers\LAN Driver\dsldrv\gsicon.exe
O4 - HKLM\..\Run: [%FP%Friendly fts.exe] "C:\Program Files\VoyagerTest\fts.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AOLDialer] ; C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [PrevxOne] "C:\Program Files\Prevx1\PXConsole.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] ; "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.tesco.net
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aolsvc.aol.co.uk/comput...up/qdiagcc.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.av.aolsvc.co.uk/molb...4/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by123fd.bay123.hotmail.msn.co...s/MsnPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WB - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Prevx Agent (PREVXAgent) - Unknown owner - C:\Program Files\Prevx1\PXAgent.exe" -f (file missing)



Here is the pandaScan Log:


Incident Status Location

Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9kwp6m8m.default\cookies-1.txt[.apmebf.com/]
Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9kwp6m8m.default\cookies-1.txt[.bravenet.com/]
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9kwp6m8m.default\cookies-10.txt[.xiti.com/]
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9kwp6m8m.default\cookies-11.txt[.apmebf.com/]
Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9kwp6m8m.default\cookies-12.txt[.errorsafe.com/]
Spyware:Cookie/WebPower Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9kwp6m8m.default\cookies-12.txt[.webpower.com/]
Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9kwp6m8m.default\cookies-12.txt[.azjmp.com/]
Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9kwp6m8m.default\cookies-13.txt[.errorsafe.com/]
Spyware:Cookie/WebPower Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9kwp6m8m.default\cookies-13.txt[.webpower.com/]
Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9kwp6m8m.default\cookies-13.txt[.azjmp.com/]
Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9kwp6m8m.default\cookies-14.txt[.errorsafe.com/]
Spyware:Cookie/WebPower Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9kwp6m8m.default\cookies-14.txt[.webpower.com/]
Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9kwp6m8m.default\cookies-14.txt[.azjmp.com/]
Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9kwp6m8m.default\cookies-15.txt[.errorsafe.com/]
Spyware:Cookie/WebPower Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9kwp6m8m.default\cookies-15.txt[.webpower.com/]
Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9kwp6m8m.default\cookies-15.txt[.azjmp.com/]
Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9kwp6m8m.default\cookies-16.txt[.errorsafe.com/]
Spyware:Cookie/WebPower Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9kwp6m8m.default\cookies-16.txt[.webpower.com/]
Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9kwp6m8m.default\cookies-16.txt[.azjmp.com/]
Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9kwp6m8m.default\cookies-17.txt[.errorsafe.com/]
Spyware:Cookie/WebPower Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9kwp6m8m.default\cookies-17.txt[.webpower.com/]
Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9kwp6m8m.default\cookies-17.txt[.azjmp.com/]
Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9kwp6m8m.default\cookies-18.txt[.errorsafe.com/]
Spyware:Cookie/WebPower Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9kwp6m8m.default\cookies-18.txt[.webpower.com/]
Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9kwp6m8m.default\cookies-18.txt[.azjmp.com/]
Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9kwp6m8m.default\cookies-19.txt[.bravenet.com/]
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9kwp6m8m.default\cookies-2.txt[.apmebf.com/]
Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9kwp6m8m.default\cookies-2.txt[.bravenet.com/]
Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9kwp6m8m.default\cookies-20.txt[.adultfriendfinder.com/]
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9kwp6m8m.default\cookies-20.txt[.xiti.com/]
Spyware:Cookie/GoStats Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9kwp6m8m.default\cookies-20.txt[.gostats.com/]
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9kwp6m8m.default\cookies-23.txt[.apmebf.com/]
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9kwp6m8m.default\cookies-24.txt[.apmebf.com/]
Spyware:Cookie/GoStats Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9kwp6m8m.default\cookies-24.txt[.gostats.com/]
Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9kwp6m8m.default\cookies-25.txt[.bravenet.com/]
Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9kwp6m8m.default\cookies-26.txt[.adultfriendfinder.com/]
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9kwp6m8m.default\cookies-26.txt[.apmebf.com/]
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9kwp6m8m.default\cookies-26.txt[.xiti.com/]
Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9kwp6m8m.default\cookies-26.txt[.errorsafe.com/]
Spyware:Cookie/WebPower Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9kwp6m8m.default\cookies-26.txt[.webpower.com/]
Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9kwp6m8m.default\cookies-26.txt[.azjmp.com/]
Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9kwp6m8m.default\cookies-26.txt[.bravenet.com/]
Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9kwp6m8m.default\cookies-27.txt[.adultfriendfinder.com/]
Spyware:Cookie/GoStats Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9kwp6m8m.default\cookies-27.txt[.gostats.com/]
Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9kwp6m8m.default\cookies-28.txt[.bravenet.com/]
Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9kwp6m8m.default\cookies-29.txt[.bravenet.com/]
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9kwp6m8m.default\cookies-3.txt[.apmebf.com/]
Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9kwp6m8m.default\cookies-3.txt[.bravenet.com/]
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9kwp6m8m.default\cookies-31.txt[.apmebf.com/]
Spyware:Cookie/MetriWeb Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9kwp6m8m.default\cookies-4.txt[.metriweb.be/]
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9kwp6m8m.default\cookies-5.txt[.xiti.com/]
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9kwp6m8m.default\cookies-6.txt[.xiti.com/]
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9kwp6m8m.default\cookies-7.txt[.xiti.com/]
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9kwp6m8m.default\cookies-8.txt[.xiti.com/]
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\9kwp6m8m.default\cookies-9.txt[.xiti.com/]
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Documents and Settings\test\Desktop\ComboFix.exe[ComboFixT\nircmd.exe]
Potentially unwanted tool:Application/HideWindow.A Not disinfected C:\hp\bin\FondleWindow.exe
Potentially unwanted tool:Application/KillApp.B Not disinfected C:\hp\bin\KillIt.exe
Potentially unwanted tool:Application/KillApp.A Not disinfected C:\hp\bin\Terminator.exe
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\bntkvwqr.dll.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\ejfluhjt.dll.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\eqmnpggo.dll.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\erdqakiv.dll.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\exgseits.dll.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\huwdgsew.dll.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\ifttsqcn.dll.vir
Spyware:Spyware/Virtumonde