The following logs are related to the issue which I described here:
http://forums.spybot.info/showthread.php?t=10186
having to do with the inability to remove Backdoor.Win32.SdBot.gen reported by Spybot S&D. Any kind of help will be greatly appreciated.

HijackThis log:
Logfile of HijackThis v1.99.1
Scan saved at 00:05:12, on 2007-01-04
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\Mixer.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Logitech\Video\CameraAssistant.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.infoseek.pl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gazeta.pl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKCU\..\Run: [RivChat] C:\Program Files\RivChat2\RivChat.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Przyspieszenie uruchomienia programu AutoCAD.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: bw+0 - {892EBD5A-EFB6-42E9-9C58-E0D358A4E087} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {892EBD5A-EFB6-42E9-9C58-E0D358A4E087} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {892EBD5A-EFB6-42E9-9C58-E0D358A4E087} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {892EBD5A-EFB6-42E9-9C58-E0D358A4E087} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {892EBD5A-EFB6-42E9-9C58-E0D358A4E087} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {892EBD5A-EFB6-42E9-9C58-E0D358A4E087} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {892EBD5A-EFB6-42E9-9C58-E0D358A4E087} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {892EBD5A-EFB6-42E9-9C58-E0D358A4E087} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {892EBD5A-EFB6-42E9-9C58-E0D358A4E087} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {892EBD5A-EFB6-42E9-9C58-E0D358A4E087} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {892EBD5A-EFB6-42E9-9C58-E0D358A4E087} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {892EBD5A-EFB6-42E9-9C58-E0D358A4E087} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {892EBD5A-EFB6-42E9-9C58-E0D358A4E087} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {892EBD5A-EFB6-42E9-9C58-E0D358A4E087} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {892EBD5A-EFB6-42E9-9C58-E0D358A4E087} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {892EBD5A-EFB6-42E9-9C58-E0D358A4E087} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {892EBD5A-EFB6-42E9-9C58-E0D358A4E087} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {892EBD5A-EFB6-42E9-9C58-E0D358A4E087} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {892EBD5A-EFB6-42E9-9C58-E0D358A4E087} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {892EBD5A-EFB6-42E9-9C58-E0D358A4E087} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {892EBD5A-EFB6-42E9-9C58-E0D358A4E087} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {892EBD5A-EFB6-42E9-9C58-E0D358A4E087} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {892EBD5A-EFB6-42E9-9C58-E0D358A4E087} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {892EBD5A-EFB6-42E9-9C58-E0D358A4E087} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {892EBD5A-EFB6-42E9-9C58-E0D358A4E087} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {892EBD5A-EFB6-42E9-9C58-E0D358A4E087} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {892EBD5A-EFB6-42E9-9C58-E0D358A4E087} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {892EBD5A-EFB6-42E9-9C58-E0D358A4E087} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {892EBD5A-EFB6-42E9-9C58-E0D358A4E087} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {892EBD5A-EFB6-42E9-9C58-E0D358A4E087} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {892EBD5A-EFB6-42E9-9C58-E0D358A4E087} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {892EBD5A-EFB6-42E9-9C58-E0D358A4E087} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {892EBD5A-EFB6-42E9-9C58-E0D358A4E087} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {892EBD5A-EFB6-42E9-9C58-E0D358A4E087} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {892EBD5A-EFB6-42E9-9C58-E0D358A4E087} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {892EBD5A-EFB6-42E9-9C58-E0D358A4E087} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {892EBD5A-EFB6-42E9-9C58-E0D358A4E087} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {892EBD5A-EFB6-42E9-9C58-E0D358A4E087} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {892EBD5A-EFB6-42E9-9C58-E0D358A4E087} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {892EBD5A-EFB6-42E9-9C58-E0D358A4E087} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {892EBD5A-EFB6-42E9-9C58-E0D358A4E087} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {892EBD5A-EFB6-42E9-9C58-E0D358A4E087} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {892EBD5A-EFB6-42E9-9C58-E0D358A4E087} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {892EBD5A-EFB6-42E9-9C58-E0D358A4E087} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {892EBD5A-EFB6-42E9-9C58-E0D358A4E087} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {892EBD5A-EFB6-42E9-9C58-E0D358A4E087} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {892EBD5A-EFB6-42E9-9C58-E0D358A4E087} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {892EBD5A-EFB6-42E9-9C58-E0D358A4E087} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {892EBD5A-EFB6-42E9-9C58-E0D358A4E087} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {892EBD5A-EFB6-42E9-9C58-E0D358A4E087} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {892EBD5A-EFB6-42E9-9C58-E0D358A4E087} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {892EBD5A-EFB6-42E9-9C58-E0D358A4E087} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {892EBD5A-EFB6-42E9-9C58-E0D358A4E087} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {892EBD5A-EFB6-42E9-9C58-E0D358A4E087} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {892EBD5A-EFB6-42E9-9C58-E0D358A4E087} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {892EBD5A-EFB6-42E9-9C58-E0D358A4E087} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {892EBD5A-EFB6-42E9-9C58-E0D358A4E087} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {892EBD5A-EFB6-42E9-9C58-E0D358A4E087} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {892EBD5A-EFB6-42E9-9C58-E0D358A4E087} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {892EBD5A-EFB6-42E9-9C58-E0D358A4E087} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {892EBD5A-EFB6-42E9-9C58-E0D358A4E087} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {892EBD5A-EFB6-42E9-9C58-E0D358A4E087} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {892EBD5A-EFB6-42E9-9C58-E0D358A4E087} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {892EBD5A-EFB6-42E9-9C58-E0D358A4E087} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {892EBD5A-EFB6-42E9-9C58-E0D358A4E087} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {892EBD5A-EFB6-42E9-9C58-E0D358A4E087} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {892EBD5A-EFB6-42E9-9C58-E0D358A4E087} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {892EBD5A-EFB6-42E9-9C58-E0D358A4E087} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {892EBD5A-EFB6-42E9-9C58-E0D358A4E087} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {892EBD5A-EFB6-42E9-9C58-E0D358A4E087} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {892EBD5A-EFB6-42E9-9C58-E0D358A4E087} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {892EBD5A-EFB6-42E9-9C58-E0D358A4E087} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {892EBD5A-EFB6-42E9-9C58-E0D358A4E087} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {892EBD5A-EFB6-42E9-9C58-E0D358A4E087} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {892EBD5A-EFB6-42E9-9C58-E0D358A4E087} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {892EBD5A-EFB6-42E9-9C58-E0D358A4E087} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {892EBD5A-EFB6-42E9-9C58-E0D358A4E087} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

Panda OnLine Scan log:

Incident Status Location

Virus:Trj/Downloader.JFL Disinfected Operating system
Adware:adware/ipbill Not disinfected Windows Registry
Spyware:Cookie/adstat Not disinfected C:\Documents and Settings\Jurek\Cookies\jurek@ad.stat.4u[1].txt
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\Jurek\Cookies\jurek@adopt.hbmediapro[1].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Jurek\Cookies\jurek@ads.clickad.com[2].txt
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\Jurek\Cookies\jurek@adserver.o2[1].txt
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\Jurek\Cookies\jurek@adserver[2].txt
Spyware:Cookie/adstat Not disinfected C:\Documents and Settings\Jurek\Cookies\jurek@adstat.4u[2].txt
Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\Jurek\Cookies\jurek@adtech[2].txt
Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\Jurek\Cookies\jurek@adultfriendfinder[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Jurek\Cookies\jurek@ath.belnk[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Jurek\Cookies\jurek@belnk[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Jurek\Cookies\jurek@dist.belnk[1].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Jurek\Cookies\jurek@xiti[1].txt
Virus:Trj/Downloader.JFL Disinfected C:\Documents and Settings\Jurek\Ustawienia lokalne\Temp\372803.exe

Welcome to the forum, I should ask first if you have resolved your issue? If not I would appreciate it if we can get rid of the DesktopMessenger causing all of the 018 lines, this will explain:
For your information, all of the 018 items in the log are the result of the Logitech Desktop Messenger which gets installed along with another Logitech program because the EULA agreement is not read. Unless you know what it is and use it, it is a resource waster and can be removed in Add Remove programs, but make sure you uninstall only what I highlite in red, this is optional:
C:\Program Files\Logitech\Desktop Messenger\ <<< uninstall only the program in red.

Understand Backdoor.Win32.SdBot.gen is generic and though this worm has severelyl compromised your security, I see nothing in the HJT log and we need to know the name of the worm and the location. Look at the Spybot report again and see if it supplies more information.
http://www.google.com/search?sourceid=navclient&ie=UTF-8&rls=GGLG,GGLG:2006-16,GGLG:en&q=Win32%2eSdBot%2egen+

Can you tell me about this program: O4 - HKCU\..\Run: [RivChat] C:\Program Files\RivChat2\RivChat.exe are you sure it is safe?

Your Java program is out of date, see this information:
http://forums.spybot.info/showpost.php?p=12880&postcount=2
C:\Program Files\Java\jre1.5.0_06\ <<< out of date, please download the newest version and uninstall all old versions in Add Remove programs.

Not being able to see this worm or know of it's location puts us at a disadvantage. Complete the above instructions and see if you can provide more information. If you no longer have the problem, post to let me know so I can close your topic.

Before we start using trojan hunting tools to locate this worm, andymanchesta has created a tool that will remove many of the backdoor worms, let's give it a try:

Thanks to andymanchesta and anyone else who helped with the fix.

Download SDFix (http://downloads.andymanchesta.com/RemovalTools/SDFix.exe) and save it to your Desktop.

Double click SDFix.exe and choose Install to extract it to its own folder on the Desktop. Please then reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, the Advanced Options Menu should appear;
Select the first option, to run Windows in Safe Mode, then press Enter.
Choose your usual account.

Open the extracted SDFix folder and double click RunThis.bat to start the script.
Type Y to begin the cleanup process.
It will remove any Trojan Services or Registry Entries found then prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt.
Finally copy and paste the contents of the results file Report.txt back onto the forum with a new HijackThis log.


Please include any information I requested above and any comments you think will help.

Thanks..Phil

Phil,

Thanks so much for taking the time to help me with the issue. The issue is still unresolved. Please see below.


If not I would appreciate it if we can get rid of the DesktopMessenger causing all of the 018 lines
Done.

Look at the Spybot report again and see if it supplies more information.
I'm not sure how to obtain this information. Can you please be more specific. All that I was able to get, I already posted, which was this:
http://i34.photobucket.com/albums/d102/escape2music/misc/backdoor2.png

However, after I ran SDFix, the second item (Microsoft.WindowsSecurityCenter_disabled) no longer shows up in Spybot S&D.




Can you tell me about this program: O4 - HKCU\..\Run: [RivChat] C:\Program Files\RivChat2\RivChat.exe are you sure it is safe?
It's a LAN instant messenger/communicator. It's definitely harmless, but I went ahead and removed it anyway.


Your Java program is out of date,
I updated it, as you suggested.

I will post SDFix report and new HJT report in just a moment...

SDFix Report.txt:

SDFix: Version 1.55
****************

2007-01-06 - 23:15:49,14

Microsoft Windows XP [Wersja 5.1.2600]

Running From: C:\SDFix

Stage One - Safe Mode

Checking Services...

Service Name:


File Path:



Starting Registry Repairs...

Restoring Default Hosts File...

Stage One Complete

Rebooting...

Stage Two - Normal Mode

Checking For Malware:
--------------------

C:\WINDOWS\TEMP\tmp10.tmp
C:\WINDOWS\TEMP\tmp11.tmp
C:\WINDOWS\TEMP\tmp12.tmp
C:\WINDOWS\TEMP\tmp13.tmp
C:\WINDOWS\TEMP\tmp14.tmp
C:\WINDOWS\TEMP\tmp15.tmp
C:\WINDOWS\TEMP\tmp16.tmp
C:\WINDOWS\TEMP\tmp17.tmp
C:\WINDOWS\TEMP\tmp18.tmp
C:\WINDOWS\TEMP\tmp19.tmp
C:\WINDOWS\TEMP\tmp1A.tmp
C:\WINDOWS\TEMP\tmp1B.tmp
C:\WINDOWS\TEMP\tmp1C.tmp
C:\WINDOWS\TEMP\tmp1D.tmp
C:\WINDOWS\TEMP\tmp1E.tmp
C:\WINDOWS\TEMP\tmp1F.tmp
C:\WINDOWS\TEMP\tmp20.tmp
C:\WINDOWS\TEMP\tmp21.tmp
C:\WINDOWS\TEMP\tmp22.tmp
C:\WINDOWS\TEMP\tmp23.tmp
C:\WINDOWS\TEMP\tmp24.tmp
C:\WINDOWS\TEMP\tmp25.tmp
C:\WINDOWS\TEMP\tmp26.tmp
C:\WINDOWS\TEMP\tmp27.tmp
C:\WINDOWS\TEMP\tmp28.tmp
C:\WINDOWS\TEMP\tmp29.tmp
C:\WINDOWS\TEMP\tmp2A.tmp
C:\WINDOWS\TEMP\tmp2B.tmp
C:\WINDOWS\TEMP\tmp2C.tmp
C:\WINDOWS\TEMP\tmp2D.tmp
C:\WINDOWS\TEMP\tmp2E.tmp
C:\WINDOWS\TEMP\tmp2F.tmp
C:\WINDOWS\TEMP\tmp3.tmp
C:\WINDOWS\TEMP\tmp30.tmp
C:\WINDOWS\TEMP\tmp31.tmp
C:\WINDOWS\TEMP\tmp32.tmp
C:\WINDOWS\TEMP\tmp33.tmp
C:\WINDOWS\TEMP\tmp34.tmp
C:\WINDOWS\TEMP\tmp35.tmp
C:\WINDOWS\TEMP\tmp36.tmp
C:\WINDOWS\TEMP\tmp37.tmp
C:\WINDOWS\TEMP\tmp38.tmp
C:\WINDOWS\TEMP\tmp39.tmp
C:\WINDOWS\TEMP\tmp3A.tmp
C:\WINDOWS\TEMP\tmp3B.tmp
C:\WINDOWS\TEMP\tmp3C.tmp
C:\WINDOWS\TEMP\tmp3D.tmp
C:\WINDOWS\TEMP\tmp3E.tmp
C:\WINDOWS\TEMP\tmp3F.tmp
C:\WINDOWS\TEMP\tmp4.tmp
C:\WINDOWS\TEMP\tmp40.tmp
C:\WINDOWS\TEMP\tmp41.tmp
C:\WINDOWS\TEMP\tmp42.tmp
C:\WINDOWS\TEMP\tmp43.tmp
C:\WINDOWS\TEMP\tmp44.tmp
C:\WINDOWS\TEMP\tmp45.tmp
C:\WINDOWS\TEMP\tmp46.tmp
C:\WINDOWS\TEMP\tmp47.tmp
C:\WINDOWS\TEMP\tmp48.tmp
C:\WINDOWS\TEMP\tmp49.tmp
C:\WINDOWS\TEMP\tmp4A.tmp
C:\WINDOWS\TEMP\tmp4B.tmp
C:\WINDOWS\TEMP\tmp4C.tmp
C:\WINDOWS\TEMP\tmp4D.tmp
C:\WINDOWS\TEMP\tmp4E.tmp
C:\WINDOWS\TEMP\tmp4F.tmp
C:\WINDOWS\TEMP\tmp5.tmp
C:\WINDOWS\TEMP\tmp50.tmp
C:\WINDOWS\TEMP\tmp51.tmp
C:\WINDOWS\TEMP\tmp52.tmp
C:\WINDOWS\TEMP\tmp53.tmp
C:\WINDOWS\TEMP\tmp54.tmp
C:\WINDOWS\TEMP\tmp55.tmp
C:\WINDOWS\TEMP\tmp56.tmp
C:\WINDOWS\TEMP\tmp57.tmp
C:\WINDOWS\TEMP\tmp58.tmp
C:\WINDOWS\TEMP\tmp59.tmp
C:\WINDOWS\TEMP\tmp5A.tmp
C:\WINDOWS\TEMP\tmp5B.tmp
C:\WINDOWS\TEMP\tmp5C.tmp
C:\WINDOWS\TEMP\tmp5D.tmp
C:\WINDOWS\TEMP\tmp5E.tmp
C:\WINDOWS\TEMP\tmp5F.tmp
C:\WINDOWS\TEMP\tmp6.tmp
C:\WINDOWS\TEMP\tmp60.tmp
C:\WINDOWS\TEMP\tmp61.tmp
C:\WINDOWS\TEMP\tmp62.tmp
C:\WINDOWS\TEMP\tmp63.tmp
C:\WINDOWS\TEMP\tmp64.tmp
C:\WINDOWS\TEMP\tmp65.tmp
C:\WINDOWS\TEMP\tmp66.tmp
C:\WINDOWS\TEMP\tmp67.tmp
C:\WINDOWS\TEMP\tmp68.tmp
C:\WINDOWS\TEMP\tmp69.tmp
C:\WINDOWS\TEMP\tmp6A.tmp
C:\WINDOWS\TEMP\tmp6B.tmp
C:\WINDOWS\TEMP\tmp6C.tmp
C:\WINDOWS\TEMP\tmp6D.tmp
C:\WINDOWS\TEMP\tmp6E.tmp
C:\WINDOWS\TEMP\tmp6F.tmp
C:\WINDOWS\TEMP\tmp7.tmp
C:\WINDOWS\TEMP\tmp70.tmp
C:\WINDOWS\TEMP\tmp71.tmp
C:\WINDOWS\TEMP\tmp72.tmp
C:\WINDOWS\TEMP\tmp73.tmp
C:\WINDOWS\TEMP\tmp74.tmp
C:\WINDOWS\TEMP\tmp75.tmp
C:\WINDOWS\TEMP\tmp76.tmp
C:\WINDOWS\TEMP\tmp77.tmp
C:\WINDOWS\TEMP\tmp78.tmp
C:\WINDOWS\TEMP\tmp79.tmp
C:\WINDOWS\TEMP\tmp7A.tmp
C:\WINDOWS\TEMP\tmp7B.tmp
C:\WINDOWS\TEMP\tmp7C.tmp
C:\WINDOWS\TEMP\tmp7D.tmp
C:\WINDOWS\TEMP\tmp7E.tmp
C:\WINDOWS\TEMP\tmp7F.tmp
C:\WINDOWS\TEMP\tmp8.tmp
C:\WINDOWS\TEMP\tmp80.tmp
C:\WINDOWS\TEMP\tmp81.tmp
C:\WINDOWS\TEMP\tmp82.tmp
C:\WINDOWS\TEMP\tmp83.tmp
C:\WINDOWS\TEMP\tmp84.tmp
C:\WINDOWS\TEMP\tmp85.tmp
C:\WINDOWS\TEMP\tmp86.tmp
C:\WINDOWS\TEMP\tmp87.tmp
C:\WINDOWS\TEMP\tmp88.tmp
C:\WINDOWS\TEMP\tmp89.tmp
C:\WINDOWS\TEMP\tmp8A.tmp
C:\WINDOWS\TEMP\tmp8B.tmp
C:\WINDOWS\TEMP\tmp8C.tmp
C:\WINDOWS\TEMP\tmp8D.tmp
C:\WINDOWS\TEMP\tmp8E.tmp
C:\WINDOWS\TEMP\tmp8F.tmp
C:\WINDOWS\TEMP\tmp9.tmp
C:\WINDOWS\TEMP\tmp90.tmp
C:\WINDOWS\TEMP\tmp91.tmp
C:\WINDOWS\TEMP\tmp92.tmp
C:\WINDOWS\TEMP\tmp93.tmp
C:\WINDOWS\TEMP\tmp94.tmp
C:\WINDOWS\TEMP\tmp95.tmp
C:\WINDOWS\TEMP\tmp96.tmp
C:\WINDOWS\TEMP\tmp97.tmp
C:\WINDOWS\TEMP\tmp98.tmp
C:\WINDOWS\TEMP\tmp99.tmp
C:\WINDOWS\TEMP\tmp9A.tmp
C:\WINDOWS\TEMP\tmp9B.tmp
C:\WINDOWS\TEMP\tmp9C.tmp
C:\WINDOWS\TEMP\tmp9D.tmp
C:\WINDOWS\TEMP\tmp9E.tmp
C:\WINDOWS\TEMP\tmp9F.tmp
C:\WINDOWS\TEMP\tmpA.tmp
C:\WINDOWS\TEMP\tmpA0.tmp
C:\WINDOWS\TEMP\tmpA1.tmp
C:\WINDOWS\TEMP\tmpA2.tmp
C:\WINDOWS\TEMP\tmpA3.tmp
C:\WINDOWS\TEMP\tmpA4.tmp
C:\WINDOWS\TEMP\tmpA5.tmp
C:\WINDOWS\TEMP\tmpA6.tmp
C:\WINDOWS\TEMP\tmpA7.tmp
C:\WINDOWS\TEMP\tmpA8.tmp
C:\WINDOWS\TEMP\tmpA9.tmp
C:\WINDOWS\TEMP\tmpAA.tmp
C:\WINDOWS\TEMP\tmpAB.tmp
C:\WINDOWS\TEMP\tmpAC.tmp
C:\WINDOWS\TEMP\tmpAD.tmp
C:\WINDOWS\TEMP\tmpB.tmp
C:\WINDOWS\TEMP\tmpC.tmp
C:\WINDOWS\TEMP\tmpD.tmp
C:\WINDOWS\TEMP\tmpE.tmp
C:\WINDOWS\TEMP\tmpF.tmp

Backing Up and Removing any Files Found...

Alternate Stream Check:

C:\WINDOWS\system32
No streams found.
Final Check:

Remaining Services:
------------------


Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\VID50\\UPGRADE\\DIALUPS.EXE"="C:\\VID50\\UPGRADE\\DIALUPS.EXE:*:Enabled:DIALUPS"
"C:\\VID50\\HBANK32.EXE"="C:\\VID50\\HBANK32.EXE:*:Enabled:Eksplorator VideoTEL 5.0"
"C:\\VID50\\SETINST.EXE"="C:\\VID50\\SETINST.EXE:*:Enabled:Konfiguracja pakietu VideoTEL"
"C:\\Program Files\\RivChat2\\RivChat.exe"="C:\\Program Files\\RivChat2\\RivChat.exe:*:Enabled:RivChat"
"C:\\VID50\\DIALUPS.EXE"="C:\\VID50\\DIALUPS.EXE:*:Enabled:DIALUPS"
"C:\\Program Files\\Gadu-Gadu\\gg.exe"="C:\\Program Files\\Gadu-Gadu\\gg.exe:*:Enabled:Gadu-Gadu - program glowny"
"C:\\Program Files\\Aida\\aida32.bin"="C:\\Program Files\\Aida\\aida32.bin:*:Enabled:AIDA32 - Worldwide SysInfo Tool"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"


Remaining Files:
---------------

Backups Folder: - C:\SDFix\backups\backups.zip

Checking for files with Hidden Attributes:

C:\NTDETECT.COM
C:\Program Files\Autodesk\Autodesk DWF Viewer\_Setupx.dll
C:\Program Files\Autodesk\Autodesk DWF Viewer\Setup.exe
C:\WINDOWS\system32\cdplayer.exe.manifest
C:\WINDOWS\system32\logonui.exe.manifest
C:\hiberfil.sys
C:\IO.SYS
C:\MSDOS.SYS
C:\pagefile.sys

FINISHED!

HJT log:
Logfile of HijackThis v1.99.1
Scan saved at 23:53:42, on 2007-01-06
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Logitech\Video\CameraAssistant.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Skype\Plugin Manager\SkypePM.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.infoseek.pl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gazeta.pl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Przyspieszenie uruchomienia programu AutoCAD.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

OK Pete, let's chat a little, please review this information:
Why does Spybot-S&D flag changes in the Windows Security Center?
http://www.safer-networking.org/en/faq/46.html
http://www.safer-networking.org/en/faq/index.html
http://forums.spybot.info/showthread.php?t=250

I am wondering if the other one is also and I am researching the Spybot false positives now, but my time is limited today, see if you can spot anything here: http://forums.spybot.info/forumdisplay.php?f=16

Sorry about not seeing the link you posted, I glanced quickly then started looking at the HJT log (my bad).
The SDFix may have fixed that false positive, but I can't see where it located anything else. It does not have all back door trojans, Andy adds them as we give them to him. I read the information you posted before posing you HJT log and it appears Spybot is the only program reporting the trojan.

The new HJT log looks clean of malware also. Give this free online trojan scanner a run and let me know if it find anything.
http://www.windowsecurity.com/trojanscan/

Thanks

Give this free online trojan scanner a run and let me know if it find anything.
http://www.windowsecurity.com/trojanscan/
I did a deep scan. It found a trojan that I quarantined:
http://i34.photobucket.com/albums/d102/escape2music/misc/emsi-quarantine.png

It also found some traces, but I did not touch them - wasn't sure if it's OK to remove. Is it?
http://i34.photobucket.com/albums/d102/escape2music/misc/emsi-found.png


Spybot S&D still detects the Backdoor.Win32.SdBot.gen, but when I turn the Windows Firewall on now, it stays on after the reboot (like it should), so that earlier threat related to Windows Security reported by Spybot was not a false positive, but some of the other tools that you suggested I run must have cleaned whatever malware there was that was causing it.

I would much rather use the built-in Windows Firewall (even if it's inferior) than say ZoneAlarm, because my dad doesn't know English so he may get confused by the occasional ZA announcements and the blocking of apps.

Anyway, thanks for the help. If there is anything else that you think I should try on his PC, please let me know.

Cheers,
Pete

Thanks Pete, for returning the feedback, here is misc. information about this item: Trojan.Win32.Agent.gg
http://www.google.com/search?hl=en&q=Trojan.Win32.Agent.gg&btnG=Google+Search
I would say to keep an eye on things, if no other program is reporting a problem, it is probably a Spybot error. See if you can delete the item in the quarantine folder.

http://i34.photobucket.com/albums/d102/escape2music/misc/emsi-found.png
From here it looks like 21 cookies you need to clean out, the other item I can't click to see what it is but this:
C:\Windows\logo.bmp is probably a photo. here are free online scanners so you can check it if you wish:
http://virusscan.jotti.org/
http://www.kaspersky.com/scanforvirus
http://www.virustotal.com/flash/index_en.html
I
would much rather use the built-in Windows Firewall (even if it's inferior) than say ZoneAlarm, because my dad doesn't know English so he may get confused by the occasional ZA announcements and the blocking of apps.
I understand that, an option would be to place a router with a hardware firewall (the Windows firewall is not the best) Here is one for you to look at which is freeware.
http://www.jetico.com/index.htm#/jpfirewall.htm

Let me know if I can do more, I suggest you clean the System Restore files just in case:
System Restore does not know the good files from the bad. In case bad stuff has gotten into your System Restore files, follow the instructions in this link to get clean System Restore files. Turn it off, reboot then turn it back on:
http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001111912274039?Open&src=sec_doc_nam

Here is some great information from Tony Klein, Texruss, ChrisRLG and Grinler to help you stay clean and safe online:
http://forums.spybot.info/showthread.php?t=279
http://russelltexas.com/malware/allclear.htm
http://forum.malwareremoval.com/viewtopic.php?t=14
http://www.bleepingcomputer.com/forums/topict2520.html
http://cybercoyote.org/security/not-admin.shtml

Thanks...Phil
Safer Networking Forums
http://www.spybot.info/en/donate/index.html
If you are reading this information...thank a teacher,
If you are reading it in English...thank a soldier.

This topic has been archived. :)

If you need it re-opened please send me a private message (pm) and provide a link to the thread. Applies only to the original topic starter.