1/27/2010 2:27:45 PM Allowed (based on user decision) value "igndlm.exe" (new data: "") deleted in System Startup user entry!
1/27/2010 2:27:49 PM Allowed (based on user decision) value "RealUpgradeHelper" (new data: "") deleted in System Startup user entry!
1/27/2010 2:27:50 PM Allowed (based on user decision) value "pp" (new data: "c:\windows\pp04.exe") added in System Startup global entry!
1/27/2010 2:27:51 PM Allowed (based on lassh blacklist) value "P17Helper" (new data: "Rundll32 P17.dll,P17Helper") added in System Startup global entry!
1/27/2010 2:27:52 PM Allowed (based on authenticode whitelist) value "Norton Ghost 14.0" (new data: ""C:\Program Files\Norton Ghost\Agent\VProTray.exe"") added in System Startup global entry!
1/27/2010 2:27:59 PM Allowed (based on user decision) value "LogitechQuickCamRibbon" (new data: ""C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide") added in System Startup global entry!
1/27/2010 2:27:59 PM Allowed (based on user decision) value "AVG8_TRAY" (new data: "") deleted in System Startup global entry!
1/27/2010 2:27:59 PM Allowed (based on lassh blacklist) value "KernelFaultCheck" (new data: "") deleted in System Startup global entry!
1/27/2010 2:27:59 PM Allowed (based on user decision) value "Launch LgDevAgt" (new data: "") deleted in System Startup global entry!
1/27/2010 2:28:00 PM Allowed (based on user decision) value "Launch LCDMon" (new data: "") deleted in System Startup global entry!
1/27/2010 2:28:00 PM Allowed (based on user decision) value "Kernel and Hardware Abstraction Layer" (new data: "") deleted in System Startup global entry!
1/27/2010 2:28:01 PM Allowed (based on user decision) value "QuickTime Task" (new data: "") deleted in System Startup global entry!
1/27/2010 2:28:01 PM Allowed (based on user decision) value "TkBellExe" (new data: "") deleted in System Startup global entry!
1/27/2010 2:28:15 PM Allowed (based on user decision) value "" (new data: "regedit.exe "%1"") changed in REG Extension handler!
1/27/2010 2:28:16 PM Allowed (based on user decision) value "{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (new data: "") added in Internet Explorer searches!
1/27/2010 2:28:16 PM Allowed (based on user decision) value "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (new data: "") added in Internet Explorer searches!
1/27/2010 2:28:16 PM Allowed (based on user decision) value "*{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (new data: "") deleted in Internet Explorer searches!
1/27/2010 2:28:16 PM Allowed (based on user decision) value "*{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (new data: "") deleted in Internet Explorer searches!
1/28/2010 3:35:34 PM Allowed (based on user decision) value "TkBellExe" (new data: ""C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot") added in System Startup global entry!
1/28/2010 3:59:23 PM Allowed (based on user decision) value "{A3BC75A2-1F87-4686-AA43-5347D756017C}" (new data: "") deleted in Browser Helper Object!
1/28/2010 3:59:23 PM Allowed (based on user decision) value "{A3BC75A2-1F87-4686-AA43-5347D756017C}" (new data: "") deleted in Internet Explorer searches!
1/28/2010 4:00:56 PM Allowed (based on user decision) value "avgrsstarter" (new data: "") deleted in Winlogon Notifiers!
1/28/2010 4:01:18 PM Allowed (based on user decision) value "AvgUninstallURL" (new data: "cmd.exe /c start http://www.avg.com/ww.special-uninstall ... QgBXAEYATQ"&"inst=NwA5AC0AMgA2ADkAMgAyADQANAAyADcALQBCADEALQBC"&"prod=90"&"ver=9.0.730") added in System Startup global entry!
1/28/2010 4:09:11 PM Allowed (based on user decision) value "AvgUninstallURL" (new data: "") deleted in System Startup global entry!
1/28/2010 4:17:55 PM Allowed (based on user decision) value "avast5" (new data: "E:\ALWILS~1\Avast5\avastUI.exe /nogui") added in System Startup global entry!
1/28/2010 6:06:00 PM Allowed (based on user decision) value "BootExecute" (new data: "autocheck autochk *
lsdelete
aswBoot.exe /A:"*" /L:"1033" /heur:80 /pup /archives /IA:0 /KBD:5 /dir:"E:\Alwil Software\Avast5"
") changed in Session manager!
1/29/2010 9:32:12 AM Allowed (based on user decision) value "BootExecute" (new data: "autocheck autochk *
lsdelete
") changed in Session manager!
Here is Hijackthis's log, after stopping teatimer, and anti-virus/ win-defender:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:37:32 PM, on 1/29/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
E:\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AlienGUIse\wbload.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Norton Ghost\Agent\VProTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
E:\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Logitech\SetPoint II\SetpointII.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\ESET\ESET Online Scanner\OnlineScannerApp.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - E:\real player\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - e:\AVG\avgssie.dll (file missing)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: FlashCatchBHO Class - {88618A96-6D8A-42E7-B932-9073D5B2080F} - C:\Program Files\FlashCatch\flashcatch.dll
O2 - BHO: Mouse Gestures - {A6A49249-57AE-4295-8D4D-18A9502C7D8E} - C:\Program Files\Internet Explorer\Plugins\Drowse\MouseGestures.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: (no name) - {ED0E8CA5-42FB-4B18-997B-769E0408E79D} - (no file)
O3 - Toolbar: FlashCatch - {10CECF4F-A96E-4803-8AC2-F565FB29FF47} - C:\Program Files\FlashCatch\flashcatch.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [pp] c:\windows\pp04.exe
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [Norton Ghost 14.0] "C:\Program Files\Norton Ghost\Agent\VProTray.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avast5] E:\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [muBlinder] C:\Documents and Settings\Madnezz\Desktop\mublinder\muBlinder.exe -startup
O4 - Global Startup: SetPointII.lnk = ?
O8 - Extra context menu item: &Search - ?p=ZKfox000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {4E660F19-E91E-41E1-88EF-D1DFAB118F67} - C:\Program Files\Internet Explorer\Plugins\Drowse\MouseGestures.dll
O9 - Extra 'Tools' menuitem: Mouse Gestures... - {4E660F19-E91E-41E1-88EF-D1DFAB118F67} - C:\Program Files\Internet Explorer\Plugins\Drowse\MouseGestures.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: FreshDownload - {7BC71F9B-6EFE-4A17-8606-2615BEFB541C} - C:\Program Files\FreshDevices\FreshDownload\fd.exe (file missing)
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Open Last Closed Tab - {e15e75e9-a653-42a3-8d05-f2f7e309bdca} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: vod.adameve.com
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/house ... hcImpl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar ... vSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/ ... .6.108.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) -
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Plug-in 1.6.0_11) -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - E:\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - E:\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - E:\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
--
End of file - 8898 bytes
Running ESET scanner while I wait for response, thnx in advance...