Hi there, first off I'd like to thank the 'tech gurus' who help people out. It's much appreciated! Anyway, I've been scouring various forums about ways to remove spyware, malware, adware, etc. And it has helped but there still seems to be some linger resistance lurking somewhere in my computer and I think it requires someone with more experience to find it.

What's also weird is when I do clean up (ususally in Safe Mode) and reboot to normal, I would get a slow start up (even though I took off quite a bit off on start up) and in the first 5 minutes of boot up I notice on the bottom of my screen some 'set up' programs that seem to be minimized that last for about 1 second and disappears. After that a few seconds later -- lo and behold random pop ups!

There were a few kept saying "can't be deleted because it was being used by a different application, even while using some of the programs listed below. The programs that I've used so far are:

1. AVG Anti-Spyware (Found and removed)
2. Ad-Aware (Found and removed)
3. Combo Fix - (Found for the most part and removed)
4. VundoFix - (was able to remove a few)
5. KillBox - (unsuccessful)
6. CCleaner (clean)
7. Sysclean (clean)

Note: efcyxxv.dll was one of the nasty culprits that just won't go away.

My Computer Spec:

AMD Athlon XP 3200+
2.19 Ghz, 1.0 GB of RAM

Below is the current hijackthis log:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 12:14:15 PM, on 8/3/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\AIM6\aim6.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\Desktop\HiJackThis_v2.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us10.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://us10.hpwis.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: (no name) - {00D0E786-A9E4-4EC5-82BA-E4E57D285B83} - C:\WINDOWS\system32\efcyxxv.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {A9B8DCA0-C3A8-4502-8725-AEB52B7C2B7A} - C:\WINDOWS\system32\mljjh.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {C6039E6C-BDE9-4de5-BB40-768CAA584FDC} - C:\WINDOWS\system32\ffemvidr.dll
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SystemOptimizer] rundll32.exe "C:\WINDOWS\system32\iwglouyj.dll",forkonce
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1170462026205
O20 - Winlogon Notify: efcyxxv - C:\WINDOWS\SYSTEM32\efcyxxv.dll
O20 - Winlogon Notify: mljjh - C:\WINDOWS\system32\mljjh.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Recommended Answers

All 6 Replies

Someone please help

Hello, Sol. Because I do not know when you started trying to remove your pests, I would like to start from scratch, so please delete your copies of ComboFix, C:\combofix.txt, Vundofix, C:\vundofix.txt.
Great. You still have a bit of Symantec running - could you try to uninstall it? If it will not go we can deal with that later, cos it may take a removal tool from Norton to do the job.

It appears that you have a vundo infection, so please rename hijackthis.exe to imabunny.exe - this is important.
==Please download VundoFix.exe to your desktop from http://www.atribune.org/ccount/click.php?id=4
Combofix:
==Download this file to your desktop: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
==Update AVG-AS
Unlocker 1.8.5
==This one is a general purpose deleter, Unlocker 1.8.5: http://filehippo.com/download_unlocker/
Dclick the exe to install it, unchecking the updater and assistant boxes. It runs from the rclick context menu, and that is cool.

=Restart your system in Safe Mode.
=Double-click VundoFix.exe to start it. Click the Scan for Vundo button.
When the scan completes click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files - click YES
Your desktop will then go blank as the process of removing Vundo starts.
When completed it will prompt that it will restart your computer - click OK.
Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.
!! Check the Vundofix log for any entries that could not be deleted - if present rerun Vundofix!!

In Safe Mode....
=dclick combofix.exe and follow the prompts to start it. When finished, it will produce a log, C:\Combofix.txt - post that log in your next reply.
A word of caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop.

=Run Ccleaner
=Start AVG a-s 7.5 in Safe Mode;
-under Scanner/ Settings please change the default action from Recommended Actions to QUARANTINE, and run the complete system scan.
-press Apply all Actions and Save the log file.

Start hijackthis, select Scan Only, place checkmarks against all the entries listed below that still exist, and then press Fix Checked.

O2 - BHO: (no name) - {00D0E786-A9E4-4EC5-82BA-E4E57D285B83} - C:\WINDOWS\system32\efcyxxv.dll
O2 - BHO: (no name) - {A9B8DCA0-C3A8-4502-8725-AEB52B7C2B7A} - C:\WINDOWS\system32\mljjh.dll
O2 - BHO: (no name) - {C6039E6C-BDE9-4de5-BB40-768CAA584FDC} - C:\WINDOWS\system32\ffemvidr.dll
O4 - HKLM\..\Run: [SystemOptimizer] rundll32.exe "C:\WINDOWS\system32\iwglouyj.dll",forkonce **!!
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O20 - Winlogon Notify: efcyxxv - C:\WINDOWS\SYSTEM32\efcyxxv.dll
O20 - Winlogon Notify: mljjh - C:\WINDOWS\system32\mljjh.dll

*** this one will have changed its filename if you have restarted your sys since the log was posted - note its new name!!

Browse to and delete these files, using Unlocker if needs be.
C:\WINDOWS\system32\ffemvidr.dll
C:\WINDOWS\system32\iwglouyj.dll *** use name you noted before!!

Post the contents of C:\vundofix.txt, C:\combofix.txt, the AVG log plus a new HijackThis log, run last of all in Normal mode..

Thanks, Gerbil for your help. I notice there isn't any more pop ups but my boot up still takes a while to load. I ran everything you said and here are the results:

Combofix:
ComboFix 07-08-07.6 - "Owner" 2007-08-07 17:36:22.2 - NTFSx86 NETWORK
Microsoft Windows XP Home Edition  5.1.2600.2.1252.1.1033.18.756 [GMT -8:00]



(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))



C:\Program Files\codec_setup.exe
C:\WINDOWS\Casino.ico
C:\WINDOWS\Free Online Dating.ico
D:\Autorun.inf



(((((((((((((((((((((((((   Files Created from 2007-07-08 to 2007-08-08  )))))))))))))))))))))))))))))))



2007-08-07 16:23    <DIR>    d--------   C:\VundoFix Backups
2007-08-03 18:04    <DIR>    d--------   C:\WINDOWS\system32\ActiveScan
2007-08-03 00:39    <DIR>    d--------   C:\Program Files\CCleaner
2007-08-03 00:37    10,872  --a------   C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-08-01 23:04    512 --a------   C:\ScanSectorLog.dat
2007-08-01 02:39    <DIR>    d--------   C:\DOCUME~1\Owner\APPLIC~1\MailFrontier
2007-08-01 02:24    1,087,216   --a------   C:\WINDOWS\system32\zpeng24.dll
2007-08-01 02:06    159,744 --a------   C:\WINDOWS\system32\hasher.dll
2007-08-01 02:05    <DIR>    d--------   C:\Program Files\Trisnap Technologies
2007-08-01 01:15    <DIR>    d--------   C:\!KillBox
2007-08-01 00:33    51,200  --a------   C:\WINDOWS\nircmd.exe
2007-08-01 00:32    416 --a------   C:\CFCleanUp.bat
2007-07-31 21:25    3,691,552   --ahs----   C:\WINDOWS\system32\drivers\fidbox.dat
2007-07-31 21:25    132,384 --ahs----   C:\WINDOWS\system32\drivers\fidbox2.dat
2007-07-31 21:02    4,212   ---h-----   C:\WINDOWS\system32\zllictbl.dat
2007-07-31 21:01    75,512  --a------   C:\WINDOWS\zllsputility.exe
2007-07-31 21:01    11,264  --a------   C:\WINDOWS\system32\SpOrder.dll
2007-07-31 21:00    <DIR>    d--------   C:\WINDOWS\system32\ZoneLabs
2007-07-31 20:55    <DIR>    d--------   C:\WINDOWS\Internet Logs
2007-07-31 18:17    <DIR>    d--------   C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-07-31 18:07    <DIR>    d--------   C:\Program Files\Lavasoft
2007-07-31 18:07    <DIR>    d--------   C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2007-07-30 12:54    138,368 --a------   C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2007-07-30 12:52    <DIR>    d--------   C:\Program Files\Spyware Terminator
2007-07-30 12:52    <DIR>    d--------   C:\DOCUME~1\Owner\APPLIC~1\Spyware Terminator
2007-07-30 12:52    <DIR>    d--------   C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spyware Terminator
2007-07-28 01:47    <DIR>    d--------   C:\DOCUME~1\ALLUSE~1\APPLIC~1\ATI
2007-07-28 01:43    520,192 --a------   C:\WINDOWS\system32\ati2sgag.exe
2007-07-28 01:42    <DIR>    d--------   C:\Program Files\ATI Technologies
2007-07-28 00:04    2,560   --a------   C:\WINDOWS\system32\drivers\cdralw2k.sys
2007-07-28 00:04    2,432   --a------   C:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-07-28 00:04    129,784 --a------   C:\WINDOWS\system32\pxafs.dll
2007-07-28 00:04    118,520 --a------   C:\WINDOWS\system32\pxinsi64.exe
2007-07-28 00:04    116,472 --a------   C:\WINDOWS\system32\pxcpyi64.exe
2007-07-24 00:26    27,904  --a------   C:\WINDOWS\system32\drivers\viaagp1.sys
2007-07-23 16:09    169,344 --a------   C:\WINDOWS\system32\drivers\atinavt2.sys
2007-07-23 16:08    <DIR>    d--------   C:\ATI
2007-07-23 04:01    <DIR>    d--------   C:\DOCUME~1\Owner\APPLIC~1\vexorian
2007-07-22 16:37    <DIR>    d--------   C:\my dvd
2007-07-22 16:35    <DIR>    d--------   C:\Program Files\Easy MPEG AVI DIVX WMV RM to DVD
2007-07-19 13:26    <DIR>    d--------   C:\Program Files\iTunes
2007-07-19 13:26    <DIR>    d--------   C:\Program Files\iPod
2007-07-19 13:25    <DIR>    d----c---   C:\WINDOWS\system32\DRVSTORE
2007-07-19 13:24    <DIR>    d--------   C:\Program Files\Common Files\Apple
2007-07-19 04:15    <DIR>    d--------   C:\My Downloads
2007-07-18 15:54    <DIR>    d--------   C:\Program Files\PokerStars
2007-07-18 15:00    <DIR>    d--------   C:\Program Files\QuickTime
2007-07-18 14:59    <DIR>    d--------   C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
2007-07-18 13:49    <DIR>    d--------   C:\Program Files\PokerRoom.com
2007-07-17 03:35    <DIR>    d--------   C:\Program Files\BBLACK
2007-07-16 17:24    <DIR>    d--------   C:\Program Files\Common Files\xing shared
2007-07-14 23:16    <DIR>    d--------   C:\Program Files\Common Files\DirectX
2007-07-14 23:14    3,426,072   --a------   C:\WINDOWS\system32\d3dx9_32.dll
2007-07-14 23:14    255,848 --a------   C:\WINDOWS\system32\xactengine2_6.dll
2007-07-14 23:14    251,672 --a------   C:\WINDOWS\system32\xactengine2_5.dll
2007-07-14 23:12    <DIR>    d--------   C:\Program Files\Codemasters
2007-07-14 01:25    197,120 --a------   C:\WINDOWS\patchw32.dll
2007-07-14 01:25    <DIR>    d--------   C:\Program Files\Common Files\PocketSoft
2007-07-13 00:58    <DIR>    d--------   C:\Program Files\Atari
2007-07-12 23:51    933,888 --a------   C:\DOCUME~1\ADMINI~1\NTUSER.DAT
2007-07-12 23:51    <DIR>    d--------   C:\DOCUME~1\ADMINI~1\WINDOWS
2007-07-12 23:51    <DIR>    d--------   C:\DOCUME~1\ADMINI~1\APPLIC~1\Symantec
2007-07-12 23:51    <DIR>    d--------   C:\DOCUME~1\ADMINI~1\APPLIC~1\Sonic
2007-07-12 23:51    <DIR>    d--------   C:\DOCUME~1\ADMINI~1\APPLIC~1\SampleView
2007-07-12 23:51    <DIR>    d--------   C:\DOCUME~1\ADMINI~1\APPLIC~1\Real
2007-07-12 23:51    <DIR>    d--------   C:\DOCUME~1\ADMINI~1\APPLIC~1\interMute
2007-07-12 23:09    <DIR>    d--------   C:\DOCUME~1\Owner\APPLIC~1\Atari
2007-07-09 11:07    524,288 --a------   C:\WINDOWS\system32\DivXsm.exe
2007-07-09 11:07    3,596,288   --a------   C:\WINDOWS\system32\qt-dx331.dll
2007-07-09 11:07    200,704 --a------   C:\WINDOWS\system32\ssldivx.dll
2007-07-09 11:07    1,044,480   --a------   C:\WINDOWS\system32\libdivx.dll
2007-07-09 11:05    823,296 --a------   C:\WINDOWS\system32\divx_xx0c.dll
2007-07-09 11:05    823,296 --a------   C:\WINDOWS\system32\divx_xx07.dll
2007-07-09 11:05    802,816 --a------   C:\WINDOWS\system32\divx_xx11.dll
2007-07-09 11:05    740,442 --a------   C:\WINDOWS\system32\DivX.dll
2007-07-09 11:05    73,728  --a------   C:\WINDOWS\system32\dpl100.dll
2007-07-09 11:05    593,920 --a------   C:\WINDOWS\system32\dpuGUI11.dll
2007-07-09 11:05    57,344  --a------   C:\WINDOWS\system32\dpv11.dll
2007-07-09 11:05    53,248  --a------   C:\WINDOWS\system32\dpuGUI10.dll
2007-07-09 11:05    344,064 --a------   C:\WINDOWS\system32\dpus11.dll
2007-07-09 11:05    294,912 --a------   C:\WINDOWS\system32\dpu11.dll
2007-07-09 11:05    294,912 --a------   C:\WINDOWS\system32\dpu10.dll
2007-07-09 11:05    196,608 --a------   C:\WINDOWS\system32\dtu100.dll
2007-07-09 11:05    124,472 --a------   C:\WINDOWS\system32\DivXCodecUpdateChecker.exe
2007-07-09 11:05    12,288  --a------   C:\WINDOWS\system32\DivXWMPExtType.dll
2007-07-07 15:32    24,064  --a------   C:\WINDOWS\system32\msxml3a.dll
2007-07-07 15:32    2,670,592   ---------   C:\WINDOWS\UNNeroVision.exe
2007-07-07 15:31    476,320 --a------   C:\WINDOWS\system32\ImagXpr7.dll
2007-07-07 15:31    471,040 --a------   C:\WINDOWS\system32\ImagXRA7.dll
2007-07-07 15:31    38,912  --a------   C:\WINDOWS\system32\picn20.dll
2007-07-07 15:31    364,544 --a------   C:\WINDOWS\system32\TwnLib4.dll
2007-07-07 15:31    262,144 --a------   C:\WINDOWS\system32\ImagXR7.dll
2007-07-07 15:31    106,496 --a------   C:\WINDOWS\system32\TwnLib20.dll
2007-07-07 15:31    1,568,768   --a------   C:\WINDOWS\system32\ImagX7.dll
2007-07-07 15:31    <DIR>    d--------   C:\Program Files\Common Files\Ahead
2007-07-07 15:31    <DIR>    d--------   C:\Program Files\Ahead
2007-07-07 15:31    <DIR>    d--------   C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ahead
2007-07-07 15:28    <DIR>    d--------   C:\Program Files\PowerISO



((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-08-07 17:34    50516   --ahs----   C:\WINDOWS\system32\drivers\fidbox.idx
2007-08-07 17:34    13484   --ahs----   C:\WINDOWS\system32\drivers\fidbox2.idx
2007-08-07 15:59    ---------   d--------   C:\Program Files\Warcraft III
2007-08-07 01:12    ---------   d--------   C:\Program Files\Steam
2007-08-05 20:49    ---------   d--------   C:\DOCUME~1\Owner\APPLIC~1\Azureus
2007-07-31 20:55    ---------   d--h-----   C:\Program Files\InstallShield Installation Information
2007-07-31 18:06    ---------   d--------   C:\Program Files\Common Files\Wise Installation Wizard
2007-07-29 00:56    ---------   d--------   C:\DOCUME~1\Owner\APPLIC~1\BearShare
2007-07-28 00:04    ---------   d--------   C:\Program Files\DivX
2007-07-18 14:59    ---------   d--------   C:\Program Files\Apple Software Update
2007-07-16 22:37    ---------   d--------   C:\Program Files\Starcraft
2007-07-16 17:25    ---------   d--------   C:\DOCUME~1\Owner\APPLIC~1\Real
2007-07-16 17:24    ---------   d--------   C:\Program Files\Real
2007-07-16 17:24    ---------   d--------   C:\Program Files\Common Files\Real
2007-07-15 16:06    98304   --a------   C:\WINDOWS\system32\CmdLineExt.dll
2007-07-12 23:26    43520   --a------   C:\WINDOWS\system32\CmdLineExt03.dll
2007-07-09 11:07    36624   --a------   C:\WINDOWS\system32\drivers\pxhelp20.sys
2007-06-26 18:27    44240   --a------   C:\WINDOWS\system32\drivers\ativvpxx.vp
2007-06-26 17:59    344064  --a------   C:\WINDOWS\system32\ATIDEMGX.dll
2007-06-26 17:58    269312  --a------   C:\WINDOWS\system32\ati2dvag.dll
2007-06-26 17:58    2303488 --a--c---   C:\WINDOWS\system32\dllcache\ati2mtag.sys
2007-06-26 17:58    2303488 --a------   C:\WINDOWS\system32\drivers\ati2mtag.sys
2007-06-26 17:56    307200  --a------   C:\WINDOWS\system32\atiiiexx.dll
2007-06-26 17:51    26112   --a------   C:\WINDOWS\system32\Ati2mdxx.exe
2007-06-26 17:51    143360  --a------   C:\WINDOWS\system32\atipdlxx.dll
2007-06-26 17:51    122880  --a------   C:\WINDOWS\system32\Oemdspif.dll
2007-06-26 17:50    43520   --a------   C:\WINDOWS\system32\ati2edxx.dll
2007-06-26 17:50    118784  --a------   C:\WINDOWS\system32\ati2evxx.dll
2007-06-26 17:49    483328  --a------   C:\WINDOWS\system32\ati2evxx.exe
2007-06-26 17:48    53248   --a------   C:\WINDOWS\system32\ATIDDC.DLL
2007-06-26 17:44    8232960 --a------   C:\WINDOWS\system32\atioglx2.dll
2007-06-26 17:41    2940992 --a------   C:\WINDOWS\system32\ati3duag.dll
2007-06-26 17:31    1519744 --a------   C:\WINDOWS\system32\ativvaxx.dll
2007-06-26 17:30    972072  --a------   C:\WINDOWS\system32\ativva6x.dat
2007-06-26 17:30    3107788 --a------   C:\WINDOWS\system32\ativvaxx.dat
2007-06-26 17:30    3107788 --a------   C:\WINDOWS\system32\ativva5x.dat
2007-06-26 17:19    5435392 --a------   C:\WINDOWS\system32\atioglxx.dll
2007-06-26 17:17    266240  --a------   C:\WINDOWS\system32\atikvmag.dll
2007-06-26 17:16    17408   --a------   C:\WINDOWS\system32\atitvo32.dll
2007-06-26 17:15    49152   --a------   C:\WINDOWS\system32\drivers\ati2erec.dll
2007-06-26 17:14    176128  --a------   C:\WINDOWS\system32\atiok3x2.dll
2007-06-26 17:10    376832  --a------   C:\WINDOWS\system32\ati2cqag.dll
2007-06-24 21:18    ---------   d--------   C:\Program Files\Elaborate Bytes
2007-06-24 21:13    ---------   d--------   C:\Program Files\dvdSanta
2007-06-22 17:55    ---------   d--------   C:\Program Files\MUSICMATCH
2007-06-05 23:09    967 --a------   C:\WINDOWS\ScUnin.pif
2007-06-05 23:09    70656   --a------   C:\WINDOWS\ScUnin.exe
2007-06-05 23:09    32845   --a------   C:\WINDOWS\scunin.dat
2007-06-05 09:40    149278  --a------   C:\WINDOWS\system32\atiicdxx.dat
2007-05-19 12:08    86016   --a------   C:\WINDOWS\system32\ElbyCDIO.dll
2007-05-16 07:12    86528   --a--c---   C:\WINDOWS\system32\dllcache\directdb.dll
2007-05-16 07:12    85504   --a--c---   C:\WINDOWS\system32\dllcache\wabimp.dll
2007-05-16 07:12    683520  --a--c---   C:\WINDOWS\system32\dllcache\inetcomm.dll
2007-05-16 07:12    683520  --a------   C:\WINDOWS\system32\inetcomm.dll
2007-05-16 07:12    510976  --a--c---   C:\WINDOWS\system32\dllcache\wab32.dll
2007-05-16 07:12    1314816 --a--c---   C:\WINDOWS\system32\dllcache\msoe.dll
2007-05-08 01:24    3583488 --a--c---   C:\WINDOWS\system32\dllcache\mshtml.dll
2007-04-10 22:17    461 --a------   C:\Program Files\INSTALL.LOG
1998-04-30 14:56    129024  --a------   C:\Program Files\UNWISE.EXE



(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))



*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0BD7FBFB-8C79-4C91-AFC9-2B00244FABB5}]
C:\WINDOWS\system32\mljjh.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-07-10 09:18]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-07-16 17:24]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-03-09 01:02]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2007-04-09 04:23]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 18:20]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 01:25]


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-04 10:41]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2007-04-27 13:17]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56]



[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
"C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcxMonitor]
ALCXMNTR.EXE


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
"C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
C:\WINDOWS\System32\hkcmd.exe


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LTMSG]
LTMSG.exe 7


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIEW]
rundll32.exe nview.dll,nViewLoadHook


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PS2]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
C:\Program Files\PowerISO\PWRISOVM.EXE


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\QTTask.exe" -atboottime


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminator]
"C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
C:\Program Files\Steam\Steam.exe -silent


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SystemOptimizer]
rundll32.exe "C:\WINDOWS\system32\swcffnca.dll",forkonce


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
"C:\Program Files\Windows Defender\MSASCui.exe" -hide


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"sdCoreService"=3 (0x3)
"sdAuxService"=3 (0x3)
"AVGEMS"=2 (0x2)
"Avg7UpdSvc"=2 (0x2)
"Avg7Alrt"=2 (0x2)
"avast! Web Scanner"=3 (0x3)
"avast! Mail Scanner"=3 (0x3)
"avast! Antivirus"=2 (0x2)
"aswUpdSv"=2 (0x2)
"x10nets"=3 (0x3)
"ATI Smart"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)
"Apple Mobile Device"=2 (0x2)


R0 fasttx2k;fasttx2k;C:\WINDOWS\system32\DRIVERS\fasttx2k.sys
R3 ATI Remote Wonder II;ATI Remote Wonder II;C:\WINDOWS\system32\drivers\ATIRWVD.SYS
R3 ElbyDelay;ElbyDelay;C:\WINDOWS\system32\Drivers\ElbyDelay.sys
R3 NVENET;NVIDIA nForce MCP Networking Controller Driver;C:\WINDOWS\system32\DRIVERS\NVENET.sys
R3 Ps2;PS2;C:\WINDOWS\system32\DRIVERS\PS2.sys
R3 SunkFilt;Alcor Micro Corp - 9360;\??\C:\WINDOWS\System32\Drivers\sunkfilt.sys
S1 SCDEmu;SCDEmu;C:\WINDOWS\system32\drivers\SCDEmu.sys
S1 sp_rsdrv2;Spyware Terminator Driver 2;\??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
S2 nvcap;nVidia WDM Video Capture (universal);C:\WINDOWS\system32\DRIVERS\nvcap.sys
S2 NVXBAR;nVidia WDM A/V Crossbar;C:\WINDOWS\system32\DRIVERS\NVxbar.sys
S3 ATIAVAIW;ATI T200 Unified AVStream service;C:\WINDOWS\system32\DRIVERS\atinavt2.sys
S3 atinrvxx;ATI WDM Rage Theater Video;C:\WINDOWS\system32\DRIVERS\atinrvxx.sys
S3 DCamUSBSQTECH;Dual-Mode DSC(2770);C:\WINDOWS\system32\Drivers\SQcaptur.sys
S3 EagleNT;EagleNT;\??\C:\WINDOWS\system32\drivers\EagleNT.sys
S3 ltmodem5;Agere Modem Driver;C:\WINDOWS\system32\DRIVERS\ltmdmnt.sys
S3 MPE;BDA MPE Filter;C:\WINDOWS\system32\DRIVERS\MPE.sys
S3 MVDCODEC;ATI WDM Specialized MVD Codec;C:\WINDOWS\system32\DRIVERS\atinmdxx.sys
S3 nm;Network Monitor Driver;C:\WINDOWS\system32\DRIVERS\NMnt.sys
S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys
S3 odserv;Microsoft Office Diagnostics Service;"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE"
S3 oflpydin;oflpydin;\??\C:\DOCUME~1\Owner\LOCALS~1\Temp\oflpydin.sys
S3 RT25USBAP;Nintendo Wi-Fi USB Connector Service;C:\WINDOWS\system32\DRIVERS\rt25usbap.sys
S3 Sunkfiltp;HP && Alcor Micro Corp for Phison;\??\C:\WINDOWS\System32\Drivers\sunkfiltp.sys
S3 TSP;TSP;\??\C:\WINDOWS\system32\drivers\klif.sys
S3 viagfx;viagfx;C:\WINDOWS\system32\DRIVERS\vtmini.sys



[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
AutoRun\command- D:\Info.exe folder.htt 480 480


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
AutoRun\command- F:\autoplay.exe



Contents of the 'Scheduled Tasks' folder
2007-08-02 17:03:05 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
2007-08-08 01:38:15 C:\WINDOWS\Tasks\MP Scheduled Scan.job - C:\Program Files\Windows Defender\MpCmdRun.exe
2007-08-08 01:27:50 C:\WINDOWS\Tasks\RegCure Program Check.job - C:\Program Files\RegCure\RegCure.exe
2007-08-02 11:12:50 C:\WINDOWS\Tasks\RegCure.job - C:\Program Files\RegCure\RegCure.exe
2007-02-02 23:08:56 C:\WINDOWS\Tasks\Symantec NetDetect.job - C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE


**************************************************************************


catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-07 17:39:07
Windows 5.1.2600 Service Pack 2 NTFS


scanning hidden processes ...


scanning hidden registry entries ...


scanning hidden files ...


scan completed successfully
hidden files: 0



-----------------------------
Vundofix:



VundoFix V6.5.7


Checking Java version...


Java version is 1.5.0.10


Scan started at 4:23:32 PM 8/7/2007


Listing files found while scanning....


C:\windows\system32\efcyxxv.dll
C:\WINDOWS\system32\ffemvidr.dll
C:\WINDOWS\system32\hjjlm.bak2
C:\WINDOWS\system32\hjjlm.ini
C:\WINDOWS\system32\mljjh.dll


Beginning removal...


Attempting to delete C:\windows\system32\efcyxxv.dll
C:\windows\system32\efcyxxv.dll Could not be deleted.


Attempting to delete C:\WINDOWS\system32\ffemvidr.dll
C:\WINDOWS\system32\ffemvidr.dll Has been deleted!


Attempting to delete C:\WINDOWS\system32\hjjlm.bak2
C:\WINDOWS\system32\hjjlm.bak2 Has been deleted!


Attempting to delete C:\WINDOWS\system32\hjjlm.ini
C:\WINDOWS\system32\hjjlm.ini Has been deleted!


Attempting to delete C:\WINDOWS\system32\mljjh.dll
C:\WINDOWS\system32\mljjh.dll Could not be deleted.


Performing Repairs to the registry.
Done!


Beginning removal...


Attempting to delete C:\windows\system32\efcyxxv.dll
C:\windows\system32\efcyxxv.dll Could not be deleted.


Attempting to delete C:\WINDOWS\system32\hjjlm.ini
C:\WINDOWS\system32\hjjlm.ini Has been deleted!


Attempting to delete C:\WINDOWS\system32\mljjh.dll
C:\WINDOWS\system32\mljjh.dll Could not be deleted.


Performing Repairs to the registry.
Done!


VundoFix V6.5.7


Checking Java version...


Java version is 1.5.0.10


Scan started at 4:49:40 PM 8/7/2007


Listing files found while scanning....


C:\windows\system32\efcyxxv.dll
C:\WINDOWS\system32\hjjlm.ini
C:\WINDOWS\system32\mljjh.dll


Beginning removal...


Attempting to delete C:\windows\system32\efcyxxv.dll
C:\windows\system32\efcyxxv.dll Could not be deleted.


Attempting to delete C:\WINDOWS\system32\hjjlm.ini
C:\WINDOWS\system32\hjjlm.ini Has been deleted!


Attempting to delete C:\WINDOWS\system32\mljjh.dll
C:\WINDOWS\system32\mljjh.dll Has been deleted!


Performing Repairs to the registry.
Done!


Beginning removal...


Attempting to delete C:\windows\system32\efcyxxv.dll
C:\windows\system32\efcyxxv.dll Has been deleted!


Performing Repairs to the registry.
Done!


VundoFix V6.5.7


Checking Java version...


Java version is 1.5.0.10


Scan started at 10:49:16 PM 8/7/2007


Listing files found while scanning....


No infected files were found.



---------------------------------------


AVG Log


---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------


+ Created at:   10:11:09 PM 8/7/2007


+ Scan result:


:mozilla.26:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ff3ahv92.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.84:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ff3ahv92.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.85:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ff3ahv92.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.86:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ff3ahv92.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.87:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ff3ahv92.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.27:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ff3ahv92.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.28:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ff3ahv92.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.29:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ff3ahv92.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.30:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ff3ahv92.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.31:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ff3ahv92.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@advertising[1].txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.35:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ff3ahv92.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.51:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ff3ahv92.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.52:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ff3ahv92.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.53:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ff3ahv92.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@revsci[2].txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.100:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ff3ahv92.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.101:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ff3ahv92.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.102:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ff3ahv92.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.103:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ff3ahv92.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.104:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ff3ahv92.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.105:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ff3ahv92.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.106:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ff3ahv92.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.54:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ff3ahv92.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.45:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ff3ahv92.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.46:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ff3ahv92.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.47:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ff3ahv92.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.48:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ff3ahv92.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.



::Report end


-----------------


Lastly, hijackthis


Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Steam\Steam.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Documents and Settings\Owner\Desktop\imabunny.exe


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us10.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://us10.hpwis.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0BD7FBFB-8C79-4C91-AFC9-2B00244FABB5} - C:\WINDOWS\system32\mljjh.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1170462026205
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Nice Vundofix run there, Sol, that's just how it is meant to be used. If you look through CCleaner you will see options to tick to clear Firefox's cookies......
Fix these with hijackthis, taking notice of my notes...

O2 - BHO: (no name) - {0BD7FBFB-8C79-4C91-AFC9-2B00244FABB5} - C:\WINDOWS\system32\mljjh.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (file missing)
- if you do not want the HP View toolbar in IE fix both these:
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')

This next is Symantec firewall, but you have Zonelabs, and you don't want both, so try this: fix the O23 entry, and then run the cmd below to delete it.
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

Okay. Go Start, run, paste this in and enter it:

sc delete SNDSrvc

Post another log. I see nothing to slow boot, though. Is AVG AS doing a scan at startup? You do not want Defender, AVG AS and Adaware all active. I do not run an active AS, just keep Adaware and AVG AS updated and available for one-off scans... rarely need em, tho.

Yeah, the only thing that is on at start up is AIM and my ZoneLabs. And it still takes longer than usual, which makes me suspect that there might be something else that's causing it. But anyway, here's the updated hijackthis log:

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Documents and Settings\Owner\Desktop\imabunny.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us10.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://us10.hpwis.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1170462026205
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

That last log shows you have turned off ZoneLabs! You need it. Me, and this is because of the way I operate on the web.. I'd turn off AVG A-s, Adaware, and Spyware Terminator, but you may wish to keep one of them running, more just slows things down.
This is entirely up to you, it's NOT malware, but you could remove Viewpoint.... personally, I'd kick out all the google stuff too. They've got a website ready when you need em, I reckon.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.