6 replies to this topic

[Hell-Fire Blade]

OK, here's my situation.

I've been using this computer for about 2.5 years now. About 1.5 years ago, I finally got internet access on it, thanks to my father setting me up with a router-based connection to his Optimum Online cable box... thing.

Since then, my computer has been moderately slowing down, but more recently, it's been getting worse faster. I thought Windows Firewall and a version of Norton Antivirus I downloaded long ago were protecting me. Now I finally decide to look up this crap, only to find that both those utilities totally suck. So, I downloaded some stuff for my computer. CCleaner, ZoneAlarm, AVG Anti-Spyware, EMS Free Surfer Companion, PCPitstop, and most relevantly, HiJackThis.

Now I have set up and run all of these utilities. Some turned up small results, some I have yet to confirm their true usefulness, some basically told me to go f*** myself because I'm not registered/haven't given them money, and some actually fully work. Upon installation of ZoneAlarm and AVG Anti-Spyware it hits me that I have SOOO much crap on my computer. ANYWAYS, I just heard of this HiJackThis and how useful it is through a google search of one of the files that AVG popped up and asked me to give access to internet.

So I ran HiJackThis and got a log. Some of the things on the list, I know that I have and know that I shouldnt delete. Some I know what they are, but don't know whether or not they are actually necessary. Some I just plain drool at. CCleaner was very helpful to me, as has been ZoneAlarm and AVG Antispyware. I hope that HJT might help me to be the haymaker for these things slowing down my computer so much.

Now, enough BS, here is the hijackthis.log file I recieved after running HJT. Please give me some help as to what I should check off on this list, and what you would recommend for me to do next.

Logfile of HijackThis v1.99.1
Scan saved at 12:15:36 PM, on 10/29/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\cisvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\taskswitch.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\PROGRA~1\Ahead\NEROTO~1\DRIVES~1.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\CHOST~1.EXE
C:\PROGRA~1\ICROSO~1.NET\winspool.exe
C:\Program Files\NETGEAR GA311 Adapter\GA311.exe
C:\Program Files\Microsoft Office\Office\1033\msoffice.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Gideon Finkelstein\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SE...S01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SE...S01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Gideon Finkelstein
R3 - URLSearchHook: (no name) - {D7344010-FADA-8673-DED8-D828E3243BC6} - C:\WINDOWS\system32\djwafy.dll
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7A1693A1-AFAF-4F1E-9B05-EEC38A85FBF3} - C:\WINDOWS\system32\poyif0.dll (file missing)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {D7344010-FADA-8673-DED8-D828E3243BC6} - C:\WINDOWS\system32\djwafy.dll
O2 - BHO: (no name) - {E4202BB4-942D-B5DC-7BE0-B19EF86750B1} - (no file)
O2 - BHO: (no name) - {EA2C29BD-CF74-BD81-7BE0-B19EF86750B2} - (no file)
O2 - BHO: (no name) - {F07B3E18-D880-A572-D098-AC0FA1944FCA} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [Nero DriveSpeed] C:\PROGRA~1\Ahead\NEROTO~1\DRIVES~1.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [YeppStudioAgent] C:\Program Files\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [PC Pitstop Optimize Scheduler] C:\Program Files\PCPitstop\Optimize\PCPOptimize.exe -boot
O4 - HKLM\..\Run: [PCPitstop Optimize Registration Reminder] C:\Program Files\PCPitstop\Optimize\Reminder.exe
O4 - HKCU\..\Run: [Rtloal] C:\WINDOWS\system32\CHOST~1.EXE
O4 - HKCU\..\Run: [Ornt] "C:\PROGRA~1\ICROSO~1.NET\winspool.exe" -vt mt
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Uniblue Registry Booster] C:\Program Files\Uniblue\Registry Booster\RegistryBooster.exe /S
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: GA311 Smart Wizard Utility.lnk = C:\Program Files\NETGEAR GA311 Adapter\GA311.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
O8 - Extra context menu item: Get siteinfo data (fsc) - C:\Program Files\EMS Free Surfer Companion\fslauncher.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Free Surfer - {AFC3FA82-AD07-45cd-8B57-983435B9899E} - C:\Program Files\EMS Free Surfer Companion\FS30.exe
O9 - Extra 'Tools' menuitem: Free Surfer - {AFC3FA82-AD07-45cd-8B57-983435B9899E} - C:\Program Files\EMS Free Surfer Companion\FS30.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Gideon Finkelstein\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YahooMessenger.exe
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPoker.net\partypokernet.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPoker.net\partypokernet.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop...p/PCPitStop.CAB
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.c...es/MsnInstC.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {A2E05F45-F127-4092-B9F7-9A02C3E04C77} (HGPlugin7USA Class) - http://gamedownload.ijjimax.com/gamedownlo...GPlugin7USA.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab32846.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownlo...GPlugin9USA.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: ati2evxx.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe

I thought CCleaner had solved all my problems. These now utilities seem to be telling me different. Please help me to cleanse my computer of whatever is bogging down my already crappy-to-begin-with computer.

(PS: I have a Pentium 2 with 400mhz and 192MB RAM, thats to give you an idea of how much my computer sucks by default)

[Noviciate]

You are running HJT from an unsafe location. An easy way to correct this is to do the following:

Download a copy of HJTsetup.exe from here and save it to your Desktop.

• Double click HJTsetup.exe to begin installation.
  
• By default it will install to C:\Program Files\Hijack This.
  
• Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
  
• Put a check by Create a desktop icon then click Next again.
  
• Continue to follow the prompts from there.
  
• At the final dialogue box uncheck the box to the left of "Launch Hijackthis" and then click Finish

Do this BEFORE you proceed!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Download Combofix by sUBs from here and save it to your Desktop.

• Double click combo.exe to run it and follow the prompts.
  
• When the tool has finished, it will produce a log C:\ComboFix.txt - copy and paste it into your next reply.
  
• Post a fresh HJT log as well.
  
• Let me know how the PC is behaving.

Please Note:

• Do not mouse click in the combofix window while it is running - this may cause your system to hang/crash.
  
• Disable Script Blocking if you have NAV installed as it will interfere with the normal working of this tool.
  
• Trojan Hunter has been reported to detect this tool as Worm.Qiv.100 - please ignore this, it's a false-positive.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Run HJT:

• Click Open the Misc Tools section.
  
• Click Open Uninstall Manager...
  
• Click Save list... and save it to your Desktop.
  
• Copy and paste the file uninstall_list.txt into your next reply.

[Hell-Fire Blade]

Here you go.

This is ComboFix.txt --------
Gideon Finkelstein - 06-10-30 19:03:36.23 Service Pack 2
ComboFix 06.10.19 - Running from: "C:\Documents and Settings\Gideon Finkelstein\Desktop"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))



~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

Folders Quarantined:

C:\QooBox\Purity\WINDOWS\SMANTE~1
C:\QooBox\Purity\WINDOWS\CROSOF~1.NET
C:\QooBox\Purity\WINDOWS\TSKS~1
C:\QooBox\Purity\WINDOWS\YSTEM3~1
C:\QooBox\Purity\WINDOWS\YSTEM~1
C:\QooBox\Purity\WINDOWS\SSTEM~1
C:\QooBox\Purity\WINDOWS\ECURIT~1
C:\QooBox\Purity\WINDOWS\FNTS~1
C:\QooBox\Purity\WINDOWS\system32\CROSOF~1
C:\QooBox\Purity\WINDOWS\system32\TSKS~1
C:\QooBox\Purity\WINDOWS\system32\SSTEM3~1
C:\QooBox\Purity\WINDOWS\system32\SSTEM~1
C:\QooBox\Purity\WINDOWS\system32\YMBOLS~1
C:\QooBox\Purity\WINDOWS\CROSOF~1.NET\??crosoft.NET
C:\QooBox\Purity\WINDOWS\CROSOF~1.NET\W?nSxS
C:\QooBox\Purity\WINDOWS\CROSOF~1.NET\aren.exe
C:\QooBox\Purity\WINDOWS\CROSOF~1.NET\wucrtupd.exe
C:\QooBox\Purity\WINDOWS\CROSOF~1.NET\àdobe
C:\QooBox\Purity\WINDOWS\CROSOF~1.NET\??crosoft.NET\!update-4145.0000
C:\QooBox\Purity\Program Files\ICROSO~1.NET
C:\QooBox\Purity\Program Files\çSKS~1
C:\QooBox\Purity\Program Files\SMBOLS~1
C:\QooBox\Purity\Program Files\PPPATC~1
C:\QooBox\Purity\Program Files\Common Files\ASKS~1
C:\QooBox\Purity\Program Files\Common Files\SKS~1
C:\QooBox\Purity\Program Files\Common Files\YSTEM~1
C:\QooBox\Purity\Program Files\Common Files\ASKS~1\?asks
C:\QooBox\Purity\Program Files\Common Files\ASKS~1\M?crosoft.NET
C:\QooBox\Purity\Program Files\Common Files\ASKS~1\rotr.exe
C:\QooBox\Purity\Program Files\ICROSO~1.NET\ICROSO~1.NET
C:\QooBox\Purity\Program Files\ICROSO~1.NET\winspool.exe
C:\QooBox\Purity\Program Files\ICROSO~1.NET\ICROSO~1.NET\ctxad-503.0004
C:\QooBox\Purity\Program Files\ICROSO~1.NET\ICROSO~1.NET\ctxad-503.0000
C:\QooBox\Purity\Program Files\ICROSO~1.NET\ICROSO~1.NET\ctxad-503.0001
C:\QooBox\Purity\Program Files\ICROSO~1.NET\ICROSO~1.NET\ctxad-503.0002
C:\QooBox\Purity\Program Files\ICROSO~1.NET\ICROSO~1.NET\ctxad-503.0003
C:\QooBox\Purity\Documents and Settings\Gideon Finkelstein\Application Data\CROSOF~1
C:\QooBox\Purity\Documents and Settings\Gideon Finkelstein\Application Data\YSTEM3~1


((((((((((((((((((((((((((((((( Files Created from 2006-09-30 to 2006-10-30 ))))))))))))))))))))))))))))))))))


2006-10-27 23:20 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2006-10-26 18:19 126,976 --a------ C:\WINDOWS\system32\djwafy.dll
2006-10-24 18:20 98,304 --a------ C:\WINDOWS\W2BNEUnin.exe
2006-10-24 18:20 2,829 --a------ C:\WINDOWS\W2BNEUnin.pif


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-10-30 18:53 -------- d-------- C:\Program Files\Hijackthis
2006-10-29 11:54 -------- d-------- C:\Documents and Settings\Gideon Finkelstein\Application Data\Uniblue
2006-10-28 11:17 -------- d-------- C:\Program Files\XPTuneup 3.1
2006-10-28 00:45 -------- d-------- C:\Program Files\PCPitstop
2006-10-28 00:26 -------- d-------- C:\Program Files\EMS Free Surfer Companion
2006-10-27 23:59 -------- d-------- C:\Program Files\Zone Labs
2006-10-27 23:19 -------- d-------- C:\Program Files\Grisoft
2006-10-27 22:44 -------- d-------- C:\Program Files\CCleaner
2006-10-26 18:20 2 --a------ C:\WINDOWS\system32\wnsintcc.exe
2006-10-25 09:26 438272 -r-hs---- C:\WINDOWS\system32\??chost.exe
2006-10-24 22:46 -------- d-------- C:\Program Files\War2Combat
2006-10-24 17:53 -------- d-------- C:\Program Files\Warcraft II BNE
2006-10-14 23:56 -------- d-------- C:\Program Files\eMule
2006-10-14 19:27 -------- d-------- C:\Documents and Settings\Gideon Finkelstein\Application Data\IMVU
2006-10-09 20:27 -------- d-------- C:\Program Files\EndlessOnline26-3
2006-09-28 00:17 -------- d-------- C:\Program Files\Macrogaming
2006-09-17 21:38 -------- d-------- C:\Program Files\Windows Desktop Search
2006-09-17 21:28 -------- d-------- C:\Program Files\Windows Live Toolbar
2006-09-13 01:01 1084416 --a------ C:\WINDOWS\system32\msxml3.dll
2006-08-25 11:45 617472 --a------ C:\WINDOWS\system32\comctl32.dll
2006-08-21 08:21 16896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-08-21 05:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe
2006-08-16 07:58 100352 --a------ C:\WINDOWS\system32\6to4svc.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"Rtloal"="C:\\WINDOWS\\system32\\CHOST~1.EXE"
"Ornt"="\"C:\\PROGRA~1\\ICROSO~1.NET\\winspool.exe\" -vt mt"
"ccleaner"="\"C:\\Program Files\\CCleaner\\ccleaner.exe\" /AUTO"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"IMJPMIG8.1"="C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32"
"PHIME2002ASync"="C:\\WINDOWS\\System32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC"
"PHIME2002A"="C:\\WINDOWS\\System32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName"
"CoolSwitch"="C:\\WINDOWS\\system32\\taskswitch.exe"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"InCD"="C:\\Program Files\\Ahead\\InCD\\InCD.exe"
"Nero DriveSpeed"="C:\\PROGRA~1\\Ahead\\NEROTO~1\\DRIVES~1.EXE"
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"YeppStudioAgent"="C:\\Program Files\\Samsung\\Samsung Media Studio\\SamsungMediaStudioAgent.exe"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
"Zone Labs Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""
"PC Pitstop Optimize Scheduler"="C:\\Program Files\\PCPitstop\\Optimize\\PCPOptimize.exe -boot"
"PCPitstop Optimize Registration Reminder"="C:\\Program Files\\PCPitstop\\Optimize\\Reminder.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000005

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,40,01,00,00,00,00,00,00,00,05,00,00,92,04,\
00,00,04,00,00,40
"RestoredStateInfo"=hex:18,00,00,00,40,01,00,00,00,00,00,00,00,05,00,00,92,04,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Ornt"="\"C:\\WINDOWS\\CROSOF~1.NET\\wucrtupd.exe\" -vt ndrv"
@="C:\\WINDOWS\\system32\\CHOST~1.EXE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"Ornt"="\"C:\\WINDOWS\\CROSOF~1.NET\\wucrtupd.exe\" -vt ndrv"
@="C:\\WINDOWS\\system32\\CHOST~1.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:000000ff
"NoRecentDocsMenu"=hex:00,00,00,00
"NoActiveDesktop"=hex:00,00,00,00
"NoRecentDocsHistory"=hex:00,00,00,00
"ClearRecentDocsOnExit"=hex:01,00,00,00
"NoClose"=dword:00000000
"StartMenuLogOff"=dword:00000000
"NoLogOff"=dword:00000000
"NoRun"=dword:00000000
"NoFind"=dword:00000000
"NoSetFolders"=dword:00000000
"NoControlPanel"=dword:00000000
"NoNetSetup"=dword:00000000
"NoPrinters"=dword:00000000
"NoViewOnDrive"=dword:00000000
"NoDrives"=dword:00000000
"WizmaxBackup_NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000001
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
"VerboseStatus"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:000000ff
"WizmaxBackup_NoDriveTypeAutoRun"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Gideon Finkelstein^Start Menu^Programs^Startup^PowerReg Scheduler.exe]
"path"="C:\\Documents and Settings\\Gideon Finkelstein\\Start Menu\\Programs\\Startup\\PowerReg Scheduler.exe"
"backup"="C:\\WINDOWS\\pss\\PowerReg Scheduler.exeStartup"
"location"="Startup"
"command"="C:\\Documents and Settings\\Gideon Finkelstein\\Start Menu\\Programs\\Startup\\PowerReg Scheduler.exe"
"item"="PowerReg Scheduler"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\1SPC]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="services"
"hkey"="HKLM"
"command"="C:\\Program Files\\SentryPC\\services.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced Backup]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ab"
"hkey"="HKCU"
"command"="C:\\Program Files\\Advanced Backup\\ab.exe /startup"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cuubb33p]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="cuubb33p"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\cuubb33p.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Lite]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ICQLite"
"hkey"="HKLM"
"command"="C:\\Program Files\\ICQLite\\ICQLite.exe -minimize"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lgrwpot]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="lgrwpot"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\lgrwpot.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msmsgs"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ornt]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="aren"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\wtea\\aren.exe\" -vt mt"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\salm]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="salm"
"hkey"="HKLM"
"command"="c:\\program files\\180searchassistant\\salm.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKCU"
"command"=""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jusched"
"hkey"="HKLM"
"command"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TBPS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="TBPS"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\Toolbar\\TBPS.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="realsched"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WildTangent CDA]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="cdaEngine0500"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\WildTangent\\Apps\\CDA\\GameDrvr.exe\" /startup \"C:\\Program Files\\WildTangent\\Apps\\CDA\\cdaEngine0500.dll\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ypager"
"hkey"="HKCU"
"command"="C:\\Program Files\\Yahoo!\\Messenger\\ypager.exe -quiet"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YeppStudioAgent]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SamsungMediaStudioAgent"
"hkey"="HKLM"
"command"="C:\\Program Files\\Samsung\\Samsung Media Studio\\SamsungMediaStudioAgent.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"TBPSSvc"=dword:00000002
"iPodService"=dword:00000003

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer - Gideon Finkelstein.job

Completion time: 06-10-30 19:08:01.02
C:\ComboFix.txt ... 06-10-30 19:08
---------
This is the fresh hijackthis.log --------------
Logfile of HijackThis v1.99.1
Scan saved at 7:12:21 PM, on 10/30/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\cisvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\taskswitch.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\PROGRA~1\Ahead\NEROTO~1\DRIVES~1.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\CHOST~1.EXE
C:\PROGRA~1\ICROSO~1.NET\winspool.exe
C:\Program Files\NETGEAR GA311 Adapter\GA311.exe
C:\Program Files\Microsoft Office\Office\1033\msoffice.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SE...S01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SE...S01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Gideon Finkelstein
R3 - URLSearchHook: (no name) - {D7344010-FADA-8673-DED8-D828E3243BC6} - C:\WINDOWS\system32\djwafy.dll
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7A1693A1-AFAF-4F1E-9B05-EEC38A85FBF3} - C:\WINDOWS\system32\poyif0.dll (file missing)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {D7344010-FADA-8673-DED8-D828E3243BC6} - C:\WINDOWS\system32\djwafy.dll
O2 - BHO: (no name) - {E4202BB4-942D-B5DC-7BE0-B19EF86750B1} - (no file)
O2 - BHO: (no name) - {EA2C29BD-CF74-BD81-7BE0-B19EF86750B2} - (no file)
O2 - BHO: (no name) - {F07B3E18-D880-A572-D098-AC0FA1944FCA} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [Nero DriveSpeed] C:\PROGRA~1\Ahead\NEROTO~1\DRIVES~1.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [YeppStudioAgent] C:\Program Files\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [PC Pitstop Optimize Scheduler] C:\Program Files\PCPitstop\Optimize\PCPOptimize.exe -boot
O4 - HKLM\..\Run: [PCPitstop Optimize Registration Reminder] C:\Program Files\PCPitstop\Optimize\Reminder.exe
O4 - HKCU\..\Run: [Rtloal] C:\WINDOWS\system32\CHOST~1.EXE
O4 - HKCU\..\Run: [Ornt] "C:\PROGRA~1\ICROSO~1.NET\winspool.exe" -vt mt
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: GA311 Smart Wizard Utility.lnk = C:\Program Files\NETGEAR GA311 Adapter\GA311.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
O8 - Extra context menu item: Get siteinfo data (fsc) - C:\Program Files\EMS Free Surfer Companion\fslauncher.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Free Surfer - {AFC3FA82-AD07-45cd-8B57-983435B9899E} - C:\Program Files\EMS Free Surfer Companion\FS30.exe
O9 - Extra 'Tools' menuitem: Free Surfer - {AFC3FA82-AD07-45cd-8B57-983435B9899E} - C:\Program Files\EMS Free Surfer Companion\FS30.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Gideon Finkelstein\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YahooMessenger.exe
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPoker.net\partypokernet.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPoker.net\partypokernet.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop...p/PCPitStop.CAB
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.c...es/MsnInstC.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {A2E05F45-F127-4092-B9F7-9A02C3E04C77} (HGPlugin7USA Class) - http://gamedownload.ijjimax.com/gamedownlo...GPlugin7USA.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab32846.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownlo...GPlugin9USA.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: ati2evxx.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe
--------------
This is uninstall_list.txt -----------
Ad-Aware SE Personal
Adobe Flash Player 9 ActiveX
Adobe Photoshop 5.0 Limited Edition
Adobe Reader 7.0.8
Alt-Tab Task Switcher Powertoy for Windows XP
AOL Instant Messenger
AVG Anti-Spyware 7.5
Azureus
ccCommon
CCleaner (remove only)
ECAM3
EMS Free Surfer Companion 1.3.0.0
Endless Online 0.26/b
Gunbound Revolution
Hijackthis 1.99.1
HijackThis 1.99.1
InterVideo WinDVD
J2SE Runtime Environment 5.0 Update 4
J2SE Runtime Environment 5.0 Update 6
Kali II
Lame ACM MP3 Codec
LimeWire 4.12.6
LiveReg (Symantec Corporation)
LiveUpdate 3.0 (Symantec Corporation)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft Encarta Encyclopedia 2000
Microsoft Office 2000 Disc 2
Microsoft Office 2000 Small Business
Microsoft Visual Studio 6.0 Enterprise Edition
Microsoft Web Publishing Wizard 1.53
mIRC
Mozilla Firefox (1.5)
MSN Messenger 7.5
MSN Music Assistant
Nero Suite
NETGEAR GA311 Smart Wizard Utility
Norton AntiVirus 2005
Norton AntiVirus 2005 (Symantec Corporation)
Norton AntiVirus Help
Norton AntiVirus Parent MSI
Norton WMI Update
PC Pitstop Optimize 1.5
Picasa 2
QuickTime
RealPlayer
Samsung Media Studio
Samsung Multimedia Studio
SPBBC
Symantec
Symantec Script Blocking Installer
SymNet
SyncToy
Trillian
Tweak UI
Viewpoint Media Player
Virtual Desktop Manager Powertoy for Windows XP
Warcraft II BNE
Windows Genuine Advantage v1.3.0254.0
Windows Media Connect
Windows Media Connect
Windows Media Format Runtime
Windows Media Player 10
Windows XP Service Pack 2
WinRAR archiver
WinZip
XPTuneup 3.1 Application
XviD Video Codec 11.6.2003-14:20 (uManiac's build)
Yahoo! Messenger
ZoneAlarm

Thanks for your help in assisting me with my crappy computer

[Noviciate]

You will need to make a copy of these instructions because you have to disconnect from the internet to complete the fix. Either print them out or copy and paste them into Notepad.

Preparation

1) Download the trial version of AVG Anti-Spyware 7.5 from here and save it to your Desktop.
If you already have this program installed, skip to Updating AVG Anti-Spyware: below.

* Please note that this program was formerly known as Ewido anti-spyware 4.0.
Taken from the Ewido website -

Quote

ewido anti-spyware 4.0 will now continue under the new product name AVG Anti-Spyware 7.5. AVG Anti-Spyware 7.5 contains the same ewido technology, but with some further enhanced features:

Highly improved cleaning
Lower resource usage
Additional languages supported

All current licenses for ewido anti-spyware 4.0 will continue to be valid, and users can change over to the new AVG Anti-Spyware 7.5 for free.

Double click the avgas-setup file to begin installation and follow the prompts.
When the program has been installed, and you click the Finish button, AVG A-S will open.

Updating AVG Anti-Spyware:

By default AVG A-S is configured to update automatically so, if you have an active internet connection, it should do so following installation. If you are unsure whether or not it has done so, do the following:

• Click the Update icon at the top and under "Manual Update" - click the Start update button.
  
• Either AVG A-S will update or inform you that no update was available.
  
• If you cannot access the internet with the infected PC, or you are having problems updating, you can download the signatures file from here.
  Once you have installed AVG A-S, double click avgas-signatures-full-current.exe to update it.
  
  Disabling the Resident Shield:
  
  
• By default the Resident Shield is active but as it may interfere with the process of cleaning your PC, it will need to be disabled.
  (When the PC has been cleaned you can activate the shield again, if you wish.)
  
• Click the Shield icon at the top and under "Resident shield is..." - click active.
  
• This should now change to inactive.
  
  Changing Recommended Actions
  
  
• Click the Scanner icon at the top and then click the Settings Tab.
  
• Under "How to act?" click Recommended actions and select "Quarantine" from the menu.

You can now close AVG A-S.

AVG A-S is designed to be used to both scan for and remove malicious files and also to run in real-time alongside, but not replace, your existing anti-virus program to give an added layer of protection.
Both the Resident Shield and Automatic Updates will only be available for the thirty day trial period, after that AVG A-S will revert to a stand-alone scanner which you can keep and manually update for free and use in a similar way to Ad-Aware SE Personal, Spybot S&D etc.
Should you wish to benefit from the real-time protection, you will need to upgrade the program. To do this, simply open it and click on the Buy now button.

2) You will need to know how to boot into Safe Mode.
Instructions can be found here.

3) You will need to set Windows to show All Hidden Files and Folders.
Instructions can be found here.
** These files are hidden to stop you accidentally removing something important.
It is advisable to hide them again after fixing your computer. **

4) Log off from the internet and disconnect your modem cable for the duration of the fix.

Removal

1) Run HijackThis as you did to generate a log, but this time click on 'Do a system scan only'.
Place a checkmark in the boxes to the left of the following entries, by clicking on them:

R3 - URLSearchHook: (no name) - {D7344010-FADA-8673-DED8-D828E3243BC6} - C:\WINDOWS\system32\djwafy.dll
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

O2 - BHO: (no name) - {7A1693A1-AFAF-4F1E-9B05-EEC38A85FBF3} - C:\WINDOWS\system32\poyif0.dll (file missing)
O2 - BHO: (no name) - {D7344010-FADA-8673-DED8-D828E3243BC6} - C:\WINDOWS\system32\djwafy.dll
O2 - BHO: (no name) - {E4202BB4-942D-B5DC-7BE0-B19EF86750B1} - (no file)
O2 - BHO: (no name) - {EA2C29BD-CF74-BD81-7BE0-B19EF86750B2} - (no file)
O2 - BHO: (no name) - {F07B3E18-D880-A572-D098-AC0FA1944FCA} - (no file)

O4 - HKCU\..\Run: [Rtloal] C:\WINDOWS\system32\CHOST~1.EXE
O4 - HKCU\..\Run: [Ornt] "C:\PROGRA~1\ICROSO~1.NET\winspool.exe" -vt mt

CLOSE ALL OPEN WINDOWS AND BROWSERS - EXCEPT HJT and click on Fix checked

2) Boot into Safe Mode.

3) Navigate to the C:\Windows\Temp folder and delete all the files that you find there.
Do this for all Usernames.

4) Navigate to C:\Documents and Settings\Username\Local Settings\Temp and delete all the files that you find there.
Do this for all Usernames.

5) Go to Start > Control Panel > Internet Options and under Temporary Internet files, click on Delete Files...
Check the box to the left of 'Delete all offline content' and then click on OK.

6) Ensure that ALL open Windows / Programs / Folders are closed and then run AVG Anti-Spyware.

• If it is not already selected, click the Scanner icon at the top and then select the Scan Tab.
  
• Click "Complete System Scan"
  
• While the scan is in progress the PC should be left otherwise idle - so if you fancy a cuppa, now's the time to put the kettle on!
  
• When the scan has completed, any threats that AVG A-S has detected will be displayed.
  
• Click the Apply all actions button at the bottom.
  
• When AVG A-S has finished, it will display the message "All actions have been applied".
  
  Saving a report:
  
  
• Click the Save Report button at the bottom left and the "Reports" window will open.
  
• The content of the scan report will be displayed in the right hand pane and a copy will be automatically saved as Report-Scan-date-time.txt into the C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Reports folder.
  
• You will need to post a copy of this report into your next reply, so if it is more convenient, you can save another copy of this report elsewhere:
  Click the Save report as button and select a destination by clicking the down arrow to the right of the Save in: text box and then click Save.

Close AVG Anti-Spyware.

7) Remove any/all of the following files/folders that you can find:

Files

C:\WINDOWS\system32\CHOST~1.EXE
* The tilde(~) in either a file or folder name indicates that this name is longer than six characters and these have been replaced by the tilde for brevity. E.G. C:\PROGRA~1 = C:\Program Files
The first file, or folder, that uses these particular six letters gets the suffix ~1, the next ~2 and so on.
If you are unsure whether you have the right file or not, DO NOT guess! Leave it and let me know.

As an example:
To delete C:\WINDOWS\system32\filetogo.bye
Double click the My Computer icon on your Desktop.
Double click on Local Disc (C:)
Double click on the Windows folder,
Double click on the System 32 folder,
Right click on filetogo.bye and from the menu that appears, click on 'Delete'

Folders

C:\PROGRA~1\ICROSO~1.NET
This folder may contain the file winspool.exe or AVG A-S may have already deleted it. Again, if you are unsure, don't be naughty and hope for the best!

As an example:
To delete C:\WINDOWS\system32\foldertogo
Double click the My Computer icon on your Desktop.
Double click on Local Disc (C:)
Double click on the Windows folder,
Double click on the System 32 folder,
Right click on foldertogo and from the menu that appears, click on 'Delete'

8) Boot into Normal Mode.

Post a new HJT log, the AVG log AND a description of how your PC is running.

[Hell-Fire Blade]

Here is a fresh hijackthis.log:
Logfile of HijackThis v1.99.1
Scan saved at 9:55:45 PM, on 11/1/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\cisvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\taskswitch.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\PROGRA~1\Ahead\NEROTO~1\DRIVES~1.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\NETGEAR GA311 Adapter\GA311.exe
C:\Program Files\Microsoft Office\Office\1033\msoffice.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SE...S01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SE...S01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Gideon Finkelstein
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [Nero DriveSpeed] C:\PROGRA~1\Ahead\NEROTO~1\DRIVES~1.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [YeppStudioAgent] C:\Program Files\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [PC Pitstop Optimize Scheduler] C:\Program Files\PCPitstop\Optimize\PCPOptimize.exe -boot
O4 - HKLM\..\Run: [PCPitstop Optimize Registration Reminder] C:\Program Files\PCPitstop\Optimize\Reminder.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: GA311 Smart Wizard Utility.lnk = C:\Program Files\NETGEAR GA311 Adapter\GA311.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
O8 - Extra context menu item: Get siteinfo data (fsc) - C:\Program Files\EMS Free Surfer Companion\fslauncher.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Free Surfer - {AFC3FA82-AD07-45cd-8B57-983435B9899E} - C:\Program Files\EMS Free Surfer Companion\FS30.exe
O9 - Extra 'Tools' menuitem: Free Surfer - {AFC3FA82-AD07-45cd-8B57-983435B9899E} - C:\Program Files\EMS Free Surfer Companion\FS30.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Gideon Finkelstein\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YahooMessenger.exe
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPoker.net\partypokernet.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPoker.net\partypokernet.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop...p/PCPitStop.CAB
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.c...es/MsnInstC.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {A2E05F45-F127-4092-B9F7-9A02C3E04C77} (HGPlugin7USA Class) - http://gamedownload.ijjimax.com/gamedownlo...GPlugin7USA.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab32846.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownlo...GPlugin9USA.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: ati2evxx.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe

Here is Report-Scan-20061101-212407.txt (The report file from AVG Anti-Spyware 7.5)
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 9:24:07 PM 11/1/2006

+ Scan result:



HKU\S-1-5-21-1123561945-1677128483-1708537768-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{56F1D444-11BF-4879-A12B-79CF0177F038} -> Adware.180Solutions : Error during cleaning.
C:\System Volume Information\_restore{72574A71-E04D-4C29-8185-D652AD74D0B1}\RP259\A0320950.dll -> Adware.HotBar : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Avenue Media -> Adware.InternetOptimizer : Error during cleaning.
HKLM\SOFTWARE\Avenue Media\Internet Optimizer -> Adware.InternetOptimizer : Error during cleaning.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Kapabout -> Adware.InternetOptimizer : Error during cleaning.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\AMeOpt -> Adware.InternetOptimizer : Error during cleaning.
HKLM\SOFTWARE\Policies\Avenue Media -> Adware.InternetOptimizer : Error during cleaning.
HKU\S-1-5-21-1123561945-1677128483-1708537768-1003\Software\Microsoft\Windows\CurrentVersion\Policies\AMeOpt -> Adware.InternetOptimizer : Error during cleaning.
HKU\S-1-5-21-1123561945-1677128483-1708537768-1003\Software\Policies\Avenue Media -> Adware.InternetOptimizer : Error during cleaning.
C:\Program Files\Common Files\Real\WeatherBug\MiniBugTransporter.dll -> Adware.Minibug : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DyFuCA -> Adware.MoneyTree : Error during cleaning.
C:\System Volume Information\_restore{72574A71-E04D-4C29-8185-D652AD74D0B1}\RP264\A0327238.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{72574A71-E04D-4C29-8185-D652AD74D0B1}\RP264\A0327239.exe -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{72574A71-E04D-4C29-8185-D652AD74D0B1}\RP266\A0331351.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{72574A71-E04D-4C29-8185-D652AD74D0B1}\RP268\A0335407.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{72574A71-E04D-4C29-8185-D652AD74D0B1}\RP270\A0337491.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{72574A71-E04D-4C29-8185-D652AD74D0B1}\RP270\A0340508.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{72574A71-E04D-4C29-8185-D652AD74D0B1}\RP271\A0340611.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{72574A71-E04D-4C29-8185-D652AD74D0B1}\RP271\A0340615.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{72574A71-E04D-4C29-8185-D652AD74D0B1}\RP272\A0341560.DLL -> Adware.PurityScan : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\PROTOCOLS\Name-Space Handler\res -> Adware.WebSearch : Error during cleaning.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\STO -> Adware.WebSearch : Error during cleaning.
C:\WINDOWS\system32\msshed32.exe -> Downloader.Delf.go : Cleaned with backup (quarantined).
C:\QooBox\Purity\Program Files\Common Files\ASKS~1\rotr.exe -> Downloader.PurityScan.co : Cleaned with backup (quarantined).
C:\QooBox\Purity\WINDOWS\CROSOF~1.NET\aren.exe -> Downloader.PurityScan.co : Cleaned with backup (quarantined).
C:\QooBox\Purity\WINDOWS\CROSOF~1.NET\wucrtupd.exe -> Downloader.PurityScan.co : Cleaned with backup (quarantined).
C:\Program Files\Trillian\Crack.exe -> Logger.Agent.nbq : Cleaned with backup (quarantined).
C:\stuff\Crack.exe -> Logger.Agent.nbq : Cleaned with backup (quarantined).
C:\Program Files\Spytech Software\Spytech SpyAgent\NoStealth.exe -> Not-A-Virus.Monitor.Win32.SpyAgent.g : Error during cleaning.
C:\WINDOWS\ACSystem.dll -> Not-A-Virus.Monitor.Win32.SpyAgent.g : Error during cleaning.
C:\WINDOWS\SystemSA32.dll -> Not-A-Virus.Monitor.Win32.SpyAgent.g : Error during cleaning.
C:\WINDOWS\system32\NTInvisible.dll -> Not-A-Virus.Monitor.Win32.SpyAgent.g : Error during cleaning.
D:\WINDOWS\Cookies\administrator@2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
D:\WINDOWS\Cookies\administrator@microsofteup.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
D:\WINDOWS\Cookies\gideon finkelstein@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
D:\WINDOWS\Cookies\administrator@adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned.
D:\WINDOWS\Cookies\administrator@track.adrevolver[1].txt -> TrackingCookie.Adrevolver : Cleaned.
D:\WINDOWS\Cookies\administrator@advertising[1].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\Gideon Finkelstein\Cookies\gideon finkelstein@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
D:\WINDOWS\Cookies\administrator@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
D:\WINDOWS\Cookies\administrator@citi.bridgetrack[1].txt -> TrackingCookie.Bridgetrack : Cleaned.
D:\WINDOWS\Cookies\administrator@casalemedia[2].txt -> TrackingCookie.Casalemedia : Cleaned.
C:\Documents and Settings\Gideon Finkelstein\Cookies\gideon finkelstein@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
D:\WINDOWS\Cookies\administrator@doubleclick[2].txt -> TrackingCookie.Doubleclick : Cleaned.
D:\WINDOWS\Cookies\administrator@fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned.
D:\WINDOWS\Cookies\administrator@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
D:\WINDOWS\Cookies\administrator@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned.
D:\WINDOWS\Cookies\administrator@trafficmp[2].txt -> TrackingCookie.Trafficmp : Cleaned.
C:\Documents and Settings\Gideon Finkelstein\Cookies\gideon finkelstein@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Cleaned.
D:\WINDOWS\Cookies\administrator@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Cleaned.
D:\WINDOWS\Cookies\administrator@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned.
D:\WINDOWS\Cookies\administrator@zedo[2].txt -> TrackingCookie.Zedo : Cleaned.
HKU\S-1-5-21-1123561945-1677128483-1708537768-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7A1693A1-AFAF-4F1E-9B05-EEC38A85FBF3} -> Trojan.Kolweb.b : Error during cleaning.
HKU\S-1-5-21-1123561945-1677128483-1708537768-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7A1693A1-AFAF-4F1E-9B05-EEC38A85FBF3} -> Trojan.Kolweb.b : Error during cleaning.
C:\System Volume Information\_restore{72574A71-E04D-4C29-8185-D652AD74D0B1}\RP272\A0341561.dll -> Trojan.Kolweb.f : Cleaned with backup (quarantined).
C:\WINDOWS\7x15p.sys -> Trojan.Kolweb.g : Cleaned with backup (quarantined).
C:\WINDOWS\system32\7x15p.sys -> Trojan.Kolweb.g : Cleaned with backup (quarantined).
C:\WINDOWS\system32\gg8kq1.exe -> Trojan.Kolweb.g : Cleaned with backup (quarantined).
C:\WINDOWS\system32\w0gqu.exe -> Trojan.Kolweb.g : Cleaned with backup (quarantined).
C:\WINDOWS\cl2.exe -> Trojan.Kolweb.h : Cleaned with backup (quarantined).
C:\WINDOWS\system32\cl2.exe -> Trojan.Kolweb.h : Cleaned with backup (quarantined).


::Report end

There were many errors during the AVG Anti-Spyware 7.5 "fixing" process. All of them entailed not being able to backup the file being deleted. There was one thing detected that originates from something called SpyTech Agent, which I believe was one of the many anti-spyware tools I downloaded before coming here. I did not know whether to delete these items, so I opted not to. All other files I clicked yes when it asked me about deleting the item. When my computer started up, I did not notice much difference in startup speed, however.

Should I change back all the things I changed during this scan? (e.g. AVG's Resident Shield, Showing Hidden Files, etc.)

I also ran a windows search for anything that had the tilde(~) in it. I deleted all files it turned up.

What else do you suggest for me?

(p.s. there was a LOT of crap that AVG turned up )

[Hell-Fire Blade]

{Sorry, accidental double-post}

Edited by Hell-Fire Blade, 02 November 2006 - 03:09 AM.

[Noviciate]

The errors relate to registry keys that probably require manually deleting as permissions will need to be altered. As they are lefovers, it isn't important and I would leave them alone unless you are familiar with editing the registry - if things go wrong, you could end up reinstalling.

Quote

I also ran a windows search for anything that had the tilde(~) in it. I deleted all files it turned up.

The tilde is simply a symbol that indicates that a file or folder name has been shortened. If you have deleted every file that has a tilde in, you have cleaned out a lot of legitimate stuff. I suggest that you restore them from the recycle Bin, if they are in there.
The only file that needed deleting was C:\WINDOWS\system32\CHOST~1.EXE
The only folder that needed deleting was C:\PROGRA~1\ICROSO~1.NET

If you don't want to use the AVG A-S Resident Guard, do the following:

• Go to Start > Run, enter services.msc and hit OK.
  
• Locate and right click AVG Anti-Spyware Guard
  
• Select Properties from the menu.
  
• Under the General Tab, change the Service status: to Stopped and then the Startup type: to Disabled.

You don't need to have this service running if you aren't using the guard.
Once the trial period has expired, you will need to do this unless you upgrade as well.

The following steps will serve as a spring clean for your PC. Not all of them will be of benefit to your PC as this is a general post, but the overall effect should be positive.

1) Go to Start > Control Panel > Add/Remove Programs and remove any programs that you no longer use and then reboot your PC.

2) Download ATF Cleaner by Atribune from here and save it to your Desktop.
Double click ATF-Cleaner.exe to run the program.
Check the boxes to the left of:

Windows Temp
Current User Temp
All Users Temp
Temporary Internet Files
Java Cache

The rest are optional - if you want to remove the lot, check "Select All".
Finally click Empty Selected. When you get the "Done Cleaning" message, click OK.

If you use the Firefox or Opera browsers, you can use this program as a quick way to tidy those up as well.

When you have finished, click on the Exit button in the Main menu.

For Technical Support, double-click the e-mail address located at the bottom of each menu.

Please Note: This program is for Windows XP and Windows 2000 only.

3) Double click My Computer.
Right click the disc drive you wish to check.
Click Properties.
In the Properties dialog box, click the Tools Tab.
Under Error-checking, click the Check Now button.
In the "Check Disc Local Disk (C:)" dialog box, check both Automatically fix file system errors and Scan for and attempt recovery of bad sectors, and then click Start.

This will look for and attempt to repair any errors that your hard drive has.

4) Go to Start > Run, enter sfc /scannow ( note the space between the "c" and "/" ) and click on OK.

This will look for and attempt to replace any corrupt system files that can be found. There are backups of some of these files on your PC and Windows will check for a copy here first. If you are prompted to insert your Windows XP disc, do so. If you don't have this disc and are asked for it, you will have to cancel at this point.

For details on the System File Checker, click here.

5) Defragment your hard drive. A tutorial for disc defragmentation is available here.

6) Download and run StartUp Inspector.
This program will help you to decide exactly what programs you disable from running at startup.
The Readme.txt file included has instructions on how to use it.

Let me know how you get on.