I have a trojan that doesn't go away with norton AV or with spydoctor

I would really appreciate some help, before my wife and kids leave me for good. I have spent all day long trying to fix this and no nothing... Well I made a stupid move and before I noticed I had plenty of virus in my system. Spy doctor detected those virus/trojans (Vurtu, vurtumonde, downloader.small.cml) and can delete all thee registers etc, but one: C:\Windows\system32\geebc.dll

I have used vurtufix and a couple of tools from Symantec, but it doesn't seem to help. I have tried to delete the geebc.dll, but it appears again after a while. I have also started the PC in safe mode, but the dam popus keep poping all the time (faked warnings about virus and pc performance with links to doownload sites for faked "oficial tools" to repair your pc). I have a couple of icons in my desktop that seem to be related and are impossible to delete ("online security guide" and "Live safety center").

Here is my log with the last Hijackthis (hijackthis_v2.0.2), if this can help to analize the problem. thanks in advance to anyone that can be so kind, to help me solve this issue:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:47:34, on 2007-10-13
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Safe mode

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program\Spyware Doctor\svcntaux.exe
C:\Program\Spyware Doctor\swdsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRAM\WINZIP\winzip32.exe
C:\Documents and Settings\Jose\Mina dokument\BANKERFIX\Hijackthis\HJTInstall.exe
C:\Program\Trend Micro\HijackThis\iamfukingyoutroyan.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O1 - Hosts: 127.0.0.0 localhost
O1 - Hosts: 127.0.0.2 auditmypc.com
O1 - Hosts: 127.0.0.4 bulletproofsoft.net
O1 - Hosts: 127.0.0.5 camtech2000.net
O1 - Hosts: 127.0.0.6 cexx.org
O1 - Hosts: 127.0.0.7 computercops.us
O1 - Hosts: 127.0.0.8 ct7support.com
O1 - Hosts: 127.0.0.9 doxdesk.com
O1 - Hosts: 127.0.0.20 kellys-korner-xp.com
O1 - Hosts: 127.0.0.21 kephyr.com
O1 - Hosts: 127.0.0.24 lurkhere.com
O1 - Hosts: 127.0.0.27 mjc1.com
O1 - Hosts: 127.0.0.28 moosoft.com
O1 - Hosts: 127.0.0.29 mvps.org
O1 - Hosts: 127.0.0.30 net-integration.net
O1 - Hosts: 127.0.0.31 noadware.net
O1 - Hosts: 127.0.0.32 no-spybot.com
O1 - Hosts: 127.0.0.33 onlinepcfix.com
O1 - Hosts: 127.0.0.34 pchell.com
O1 - Hosts: 127.0.0.35 pestpatrol.com
O1 - Hosts: 127.0.0.36 safer-networking.org
O1 - Hosts: 127.0.0.37 secure.spykiller.com
O1 - Hosts: 127.0.0.38 secureie.com
O1 - Hosts: 127.0.0.39 security.kolla.de
O1 - Hosts: 127.0.0.41 spychecker.com
O1 - Hosts: 127.0.0.42 spychecker.com
O1 - Hosts: 127.0.0.43 spycop.com
O1 - Hosts: 127.0.0.44 spyguard.com
O1 - Hosts: 127.0.0.45 spykiller.com
O1 - Hosts: 127.0.0.46 spyware.co.uk
O1 - Hosts: 127.0.0.47 spyware-cop.com
O1 - Hosts: 127.0.0.49 spywarenuker.com
O1 - Hosts: 127.0.0.50 spywareremove.com
O1 - Hosts: 127.0.0.51 spywareremove.com
O1 - Hosts: 127.0.0.52 stopzillapro.com
O1 - Hosts: 127.0.0.54 thiefware.com
O1 - Hosts: 127.0.0.56 unwantedlinks.com
O1 - Hosts: 127.0.0.57 webattack.com
O1 - Hosts: 127.0.0.58 wilders.org
O1 - Hosts: 127.0.0.59 www.auditmypc.com
O1 - Hosts: 127.0.0.60 www.bulletproofsoft.net
O1 - Hosts: 127.0.0.61 www.cexx.org
O1 - Hosts: 127.0.0.62 www.computercops.us
O1 - Hosts: 127.0.0.63 www.ct7support.com
O1 - Hosts: 127.0.0.64 www.doxdesk.com
O1 - Hosts: 127.0.0.65 www.eblocs.com
O1 - Hosts: 127.0.0.66 www.enigmasoftwaregroup.com
O1 - Hosts: 127.0.0.67 www.free-spyware-scan.com
O1 - Hosts: 127.0.0.68 www.free-web-browsers.com
O1 - Hosts: 127.0.0.69 www.grc.com
O1 - Hosts: 127.0.0.71 www.hackfaq.org
O1 - Hosts: 127.0.0.72 www.hazeleger.net
O1 - Hosts: 127.0.0.73 www.javacoolsoftware.com
O1 - Hosts: 127.0.0.74 www.kellys-korner-xp.com
O1 - Hosts: 127.0.0.75 www.kephyr.com
O1 - Hosts: 127.0.0.78 www.lurkhere.com
O1 - Hosts: 127.0.0.81 www.mjc1.com
O1 - Hosts: 127.0.0.82 www.moosoft.com
O1 - Hosts: 127.0.0.83 www.mvps.org
O1 - Hosts: 127.0.0.84 www.net-integration.net
O1 - Hosts: 127.0.0.85 www.noadware.net
O1 - Hosts: 127.0.0.86 www.no-spybot.com
O1 - Hosts: 127.0.0.87 www.onlinepcfix.com
O1 - Hosts: 127.0.0.88 www.pchell.com
O1 - Hosts: 127.0.0.89 www.pestpatrol.com
O1 - Hosts: 127.0.0.90 www.safer-networking.org
O1 - Hosts: 127.0.0.91 www.secureie.com
O1 - Hosts: 127.0.0.92 www.security.kolla.de
O1 - Hosts: 127.0.0.94 www.spychecker.com
O1 - Hosts: 127.0.0.95 www.spychecker.com
O1 - Hosts: 127.0.0.96 www.spycop.com
O1 - Hosts: 127.0.0.97 www.spyguard.com
O1 - Hosts: 127.0.0.98 www.spykiller.com
O1 - Hosts: 127.0.0.99 www.spyware.co.uk
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7AD250B2-6609-4EF2-860B-D0AC5A73C794} - C:\WINDOWS\system32\geebc.dll
O2 - BHO: IEWatchObj Class - {9527D42F-D666-11D3-B8DD-00600838CD5F} - C:\WINDOWS\System32\IETie.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\Program\FlashGet\jccatch.dll
O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\sgwekgef.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\Program\FlashGet\fgiebar.dll
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\sgwekgef.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [IntelliType] "C:\Program\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Program\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [vptray] C:\Program\NavNT\vptray.exe
O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe
O4 - HKLM\..\Run: [DVD43] C:\Program\DVD Region+CSS Free\DVD43.exe /hidden
O4 - HKLM\..\Run: [HP Software Update] "c:\Program\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHUPD05] c:\Program\Hewlett-Packard\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program\Delade filer\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SDTray] "C:\Program\Spyware Doctor\SDTrayApp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [VoipStunt] "C:\Program\VoipStunt.com\VoipStunt\VoipStunt.exe" -nosplash -minimized
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: SpamPal.lnk = C:\Program\SpamPal\spampal.exe
O4 - Startup: SunClock5.lnk = ?
O4 - Global Startup: Acrobat Assistant.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: HANDYdata IPC.lnk = C:\Program\IP Phone Center\IPCenter.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Personal.lnk = C:\Program\Personal\bin\Personal.exe
O8 - Extra context menu item: Download All by FlashGet - C:\Program\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program\FlashGet\jc_link.htm
O8 - Extra context menu item: Skicka till &Bluetooth - C:\Program\ANYCOM\Blue USB-120-240\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program\ANYCOM\Blue USB-120-240\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program\ANYCOM\Blue USB-120-240\btsendto_ie.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program\FlashGet\flashget.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1098805576296
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - https://www.gamespyid.com/alaunch.cab
O16 - DPF: {8F48147B-78D9-40F9-ACC0-BDDE59B246F4} (AccountHelper Class) - http://www.tele2mail.com/static/apps/utils/AccountHelper.cab
O16 - DPF: {D1DD51D9-C35E-4050-8660-49D9FC0A0547} (PbaUpdate Control) - http://www.flip.pt/update/patches/PbaUpdate.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?312
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program\DELADE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: sgwekgef - C:\WINDOWS\SYSTEM32\sgwekgef.dll
O20 - Winlogon Notify: xxyxxyx - xxyxxyx.dll (file missing)
O23 - Service: Airgo Networks NIC Service (ANISERVICE) - Airgo Networks, Inc. - C:\WINDOWS\System32\aniServ.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program\ANYCOM\Blue USB-120-240\bin\btwdins.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program\NavNT\defwatch.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSEC.EXE
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program\NavNT\rtvscan.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program\Spyware Doctor\swdsvc.exe

--
End of file - 11509 bytes

 

All of those 01 host entries must be fixed!

O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\sgwekgef.dll ---- Virus

O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - https://www.gamespyid.com/alaunch.cab ---- Likely spyware

O20 - Winlogon Notify: xxyxxyx - xxyxxyx.dll (file missing)

Clean all these entries, then download AVG anti spyware. Update the program and then run it. Reboot your pc and then post another log.

 

I had that Trogan.Its a bit*h too,i had to completely reinstall windows xp and start all over.Sounds worse then it is,unless you don't have everything backed up.

Which is the best antivirus out there.I have Mcafee.Lavasoft personal ediition,and spybot.Its done good for three years know.Knock on wood.Is there anything better,my subscription is up soon for Mcfee.

 

I live and die by Nod32. I have never had any major problems using that in conjunction with AVG anti spyware and Outpost Agnitum pro. I love Spybot, but am not overly fond of Adaware.

 

Thank you for your help. I am doing what you have told me to do. Just now the scan with AVG is in process(it takes a long time but it seems to work amazingly well). I can see several virus and 1 trojan detected.
As soon as this process is over I will send a HJTlog. More than anything , I am very curious to see if those icons in my desktop are active and if the popups remain after all this, when I connect to Internet again (I have disconected the network cable as explorer was getting mad - I have mozilla firefox inxtalled, or it would have been difficult to access the web for downloading AVG AV).

 

Hi again. I did as requested, but as soon as I connected the PC to internet, those icons and the popups started again. I don't know if the VAG enables "file system real time protection"...somehow, it seems that this trojan or virus is well hidden and becomes active as soon as te PC connects to Internet...

Here is the actual Hijackthis log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:32:18, on 2007-10-14
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\aniServ.exe
C:\Program\Grisoft\AVG7\avgamsvr.exe
C:\Program\Grisoft\AVG7\avgupsvc.exe
C:\Program\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program\ANYCOM\Blue USB-120-240\bin\btwdins.exe
C:\Program\NavNT\defwatch.exe
C:\WINDOWS\System32\GEARSEC.EXE
C:\Program\NavNT\rtvscan.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program\Microsoft Hardware\Keyboard\type32.exe
C:\Program\Microsoft Hardware\Mouse\point32.exe
C:\Program\iTunes\iTunesHelper.exe
C:\Program\Logitech\Video\LogiTray.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program\NavNT\vptray.exe
C:\Program\iPod\bin\iPodService.exe
C:\Program\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program\Delade filer\Real\Update_OB\realsched.exe
C:\Program\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program\Skype\Phone\Skype.exe
C:\Program\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program\VoipStunt.com\VoipStunt\VoipStunt.exe
C:\WINDOWS\system32\LVComS.exe
C:\Program\ANYCOM\Blue USB-120-240\BTTray.exe
C:\Program\Logitech\Video\LowLight.exe
C:\Program\Personal\bin\Personal.exe
C:\Program\SpamPal\spampal.exe
C:\Program\Skype\Plugin Manager\SkypePM.exe
C:\Program\Grisoft\AVG7\avgwb.dat
C:\Program\Spyware Doctor\svcntaux.exe
C:\Program\Spyware Doctor\swdsvc.exe
C:\Program\Spyware Doctor\SDTrayApp.exe
C:\Program\Mozilla Firefox\firefox.exe
C:\DOCUME~1\Jose\LOKALA~1\Temp\urclqecd.exe
C:\Program\Internet Explorer\IEXPLORE.EXE
C:\Program\Spyware Doctor\swdoctor.exe
C:\Program\Trend Micro\HijackThis\iamfukingyoutroyan.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -

C:\Program\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: IEWatchObj Class - {9527D42F-D666-11D3-B8DD-00600838CD5F} -

C:\WINDOWS\System32\IETie.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} -

C:\Program\FlashGet\jccatch.dll
O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\cmiiyjod.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} -

C:\Program\FlashGet\fgiebar.dll
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} -

C:\WINDOWS\system32\cmiiyjod.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [IntelliType] "C:\Program\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Program\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [vptray] C:\Program\NavNT\vptray.exe
O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe
O4 - HKLM\..\Run: [DVD43] C:\Program\DVD Region+CSS Free\DVD43.exe /hidden
O4 - HKLM\..\Run: [HP Software Update] "c:\Program\Hewlett-Packard\HP Software

Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHUPD05]

c:\Program\Hewlett-Packard\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program\Delade filer\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG7_CC] C:\Program\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SDTray] "C:\Program\Spyware Doctor\SDTrayApp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [VoipStunt] "C:\Program\VoipStunt.com\VoipStunt\VoipStunt.exe" -nosplash

-minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJÄNST')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\Program\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOKAL

TJÄNST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: SpamPal.lnk = C:\Program\SpamPal\spampal.exe
O4 - Startup: SunClock5.lnk = ?
O4 - Global Startup: Acrobat Assistant.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program\Delade

filer\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe

Gamma Loader.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: HANDYdata IPC.lnk = C:\Program\IP Phone Center\IPCenter.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program\Logitech\Desktop

Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Personal.lnk = C:\Program\Personal\bin\Personal.exe
O8 - Extra context menu item: Download All by FlashGet - C:\Program\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program\FlashGet\jc_link.htm
O8 - Extra context menu item: Skicka till &Bluetooth - C:\Program\ANYCOM\Blue

USB-120-240\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

C:\Program\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

C:\Program\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} -

C:\Program\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program\Microsoft

ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F}

- C:\Program\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} -

C:\Program\ANYCOM\Blue USB-120-240\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} -

C:\Program\ANYCOM\Blue USB-120-240\btsendto_ie.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} -

C:\Program\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} -

C:\Program\FlashGet\flashget.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network

Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} -

C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Program\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Program\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) -

http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -

http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1098805

576296
O16 - DPF: {8F48147B-78D9-40F9-ACC0-BDDE59B246F4} (AccountHelper Class) -

http://www.tele2mail.com/static/apps/utils/AccountHelper.cab
O16 - DPF: {D1DD51D9-C35E-4050-8660-49D9FC0A0547} (PbaUpdate Control) -

http://www.flip.pt/update/patches/PbaUpdate.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) -

http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?312
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -

C:\Program\DELADE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: cmiiyjod - C:\WINDOWS\SYSTEM32\cmiiyjod.dll
O23 - Service: Airgo Networks NIC Service (ANISERVICE) - Airgo Networks, Inc. -

C:\WINDOWS\System32\aniServ.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. -

C:\Program\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. -

C:\Program\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. -

C:\Program\Grisoft\AVG7\avgemc.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program\ANYCOM\Blue

USB-120-240\bin\btwdins.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program\NavNT\defwatch.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSEC.EXE
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. -

C:\Program\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation -

C:\Program\NavNT\rtvscan.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program\Spyware

Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program\Spyware

Doctor\swdsvc.exe

--
End of file - 10463 bytes

 

just a comment, regarding the last Hijackthis log:
My first log was done without being connected to the internet, but this last one was done while online.

 

Question...are you using a firewall? There are no signs of one in your log.....that is like playing with fire. Seems to be more bad entries then the last time, fix these:

C:\WINDOWS\system32\MsgSys.EXE

O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\cmiiyjod.dll

O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - ---------This and the 02 are part of the Virtumondo virus

C:\WINDOWS\system32\cmiiyjod.dll

Messenger\8876480\Program\LDMConf.exe

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class)

It was really hard to look at your log the way you posted it :/

 

Sorry for posting the log like that (I don't know how I did it, but I will pay attention next time. I should have the windows firewall active (SP2), unless one of those virus/trojans has deactivated it without showing...I am answering from my laptop. I have started the infected computer in safe mode to see if I can fix the lines you have indicated in your last post. Let's see if I can manage.

 

I manage only to fix the line:

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class)

the other ones remain after the "fix checked" process...

sorry I am a real newby...

Weird, but the popups remain even at safe mode and when I am not connected to the web...this trojan or virus is associated with some kind of addon in the Internet explorer...I can see the "browser" opens with a simbol "security toolbar" integrated in it...

Any suggestion about how to fix those lines and about the firewall?

 

Here is the log. As you can see those 02 and 03 remain...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:49:43, on 2007-10-14
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\aniServ.exe
C:\Program\Grisoft\AVG7\avgamsvr.exe
C:\Program\Grisoft\AVG7\avgupsvc.exe
C:\Program\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program\ANYCOM\Blue USB-120-240\bin\btwdins.exe
C:\Program\NavNT\defwatch.exe
C:\WINDOWS\System32\GEARSEC.EXE
C:\Program\NavNT\rtvscan.exe
C:\Program\Spyware Doctor\svcntaux.exe
C:\Program\Spyware Doctor\swdsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\MsgSys.EXE
C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program\Microsoft Hardware\Keyboard\type32.exe
C:\Program\Microsoft Hardware\Mouse\point32.exe
C:\Program\iTunes\iTunesHelper.exe
C:\Program\Logitech\Video\LogiTray.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program\NavNT\vptray.exe
C:\Program\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program\Delade filer\Real\Update_OB\realsched.exe
C:\Program\Grisoft\AVG7\avgcc.exe
C:\Program\Spyware Doctor\SDTrayApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program\MSN Messenger\MsnMsgr.Exe
C:\Program\Skype\Phone\Skype.exe
C:\Program\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program\VoipStunt.com\VoipStunt\VoipStunt.exe
C:\Program\ANYCOM\Blue USB-120-240\BTTray.exe
C:\WINDOWS\system32\LVComS.exe
C:\Program\IP Phone Center\IPCenter.exe
C:\Program\Logitech\Video\LowLight.exe
C:\Program\Personal\bin\Personal.exe
C:\Program\SpamPal\spampal.exe
C:\Program\iPod\bin\iPodService.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\System32\alg.exe
C:\Program\Skype\Plugin Manager\SkypePM.exe
C:\Program\IP Phone Center\pc2pccall.exe
C:\Program\IP Phone Center\tjbuddy.exe
C:\Program\MSN Messenger\usnsvc.exe
C:\Program\IP Phone Center\RingCntr.exe
C:\Program\Mozilla Firefox\firefox.exe
C:\Program\Trend Micro\HijackThis\iamfukingyoutroyan.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: IEWatchObj Class - {9527D42F-D666-11D3-B8DD-00600838CD5F} - C:\WINDOWS\System32\IETie.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\Program\FlashGet\jccatch.dll
O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\cmiiyjod.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\Program\FlashGet\fgiebar.dll
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\cmiiyjod.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [IntelliType] "C:\Program\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Program\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [vptray] C:\Program\NavNT\vptray.exe
O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe
O4 - HKLM\..\Run: [DVD43] C:\Program\DVD Region+CSS Free\DVD43.exe /hidden
O4 - HKLM\..\Run: [HP Software Update] "c:\Program\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHUPD05] c:\Program\Hewlett-Packard\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program\Delade filer\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG7_CC] C:\Program\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SDTray] "C:\Program\Spyware Doctor\SDTrayApp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [VoipStunt] "C:\Program\VoipStunt.com\VoipStunt\VoipStunt.exe" -nosplash -minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJÄNST')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\Program\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOKAL TJÄNST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: SpamPal.lnk = C:\Program\SpamPal\spampal.exe
O4 - Startup: SunClock5.lnk = ?
O4 - Global Startup: Acrobat Assistant.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: HANDYdata IPC.lnk = C:\Program\IP Phone Center\IPCenter.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Personal.lnk = C:\Program\Personal\bin\Personal.exe
O8 - Extra context menu item: Download All by FlashGet - C:\Program\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program\FlashGet\jc_link.htm
O8 - Extra context menu item: Skicka till &Bluetooth - C:\Program\ANYCOM\Blue USB-120-240\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program\ANYCOM\Blue USB-120-240\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program\ANYCOM\Blue USB-120-240\btsendto_ie.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program\FlashGet\flashget.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1098805576296
O16 - DPF: {8F48147B-78D9-40F9-ACC0-BDDE59B246F4} (AccountHelper Class) - http://www.tele2mail.com/static/apps/utils/AccountHelper.cab
O16 - DPF: {D1DD51D9-C35E-4050-8660-49D9FC0A0547} (PbaUpdate Control) - http://www.flip.pt/update/patches/PbaUpdate.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?312
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program\DELADE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: cmiiyjod - C:\WINDOWS\SYSTEM32\cmiiyjod.dll
O23 - Service: Airgo Networks NIC Service (ANISERVICE) - Airgo Networks, Inc. - C:\WINDOWS\System32\aniServ.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\Program\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\Program\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\Program\Grisoft\AVG7\avgemc.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program\ANYCOM\Blue USB-120-240\bin\btwdins.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program\NavNT\defwatch.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSEC.EXE
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program\NavNT\rtvscan.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program\Spyware Doctor\swdsvc.exe

--
End of file - 10372 bytes

 

You are not going to like this advice at all I am sure, but I would reinstall windows using the complete format option for the C drive. You have already tried the the fix for the virus correct? Something like this will not go away with just HJT. If that is not an option I will do a little research and try to help find a more proactive fix for your situation, or hopefully somebody else that has had this trojan can offer some advice.

 

Hi. Yes I think also this situation is getting a bit messy and I am worried with the fact of not being able to count as I thought with the SP2 Windows firewall...I also have to admit that I have not reinstalled windows the last 3 years and I wouldn't be surprised if one of the many programs that I have tried, would have created some kind of incompatibility with the firewall. I have plenty of programs to reinstal, that's why I am lazy about it...
I had the false ilusion that I was doing all the safe stuff...now I realize that my firewall is nothing to count with and that a free AV like AVG is far more effective to detect threats than Norton. After reinstalling windows, what do you think I should use as a firewall?

By the way thanks you for your time.

 

Here is a quick breakdown on what I believe will keep you safe, both free and pay apps. It would be best as I am sure you know to start fresh and use some of these progs, and hopefully not have to go through this again!

Firewall

Free -
Outpost http://www.agnitum.com/products/outpostfree/download.php

Comodo http://www.personalfirewall.comodo.com/

I woud go with with Outpost. Both are free, both are far better then the Wndowas firewall.

Pay for

Outpost Pro - http://www.agnitum.com/products/outpost/

Kerio - http://www.softpedia.com/get/Security/Firewall/Kerio-Personal-Firewall.shtml

I use Outpost Pro....the wealth of options is outstanding and the forums are great. With a little tweaking you will have a pretty solid computer.

AV

Free

AVG http://www.download.com/3000-2239_4-10746390.html

Antvir http://www.free-av.com/

Either one is great...free and thorough, no complaints!

Pay

Nod32 http://www.eset.com/landing_pages/l..._Search-Exact&utm_campaign=Brand_Search-Atlas

The only AV I will ever use, always spot on.

Hope this helps a bit, feel free to ask any further questions as they arise!

 

great! I think you should open a thread with this information, because I am sure a lot of people out there would appreciate it.

thanks again. I will try one of those firewalls.

 

Glad I could help There is already a nice thread with great information about keeping your comp safe, you can find it here

Here is a great site that has a lot of useful information and online tests, it has taught me a lot https://www.grc.com/x/ne.dll?bh0bkyd2

Good luck

 

HI again,

As I promissed I would keep you informed. I also want to help other desperate guys who need some help, so they can maybe try those AVG and Spybot that helped me to repair my problem, without reinstalling the System. Of course I know that nothing is safer and better than a new installation, but with 3 kids jumping around me and spending a couple of hours in my car everyday home-work-home I am really greatful for buying some extra time.

Well it seems that for this time I am safe. A friend of mine passed me an AV called Spybot, that seems to be very effective. The main issue here is that after running it I had no more annoying popups.

Anyway I have been warned for being careful with Spybot, when it comes to the advanced mode. It can destroy a lot of things in your system if you don't know what you are doing.

Her it comes my last Hyjackthis log. I have now 4 AV in my system: AVG, Spyware doctor, spybot and Norton AV.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:37:31, on 2007-10-18
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\aniServ.exe
C:\Program\Grisoft\AVG7\avgamsvr.exe
C:\Program\Grisoft\AVG7\avgupsvc.exe
C:\Program\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program\ANYCOM\Blue USB-120-240\bin\btwdins.exe
C:\Program\NavNT\defwatch.exe
C:\WINDOWS\System32\GEARSEC.EXE
C:\Program\NavNT\rtvscan.exe
C:\Program\Spyware Doctor\svcntaux.exe
C:\Program\Spyware Doctor\swdsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\WINDOWS\Explorer.EXE
C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program\Microsoft Hardware\Keyboard\type32.exe
C:\Program\Microsoft Hardware\Mouse\point32.exe
C:\Program\iTunes\iTunesHelper.exe
C:\Program\Logitech\Video\LogiTray.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program\NavNT\vptray.exe
C:\Program\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program\Delade filer\Real\Update_OB\realsched.exe
C:\Program\Grisoft\AVG7\avgcc.exe
C:\Program\Spyware Doctor\SDTrayApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program\MSN Messenger\MsnMsgr.Exe
C:\Program\Skype\Phone\Skype.exe
C:\Program\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\LVComS.exe
C:\Program\Logitech\Video\LowLight.exe
C:\Program\ANYCOM\Blue USB-120-240\BTTray.exe
C:\Program\Personal\bin\Personal.exe
C:\Program\SpamPal\spampal.exe
C:\Program\iPod\bin\iPodService.exe
C:\Program\Skype\Plugin Manager\SkypePM.exe
C:\WINDOWS\System32\alg.exe
C:\Program\MSN Messenger\usnsvc.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Documents and Settings\Jose\Application Data\Map Maker\MMManager.exe
C:\Program\VoipStunt.com\VoipStunt\VoipStunt.exe
C:\Program\DVDREG~1\DVDRegionFree.exe
C:\Program\Trend Micro\HijackThis\iamfukingyoutroyan.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: IEWatchObj Class - {9527D42F-D666-11D3-B8DD-00600838CD5F} - C:\WINDOWS\System32\IETie.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\Program\FlashGet\jccatch.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\Program\FlashGet\fgiebar.dll
O3 - Toolbar: (no name) - {11A69AE4-FBED-4832-A2BF-45AF82825583} - (no file)
O4 - HKLM\..\Run: [ATIPTA] C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [IntelliType] "C:\Program\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Program\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [vptray] C:\Program\NavNT\vptray.exe
O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe
O4 - HKLM\..\Run: [DVD43] C:\Program\DVD Region+CSS Free\DVD43.exe /hidden
O4 - HKLM\..\Run: [HP Software Update] "c:\Program\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHUPD05] c:\Program\Hewlett-Packard\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program\Delade filer\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG7_CC] C:\Program\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SDTray] "C:\Program\Spyware Doctor\SDTrayApp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [VoipStunt] "C:\Program\VoipStunt.com\VoipStunt\VoipStunt.exe" -nosplash -minimized
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJÄNST')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\Program\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOKAL TJÄNST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: SpamPal.lnk = C:\Program\SpamPal\spampal.exe
O4 - Startup: SunClock5.lnk = C:\Documents and Settings\Jose\Application Data\Map Maker\MMManager.exe
O4 - Global Startup: Acrobat Assistant.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: HANDYdata IPC.lnk = C:\Program\IP Phone Center\IPCenter.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Personal.lnk = C:\Program\Personal\bin\Personal.exe
O8 - Extra context menu item: Download All by FlashGet - C:\Program\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program\FlashGet\jc_link.htm
O8 - Extra context menu item: Skicka till &Bluetooth - C:\Program\ANYCOM\Blue USB-120-240\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program\ANYCOM\Blue USB-120-240\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program\ANYCOM\Blue USB-120-240\btsendto_ie.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program\FlashGet\flashget.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1098805576296
O16 - DPF: {8F48147B-78D9-40F9-ACC0-BDDE59B246F4} (AccountHelper Class) - http://www.tele2mail.com/static/apps/utils/AccountHelper.cab
O16 - DPF: {D1DD51D9-C35E-4050-8660-49D9FC0A0547} (PbaUpdate Control) - http://www.flip.pt/update/patches/PbaUpdate.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?312
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program\DELADE~1\Skype\SKYPE4~1.DLL
O23 - Service: Airgo Networks NIC Service (ANISERVICE) - Airgo Networks, Inc. - C:\WINDOWS\System32\aniServ.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\Program\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\Program\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\Program\Grisoft\AVG7\avgemc.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program\ANYCOM\Blue USB-120-240\bin\btwdins.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program\NavNT\defwatch.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSEC.EXE
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program\NavNT\rtvscan.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program\Spyware Doctor\swdsvc.exe

--
End of file - 10659 bytes

 

Like I said a few days ago, Spybot S & D is great. Tell your friend great minds think alike

You have traces of coolwebsearch, lets clean that up ASAP:


O3 - Toolbar: (no name) - {11A69AE4-FBED-4832-A2BF-45AF82825583} - (no file)

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJÄNST')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
Ctfmon.exe


O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
Ctfmon.exe


O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

Clean those up and you are good! Please, please use Firefox! Internet Explorer is one big security hole, I guarantee a lot of the things you have experienced will not happen if you use Firefox.

 

HI,

Here comes the log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:47:51, on 2007-10-19
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\aniServ.exe
C:\Program\Grisoft\AVG7\avgamsvr.exe
C:\Program\Grisoft\AVG7\avgupsvc.exe
C:\Program\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program\ANYCOM\Blue USB-120-240\bin\btwdins.exe
C:\Program\NavNT\defwatch.exe
C:\WINDOWS\System32\GEARSEC.EXE
C:\Program\NavNT\rtvscan.exe
C:\Program\Spyware Doctor\svcntaux.exe
C:\Program\Spyware Doctor\swdsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\WINDOWS\System32\alg.exe
C:\Program\Spyware Doctor\SDTrayApp.exe
C:\WINDOWS\Explorer.EXE
C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program\Microsoft Hardware\Keyboard\type32.exe
C:\Program\Microsoft Hardware\Mouse\point32.exe
C:\Program\iTunes\iTunesHelper.exe
C:\Program\Logitech\Video\LogiTray.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program\NavNT\vptray.exe
C:\Program\iPod\bin\iPodService.exe
C:\Program\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program\Delade filer\Real\Update_OB\realsched.exe
C:\Program\Grisoft\AVG7\avgcc.exe
C:\Program\Skype\Phone\Skype.exe
C:\Program\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program\VoipStunt.com\VoipStunt\VoipStunt.exe
C:\Program\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\LVComS.exe
C:\Program\Logitech\Video\LowLight.exe
C:\Program\Skype\Plugin Manager\SkypePM.exe
C:\Program\Personal\bin\Personal.exe
C:\Program\SpamPal\spampal.exe
C:\Documents and Settings\Jose\Application Data\Map Maker\MMManager.exe
C:\Program\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program\Outlook Express\msimn.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program\Trend Micro\HijackThis\iamfukingyoutroyan.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: IEWatchObj Class - {9527D42F-D666-11D3-B8DD-00600838CD5F} - C:\WINDOWS\System32\IETie.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\Program\FlashGet\jccatch.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\Program\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [IntelliType] "C:\Program\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Program\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [vptray] C:\Program\NavNT\vptray.exe
O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe
O4 - HKLM\..\Run: [DVD43] C:\Program\DVD Region+CSS Free\DVD43.exe /hidden
O4 - HKLM\..\Run: [HP Software Update] "c:\Program\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHUPD05] c:\Program\Hewlett-Packard\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program\Delade filer\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG7_CC] C:\Program\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SDTray] "C:\Program\Spyware Doctor\SDTrayApp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [VoipStunt] "C:\Program\VoipStunt.com\VoipStunt\VoipStunt.exe" -nosplash -minimized
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\Program\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\Program\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\Program\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: SpamPal.lnk = C:\Program\SpamPal\spampal.exe
O4 - Startup: SunClock5.lnk = C:\Documents and Settings\Jose\Application Data\Map Maker\MMManager.exe
O4 - Global Startup: Acrobat Assistant.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: HANDYdata IPC.lnk = C:\Program\IP Phone Center\IPCenter.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Personal.lnk = C:\Program\Personal\bin\Personal.exe
O8 - Extra context menu item: Download All by FlashGet - C:\Program\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program\FlashGet\jc_link.htm
O8 - Extra context menu item: Skicka till &Bluetooth - C:\Program\ANYCOM\Blue USB-120-240\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program\ANYCOM\Blue USB-120-240\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program\ANYCOM\Blue USB-120-240\btsendto_ie.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program\FlashGet\flashget.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1098805576296
O16 - DPF: {8F48147B-78D9-40F9-ACC0-BDDE59B246F4} (AccountHelper Class) - http://www.tele2mail.com/static/apps/utils/AccountHelper.cab
O16 - DPF: {D1DD51D9-C35E-4050-8660-49D9FC0A0547} (PbaUpdate Control) - http://www.flip.pt/update/patches/PbaUpdate.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?312
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program\DELADE~1\Skype\SKYPE4~1.DLL
O23 - Service: Airgo Networks NIC Service (ANISERVICE) - Airgo Networks, Inc. - C:\WINDOWS\System32\aniServ.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\Program\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\Program\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\Program\Grisoft\AVG7\avgemc.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program\ANYCOM\Blue USB-120-240\bin\btwdins.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program\NavNT\defwatch.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSEC.EXE
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program\NavNT\rtvscan.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program\Spyware Doctor\swdsvc.exe

--
End of file - 10328 bytes

Is it ok now?

Can you see windows firewall Active?

Thanks and regards

 

Windows firewall does not show up in the log whether it is on or off, that is why I asked in the past. No biggie, better to ask then let something potentially bad go ignored

And congrats, your log is now officially clean! Keep doing what you are doing and you will never have to worry about annoying problems again!