Hi!

I have been recently stuck with a problem of removing from my computer what looks to be a dialer.
It pops-up occasionally and a window contains something written in Italian. The Ad-aware did not solve it for me, nor did Norton Antivirus.
Thereof, I did make a HijackThis log file and truly hope for a help here.

Logfile of HijackThis v1.99.1
Scan saved at 23:56:27, on 2007.01.13.
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ASWLSVC.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Symantec_Client_Security\Symantec Client Firewall\NISUM.EXE
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec_Client_Security\Symantec Client Firewall\SymPxSvc.exe
C:\Program Files\Symantec_Client_Security\Symantec Client Firewall\NISSERV.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ATK0100\HControl.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Program Files\Wireless Console 2\wcourier.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ASUS\WLAN Card Utilities\Center.exe
C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe
C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\IAMAPP.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\TILDES~1\MDICTION.EXE
C:\PROGRA~1\TILDES~1\Pianists.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mailinfo\Mailinfo for Outlook Express\oe_mailinfo.exe
C:\Program Files\Asus\Asus ChkMail\ChkMail.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\Symantec_Client_Security\Symantec Client Firewall\ATRACK.EXE
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\Arturs\LOCALS~1\Temp\Rar$EX00.969\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.asus.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Tildes Birojs - {1E6700F0-0F85-40fd-8022-7EB60AB46F10} - C:\Program Files\Tildes Birojs 2005\IEjosla.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: iFinger plugin / Browser helper object - {A114D52B-870C-4F15-8021-B6D7F91A054B} - C:\PROGRA~1\iFinger\plugins\IE.ifp
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Tildes Birojs - {1E6700F0-0F85-40fd-8022-7EB60AB46F10} - C:\Program Files\Tildes Birojs 2005\IEjosla.dll
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ASUS Live Update] C:\Program Files\ASUS\ASUS Live Update\ALU.exe
O4 - HKLM\..\Run: [Wireless Console 2] C:\Program Files\Wireless Console 2\wcourier.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Control Center] C:\Program Files\ASUS\WLAN Card Utilities\Center.exe
O4 - HKLM\..\Run: [Zshutdown] c:\sysprep\patch\sysprep.cmd
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [iamapp] C:\PROGRA~1\SYMANT~1\SYMANT~1\IAMAPP.EXE
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [mdiction] C:\PROGRA~1\TILDES~1\MDICTION.EXE
O4 - HKLM\..\Run: [Pianists] C:\PROGRA~1\TILDES~1\Pianists.exe
O4 - HKLM\..\Run: [CheckCU] "C:\PROGRA~1\TILDES~1\CheckCU.exe" {36E408F0-DF8A-4F9B-BF26-AED92C789F5D} Tildes Birojs 2005
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Nektra OEAPI] "C:\Program Files\Mailinfo\Mailinfo for Outlook Express\oe_mailinfo.exe"
O4 - Global Startup: ASUS ChkMail.lnk = C:\Program Files\Asus\Asus ChkMail\ChkMail.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &Translate with Tilde Computer Dictionary - res://C:\Program Files\Tildes Birojs 2005\TDVLauncher.DLL /201
O8 - Extra context menu item: &Tulkot ar Tildes Datorvārdnīcu - res://C:\Program Files\Tildes Birojs 2005\TDVLauncher.DLL /201
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: iFinger - {936E5D60-596C-11D3-BB96-00600816DF55} - C:\WINDOWS\system32\SHDOCVW.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com
O20 - Winlogon Notify: winjrs32 - C:\WINDOWS\SYSTEM32\winjrs32.dll
O21 - SSODL: emptins - {588599f4-de26-4c28-ba14-f4eb17e33481} - (no file)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: ASWLSVC - Unknown owner - C:\WINDOWS\system32\ASWLSVC.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Symantec Client Firewall Service (NISSERV) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec Client Firewall\NISSERV.EXE
O23 - Service: Symantec Client Firewall Accounts Manager (NISUM) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec Client Firewall\NISUM.EXE
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
O23 - Service: Symantec Client Firewall Proxy Service (SymPxSvc) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec Client Firewall\SymPxSvc.exe

Hello,Head Hunter & Welcome


First Hijackthis needs to be in it's own folder
Create a folder on the C: drive called C:\HJT.
You can do this by going to My Computer (Windows key+e) then double click on C:
then right click and select New then Folder and name it HJT. then move Hijackthis.exe to that folder


Then have a look at the two links in the quote box at the
bottom of my page do as is asked. then show me an updated Ad-Aware Se logfile
and a new HijackThis logfile.

Gogo

Hi, HJThis!

Thanx for the guidance and sorry for the improper post.

Guess I did what you said and here will be the logs:

Ad-Aware SE Build 1.06r1
Logfile Created on:pirmdiena, 2007. gada 15. janvārī 21:42:40
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R144 15.01.2007
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
MRU List(TAC index:0):3 total references
Tracking Cookie(TAC index:3):1 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Search for low-risk threats
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


2007.01.15. 21:42:40 - Scan started. (Full System Scan)

MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d


MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X


MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw


Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 808
ThreadCreationTime : 2007.01.15. 19:41:30
BasePriority : Normal


#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 888
ThreadCreationTime : 2007.01.15. 19:41:33
BasePriority : Normal


#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 912
ThreadCreationTime : 2007.01.15. 19:41:34
BasePriority : High


#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 956
ThreadCreationTime : 2007.01.15. 19:41:34
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 968
ThreadCreationTime : 2007.01.15. 19:41:34
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1120
ThreadCreationTime : 2007.01.15. 19:41:34
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1200
ThreadCreationTime : 2007.01.15. 19:41:35
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1344
ThreadCreationTime : 2007.01.15. 19:41:35
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1392
ThreadCreationTime : 2007.01.15. 19:41:35
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1568
ThreadCreationTime : 2007.01.15. 19:41:35
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:11 [ccevtmgr.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ProcessID : 1908
ThreadCreationTime : 2007.01.15. 19:41:36
BasePriority : Normal
FileVersion : 1.00.37
ProductVersion : 1.00.37
ProductName : Event Manager
CompanyName : Symantec Corporation
FileDescription : Event Manager Service
InternalName : ccEvtMgr
LegalCopyright : Copyright © 2000-2002 Symantec Corporation. All rights reserved.
OriginalFilename : ccEvtMgr.exe

#:12 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 2028
ThreadCreationTime : 2007.01.15. 19:41:37
BasePriority : Normal
FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)
ProductVersion : 5.1.2600.2696
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:13 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 1296
ThreadCreationTime : 2007.01.15. 19:41:43
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:14 [hcontrol.exe]
FilePath : C:\WINDOWS\ATK0100\
ProcessID : 1540
ThreadCreationTime : 2007.01.15. 19:41:44
BasePriority : Normal
FileVersion : 1043, 2, 15, 51
ProductVersion : 1043, 3, 2, 1
ProductName : ATK0100
FileDescription : HControl
InternalName : HControl
LegalCopyright : Copyright © 2003
OriginalFilename : HControl.exe

#:15 [soundman.exe]
FilePath : C:\WINDOWS\
ProcessID : 1628
ThreadCreationTime : 2007.01.15. 19:41:44
BasePriority : Normal
FileVersion : 5.1.0.42
ProductVersion : 5.1.0.42
ProductName : Realtek Sound Manager
CompanyName : Realtek Semiconductor Corp.
FileDescription : Realtek Sound Manager
InternalName : ALSMTray
LegalCopyright : Copyright © 2001-2004 Realtek Semiconductor Corp.
OriginalFilename : ALSMTray.exe
Comments : Realtek AC97 Audio Sound Manager

#:16 [alu.exe]
FilePath : C:\Program Files\ASUS\ASUS Live Update\
ProcessID : 1644
ThreadCreationTime : 2007.01.15. 19:41:44
BasePriority : Normal
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : ALU Application
FileDescription : ALU MFC Application
InternalName : ALU
LegalCopyright : Copyright © 2002 ASUSTek. Corporation
OriginalFilename : ALU.EXE

#:17 [wcourier.exe]
FilePath : C:\Program Files\Wireless Console 2\
ProcessID : 1660
ThreadCreationTime : 2007.01.15. 19:41:44
BasePriority : Normal
FileVersion : 2, 0, 1, 0
ProductVersion : 2, 0, 1, 0
ProductName : Wireless Console 2
FileDescription : Wireless Console 2
InternalName : wcourier
LegalCopyright : Copyright © 2005
OriginalFilename : wcourier.exe

#:18 [syntpenh.exe]
FilePath : C:\Program Files\Synaptics\SynTP\
ProcessID : 1596
ThreadCreationTime : 2007.01.15. 19:41:44
BasePriority : Normal
FileVersion : 8.1.5 18Aug05
ProductVersion : 8.1.5 18Aug05
ProductName : Synaptics Pointing Device Driver
CompanyName : Synaptics, Inc.
FileDescription : Synaptics TouchPad Enhancements
InternalName : Synaptics Enhancements Application
LegalCopyright : Copyright © Synaptics, Inc. 1996-2005
OriginalFilename : SynTPEnh.exe

#:19 [center.exe]
FilePath : C:\Program Files\ASUS\WLAN Card Utilities\
ProcessID : 1736
ThreadCreationTime : 2007.01.15. 19:41:44
BasePriority : Normal
FileVersion : 2.3.3.5
ProductVersion : 1.0.0.0
ProductName : Wireless LAN Card Utilities
CompanyName : ASUSTeK COMPUTER INC.
FileDescription : ASUS Control Center Application
InternalName : Control Center
LegalCopyright : Copyright © 2002-2005 ASUSTeK
OriginalFilename : Center.exe

#:20 [pdvdserv.exe]
FilePath : C:\Program Files\ASUSTeK\ASUSDVD\
ProcessID : 1744
ThreadCreationTime : 2007.01.15. 19:41:44
BasePriority : Normal
FileVersion : 6.00.1027
ProductVersion : 6.00.1027
ProductName : PowerDVD
CompanyName : Cyberlink Corp.
FileDescription : PowerDVD RC Service
InternalName : PowerDVD RC Service
LegalCopyright : Copyright © CyberLink Corp. 1997-2004
OriginalFilename : PDVDSERV.EXE

#:21 [batterylife.exe]
FilePath : C:\Program Files\ASUS\Power4 Gear\
ProcessID : 1768
ThreadCreationTime : 2007.01.15. 19:41:44
BasePriority : Normal
FileVersion : 1043, 6, 15, 112
ProductVersion : 1043, 3, 6, 15
ProductName : BatteryLife
CompanyName : ASUSTeK Computer Inc.
FileDescription : BatteryLife
InternalName : BatteryLife
LegalCopyright : Copyright © 2002 ASUSTeK Computer Inc.
LegalTrademarks : ASUSTeK Computer Inc.
OriginalFilename : BatteryLife.exe
Comments : Power4 Gear Utility

#:22 [iamapp.exe]
FilePath : C:\PROGRA~1\SYMANT~1\SYMANT~1\
ProcessID : 1804
ThreadCreationTime : 2007.01.15. 19:41:44
BasePriority : Normal
FileVersion : 5.0.0.375
ProductVersion : 5.0
ProductName : Symantec Client Firewall
CompanyName : Symantec Corporation
FileDescription : IAMAPP.EXE
LegalCopyright : Copyright © 2002 Symantec Corporation

#:23 [hpwuschd2.exe]
FilePath : C:\Program Files\HP\HP Software Update\
ProcessID : 1812
ThreadCreationTime : 2007.01.15. 19:41:44
BasePriority : Normal
FileVersion : 5, 0, 0, 0
ProductVersion : 5, 0, 0, 0
ProductName : HP Software Update Application
CompanyName : Hewlett-Packard Company
FileDescription : hpwuSchd
InternalName : hpwuSchd
LegalCopyright : Copyright © 2003
OriginalFilename : hpwuSchd.exe

#:24 [mdiction.exe]
FilePath : C:\PROGRA~1\TILDES~1\
ProcessID : 1836
ThreadCreationTime : 2007.01.15. 19:41:44
BasePriority : Normal
FileVersion : 2.70
ProductVersion : 2.70
ProductName : Tildes Datorv?rdn?ca
CompanyName : Sabiedr?ba Tilde
FileDescription : Tildes Datorv?rdn?ca
InternalName : MDICTION
LegalCopyright : Autorties?bas © 1996-1997 Sabiedr?ba Tilde
OriginalFilename : MDICTION.EXE

#:25 [pianists.exe]
FilePath : C:\PROGRA~1\TILDES~1\
ProcessID : 1848
ThreadCreationTime : 2007.01.15. 19:41:45
BasePriority : Normal
FileVersion : 6.0.0.32
ProductVersion : 6.0.0.32
ProductName : Tildes Birojs 2005
CompanyName : SIA Tilde
FileDescription : Keyboard Pianist
InternalName : Pianists
LegalCopyright : Copyright © 1994-2005 SIA Tilde
OriginalFilename : Pianists.exel

#:26 [qttask.exe]
FilePath : C:\Program Files\QuickTime\
ProcessID : 1884
ThreadCreationTime : 2007.01.15. 19:41:45
BasePriority : Normal
FileVersion : 6.5.1
ProductVersion : QuickTime 6.5.1
ProductName : QuickTime
CompanyName : Apple Computer, Inc.
InternalName : QuickTime Task
LegalCopyright : © Apple Computer, Inc. 2001-2004
OriginalFilename : QTTask.exe

#:27 [jusched.exe]
FilePath : C:\Program Files\Java\jre1.5.0_10\bin\
ProcessID : 1976
ThreadCreationTime : 2007.01.15. 19:41:45
BasePriority : Normal


#:28 [realsched.exe]
FilePath : C:\Program Files\Common Files\Real\Update_OB\
ProcessID : 228
ThreadCreationTime : 2007.01.15. 19:41:45
BasePriority : Normal
FileVersion : 0.1.0.3510
ProductVersion : 0.1.0.3510
ProductName : RealPlayer (32-bit)
CompanyName : RealNetworks, Inc.
FileDescription : RealNetworks Scheduler
InternalName : schedapp
LegalCopyright : Copyright © RealNetworks, Inc. 1995-2004
LegalTrademarks : RealAudio™ is a trademark of RealNetworks, Inc.
OriginalFilename : realsched.exe

#:29 [desktopweather.exe]
FilePath : C:\Program Files\The Weather Channel FW\Desktop Weather\
ProcessID : 288
ThreadCreationTime : 2007.01.15. 19:41:45
BasePriority : Normal
FileVersion : 5, 0, 1, 0
ProductVersion : 5, 0, 1, 0
ProductName : The Weather Channel Interactive Consumer Application Software
CompanyName : The Weather Channel Interactive
InternalName : DesktopWeather.exe
LegalCopyright : © The Weather Channel Interactive. All rights reserved.
OriginalFilename : DesktopWeather.exe

#:30 [ctfmon.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 292
ThreadCreationTime : 2007.01.15. 19:41:45
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : CTFMON.EXE

#:31 [oe_mailinfo.exe]
FilePath : C:\Program Files\Mailinfo\Mailinfo for Outlook Express\
ProcessID : 308
ThreadCreationTime : 2007.01.15. 19:41:45
BasePriority : Normal
FileVersion : 2.06.0628
ProductVersion : 2.06.0628
ProductName : Outlook Express Mailinfo
CompanyName : Mailinfo
InternalName : oe_mailinfo
OriginalFilename : oe_mailinfo.exe

#:32 [chkmail.exe]
FilePath : C:\Program Files\Asus\Asus ChkMail\
ProcessID : 300
ThreadCreationTime : 2007.01.15. 19:41:45
BasePriority : Normal
FileVersion : 1043, 1, 15, 5
ProductVersion : 1043, 3, 1, 15
ProductName : asus ChkMail
CompanyName : asus
FileDescription : ChkMail
InternalName : ChkMail
LegalCopyright : Copyright c 2000
LegalTrademarks : ASUS
OriginalFilename : ChkMail.exe
Comments : ASUSTeK

#:33 [reader_sl.exe]
FilePath : C:\Program Files\Adobe\Acrobat 7.0\Reader\
ProcessID : 396
ThreadCreationTime : 2007.01.15. 19:41:45
BasePriority : Normal
FileVersion : 7.0.0.0
ProductVersion : 7.0.0.0
ProductName : Adobe Acrobat
CompanyName : Adobe Systems Incorporated
FileDescription : Adobe Acrobat SpeedLauncher
LegalCopyright : Copyright Adobe Systems Incorporated 2004
OriginalFilename : AcroSpeedLaunch.exe

#:34 [nkbmonitor.exe]
FilePath : C:\Program Files\Nikon\PictureProject\
ProcessID : 412
ThreadCreationTime : 2007.01.15. 19:41:45
BasePriority : Normal
FileVersion : 1, 6, 3, 3000
ProductVersion : 1, 6, 0
ProductName : PictureProject Monitor
CompanyName : Nikon Corporation
FileDescription : PictureProject Monitor
InternalName : NkbMonitor
LegalCopyright : Copyright © Nikon Corporation. 1998 - 2005
OriginalFilename : NKBMONITOR.EXE
Comments : PictureProject Monitor

#:35 [aswlsvc.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 584
ThreadCreationTime : 2007.01.15. 19:41:46
BasePriority : Normal


#:36 [mdm.exe]
FilePath : C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\
ProcessID : 640
ThreadCreationTime : 2007.01.15. 19:41:46
BasePriority : Normal
FileVersion : 7.00.9466
ProductVersion : 7.00.9466
ProductName : Microsoft® Visual Studio .NET
CompanyName : Microsoft Corporation
FileDescription : Machine Debug Manager
InternalName : mdm.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : mdm.exe

#:37 [nisum.exe]
FilePath : C:\Program Files\Symantec_Client_Security\Symantec Client Firewall\
ProcessID : 684
ThreadCreationTime : 2007.01.15. 19:41:46
BasePriority : Normal
FileVersion : 5.0.0.375
ProductVersion : 5.0
ProductName : Symantec Client Firewall
CompanyName : Symantec Corporation
FileDescription : User Manager
LegalCopyright : Copyright © 2002 Symantec Corporation

#:38 [nprotect.exe]
FilePath : C:\Program Files\Norton SystemWorks\Norton Utilities\
ProcessID : 884
ThreadCreationTime : 2007.01.15. 19:41:49
BasePriority : Normal
FileVersion : 16.00.0.22
ProductVersion : 16.00.0.22
ProductName : Norton Utilities
CompanyName : Symantec Corporation
FileDescription : Norton Protection Status
InternalName : NPROTECT
LegalCopyright : Copyright © 2003 Symantec Corporation
LegalTrademarks : Norton Utilities
OriginalFilename : NPROTECT.EXE

#:39 [nvsvc32.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1588
ThreadCreationTime : 2007.01.15. 19:41:49
BasePriority : Normal
FileVersion : 6.14.10.8204
ProductVersion : 6.14.10.8204
ProductName : NVIDIA Driver Helper Service, Version 82.04
CompanyName : NVIDIA Corporation
FileDescription : NVIDIA Driver Helper Service, Version 82.04
InternalName : NVSVC
LegalCopyright : © NVIDIA Corporation. All rights reserved.
OriginalFilename : nvsvc32.exe

#:40 [hpzipm12.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1484
ThreadCreationTime : 2007.01.15. 19:41:49
BasePriority : Normal
FileVersion : 9, 0, 0, 0
ProductVersion : 9, 0, 0, 0
ProductName : HP PML
CompanyName : HP
FileDescription : PML Driver
InternalName : PmlDrv
LegalCopyright : Copyright © 1998, 1999 Hewlett-Packard Company
OriginalFilename : PmlDrv.exe

#:41 [nopdb.exe]
FilePath : C:\PROGRA~1\NORTON~1\SPEEDD~1\
ProcessID : 1864
ThreadCreationTime : 2007.01.15. 19:41:49
BasePriority : Normal
FileVersion : 7.00.0.24
ProductVersion : 7.00.0.24
ProductName : Norton Speed Disk
CompanyName : Symantec Corporation
FileDescription : NOPDB
InternalName : NOPDB
LegalCopyright : Copyright © 2002
OriginalFilename : NOPDB.dll

#:42 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 2100
ThreadCreationTime : 2007.01.15. 19:41:49
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:43 [sympxsvc.exe]
FilePath : C:\Program Files\Symantec_Client_Security\Symantec Client Firewall\
ProcessID : 2140
ThreadCreationTime : 2007.01.15. 19:41:49
BasePriority : Normal
FileVersion : 5.0.0.375
ProductVersion : 5.0
ProductName : Symantec Client Firewall
CompanyName : Symantec Corporation
FileDescription : Transparent Proxy Server
LegalCopyright : Copyright © 2002 Symantec Corporation

#:44 [nisserv.exe]
FilePath : C:\Program Files\Symantec_Client_Security\Symantec Client Firewall\
ProcessID : 2288
ThreadCreationTime : 2007.01.15. 19:41:50
BasePriority : Normal
FileVersion : 5.0.0.375
ProductVersion : 5.0
ProductName : Symantec Client Firewall
CompanyName : Symantec Corporation
FileDescription : IAMSERV.EXE
LegalCopyright : Copyright © 2002 Symantec Corporation

#:45 [alg.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 3368
ThreadCreationTime : 2007.01.15. 19:41:56
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe

#:46 [atrack.exe]
FilePath : C:\Program Files\Symantec_Client_Security\Symantec Client Firewall\
ProcessID : 3408
ThreadCreationTime : 2007.01.15. 19:41:56
BasePriority : Normal
FileVersion : 5.0.0.375
ProductVersion : 5.0
ProductName : Symantec Client Firewall
CompanyName : Symantec Corporation
FileDescription : Alert Tracker
LegalCopyright : Copyright © 2002 Symantec Corporation

#:47 [atkosd.exe]
FilePath : C:\WINDOWS\ATK0100\
ProcessID : 3604
ThreadCreationTime : 2007.01.15. 19:41:57
BasePriority : Normal
FileVersion : 1043, 2, 15, 51
ProductVersion : 1043, 3, 2, 1
ProductName : ATK0100
FileDescription : ATKOSD
InternalName : ATKOSD
LegalCopyright : Copyright © 2003
OriginalFilename : ATKOSD.exe

#:48 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\
ProcessID : 3900
ThreadCreationTime : 2007.01.15. 19:42:31
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

#:49 [wuauclt.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 4044
ThreadCreationTime : 2007.01.15. 19:42:36
BasePriority : Normal
FileVersion : 5.8.0.2469 built by: lab01_n(wmbla)
ProductVersion : 5.8.0.2469
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Automatic Updates
InternalName : wuauclt.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : wuauclt.exe

#:50 [wmiprvse.exe]
FilePath : C:\WINDOWS\system32\wbem\
ProcessID : 252
ThreadCreationTime : 2007.01.15. 19:42:37
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : WMI
InternalName : Wmiprvse.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : Wmiprvse.exe

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 3


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 3


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 3


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking Cookie Object Recognized!
Type : IECache Entry
Data : arturs@ads.addynamix[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:2
Value : Cookie:arturs@ads.addynamix.com/
Expires : 2007.01.16. 21:42:18
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 1
Objects found so far: 4



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 4


Deep scanning and examining files (D:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for D:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 4


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 4




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 4

21:46:47 Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:04:06.657
Objects scanned:152224
Objects identified:1
Objects ignored:0
New critical objects:1

------------------------------------------------------------------------------------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 21:55:56, on 2007.01.15.
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ATK0100\HControl.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Program Files\Wireless Console 2\wcourier.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ASUS\WLAN Card Utilities\Center.exe
C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe
C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\IAMAPP.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\TILDES~1\MDICTION.EXE
C:\PROGRA~1\TILDES~1\Pianists.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mailinfo\Mailinfo for Outlook Express\oe_mailinfo.exe
C:\Program Files\Asus\Asus ChkMail\ChkMail.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\WINDOWS\system32\ASWLSVC.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Symantec_Client_Security\Symantec Client Firewall\NISUM.EXE
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec_Client_Security\Symantec Client Firewall\SymPxSvc.exe
C:\Program Files\Symantec_Client_Security\Symantec Client Firewall\NISSERV.EXE
C:\Program Files\Symantec_Client_Security\Symantec Client Firewall\ATRACK.EXE
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\HJT\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.asus.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Tildes Birojs - {1E6700F0-0F85-40fd-8022-7EB60AB46F10} - C:\Program Files\Tildes Birojs 2005\IEjosla.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: iFinger plugin / Browser helper object - {A114D52B-870C-4F15-8021-B6D7F91A054B} - C:\PROGRA~1\iFinger\plugins\IE.ifp
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Tildes Birojs - {1E6700F0-0F85-40fd-8022-7EB60AB46F10} - C:\Program Files\Tildes Birojs 2005\IEjosla.dll
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ASUS Live Update] C:\Program Files\ASUS\ASUS Live Update\ALU.exe
O4 - HKLM\..\Run: [Wireless Console 2] C:\Program Files\Wireless Console 2\wcourier.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Control Center] C:\Program Files\ASUS\WLAN Card Utilities\Center.exe
O4 - HKLM\..\Run: [Zshutdown] c:\sysprep\patch\sysprep.cmd
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [iamapp] C:\PROGRA~1\SYMANT~1\SYMANT~1\IAMAPP.EXE
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [mdiction] C:\PROGRA~1\TILDES~1\MDICTION.EXE
O4 - HKLM\..\Run: [Pianists] C:\PROGRA~1\TILDES~1\Pianists.exe
O4 - HKLM\..\Run: [CheckCU] "C:\PROGRA~1\TILDES~1\CheckCU.exe" {36E408F0-DF8A-4F9B-BF26-AED92C789F5D} Tildes Birojs 2005
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Nektra OEAPI] "C:\Program Files\Mailinfo\Mailinfo for Outlook Express\oe_mailinfo.exe"
O4 - Global Startup: ASUS ChkMail.lnk = C:\Program Files\Asus\Asus ChkMail\ChkMail.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &Translate with Tilde Computer Dictionary - res://C:\Program Files\Tildes Birojs 2005\TDVLauncher.DLL /201
O8 - Extra context menu item: &Tulkot ar Tildes Datorvārdnīcu - res://C:\Program Files\Tildes Birojs 2005\TDVLauncher.DLL /201
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: iFinger - {936E5D60-596C-11D3-BB96-00600816DF55} - C:\WINDOWS\system32\SHDOCVW.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com
O20 - Winlogon Notify: winjrs32 - C:\WINDOWS\SYSTEM32\winjrs32.dll
O21 - SSODL: emptins - {588599f4-de26-4c28-ba14-f4eb17e33481} - (no file)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: ASWLSVC - Unknown owner - C:\WINDOWS\system32\ASWLSVC.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Symantec Client Firewall Service (NISSERV) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec Client Firewall\NISSERV.EXE
O23 - Service: Symantec Client Firewall Accounts Manager (NISUM) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec Client Firewall\NISUM.EXE
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
O23 - Service: Symantec Client Firewall Proxy Service (SymPxSvc) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec Client Firewall\SymPxSvc.exe

Hi,Head Hunter

Download SmitfraudFix (by S!Ri) to your Desktop.
http://siri.urz.free.fr/Fix/SmitfraudFix.zip
Extract all the files to your Destop. A folder named SmitfraudFix will be created on your Desktop.

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press Enter
This program will scan large amounts of files on your computer for known patterns so please be patient while it works. When it is done, the results of the scan will be displayed and it will create a log named rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed. Please post that log in your next reply.

Please do not run any other options until you are asked to do so.


Gogo

Here is the rapport.txt log:

SmitFraudFix v2.132

Scan done at 1:46:06,92, 2007.01.17.
Run from C:\Documents and Settings\Arturs\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is FAT32
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Arturs


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Arturs\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\ARTURS\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{588599f4-de26-4c28-ba14-f4eb17e33481}"="emptins"



»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32


»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End

Hi,Head Hunter


Please print out or copy these instructions to Notepad as the internet will not be available to you at certain points of the removal process (whilst in Safe Mode). If there's anything that you don't understand, ask your question(s) before moving on with the fix.

Download SmitfraudFix (by S!Ri) to your Desktop.
http://siri.urz.free.fr/Fix/SmitfraudFix.zip
Extract all the files to your Destop. A folder named SmitfraudFix will be created on your Desktop.
( Do not run just YET )


Download ATF (Atribune Temp File) Cleaner© by Atribune

Download and Install AVG Anti-Spyware© by Grisoft

Launch AVG Anti-Spyware, there should be an icon on your desktop double-click it.
The program will now go to the main screen
You will need to update AVG Anti-Spyware to the latest definition files.
On the main screen select the icon Update then select the Update now link
Next select the Start Update button, the update will start and a progress bar will show the updates being installed.
Close AVG Anti-Spyware

( Don't run just YET )


==============

View hidden files and folders:
Click Start.
Open My Computer.
Select the Tools menu and click Folder Options.
Select the View Tab.
Under the Hidden files and folders heading select Show hidden files and folders.
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm.
Click OK.

==============

Run HijackThis
Scan and when it finishes, put a check mark only next to these following items : (if present)

O20 - Winlogon Notify: winjrs32 - C:\WINDOWS\SYSTEM32\winjrs32.dll

O21 - SSODL: emptins - {588599f4-de26-4c28-ba14-f4eb17e33481} - (no file)

Close all browsers and any open Windows, making sure that only HijackThis is open
Click Fix Checked
Close HijackThis

==============

Restart your computer in Safe Mode.

1. If the computer is running, shut down Windows, and then turn off the power.
2. Wait 30 seconds, and then turn the computer on.
3. Start tapping the F8 key. The Windows Advanced Options Menu will appear. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
4. Ensure that the Safe Mode option is selected.
5. Press Enter. The computer then begins to start in Safe Mode.
6. Login on your usual account.

If you need further assistance with Safe Mode, see Symantec

==============

Next, please find and delete the following files/folders (if present):
C:\WINDOWS\SYSTEM32\winjrs32.dll<---This file
C:\WINDOWS\SYSTEM32\xxfgmy.dll<---This file

==============

Run ATF Cleaner
Double-click ATF Cleaner.exe
Under Main choose: Select All
Click the Empty Selected button.
Click Exit on the Main menu to close the program


Run AVG Anti-Spyware
Click on Scanner at top
Click on Settings
Once in the Settings screen click on Recommended actions and then select Quarantine
Under Reports, Select Automatically generate report after every scan
Un-Select Only if threats were found
Select the Scanner icon at the top and then the Scan tab then click on Complete System Scan
AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time
Once the scan is complete do the following :
If you have any infections you will prompted, then select Apply all actions
Next select the Reports icon at the top.
Select the Save report as button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
Now close AVG Anti-Spyware

===========


Open the SmitfraudFix Folder, then double-click smitfraudfix.cmd file to start the tool.
Select option #2 - Clean by typing 2 and press Enter.
Wait for the tool to complete and disk cleanup to finish.
You will be prompted : "Registry cleaning - Do you want to clean the registry ?" answer Yes by typing Y and hit Enter.
The tool will also check if wininet.dll is infected. If a clean version is found, you will be prompted to replace wininet.dll. Answer Yes to the question "Replace infected file ?" by typing Y and hit Enter.

A reboot may be needed to finish the cleaning process, if you computer does not restart automatically please do it yourself manually.

When back in Normal Mode, click Start>Settings>Control Panel>Display>Desktop>Customize Desktop>Web and uncheck "Security Info" if present.

Please post the newrapport.txt log along with a new HijackThis Log and the AVG anti-spyware log in your next reply.


Gogo

Hi, HJThis!

After reading your instructions, one issue that caught my attention and that I definitely need to resolve before starting concerns deleting a system file while in Safe Mode (in particular C:\WINDOWS\SYSTEM32\winjrs32.dll or xxfgmy.dll).
Which program or application to use to delete these files? As I previously had problems both doing it through command prompt or wiping it out with Norton utilities.

Head Hunter

Hi,Head Hunter

All you should need to do is goto where the files are then
just right click and delete.

Gogo

Hi, HJThis!

I was not able to post anything for a while since I was ill.

Followed the steps you prescribed and here are the logs (since the AVG anti-spyware log is too long, I will post it in a separate reply):

SmitFraudFix v2.132

Scan done at 18:35:20,15, 2007.02.10.
Run from C:\Documents and Settings\Arturs\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is FAT32
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{588599f4-de26-4c28-ba14-f4eb17e33481}"="emptins"


»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End

------------------------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 18:44:36, on 2007.02.10.
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ASWLSVC.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Symantec_Client_Security\Symantec Client Firewall\NISUM.EXE
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec_Client_Security\Symantec Client Firewall\SymPxSvc.exe
C:\Program Files\Symantec_Client_Security\Symantec Client Firewall\NISSERV.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ATK0100\HControl.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Program Files\Wireless Console 2\wcourier.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ASUS\WLAN Card Utilities\Center.exe
C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe
C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\IAMAPP.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\TILDES~1\MDICTION.EXE
C:\PROGRA~1\TILDES~1\Pianists.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Symantec_Client_Security\Symantec Client Firewall\ATRACK.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mailinfo\Mailinfo for Outlook Express\oe_mailinfo.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Asus\Asus ChkMail\ChkMail.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 129.24.17.69:3128
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Tildes Birojs - {1E6700F0-0F85-40fd-8022-7EB60AB46F10} - C:\Program Files\Tildes Birojs 2005\IEjosla.dll
O2 - BHO: BitComet Helper - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: iFinger plugin / Browser helper object - {A114D52B-870C-4F15-8021-B6D7F91A054B} - C:\PROGRA~1\iFinger\plugins\IE.ifp
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Tildes Birojs - {1E6700F0-0F85-40fd-8022-7EB60AB46F10} - C:\Program Files\Tildes Birojs 2005\IEjosla.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ASUS Live Update] C:\Program Files\ASUS\ASUS Live Update\ALU.exe
O4 - HKLM\..\Run: [Wireless Console 2] C:\Program Files\Wireless Console 2\wcourier.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Control Center] C:\Program Files\ASUS\WLAN Card Utilities\Center.exe
O4 - HKLM\..\Run: [Zshutdown] c:\sysprep\patch\sysprep.cmd
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [iamapp] C:\PROGRA~1\SYMANT~1\SYMANT~1\IAMAPP.EXE
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [mdiction] C:\PROGRA~1\TILDES~1\MDICTION.EXE
O4 - HKLM\..\Run: [Pianists] C:\PROGRA~1\TILDES~1\Pianists.exe
O4 - HKLM\..\Run: [CheckCU] "C:\PROGRA~1\TILDES~1\CheckCU.exe" {36E408F0-DF8A-4F9B-BF26-AED92C789F5D} Tildes Birojs 2005
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Nektra OEAPI] "C:\Program Files\Mailinfo\Mailinfo for Outlook Express\oe_mailinfo.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - Global Startup: ASUS ChkMail.lnk = C:\Program Files\Asus\Asus ChkMail\ChkMail.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &Translate with Tilde Computer Dictionary - res://C:\Program Files\Tildes Birojs 2005\TDVLauncher.DLL /201
O8 - Extra context menu item: &Tulkot ar Tildes Datorvārdnīcu - res://C:\Program Files\Tildes Birojs 2005\TDVLauncher.DLL /201
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: iFinger - {936E5D60-596C-11D3-BB96-00600816DF55} - C:\WINDOWS\system32\SHDOCVW.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com
O20 - Winlogon Notify: winjrs32 - C:\WINDOWS\SYSTEM32\winjrs32.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: ASWLSVC - Unknown owner - C:\WINDOWS\system32\ASWLSVC.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Symantec Client Firewall Service (NISSERV) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec Client Firewall\NISSERV.EXE
O23 - Service: Symantec Client Firewall Accounts Manager (NISUM) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec Client Firewall\NISUM.EXE
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
O23 - Service: Symantec Client Firewall Proxy Service (SymPxSvc) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec Client Firewall\SymPxSvc.exe

-----------------------------------------------------------------

Just checked the amount of characters in the AVG anti-spyware log and it is very long with over 1,000,000 characters.
If it would be ok, may I post the log as an .txt file attachment in my next reply?

Head Hunter

Hey,Head Hunter

First sorry to hear you had been ill i pray all is better now

Next

Download The Avenger Copyright © Swandog46
You must extract avenger.exe to your desktop, before you run it.

CLOSE ALL WINDOWS (even this one) AND PROGRAMS!!!!


Copy all the text contained in the code box below to your Clipboard.
NOTE: don't copy the word quote



The above script is for this user only, if you need help please start your own thread.

Start the Avenger.
Under "Script file to execute" choose "Input Script Manually".
Click on the Magnifying Glass icon which will open a new window titled "View/edit script".
Paste the entire text in into this window.
Click done, now click on the Green Light
Answer "Yes" twice when prompted.
Your computer shoud reboot, and briefly open a black command window on your desktop, this is normal.

After the restart, it will create a log file that should open.
This log file will be located at C:\avenger.txt

Paste the contents of C:\avenger.txt into your reply along with a fresh HijackThis! log.

Also: Avenger has made backups of all the files, etc., that you asked it to delete, located at C:\avenger\backup.zip.

-----------------

Then after a reboot get this done and give me feedback on how the PC is doing.


You're using an outdated version of Java (latest one is Java Runtime Environment (JRE) 6). Please update and remove the older versions. Do the following:
Go to Start | Control Panel | Add/Remove Programs
Search in the list for all previous installed versions of Java. (J2SE Runtime Environment.... )
It should have this icon next to it:
Select it and click Remove.
Then download and install the newest version from here (scroll down to find it):
Java Runtime Environment (JRE) 6


Gogo

Hi again!

Thanks, it seems the illness has gone and now I am back to normal.

I've ran the Avenger and here are the logs:

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\hbiaf^uc

*******************

Script file located at: \??\C:\Program Files\bdsbydrb.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\WINDOWS\SYSTEM32\winjrs32.dll deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

----------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 23:17:47, on 2007.02.10.
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ASWLSVC.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Symantec_Client_Security\Symantec Client Firewall\NISUM.EXE
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec_Client_Security\Symantec Client Firewall\SymPxSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec_Client_Security\Symantec Client Firewall\NISSERV.EXE
C:\WINDOWS\ATK0100\HControl.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Program Files\Wireless Console 2\wcourier.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ASUS\WLAN Card Utilities\Center.exe
C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe
C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\IAMAPP.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\TILDES~1\MDICTION.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Symantec_Client_Security\Symantec Client Firewall\ATRACK.EXE
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mailinfo\Mailinfo for Outlook Express\oe_mailinfo.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Asus\Asus ChkMail\ChkMail.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 129.24.17.69:3128
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Tildes Birojs - {1E6700F0-0F85-40fd-8022-7EB60AB46F10} - C:\Program Files\Tildes Birojs 2005\IEjosla.dll
O2 - BHO: BitComet Helper - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: iFinger plugin / Browser helper object - {A114D52B-870C-4F15-8021-B6D7F91A054B} - C:\PROGRA~1\iFinger\plugins\IE.ifp
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Tildes Birojs - {1E6700F0-0F85-40fd-8022-7EB60AB46F10} - C:\Program Files\Tildes Birojs 2005\IEjosla.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ASUS Live Update] C:\Program Files\ASUS\ASUS Live Update\ALU.exe
O4 - HKLM\..\Run: [Wireless Console 2] C:\Program Files\Wireless Console 2\wcourier.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Control Center] C:\Program Files\ASUS\WLAN Card Utilities\Center.exe
O4 - HKLM\..\Run: [Zshutdown] c:\sysprep\patch\sysprep.cmd
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [iamapp] C:\PROGRA~1\SYMANT~1\SYMANT~1\IAMAPP.EXE
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [mdiction] C:\PROGRA~1\TILDES~1\MDICTION.EXE
O4 - HKLM\..\Run: [Pianists] C:\PROGRA~1\TILDES~1\Pianists.exe
O4 - HKLM\..\Run: [CheckCU] "C:\PROGRA~1\TILDES~1\CheckCU.exe" {36E408F0-DF8A-4F9B-BF26-AED92C789F5D} Tildes Birojs 2005
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Nektra OEAPI] "C:\Program Files\Mailinfo\Mailinfo for Outlook Express\oe_mailinfo.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - Global Startup: ASUS ChkMail.lnk = C:\Program Files\Asus\Asus ChkMail\ChkMail.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &Translate with Tilde Computer Dictionary - res://C:\Program Files\Tildes Birojs 2005\TDVLauncher.DLL /201
O8 - Extra context menu item: &Tulkot ar Tildes Datorvārdnīcu - res://C:\Program Files\Tildes Birojs 2005\TDVLauncher.DLL /201
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: iFinger - {936E5D60-596C-11D3-BB96-00600816DF55} - C:\WINDOWS\system32\SHDOCVW.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com
O20 - Winlogon Notify: winjrs32 - winjrs32.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: ASWLSVC - Unknown owner - C:\WINDOWS\system32\ASWLSVC.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Symantec Client Firewall Service (NISSERV) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec Client Firewall\NISSERV.EXE
O23 - Service: Symantec Client Firewall Accounts Manager (NISUM) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec Client Firewall\NISUM.EXE
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
O23 - Service: Symantec Client Firewall Proxy Service (SymPxSvc) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec Client Firewall\SymPxSvc.exe

Hi,Head Hunter

You are using Download Accelerator - DAP Be informed that it delivers popup/popunder ads, and tracks your internet usage. You can find safer alternatives here: http://www.spywareinfoforum.info/downloads...cat=dlman#dlman
I suggest you remove it. Go to Start > Settings > Control Panel > Add/Remove Programs and remove it

-------------------

Please print out or copy these instructions to Notepad as the internet will not be available to you at certain points of the removal process (whilst in Safe Mode). If there's anything that you don't understand, ask your question(s) before moving on with the fix.

--------------------

View hidden files and folders:
Click Start.
Open My Computer.
Select the Tools menu and click Folder Options.
Select the View Tab.
Under the Hidden files and folders heading select Show hidden files and folders.
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm.
Click OK.

---------------------

Restart your computer in Safe Mode.

1. If the computer is running, shut down Windows, and then turn off the power.
2. Wait 30 seconds, and then turn the computer on.
3. Start tapping the F8 key. The Windows Advanced Options Menu will appear. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
4. Ensure that the Safe Mode option is selected.
5. Press Enter. The computer then begins to start in Safe Mode.
6. Login on your usual account.

If you need further assistance with Safe Mode, see Symantec

----------------------

Run HijackThis
Scan and when it finishes, put a check mark only next to these following items : (if present)

O20 - Winlogon Notify: winjrs32 - winjrs32.dll (file missing)

Close all browsers and any open Windows, making sure that only HijackThis is open
Click Fix Checked
Close HijackThis

-----------------------

Next, please find and delete the following files/folders (if present):
C:\WINDOWS\system32\winjrs32.dll<---This file

-----------------------

Then do a reboot and get this here done

You're using an outdated version of Java (latest one is Java Runtime Environment (JRE) 6). Please update and remove the older versions. Do the following:
Go to Start | Control Panel | Add/Remove Programs
Search in the list for all previous installed versions of Java. (J2SE Runtime Environment.... )
It should have this icon next to it:
Select it and click Remove.
Then download and install the newest version from here (scroll down to find it):
Java Runtime Environment (JRE) 6

-----------------

And let me see a new HijackThis logfile.

Gogo

Hi!

Thank's for the advice on Download Accelerator!

Here is the new HijackThis logfile:

Logfile of HijackThis v1.99.1
Scan saved at 16:16:45, on 2007.02.11.
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ASWLSVC.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Symantec_Client_Security\Symantec Client Firewall\NISUM.EXE
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec_Client_Security\Symantec Client Firewall\SymPxSvc.exe
C:\Program Files\Symantec_Client_Security\Symantec Client Firewall\NISSERV.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ATK0100\HControl.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Program Files\Wireless Console 2\wcourier.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ASUS\WLAN Card Utilities\Center.exe
C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe
C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\IAMAPP.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\TILDES~1\MDICTION.EXE
C:\PROGRA~1\TILDES~1\Pianists.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Symantec_Client_Security\Symantec Client Firewall\ATRACK.EXE
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mailinfo\Mailinfo for Outlook Express\oe_mailinfo.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Asus\Asus ChkMail\ChkMail.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\system32\msiexec.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 129.24.17.69:3128
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Tildes Birojs - {1E6700F0-0F85-40fd-8022-7EB60AB46F10} - C:\Program Files\Tildes Birojs 2005\IEjosla.dll
O2 - BHO: BitComet Helper - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: iFinger plugin / Browser helper object - {A114D52B-870C-4F15-8021-B6D7F91A054B} - C:\PROGRA~1\iFinger\plugins\IE.ifp
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Tildes Birojs - {1E6700F0-0F85-40fd-8022-7EB60AB46F10} - C:\Program Files\Tildes Birojs 2005\IEjosla.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ASUS Live Update] C:\Program Files\ASUS\ASUS Live Update\ALU.exe
O4 - HKLM\..\Run: [Wireless Console 2] C:\Program Files\Wireless Console 2\wcourier.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Control Center] C:\Program Files\ASUS\WLAN Card Utilities\Center.exe
O4 - HKLM\..\Run: [Zshutdown] c:\sysprep\patch\sysprep.cmd
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [iamapp] C:\PROGRA~1\SYMANT~1\SYMANT~1\IAMAPP.EXE
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [mdiction] C:\PROGRA~1\TILDES~1\MDICTION.EXE
O4 - HKLM\..\Run: [Pianists] C:\PROGRA~1\TILDES~1\Pianists.exe
O4 - HKLM\..\Run: [CheckCU] "C:\PROGRA~1\TILDES~1\CheckCU.exe" {36E408F0-DF8A-4F9B-BF26-AED92C789F5D} Tildes Birojs 2005
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Nektra OEAPI] "C:\Program Files\Mailinfo\Mailinfo for Outlook Express\oe_mailinfo.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - Global Startup: ASUS ChkMail.lnk = C:\Program Files\Asus\Asus ChkMail\ChkMail.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O8 - Extra context menu item: &Translate with Tilde Computer Dictionary - res://C:\Program Files\Tildes Birojs 2005\TDVLauncher.DLL /201
O8 - Extra context menu item: &Tulkot ar Tildes Datorvārdnīcu - res://C:\Program Files\Tildes Birojs 2005\TDVLauncher.DLL /201
O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: iFinger - {936E5D60-596C-11D3-BB96-00600816DF55} - C:\WINDOWS\system32\SHDOCVW.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: ASWLSVC - Unknown owner - C:\WINDOWS\system32\ASWLSVC.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Symantec Client Firewall Service (NISSERV) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec Client Firewall\NISSERV.EXE
O23 - Service: Symantec Client Firewall Accounts Manager (NISUM) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec Client Firewall\NISUM.EXE
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
O23 - Service: Symantec Client Firewall Proxy Service (SymPxSvc) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec Client Firewall\SymPxSvc.exe

Hi,Head Hunter

Nice work now please take these last steps for for me then come back with
some feedback tell me if everything went ok.


To reset your restore points, please note that you will need to log into your computer with an account which has full administrator access. You will know if the account has administrator access because you will be able to see the System Restore tab. If the tab is missing, you are logged in under a limited account.


Next, let's clean your restore points and set a new one


Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs from changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected)

1. Turn off System Restore.
* On the Desktop, right-click My Computer.
* Click Properties.
* Click the System Restore tab.
* CHECK Turn off System Restore.
* Click Apply, and then click OK.
2. Restart your computer.
3. Turn ON System Restore.
* On the Desktop, right-click My Computer.
* Click Properties.
* Click the System Restore tab.
* UN-Check Turn off System Restore.
* Click Apply, and then click OK.

System Restore will now be active again.


Then create a new restore point once you have System Restore back on.
To create a new System Restore Point, click Start -> All Programs -> Accessories -> System Tools -> System Restore.
When the System Restore Utility opens, click "Create a Restore Point" then click Next.
Enter a name for this Restore Point, and click Create.



Clean out your Temporary Internet files.
Internet Explorer
Close Internet Explorer and close any instances of Windows Explorer.
Click Start -> Control Panel and then double-click Internet Options.
On the General tab, click Delete Files under Temporary Internet Files.
In the Delete Files dialog box, tick the Delete all offline content check box , and then click OK.
On the General tab, click Delete Cookies under Temporary Internet Files, and then click OK.
Click on the Programs tab then click the Reset Web Settings button. Click Apply then OK.
Click OK.

Firefox (In case you also have Firefox installed)
Open Firefox and go to Tools -> Options.
Click Privacy in the menu on the left side of the Options window.
Click the Clear button located to the right of each option (History, Cookies, Cache).
Click OK to close the Options window.
Alternatively, you can clear all information stored while browsing by clicking Clear All.
A confirmation dialog box will be shown before clearing the information.


Make your Internet Explorer more secure - This can be done by following these simple instructions:
1. From within Internet Explorer click on the Tools menu and then click on Options.
2. Click once on the Security tab
3. Click once on the Internet icon so it becomes highlighted.
4. Click once on the Custom Level button.
a. Change the Download signed ActiveX controls to Prompt
b. Change the Download unsigned ActiveX controls to Disable
c . Change the Initialize and script ActiveX controls not marked as safe to Disable
d. Change the Installation of desktop items to Prompt
e. Change the Launching programs and files in an IFRAME to Prompt
f. Change the Navigate sub-frames across different domains to Prompt
g. When all these settings have been made, click on the OK button.
h. If it prompts you as to whether or not you want to save the settings, press the Yes button.
5. Next press the Apply button and then the OK to exit the Internet Properties page.

And please have a look at the great info by Mr,TK
So how did I get infected in the first place


Gogo

Hi, HJThis!

Well, as you requested, this what I have to report.
After restarting the computer, all the programs are slow to respond. For example, The Firefox would not load for some 10 min. Moreover, it is impossible to work in the Firefox since it would not allow me to finish anything I start there.

Then I decided to check my CPU usage and surprise, surprise - CPU was at 100%. More disturbing is the fact that while I am not doing anything at the computer, it still eats all 100% of CPU and would not drop. Even after I end the process of running the Firefox it shows CPU usage at 100%. After awhile it shows an icon that the computer is running at low virtual memory.

I am desperate at finding a solution here. I don't know, maybe I don't get something but nothing like this has ever happened to me and therefore I can't get a clue what's wrong.

Desperate for help,

Head Hunter

Hi,Head Hunter

Sorry to hear this my man let's try this new tool i started using see what if anything
we may find or not, by the way have you installed anything new like Ram or hardware
before the problme started on you.

---------------

Please download ComboScan by Deckard and save it to your desktop:

*Close all applications and windows (including this one).
*Double-click on comboscan.exe to run it, and follow the prompts.
*When the scan is complete, a text file will open – ComboScan.txt.
*Copy (Ctrl + A then Ctrl + C) and paste (Ctrl + V) the contents of ComboScan.txt in your next reply.
*A folder, C:\ComboScan, will also open. In it will be another text file, Supplementary.txt.
*Please attach Supplementary.txt to your post.

Note: Some firewalls may warn that sigcheck.exe is trying to access the internet - please ensure that you allow sigcheck.exe permission to do so.

Gogo

Hi, again!

After watching the computer performance for some time after closing the Firefox it seems that CPU usage dropped to normal. Therefore, I guess it is related to the Firefox after all. However, I still don't get, why while I am working in the Firefox all the processes are very slow to respond. I couldn't write even a reply in this forum due to the fact that after each and every minute the internet would freeze with CPU usage constantly at 100%.

Head Hunter

Good that I am able to work from another computer at the moment

Answering your question, then, no, I have not installed any RAM or hardware.

I will definitely try this ComboScan; however, I will have to leave now for a work and will scan the computer probably later today.

Thanks so far!

Hi,Head Hunter

Hmm odd about firefox see if Uninstalling it then reinstall helps and is this the latest
Firefox Ver ?? and no problme have a good one. will check on you.

Gogo

Now, just reached my work. Much of snow today here in Latvia and it was quite difficult to ride.

Anyway, I thought too reinstalling the Firefox would solve the problem. Nah, nothing happened. It looks that something else is eating up the memory resources. I did manage to run the Ad-aware and it did find some dialers; however, I was not able to save the log and have no information to post, yet.

Head Hunter

All right, here comes the log of the ComboScan:

ComboScan v20070212.14 run by Arturs on 2007-02-20 at 19:26:19
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Successfully created restore point.
Performed disk cleanup.


-- HijackThis log (run as Arturs.com) -------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 19:27:24, on 2007.02.20.
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ASWLSVC.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Symantec_Client_Security\Symantec Client Firewall\NISUM.EXE
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec_Client_Security\Symantec Client Firewall\SymPxSvc.exe
C:\Program Files\Symantec_Client_Security\Symantec Client Firewall\NISSERV.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ATK0100\HControl.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Program Files\Wireless Console 2\wcourier.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ASUS\WLAN Card Utilities\Center.exe
C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe
C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\IAMAPP.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\TILDES~1\MDICTION.EXE
C:\PROGRA~1\TILDES~1\Pianists.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mailinfo\Mailinfo for Outlook Express\oe_mailinfo.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Symantec_Client_Security\Symantec Client Firewall\ATRACK.EXE
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Asus\Asus ChkMail\ChkMail.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Documents and Settings\Arturs\Desktop\comboscan.exe
C:\DOCUME~1\Arturs\LOCALS~1\Temp\~mkvpywj.tmp\Arturs.com

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 129.24.17.69:3128
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Tildes Birojs - {1E6700F0-0F85-40fd-8022-7EB60AB46F10} - C:\Program Files\Tildes Birojs 2005\IEjosla.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: iFinger plugin / Browser helper object - {A114D52B-870C-4F15-8021-B6D7F91A054B} - C:\PROGRA~1\iFinger\plugins\IE.ifp
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Tildes Birojs - {1E6700F0-0F85-40fd-8022-7EB60AB46F10} - C:\Program Files\Tildes Birojs 2005\IEjosla.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ASUS Live Update] C:\Program Files\ASUS\ASUS Live Update\ALU.exe
O4 - HKLM\..\Run: [Wireless Console 2] C:\Program Files\Wireless Console 2\wcourier.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Control Center] C:\Program Files\ASUS\WLAN Card Utilities\Center.exe
O4 - HKLM\..\Run: [Zshutdown] c:\sysprep\patch\sysprep.cmd
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [iamapp] C:\PROGRA~1\SYMANT~1\SYMANT~1\IAMAPP.EXE
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [mdiction] C:\PROGRA~1\TILDES~1\MDICTION.EXE
O4 - HKLM\..\Run: [Pianists] C:\PROGRA~1\TILDES~1\Pianists.exe
O4 - HKLM\..\Run: [CheckCU] "C:\PROGRA~1\TILDES~1\CheckCU.exe" {36E408F0-DF8A-4F9B-BF26-AED92C789F5D} Tildes Birojs 2005
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Nektra OEAPI] "C:\Program Files\Mailinfo\Mailinfo for Outlook Express\oe_mailinfo.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - Global Startup: ASUS ChkMail.lnk = C:\Program Files\Asus\Asus ChkMail\ChkMail.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O8 - Extra context menu item: &Translate with Tilde Computer Dictionary - res://C:\Program Files\Tildes Birojs 2005\TDVLauncher.DLL /201
O8 - Extra context menu item: &Tulkot ar Tildes Datorvārdnīcu - res://C:\Program Files\Tildes Birojs 2005\TDVLauncher.DLL /201
O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: iFinger - {936E5D60-596C-11D3-BB96-00600816DF55} - C:\WINDOWS\system32\SHDOCVW.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: ASWLSVC - Unknown owner - C:\WINDOWS\system32\ASWLSVC.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Symantec Client Firewall Service (NISSERV) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec Client Firewall\NISSERV.EXE
O23 - Service: Symantec Client Firewall Accounts Manager (NISUM) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec Client Firewall\NISUM.EXE
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
O23 - Service: Symantec Client Firewall Proxy Service (SymPxSvc) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec Client Firewall\SymPxSvc.exe


-- HijackThis Fixed Entries (C:\HJT\backups\) -----------------------------------

backup-20070120-131840-531 O20 - Winlogon Notify: winjrs32 - C:\WINDOWS\SYSTEM32\winjrs32.dll
backup-20070120-131841-905 O21 - SSODL: emptins - {588599f4-de26-4c28-ba14-f4eb17e33481} - (no file)
backup-20070210-170704-838 O20 - Winlogon Notify: winjrs32 - C:\WINDOWS\SYSTEM32\winjrs32.dll
backup-20070211-161036-345 O20 - Winlogon Notify: winjrs32 - winjrs32.dll (file missing)


-- File Associations ------------------------------------------------------------

.bat - batfile - "%1" %*
.chm - chm.file - "C:\WINDOWS\hh.exe" %1
.com - comfile - "%1" %*
.exe - exefile - "%1" %*
.hlp - hlpfile - %SystemRoot%\System32\winhlp32.exe %1
.inf - inffile - %SystemRoot%\System32\NOTEPAD.EXE %1
.ini - inifile - %SystemRoot%\System32\NOTEPAD.EXE %1
.js - JSFile - %SystemRoot%\System32\WScript.exe "%1" %*
.lnk - lnkfile - {00021401-0000-0000-C000-000000000046}
.pif - piffile - "%1" %*
.reg - regfile - regedit.exe "%1"
.scr - scrfile - "%1" /S
.txt - txtfile - %SystemRoot%\system32\NOTEPAD.EXE %1
.vbs - VBSFile - %SystemRoot%\System32\WScript.exe "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ----------------------

0 ACPIEC (Microsoft Embedded Controller Driver) - system32\DRIVERS\ACPIEC.sys
3 ALCXWDM (Service for Realtek AC97 Audio (WDM)) - system32\drivers\ALCXWDM.SYS
1 AmdK8 (AMD Processor Driver) - system32\DRIVERS\AmdK8.sys
3 Arp1394 (1394 ARP Client Protocol) - system32\DRIVERS\arp1394.sys
3 ASNDIS5 (ASNDIS5 Protocol Driver) - \??\C:\WINDOWS\system32\ASNDIS5.SYS
1 AVG Anti-Spyware Driver - \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys
1 AvgAsCln (AVG Anti-Spyware Clean Driver) - System32\DRIVERS\AvgAsCln.sys
3 BCM43XX (ASUS 802.11 Network Adapter Driver) - system32\DRIVERS\bcmwl5.sys
3 CCDECODE (Closed Caption Decoder) - system32\DRIVERS\CCDECODE.sys
3 HidUsb (Microsoft HID Class Driver) - system32\DRIVERS\hidusb.sys
3 HPZid412 (IEEE-1284.4 Driver HPZid412) - system32\DRIVERS\HPZid412.sys
3 HPZipr12 (Print Class Driver for IEEE-1284.4 HPZipr12) - system32\DRIVERS\HPZipr12.sys
3 HPZius12 (USB to IEEE-1284.4 Translation Driver HPZius12) - system32\DRIVERS\HPZius12.sys
3 HSFHWSIS - system32\DRIVERS\HSFHWSIS.sys
3 HSF_DPV - system32\DRIVERS\HSF_DPV.sys
4 InCDfs (InCD File System) - system32\drivers\InCDFs.sys
1 InCDPass - system32\drivers\InCDPass.sys
1 incdrm (InCD Reader) - system32\drivers\InCDRm.sys
2 irda (IrDA Protocol) - system32\DRIVERS\irda.sys
3 irsir (Microsoft Serial Infrared Driver) - system32\DRIVERS\irsir.sys
1 kbdhid (Keyboard HID Driver) - system32\DRIVERS\kbdhid.sys
2 MDC8021X (AEGIS Protocol (IEEE 802.1x) v2.3.1.9) - system32\DRIVERS\mdc8021x.sys
2 mdmxsdk - system32\DRIVERS\mdmxsdk.sys
3 mouhid (Mouse HID Driver) - system32\DRIVERS\mouhid.sys
3 MSTEE (Microsoft Streaming Tee/Sink-to-Sink Converter) - system32\drivers\MSTEE.sys
3 MTsensor (ATK0100 ACPI UTILITY) - system32\DRIVERS\ATKACPI.sys
3 NABTSFEC (NABTS/FEC VBI Codec) - system32\DRIVERS\NABTSFEC.sys
3 NAVENG - \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20070214.020\NAVENG.Sys
3 NAVEX15 - \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20070214.020\NavEx15.Sys
3 NdisIP (Microsoft TV/Video Connection) - system32\DRIVERS\NdisIP.sys
3 NIC1394 (1394 Net Driver) - system32\DRIVERS\nic1394.sys
3 NPDriver (Norton Unerase Protection Driver) - \??\C:\WINDOWS\system32\Drivers\NPDRIVER.SYS
3 nv - system32\DRIVERS\nv4_mini.sys
0 ohci1394 (OHCI Compliant IEEE 1394 Host Controller) - system32\DRIVERS\ohci1394.sys
0 PCIIde - system32\DRIVERS\pciide.sys
0 Pcmcia - system32\DRIVERS\pcmcia.sys
3 Rasirda (WAN Miniport (IrDA)) - system32\DRIVERS\rasirda.sys
0 rimsptsk - system32\DRIVERS\rimsptsk.sys
0 risdptsk - system32\DRIVERS\risdptsk.sys
3 RTL8023xp (Realtek 10/100/1000 NIC Family all in one NDIS XP Driver) - system32\DRIVERS\Rtlnicxp.sys
3 SANDRA - \??\C:\Program Files\SiSoftware\SiSoft Sandra 2001 Standard\sandra.sys
3 SAVRT - \??\C:\WINDOWS\system32\Drivers\SAVRT.SYS
2 SAVRTPEL - \??\C:\WINDOWS\system32\Drivers\SAVRTPEL.SYS
3 Ser2pl (MAT Serial port driver) - system32\DRIVERS\ser2pl.sys
3 SLIP (BDA Slip De-Framer) - system32\DRIVERS\SLIP.sys
3 streamip (BDA IPSink) - system32\DRIVERS\StreamIP.sys
3 SYMDNS - \SystemRoot\System32\Drivers\SYMDNS.SYS
3 SymEvent - \??\C:\Program Files\Symantec\SYMEVENT.SYS
3 SYMFW - \SystemRoot\System32\Drivers\SYMFW.SYS
3 SYMIDS - \SystemRoot\System32\Drivers\SYMIDS.SYS
3 SYMIDSCO - \??\C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\idsdefs\20060807.097\symidsco.sys
3 SYMNDIS - \SystemRoot\System32\Drivers\SYMNDIS.SYS
3 SYMREDRV - \SystemRoot\System32\Drivers\SYMREDRV.SYS
1 SYMTDI - \SystemRoot\System32\Drivers\SYMTDI.SYS
3 SynMini (USB2.0 1.3M Web Cam) - System32\Drivers\SynMini.sys
3 SynScan (USB2.0 1.3M Web Cam Still Image) - System32\Drivers\SynScan.sys
3 SynTP (Synaptics TouchPad Driver) - system32\DRIVERS\SynTP.sys
3 usbccgp (Microsoft USB Generic Parent Driver) - system32\DRIVERS\usbccgp.sys
3 usbehci (Microsoft USB 2.0 Enhanced Host Controller Miniport Driver) - system32\DRIVERS\usbehci.sys
3 usbohci (Microsoft USB Open Host Controller Miniport Driver) - system32\DRIVERS\usbohci.sys
3 usbprint (Microsoft USB PRINTER Class) - system32\DRIVERS\usbprint.sys
3 usbscan (USB Scanner Driver) - system32\DRIVERS\usbscan.sys
3 USBSTOR (USB Mass Storage Driver) - system32\DRIVERS\USBSTOR.SYS
3 winachsf - system32\DRIVERS\HSF_CNXT.sys
3 WmBEnum (Logitech Virtual Bus Enumerator Driver) - system32\drivers\WmBEnum.sys
3 WmFilter (Logitech WingMan HID Filter Driver) - system32\drivers\WmFilter.sys
3 WmVirHid (Logitech Virtual Hid Device Driver) - system32\drivers\WmVirHid.sys
3 WmXlCore (Logitech WingMan Translation Layer Driver) - system32\drivers\WmXlCore.sys
3 WSTCODEC (World Standard Teletext Codec) - system32\DRIVERS\WSTCODEC.SYS
3 WudfPf (Windows Driver Foundation - User-mode Driver Framework Platform Driver) - system32\DRIVERS\WudfPf.sys
3 WudfRd (Windows Driver Foundation - User-mode Driver Framework Reflector) - system32\DRIVERS\wudfrd.sys


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

3 aspnet_state (ASP.NET State Service) - %SystemRoot%\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
2 ASWLSVC - C:\WINDOWS\system32\ASWLSVC.exe
2 AVG Anti-Spyware Guard - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
2 ccEvtMgr (Symantec Event Manager) - "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
3 ccPwdSvc (Symantec Password Validation Service) - "C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe"
3 IDriverT (InstallDriver Table Manager) - "C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe"
2 InCDsrv (InCD Helper) - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
2 Irmon (Infrared Monitor) - %SystemRoot%\system32\svchost.exe -k netsvcs
2 MDM (Machine Debug Manager) - "C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE"
2 navapsvc (Norton AntiVirus Auto Protect Service) - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
3 NBService - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
2 NISSERV (Symantec Client Firewall Service) - "C:\Program Files\Symantec_Client_Security\Symantec Client Firewall\NISSERV.EXE"
3 NISUM (Symantec Client Firewall Accounts Manager) - "C:\Program Files\Symantec_Client_Security\Symantec Client Firewall\NISUM.EXE"
3 NMIndexingService - "C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe"
2 NProtectService (Norton Unerase Protection) - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
2 NVSvc (NVIDIA Display Driver Service) - %SystemRoot%\system32\nvsvc32.exe
3 ose (Office Source Engine) - "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
2 Pml Driver HPZ12 - C:\WINDOWS\system32\HPZipm12.exe
2 SBService (ScriptBlocking Service) - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
3 SNDSrvc (Symantec Network Drivers Service) - "C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe"
2 Speed Disk service - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
2 SymPxSvc (Symantec Client Firewall Proxy Service) - "C:\Program Files\Symantec_Client_Security\Symantec Client Firewall\SymPxSvc.exe"
3 WMPNetworkSvc (Windows Media Player Network Sharing Service) - "C:\Program Files\Windows Media Player\WMPNetwk.exe"
3 WudfSvc (Windows Driver Foundation - User-mode Driver Framework) - %SystemRoot%\system32\svchost.exe -k WudfServiceGroup


-- Scheduled Tasks --------------------------------------------------------------

2007-02-20 18:23:56 414 --a------ C:\WINDOWS\Tasks\Symantec NetDetect.job<SYMANT~1.JOB>
2007-02-19 08:00:02 368 --a------ C:\WINDOWS\Tasks\HPpromotions journeysoftware.job<HPPROM~1.JOB>
2007-02-06 04:20:14 364 --a------ C:\WINDOWS\Tasks\XoftSpySE.job<XOFTSP~1.JOB>
2006-12-08 20:07:10 484 --a------ C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer.job<NORTON~2.JOB>
2006-12-02 20:45:08 282 --a------ C:\WINDOWS\Tasks\Norton SystemWorks One Button Checkup.job<NORTON~1.JOB>


-- Files created between 2007-01-20 and 2007-02-20 ------------------------------

2007-02-17 16:06:13 0 d-------- C:\Program Files\Common Files\PACE Anti-Piracy<PACEAN~1>
2007-02-17 16:06:13 0 d-------- C:\Documents and Settings\Arturs\Application Data\PACE Anti-Piracy<PACEAN~1>
2007-02-17 16:06:13 0 d-------- C:\Documents and Settings\All Users\Application Data\PACE Anti-Piracy<PACEAN~1>
2007-02-11 16:15:46 0 d-------- C:\Program Files\Java
2007-02-11 16:15:46 0 d-------- C:\Program Files\Common Files\Java
2007-02-11 12:59:05 2560 --a------ C:\WINDOWS\_MSRSTRT.EXE<Unsigned: n/a>
2007-02-10 23:16:20 0 d-------- C:\avenger
2007-02-09 02:53:31 0 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion<YAHOO!~1>
2007-02-04 12:17:27 0 d-------- C:\Documents and Settings\All Users\Application Data\Nero
2007-02-04 11:58:18 0 d-------- C:\Documents and Settings\Arturs\Application Data\Ahead
2007-02-04 11:57:02 0 d-------- C:\Program Files\Nero
2007-02-03 23:19:55 0 d-------- C:\Documents and Settings\All Users\Application Data\Ahead
2007-02-03 19:59:48 0 d-------- C:\Program Files\PowerISO
2007-01-28 19:44:14 0 d--hs---- C:\FOUND.000
2007-01-20 14:15:50 0 d-------- C:\Documents and Settings\Administrator\Application Data\Symantec
2007-01-20 14:15:48 0 d-------- C:\Documents and Settings\Administrator\WINDOWS
2007-01-20 14:15:48 786432 --ah----- C:\Documents and Settings\Administrator\ntuser.dat
2007-01-20 13:08:00 3968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys<Unsigned: GRISOFT, s.r.o.>
2007-01-20 13:07:59 0 d-------- C:\Program Files\Grisoft
2007-01-20 09:11:07 31644 --a------ C:\WINDOWS\system32\drivers\scdemu.sys<Unsigned: PowerISO Computing, Inc.>


-- Find3M Report ----------------------------------------------------------------

2007-02-10 18:35:24 4666 --a------ C:\WINDOWS\system32\tmp.reg
2007-01-16 00:02:00 0 d-------- C:\Documents and Settings\Arturs\Application Data\Help
2007-01-15 02:00:14 0 d-------- C:\Program Files\Unibanka
2007-01-14 13:25:36 8464 --a------ C:\WINDOWS\system32\sporder.dll<Unsigned: Microsoft Corporation>
2007-01-14 02:06:20 0 d-------- C:\Documents and Settings\Arturs\Application Data\dvdcss
2007-01-14 01:58:10 0 d-------- C:\Documents and Settings\Arturs\Application Data\CyberLink<CYBERL~1>
2007-01-13 23:37:12 0 d-------- C:\Documents and Settings\Arturs\Application Data\TVU networks<TVUNET~1>
2006-12-31 21:57:08 0 d-------- C:\Program Files\Blaze Media Pro<BLAZEM~1>
2006-12-28 02:08:38 0 d-------- C:\Program Files\Common Files\xing shared<XINGSH~1>
2006-12-28 02:08:26 0 d-------- C:\Program Files\Real
2006-12-28 02:08:26 0 d-------- C:\Program Files\Common Files\Real
2006-12-28 02:07:54 0 d-------- C:\Documents and Settings\Arturs\Application Data\Real
2006-12-24 02:50:06 0 d-------- C:\Documents and Settings\Arturs\Application Data\Sun
2006-12-24 02:50:04 1289 --a------ C:\WINDOWS\mozver.dat
2006-12-03 13:21:12 69853 --a------ C:\WINDOWS\hpoins05.dat
2006-12-03 12:50:10 2560 --a------ C:\WINDOWS\system32\BitCometRes.dll<BITCOM~1.DLL><Unsigned: BitComet>
2006-12-03 00:49:10 0 --a------ C:\Documents and Settings\Arturs\Application Data\wklnhst.dat
2006-12-02 21:19:40 0 --a------ C:\WINDOWS\nsreg.dat
2006-12-02 20:59:02 14 --a------ C:\WINDOWS\system32\SR2.dat
2006-12-02 20:57:56 14 --a------ C:\WINDOWS\system32\SR.dat
2006-12-02 20:45:16 32 --ahs---- C:\WINDOWS\system32\{6AC0A21C-C727-4763-962F-07AA548FCE7C}.dat<{6AC0A~1.DAT>
2006-12-02 20:45:16 32 --ahs---- C:\WINDOWS\{C9238AEA-03C2-46FD-A496-898175543779}.dat<{C9238~1.DAT>
2006-12-02 20:44:54 32 --ahs---- C:\WINDOWS\system32\{1A85AE0D-DF14-494D-BBE0-099A4B6FC781}.dat<{1A85A~1.DAT>
2006-12-02 20:44:54 32 --ahs---- C:\WINDOWS\{E2069EB5-5F8B-4C6C-8442-2AADC226226E}.dat<{E2069~1.DAT>
2006-12-02 20:44:20 32 --ahs---- C:\WINDOWS\system32\{56F05F86-490A-4CC0-AB88-F83C37F72F17}.dat<{56F05~1.DAT>
2006-12-02 20:44:20 32 --ahs---- C:\WINDOWS\{12436DFD-F468-41D7-B716-AADC7475498F}.dat<{12436~1.DAT>
2006-12-02 20:42:58 32 --ahs---- C:\WINDOWS\system32\{A7D070C0-1EF7-4A62-8040-B12B7ACBF879}.dat<{A7D07~1.DAT>
2006-12-02 20:42:58 32 --ahs---- C:\WINDOWS\system32\{381EBD4A-E57C-40BE-94EA-3817112BC6EB}.dat<{381EB~1.DAT>
2006-12-02 20:42:58 32 --ahs---- C:\WINDOWS\system32\{326DD8DC-D20F-4918-AD3D-60EC57B31691}.dat<{326DD~1.DAT>
2006-12-02 20:42:58 32 --ahs---- C:\WINDOWS\{A057B1F2-347B-40AE-9C18-1E1D74460D5A}.dat<{A057B~1.DAT>
2006-12-02 20:42:58 32 --ahs---- C:\WINDOWS\{8EC54F9C-A83C-4B11-BE0A-6582FF93E5A1}.dat<{8EC54~1.DAT>
2006-12-02 20:42:58 32 --ahs---- C:\WINDOWS\{73641B44-63C5-4494-98B9-FC1EF0660B3B}.dat<{73641~1.DAT>
2006-12-02 20:41:58 32 --ahs---- C:\WINDOWS\system32\{9887848A-CEB2-4092-8BF3-9D0C0D9D078C}.dat<{98878~1.DAT>
2006-12-02 20:41:58 32 --ahs---- C:\WINDOWS\{CD3FE673-FEF7-43AE-A4E7-0C203B67A11B}.dat<{CD3FE~1.DAT>


-- Registry Dump ----------------------------------------------------------------


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"DW4"="\"C:\\Program Files\\The Weather Channel FW\\Desktop Weather\\DesktopWeather.exe\""
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"Nektra OEAPI"="\"C:\\Program Files\\Mailinfo\\Mailinfo for Outlook Express\\oe_mailinfo.exe\""
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Program Files\\Common Files\\Ahead\\Lib\\NMBgMonitor.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"HControl"="C:\\WINDOWS\\ATK0100\\HControl.exe"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"SoundMan"="SOUNDMAN.EXE"
"ASUS Live Update"="C:\\Program Files\\ASUS\\ASUS Live Update\\ALU.exe"
"Wireless Console 2"="C:\\Program Files\\Wireless Console 2\\wcourier.exe"
"SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
"Control Center"="C:\\Program Files\\ASUS\\WLAN Card Utilities\\Center.exe"
"Zshutdown"="c:\\sysprep\\patch\\sysprep.cmd"
"RemoteControl"="\"C:\\Program Files\\ASUSTeK\\ASUSDVD\\PDVDServ.exe\""
"Power_Gear"="C:\\Program Files\\ASUS\\Power4 Gear\\BatteryLife.exe 1"
"ccApp"="C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe"
"ccRegVfy"="C:\\Program Files\\Common Files\\Symantec Shared\\ccRegVfy.exe"
"Symantec NetDriver Monitor"="C:\\PROGRA~1\\SYMNET~1\\SNDMon.exe /Consumer"
"iamapp"="C:\\PROGRA~1\\SYMANT~1\\SYMANT~1\\IAMAPP.EXE"
"HP Software Update"="\"C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe\""
"mdiction"="C:\\PROGRA~1\\TILDES~1\\MDICTION.EXE"
"Pianists"="C:\\PROGRA~1\\TILDES~1\\Pianists.exe"
"CheckCU"="\"C:\\PROGRA~1\\TILDES~1\\CheckCU.exe\" {36E408F0-DF8A-4F9B-BF26-AED92C789F5D} Tildes Birojs 2005"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"PWRISOVM.EXE"="C:\\Program Files\\PowerISO\\PWRISOVM.EXE"
"NeroFilterCheck"="C:\\Program Files\\Common Files\\Ahead\\Lib\\NeroCheck.exe"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0\\bin\\jusched.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
"{CCA06A24-0320-1062-0508-060220060173}"="\"C:\\Program Files\\Common Files\\{CCA06A24-0320-1062-0508-060220060173}\\Update.exe\" mc-110-12-0000272"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0



-- End of ComboScan: finished at 2007-02-20 at 19:47:06 -------------------------

Hi,Head Hunter

Hmm i don't see much here other then this item here

The steps that I am about to suggest involve modifying the registry. Modifying the registry can be dangerous so we will make a backup of the registry first.

Backup the Registry:

Navigate to Start | Run and paste the following:

regedit /e c:\registrybackup.reg

Now click OK
It won't appear to be doing anything, that's normal.
Your mouse pointer may turn to an hour glass for a minute.
Please continue when it no longer has the hour glass.

-----------------

Open Notepad and copy and paste the following quotebox into a new text document. (Don't forget to copy and paste REGEDIT4!)
( Do not copy the word quote)



Save this as fix.reg Choose to save as *all files and place it on your Desktop.
It should look like this:Click to view attachment
Double-click on it and when it asks you if you want to merge the contents to the registry, click Yes/OK.

----------------

Please make sure to do a reboot or Regfix will not work then do this online scan for me
show me the report.txt. let's see what if anything will show up for us.

Please run a free online scan with Kaspersky AntiVirus (works only with MS Internet Explorer 5.0 or higher).
Go to http://www.kaspersky.com/virusscanner and click the "Kaspersky Online Scanner" button (NOT "Kaspersky File Scanner").

• In the new window that opens, click the "Accept" button to accept the user agreement, install the ActiveX control, and download the program.
• When you get the Windows dialog asking if you want to install this software, click the "Install" button.
• When the "Update progress" line changes to "Ready" and the "NEXT ->" button lights up with a green arrow, click it.
• Click on the "Scan Settings" button, and in the next window select the "extended" database, and click Ok.
• Under "Please select a target to scan:", click My Computer to start the scan.

When the scan is finished, click the "Save as Text" button, and save the file as kavscan.txt to your Desktop, close the Kaspersky On-line Scanner window, and post the text in kavscan.txt in your next reply.


Gogo

Tell me about your norton installation. What year is it from? What is the date on your virus definitions? Is norton expired?

Hi, Ai_Tak!

Well, my Norton is from 2003 . Managed to renew the subscription all the time. The date on virus definitions is February 14.
I was not overly satisfied with the selected choice of using the same Norton for these years and moreover, the program has recently stopped to do Auto-protect and update definitions. Therefore, I was in the process of switching the anti-virus software to most probably Avast that was suggested by both my friend and HJThis.

Head Hunter

Norton 2003 has been obsolete for a number of years now, I'm surprised you could have renewed it at all this year and last year.

I'm not a big fan of avast really. The norton antivirus 2007 is pretty good.

Hi, HJThis!

Well, what I can say...as long as I don't surf the web everything is ok.
Therefore, I could not complete Kaspersky virus scan even though I worked through Internet Explorer. It began scanning; however, the scanning froze at about 1000 files being scanned. That's all. Then I had to end the process.
That indeed begins to look kinda weird.

Head Hunter

Hi,Head Hunter

Sorry to hear it my man now are we stell getting the popup

Gogo

The good news are that, owing to your efforts, the pop-up has gone.
And you already know the bad news regarding the Firefox and IE...

Hey,Head Hunter

I have something for you it's not to say this will fix the problme but who can say for sure
go on give it a run tell me what if anything comes of it i pray it works for you.


Please download System Repair Engineer by Smallfrogs and save it to your desktop:

*Right-click sreng2.zip, select Extract All, and extract it to its own folder.
*Double-click SREng.exe to run it.
*Select Smart Scan and check (tick) Verify the digital signatures of process modules.
*Click on the Scan button.

Click to view attachment

When the scan is complete, click on the Save Reports button and save the log to your desktop.
Please attach the log in your next reply. Don’t post it.

Note : You would have to rename SREngLog.log to SREngLog.txt before attaching it.

A word of warning this is for this user here it is not to be used as a fix all. use it something goes way wrong
don't come back saying i don't know what happen.

Gogo

Hi, HJThis!

I have to save a big thank you for all the efforts so far.

Hopefully this tool give the right direction!

Head Hunter

Hey,Head Hunter

Hmm do this for me please


Go to next site:
http://www.virustotal.com/en/indexx.html
On top you'll find 'Browse'
Click the browse button and browse to next file:

C:\sysprep\patch\sysprep.cmd

Click open.
Then click the 'Send' button next to it.
This will scan the file. Please be patient.
Once scanned, copy and paste the results as well in your next reply.


Gogo

Hey, again!

You know what's interesting, is that I don't have such a directory/path on my computer.

Hi,Head Hunter

Odd well not sure if this will help but let's go after it like this


Download The Avenger Copyright © Swandog46
You must extract avenger.exe to your desktop, before you run it.

CLOSE ALL WINDOWS (even this one) AND PROGRAMS!!!!


Copy all the text contained in the code box below to your Clipboard.
NOTE: don't copy the word quote



The above script is for this user only, if you need help please start your own thread.

Start the Avenger.
Under "Script file to execute" choose "Input Script Manually".
Click on the Magnifying Glass icon which will open a new window titled "View/edit script".
Paste the entire text in into this window.
Click done, now click on the Green Light
Answer "Yes" twice when prompted.
Your computer shoud reboot, and briefly open a black command window on your desktop, this is normal.

After the restart, it will create a log file that should open.
This log file will be located at C:\avenger.txt

Paste the contents of C:\avenger.txt into your reply along with a fresh HijackThis! log.

Also: Avenger has made backups of all the files, etc., that you asked it to delete, located at C:\avenger\backup.zip.

Gogo

Ok, here go the logs.

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\scxwqrei

*******************

Script file located at: \??\C:\WINDOWS\ichlxudx.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:



Could not open file C:\sysprep\patch\sysprep.cmd for deletion
Deletion of file C:\sysprep\patch\sysprep.cmd failed!

Could not process line:
C:\sysprep\patch\sysprep.cmd
Status: 0xc000003a


Completed script processing.

*******************

Finished! Terminate.

-------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 19:38:38, on 2007.02.24.
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ASWLSVC.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ATK0100\HControl.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Program Files\Wireless Console 2\wcourier.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ASUS\WLAN Card Utilities\Center.exe
C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe
C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\TILDES~1\MDICTION.EXE
C:\PROGRA~1\TILDES~1\Pianists.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Asus\Asus ChkMail\ChkMail.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 129.24.17.69:3128
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O3 - Toolbar: Tildes Birojs - {1E6700F0-0F85-40fd-8022-7EB60AB46F10} - C:\Program Files\Tildes Birojs 2005\IEjosla.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ASUS Live Update] C:\Program Files\ASUS\ASUS Live Update\ALU.exe
O4 - HKLM\..\Run: [Wireless Console 2] C:\Program Files\Wireless Console 2\wcourier.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Control Center] C:\Program Files\ASUS\WLAN Card Utilities\Center.exe
O4 - HKLM\..\Run: [Zshutdown] c:\sysprep\patch\sysprep.cmd
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [mdiction] C:\PROGRA~1\TILDES~1\MDICTION.EXE
O4 - HKLM\..\Run: [Pianists] C:\PROGRA~1\TILDES~1\Pianists.exe
O4 - HKLM\..\Run: [CheckCU] "C:\PROGRA~1\TILDES~1\CheckCU.exe" {36E408F0-DF8A-4F9B-BF26-AED92C789F5D} Tildes Birojs 2005
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - Global Startup: ASUS ChkMail.lnk = C:\Program Files\Asus\Asus ChkMail\ChkMail.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O8 - Extra context menu item: &Translate with Tilde Computer Dictionary - res://C:\Program Files\Tildes Birojs 2005\TDVLauncher.DLL /201
O8 - Extra context menu item: &Tulkot ar Tildes Datorvārdnīcu - res://C:\Program Files\Tildes Birojs 2005\TDVLauncher.DLL /201
O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: iFinger - {936E5D60-596C-11D3-BB96-00600816DF55} - C:\WINDOWS\system32\SHDOCVW.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: ASWLSVC - Unknown owner - C:\WINDOWS\system32\ASWLSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

Hi,Head Hunter

By chance did you happen to add the word quote if so it may not work.???
could you please try it once more and make sure not to add the word quote.

Gogo

Nope I did not copy the word quote, though I did run Avenger once again and the result is the same.

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\xmfyjhba

*******************

Script file located at: \??\C:\konvisqx.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:



Could not open file C:\sysprep\patch\sysprep.cmd for deletion
Deletion of file C:\sysprep\patch\sysprep.cmd failed!

Could not process line:
C:\sysprep\patch\sysprep.cmd
Status: 0xc000003a


Completed script processing.

*******************

Finished! Terminate.

Hi,Head Hunter

Well not to sure what's up there


Please download the OTMoveIt by OldTimer.

• Save it to your desktop.
• Please double-click OTMoveIt.exe to run it.
• Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):
  
  c:\sysprep\patch\sysprep.cmd
  
  
• Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.
• Click the red Moveit! button.
• Copy everything on the Results window to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it on your next reply.
• Close OTMoveIt

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


Gogo

Well, I guess a hat tip has to go to Ai_Tak
After thinking over the Norton stuff, I thought I would run Sys Internals that Microsoft offers on its site to actually see which processes are working while my CPU is at 100%.
I found out that some Norton utilities as well as Norton Firewall, I was using, are working pretty intensely. Therefore, I decided to get rid of them since they indeed were outdated by any means. Voile, it indeed speeded up the process.
Everything solved...not quite.
While everything is working smoothly in IE, the firefox is still freezing from time to time although for a shorter period than before but enough to bug me out working in such the environment.
However, the IE readiness to respond allowed me to run online Kaspersky scan. Therefore, as suggested by you before I ran it and below is the log.

I will definitely post as well how OTMoveIt went for me.

Head Hunter

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Saturday, February 24, 2007 8:44:10 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 24/02/2007
Kaspersky Anti-Virus database records: 273130
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 54468
Number of viruses found: 3
Number of infected objects: 4 / 0
Number of suspicious objects: 0
Duration of the scan process: 00:22:33

Infected Object Name / Virus Name / Last Action
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{FD5D094C-BB78-4B7C-BF5B-FC6F4FA8403A}.bin Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Arturs\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Arturs\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Arturs\Local Settings\History\History.IE5\MSHist012007022420070225\index.dat Object is locked skipped
C:\Documents and Settings\Arturs\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Arturs\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Arturs\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Arturs\Local Settings\Application Data\Identities\{D4AFDB99-8AF7-4ABD-AE6F-335D1750D862}\Microsoft\Outlook Express\Folders.dbx Object is locked skipped
C:\Documents and Settings\Arturs\Local Settings\Application Data\Identities\{D4AFDB99-8AF7-4ABD-AE6F-335D1750D862}\Microsoft\Outlook Express\Offline.dbx Object is locked skipped
C:\Documents and Settings\Arturs\Local Settings\Application Data\Ahead\Nero Home\bl.db Object is locked skipped
C:\Documents and Settings\Arturs\Local Settings\Application Data\Ahead\Nero Home\is2.db Object is locked skipped
C:\Documents and Settings\Arturs\Desktop\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Arturs\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Arturs\UserData\index.dat Object is locked skipped
C:\Documents and Settings\Arturs\ntuser.dat Object is locked skipped
C:\System Volume Information\_restore{E8FF5576-58A5-4948-8DDF-0E60CB023536}\RP10\A0006516.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.ha skipped
C:\System Volume Information\_restore{E8FF5576-58A5-4948-8DDF-0E60CB023536}\RP12\change.log Object is locked skipped
C:\avenger\backup-2007.02.24.-19.27.59,75.zip/avenger/winjrs32.dll Infected: Trojan.Win32.Agent.vg skipped
C:\avenger\backup-2007.02.24.-19.27.59,75.zip ZIP: infected - 1 skipped

Scan process completed.

I've just run the OTMoveIt and here what it has to say:

File/Folder c:\sysprep\patch\sysprep.cmd not found.

Created on 02.24.2007 21:06:53

Weird?

Hi,Head Hunter

This is great news as for what was found no big thing they are backups
and a restore point.



Now make sure the first thing you do is run and get an Anti-Virus scanner
and clean out the Temp files and cookies from Firefox or do a reinstall of FF

Gogo

Dunno what to say...
Deleted the cookies, temp files and reinstalled FireFox, but still after every 10-20 seconds the CPU usage jumps up to 100% and freezes browsing and even post writing.

Head Hunter

Hey,Head Hunter

Man i feel bad about this i was so happy you got it fixed
well off to try and find more info.

Gogo

Hey, HJThis!

Wanted to share the solution I found that reanimated the Firefox
Well, after searching for a while, I ran into this explanation:

"Here's a solution that worked for me. Look in the C:\Documents and Settings\%user%\Application Data\Mozilla\Firefox\Profiles\default.eu5 folder (the last folder may have a different name, like xxxxxxxx.default). Delete all the sessionstore.js files. My Firefox ran fine for months, and then got so slow as to be unusable. The text wouldn't keep up with typing, scrolling wouldn't keep up. The processor was going to 100% due to firefox when this happened. I found 10000 sessionstore.js files in the folder. When I deleted these files, and the cookies, Firefox was back to normal. "

As one of the users explained, the sessionstore.js file became read-only and began creating a new one on each new Firefox session. When I opened my folder, there were about 5000 sessionstore files. Of course, after deleting all of them, ta da - the Firefox was back to normal.

In addition, I want to once again thank you for your efforts and patience that lead me through the curing process as well as for helpful hints at how to make my computer a safer and stronger environment to work in.

Thanks!

Head Hunter

Hey,Head Hunter

This is great news and thank you for posting this info for all to see
it may help someone having the same problme. now if it's Cool with
you I will close this Topic.

Since this issue appears resolved ... this topic is closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a new topic.

Best of luck

Gogo