Alright, so here is the deal. I did everything you said. But when I did hijackthis in safe mode, a couple of the things I was suppose to fix werent even there.
But I went ahead. Everything else went fine, until running hijackthis in normal mode. I still cant do it. It closes itself down before I even start to scan my computer. so What Ive posted here is a hijackthis log from SAFEMODE after I did everything else.
AVG SPYWARE SCAN REPORT:
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------
+ Created at: 8:33:37 AM 06/01/2007
+ Scan result:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{702EA91C-1ACF-4772-8078-18F2B2EE1031} -> Adware.Generic : Cleaned with backup (quarantined).
HKU\S-1-5-21-1757981266-1993962763-1343024091-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{702EA91C-1ACF-4772-8078-18F2B2EE1031} -> Adware.Generic : Cleaned with backup (quarantined).
C:\Program Files\Common Files\{30734845-0423-1033-1029-010918010002}\Bar888.dll -> Adware.MaxSearch : Cleaned with backup (quarantined).
C:\gp.exe -> Adware.MaxSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\SearchRelevancy -> Adware.SearchRelevancy : Cleaned with backup (quarantined).
HKLM\SOFTWARE\SearchRelevancy\Update -> Adware.SearchRelevancy : Cleaned with backup (quarantined).
HKU\S-1-5-21-1757981266-1993962763-1343024091-1005\Software\ToolBar -> Adware.WebSearch : Cleaned with backup (quarantined).
HKU\S-1-5-21-1757981266-1993962763-1343024091-1005\Software\ToolBar\all -> Adware.WebSearch : Cleaned with backup (quarantined).
HKU\S-1-5-21-1757981266-1993962763-1343024091-1005\Software\ToolBar\all\History -> Adware.WebSearch : Cleaned with backup (quarantined).
C:\Documents and Settings\Don\Cookies\
[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Pam\Cookies\
[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
C:\RECYCLER\NPROTECT\00332681.TXT -> TrackingCookie.Advertising : Cleaned.
C:\RECYCLER\NPROTECT\00332696.TXT -> TrackingCookie.Advertising : Cleaned.
C:\RECYCLER\NPROTECT\00332765.TXT -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\Pam\Cookies\pam@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\RECYCLER\NPROTECT\00332697.TXT -> TrackingCookie.Bluestreak : Cleaned.
C:\Documents and Settings\Don\Cookies\
[email protected][2].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Don\Cookies\don@com[1].txt -> TrackingCookie.Com : Cleaned.
C:\RECYCLER\NPROTECT\00332628.TXT -> TrackingCookie.Hitbox : Cleaned.
C:\RECYCLER\NPROTECT\00332629.TXT -> TrackingCookie.Hitbox : Cleaned.
C:\RECYCLER\NPROTECT\00332630.TXT -> TrackingCookie.Hitbox : Cleaned.
C:\RECYCLER\NPROTECT\00332631.TXT -> TrackingCookie.Hitbox : Cleaned.
C:\RECYCLER\NPROTECT\00332632.TXT -> TrackingCookie.Hitbox : Cleaned.
C:\RECYCLER\NPROTECT\00332633.TXT -> TrackingCookie.Hitbox : Cleaned.
C:\RECYCLER\NPROTECT\00332634.TXT -> TrackingCookie.Hitbox : Cleaned.
C:\RECYCLER\NPROTECT\00332635.TXT -> TrackingCookie.Hitbox : Cleaned.
C:\RECYCLER\NPROTECT\00332636.TXT -> TrackingCookie.Hitbox : Cleaned.
C:\RECYCLER\NPROTECT\00332637.TXT -> TrackingCookie.Hitbox : Cleaned.
C:\RECYCLER\NPROTECT\00332638.TXT -> TrackingCookie.Hitbox : Cleaned.
C:\RECYCLER\NPROTECT\00332639.TXT -> TrackingCookie.Hitbox : Cleaned.
C:\RECYCLER\NPROTECT\00332640.TXT -> TrackingCookie.Hitbox : Cleaned.
C:\RECYCLER\NPROTECT\00332641.TXT -> TrackingCookie.Hitbox : Cleaned.
C:\RECYCLER\NPROTECT\00332642.TXT -> TrackingCookie.Hitbox : Cleaned.
C:\RECYCLER\NPROTECT\00332643.TXT -> TrackingCookie.Hitbox : Cleaned.
C:\RECYCLER\NPROTECT\00332644.TXT -> TrackingCookie.Hitbox : Cleaned.
C:\RECYCLER\NPROTECT\00332653.TXT -> TrackingCookie.Hitbox : Cleaned.
C:\RECYCLER\NPROTECT\00332654.TXT -> TrackingCookie.Hitbox : Cleaned.
C:\RECYCLER\NPROTECT\00332655.TXT -> TrackingCookie.Hitbox : Cleaned.
C:\RECYCLER\NPROTECT\00332656.TXT -> TrackingCookie.Hitbox : Cleaned.
C:\RECYCLER\NPROTECT\00332657.TXT -> TrackingCookie.Hitbox : Cleaned.
C:\RECYCLER\NPROTECT\00332658.TXT -> TrackingCookie.Hitbox : Cleaned.
C:\RECYCLER\NPROTECT\00332662.TXT -> TrackingCookie.Hitbox : Cleaned.
C:\RECYCLER\NPROTECT\00332663.TXT -> TrackingCookie.Hitbox : Cleaned.
C:\RECYCLER\NPROTECT\00332664.TXT -> TrackingCookie.Hitbox : Cleaned.
C:\RECYCLER\NPROTECT\00332665.TXT -> TrackingCookie.Hitbox : Cleaned.
C:\RECYCLER\NPROTECT\00332666.TXT -> TrackingCookie.Hitbox : Cleaned.
C:\RECYCLER\NPROTECT\00332667.TXT -> TrackingCookie.Hitbox : Cleaned.
C:\RECYCLER\NPROTECT\00332669.TXT -> TrackingCookie.Hitbox : Cleaned.
C:\RECYCLER\NPROTECT\00332670.TXT -> TrackingCookie.Hitbox : Cleaned.
C:\RECYCLER\NPROTECT\00332671.TXT -> TrackingCookie.Hitbox : Cleaned.
C:\RECYCLER\NPROTECT\00332672.TXT -> TrackingCookie.Hitbox : Cleaned.
C:\RECYCLER\NPROTECT\00332673.TXT -> TrackingCookie.Hitbox : Cleaned.
C:\RECYCLER\NPROTECT\00332674.TXT -> TrackingCookie.Hitbox : Cleaned.
C:\RECYCLER\NPROTECT\00332675.TXT -> TrackingCookie.Hitbox : Cleaned.
C:\RECYCLER\NPROTECT\00332676.TXT -> TrackingCookie.Hitbox : Cleaned.
C:\RECYCLER\NPROTECT\00332677.TXT -> TrackingCookie.Hitbox : Cleaned.
C:\RECYCLER\NPROTECT\00332678.TXT -> TrackingCookie.Hitbox : Cleaned.
C:\RECYCLER\NPROTECT\00332679.TXT -> TrackingCookie.Hitbox : Cleaned.
C:\RECYCLER\NPROTECT\00332680.TXT -> TrackingCookie.Hitbox : Cleaned.
C:\RECYCLER\NPROTECT\00332682.TXT -> TrackingCookie.Hitbox : Cleaned.
C:\RECYCLER\NPROTECT\00332683.TXT -> TrackingCookie.Hitbox : Cleaned.
C:\RECYCLER\NPROTECT\00332684.TXT -> TrackingCookie.Hitbox : Cleaned.
C:\RECYCLER\NPROTECT\00332685.TXT -> TrackingCookie.Hitbox : Cleaned.
C:\RECYCLER\NPROTECT\00332686.TXT -> TrackingCookie.Hitbox : Cleaned.
C:\RECYCLER\NPROTECT\00332687.TXT -> TrackingCookie.Hitbox : Cleaned.
C:\RECYCLER\NPROTECT\00332689.TXT -> TrackingCookie.Hitbox : Cleaned.
C:\RECYCLER\NPROTECT\00332690.TXT -> TrackingCookie.Hitbox : Cleaned.
C:\RECYCLER\NPROTECT\00332691.TXT -> TrackingCookie.Hitbox : Cleaned.
C:\RECYCLER\NPROTECT\00332692.TXT -> TrackingCookie.Hitbox : Cleaned.
C:\RECYCLER\NPROTECT\00332693.TXT -> TrackingCookie.Hitbox : Cleaned.
C:\RECYCLER\NPROTECT\00332694.TXT -> TrackingCookie.Hitbox : Cleaned.
C:\RECYCLER\NPROTECT\00332698.TXT -> TrackingCookie.Hitbox : Cleaned.
C:\RECYCLER\NPROTECT\00332699.TXT -> TrackingCookie.Hitbox : Cleaned.
C:\RECYCLER\NPROTECT\00332700.TXT -> TrackingCookie.Hitbox : Cleaned.
C:\RECYCLER\NPROTECT\00332701.TXT -> TrackingCookie.Hitbox : Cleaned.
C:\RECYCLER\NPROTECT\00332702.TXT -> TrackingCookie.Hitbox : Cleaned.
C:\RECYCLER\NPROTECT\00332703.TXT -> TrackingCookie.Hitbox : Cleaned.
C:\RECYCLER\NPROTECT\00332707.TXT -> TrackingCookie.Hitbox : Cleaned.
C:\RECYCLER\NPROTECT\00332708.TXT -> TrackingCookie.Hitbox : Cleaned.
C:\RECYCLER\NPROTECT\00332709.TXT -> TrackingCookie.Hitbox : Cleaned.
C:\RECYCLER\NPROTECT\00332710.TXT -> TrackingCookie.Hitbox : Cleaned.
C:\RECYCLER\NPROTECT\00332711.TXT -> TrackingCookie.Hitbox : Cleaned.
C:\RECYCLER\NPROTECT\00332712.TXT -> TrackingCookie.Hitbox : Cleaned.
C:\RECYCLER\NPROTECT\00332769.TXT -> TrackingCookie.Hitbox : Cleaned.
C:\RECYCLER\NPROTECT\00332770.TXT -> TrackingCookie.Hitbox : Cleaned.
C:\RECYCLER\NPROTECT\00332771.TXT -> TrackingCookie.Hitbox : Cleaned.
C:\RECYCLER\NPROTECT\00332772.TXT -> TrackingCookie.Hitbox : Cleaned.
C:\RECYCLER\NPROTECT\00332773.TXT -> TrackingCookie.Hitbox : Cleaned.
C:\RECYCLER\NPROTECT\00332774.TXT -> TrackingCookie.Hitbox : Cleaned.
C:\RECYCLER\NPROTECT\00333622.TXT -> TrackingCookie.Hitbox : Cleaned.
C:\RECYCLER\NPROTECT\00333623.TXT -> TrackingCookie.Hitbox : Cleaned.
C:\RECYCLER\NPROTECT\00333624.TXT -> TrackingCookie.Hitbox : Cleaned.
C:\RECYCLER\NPROTECT\00333625.TXT -> TrackingCookie.Hitbox : Cleaned.
C:\RECYCLER\NPROTECT\00333909.TXT -> TrackingCookie.Hitbox : Cleaned.
C:\RECYCLER\NPROTECT\00333910.TXT -> TrackingCookie.Hitbox : Cleaned.
C:\RECYCLER\NPROTECT\00333911.TXT -> TrackingCookie.Hitbox : Cleaned.
C:\RECYCLER\NPROTECT\00333912.TXT -> TrackingCookie.Hitbox : Cleaned.
C:\RECYCLER\NPROTECT\00333913.TXT -> TrackingCookie.Hitbox : Cleaned.
C:\RECYCLER\NPROTECT\00333914.TXT -> TrackingCookie.Hitbox : Cleaned.
C:\RECYCLER\NPROTECT\00333915.TXT -> TrackingCookie.Hitbox : Cleaned.
C:\RECYCLER\NPROTECT\00333916.TXT -> TrackingCookie.Hitbox : Cleaned.
C:\RECYCLER\NPROTECT\00332716.TXT -> TrackingCookie.Pointroll : Cleaned.
C:\RECYCLER\NPROTECT\00332717.TXT -> TrackingCookie.Pointroll : Cleaned.
C:\RECYCLER\NPROTECT\00332718.TXT -> TrackingCookie.Pointroll : Cleaned.
C:\RECYCLER\NPROTECT\00332721.TXT -> TrackingCookie.Pointroll : Cleaned.
C:\RECYCLER\NPROTECT\00332722.TXT -> TrackingCookie.Pointroll : Cleaned.
C:\RECYCLER\NPROTECT\00332727.TXT -> TrackingCookie.Pointroll : Cleaned.
C:\RECYCLER\NPROTECT\00332728.TXT -> TrackingCookie.Pointroll : Cleaned.
C:\RECYCLER\NPROTECT\00332729.TXT -> TrackingCookie.Pointroll : Cleaned.
C:\RECYCLER\NPROTECT\00332730.TXT -> TrackingCookie.Pointroll : Cleaned.
C:\RECYCLER\NPROTECT\00332766.TXT -> TrackingCookie.Ru4 : Cleaned.
C:\RECYCLER\NPROTECT\00332767.TXT -> TrackingCookie.Ru4 : Cleaned.
C:\Documents and Settings\Don\Cookies\don@trafic[1].txt -> TrackingCookie.Trafic : Cleaned.
C:\Documents and Settings\Pam\Cookies\pam@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\Don\Cookies\
[email protected][1].txt -> TrackingCookie.Valuead : Cleaned.
C:\Documents and Settings\Don\Cookies\
[email protected][2].txt -> TrackingCookie.Yieldmanager : Cleaned.
::Report end
ComboFix Report:
Pam - 07-01-06 8:53:38.52 Service Pack 2
ComboFix 06.11.27 - Running from: "C:\Documents and Settings\Pam\My Documents"
(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINDOWS\system32\netstat.com
C:\WINDOWS\system32\taskkill.com
C:\Program Files\Common Files\{30734845-0423-1033-1029-010918010002}
((((((((((((((((((((((((((((((( Files Created from 2006-12-06 to 2007-01-06 ))))))))))))))))))))))))))))))))))
2007-01-06 08:51 <DIR> dr-h----- C:\Documents and Settings\Pam\Recent
2007-01-06 02:39 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-01-05 16:22 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-01-04 17:51 1,413,424 -ra------ C:\WINDOWS\system32\drivers\lvpopflt.sys
2007-01-04 17:50 961,072 -ra------ C:\WINDOWS\system32\drivers\lvuvc.sys
2007-01-04 17:50 55,984 -ra------ C:\WINDOWS\system32\drivers\lvselsus.sys
2007-01-04 17:50 513,584 -ra------ C:\WINDOWS\system32\LVUI2RC.dll
2007-01-04 17:50 4,770 -ra------ C:\WINDOWS\system32\Repository.reg
2007-01-04 17:50 38,960 -ra------ C:\WINDOWS\system32\drivers\LVUSBSta.sys
2007-01-04 17:50 263,728 -ra------ C:\WINDOWS\system32\lvcodec2.dll
2007-01-04 17:50 210,480 -ra------ C:\WINDOWS\system32\LVUI2.dll
2007-01-04 17:50 20,272 -ra------ C:\WINDOWS\system32\drivers\lvuvcflt.sys
2007-01-04 17:50 116,272 -ra------ C:\WINDOWS\system32\lvcoinst.dll
2007-01-04 17:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Logitech
2007-01-04 17:18 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2007-01-04 08:43 <DIR> d-------- C:\Program Files\Windows Live Safety Center
2007-01-04 08:13 2,272 --a------ C:\WINDOWS\system32\tmp.reg
2007-01-03 09:35 <DIR> d-------- C:\Program Files\Windows Defender
2007-01-03 09:03 <DIR> d-------- C:\Program Files\ACW
2007-01-02 15:34 <DIR> d-------- C:\WINDOWS\WBEM
2007-01-02 15:34 <DIR> d-------- C:\WINDOWS\system32\en-US
2007-01-02 15:33 <DIR> d--h-c--- C:\WINDOWS\ie7
2007-01-02 15:31 121,856 --------- C:\WINDOWS\system32\xmllite.dll
2007-01-02 15:30 <DIR> d-------- C:\WINDOWS\network diagnostic
2006-12-30 16:29 <DIR> d--hs---- C:\WINDOWS\system32\vpfvgpvyx
2006-12-28 01:16 <DIR> d----c--- C:\362f49c12b37e1731c0b497af3a287
2006-12-28 01:16 <DIR> d-------- C:\Program Files\MSXML 4.0
2006-12-26 19:42 59,264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys
2006-12-26 19:39 348,160 --a------ C:\WINDOWS\system\msvcr71.dll
2006-12-25 12:48 26,624 --a------ C:\WINDOWS\system32\drivers\SPCP825K.sys
2006-12-25 12:48 <DIR> d-------- C:\Program Files\SHARP
2006-12-19 11:17 338,944 --a------ C:\WINDOWS\system32\lffpx7.dll
2006-12-19 11:17 118,784 --a------ C:\WINDOWS\system32\lfkodak.dll
2006-12-13 20:23 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-01-06 08:54 -------- d-------- C:\Program Files\Common Files
2007-01-06 08:48 -------- d-------- C:\Program Files\Yahoo!
2007-01-06 08:43 -------- d-------- C:\Program Files\Common Files\Motive
2007-01-06 02:39 -------- d-------- C:\Program Files\Grisoft
2007-01-05 07:56 -------- d-------- C:\Program Files\Click'N Design 3D
2007-01-05 07:52 -------- d--h----- C:\Program Files\InstallShield Installation Information
2007-01-04 17:46 -------- d-------- C:\Program Files\Common Files\Logitech
2007-01-04 17:43 -------- d-------- C:\Program Files\Logitech
2007-01-04 17:19 -------- d-------- C:\Documents and Settings\Pam\Application Data\Skype
2007-01-03 09:35 -------- d-------- C:\Program Files\Microsoft AntiSpyware
2007-01-02 15:38 -------- d-------- C:\Program Files\Internet Explorer
2007-01-02 14:39 -------- d-------- C:\Program Files\Spybot - Search & Destroy
2007-01-01 16:38 -------- d-------- C:\Documents and Settings\Pam\Application Data\Canon
2006-12-30 16:40 359808 --a------ C:\WINDOWS\system32\drivers\tcpip.sys
2006-12-30 15:12 -------- d---s---- C:\Documents and Settings\Pam\Application Data\Microsoft
2006-12-13 23:27 -------- d-------- C:\Program Files\Outlook Express
2006-12-13 23:27 -------- d-------- C:\Program Files\Common Files\System
2006-12-06 22:40 2362184 --a------ C:\WINDOWS\system32\wmvcore.dll
2006-11-25 15:30 -------- d-------- C:\Program Files\SmithMan
2006-11-25 15:23 73216 --a------ C:\WINDOWS\ST6UNST.EXE
2006-11-25 15:23 249856 --------- C:\WINDOWS\Setup1.exe
2006-11-15 20:48 323624 --a------ C:\WINDOWS\system32\wiaaut.dll
2006-11-11 22:45 -------- d-------- C:\Program Files\Hasbro Interactive
2006-11-10 14:37 -------- d-------- C:\Program Files\Disnat Direct
2006-11-07 21:06 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-11-07 21:03 6049280 --------- C:\WINDOWS\system32\ieframe.dll
2006-11-07 21:03 50688 --------- C:\WINDOWS\system32\msfeedsbs.dll
2006-11-07 21:03 458752 --------- C:\WINDOWS\system32\msfeeds.dll
2006-11-07 21:03 413696 --a------ C:\WINDOWS\system32\vbscript.dll
2006-11-07 21:03 231424 --a------ C:\WINDOWS\system32\webcheck.dll
2006-11-07 21:03 180736 --------- C:\WINDOWS\system32\ieui.dll
2006-11-07 21:03 156160 --a------ C:\WINDOWS\system32\msls31.dll
2006-11-07 03:27 382976 --a------ C:\WINDOWS\system32\iedkcs32.dll
2006-11-07 03:27 229376 --a------ C:\WINDOWS\system32\ieaksie.dll
2006-11-07 03:26 71680 --a------ C:\WINDOWS\system32\admparse.dll
2006-11-07 03:26 55296 --a------ C:\WINDOWS\system32\iesetup.dll
2006-11-07 03:26 54784 --a------ C:\WINDOWS\system32\ie4uinit.exe
2006-11-07 03:26 43008 --a------ C:\WINDOWS\system32\iernonce.dll
2006-11-07 03:26 152064 --a------ C:\WINDOWS\system32\ieakeng.dll
2006-11-07 03:26 13312 --a------ C:\WINDOWS\system32\ieudinit.exe
2006-11-07 03:26 123904 --a------ C:\WINDOWS\system32\advpack.dll
2006-11-07 03:25 161792 --a------ C:\WINDOWS\system32\ieakui.dll
2006-11-04 14:14 1245696 --a------ C:\WINDOWS\system32\msxml4.dll
2006-10-20 14:23 619352 --a------ C:\WINDOWS\system32\WINSSWEBAGENT.DLL
2006-10-19 05:56 713216 --a------ C:\WINDOWS\system32\sxs.dll
2006-10-17 12:06 78336 --a------ C:\WINDOWS\system32\ieencode.dll
2006-10-17 12:05 40960 --a------ C:\WINDOWS\system32\licmgr10.dll
2006-10-17 12:05 206336 --------- C:\WINDOWS\system32\WinFXDocObj.exe
2006-10-17 12:05 105984 --a------ C:\WINDOWS\system32\url.dll
2006-10-17 12:04 101376 --a------ C:\WINDOWS\system32\occache.dll
2006-10-17 12:03 17408 --a------ C:\WINDOWS\system32\corpol.dll
2006-10-17 11:58 61952 --------- C:\WINDOWS\system32\icardie.dll
2006-10-17 11:58 12288 --------- C:\WINDOWS\system32\msfeedssync.exe
2006-10-17 11:57 36352 --a------ C:\WINDOWS\system32\imgutil.dll
2006-10-17 11:57 266752 --------- C:\WINDOWS\system32\iertutil.dll
2006-10-17 11:56 45568 --a------ C:\WINDOWS\system32\mshta.exe
2006-10-17 11:28 48128 --a------ C:\WINDOWS\system32\mshtmler.dll
2006-10-17 11:27 380928 --------- C:\WINDOWS\system32\ieapfltr.dll
2006-10-13 04:35 142336 --a------ C:\WINDOWS\system32\nwprovau.dll
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries are not shown
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"IntelliPoint"="\"C:\\Program Files\\Microsoft IntelliPoint\\point32.exe\""
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
"Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"
"LogitechCommunicationsManager"="\"C:\\Program Files\\Common Files\\Logitech\\LComMgr\\Communications_Helper.exe\""
"LogitechQuickCamRibbon"="\"C:\\Program Files\\Logitech\\QuickCam10\\QuickCam10.exe\" /hide"
"LVCOMSX"="\"C:\\Program Files\\Common Files\\Logitech\\LComMgr\\LVComSX.exe\""
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="Microsoft AntiMalware ShellExecuteHook"
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"="1"
"NoAdminPage"="1"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"RemoteControl"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"mmtask"="C:\\Program Files\\MUSICMATCH\\MUSICMATCH Jukebox\\mmtask.exe"
"MMTray"="C:\\Program Files\\MUSICMATCH\\MUSICMATCH Jukebox\\mm_tray.exe"
"CTStartup"="C:\\Program Files\\Creative\\SBAudigy\\Program\\CTEaxSpl.EXE /run"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Adobe Reader Speed Launch.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Adobe\\ACROBA~3.0\\Reader\\READER~1.EXE "
"item"="Adobe Reader Speed Launch"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Microsoft Office.lnk"
"backup"="C:\\WINDOWS\\pss\\Microsoft Office.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\MICROS~2\\Office\\OSA9.EXE -b -l"
"item"="Microsoft Office"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gcasServ]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="gcasServ"
"hkey"="HKLM"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="InCD"
"hkey"="HKLM"
"command"="C:\\Program Files\\Ahead\\InCD\\InCD.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NvCpl"
"hkey"="HKLM"
"command"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="nwiz"
"hkey"="HKLM"
"command"="nwiz.exe /install"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Omnipage]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="opware32"
"hkey"="HKLM"
"command"="C:\\Program Files\\ScanSoft\\OmniPageSE\\opware32.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jusched"
"hkey"="HKLM"
"command"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="GoogleToolbarNotifier"
"hkey"="HKCU"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead Photo Express Calendar Checker]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="calcheck"
"hkey"="HKLM"
"command"="C:\\Program Files\\Ulead Systems\\Ulead Photo Express 5 SE\\calcheck.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Updreg"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\Updreg.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="dumprep 0 -u"
"hkey"="HKLM"
"command"="%systemroot%\\system32\\dumprep 0 -u"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ose"=dword:00000003
"iPodService"=dword:00000003
"InCDsrv"=dword:00000002
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\MP Scheduled Scan.job
Completion time: 07-01-06 8:55:17.66
C:\ComboFix.txt ... 07-01-06 08:55
Hijackthis Logfile from safe mode after everything was done:
Logfile of HijackThis v1.99.1
Scan saved at 9:03:03 AM, on 06/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Pam\My Documents\hijackthis\HijackThis.exe
F3 - REG:win.ini: load=C:\WINDOWS\system32\vpfvgpvyx\winlogon.exe
F3 - REG:win.ini: run=C:\WINDOWS\system32\vpfvgpvyx\winlogon.exe
O1 - Hosts: 1.1.1.1 f-secure.com
O1 - Hosts: 1.1.1.1 www.f-secure.com
O1 - Hosts: 1.1.1.1 ftp.f-secure.com
O1 - Hosts: 1.1.1.1 ftp.sophos.com
O1 - Hosts: 1.1.1.1 liveupdate.symantec.com
O1 - Hosts: 1.1.1.1 customer.symantec.com
O1 - Hosts: 1.1.1.1 dispatch.mcafee.com
O1 - Hosts: 1.1.1.1 download.mcafee.com
O1 - Hosts: 1.1.1.1 rads.mcafee.com
O1 - Hosts: 1.1.1.1 mast.mcafee.com
O1 - Hosts: 1.1.1.1 my-etrust.com
O1 - Hosts: 1.1.1.1 www.my-etrust.com
O1 - Hosts: 1.1.1.1 nai.com
O1 - Hosts: 1.1.1.1 www.nai.com
O1 - Hosts: 1.1.1.1 networkassociates.com
O1 - Hosts: 1.1.1.1 secure.nai.com
O1 - Hosts: 1.1.1.1 securityresponse.symantec.com
O1 - Hosts: 1.1.1.1 service1.symantec.com
O1 - Hosts: 1.1.1.1 sophos.com
O1 - Hosts: 1.1.1.1 www.sophos.com
O1 - Hosts: 1.1.1.1 support.microsoft.com
O1 - Hosts: 1.1.1.1 symantec.com
O1 - Hosts: 1.1.1.1 www.symantec.com
O1 - Hosts: 1.1.1.1 update.symantec.com
O1 - Hosts: 1.1.1.1 updates.symantec.com
O1 - Hosts: 1.1.1.1 us.mcafee.com
O1 - Hosts: 1.1.1.1 vil.nai.com
O1 - Hosts: 1.1.1.1 viruslist.com
O1 - Hosts: 1.1.1.1 www.viruslist.com
O1 - Hosts: 1.1.1.1 grisoft.com
O1 - Hosts: 1.1.1.1 www.grisoft.com
O1 - Hosts: 1.1.1.1 free.grisoft.com
O1 - Hosts: 1.1.1.1 trendmicro.com
O1 - Hosts: 1.1.1.1 housecall.trendmicro.com
O1 - Hosts: 1.1.1.1 www.trendmicro.com
O1 - Hosts: 1.1.1.1 pandasoftware.com
O1 - Hosts: 1.1.1.1 www.pandasoftware.com
O1 - Hosts: 1.1.1.1 usa.kaspersky.com
O1 - Hosts: 1.1.1.1 ewido.net
O1 - Hosts: 1.1.1.1 zonelabs.com
O1 - Hosts: 1.1.1.1 www.zonelabs.com
O1 - Hosts: 1.1.1.1 bitdefender.com
O1 - Hosts: 1.1.1.1 www.bitdefender.com
O1 - Hosts: 1.1.1.1 download.bitdefender.com
O1 - Hosts: 1.1.1.1 upgrade.bitdefender.com
O1 - Hosts: 1.1.1.1 spywareinfo.com
O1 - Hosts: 1.1.1.1 www.spywareinfo.com
O1 - Hosts: 1.1.1.1 merijn.org
O1 - Hosts: 1.1.1.1 www.merijn.org
O1 - Hosts: 1.1.1.1 sysinternals.com
O1 - Hosts: 1.1.1.1 www.sysinternals.com
O1 - Hosts: 1.1.1.1 onguardonline.gov
O1 - Hosts: 1.1.1.1 www.onguardonline.gov
O1 - Hosts: 1.1.1.1 avast.com
O1 - Hosts: 1.1.1.1 www.avast.com
O1 - Hosts: 1.1.1.1 safety.live.com
O1 - Hosts: 1.1.1.1 www.paretologic.com
O1 - Hosts: 1.1.1.1 paretologic.com
O1 - Hosts: 1.1.1.1 virusscan.jotti.org
O1 - Hosts: 1.1.1.1 services.google.com
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: winlogon.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: OZ_ZQ-590A Synchronization Software.lnk = C:\Program Files\SHARP\OZ_ZQ-590A\sync.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: Yahoo! Poker -
http://download.game...nts/y/pt1_x.cabO16 - DPF: {02BED220-FBC7-4392-93A2-3A50B056F78E} -
http://down.plaxo.co...ease/instub.cabO16 - DPF: {106E49CF-797A-11D2-81A2-00E02C015623} (AlternaTIFF ActiveX) -
http://www.alternati.../00/alttiff.cabO16 - DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} (Controller Class) -
https://www.windowso...nSSWebAgent.CABO16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) -
http://cdn.scan.safe...lscbase8460.cabO16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) -
http://64.114.12.3/m...de/mgaxctrl.cabO16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
http://acs.pandasoft...free/asinst.cabO16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) -
http://messenger.msn...pDownloader.cabO16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FC} (PCUploader Class) -
http://www.walmartph...x/PCAXSetup.cab?
O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) -
http://costco.pnimed...tupv2.0.0.9.cab?
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe