Hi I have run a couple of antivirus programs, and they have found this file "tuvwxuv.dll" in the windows\system32 folder. None of the programs can delete this file though. I have tried using Windows Explorer to go the file and manually delete it, but it won't let me delete it in regular mode or safe mode. I was wondering if anybody knows how I can get rid of this? Thanks! Homer

Please post a Hijack This log so that the files associated with the virus/spyware/hijacker can be identified. Please download HJTsetup.exe from this link http://www.thespykiller.co.uk/files/HJTsetup.exe to your desktop. Doubleclick on the HJTsetup.exe icon on your desktop. By default it will install to C:\Program Files\Hijack This. Continue to click "next" in the setup dialogue boxes until you get to the "Select Addition Tasks" dialogue. Put a check by "Create a desktop icon" then click "Next" again. Continue to follow the rest of the prompts from there. At the final dialogue box click "Finish" and it will launch Hijack This. Click on the "Do a system scan and save a logfile" button. It will scan and the log should open in notepad. Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log and post it in this thread. Do not fix anything yet unless you know what you are doing. This is a powerful tool that can crash the computer if used improperly. Next, please download SmitFraudFix from this link http://siri.urz.free.fr/Fix/Smitfra... Then extract the contents to your desktop. !!!! Only run option #1 as runing the other options on an uninfected computer will damage the desktop.!!!! Open the "SmitfraudFix" folder and double-click "smitfraudfix.cmd" Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present). Please copy/paste the content of that report into your next reply. Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.

Hi Thanks alot for your help! Here are the logs you requested... Logfile of HijackThis v1.99.1 Scan saved at 9:26:55 AM, on 4/6/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16414) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\WINDOWS\system32\Ati2evxx.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\WINDOWS\Explorer.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\ehome\ehtray.exe C:\Program Files\Digital Media Reader\shwiconem.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\zHotkey.exe C:\WINDOWS\SOUNDMAN.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEA.exe C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.exe C:\Program Files\Logitech\ImageStudio\LogiTray.exe C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\ZoneLabs\isafe.exe C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe C:\WINDOWS\eHome\ehmsas.exe K:\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?Lin... R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?Lin... R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?Lin... R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?Lin... R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O3 - Toolbar: Ask Toolbar - {5A074B29-F830-49de-A31B-40463F552DA4} - C:\Program Files\MyDailyVideo\bar\bin\askBar.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [CHotkey] zHotkey.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.exe O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.exe O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe O4 - HKLM\..\Run: [EPSON Stylus CX4200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEA.exe /P26 "EPSON Stylus CX4200 Series" /O6 "USB001" /M "Stylus CX4200" O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.exe O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" O4 - HKLM\..\Run: [winupdates] C:\Program Files\winupdates\winupdates.exe /auto O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.exe" /background O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O4 - Global Startup: Logitech SetPoint.lnk = ? O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML O8 - Extra context menu item: &Save Image to Folder - res://C:\Program Files\MyDailyVideo\bar\bin\askBar.dll/saveimagetofolder.html O8 - Extra context menu item: &Save Image to MyStuff - res://C:\Program Files\MyDailyVideo\bar\bin\askBar.dll/saveimages.html O8 - Extra context menu item: &Save Link to Folder - res://C:\Program Files\MyDailyVideo\bar\bin\askBar.dll/saveltof.html O8 - Extra context menu item: &Save Link to MyStuff - res://C:\Program Files\MyDailyVideo\bar\bin\askBar.dll/savelink.html O8 - Extra context menu item: &Save Page to Folder... - res://C:\Program Files\MyDailyVideo\bar\bin\askBar.dll/savepagetofolder.html O8 - Extra context menu item: &Save this Page to MyStuff - res://C:\Program Files\MyDailyVideo\bar\bin\askBar.dll/savewebpage.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra button: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePokerMaster\EmpirePoker\RunEPoker.exe (file missing) O9 - Extra 'Tools' menuitem: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePokerMaster\EmpirePoker\RunEPoker.exe (file missing) O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing) O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing) O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Owner\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binar... O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/... O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binar... O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai.net/f/516/2517... O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binar... O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://www.drivecleaner.com/.freewa... O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/... O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/res... O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microso... O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - http://javadl-esd.sun.com/update/1.... O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binar... O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binar... O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://www.shockwave.com/content/he... O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} (GameDesire Pool 8) - http://67.15.101.3/g_bin/eng/billar... O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C2} (GameDesire Pool 9) - http://67.15.101.3/g_bin/eng/billar... O18 - Protocol: bw+0 - {85C89B83-583F-449F-A394-DCC8873AF8B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw+0s - {85C89B83-583F-449F-A394-DCC8873AF8B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0 - {85C89B83-583F-449F-A394-DCC8873AF8B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0s - {85C89B83-583F-449F-A394-DCC8873AF8B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00 - {85C89B83-583F-449F-A394-DCC8873AF8B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00s - {85C89B83-583F-449F-A394-DCC8873AF8B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10 - {85C89B83-583F-449F-A394-DCC8873AF8B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10s - {85C89B83-583F-449F-A394-DCC8873AF8B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20 - {85C89B83-583F-449F-A394-DCC8873AF8B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20s - {85C89B83-583F-449F-A394-DCC8873AF8B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30 - {85C89B83-583F-449F-A394-DCC8873AF8B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30s - {85C89B83-583F-449F-A394-DCC8873AF8B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40 - {85C89B83-583F-449F-A394-DCC8873AF8B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40s - {85C89B83-583F-449F-A394-DCC8873AF8B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50 - {85C89B83-583F-449F-A394-DCC8873AF8B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50s - {85C89B83-583F-449F-A394-DCC8873AF8B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60 - {85C89B83-583F-449F-A394-DCC8873AF8B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60s - {85C89B83-583F-449F-A394-DCC8873AF8B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70 - {85C89B83-583F-449F-A394-DCC8873AF8B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70s - {85C89B83-583F-449F-A394-DCC8873AF8B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80 - {85C89B83-583F-449F-A394-DCC8873AF8B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80s - {85C89B83-583F-449F-A394-DCC8873AF8B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90 - {85C89B83-583F-449F-A394-DCC8873AF8B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90s - {85C89B83-583F-449F-A394-DCC8873AF8B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0 - {85C89B83-583F-449F-A394-DCC8873AF8B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0s - {85C89B83-583F-449F-A394-DCC8873AF8B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0 - {85C89B83-583F-449F-A394-DCC8873AF8B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0s - {85C89B83-583F-449F-A394-DCC8873AF8B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0 - {85C89B83-583F-449F-A394-DCC8873AF8B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0s - {85C89B83-583F-449F-A394-DCC8873AF8B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0 - {85C89B83-583F-449F-A394-DCC8873AF8B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0s - {85C89B83-583F-449F-A394-DCC8873AF8B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0 - {85C89B83-583F-449F-A394-DCC8873AF8B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0s - {85C89B83-583F-449F-A394-DCC8873AF8B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0 - {85C89B83-583F-449F-A394-DCC8873AF8B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0s - {85C89B83-583F-449F-A394-DCC8873AF8B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: bwg0 - {85C89B83-583F-449F-A394-DCC8873AF8B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwg0s - {85C89B83-583F-449F-A394-DCC8873AF8B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0 - {85C89B83-583F-449F-A394-DCC8873AF8B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0s - {85C89B83-583F-449F-A394-DCC8873AF8B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0 - {85C89B83-583F-449F-A394-DCC8873AF8B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0s - {85C89B83-583F-449F-A394-DCC8873AF8B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0 - {85C89B83-583F-449F-A394-DCC8873AF8B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0s - {85C89B83-583F-449F-A394-DCC8873AF8B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0 - {85C89B83-583F-449F-A394-DCC8873AF8B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0s - {85C89B83-583F-449F-A394-DCC8873AF8B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0 - {85C89B83-583F-449F-A394-DCC8873AF8B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0s - {85C89B83-583F-449F-A394-DCC8873AF8B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0 - {85C89B83-583F-449F-A394-DCC8873AF8B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0s - {85C89B83-583F-449F-A394-DCC8873AF8B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0 - {85C89B83-583F-449F-A394-DCC8873AF8B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0s - {85C89B83-583F-449F-A394-DCC8873AF8B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0 - {85C89B83-583F-449F-A394-DCC8873AF8B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0s - {85C89B83-583F-449F-A394-DCC8873AF8B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0 - {85C89B83-583F-449F-A394-DCC8873AF8B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0s - {85C89B83-583F-449F-A394-DCC8873AF8B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0 - {85C89B83-583F-449F-A394-DCC8873AF8B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0s - {85C89B83-583F-449F-A394-DCC8873AF8B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0 - {85C89B83-583F-449F-A394-DCC8873AF8B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0s - {85C89B83-583F-449F-A394-DCC8873AF8B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0 - {85C89B83-583F-449F-A394-DCC8873AF8B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0s - {85C89B83-583F-449F-A394-DCC8873AF8B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0 - {85C89B83-583F-449F-A394-DCC8873AF8B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0s - {85C89B83-583F-449F-A394-DCC8873AF8B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0 - {85C89B83-583F-449F-A394-DCC8873AF8B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0s - {85C89B83-583F-449F-A394-DCC8873AF8B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0 - {85C89B83-583F-449F-A394-DCC8873AF8B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0s - {85C89B83-583F-449F-A394-DCC8873AF8B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0 - {85C89B83-583F-449F-A394-DCC8873AF8B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0s - {85C89B83-583F-449F-A394-DCC8873AF8B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0 - {85C89B83-583F-449F-A394-DCC8873AF8B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0s - {85C89B83-583F-449F-A394-DCC8873AF8B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0 - {85C89B83-583F-449F-A394-DCC8873AF8B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0s - {85C89B83-583F-449F-A394-DCC8873AF8B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0 - {85C89B83-583F-449F-A394-DCC8873AF8B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0s - {85C89B83-583F-449F-A394-DCC8873AF8B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: offline-8876480 - {85C89B83-583F-449F-A394-DCC8873AF8B0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O20 - AppInit_DLLs: 15.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing) O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe SmitFraudFix v2.164 Scan done at 9:28:22.93, Fri 04/06/2007 Run from K:\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT The filesystem type is NTFS Fix run in normal mode »»»»»»»»»»»»»»»»»»»»»»»» Process C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\WINDOWS\system32\Ati2evxx.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\WINDOWS\Explorer.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\ehome\ehtray.exe C:\Program Files\Digital Media Reader\shwiconem.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\zHotkey.exe C:\WINDOWS\SOUNDMAN.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEA.exe C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.exe C:\Program Files\Logitech\ImageStudio\LogiTray.exe C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\ZoneLabs\isafe.exe C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe C:\WINDOWS\eHome\ehmsas.exe K:\HijackThis.exe C:\WINDOWS\system32\cmd.exe »»»»»»»»»»»»»»»»»»»»»»»» hosts »»»»»»»»»»»»»»»»»»»»»»»» C:\ »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32 »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Owner »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Owner\Application Data »»»»»»»»»»»»»»»»»»»»»»»» Start Menu »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Owner\FAVORI~1 »»»»»»»»»»»»»»»»»»»»»»»» Desktop »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="My Current Home Page" »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="15.dll" »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "System"="" »»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32-huy32 »»»»»»»»»»»»»»»»»»»»»»»» DNS »»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection »»»»»»»»»»»»»»»»»»»»»»»» End Again, thanks alot for your help!! Homer

Go to start > controlpanel > add/remove programs and uninstall next if present: ClickSpring Cowabanga by OIN ipwindows / ipwins MediaTickets MediaTickets by OIN OIN Outer Info Network PurityScan PurityScan by OIN Snowball Wars by OIN TizzleTalk TizzleTalk by OIN Yazzle by OIN Yazzle ActiveX by OIN Yazzle Cowabanga by OIN Yazzle Kobe :filtered:! By OIN Yazzle Picster by OIN Yazzle Snowball Wars by OIN Yazzle Sudoku by OIN Zolero Translator or anything similar with Oin in it 888 toolbar anything with 888 in it If OIN not listed, download and run this uninstaller OiUninstaller.exe Reboot when done! Really important! Please download ComboFix to the desktop from this link: http://download.bleepingcomputer.com/sUBs/ComboFix.exe Double-click combofix.exe Follow the prompts. (Don't click on the window while the program is running, it may cause your system to hang.) Please post the log it produces.

Hi I checked for those programs you had listed...didn't find any. I ran the OiUninstaller. Then I ran the combofix and got this log.... "Owner" - 07-04-06 11:19:35 Service Pack 2 ComboFix 07-04-05 - Running from: "K:\" (((((((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\DOCUME~1\Owner\Desktop\internet.lnk C:\WINDOWS\system32\ping.com C:\WINDOWS\system32\tasklist.com C:\WINDOWS\system32\tracert.com C:\WINDOWS\hosts C:\WINDOWS\system32\adeeg.ini C:\Program Files\winupdates C:\Program Files\Common Files\{2CEC6~1 ((((((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) -------\LEGACY_MCHINJDRV ((((((((((((((((((((((((((((((( Files Created from 2007-03-06 to 2007-04-06 )))))))))))))))))))))))))))))))))) 2007-04-06 09:28 4,074 --a------ C:\WINDOWS\system32\tmp.reg 2007-04-05 11:05 280,676 ---hs---- C:\WINDOWS\system32\geebb.dll 2007-04-05 10:14 <DIR> d-------- C:\WINDOWS\BDOSCAN8 2007-04-02 17:16 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\PCTurbo Pro Free 2007-04-02 08:16 192,000 --a------ C:\DOCUME~1\Owner\x.exe 2007-04-01 14:57 779,078 ---hs---- C:\WINDOWS\system32\qstwa.bak2 2007-04-01 14:13 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\DriveCleaner Free 2007-04-01 14:02 <DIR> d-------- C:\Program Files\Common Files\DriveCleaner Free 2007-03-29 19:56 769,407 ---hs---- C:\WINDOWS\system32\qstwa.bak1 2007-03-29 19:45 <DIR> d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP 2007-03-27 09:04 <DIR> d-------- C:\Program Files\MSXML 6.0 2007-03-25 13:16 <DIR> d-------- C:\Program Files\MyVideoDaily2 2007-03-25 13:16 <DIR> d-------- C:\Program Files\MyDailyVideo 2007-03-24 22:42 <DIR> d-------- C:\Program Files\MSN Messenger 2007-03-24 00:00 1,021,504 --a------ C:\WINDOWS\system32\vete.dll 2007-03-23 19:05 <DIR> d-------- C:\Program Files\MTV Networks 2007-03-22 23:38 77,824 --a------ C:\WINDOWS\system32\driverif.dll 2007-03-22 23:38 645,904 --a------ C:\WINDOWS\system32\drivers\vetmonnt.sys 2007-03-22 23:38 21,605 --a------ C:\WINDOWS\system32\drivers\vet-filt.sys 2007-03-22 23:38 15,668 --a------ C:\WINDOWS\system32\drivers\vet-rec.sys 2007-03-22 23:38 12,288 --a------ C:\WINDOWS\system32\vetntmsg.dll 2007-03-22 23:38 115,088 --a------ C:\WINDOWS\system32\drivers\vetfddnt.sys 2007-03-22 11:23 <DIR> d-------- C:\Program Files\Crystal Cave Gold Demo 2007-03-19 18:11 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF 2007-03-18 18:30 1,903 --a------ C:\WINDOWS\mozver.dat 2007-03-15 23:45 <DIR> d-------- C:\DOCUME~1\Guest\APPLIC~1\MailFrontier 2007-03-15 23:45 <DIR> d-------- C:\DOCUME~1\Guest\APPLIC~1\Logitech 2007-03-15 23:45 <DIR> d-------- C:\DOCUME~1\Guest\APPLIC~1\Adobe (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-04-06 10:45 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat 2007-03-27 09:10 -------- d-------- C:\Program Files\microsoft sql server 2007-03-23 17:06 -------- d-------- C:\DOCUME~1\Owner\APPLIC~1\mailfrontier 2007-03-19 18:13 -------- d-------- C:\Program Files\windows media connect 2 2007-03-08 10:36 577536 --a------ C:\WINDOWS\system32\user32.dll 2007-03-08 10:36 40960 --a------ C:\WINDOWS\system32\mf3216.dll 2007-03-08 10:36 281600 --a------ C:\WINDOWS\system32\gdi32.dll 2007-03-08 08:47 1843584 --a------ C:\WINDOWS\system32\win32k.sys 2007-03-04 20:44 -------- d-------- C:\Program Files\empirepokermaster 2007-02-26 17:31 -------- d-------- C:\Program Files\erightsoft 2007-02-17 14:13 -------- d-------- C:\Program Files\limewire 2007-02-10 05:29 67952 --a------ C:\WINDOWS\system32\sqlctr90.dll 2007-02-10 05:29 2234224 --a------ C:\WINDOWS\system32\sqlncli.dll 2007-01-19 12:53 51056 --a------ C:\WINDOWS\system32\sirenacm.dll 2007-01-12 14:05 361320 --a------ C:\billiards_install_1_0_0_52.exe 2007-01-12 10:27 822784 --a------ C:\WINDOWS\system32\wininet(2).dll 2007-01-12 10:27 1149952 --a------ C:\WINDOWS\system32\urlmon(2).dll 2007-01-08 20:04 105984 --a------ C:\WINDOWS\system32\url(2).dll 2007-01-08 20:02 266752 --a------ C:\WINDOWS\system32\iertutil(2).dll 2007-01-08 20:01 17408 --a------ C:\WINDOWS\system32\corpol.dll (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background" "MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background" "LDM"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe" "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe" "IncrediMail"="C:\\Program Files\\IncrediMail\\bin\\IncMail.exe /c" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "ehTray"="C:\\WINDOWS\\ehome\\ehtray.exe" "SunKistEM"="C:\\Program Files\\Digital Media Reader\\shwiconem.exe" "ATIPTA"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe" "CHotkey"="zHotkey.exe" "SoundMan"="SOUNDMAN.EXE" "Recguard"=hex(2):25,57,49,4e,44,49,52,25,5c,53,4d,49,4e,53,54,5c,52,45,43,47,\ 55,41,52,44,2e,45,58,45,00 "Reminder"=hex(2):25,57,49,4e,44,49,52,25,5c,43,72,65,61,74,6f,72,5c,52,65,6d,\ 69,6e,64,5f,58,50,2e,65,78,65,00 "EPSON Stylus CX4200 Series"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_FATIAEA.exe /P26 \"EPSON Stylus CX4200 Series\" /O6 \"USB001\" /M \"Stylus CX4200\"" "zBrowser Launcher"="C:\\Program Files\\Logitech\\iTouch\\iTouch.exe" "LVCOMS"="C:\\Program Files\\Common Files\\Logitech\\QCDriver3\\LVCOMS.exe" "LogitechGalleryRepair"="C:\\Program Files\\Logitech\\ImageStudio\\ISStart.exe" "LogitechImageStudioTray"="C:\\Program Files\\Logitech\\ImageStudio\\LogiTray.exe" "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" "SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_10\\bin\\jusched.exe\"" "winupdates"="C:\\Program Files\\winupdates\\winupdates.exe /auto" "Zone Labs Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\"" "AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgcc.exe /STARTUP" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL] "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI] "Installed"="1" "NoChange"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS] "Installed"="1" [HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce] "RunNarrator"="Narrator.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] "path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Adobe Reader Speed Launch.lnk" "backup"="C:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup" "location"="Common Startup" "command"="C:\\PROGRA~1\\Adobe\\READER~1.0\\Reader\\READER~1.exe " "item"="Adobe Reader Speed Launch" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk] "path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Adobe Reader Synchronizer.lnk" "backup"="C:\\WINDOWS\\pss\\Adobe Reader Synchronizer.lnkCommon Startup" "location"="Common Startup" "command"="C:\\PROGRA~1\\Adobe\\READER~1.0\\Reader\\ADOBEC~1.exe " "item"="Adobe Reader Synchronizer" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="" "hkey"="HKLM" "command"="" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="iTunesHelper" "hkey"="HKLM" "command"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\"" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="NBJ" "hkey"="HKCU" "command"="\"C:\\Program Files\\Ahead\\Nero BackItUp\\NBJ.exe\"" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="NeroCheck" "hkey"="HKLM" "command"="C:\\WINDOWS\\system32\\NeroCheck.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PAS_Check] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="udcpas" "hkey"="HKLM" "command"="\"C:\\Program Files\\Common Files\\DriveCleaner Free\\udcpas.exe\"" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="qttask" "hkey"="HKLM" "command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="RealPlay" "hkey"="HKLM" "command"="C:\\Program Files\\Real\\RealPlayer\\RealPlay.exe SYSTEMBOOTHIDEPLAYER" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="PDVDServ" "hkey"="HKLM" "command"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\"" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDR6_Check] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="udcsdr" "hkey"="HKLM" "command"="\"C:\\Program Files\\Common Files\\DriveCleaner Free\\udcsdr.exe\"" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundService] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="jaxajbuy" "hkey"="HKLM" "command"="rundll32.exe \"C:\\WINDOWS\\system32\\jaxajbuy.dll\",setvm" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="AdobeUpdateManager" "hkey"="HKCU" "command"="\"C:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe\" AcRdB7_0_7 -reboot 1" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WebCamRT.exe] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="" "hkey"="HKCU" "command"="" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="WMPNSCFG" "hkey"="HKCU" "command"="C:\\Program Files\\Windows Media Player\\WMPNSCFG.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "appinit_dlls"="15.dll" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{7D064D71-DD76-4596-90C0-921766AD560A}"="" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload] "WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,\ 63,65,73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,5c,52,6f,79,61,6c,65,2e,\ 6d,73,73,74,79,6c,65,73,00 "InstallTheme"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,63,65,\ 73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,2e,74,68,65,6d,65,00 HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awtsq HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\geebb HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\geeda HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tuvwxuv [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll" HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa Authentication Packages REG_MULTI_SZ msv1_0\0\0 Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0 Notification Packages REG_MULTI_SZ scecli\0\0 [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] HTTPFilter REG_MULTI_SZ HTTPFilter\0\0 LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService REG_MULTI_SZ DnsCache\0\0 DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0 rpcss REG_MULTI_SZ RpcSs\0\0 imgsvc REG_MULTI_SZ StiSvc\0\0 termsvcs REG_MULTI_SZ TermService\0\0 WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0 [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D] Shell\AutoRun\command C:\WINDOWS\system32\RunDLL32.exe Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480 [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{79be7b9c-0e07-11da-b64f-00038a000015}] Shell\AutoRun\command K:\smartAP.exe [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{da2d4123-6da5-11da-9809-806d6172696f}] Shell\AutoRun\command C:\WINDOWS\system32\RunDLL32.exe Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480 ******************************************************************** catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006 http://www.gmer.net scanning hidden processes ... scanning hidden services ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 ******************************************************************** Completion time: 07-04-06 11:25:12 C:\ComboFix-quarantined-files.txt ... 07-04-06 11:25 Thanks so much!!!

Please download VundoFix.exe to your C:\. Double-click VundoFix.exe to run it. Click the Scan for Vundo button. Once it's done scanning, click the Remove Vundo button. You will receive a prompt asking if you want to remove the files, click YES Once you click yes, your desktop will go blank as it starts removing Vundo. When completed, it will prompt that it will shutdown your computer, click OK. Turn your computer back on. Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot. Post the log located at C:Vundofix.txt. Then post a new combofix log please.

try spybot search and destroy with adaware se free edition in safemode ( with network ) update them and run good luck