need some help

Hello

Welcome to Safer Networking.

Please read Before You Post

Download and install Trendmicros Hijackthis

Download the Trendmicro Hijackthis Installer, follow defauts and it will install in C:\Program Files\Trendmicro\Hijackthis and this is exactly where we want it to be.

  • Open HJT Scan and Save a Log File, it will open in Notepad
  • Go to Format and make sure Wordwrap is Unchecked
  • Go to Edit> Select All.....Edit > Copy and Paste the new log into this thread by using the Post Reply and not start a New Thread.
DO NOT have HijackThis fix anything yet. Most of what it finds will be harmless or even required.
 
hello thanks for the reply, here is my hijack this log

Logfile of HijackThis v1.99.1
Scan saved at 10:23:16 AM, on 18/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\SiteAdvisor\6066\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\FixCamera.exe
C:\WINDOWS\tsnpstd3.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\SiteAdvisor\6066\SiteAdv.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\anybody\Desktop\HijackThis.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe
O4 - HKLM\..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6066\SiteAdv.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SystemOptimizer] rundll32.exe "C:\WINDOWS\system32\frnxdxfx.dll",forkonce
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-au\msntabres.dll.mui/229?d25130a12369417aacef44d3c325b45a
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-au\msntabres.dll.mui/230?d25130a12369417aacef44d3c325b45a
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'c:\windows\syctem32\mswsock.dll' missing
O16 - DPF: {09F1ADAC-76D8-4D0F-99A5-5C907DADB988} - http://cdn.downloadcontrol.com/files/installers/cab/SystemDoctor2006FreeInstall.cab
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - http://www.ashwood.vic.edu.au/remote/msrdp.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\qaqquhfp.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Program Files\SiteAdvisor\6066\SAService.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
 
jsattg,

ReRead my post, we can't do anything until HJT is in its own folder.

Download the Trendmicro Hijackthis Installer, follow defauts and it will install in C:\Program Files\Trendmicro\Hijackthis and this is exactly where we want it to be.
Click to expand...
 
sorry here it is again:

Logfile of HijackThis v1.99.1
Scan saved at 12:05:30 PM, on 18/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\SiteAdvisor\6066\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\FixCamera.exe
C:\WINDOWS\tsnpstd3.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\SiteAdvisor\6066\SiteAdv.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Trendmicro\HijackThis\HijackThis.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe
O4 - HKLM\..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6066\SiteAdv.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SystemOptimizer] rundll32.exe "C:\WINDOWS\system32\frnxdxfx.dll",forkonce
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-au\msntabres.dll.mui/229?d25130a12369417aacef44d3c325b45a
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-au\msntabres.dll.mui/230?d25130a12369417aacef44d3c325b45a
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'c:\windows\syctem32\mswsock.dll' missing
O16 - DPF: {09F1ADAC-76D8-4D0F-99A5-5C907DADB988} - http://cdn.downloadcontrol.com/files/installers/cab/SystemDoctor2006FreeInstall.cab
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - http://www.ashwood.vic.edu.au/remote/msrdp.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\qaqquhfp.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Program Files\SiteAdvisor\6066\SAService.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
 
Thank You,thats better. The reason being is that there are backups made when we make a change with HJT and unless HJT is in its own folder those backups could be lost.

You need to enable windows to show all files and folders, instructions Here



  • Go to Start> Run and type in services.msc then press Enter
  • Scroll down to DomainService
  • Double Click that service to open it.
  • Click on Stop Service.
  • Then change the Startup Type to Disabled.
  • OK your way out of the program.


  • Open HJT > Misc Tools > Delete an NT Service
  • Type in DomainService
  • Then click on OK, it will ask you to reboot, do so.


C:\WINDOWS\system32\qaqquhfp.exe<---Look for this file and delete it

Open HijackThis > Do a System Scan Only, close your browser and all open windows, the only program or window you should have open is HijackThis, check the following entries and click on Fix Checked.

This may be gone, not to worry
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\qaqquhfp.exe (file missing)


C:\Program Files\Trendmicro\HijackThis\HijackThis.exe <-- Right click on the HJT icon ( looks like a man with a spyglass) and rename it to jsattg.exe


Post a new log please
 
"C:\WINDOWS\system32\qaqquhfp.exe" - i couldn't find that file
here is a new hijackthis log:

Logfile of HijackThis v1.99.1
Scan saved at 1:08:32 PM, on 18/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\SiteAdvisor\6066\SAService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\FixCamera.exe
C:\WINDOWS\tsnpstd3.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\SiteAdvisor\6066\SiteAdv.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trendmicro\HijackThis\jsattg.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {00D56C36-3C97-4CCA-8C97-4171BD6AB299} - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {04AB2D30-D9C5-4D52-BE07-053A9C471BE1} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O2 - BHO: (no name) - {0B877F00-2125-40A2-8815-E43D4040B58B} - (no file)
O2 - BHO: (no name) - {101F727D-D48D-4E4B-ADCB-DFB63B8217EA} - (no file)
O2 - BHO: (no name) - {1671654C-9E06-4E61-8ECF-61EB4343FD1F} - (no file)
O2 - BHO: (no name) - {27CD48BF-1ED3-4BEE-8CAA-67A4D4C53388} - (no file)
O2 - BHO: (no name) - {30BC5AB5-8F02-4FAC-AA0F-1AB881D93CCA} - (no file)
O2 - BHO: (no name) - {3164C1A1-521B-4A66-A85B-0F2BA6EBBD75} - (no file)
O2 - BHO: (no name) - {34E6147E-5C3D-40B3-A437-5BF16B8ECD02} - (no file)
O2 - BHO: (no name) - {3D3A1EB5-8B89-44C3-9540-E993AF321A22} - (no file)
O2 - BHO: (no name) - {43C312C4-C379-41BA-93AE-9B405517DF71} - (no file)
O2 - BHO: (no name) - {4BFC387E-876C-45FA-BF70-C8775EE6F33A} - (no file)
O2 - BHO: (no name) - {4F1BBED0-BFE9-431A-BB59-E7F7549C32D9} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {56F46B8B-B051-4575-B5A4-276AFEF788BE} - C:\WINDOWS\system32\pmnll.dll (file missing)
O2 - BHO: (no name) - {5B0CFE30-37AE-4B6A-A36F-EDD46F9C24E0} - (no file)
O2 - BHO: (no name) - {61E039AA-7D70-4EEE-8CC7-5DC0A226B575} - (no file)
O2 - BHO: (no name) - {7016FF21-9153-4F70-A0EB-11BBAD9109AA} - (no file)
O2 - BHO: (no name) - {72871631-218D-4698-B063-7A767BB13063} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E563310-0B63-4028-AA71-6577F4696236} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8104574A-7371-41A9-BF48-110FA496912e} - C:\WINDOWS\system32\mwvjwkbj.dll
O2 - BHO: (no name) - {835BCD35-2BD7-4E20-9171-797FD13BF75E} - (no file)
O2 - BHO: (no name) - {8798355E-5C06-41B2-9126-0F3AB3F91EF0} - (no file)
O2 - BHO: (no name) - {885414D3-C064-4922-B8F6-D1AE18926588} - C:\WINDOWS\system32\geebb.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {97AC65BC-6BEC-4782-A005-F0907E420B0A} - (no file)
O2 - BHO: (no name) - {9FD1FC67-220C-4F96-94C1-B7F7CB80A787} - (no file)
O2 - BHO: (no name) - {A138940B-656B-4BF1-8572-8DA5300AA3D0} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {AC46458E-C400-48F9-9931-89303E631521} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {BD29993B-D5B5-428C-9C7B-0229DF68FBEF} - (no file)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {C004A8DA-623A-4409-B6ED-F3E3DA367792} - C:\WINDOWS\system32\mljkhef.dll
O2 - BHO: (no name) - {C67522F8-D701-4B7A-AC7B-BC3A31B9187E} - (no file)
O2 - BHO: (no name) - {CDACDB10-06D2-44B5-BA40-8DF9F9253F73} - (no file)
O2 - BHO: (no name) - {CF46BFB3-2ACC-441b-B82B-36B9562C7FF1} - (no file)
O2 - BHO: (no name) - {D40B86EB-CFE0-4B82-8459-CFA4480DCD57} - (no file)
O2 - BHO: (no name) - {DBADA305-305C-4434-BEEE-5A71B99FFC46} - (no file)
O2 - BHO: (no name) - {E0A4D085-45ED-4799-A53D-10CB2DF4E967} - (no file)
O2 - BHO: (no name) - {EA815CB0-F511-4E8E-8BD0-510DFC950A50} - C:\WINDOWS\system32\jkhfe.dll (file missing)
O2 - BHO: (no name) - {EB662EC8-A8C2-4B3C-8DB5-57504399369D} - (no file)
O2 - BHO: (no name) - {EC3B305C-7398-4321-9C61-8B40AF168A3C} - (no file)
O2 - BHO: (no name) - {F195364C-CAFA-4C11-9C8E-FD37F8FD2EA3} - (no file)
O2 - BHO: (no name) - {F6C408F7-6F0A-4A14-ACF9-D9D57A7BABEA} - (no file)
O2 - BHO: (no name) - {FFD0B1A1-79BA-4CDC-BA98-3C9402FCE804} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe
O4 - HKLM\..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6066\SiteAdv.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SystemOptimizer] rundll32.exe "C:\WINDOWS\system32\frnxdxfx.dll",forkonce
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-au\msntabres.dll.mui/229?d25130a12369417aacef44d3c325b45a
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-au\msntabres.dll.mui/230?d25130a12369417aacef44d3c325b45a
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'c:\windows\syctem32\mswsock.dll' missing
O16 - DPF: {09F1ADAC-76D8-4D0F-99A5-5C907DADB988} - http://cdn.downloadcontrol.com/files/installers/cab/SystemDoctor2006FreeInstall.cab
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - http://www.ashwood.vic.edu.au/remote/msrdp.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O20 - Winlogon Notify: geebb - C:\WINDOWS\system32\geebb.dll
O20 - Winlogon Notify: mljkhef - C:\WINDOWS\SYSTEM32\mljkhef.dll
O20 - Winlogon Notify: winbue32 - winbue32.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Program Files\SiteAdvisor\6066\SAService.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
 
jsattg,

The reason for renaming HJT is because the thieves that have written the Vundo trojan have written it to evade a HJT scan and by renaming it if the infection is present it will show up on your log, If you look at your original log and the new one you just posted you will see many more entries and there all related to Vundo.

So lets do this. You may want to print this out since you will have to be offline to run HJT

You need to enable windows to show all files and folders, instructions Here

Download ComboFix from Here or Here to your Desktop.
  • Double click combofix.exe and follow the prompts.
  • When finished, it shall produce a log for you. Post the Combofix log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall


Open HijackThis > Do a System Scan Only, close your browser and all open windows, the only program or window you should have open is HijackThis, check the following entries and click on Fix Checked.

Be careful , take your time and remove just these.

O2 - BHO: (no name) - {0B877F00-2125-40A2-8815-E43D4040B58B} - (no file)
O2 - BHO: (no name) - {101F727D-D48D-4E4B-ADCB-DFB63B8217EA} - (no file)
O2 - BHO: (no name) - {1671654C-9E06-4E61-8ECF-61EB4343FD1F} - (no file)
O2 - BHO: (no name) - {27CD48BF-1ED3-4BEE-8CAA-67A4D4C53388} - (no file)
O2 - BHO: (no name) - {30BC5AB5-8F02-4FAC-AA0F-1AB881D93CCA} - (no file)
O2 - BHO: (no name) - {3164C1A1-521B-4A66-A85B-0F2BA6EBBD75} - (no file)
O2 - BHO: (no name) - {34E6147E-5C3D-40B3-A437-5BF16B8ECD02} - (no file)
O2 - BHO: (no name) - {3D3A1EB5-8B89-44C3-9540-E993AF321A22} - (no file)
O2 - BHO: (no name) - {43C312C4-C379-41BA-93AE-9B405517DF71} - (no file)
O2 - BHO: (no name) - {4BFC387E-876C-45FA-BF70-C8775EE6F33A} - (no file)
O2 - BHO: (no name) - {4F1BBED0-BFE9-431A-BB59-E7F7549C32D9} - (no file)
O2 - BHO: (no name) - {56F46B8B-B051-4575-B5A4-276AFEF788BE} - C:\WINDOWS\system32\pmnll.dll (file missing)
O2 - BHO: (no name) - {5B0CFE30-37AE-4B6A-A36F-EDD46F9C24E0} - (no file)
O2 - BHO: (no name) - {61E039AA-7D70-4EEE-8CC7-5DC0A226B575} - (no file)
O2 - BHO: (no name) - {7016FF21-9153-4F70-A0EB-11BBAD9109AA} - (no file)
O2 - BHO: (no name) - {72871631-218D-4698-B063-7A767BB13063} - (no file)
O2 - BHO: (no name) - {7E563310-0B63-4028-AA71-6577F4696236} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8104574A-7371-41A9-BF48-110FA496912e} - C:\WINDOWS\system32\mwvjwkbj.dll
O2 - BHO: (no name) - {835BCD35-2BD7-4E20-9171-797FD13BF75E} - (no file)
O2 - BHO: (no name) - {8798355E-5C06-41B2-9126-0F3AB3F91EF0} - (no file)
O2 - BHO: (no name) - {885414D3-C064-4922-B8F6-D1AE18926588} - C:\WINDOWS\system32\geebb.dll
O2 - BHO: (no name) - {97AC65BC-6BEC-4782-A005-F0907E420B0A} - (no file)
O2 - BHO: (no name) - {9FD1FC67-220C-4F96-94C1-B7F7CB80A787} - (no file)
O2 - BHO: (no name) - {A138940B-656B-4BF1-8572-8DA5300AA3D0} - (no file)
O2 - BHO: (no name) - {AC46458E-C400-48F9-9931-89303E631521} - (no file)
O2 - BHO: (no name) - {BD29993B-D5B5-428C-9C7B-0229DF68FBEF} - (no file)
O2 - BHO: (no name) - {C004A8DA-623A-4409-B6ED-F3E3DA367792} - C:\WINDOWS\system32\mljkhef.dll
O2 - BHO: (no name) - {C67522F8-D701-4B7A-AC7B-BC3A31B9187E} - (no file)
O2 - BHO: (no name) - {CDACDB10-06D2-44B5-BA40-8DF9F9253F73} - (no file)
O2 - BHO: (no name) - {CF46BFB3-2ACC-441b-B82B-36B9562C7FF1} - (no file)
O2 - BHO: (no name) - {D40B86EB-CFE0-4B82-8459-CFA4480DCD57} - (no file)
O2 - BHO: (no name) - {DBADA305-305C-4434-BEEE-5A71B99FFC46} - (no file)
O2 - BHO: (no name) - {E0A4D085-45ED-4799-A53D-10CB2DF4E967} - (no file)
O2 - BHO: (no name) - {EA815CB0-F511-4E8E-8BD0-510DFC950A50} - C:\WINDOWS\system32\jkhfe.dll (file missing)
O2 - BHO: (no name) - {EB662EC8-A8C2-4B3C-8DB5-57504399369D} - (no file)
O2 - BHO: (no name) - {EC3B305C-7398-4321-9C61-8B40AF168A3C} - (no file)
O2 - BHO: (no name) - {F195364C-CAFA-4C11-9C8E-FD37F8FD2EA3} - (no file)
O2 - BHO: (no name) - {F6C408F7-6F0A-4A14-ACF9-D9D57A7BABEA} - (no file)
O2 - BHO: (no name) - {FFD0B1A1-79BA-4CDC-BA98-3C9402FCE804} - (no file)

O16 - DPF: {09F1ADAC-76D8-4D0F-99A5-5C907DADB988} - http://cdn.downloadcontrol.com/files...reeInstall.cab

O20 - Winlogon Notify: geebb - C:\WINDOWS\system32\geebb.dll
O20 - Winlogon Notify: mljkhef - C:\WINDOWS\SYSTEM32\mljkhef.dll
O20 - Winlogon Notify: winbue32 - winbue32.dll (file missing)


Go to VirusTotal and submit this file for analysis, just use the browse feature and then submit them , you will get a report back, post the report into this thread for me to see.
C:\WINDOWS\tsnpstd3.exe <-- This file



This is what I need to see.

1. The Combofix log
2. The report from Virustotal
3. A new HJT log
 
Hello again i've done everything you've said so far so here's the logs you asked for:

Combofix log:
ComboFix 07-08-14.4 - "anybody" 2007-08-19 13:00:53.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.189 [GMT 10:00]
* Created a new restore point


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Program Files\winupdates
C:\WINDOWS\DOWNLO~1\UERS_9999_N91S1502NetInstaller.exe
C:\WINDOWS\DOWNLO~1\UPCTP_0001_91M1101NetInstaller.exe
C:\WINDOWS\DOWNLO~1\UWA7P_0001_N91M0809NetInstaller.exe
C:\WINDOWS\DOWNLO~1\WinAntiSpyware2007FreeInstall.exe
C:\WINDOWS\system32\bbeeg.bak1
C:\WINDOWS\system32\bbeeg.ini
C:\WINDOWS\system32\berspmww.dll
C:\WINDOWS\system32\bplqgmup.ini
C:\WINDOWS\system32\ehpdpaea.exe
C:\WINDOWS\system32\eyggywix.exe
C:\WINDOWS\system32\gaejfvrq.exe
C:\WINDOWS\system32\geebb.dll
C:\WINDOWS\system32\goiphmye.dll
C:\WINDOWS\system32\hbswpsxl.dll
C:\WINDOWS\system32\hpliiqgt.dll
C:\WINDOWS\system32\jgscndyk.dll
C:\WINDOWS\system32\kdtynltb.exe
C:\WINDOWS\system32\kydncsgj.ini
C:\WINDOWS\system32\lxspwsbh.ini
C:\WINDOWS\system32\mljkhef.dll
C:\WINDOWS\system32\mwvjwkbj.dll
C:\WINDOWS\system32\pmkjh.dll
C:\WINDOWS\system32\pumgqlpb.dll
C:\WINDOWS\system32\pyoqohig.exe
C:\WINDOWS\system32\qabkdcmt.ini
C:\WINDOWS\system32\sstts.dll
C:\WINDOWS\system32\tdljdjcn.exe
C:\WINDOWS\system32\tgqiilph.ini
C:\WINDOWS\system32\tmcdkbaq.dll
C:\WINDOWS\system32\wwmpsreb.ini
C:\WINDOWS\system32\ybkudhrf.exe
C:\WINDOWS\system32\ychsqonv.exe


((((((((((((((((((((((((( Files Created from 2007-07-19 to 2007-08-19 )))))))))))))))))))))))))))))))


2007-08-19 12:59 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-18 12:05 <DIR> d-------- C:\Program Files\Trendmicro
2007-08-18 09:54 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-08-18 09:54 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Lab
2007-08-18 08:37 100,864 --a------ C:\VundoFix.exe
2007-07-27 18:21 811,300 --ahs---- C:\WINDOWS\system32\pqstv.bak2
2007-07-19 19:24 945,796 --ahs---- C:\WINDOWS\system32\dccdd.bak2


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-17 21:51 --------- d-------- C:\DOCUME~1\anybody\APPLIC~1\SiteAdvisor
2007-08-16 20:09 --------- d-------- C:\Program Files\LimeWire
2007-08-16 18:02 --------- d-------- C:\Program Files\UnzipThemAll
2007-08-02 18:37 --------- d-------- C:\Program Files\Warcraft III
2007-07-23 20:46 22780 --a------ C:\Program Files\Led Zeppelin.ac6
2007-07-21 09:49 --------- d-------- C:\Program Files\AFL Live 2003
2007-07-14 07:30 67072 --a------ C:\WINDOWS\dtprmv3.exe
2007-07-14 07:30 23576 --a------ C:\WINDOWS\system32\drivers\RockUsb.sys
2007-07-14 07:30 18223 --a------ C:\WINDOWS\system32\drivers\Rockeynt.sys
2007-07-14 07:30 10752 --a------ C:\WINDOWS\system32\RockVdd.dll
2007-07-09 10:34 67072 --a------ C:\WINDOWS\dtprmv2.exe
2007-07-09 10:17 67072 --a------ C:\WINDOWS\dtprmv1.exe
2007-07-09 10:14 67072 --a------ C:\WINDOWS\dtprmv0.exe
2007-07-08 10:54 --------- d-------- C:\Program Files\Artcut
2007-07-04 21:51 67072 --a------ C:\WINDOWS\dtprmv.exe
2007-06-27 01:13 851968 --a--c--- C:\WINDOWS\system32\dllcache\vgx.dll
2007-06-27 00:09 658944 --a--c--- C:\WINDOWS\system32\dllcache\wininet.dll
2007-06-26 16:08 1104896 --a--c--- C:\WINDOWS\system32\dllcache\msxml3.dll
2007-06-26 16:08 1104896 --a------ C:\WINDOWS\system32\msxml3.dll
2007-06-24 13:46 --------- d-------- C:\Program Files\MySpace
2007-06-19 23:31 282112 --a--c--- C:\WINDOWS\system32\dllcache\gdi32.dll
2007-06-19 23:31 282112 --a------ C:\WINDOWS\system32\gdi32.dll
2007-06-15 04:09 96256 --a--c--- C:\WINDOWS\system32\dllcache\inseng.dll
2007-06-15 04:09 615424 --a--c--- C:\WINDOWS\system32\dllcache\urlmon.dll
2007-06-15 04:09 55808 --a--c--- C:\WINDOWS\system32\dllcache\extmgr.dll
2007-06-15 04:09 532480 --a--c--- C:\WINDOWS\system32\dllcache\mstime.dll
2007-06-15 04:09 474112 --a--c--- C:\WINDOWS\system32\dllcache\shlwapi.dll
2007-06-15 04:09 449024 --a--c--- C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-06-15 04:09 39424 --a--c--- C:\WINDOWS\system32\dllcache\pngfilt.dll
2007-06-15 04:09 357888 --a--c--- C:\WINDOWS\system32\dllcache\dxtmsft.dll
2007-06-15 04:09 3058688 --a--c--- C:\WINDOWS\system32\dllcache\mshtml.dll
2007-06-15 04:09 251392 --a--c--- C:\WINDOWS\system32\dllcache\iepeers.dll
2007-06-15 04:09 205312 --a--c--- C:\WINDOWS\system32\dllcache\dxtrans.dll
2007-06-15 04:09 16384 --a--c--- C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-06-15 04:09 151040 --a--c--- C:\WINDOWS\system32\dllcache\cdfview.dll
2007-06-15 04:09 1494528 --a--c--- C:\WINDOWS\system32\dllcache\shdocvw.dll
2007-06-15 04:09 146432 --a--c--- C:\WINDOWS\system32\dllcache\msrating.dll
2007-06-15 04:09 1054208 --a--c--- C:\WINDOWS\system32\dllcache\danim.dll
2007-06-15 04:09 1023488 --a--c--- C:\WINDOWS\system32\dllcache\browseui.dll
2007-06-15 00:07 18432 --a--c--- C:\WINDOWS\system32\dllcache\iedw.exe
2007-06-13 20:23 1033216 --a--c--- C:\WINDOWS\system32\dllcache\explorer.exe
2007-06-13 20:23 1033216 --a------ C:\WINDOWS\explorer.exe
2007-06-11 23:51 10834944 --a--c--- C:\WINDOWS\system32\dllcache\wmp.dll
2007-06-05 21:06 4206 --a------ C:\WINDOWS\system32\tmp.reg
2007-06-05 20:11 688521 --ahs---- C:\WINDOWS\system32\egjlm.bak2
2007-05-18 17:41 1548 --a------ C:\Program Files\CCleaner.lnk
2007-03-18 19:21 2356752 --a------ C:\Program Files\sports.ac6
2007-03-15 20:47 538816 --a------ C:\Program Files\police.ac6
2004-03-11 13:27 40960 --a------ C:\Program Files\Uninstall_CDS.exe


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00D56C36-3C97-4CCA-8C97-4171BD6AB299}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{04AB2D30-D9C5-4D52-BE07-053A9C471BE1}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0B877F00-2125-40A2-8815-E43D4040B58B}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{101F727D-D48D-4E4B-ADCB-DFB63B8217EA}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1671654C-9E06-4E61-8ECF-61EB4343FD1F}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{27CD48BF-1ED3-4BEE-8CAA-67A4D4C53388}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30BC5AB5-8F02-4FAC-AA0F-1AB881D93CCA}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3164C1A1-521B-4A66-A85B-0F2BA6EBBD75}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{34E6147E-5C3D-40B3-A437-5BF16B8ECD02}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3D3A1EB5-8B89-44C3-9540-E993AF321A22}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{43C312C4-C379-41BA-93AE-9B405517DF71}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4BFC387E-876C-45FA-BF70-C8775EE6F33A}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4F1BBED0-BFE9-431A-BB59-E7F7549C32D9}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{56F46B8B-B051-4575-B5A4-276AFEF788BE}]
C:\WINDOWS\system32\pmnll.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5B0CFE30-37AE-4B6A-A36F-EDD46F9C24E0}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{61E039AA-7D70-4EEE-8CC7-5DC0A226B575}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7016FF21-9153-4F70-A0EB-11BBAD9109AA}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{72871631-218D-4698-B063-7A767BB13063}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7E563310-0B63-4028-AA71-6577F4696236}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{835BCD35-2BD7-4E20-9171-797FD13BF75E}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8798355E-5C06-41B2-9126-0F3AB3F91EF0}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{97AC65BC-6BEC-4782-A005-F0907E420B0A}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9FD1FC67-220C-4F96-94C1-B7F7CB80A787}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A138940B-656B-4BF1-8572-8DA5300AA3D0}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AC46458E-C400-48F9-9931-89303E631521}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BD29993B-D5B5-428C-9C7B-0229DF68FBEF}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C67522F8-D701-4B7A-AC7B-BC3A31B9187E}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CDACDB10-06D2-44B5-BA40-8DF9F9253F73}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D40B86EB-CFE0-4B82-8459-CFA4480DCD57}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DBADA305-305C-4434-BEEE-5A71B99FFC46}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E0A4D085-45ED-4799-A53D-10CB2DF4E967}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EA815CB0-F511-4E8E-8BD0-510DFC950A50}]
C:\WINDOWS\system32\jkhfe.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EB662EC8-A8C2-4B3C-8DB5-57504399369D}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EC3B305C-7398-4321-9C61-8B40AF168A3C}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F195364C-CAFA-4C11-9C8E-FD37F8FD2EA3}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F6C408F7-6F0A-4A14-ACF9-D9D57A7BABEA}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FFD0B1A1-79BA-4CDC-BA98-3C9402FCE804}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 11:07]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 11:07]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 11:07]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 11:07]
"FixCamera"="C:\WINDOWS\FixCamera.exe" [2005-12-06 13:08]
"tsnpstd3"="C:\WINDOWS\tsnpstd3.exe" [2005-11-04 15:05]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 11:07 C:\WINDOWS\system32\bthprops.cpl]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-11-11 21:10]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50]
"RemoteControl"="C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2003-12-08 17:35]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 09:22]
"PaperPort PTD"="C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-17 13:25]
"IndexSearch"="C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-17 13:45]
"BrMfcWnd"="C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe" [2006-03-28 14:48]
"SetDefPrt"="C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe" [2005-01-26 17:02]
"ControlCenter3"="C:\Program Files\Brother\ControlCenter3\brctrcen.exe" [2006-04-10 13:58]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6066\SiteAdv.exe" [2007-02-09 12:39]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-08-17 17:06]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-03-14 19:05]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 11:07]
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [2004-09-22 16:10]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-17 19:02]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winbue32]
winbue32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
"SoundMan"=SOUNDMAN.EXE

R0 BsStor;InCD Storage Helper Driver;C:\WINDOWS\system32\DRIVERS\bsstor.sys
R0 viamraid;viamraid;C:\WINDOWS\system32\DRIVERS\viamraid.sys
R2 ROCKEYNT;ROCKEYNT;\??\C:\WINDOWS\system32\drivers\Rockeynt.sys
S3 BrScnUsb;Brother USB Still Image driver;C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys
S3 SndTDriverV32;SndTDriverV32;C:\WINDOWS\system32\drivers\SndTDriverV32.sys
S4 BsUDF;InCD UDF Driver;C:\WINDOWS\system32\drivers\BsUDF.sys


Contents of the 'Scheduled Tasks' folder
2007-08-17 07:16:51 C:\WINDOWS\Tasks\1-Click Maintenance.job - C:\Program Files\TuneUp Utilities 2006\SystemOptimizer.exe
2007-08-15 09:14:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
2007-08-19 02:36:02 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-19 13:08:45
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-08-19 13:09:46 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-08-19 13:09

--- E O F ---

virustotal report:
Antivirus Version Last Update Result
AhnLab-V3 2007.8.18.0 2007.08.18 -
AntiVir 7.4.1.62 2007.08.19 -
Authentium 4.93.8 2007.08.17 -
Avast 4.7.1029.0 2007.08.17 -
AVG 7.5.0.484 2007.08.18 -
BitDefender 7.2 2007.08.19 -
CAT-QuickHeal 9.00 2007.08.18 -
ClamAV 0.91 2007.08.19 -
DrWeb 4.33 2007.08.18 -
eSafe 7.0.15.0 2007.08.16 -
eTrust-Vet 31.1.5069 2007.08.18 -
Ewido 4.0 2007.08.18 -
FileAdvisor 1 2007.08.19 -
Fortinet 2.91.0.0 2007.08.18 -
F-Prot 4.3.2.48 2007.08.17 -
F-Secure 6.70.13030.0 2007.08.17 -
Ikarus T3.1.1.12 2007.08.18 -
Kaspersky 4.0.2.24 2007.08.19 -
McAfee 5100 2007.08.17 -
Microsoft 1.2803 2007.08.19 -
NOD32v2 2469 2007.08.18 -
Norman 5.80.02 2007.08.17 -
Panda 9.0.0.4 2007.08.18 -
Prevx1 V2 2007.08.19 -
Rising 19.36.60.00 2007.08.19 -
Sophos 4.20.0 2007.08.12 -
Sunbelt 2.2.907.0 2007.08.18 -
Symantec 10 2007.08.19 -
TheHacker 6.1.8.170 2007.08.17 -
VBA32 3.12.2.2 2007.08.17 -
VirusBuster 4.3.26:9 2007.08.18 -
Webwasher-Gateway 6.0.1 2007.08.19 -
Additional information
File size: 90112 bytes
MD5: 79d3c5050d3952506eaf17c4bbad1793
SHA1: 7d6775707176fcc42410e22fd7ee1db8e4604942
 
Hijackthis log:
Logfile of HijackThis v1.99.1
Scan saved at 1:47:38 PM, on 19/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\SiteAdvisor\6066\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\FixCamera.exe
C:\WINDOWS\tsnpstd3.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\SiteAdvisor\6066\SiteAdv.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trendmicro\HijackThis\jsattg.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {00D56C36-3C97-4CCA-8C97-4171BD6AB299} - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {04AB2D30-D9C5-4D52-BE07-053A9C471BE1} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe
O4 - HKLM\..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6066\SiteAdv.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-au\msntabres.dll.mui/229?d25130a12369417aacef44d3c325b45a
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-au\msntabres.dll.mui/230?d25130a12369417aacef44d3c325b45a
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - http://www.ashwood.vic.edu.au/remote/msrdp.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Program Files\SiteAdvisor\6066\SAService.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
 
Open Notepad and copy all the text inside the quote box by highlighting it all and pressing CTRL C on your keyboard, then paste it into Notepad

Registry::
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{56F46B8B-B051-4575-B5A4-276AFEF788BE}]
C:\WINDOWS\system32\pmnll.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EA815CB0-F511-4E8E-8BD0-510DFC950A50}]
C:\WINDOWS\system32\jkhfe.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winbue32]
winbue32.dll
Click to expand...

Save this as CFScript to your desktop.

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

CFScript.gif




This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply
together with a new HijackThis log.


Remove these with HJT
O2 - BHO: (no name) - {00D56C36-3C97-4CCA-8C97-4171BD6AB299} - (no file)
O2 - BHO: (no name) - {04AB2D30-D9C5-4D52-BE07-053A9C471BE1} - (no file)


C:\WINDOWS\tsnpstd3.exe <--Right click on this file and go go Properties and let me know if the file is related to a web cam or whatever its related to.

Let me see the new Combofix log and a New HJT log and let me know about that file.
 
hello again here is the logs you asked for:
ComboFix:
ComboFix 07-08-14.4 - "anybody" 2007-08-20 16:08:43.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.141 [GMT 10:00]
Command switches used :: C:\Documents and Settings\anybody\Desktop\CFScript.txt
* Created a new restore point


((((((((((((((((((((((((( Files Created from 2007-07-20 to 2007-08-20 )))))))))))))))))))))))))))))))


2007-08-19 12:59 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-18 12:05 <DIR> d-------- C:\Program Files\Trendmicro
2007-08-18 09:54 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-08-18 09:54 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Lab
2007-08-18 08:37 100,864 --a------ C:\VundoFix.exe
2007-07-27 18:21 811,300 --ahs---- C:\WINDOWS\system32\pqstv.bak2


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-17 21:51 --------- d-------- C:\DOCUME~1\anybody\APPLIC~1\SiteAdvisor
2007-08-16 20:09 --------- d-------- C:\Program Files\LimeWire
2007-08-16 18:02 --------- d-------- C:\Program Files\UnzipThemAll
2007-08-02 18:37 --------- d-------- C:\Program Files\Warcraft III
2007-07-23 20:46 22780 --a------ C:\Program Files\Led Zeppelin.ac6
2007-07-21 09:49 --------- d-------- C:\Program Files\AFL Live 2003
2007-07-19 19:24 945796 --ahs---- C:\WINDOWS\system32\dccdd.bak2
2007-07-14 07:30 67072 --a------ C:\WINDOWS\dtprmv3.exe
2007-07-14 07:30 23576 --a------ C:\WINDOWS\system32\drivers\RockUsb.sys
2007-07-14 07:30 18223 --a------ C:\WINDOWS\system32\drivers\Rockeynt.sys
2007-07-14 07:30 10752 --a------ C:\WINDOWS\system32\RockVdd.dll
2007-07-09 10:34 67072 --a------ C:\WINDOWS\dtprmv2.exe
2007-07-09 10:17 67072 --a------ C:\WINDOWS\dtprmv1.exe
2007-07-09 10:14 67072 --a------ C:\WINDOWS\dtprmv0.exe
2007-07-08 10:54 --------- d-------- C:\Program Files\Artcut
2007-07-04 21:51 67072 --a------ C:\WINDOWS\dtprmv.exe
2007-06-27 01:13 851968 --a--c--- C:\WINDOWS\system32\dllcache\vgx.dll
2007-06-27 00:09 658944 --a--c--- C:\WINDOWS\system32\dllcache\wininet.dll
2007-06-26 16:08 1104896 --a--c--- C:\WINDOWS\system32\dllcache\msxml3.dll
2007-06-26 16:08 1104896 --a------ C:\WINDOWS\system32\msxml3.dll
2007-06-24 13:46 --------- d-------- C:\Program Files\MySpace
2007-06-19 23:31 282112 --a--c--- C:\WINDOWS\system32\dllcache\gdi32.dll
2007-06-19 23:31 282112 --a------ C:\WINDOWS\system32\gdi32.dll
2007-06-15 04:09 96256 --a--c--- C:\WINDOWS\system32\dllcache\inseng.dll
2007-06-15 04:09 615424 --a--c--- C:\WINDOWS\system32\dllcache\urlmon.dll
2007-06-15 04:09 55808 --a--c--- C:\WINDOWS\system32\dllcache\extmgr.dll
2007-06-15 04:09 532480 --a--c--- C:\WINDOWS\system32\dllcache\mstime.dll
2007-06-15 04:09 474112 --a--c--- C:\WINDOWS\system32\dllcache\shlwapi.dll
2007-06-15 04:09 449024 --a--c--- C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-06-15 04:09 39424 --a--c--- C:\WINDOWS\system32\dllcache\pngfilt.dll
2007-06-15 04:09 357888 --a--c--- C:\WINDOWS\system32\dllcache\dxtmsft.dll
2007-06-15 04:09 3058688 --a--c--- C:\WINDOWS\system32\dllcache\mshtml.dll
2007-06-15 04:09 251392 --a--c--- C:\WINDOWS\system32\dllcache\iepeers.dll
2007-06-15 04:09 205312 --a--c--- C:\WINDOWS\system32\dllcache\dxtrans.dll
2007-06-15 04:09 16384 --a--c--- C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-06-15 04:09 151040 --a--c--- C:\WINDOWS\system32\dllcache\cdfview.dll
2007-06-15 04:09 1494528 --a--c--- C:\WINDOWS\system32\dllcache\shdocvw.dll
2007-06-15 04:09 146432 --a--c--- C:\WINDOWS\system32\dllcache\msrating.dll
2007-06-15 04:09 1054208 --a--c--- C:\WINDOWS\system32\dllcache\danim.dll
2007-06-15 04:09 1023488 --a--c--- C:\WINDOWS\system32\dllcache\browseui.dll
2007-06-15 00:07 18432 --a--c--- C:\WINDOWS\system32\dllcache\iedw.exe
2007-06-13 20:23 1033216 --a--c--- C:\WINDOWS\system32\dllcache\explorer.exe
2007-06-13 20:23 1033216 --a------ C:\WINDOWS\explorer.exe
2007-06-11 23:51 10834944 --a--c--- C:\WINDOWS\system32\dllcache\wmp.dll
2007-06-05 21:06 4206 --a------ C:\WINDOWS\system32\tmp.reg
2007-06-05 20:11 688521 --ahs---- C:\WINDOWS\system32\egjlm.bak2
2007-05-18 17:41 1548 --a------ C:\Program Files\CCleaner.lnk
2007-03-18 19:21 2356752 --a------ C:\Program Files\sports.ac6
2007-03-15 20:47 538816 --a------ C:\Program Files\police.ac6
2004-03-11 13:27 40960 --a------ C:\Program Files\Uninstall_CDS.exe


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00D56C36-3C97-4CCA-8C97-4171BD6AB299}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{04AB2D30-D9C5-4D52-BE07-053A9C471BE1}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 11:07]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 11:07]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 11:07]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 11:07]
"FixCamera"="C:\WINDOWS\FixCamera.exe" [2005-12-06 13:08]
"tsnpstd3"="C:\WINDOWS\tsnpstd3.exe" [2005-11-04 15:05]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 11:07 C:\WINDOWS\system32\bthprops.cpl]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-11-11 21:10]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50]
"RemoteControl"="C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2003-12-08 17:35]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 09:22]
"PaperPort PTD"="C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-17 13:25]
"IndexSearch"="C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-17 13:45]
"BrMfcWnd"="C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe" [2006-03-28 14:48]
"SetDefPrt"="C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe" [2005-01-26 17:02]
"ControlCenter3"="C:\Program Files\Brother\ControlCenter3\brctrcen.exe" [2006-04-10 13:58]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6066\SiteAdv.exe" [2007-02-09 12:39]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-08-17 17:06]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-03-14 19:05]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 11:07]
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [2004-09-22 16:10]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-17 19:02]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winbue32]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
"SoundMan"=SOUNDMAN.EXE

R0 BsStor;InCD Storage Helper Driver;C:\WINDOWS\system32\DRIVERS\bsstor.sys
R0 viamraid;viamraid;C:\WINDOWS\system32\DRIVERS\viamraid.sys
R2 ROCKEYNT;ROCKEYNT;\??\C:\WINDOWS\system32\drivers\Rockeynt.sys
S3 BrScnUsb;Brother USB Still Image driver;C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys
S3 SndTDriverV32;SndTDriverV32;C:\WINDOWS\system32\drivers\SndTDriverV32.sys
S4 BsUDF;InCD UDF Driver;C:\WINDOWS\system32\drivers\BsUDF.sys


Contents of the 'Scheduled Tasks' folder
2007-08-17 07:16:51 C:\WINDOWS\Tasks\1-Click Maintenance.job - C:\Program Files\TuneUp Utilities 2006\SystemOptimizer.exe
2007-08-15 09:14:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
2007-08-19 11:36:00 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-20 16:11:44
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-08-20 16:12:46
C:\ComboFix-quarantined-files.txt ... 2007-08-20 16:12
C:\ComboFix2.txt ... 2007-08-19 13:09

--- E O F ---
Hijackthis:
Logfile of HijackThis v1.99.1
Scan saved at 7:26:14 PM, on 20/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\FixCamera.exe
C:\WINDOWS\tsnpstd3.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\SiteAdvisor\6066\SiteAdv.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\SiteAdvisor\6066\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Adobe\Acrobat 6.0\Reader\AcroRd32.exe
C:\Program Files\Trendmicro\HijackThis\jsattg.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe
O4 - HKLM\..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6066\SiteAdv.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-au\msntabres.dll.mui/229?d25130a12369417aacef44d3c325b45a
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-au\msntabres.dll.mui/230?d25130a12369417aacef44d3c325b45a
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - http://www.ashwood.vic.edu.au/remote/msrdp.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O20 - Winlogon Notify: winbue32 - C:\WINDOWS\
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Program Files\SiteAdvisor\6066\SAService.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe

And yeah the file has to do with a webcam
 
REGEDIT4

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00D56C36-3C97-4CCA-8C97-4171BD6AB299}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{04AB2D30-D9C5-4D52-BE07-053A9C471BE1}]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winbue32]
Click to expand...


Copy the entire contents inside the Quote box and Paste it into Notepad ( this will only work with Notepad ) name the file Regfix.reg and in the drop down box, save it as All Files. Save it to your desktop. Then Rightclick on the Regfix.reg file and click on Merge, when it asks you to merge with the Registry, say yes


Run Combofix again, post the log and a New HJT log please.
 
hello, i've done everything you've said and here are the logs again:
Combofix log:
ComboFix 07-08-14.4 - "anybody" 2007-08-21 16:08:17.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.160 [GMT 10:00]


((((((((((((((((((((((((( Files Created from 2007-07-21 to 2007-08-21 )))))))))))))))))))))))))))))))


2007-08-19 12:59 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-18 12:05 <DIR> d-------- C:\Program Files\Trendmicro
2007-08-18 09:54 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-08-18 09:54 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Lab
2007-08-18 08:37 100,864 --a------ C:\VundoFix.exe
2007-07-27 18:21 811,300 --ahs---- C:\WINDOWS\system32\pqstv.bak2


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-17 21:51 --------- d-------- C:\DOCUME~1\anybody\APPLIC~1\SiteAdvisor
2007-08-16 20:09 --------- d-------- C:\Program Files\LimeWire
2007-08-16 18:02 --------- d-------- C:\Program Files\UnzipThemAll
2007-08-02 18:37 --------- d-------- C:\Program Files\Warcraft III
2007-07-23 20:46 22780 --a------ C:\Program Files\Led Zeppelin.ac6
2007-07-21 09:49 --------- d-------- C:\Program Files\AFL Live 2003
2007-07-19 19:24 945796 --ahs---- C:\WINDOWS\system32\dccdd.bak2
2007-07-14 07:30 67072 --a------ C:\WINDOWS\dtprmv3.exe
2007-07-14 07:30 23576 --a------ C:\WINDOWS\system32\drivers\RockUsb.sys
2007-07-14 07:30 18223 --a------ C:\WINDOWS\system32\drivers\Rockeynt.sys
2007-07-14 07:30 10752 --a------ C:\WINDOWS\system32\RockVdd.dll
2007-07-09 10:34 67072 --a------ C:\WINDOWS\dtprmv2.exe
2007-07-09 10:17 67072 --a------ C:\WINDOWS\dtprmv1.exe
2007-07-09 10:14 67072 --a------ C:\WINDOWS\dtprmv0.exe
2007-07-08 10:54 --------- d-------- C:\Program Files\Artcut
2007-07-04 21:51 67072 --a------ C:\WINDOWS\dtprmv.exe
2007-06-27 01:13 851968 --a--c--- C:\WINDOWS\system32\dllcache\vgx.dll
2007-06-27 00:09 658944 --a--c--- C:\WINDOWS\system32\dllcache\wininet.dll
2007-06-26 16:08 1104896 --a--c--- C:\WINDOWS\system32\dllcache\msxml3.dll
2007-06-26 16:08 1104896 --a------ C:\WINDOWS\system32\msxml3.dll
2007-06-24 13:46 --------- d-------- C:\Program Files\MySpace
2007-06-19 23:31 282112 --a--c--- C:\WINDOWS\system32\dllcache\gdi32.dll
2007-06-19 23:31 282112 --a------ C:\WINDOWS\system32\gdi32.dll
2007-06-15 04:09 96256 --a--c--- C:\WINDOWS\system32\dllcache\inseng.dll
2007-06-15 04:09 615424 --a--c--- C:\WINDOWS\system32\dllcache\urlmon.dll
2007-06-15 04:09 55808 --a--c--- C:\WINDOWS\system32\dllcache\extmgr.dll
2007-06-15 04:09 532480 --a--c--- C:\WINDOWS\system32\dllcache\mstime.dll
2007-06-15 04:09 474112 --a--c--- C:\WINDOWS\system32\dllcache\shlwapi.dll
2007-06-15 04:09 449024 --a--c--- C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-06-15 04:09 39424 --a--c--- C:\WINDOWS\system32\dllcache\pngfilt.dll
2007-06-15 04:09 357888 --a--c--- C:\WINDOWS\system32\dllcache\dxtmsft.dll
2007-06-15 04:09 3058688 --a--c--- C:\WINDOWS\system32\dllcache\mshtml.dll
2007-06-15 04:09 251392 --a--c--- C:\WINDOWS\system32\dllcache\iepeers.dll
2007-06-15 04:09 205312 --a--c--- C:\WINDOWS\system32\dllcache\dxtrans.dll
2007-06-15 04:09 16384 --a--c--- C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-06-15 04:09 151040 --a--c--- C:\WINDOWS\system32\dllcache\cdfview.dll
2007-06-15 04:09 1494528 --a--c--- C:\WINDOWS\system32\dllcache\shdocvw.dll
2007-06-15 04:09 146432 --a--c--- C:\WINDOWS\system32\dllcache\msrating.dll
2007-06-15 04:09 1054208 --a--c--- C:\WINDOWS\system32\dllcache\danim.dll
2007-06-15 04:09 1023488 --a--c--- C:\WINDOWS\system32\dllcache\browseui.dll
2007-06-15 00:07 18432 --a--c--- C:\WINDOWS\system32\dllcache\iedw.exe
2007-06-13 20:23 1033216 --a--c--- C:\WINDOWS\system32\dllcache\explorer.exe
2007-06-13 20:23 1033216 --a------ C:\WINDOWS\explorer.exe
2007-06-11 23:51 10834944 --a--c--- C:\WINDOWS\system32\dllcache\wmp.dll
2007-06-05 21:06 4206 --a------ C:\WINDOWS\system32\tmp.reg
2007-06-05 20:11 688521 --ahs---- C:\WINDOWS\system32\egjlm.bak2
2007-05-18 17:41 1548 --a------ C:\Program Files\CCleaner.lnk
2007-03-18 19:21 2356752 --a------ C:\Program Files\sports.ac6
2007-03-15 20:47 538816 --a------ C:\Program Files\police.ac6
2004-03-11 13:27 40960 --a------ C:\Program Files\Uninstall_CDS.exe


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 11:07]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 11:07]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 11:07]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 11:07]
"FixCamera"="C:\WINDOWS\FixCamera.exe" [2005-12-06 13:08]
"tsnpstd3"="C:\WINDOWS\tsnpstd3.exe" [2005-11-04 15:05]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 11:07 C:\WINDOWS\system32\bthprops.cpl]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-11-11 21:10]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50]
"RemoteControl"="C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2003-12-08 17:35]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 09:22]
"PaperPort PTD"="C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-17 13:25]
"IndexSearch"="C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-17 13:45]
"BrMfcWnd"="C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe" [2006-03-28 14:48]
"SetDefPrt"="C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe" [2005-01-26 17:02]
"ControlCenter3"="C:\Program Files\Brother\ControlCenter3\brctrcen.exe" [2006-04-10 13:58]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6066\SiteAdv.exe" [2007-02-09 12:39]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-08-17 17:06]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-03-14 19:05]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 11:07]
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [2004-09-22 16:10]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-17 19:02]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
"SoundMan"=SOUNDMAN.EXE

R0 BsStor;InCD Storage Helper Driver;C:\WINDOWS\system32\DRIVERS\bsstor.sys
R0 viamraid;viamraid;C:\WINDOWS\system32\DRIVERS\viamraid.sys
R2 ROCKEYNT;ROCKEYNT;\??\C:\WINDOWS\system32\drivers\Rockeynt.sys
S3 BrScnUsb;Brother USB Still Image driver;C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys
S3 SndTDriverV32;SndTDriverV32;C:\WINDOWS\system32\drivers\SndTDriverV32.sys
S4 BsUDF;InCD UDF Driver;C:\WINDOWS\system32\drivers\BsUDF.sys


Contents of the 'Scheduled Tasks' folder
2007-08-17 07:16:51 C:\WINDOWS\Tasks\1-Click Maintenance.job - C:\Program Files\TuneUp Utilities 2006\SystemOptimizer.exe
2007-08-15 09:14:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
2007-08-20 11:36:00 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-21 16:11:23
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-08-21 16:12:28
C:\ComboFix-quarantined-files.txt ... 2007-08-21 16:12
C:\ComboFix2.txt ... 2007-08-20 16:12
C:\ComboFix3.txt ... 2007-08-19 13:09

--- E O F ---

HijackThis log:
Logfile of HijackThis v1.99.1
Scan saved at 4:13:25 PM, on 21/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\SiteAdvisor\6066\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\FixCamera.exe
C:\WINDOWS\tsnpstd3.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\SiteAdvisor\6066\SiteAdv.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Grisoft\AVG7\avgw.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trendmicro\HijackThis\jsattg.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe
O4 - HKLM\..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6066\SiteAdv.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-au\msntabres.dll.mui/229?d25130a12369417aacef44d3c325b45a
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-au\msntabres.dll.mui/230?d25130a12369417aacef44d3c325b45a
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - http://www.ashwood.vic.edu.au/remote/msrdp.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Program Files\SiteAdvisor\6066\SAService.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
 
Your log is looking better but I am a little concerned about this file as no info came back, lets upload it to a different site.

C:\WINDOWS\tsnpstd3.exe
Go to this site Jotti Upload and under the browse feature, browse to this file
Then click on upload and it will give you a report, post the report in your next reply.
 
hello thanks for your help so far, i haven't had any pop ups for a while, anyways here is the report:

Service
Service load: 0% 100%

File: tsnpstd3.exe
Status: OK
MD5: 79d3c5050d3952506eaf17c4bbad1793
Packers detected: -
Bit9 reports: File not found

Scanner results
Scan taken on 21 Aug 2007 12:07:13 (GMT)
A-Squared Found nothing
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
Fortinet Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Rising Antivirus Found nothing
Sophos Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found nothing
 
C:\WINDOWS\tsnpstd3.exe Why don't you right click on this and go to Properties and give me any info on what the file maybe related to.

C:\WINDOWS\FixCamera.exe Check this one also, do you know what it is? It may be related to the other one as they both seem to appear together.

If those files look ok, then I will provide some links to free tools to install to help keep you more secure.

Ken:)
 
sorry i'm not sure how to give you information when i click on the file then on properties EXCEPT that i think the it has to do with a webcam because it has chinese characters in some places, which my dad had this chinese webcam software and installed it. also it was installed around the same time. BUT i don't know what info i can give you about the fixcamera file. thanks for the help so far though.
 
Thats fine, you have some files on your system that may be related to the webcame software. To be on the safeside, run the trial of AVG Anti Spyware and if all comes back clean then you will be good to go.



Download and install the 30 day trial of AVG Anti-Spyware 7.5 to your desktop. It's very important that I see the report so make sure you follow the instructions and save the log.
  • Once you have downloaded AVG Anti-Spyware 7.5, locate the icon on the desktop and double-click it to launch the set up program.
  • Once the setup is complete you will need run AVG and update the definition files.
  • On the main screen select the icon Update then select the Update now link.
  • Next select the Start Update button, the update will start and a progress bar will show the updates being installed.
  • Once the update has completed select the Scanner icon at the top of the screen, then select the Settings tab.
  • Once in the Settings screen click on How to Act and then select Quarantine <-- Dont forget this
  • Under Reports
  • Select Automatically generate report after every scan
  • Un-Select Only if threats were found
IMPORTANT: Do not open any other windows or programs while AVG is scanning, it may interfere with the scanning process:
  • Launch AVG Anti-Spyware 7.5 by double-clicking the icon on your desktop.
  • Select the Scanner icon at the top and then the Scan tab then click on Complete System Scan.
  • AVG will now begin the scanning process, be patient this may take a little time.
  • Once the scan is complete do the following:
  • If you have any infections you will prompted, then select Apply all actions
  • Next select the Reports icon at the top.
  • Select the Save report as button in the lower left hand of the screen and save it to a text file on your system <-- Dont forget this
  • make sure to remember where you saved that file, this is important
  • Close AVG Anti-Spyware 7.5
Go grab some coffee, this may take the better part of an hour.
 
OK took me a while but finally done it. i'm not sure what you want now but i'm guessing you want the report so here it is:

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 5:03:59 PM 30/08/2007

+ Scan result:



C:\QooBox\Quarantine\C\WINDOWS\DOWNLO~1\UERS_9999_N91S1502NetInstaller.exe.vir -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned.
C:\QooBox\Quarantine\C\WINDOWS\DOWNLO~1\UPCTP_0001_91M1101NetInstaller.exe.vir -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned.
C:\QooBox\Quarantine\C\WINDOWS\DOWNLO~1\UWA7P_0001_N91M0809NetInstaller.exe.vir -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned.
C:\QooBox\Quarantine\C\WINDOWS\DOWNLO~1\WinAntiSpyware2007FreeInstall.exe.vir -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned.
C:\WINDOWS\Downloaded Program Files\CONFLICT.10\UWA7P_0001_N91M0809NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned.
C:\WINDOWS\Downloaded Program Files\CONFLICT.11\UWA7P_0001_N91M0809NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned.
C:\WINDOWS\Downloaded Program Files\CONFLICT.12\UWA7P_0001_N91M0809NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned.
C:\WINDOWS\Downloaded Program Files\CONFLICT.13\UWA7P_0001_N91M0809NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned.
C:\WINDOWS\Downloaded Program Files\CONFLICT.14\UWA7P_0001_N91M0809NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned.
C:\WINDOWS\Downloaded Program Files\CONFLICT.15\UWA7P_0001_N91M0809NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned.
C:\WINDOWS\Downloaded Program Files\CONFLICT.16\UWA7P_0001_N91M0809NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned.
C:\WINDOWS\Downloaded Program Files\CONFLICT.17\UWA7P_0001_N91M0809NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned.
C:\WINDOWS\Downloaded Program Files\CONFLICT.18\UWA7P_0001_N91M0809NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned.
C:\WINDOWS\Downloaded Program Files\CONFLICT.19\UWA7P_0001_N91M0809NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned.
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\UERS_9999_N91S1502NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned.
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\UPCTP_0001_91M1101NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned.
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\UWA7P_0001_N91M0809NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned.
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\WinAntiSpyware2007FreeInstall.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned.
C:\WINDOWS\Downloaded Program Files\CONFLICT.20\UWA7P_0001_N91M0809NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned.
C:\WINDOWS\Downloaded Program Files\CONFLICT.21\UWA7P_0001_N91M0809NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned.
C:\WINDOWS\Downloaded Program Files\CONFLICT.22\UWA7P_0001_N91M0809NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned.
C:\WINDOWS\Downloaded Program Files\CONFLICT.2\UERS_9999_N91S1502NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned.
C:\WINDOWS\Downloaded Program Files\CONFLICT.2\UWA7P_0001_N91M0809NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned.
C:\WINDOWS\Downloaded Program Files\CONFLICT.2\WinAntiSpyware2007FreeInstall.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned.
C:\WINDOWS\Downloaded Program Files\CONFLICT.3\UERS_9999_N91S1502NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned.
C:\WINDOWS\Downloaded Program Files\CONFLICT.3\UWA7P_0001_N91M0809NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned.
C:\WINDOWS\Downloaded Program Files\CONFLICT.3\WinAntiSpyware2007FreeInstall.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned.
C:\WINDOWS\Downloaded Program Files\CONFLICT.4\UERS_9999_N91S1502NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned.
C:\WINDOWS\Downloaded Program Files\CONFLICT.4\UWA7P_0001_N91M0809NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned.
C:\WINDOWS\Downloaded Program Files\CONFLICT.4\WinAntiSpyware2007FreeInstall.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned.
C:\WINDOWS\Downloaded Program Files\CONFLICT.5\UWA7P_0001_N91M0809NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned.
C:\WINDOWS\Downloaded Program Files\CONFLICT.5\WinAntiSpyware2007FreeInstall.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned.
C:\WINDOWS\Downloaded Program Files\CONFLICT.6\UWA7P_0001_N91M0809NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned.
C:\WINDOWS\Downloaded Program Files\CONFLICT.6\WinAntiSpyware2007FreeInstall.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned.
C:\WINDOWS\Downloaded Program Files\CONFLICT.7\UWA7P_0001_N91M0809NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned.
C:\WINDOWS\Downloaded Program Files\CONFLICT.7\WinAntiSpyware2007FreeInstall.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned.
C:\WINDOWS\Downloaded Program Files\CONFLICT.8\UWA7P_0001_N91M0809NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned.
C:\WINDOWS\Downloaded Program Files\CONFLICT.8\WinAntiSpyware2007FreeInstall.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned.
C:\WINDOWS\Downloaded Program Files\CONFLICT.9\UWA7P_0001_N91M0809NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned.
C:\Documents and Settings\anybody\Cookies\anybody@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\anybody\Cookies\anybody@atdmt[1].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\anybody\Cookies\anybody@burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\anybody\Cookies\anybody@auto.search.msn[1].txt -> TrackingCookie.Msn : Cleaned.
C:\Documents and Settings\anybody\Cookies\anybody@www.paypal[1].txt -> TrackingCookie.Paypal : Cleaned.
C:\Documents and Settings\anybody\Cookies\anybody@realmedia[2].txt -> TrackingCookie.Realmedia : Cleaned.
C:\Documents and Settings\anybody\Cookies\anybody@bs.serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\anybody\Cookies\anybody@serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\anybody\Cookies\anybody@statcounter[1].txt -> TrackingCookie.Statcounter : Cleaned.
C:\Documents and Settings\anybody\Cookies\anybody@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned.


::Report end
 
You must log in or register to reply here.
Back
Top