Got this today and currently scanning with Avast. Hopefully it will work but I want to be proactive. I first noticed it when my desktop wallpaper changed to a blue screen with "Warning: Spyware Threat Detected On Your Computer". When I start Firefox the browser opens with the following advertising several different Spyware products such as Spy Aware and Perfect Cleaner. I also get warning balloons from the task bar.



Logfile of HijackThis v1.99.1
Scan saved at 9:31:33 PM, on 3/21/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
C:\Program Files\Picasa\Picasa2\PicasaMediaDetector.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\WINDOWS\AGRSMMSG.exe
c:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hphmon06.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\msdtc_32.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Eggflesh
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa\Picasa2\PicasaMediaDetector
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [2chkdsk] rundll32.exe "C:\WINDOWS\system32\dkbiucft.dll",setvm
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Uniblue Registry Booster] C:\Program Files\Uniblue\Registry Booster\RegistryBooster.exe /S
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.yahoo.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1172177594203
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1172178336640
O16 - DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} (Quantum Streaming IE Player Class) - http://mvnet.xlontech.net/qm/abc/06071909/qsp2ie06071909.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h cltCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

It seems that Ad-Aware SE took care of the problem. I thought I'd put an updated HiJackThis log up in here. If anyone spies anything strange, please tell me and advise. As always, the folks in here who offer assistance are the best!!!

It seems that Ad-Aware SE took care of the problem. I thought I'd put an updated HiJackThis log up in here. If anyone spies anything strange, please tell me and advise. As always, the folks in here who offer assistance are the best!!!

Logfile of HijackThis v1.99.1
Scan saved at 8:32:30 AM, on 3/22/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Picasa\Picasa2\PicasaMediaDetector.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\WINDOWS\AGRSMMSG.exe
c:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hphmon06.exe
C:\Documents and Settings\HP_Administrator\Desktop\utorrent.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Eggflesh
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa\Picasa2\PicasaMediaDetector
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [2chkdsk] rundll32.exe "C:\WINDOWS\system32\dkbiucft.dll",setvm
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.yahoo.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1172177594203
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1172178336640
O16 - DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} (Quantum Streaming IE Player Class) - http://mvnet.xlontech.net/qm/abc/06071909/qsp2ie06071909.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h cltCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

Hello,eggflesh & Welcome

Please tell me if you stell need help with this problme, if so may I have a look at a new logfile.

@ princess06

Please do not post in someone else's Topic start your own
I will now delete your post.

And to both of you use the Add Reply button not the Reply one.

Gogo

Ooops. Sorry for using the Reply button instead of the Add Reply.

I'm still having the same problem although not as severe. A new Firefox browser window will start involuntarily with the Winantivirus page. Occassionally IE7 browser will appear in the bottom bar but the actual browser window won't appear. I don't get the warning balloons anymore.

Here's the latest Logfile:

Logfile of HijackThis v1.99.1
Scan saved at 10:10:59 PM, on 3/23/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
C:\Program Files\Picasa\Picasa2\PicasaMediaDetector.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\WINDOWS\AGRSMMSG.exe
c:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hphmon06.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Documents and Settings\HP_Administrator\Desktop\utorrent.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Eggflesh
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa\Picasa2\PicasaMediaDetector
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SoundService] rundll32.exe "C:\WINDOWS\system32\lwmxdhxp.dll",setvm
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.yahoo.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1172177594203
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1172178336640
O16 - DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} (Quantum Streaming IE Player Class) - http://mvnet.xlontech.net/qm/abc/06071909/qsp2ie06071909.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h cltCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

Thanks so much for your help!

Hey,eggflesh

Download SmitfraudFix (by S!Ri) to your Desktop.
http://siri.urz.free.fr/Fix/SmitfraudFix.zip Extract all the files to your Destop. A folder named SmitfraudFix will be created on your Desktop.
( Do not run just YET )

----------------

Restart your computer in Safe Mode.

1. If the computer is running, shut down Windows, and then turn off the power.
2. Wait 30 seconds, and then turn the computer on.
3. Start tapping the F8 key. The Windows Advanced Options Menu will appear. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
4. Ensure that the Safe Mode option is selected.
5. Press Enter. The computer then begins to start in Safe Mode.
6. Login on your usual account.

If you need further assistance with Safe Mode, see Symantec

-----------------


Please print out or copy these instructions to Notepad as the internet will not be available to you at certain points of the removal process (whilst in Safe Mode). If there's anything that you don't understand, ask your question(s) before moving on with the fix.

Open the SmitfraudFix Folder, then double-click smitfraudfix.cmd file to start the tool.
Select option #2 - Clean by typing 2 and press Enter.
Wait for the tool to complete and disk cleanup to finish.
You will be prompted : "Registry cleaning - Do you want to clean the registry ?" answer Yes by typing Y and hit Enter.
The tool will also check if wininet.dll is infected. If a clean version is found, you will be prompted to replace wininet.dll. Answer Yes to the question "Replace infected file ?" by typing Y and hit Enter.

A reboot may be needed to finish the cleaning process, if you computer does not restart automatically please do it yourself manually.

When back in Normal Mode, click Start>Settings>Control Panel>Display>Desktop>Customize Desktop>Web and uncheck "Security Info" if present.

Please post the newrapport.txt log along with a new HijackThis Log in your next reply.

-----------------

After reboot run this tool for me

Please download VundoFix.exe to your C:\.
Double-click VundoFix.exe to run it.
Click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will shutdown your computer, click OK.
Turn your computer back on.

Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.

----------------

Then come back here with all logfiles.

Gogo

I've followed all instructions. I didn't get a Rapport.txt log at any time during this task. Not sure why. Here's the HiJackThis log.
THANKS AGAIN!

___________________________________________________________________

Logfile of HijackThis v1.99.1
Scan saved at 5:53:19 PM, on 3/24/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Picasa\Picasa2\PicasaMediaDetector.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\WINDOWS\AGRSMMSG.exe
c:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hphmon06.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Eggflesh
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: (no name) - {00000026-8735-428D-B81F-DD098223B25F} - (no file)
O2 - BHO: (no name) - {00000250-0320-4dd4-be4f-7566d2314352} - (no file)
O2 - BHO: (no name) - {000006b1-19b5-414a-849f-2a3c64ae6939} - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {06dfedaa-6196-11d5-bfc8-00508b4a487d} - (no file)
O2 - BHO: (no name) - {13197ace-6851-45c3-a7ff-c281324d5489} - (no file)
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: (no name) - {30000273-8230-4dd4-be4f-6889d1e74167} - (no file)
O2 - BHO: (no name) - {4e1075f4-eec4-4a86-add7-cd5f52858c31} - (no file)
O2 - BHO: (no name) - {4e7bd74f-2b8d-469e-92c6-ce7eb590a94d} - (no file)
O2 - BHO: (no name) - {53C330D6-A4AB-419B-B45D-FD4411C1FEF4} - (no file)
O2 - BHO: (no name) - {5929cd6e-2062-44a4-b2c5-2c7e78fbab38} - (no file)
O2 - BHO: (no name) - {5dafd089-24b1-4c5e-bd42-8ca72550717b} - (no file)
O2 - BHO: (no name) - {5fa6752a-c4a0-4222-88c2-928ae5ab4966} - (no file)
O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {800A0C44-E788-419C-B8B5-1B4964C56785} - C:\WINDOWS\system32\byxutqn.dll
O2 - BHO: (no name) - {83E89E66-0A1F-489D-BA8D-409A0C2A2C4D} - C:\WINDOWS\system32\pmnlk.dll (file missing)
O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file)
O2 - BHO: (no name) - {965a592f-8efa-4250-8630-7960230792f1} - (no file)
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)
O2 - BHO: (no name) - {bb936323-19fa-4521-ba29-eca6a121bc78} - (no file)
O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file)
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765728274} - (no file)
O2 - BHO: (no name) - {fc3a74e5-f281-4f10-ae1e-733078684f3c} - (no file)
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa\Picasa2\PicasaMediaDetector
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SoundService] rundll32.exe "C:\WINDOWS\system32\lwmxdhxp.dll",setvm
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.yahoo.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1172177594203
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1172178336640
O16 - DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} (Quantum Streaming IE Player Class) - http://mvnet.xlontech.net/qm/abc/06071909/qsp2ie06071909.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: byxutqn - C:\WINDOWS\SYSTEM32\byxutqn.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h cltCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

Hi,eggflesh

First Hijackthis needs to be in it's own folder
Create a folder on the C: drive called C:\HJT.
You can do this by going to My Computer (Windows key+e) then double click on C:
then right click and select New then Folder and name it HJT. then move Hijackthis.exe to that folder

--------------

Run HijackThis
Scan and when it finishes, put a check mark only next to these following items : (if present)

O2 - BHO: (no name) - {00000026-8735-428D-B81F-DD098223B25F} - (no file)

O2 - BHO: (no name) - {00000250-0320-4dd4-be4f-7566d2314352} - (no file)

O2 - BHO: (no name) - {000006b1-19b5-414a-849f-2a3c64ae6939} - (no file)
O2 - BHO: (no name) - {06dfedaa-6196-11d5-bfc8-00508b4a487d} - (no file)

O2 - BHO: (no name) - {13197ace-6851-45c3-a7ff-c281324d5489} - (no file)
O2 - BHO: (no name) - {30000273-8230-4dd4-be4f-6889d1e74167} - (no file)

O2 - BHO: (no name) - {4e1075f4-eec4-4a86-add7-cd5f52858c31} - (no file)

O2 - BHO: (no name) - {4e7bd74f-2b8d-469e-92c6-ce7eb590a94d} - (no file)

O2 - BHO: (no name) - {53C330D6-A4AB-419B-B45D-FD4411C1FEF4} - (no file)

O2 - BHO: (no name) - {5929cd6e-2062-44a4-b2c5-2c7e78fbab38} - (no file)

O2 - BHO: (no name) - {5dafd089-24b1-4c5e-bd42-8ca72550717b} - (no file)

O2 - BHO: (no name) - {5fa6752a-c4a0-4222-88c2-928ae5ab4966} - (no file)

O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)
O2 - BHO: (no name) - {800A0C44-E788-419C-B8B5-1B4964C56785} - C:\WINDOWS\system32\byxutqn.dll
O2 - BHO: (no name) - {83E89E66-0A1F-489D-BA8D-409A0C2A2C4D} - C:\WINDOWS\system32\pmnlk.dll (file missing)

O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file)

O2 - BHO: (no name) - {965a592f-8efa-4250-8630-7960230792f1} - (no file)
O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)

O2 - BHO: (no name) - {bb936323-19fa-4521-ba29-eca6a121bc78} - (no file)

O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file)

O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765728274} - (no file)

O2 - BHO: (no name) - {fc3a74e5-f281-4f10-ae1e-733078684f3c} - (no file)

O20 - Winlogon Notify: byxutqn - C:\WINDOWS\SYSTEM32\byxutqn.dll

Close all browsers and any open Windows, making sure that only HijackThis is open
Click Fix Checked
Close HijackThis

---------------

Please download VirtumondoBegone to your desktop. This needs to be run in Safemode

--------------

Restart your computer in Safe Mode.

1. If the computer is running, shut down Windows, and then turn off the power.
2. Wait 30 seconds, and then turn the computer on.
3. Start tapping the F8 key. The Windows Advanced Options Menu will appear. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
4. Ensure that the Safe Mode option is selected.
5. Press Enter. The computer then begins to start in Safe Mode.
6. Login on your usual account.

If you need further assistance with Safe Mode, see Symantec

--------------

Doubleclick on VirtumundoBeGone.exe and follow the instructions.

Do not worry if you see a BLUE SCREEN "Fatal Error" Message, it is normal and expected.

When it has finished, reboot and post the log that is created on your desktop called VBG.TXT in your next reply.

---------------

* Clean your Cache and Cookies in IE:

• Close all instances of Outlook Express and Internet Explorer
• Go to Control Panel > Internet Options > General tab
• Click the "Delete Cookies" button
• Next to it, Click the "Delete Files" button
• When prompted, place a check in: "Delete all offline content", click OK

* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):

• Go to Tools > Options.
• Click Privacy in the menu on the left side of the Options window.
• Click the Clear button located to the right of each option (History, Cookies, Cache).
• Click OK to close the Options window
  Alternatively, you can clear all information stored while browsing by clicking Clear All.
  A confirmation dialog box will be shown before clearing the information.

* Clean other Temporary files + Recycle bin

• Go to start > run and type: cleanmgr and click ok.
• Let it scan your system for files to remove.
• Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.
• Press OK to remove them.

---------------

Do a reboot show me one more HijackThis logfile and may I have some feedback here is the PC doing any better.

Gogo

[03/24/2007, 19:50:44] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\HP_Administrator\Desktop\VirtumundoBeGone.exe" )
[03/24/2007, 19:50:51] - Detected System Information:
[03/24/2007, 19:50:51] - Windows Version: 5.1.2600, Service Pack 2
[03/24/2007, 19:50:51] - Current Username: HP_Administrator (Admin)
[03/24/2007, 19:50:51] - Windows is in SAFE mode with Networking.
[03/24/2007, 19:50:51] - Searching for Browser Helper Objects:
[03/24/2007, 19:50:51] - BHO 1: {00000026-8735-428D-B81F-DD098223B25F} ()
[03/24/2007, 19:50:51] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/24/2007, 19:50:51] - No filename found. Continuing.
[03/24/2007, 19:50:51] - BHO 2: {00000250-0320-4dd4-be4f-7566d2314352} ()
[03/24/2007, 19:50:51] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/24/2007, 19:50:51] - No filename found. Continuing.
[03/24/2007, 19:50:51] - BHO 3: {000006b1-19b5-414a-849f-2a3c64ae6939} ()
[03/24/2007, 19:50:51] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/24/2007, 19:50:52] - No filename found. Continuing.
[03/24/2007, 19:50:52] - BHO 4: {02478D38-C3F9-4EFB-9B51-7695ECA05670} (Yahoo! Toolbar Helper)
[03/24/2007, 19:50:52] - BHO 5: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[03/24/2007, 19:50:52] - BHO 6: {06dfedaa-6196-11d5-bfc8-00508b4a487d} ()
[03/24/2007, 19:50:52] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/24/2007, 19:50:52] - No filename found. Continuing.
[03/24/2007, 19:50:52] - BHO 7: {13197ace-6851-45c3-a7ff-c281324d5489} ()
[03/24/2007, 19:50:52] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/24/2007, 19:50:52] - No filename found. Continuing.
[03/24/2007, 19:50:52] - BHO 8: {1E8A6170-7264-4D0F-BEAE-D42A53123C75} ()
[03/24/2007, 19:50:52] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/24/2007, 19:50:52] - Checking for HKLM\...\Winlogon\Notify\NppBho
[03/24/2007, 19:50:52] - Key not found: HKLM\...\Winlogon\Notify\NppBho, continuing.
[03/24/2007, 19:50:52] - BHO 9: {30000273-8230-4dd4-be4f-6889d1e74167} ()
[03/24/2007, 19:50:52] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/24/2007, 19:50:52] - No filename found. Continuing.
[03/24/2007, 19:50:52] - BHO 10: {4e1075f4-eec4-4a86-add7-cd5f52858c31} ()
[03/24/2007, 19:50:52] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/24/2007, 19:50:52] - No filename found. Continuing.
[03/24/2007, 19:50:52] - BHO 11: {4e7bd74f-2b8d-469e-92c6-ce7eb590a94d} ()
[03/24/2007, 19:50:52] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/24/2007, 19:50:52] - No filename found. Continuing.
[03/24/2007, 19:50:52] - BHO 12: {53C330D6-A4AB-419B-B45D-FD4411C1FEF4} ()
[03/24/2007, 19:50:52] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/24/2007, 19:50:52] - No filename found. Continuing.
[03/24/2007, 19:50:52] - BHO 13: {5929cd6e-2062-44a4-b2c5-2c7e78fbab38} ()
[03/24/2007, 19:50:52] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/24/2007, 19:50:52] - No filename found. Continuing.
[03/24/2007, 19:50:52] - BHO 14: {5dafd089-24b1-4c5e-bd42-8ca72550717b} ()
[03/24/2007, 19:50:52] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/24/2007, 19:50:52] - No filename found. Continuing.
[03/24/2007, 19:50:52] - BHO 15: {5fa6752a-c4a0-4222-88c2-928ae5ab4966} ()
[03/24/2007, 19:50:52] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/24/2007, 19:50:52] - No filename found. Continuing.
[03/24/2007, 19:50:52] - BHO 16: {669695bc-a811-4a9d-8cdf-ba8c795f261e} ()
[03/24/2007, 19:50:52] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/24/2007, 19:50:52] - No filename found. Continuing.
[03/24/2007, 19:50:52] - BHO 17: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[03/24/2007, 19:50:52] - BHO 18: {800A0C44-E788-419C-B8B5-1B4964C56785} ()
[03/24/2007, 19:50:52] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/24/2007, 19:50:52] - Checking for HKLM\...\Winlogon\Notify\byxutqn
[03/24/2007, 19:50:52] - Found: HKLM\...\Winlogon\Notify\byxutqn - This is probably Virtumundo.
[03/24/2007, 19:50:52] - Assigning {800A0C44-E788-419C-B8B5-1B4964C56785} MSEvents Object
[03/24/2007, 19:50:52] - BHO list has been changed! Starting over...
[03/24/2007, 19:50:52] - BHO 1: {00000026-8735-428D-B81F-DD098223B25F} ()
[03/24/2007, 19:50:52] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/24/2007, 19:50:52] - No filename found. Continuing.
[03/24/2007, 19:50:52] - BHO 2: {00000250-0320-4dd4-be4f-7566d2314352} ()
[03/24/2007, 19:50:52] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/24/2007, 19:50:52] - No filename found. Continuing.
[03/24/2007, 19:50:52] - BHO 3: {000006b1-19b5-414a-849f-2a3c64ae6939} ()
[03/24/2007, 19:50:52] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/24/2007, 19:50:52] - No filename found. Continuing.
[03/24/2007, 19:50:52] - BHO 4: {02478D38-C3F9-4EFB-9B51-7695ECA05670} (Yahoo! Toolbar Helper)
[03/24/2007, 19:50:52] - BHO 5: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[03/24/2007, 19:50:52] - BHO 6: {06dfedaa-6196-11d5-bfc8-00508b4a487d} ()
[03/24/2007, 19:50:52] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/24/2007, 19:50:52] - No filename found. Continuing.
[03/24/2007, 19:50:52] - BHO 7: {13197ace-6851-45c3-a7ff-c281324d5489} ()
[03/24/2007, 19:50:52] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/24/2007, 19:50:52] - No filename found. Continuing.
[03/24/2007, 19:50:52] - BHO 8: {1E8A6170-7264-4D0F-BEAE-D42A53123C75} ()
[03/24/2007, 19:50:52] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/24/2007, 19:50:52] - Checking for HKLM\...\Winlogon\Notify\NppBho
[03/24/2007, 19:50:52] - Key not found: HKLM\...\Winlogon\Notify\NppBho, continuing.
[03/24/2007, 19:50:52] - BHO 9: {30000273-8230-4dd4-be4f-6889d1e74167} ()
[03/24/2007, 19:50:52] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/24/2007, 19:50:52] - No filename found. Continuing.
[03/24/2007, 19:50:52] - BHO 10: {4e1075f4-eec4-4a86-add7-cd5f52858c31} ()
[03/24/2007, 19:50:52] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/24/2007, 19:50:52] - No filename found. Continuing.
[03/24/2007, 19:50:52] - BHO 11: {4e7bd74f-2b8d-469e-92c6-ce7eb590a94d} ()
[03/24/2007, 19:50:52] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/24/2007, 19:50:52] - No filename found. Continuing.
[03/24/2007, 19:50:52] - BHO 12: {53C330D6-A4AB-419B-B45D-FD4411C1FEF4} ()
[03/24/2007, 19:50:52] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/24/2007, 19:50:52] - No filename found. Continuing.
[03/24/2007, 19:50:52] - BHO 13: {5929cd6e-2062-44a4-b2c5-2c7e78fbab38} ()
[03/24/2007, 19:50:52] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/24/2007, 19:50:52] - No filename found. Continuing.
[03/24/2007, 19:50:52] - BHO 14: {5dafd089-24b1-4c5e-bd42-8ca72550717b} ()
[03/24/2007, 19:50:52] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/24/2007, 19:50:52] - No filename found. Continuing.
[03/24/2007, 19:50:52] - BHO 15: {5fa6752a-c4a0-4222-88c2-928ae5ab4966} ()
[03/24/2007, 19:50:52] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/24/2007, 19:50:52] - No filename found. Continuing.
[03/24/2007, 19:50:52] - BHO 16: {669695bc-a811-4a9d-8cdf-ba8c795f261e} ()
[03/24/2007, 19:50:52] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/24/2007, 19:50:52] - No filename found. Continuing.
[03/24/2007, 19:50:52] - BHO 17: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[03/24/2007, 19:50:52] - BHO 18: {800A0C44-E788-419C-B8B5-1B4964C56785} (MSEvents Object)
[03/24/2007, 19:50:52] - ALERT: Found MSEvents Object!
[03/24/2007, 19:50:52] - BHO 19: {83E89E66-0A1F-489D-BA8D-409A0C2A2C4D} ()
[03/24/2007, 19:50:52] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/24/2007, 19:50:52] - Checking for HKLM\...\Winlogon\Notify\pmnlk
[03/24/2007, 19:50:52] - Key not found: HKLM\...\Winlogon\Notify\pmnlk, continuing.
[03/24/2007, 19:50:52] - BHO 20: {8674aea0-9d3d-11d9-99dc-00600f9a01f1} ()
[03/24/2007, 19:50:52] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/24/2007, 19:50:52] - No filename found. Continuing.
[03/24/2007, 19:50:52] - BHO 21: {965a592f-8efa-4250-8630-7960230792f1} ()
[03/24/2007, 19:50:52] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/24/2007, 19:50:52] - No filename found. Continuing.
[03/24/2007, 19:50:52] - BHO 22: {9ECB9560-04F9-4bbc-943D-298DDF1699E1} (CNisExtBho Class)
[03/24/2007, 19:50:52] - BHO 23: {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} ()
[03/24/2007, 19:50:52] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/24/2007, 19:50:52] - No filename found. Continuing.
[03/24/2007, 19:50:52] - BHO 24: {bb936323-19fa-4521-ba29-eca6a121bc78} ()
[03/24/2007, 19:50:52] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/24/2007, 19:50:52] - No filename found. Continuing.
[03/24/2007, 19:50:52] - BHO 25: {ca1d1b05-9c66-11d5-a009-000103c1e50b} ()
[03/24/2007, 19:50:52] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/24/2007, 19:50:52] - No filename found. Continuing.
[03/24/2007, 19:50:52] - BHO 26: {cf021f40-3e14-23a5-cba2-717765728274} ()
[03/24/2007, 19:50:52] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/24/2007, 19:50:52] - No filename found. Continuing.
[03/24/2007, 19:50:52] - BHO 27: {E6A88A07-38FA-4A15-90A5-479DFB6E8649} ()
[03/24/2007, 19:50:52] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/24/2007, 19:50:52] - Checking for HKLM\...\Winlogon\Notify\vtsqq
[03/24/2007, 19:50:52] - Found: HKLM\...\Winlogon\Notify\vtsqq - This is probably Virtumundo.
[03/24/2007, 19:50:52] - Assigning {E6A88A07-38FA-4A15-90A5-479DFB6E8649} MSEvents Object
[03/24/2007, 19:50:53] - BHO list has been changed! Starting over...
[03/24/2007, 19:50:53] - BHO 1: {00000026-8735-428D-B81F-DD098223B25F} ()
[03/24/2007, 19:50:53] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/24/2007, 19:50:53] - No filename found. Continuing.
[03/24/2007, 19:50:53] - BHO 2: {00000250-0320-4dd4-be4f-7566d2314352} ()
[03/24/2007, 19:50:53] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/24/2007, 19:50:53] - No filename found. Continuing.
[03/24/2007, 19:50:53] - BHO 3: {000006b1-19b5-414a-849f-2a3c64ae6939} ()
[03/24/2007, 19:50:53] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/24/2007, 19:50:53] - No filename found. Continuing.
[03/24/2007, 19:50:53] - BHO 4: {02478D38-C3F9-4EFB-9B51-7695ECA05670} (Yahoo! Toolbar Helper)
[03/24/2007, 19:50:53] - BHO 5: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[03/24/2007, 19:50:53] - BHO 6: {06dfedaa-6196-11d5-bfc8-00508b4a487d} ()
[03/24/2007, 19:50:53] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/24/2007, 19:50:53] - No filename found. Continuing.
[03/24/2007, 19:50:53] - BHO 7: {13197ace-6851-45c3-a7ff-c281324d5489} ()
[03/24/2007, 19:50:53] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/24/2007, 19:50:53] - No filename found. Continuing.
[03/24/2007, 19:50:53] - BHO 8: {1E8A6170-7264-4D0F-BEAE-D42A53123C75} ()
[03/24/2007, 19:50:53] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/24/2007, 19:50:53] - Checking for HKLM\...\Winlogon\Notify\NppBho
[03/24/2007, 19:50:53] - Key not found: HKLM\...\Winlogon\Notify\NppBho, continuing.
[03/24/2007, 19:50:53] - BHO 9: {30000273-8230-4dd4-be4f-6889d1e74167} ()
[03/24/2007, 19:50:53] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/24/2007, 19:50:53] - No filename found. Continuing.
[03/24/2007, 19:50:53] - BHO 10: {4e1075f4-eec4-4a86-add7-cd5f52858c31} ()
[03/24/2007, 19:50:53] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/24/2007, 19:50:53] - No filename found. Continuing.
[03/24/2007, 19:50:53] - BHO 11: {4e7bd74f-2b8d-469e-92c6-ce7eb590a94d} ()
[03/24/2007, 19:50:53] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/24/2007, 19:50:53] - No filename found. Continuing.
[03/24/2007, 19:50:53] - BHO 12: {53C330D6-A4AB-419B-B45D-FD4411C1FEF4} ()
[03/24/2007, 19:50:53] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/24/2007, 19:50:53] - No filename found. Continuing.
[03/24/2007, 19:50:53] - BHO 13: {5929cd6e-2062-44a4-b2c5-2c7e78fbab38} ()
[03/24/2007, 19:50:53] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/24/2007, 19:50:53] - No filename found. Continuing.
[03/24/2007, 19:50:53] - BHO 14: {5dafd089-24b1-4c5e-bd42-8ca72550717b} ()
[03/24/2007, 19:50:53] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/24/2007, 19:50:53] - No filename found. Continuing.
[03/24/2007, 19:50:53] - BHO 15: {5fa6752a-c4a0-4222-88c2-928ae5ab4966} ()
[03/24/2007, 19:50:53] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/24/2007, 19:50:53] - No filename found. Continuing.
[03/24/2007, 19:50:53] - BHO 16: {669695bc-a811-4a9d-8cdf-ba8c795f261e} ()
[03/24/2007, 19:50:53] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/24/2007, 19:50:53] - No filename found. Continuing.
[03/24/2007, 19:50:53] - BHO 17: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[03/24/2007, 19:50:53] - BHO 18: {800A0C44-E788-419C-B8B5-1B4964C56785} (MSEvents Object)
[03/24/2007, 19:50:53] - ALERT: Found MSEvents Object!
[03/24/2007, 19:50:53] - BHO 19: {83E89E66-0A1F-489D-BA8D-409A0C2A2C4D} ()
[03/24/2007, 19:50:53] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/24/2007, 19:50:53] - Checking for HKLM\...\Winlogon\Notify\pmnlk
[03/24/2007, 19:50:53] - Key not found: HKLM\...\Winlogon\Notify\pmnlk, continuing.
[03/24/2007, 19:50:53] - BHO 20: {8674aea0-9d3d-11d9-99dc-00600f9a01f1} ()
[03/24/2007, 19:50:53] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/24/2007, 19:50:53] - No filename found. Continuing.
[03/24/2007, 19:50:53] - BHO 21: {965a592f-8efa-4250-8630-7960230792f1} ()
[03/24/2007, 19:50:53] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/24/2007, 19:50:53] - No filename found. Continuing.
[03/24/2007, 19:50:53] - BHO 22: {9ECB9560-04F9-4bbc-943D-298DDF1699E1} (CNisExtBho Class)
[03/24/2007, 19:50:53] - BHO 23: {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} ()
[03/24/2007, 19:50:53] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/24/2007, 19:50:53] - No filename found. Continuing.
[03/24/2007, 19:50:53] - BHO 24: {bb936323-19fa-4521-ba29-eca6a121bc78} ()
[03/24/2007, 19:50:53] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/24/2007, 19:50:53] - No filename found. Continuing.
[03/24/2007, 19:50:53] - BHO 25: {ca1d1b05-9c66-11d5-a009-000103c1e50b} ()
[03/24/2007, 19:50:53] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/24/2007, 19:50:53] - No filename found. Continuing.
[03/24/2007, 19:50:53] - BHO 26: {cf021f40-3e14-23a5-cba2-717765728274} ()
[03/24/2007, 19:50:53] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/24/2007, 19:50:53] - No filename found. Continuing.
[03/24/2007, 19:50:53] - BHO 27: {E6A88A07-38FA-4A15-90A5-479DFB6E8649} (MSEvents Object)
[03/24/2007, 19:50:53] - ALERT: Found MSEvents Object!
[03/24/2007, 19:50:53] - BHO 28: {fc3a74e5-f281-4f10-ae1e-733078684f3c} ()
[03/24/2007, 19:50:53] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/24/2007, 19:50:53] - No filename found. Continuing.
[03/24/2007, 19:50:53] - Finished Searching Browser Helper Objects
[03/24/2007, 19:50:53] - *** Detected MSEvents Object
[03/24/2007, 19:50:53] - Trying to remove MSEvents Object...
[03/24/2007, 19:50:54] - Terminating Process: IEXPLORE.EXE
[03/24/2007, 19:50:54] - Terminating Process: RUNDLL32.EXE
[03/24/2007, 19:50:54] - Disabling Automatic Shell Restart
[03/24/2007, 19:50:54] - Terminating Process: EXPLORER.EXE
[03/24/2007, 19:50:54] - Suspending the NT Session Manager System Service
[03/24/2007, 19:50:54] - Terminating Windows NT Logon/Logoff Manager
[03/24/2007, 19:50:55] - Re-enabling Automatic Shell Restart
[03/24/2007, 19:50:55] - File to disable: C:\WINDOWS\system32\byxutqn.dll
[03/24/2007, 19:50:55] - Renaming C:\WINDOWS\system32\byxutqn.dll -> C:\WINDOWS\system32\byxutqn.dll.vir
[03/24/2007, 19:50:55] - File successfully renamed!
[03/24/2007, 19:50:55] - Removing HKLM\...\Browser Helper Objects\{800A0C44-E788-419C-B8B5-1B4964C56785}
[03/24/2007, 19:50:55] - Removing HKCR\CLSID\{800A0C44-E788-419C-B8B5-1B4964C56785}
[03/24/2007, 19:50:55] - Adding Kill Bit for ActiveX for GUID: {800A0C44-E788-419C-B8B5-1B4964C56785}
[03/24/2007, 19:50:55] - Deleting ATLEvents/MSEvents Registry entries
[03/24/2007, 19:50:55] - Removing HKLM\...\Winlogon\Notify\byxutqn
[03/24/2007, 19:50:55] - Searching for Browser Helper Objects:
[03/24/2007, 19:50:55] - BHO 1: {00000026-8735-428D-B81F-DD098223B25F} ()
[03/24/2007, 19:50:55] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/24/2007, 19:50:55] - No filename found. Continuing.
[03/24/2007, 19:50:55] - BHO 2: {00000250-0320-4dd4-be4f-7566d2314352} ()
[03/24/2007, 19:50:55] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/24/2007, 19:50:55] - No filename found. Continuing.
[03/24/2007, 19:50:55] - BHO 3: {000006b1-19b5-414a-849f-2a3c64ae6939} ()
[03/24/2007, 19:50:55] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/24/2007, 19:50:55] - No filename found. Continuing.
[03/24/2007, 19:50:55] - BHO 4: {02478D38-C3F9-4EFB-9B51-7695ECA05670} (Yahoo! Toolbar Helper)
[03/24/2007, 19:50:55] - BHO 5: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[03/24/2007, 19:50:55] - BHO 6: {06dfedaa-6196-11d5-bfc8-00508b4a487d} ()
[03/24/2007, 19:50:55] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/24/2007, 19:50:55] - No filename found. Continuing.
[03/24/2007, 19:50:55] - BHO 7: {13197ace-6851-45c3-a7ff-c281324d5489} ()
[03/24/2007, 19:50:55] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/24/2007, 19:50:55] - No filename found. Continuing.
[03/24/2007, 19:50:55] - BHO 8: {1E8A6170-7264-4D0F-BEAE-D42A53123C75} ()
[03/24/2007, 19:50:55] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/24/2007, 19:50:55] - Checking for HKLM\...\Winlogon\Notify\NppBho
[03/24/2007, 19:50:55] - Key not found: HKLM\...\Winlogon\Notify\NppBho, continuing.
[03/24/2007, 19:50:55] - BHO 9: {30000273-8230-4dd4-be4f-6889d1e74167} ()
[03/24/2007, 19:50:55] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/24/2007, 19:50:55] - No filename found. Continuing.
[03/24/2007, 19:50:55] - BHO 10: {4e1075f4-eec4-4a86-add7-cd5f52858c31} ()
[03/24/2007, 19:50:55] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/24/2007, 19:50:55] - No filename found. Continuing.
[03/24/2007, 19:50:55] - BHO 11: {4e7bd74f-2b8d-469e-92c6-ce7eb590a94d} ()
[03/24/2007, 19:50:55] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/24/2007, 19:50:55] - No filename found. Continuing.
[03/24/2007, 19:50:55] - BHO 12: {53C330D6-A4AB-419B-B45D-FD4411C1FEF4} ()
[03/24/2007, 19:50:55] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/24/2007, 19:50:55] - No filename found. Continuing.
[03/24/2007, 19:50:55] - BHO 13: {5929cd6e-2062-44a4-b2c5-2c7e78fbab38} ()
[03/24/2007, 19:50:55] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/24/2007, 19:50:55] - No filename found. Continuing.
[03/24/2007, 19:50:55] - BHO 14: {5dafd089-24b1-4c5e-bd42-8ca72550717b} ()
[03/24/2007, 19:50:55] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/24/2007, 19:50:55] - No filename found. Continuing.
[03/24/2007, 19:50:55] - BHO 15: {5fa6752a-c4a0-4222-88c2-928ae5ab4966} ()
[03/24/2007, 19:50:55] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/24/2007, 19:50:55] - No filename found. Continuing.
[03/24/2007, 19:50:55] - BHO 16: {669695bc-a811-4a9d-8cdf-ba8c795f261e} ()
[03/24/2007, 19:50:55] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/24/2007, 19:50:55] - No filename found. Continuing.
[03/24/2007, 19:50:55] - BHO 17: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[03/24/2007, 19:50:55] - BHO 18: {83E89E66-0A1F-489D-BA8D-409A0C2A2C4D} ()
[03/24/2007, 19:50:55] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/24/2007, 19:50:55] - Checking for HKLM\...\Winlogon\Notify\pmnlk
[03/24/2007, 19:50:55] - Key not found: HKLM\...\Winlogon\Notify\pmnlk, continuing.
[03/24/2007, 19:50:55] - BHO 19: {8674aea0-9d3d-11d9-99dc-00600f9a01f1} ()
[03/24/2007, 19:50:55] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/24/2007, 19:50:55] - No filename found. Continuing.
[03/24/2007, 19:50:55] - BHO 20: {965a592f-8efa-4250-8630-7960230792f1} ()
[03/24/2007, 19:50:55] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/24/2007, 19:50:55] - No filename found. Continuing.
[03/24/2007, 19:50:55] - BHO 21: {9ECB9560-04F9-4bbc-943D-298DDF1699E1} (CNisExtBho Class)
[03/24/2007, 19:50:55] - BHO 22: {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} ()
[03/24/2007, 19:50:55] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/24/2007, 19:50:55] - No filename found. Continuing.
[03/24/2007, 19:50:55] - BHO 23: {bb936323-19fa-4521-ba29-eca6a121bc78} ()
[03/24/2007, 19:50:55] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/24/2007, 19:50:55] - No filename found. Continuing.
[03/24/2007, 19:50:55] - BHO 24: {ca1d1b05-9c66-11d5-a009-000103c1e50b} ()
[03/24/2007, 19:50:55] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/24/2007, 19:50:55] - No filename found. Continuing.
[03/24/2007, 19:50:55] - BHO 25: {cf021f40-3e14-23a5-cba2-717765728274} ()
[03/24/2007, 19:50:55] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/24/2007, 19:50:55] - No filename found. Continuing.
[03/24/2007, 19:50:55] - BHO 26: {E6A88A07-38FA-4A15-90A5-479DFB6E8649} (MSEvents Object)
[03/24/2007, 19:50:55] - ALERT: Found MSEvents Object!
[03/24/2007, 19:50:55] - BHO 27: {fc3a74e5-f281-4f10-ae1e-733078684f3c} ()
[03/24/2007, 19:50:55] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/24/2007, 19:50:55] - No filename found. Continuing.
[03/24/2007, 19:50:55] - Finished Searching Browser Helper Objects
[03/24/2007, 19:50:55] - *** Detected MSEvents Object
[03/24/2007, 19:50:55] - Trying to remove MSEvents Object...
[03/24/2007, 19:50:56] - Terminating Process: IEXPLORE.EXE
[03/24/2007, 19:50:56] - Terminating Process: RUNDLL32.EXE
[03/24/2007, 19:50:56] - Disabling Automatic Shell Restart
[03/24/2007, 19:50:56] - Terminating Process: EXPLORER.EXE
[03/24/2007, 19:50:56] - Suspending the NT Session Manager System Service
[03/24/2007, 19:50:56] - Terminating Windows NT Logon/Logoff Manager
[03/24/2007, 19:50:56] - Re-enabling Automatic Shell Restart
[03/24/2007, 19:50:56] - File to disable: C:\WINDOWS\system32\vtsqq.dll
[03/24/2007, 19:50:56] - Renaming C:\WINDOWS\system32\vtsqq.dll -> C:\WINDOWS\system32\vtsqq.dll.vir
[03/24/2007, 19:50:57] - File successfully renamed!
[03/24/2007, 19:50:57] - Removing HKLM\...\Browser Helper Objects\{E6A88A07-38FA-4A15-90A5-479DFB6E8649}
[03/24/2007, 19:50:57] - Removing HKCR\CLSID\{E6A88A07-38FA-4A15-90A5-479DFB6E8649}
[03/24/2007, 19:50:57] - Adding Kill Bit for ActiveX for GUID: {E6A88A07-38FA-4A15-90A5-479DFB6E8649}
[03/24/2007, 19:50:57] - Deleting ATLEvents/MSEvents Registry entries
[03/24/2007, 19:50:57] - Removing HKLM\...\Winlogon\Notify\vtsqq
[03/24/2007, 19:50:57] - Searching for Browser Helper Objects:
[03/24/2007, 19:50:57] - BHO 1: {00000026-8735-428D-B81F-DD098223B25F} ()
[03/24/2007, 19:50:57] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/24/2007, 19:50:57] - No filename found. Continuing.
[03/24/2007, 19:50:57] - BHO 2: {00000250-0320-4dd4-be4f-7566d2314352} ()
[03/24/2007, 19:50:57] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/24/2007, 19:50:57] - No filename found. Continuing.
[03/24/2007, 19:50:57] - BHO 3: {000006b1-19b5-414a-849f-2a3c64ae6939} ()
[03/24/2007, 19:50:57] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/24/2007, 19:50:57] - No filename found. Continuing.
[03/24/2007, 19:50:57] - BHO 4: {02478D38-C3F9-4EFB-9B51-7695ECA05670} (Yahoo! Toolbar Helper)
[03/24/2007, 19:50:57] - BHO 5: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[03/24/2007, 19:50:57] - BHO 6: {06dfedaa-6196-11d5-bfc8-00508b4a487d} ()
[03/24/2007, 19:50:57] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/24/2007, 19:50:57] - No filename found. Continuing.
[03/24/2007, 19:50:57] - BHO 7: {13197ace-6851-45c3-a7ff-c281324d5489} ()
[03/24/2007, 19:50:57] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/24/2007, 19:50:57] - No filename found. Continuing.
[03/24/2007, 19:50:57] - BHO 8: {1E8A6170-7264-4D0F-BEAE-D42A53123C75} ()
[03/24/2007, 19:50:57] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/24/2007, 19:50:57] - Checking for HKLM\...\Winlogon\Notify\NppBho
[03/24/2007, 19:50:57] - Key not found: HKLM\...\Winlogon\Notify\NppBho, continuing.
[03/24/2007, 19:50:57] - BHO 9: {30000273-8230-4dd4-be4f-6889d1e74167} ()
[03/24/2007, 19:50:57] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/24/2007, 19:50:57] - No filename found. Continuing.
[03/24/2007, 19:50:57] - BHO 10: {4e1075f4-eec4-4a86-add7-cd5f52858c31} ()
[03/24/2007, 19:50:57] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/24/2007, 19:50:57] - No filename found. Continuing.
[03/24/2007, 19:50:57] - BHO 11: {4e7bd74f-2b8d-469e-92c6-ce7eb590a94d} ()
[03/24/2007, 19:50:57] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/24/2007, 19:50:57] - No filename found. Continuing.
[03/24/2007, 19:50:57] - BHO 12: {53C330D6-A4AB-419B-B45D-FD4411C1FEF4} ()
[03/24/2007, 19:50:57] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/24/2007, 19:50:57] - No filename found. Continuing.
[03/24/2007, 19:50:57] - BHO 13: {5929cd6e-2062-44a4-b2c5-2c7e78fbab38} ()
[03/24/2007, 19:50:57] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/24/2007, 19:50:57] - No filename found. Continuing.
[03/24/2007, 19:50:57] - BHO 14: {5dafd089-24b1-4c5e-bd42-8ca72550717b} ()
[03/24/2007, 19:50:57] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/24/2007, 19:50:57] - No filename found. Continuing.
[03/24/2007, 19:50:57] - BHO 15: {5fa6752a-c4a0-4222-88c2-928ae5ab4966} ()
[03/24/2007, 19:50:57] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/24/2007, 19:50:57] - No filename found. Continuing.
[03/24/2007, 19:50:57] - BHO 16: {669695bc-a811-4a9d-8cdf-ba8c795f261e} ()
[03/24/2007, 19:50:57] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/24/2007, 19:50:57] - No filename found. Continuing.
[03/24/2007, 19:50:57] - BHO 17: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[03/24/2007, 19:50:57] - BHO 18: {83E89E66-0A1F-489D-BA8D-409A0C2A2C4D} ()
[03/24/2007, 19:50:57] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/24/2007, 19:50:57] - Checking for HKLM\...\Winlogon\Notify\pmnlk
[03/24/2007, 19:50:57] - Key not found: HKLM\...\Winlogon\Notify\pmnlk, continuing.
[03/24/2007, 19:50:57] - BHO 19: {8674aea0-9d3d-11d9-99dc-00600f9a01f1} ()
[03/24/2007, 19:50:57] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/24/2007, 19:50:57] - No filename found. Continuing.
[03/24/2007, 19:50:57] - BHO 20: {965a592f-8efa-4250-8630-7960230792f1} ()
[03/24/2007, 19:50:57] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/24/2007, 19:50:57] - No filename found. Continuing.
[03/24/2007, 19:50:57] - BHO 21: {9ECB9560-04F9-4bbc-943D-298DDF1699E1} (CNisExtBho Class)
[03/24/2007, 19:50:57] - BHO 22: {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} ()
[03/24/2007, 19:50:57] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/24/2007, 19:50:57] - No filename found. Continuing.
[03/24/2007, 19:50:57] - BHO 23: {bb936323-19fa-4521-ba29-eca6a121bc78} ()
[03/24/2007, 19:50:57] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/24/2007, 19:50:57] - No filename found. Continuing.
[03/24/2007, 19:50:57] - BHO 24: {ca1d1b05-9c66-11d5-a009-000103c1e50b} ()
[03/24/2007, 19:50:57] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/24/2007, 19:50:57] - No filename found. Continuing.
[03/24/2007, 19:50:57] - BHO 25: {cf021f40-3e14-23a5-cba2-717765728274} ()
[03/24/2007, 19:50:57] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/24/2007, 19:50:57] - No filename found. Continuing.
[03/24/2007, 19:50:57] - BHO 26: {fc3a74e5-f281-4f10-ae1e-733078684f3c} ()
[03/24/2007, 19:50:57] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/24/2007, 19:50:57] - No filename found. Continuing.
[03/24/2007, 19:50:57] - Finished Searching Browser Helper Objects
[03/24/2007, 19:50:57] - Finishing up...
[03/24/2007, 19:50:57] - A restart is needed.
[03/24/2007, 19:52:10] - Attempting to Restart via STOP error (Blue Screen!)


---------------------------------------------------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 8:24:47 PM, on 3/24/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Picasa\Picasa2\PicasaMediaDetector.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\hijackthis\HijackThis.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\WINDOWS\AGRSMMSG.exe
c:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hphmon06.exe


All the 02 - BHO files didn't exist when I executed HiJackThis in the first part of your instructions. They now show up in this log. Does that matter?
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Eggflesh
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: (no name) - {00000026-8735-428D-B81F-DD098223B25F} - (no file)
O2 - BHO: (no name) - {00000250-0320-4dd4-be4f-7566d2314352} - (no file)
O2 - BHO: (no name) - {000006b1-19b5-414a-849f-2a3c64ae6939} - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {06dfedaa-6196-11d5-bfc8-00508b4a487d} - (no file)
O2 - BHO: (no name) - {13197ace-6851-45c3-a7ff-c281324d5489} - (no file)
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: (no name) - {30000273-8230-4dd4-be4f-6889d1e74167} - (no file)
O2 - BHO: (no name) - {4e1075f4-eec4-4a86-add7-cd5f52858c31} - (no file)
O2 - BHO: (no name) - {4e7bd74f-2b8d-469e-92c6-ce7eb590a94d} - (no file)
O2 - BHO: (no name) - {53C330D6-A4AB-419B-B45D-FD4411C1FEF4} - (no file)
O2 - BHO: (no name) - {5929cd6e-2062-44a4-b2c5-2c7e78fbab38} - (no file)
O2 - BHO: (no name) - {5dafd089-24b1-4c5e-bd42-8ca72550717b} - (no file)
O2 - BHO: (no name) - {5fa6752a-c4a0-4222-88c2-928ae5ab4966} - (no file)
O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {83E89E66-0A1F-489D-BA8D-409A0C2A2C4D} - C:\WINDOWS\system32\pmnlk.dll (file missing)
O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file)
O2 - BHO: (no name) - {965a592f-8efa-4250-8630-7960230792f1} - (no file)
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)
O2 - BHO: (no name) - {bb936323-19fa-4521-ba29-eca6a121bc78} - (no file)
O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file)
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765728274} - (no file)
O2 - BHO: (no name) - {fc3a74e5-f281-4f10-ae1e-733078684f3c} - (no file)
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa\Picasa2\PicasaMediaDetector
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SoundService] rundll32.exe "C:\WINDOWS\system32\lwmxdhxp.dll",setvm
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.yahoo.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1172177594203
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1172178336640
O16 - DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} (Quantum Streaming IE Player Class) - http://mvnet.xlontech.net/qm/abc/06071909/qsp2ie06071909.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h cltCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

Hi,eggflesh

Boy this is fun let's try it this way

Please print out or copy these instructions to Notepad as the internet will not be available to you at certain points of the removal process (whilst in Safe Mode). If there's anything that you don't understand, ask your question(s) before moving on with the fix.

----------------

• Please download and install Superantispyware
1. During the installation process, the program will prompt you to download any updates, click Yes
2. After the update process has completed, a dialog box will state: Database definitions have been updated, click OK
3. At the SUPERAntiSpyware Main Menu, click the Preferences button,
4. Click the General and Startup tab, under Start-Up Options, uncheck these two boxes: Start SUPERAntiSpyware when Windows starts and Show SUPERAntiSpyware icon in system tray
5. Click the Hi-Jack Protection tab and, under Home Page Protection, uncheck these two boxes: Display notification when home page changed and Protect home page from being changed. Changes can be made only here.
6. Click Close at the bottom of the page.
7. Exit the program.
Do NOT run SUPERAntiSpyware yet.

----------------

View hidden files and folders:
Click Start.
Open My Computer.
Select the Tools menu and click Folder Options.
Select the View Tab.
Under the Hidden files and folders heading select Show hidden files and folders.
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm.
Click OK.

----------------

Restart your computer in Safe Mode.

1. If the computer is running, shut down Windows, and then turn off the power.
2. Wait 30 seconds, and then turn the computer on.
3. Start tapping the F8 key. The Windows Advanced Options Menu will appear. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
4. Ensure that the Safe Mode option is selected.
5. Press Enter. The computer then begins to start in Safe Mode.
6. Login on your usual account.

If you need further assistance with Safe Mode, see Symantec

----------------

Run HijackThis
Scan and when it finishes, put a check mark only next to these following items : (if present)

O2 - BHO: (no name) - {00000026-8735-428D-B81F-DD098223B25F} - (no file)

O2 - BHO: (no name) - {00000250-0320-4dd4-be4f-7566d2314352} - (no file)

O2 - BHO: (no name) - {000006b1-19b5-414a-849f-2a3c64ae6939} - (no file)
O2 - BHO: (no name) - {06dfedaa-6196-11d5-bfc8-00508b4a487d} - (no file)

O2 - BHO: (no name) - {13197ace-6851-45c3-a7ff-c281324d5489} - (no file)
O2 - BHO: (no name) - {30000273-8230-4dd4-be4f-6889d1e74167} - (no file)

O2 - BHO: (no name) - {4e1075f4-eec4-4a86-add7-cd5f52858c31} - (no file)

O2 - BHO: (no name) - {4e7bd74f-2b8d-469e-92c6-ce7eb590a94d} - (no file)

O2 - BHO: (no name) - {53C330D6-A4AB-419B-B45D-FD4411C1FEF4} - (no file)

O2 - BHO: (no name) - {5929cd6e-2062-44a4-b2c5-2c7e78fbab38} - (no file)

O2 - BHO: (no name) - {5dafd089-24b1-4c5e-bd42-8ca72550717b} - (no file)

O2 - BHO: (no name) - {5fa6752a-c4a0-4222-88c2-928ae5ab4966} - (no file)

O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)
O2 - BHO: (no name) - {83E89E66-0A1F-489D-BA8D-409A0C2A2C4D} - C:\WINDOWS\system32\pmnlk.dll (file missing)

O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file)

O2 - BHO: (no name) - {965a592f-8efa-4250-8630-7960230792f1} - (no file)
O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)

O2 - BHO: (no name) - {bb936323-19fa-4521-ba29-eca6a121bc78} - (no file)

O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file)

O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765728274} - (no file)

O2 - BHO: (no name) - {fc3a74e5-f281-4f10-ae1e-733078684f3c} - (no file)

O4 - HKLM\..\Run: [SoundService] rundll32.exe "C:\WINDOWS\system32\lwmxdhxp.dll",setvm

Close all browsers and any open Windows, making sure that only HijackThis is open
Click Fix Checked
Close HijackThis

-----------------

Next, please find and delete the following files/folders (if present):
C:\WINDOWS\system32\pmnlk.dll<---This file
C:\WINDOWS\system32\lwmxdhxp.dll<---This file

-----------------

• Open the SUPERAntiSpyware program.
1. At the SUPERAntiSpyware Main Menu, under Scan for Harmful Software, click the Scan your Computer button, and the SUPERAntiSpyware Scanner menu will appear.
2. Make sure under Scan Location that your correct hard drive letter is checked. The correct hard drive letter should automatically be checked by default.
3. Under Complete Scan, click Perform Complete Scan.
4. At the bottom, click Next, to start the scan.
NOTE: This scan is very thorough. It will take a while to complete depending on the number of files and folders on the hard drive. Please be patient.
5. Click finish and you will be taken back to the main interface.
6. Click Preferences and then click the statistics/logs tab. Click the dated log and press view log and a text file will appear.
7. Copy and paste the log into your reply.

----------------

The steps that I am about to suggest involve modifying the registry. Modifying the registry can be dangerous so we will make a backup of the registry first.

Backup the Registry:

Navigate to Start | Run and paste the following:

regedit /e c:\registrybackup.reg

Now click OK
It won't appear to be doing anything, that's normal.
Your mouse pointer may turn to an hour glass for a minute.
Please continue when it no longer has the hour glass.

--------------------

Open Notepad and copy and paste the following quotebox into a new text document. (Don't forget to copy and paste REGEDIT4!)
( Do not copy the word quote)



Save this as fix.reg Choose to save as *all files and place it on your Desktop.
It should look like this:Click to view attachment
Double-click on it and when it asks you if you want to merge the contents to the registry, click Yes/OK.

----------------

Do a reboot come back here with a new HijackThis and SUPERAntiSpyware log.

Gogo

I agree that this is fun. It's always enjoyable for me to learn new stuff.

Here ya' are...



Logfile of HijackThis v1.99.1
Scan saved at 4:30:43 PM, on 3/25/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
C:\WINDOWS\RTHDCPL.EXE
C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Picasa\Picasa2\PicasaMediaDetector.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Windows NT\Accessories\WORDPAD.EXE
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Eggflesh
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa\Picasa2\PicasaMediaDetector
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.yahoo.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1172177594203
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1172178336640
O16 - DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} (Quantum Streaming IE Player Class) - http://mvnet.xlontech.net/qm/abc/06071909/qsp2ie06071909.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h cltCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe



SUPERAntiSpyware Scan Log
Generated 03/25/2007 at 04:09 PM

Application Version : 3.6.1000

Core Rules Database Version : 3206
Trace Rules Database Version: 1216

Scan type : Complete Scan
Total Scan Time : 01:09:37

Memory items scanned : 167
Memory threats detected : 0
Registry items scanned : 6756
Registry threats detected : 7
File items scanned : 57510
File threats detected : 6

Adware.Vundo Variant
HKLM\Software\Classes\CLSID\{BEFA4143-AD4D-432F-B0AE-25A86C5A2DDA}
HKCR\CLSID\{BEFA4143-AD4D-432F-B0AE-25A86C5A2DDA}
HKCR\CLSID\{BEFA4143-AD4D-432F-B0AE-25A86C5A2DDA}\InprocServer32
HKCR\CLSID\{BEFA4143-AD4D-432F-B0AE-25A86C5A2DDA}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\SSTTR.DLL

Trojan.Media-Codec
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\System Alert Popup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\System Alert Popup#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\System Alert Popup#UninstallString

Trojan.Downloader-LDCore
C:\SVHOST.EXE

Adware.Second Thought
C:\WINDOWS\BOKJA.EXE
C:\WINDOWS\STCLOADER.EXE

Torjan.SecondThoughtInstaller
C:\WINDOWS\INSTALLER\ID53.EXE

Trojan.WinFixer
C:\WINDOWS\SYSTEM32\DDCCB.DLL

Hey,eggflesh

That cleaned up nice now before anything comes back on us. do my last steps here.
and may I have some feedback how is the PC doing now.


To reset your restore points, please note that you will need to log into your computer with an account which has full administrator access. You will know if the account has administrator access because you will be able to see the System Restore tab. If the tab is missing, you are logged in under a limited account.


Next, let's clean your restore points and set a new one


Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs from changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected)

1. Turn off System Restore.
* On the Desktop, right-click My Computer.
* Click Properties.
* Click the System Restore tab.
* CHECK Turn off System Restore.
* Click Apply, and then click OK.
2. Restart your computer.
3. Turn ON System Restore.
* On the Desktop, right-click My Computer.
* Click Properties.
* Click the System Restore tab.
* UN-Check Turn off System Restore.
* Click Apply, and then click OK.

System Restore will now be active again.


Then create a new restore point once you have System Restore back on.
To create a new System Restore Point, click Start -> All Programs -> Accessories -> System Tools -> System Restore.
When the System Restore Utility opens, click "Create a Restore Point" then click Next.
Enter a name for this Restore Point, and click Create.

---------------------

For Internet Explorer 7

Click Start, click Control Panel, and then double-click Internet Options.
On the General tab, click Delete... under Browsing History.
Next to Temporary Internet Files, click Delete files, and then click OK.
Next to Cookies, click Delete cookies, and then click OK.
Next to History, click Delete history, and then click OK.
Click the Close button.
Click OK.

---------------------

Firefox (In case you also have Firefox installed)
Open Firefox and go to Tools -> Options.
Click Privacy in the menu on the left side of the Options window.
Click the Clear button located to the right of each option (History, Cookies, Cache).
Click OK to close the Options window.
Alternatively, you can clear all information stored while browsing by clicking Clear All.
A confirmation dialog box will be shown before clearing the information.

---------------------

Make your Internet Explorer more secure - This can be done by following these simple instructions:
1. From within Internet Explorer click on the Tools menu and then click on Options.
2. Click once on the Security tab
3. Click once on the Internet icon so it becomes highlighted.
4. Click once on the Custom Level button.
a. Change the Download signed ActiveX controls to Prompt
b. Change the Download unsigned ActiveX controls to Disable
c . Change the Initialize and script ActiveX controls not marked as safe to Disable
d. Change the Installation of desktop items to Prompt
e. Change the Launching programs and files in an IFRAME to Prompt
f. Change the Navigate sub-frames across different domains to Prompt
g. When all these settings have been made, click on the OK button.
h. If it prompts you as to whether or not you want to save the settings, press the Yes button.
5. Next press the Apply button and then the OK to exit the Internet Properties page.

And please have a look at the great info by Mr,TK
So how did I get infected in the first place


Gogo

So far so good! You guys are awesome! This is the second time within a few months when I needed help and you folks always came thru.

Thanks so much!

New problem. Computer reboots on its own. It stopped doing it when I turn off Zone Alarm. With ZL on I get a Microsoft Windows error message window that says, "The system has recovered from a serious error." I click Send Error Report but it fails to complete.

Do I have too many spy programs running / installed? I have only one AntiVirus program - Avast!

Just now I was able to send error report and a window pops up with a Microsoft Windows Error Reporting page with the following:

Problem caused by Zone Alarm's Firewall Software (VSDATANT.SYS)

This problem was caused by Zone Alarm's Firewall Software (VSDATANT.SYS). Zone Alarm's Firewall Software (VSDATANT.SYS) was created by Zone Labs, Inc..

Zone Labs, Inc. is aware of this problem and working as quickly as possible to make a solution available.

What version of zonealarm do you have installed? (pro? free?) (7.0? 6.5? 6.0?)

Wow! That was fast.

I had the Free version. Had as in I just uninstalled it after installing it about 2 hours ago. Computer doesn't crash anymore since I got rid of ZoneAlarm. Now I'm using Windows firewall which I know isn't completely secure. Any suggestions?

What version of zonealarm free were you using?

Sorry about that.

Version 6.0.667.0

Hey,eggflesh

It sounds to me like a bad Install/Uninstall of the Firewall, not sure how you go about installing progs
anyways if you uninstalled ZA, see if installing this one helps. I don't like the idea of you running the XP firewall.

http://www.personalfirewall.comodo.com/

Now as I said no idea how you install progs. but this is how I go about it

1) Shut down the PC if on Cable/DSL Unplug the Modem.

2) Re-start the PC stop all running programs.

3) Do a new system restore point and I name it like so, say I download comodo firewall I just name it comodo firewall - Uninstaller.

4) Install the prog if prog ask to do reboot I do so then when prog is done installing I again shut down PC
plug in my Cable/DSL. restart PC see if all runs good.

Gogo

All done. I've learned so much from you and I greatly appreciate all your help! I guess we can close this.

Be well!
Egg.

PS - I noticed that my computer runs much faster now.

Hi,eggflesh

Your welcome anytime just make sure to install a FireWall for me

Since this issue appears resolved ... this topic is closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a new topic.

Gogo