Welcome. Thank you for using Dell Community Forums.
I am reviewing your log.
In the meantime, you can help me by doing the following:

* Have you have posted this issue on another forum? If so, please provide a link to the topic.

* If you are using any cracked software, please remove it.
Definition of cracked software:
http://en.wikipedia.org/wiki/Software_cracking

* If you are using any P2P (file sharing) programs, please remove them before we clean your computer. That would also apply to BitTorrent and other similar torrent software.
The nature of such software and the high incidence of malware in files downloaded with them is counter productive to restoring your PC to a healthy state. If you have music files in those programs' folders that you want to save, please move those music files to another directory.
A list of P2P's is here: http://www.castlecops.com/t204179-P2P_programs_we_ask_that_you_remove_first.html


* If this computer belongs to someone else, do you have authority to apply the fixes we will use?

* Have you already fixed entries using HijackThis? If so, please restore all the backups and then post another log.

* After we begin working, please print or copy all instructions to Notepad in order to assist you when carrying out procedures.
Please follow all instructions in sequence. Do not, on your own, install/re-install any programs or run any fixes or scanners that you have not been instructed to use because this may cause conflicts with the tools that I am using.

* During the course of our cleanup please do not do any online work or surfing until we have verified that your system is clean.

* We may be using some specialized tools during our fix. Certain embedded files that are part of legitimate programs or specialized fix tools such as process.exe, restart.exe, SmiUpdate.exe, reboot.exe, ws2fix.exe, prcviewer.exe and nircmd.exe may at times be detected by some anti-virus/anti-malware scanners as a "RiskTool", "Hacking tool", "Potentially unwanted tool", or even "malware (virus/trojan)" when that is not the case.
Such programs have legitimate uses in contexts where an authorized user or administrator has knowingly installed it. These detections do not necessarily mean the file is malware or a bad program. It means it has the potential for being misused by others. Anti-virus scanners cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert you or even automatically remove them.

* If your replies do not fit in one post while we are handling your issue, please reply to yourself until all text is submitted. It may take several posts.

I look forward to your reply.

Instructions posted for this user are customized for this user only. The tools used may cause damage if used on a computer with different infections. If you think you have similar problems, please post a HijackThis log at the top of this board to start a new forum topic.

- Havn't posted on another forum
- No cracked or P2P softwares on my computer

- It is MY computer, I have full authority over it.

- First time using HijackThis.

 

I look forward to your reply. 

Please download Malwarebytes' Anti-Malware from Here or Here

• Make sure you are connected to the Internet.
• Double-click on Download_mbam-setup.exe to install the application.
• When the installation begins, follow the prompts and do not make any changes to default settings.
• When installation has finished, make sure you leave both of these checked:
• Update Malwarebytes' Anti-Malware
• Launch Malwarebytes' Anti-Malware

• Then click Finish.
• MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
• If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
• On the Scanner tab:
• Make sure the "Perform Quick Scan" option is selected.
• Then click on the Scan button.
• The next screen will ask you to select the drives to scan. Leave all the drives selected and click on the Start Scan button.
• The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
• When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
• Click OK to close the message box and continue with the removal process.
• Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
• Make sure that everything is checked, and click Remove Selected.
• When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. :(see Note below)
• The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
• Copy and paste the contents of that report in your next reply and exit MBAM.
• Please include a fresh HijackThis log as well.
  Notes:
  
  **If you encounter this message:"c:\program files\malwarebytes' Anti-Malware\mbamext.dll Unable to register the dll/ocx: RegSvr32 failed with exit code 0x5" Click on ignore mbamext.dll
  
  **If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

Malwarebytes' Anti-Malware 1.17
Database version: 859

12:34:07 AM 6/16/2008
mbam-log-6-16-2008 (00-34-07).txt

Scan type: Quick Scan
Objects scanned: 49626
Time elapsed: 9 minute(s), 51 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 4
Registry Keys Infected: 23
Registry Values Infected: 8
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 15

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\Windows\System32\khfFULcY.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\Windows\System32\tupdfim.dll (Trojan.Fakealert) -> Unloaded module successfully.
C:\Windows\System32\nnnkIyXr.dll (Backdoor.Agent) -> Unloaded module successfully.
C:\Windows\System32\efcDWMeD.dll (Trojan.Vundo) -> Unloaded module successfully.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a94b1f51-cf64-4b83-bb17-10f4da866823} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a94b1f51-cf64-4b83-bb17-10f4da866823} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{5f920865-38c9-40da-8fcf-d9dc83f84ec5} (Trojan.Fakealert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5f920865-38c9-40da-8fcf-d9dc83f84ec5} (Trojan.Fakealert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{967a494a-6aec-4555-9caf-fa6eb00acf91} (Rogue.PestPatrol) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{9692be2f-eb8f-49d9-a11c-c24c1ef734d5} (Rogue.PestPatrol) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{a8954909-1f0f-41a5-a7fa-3b376d69e226} (Rogue.PestPatrol) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{9034a523-d068-4be8-a284-9df278be776e} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\bhonew.bhoapp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\bhonew.bhoapp.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ba0bacb5-fc95-451e-94d2-4959ab0949d2} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ba0bacb5-fc95-451e-94d2-4959ab0949d2} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{f2bada0d-fd61-45ef-a994-64a073fd6613} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ba44cbc8-e16a-4f36-b066-4d75699e171d} (Backdoor.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ba44cbc8-e16a-4f36-b066-4d75699e171d} (Backdoor.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE Custom Tools (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE Safety Features (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Information Center (Trojan.Zlob) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\4b02a36b (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{f2bada0d-fd61-45ef-a994-64a073fd6613} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Microsoft Update (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices\Microsoft Update (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MSServer (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{ba44cbc8-e16a-4f36-b066-4d75699e171d} (Backdoor.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run\some (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run\start (Trojan.Zlob) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\khffulcy -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\khffulcy  -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Windows\System32\fssgebuo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\oubegssf.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\kakutpxe.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\exptukak.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\khfFULcY.dll (Trojan.Vundo) -> Delete on reboot.
C:\Windows\System32\YcLUFfhk.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\YcLUFfhk.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\xdauaabm.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\mbaauadx.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\tupdfim.dll (Trojan.Fakealert) -> Delete on reboot.
C:\Windows\System32\nnnkIyXr.dll (Trojan.Agent) -> Delete on reboot.
C:\Windows\System32\efcDWMeD.dll (Trojan.Vundo) -> Delete on reboot.
C:\Windows\System32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Online Security Guide.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Security Troubleshooting.url (Rogue.Link) -> Quarantined and deleted successfully.
--------------------
HijackThis Log:

 

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:41:00 AM, on 6/16/2008
Platform: Windows Vista  (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Omni\OmniMouse Driver\3.82\Mouse32A.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\BPK\iseeyou.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Windows\System32\p2phost.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL (file missing)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Omni\OmniMouse Driver\3.82\MOUSE32A.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NoteBurner] C:\Program Files\NoteBurner\VTBurnerGUI.exe /silence
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [iseeyou] C:\Program Files\BPK\iseeyou.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [CollaborationHost] C:\Windows\system32\p2phost.exe -s
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe"
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O13 - Gopher Prefix:
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/VistaMSNPUplden-us.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O20 - Winlogon Notify: avgwlntf - C:\Windows\SYSTEM32\avgwlntf.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: GameConsoleService - Unknown owner - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Lexar Secure II (LxrSII1s) - Unknown owner - C:\Windows\SYSTEM32\LxrSII1s.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: stllssvr - Unknown owner - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing)
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 11686 bytes

 

 

Please launch Hijackthis again.

At the Main window select "Open the misc tool section"
Then select "Open uninstall manager"
Then "save list" and save it to your desktop.

Copy and paste that list as a reply to this thread. Thanks.

2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
32 Bit HP CIO Components Installer
3D Groove Playback Engine
Aarons Cliker Version 2.89
Activation Assistant for the 2007 Microsoft Office suites
Adobe Flash Player ActiveX
Adobe Reader 8.1.2
Adobe Shockwave Player
AOL Instant Messenger
Ask Toolbar
AVG 7.5
Build Your Own Net Dream (remove only)
Cheat Engine 5.4
CleanUp!
Commandos 3 - Destination Berlin
Conexant HD Audio
ConvertXtoDVD 2.99.18.970
DivX Content Uploader
DivX Web Player
DVD Shrink 3.2
ESU for Microsoft Vista
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
HDAUDIO Soft Data Fax Modem with SmartCP
Hewlett-Packard Active Check
Hewlett-Packard Asset Agent for Health Check
HijackThis 2.0.2
HP Active Support Library
HP Active Support Library 32 bit components
HP Active Support Library 32 bit components
HP Customer Experience Enhancements
HP Deskjet All-In-One Software 8.0
HP Doc Viewer
HP Easy Setup - Frontend
HP Photosmart Essential 2.0
HP Quick Launch Buttons 6.20 B1
HP QuickPlay 3.2
HP Solution Center 8.0
HP Update
HP User Guides 0060
HP Wireless Assistant
HPNetworkAssistant
Intel Matrix Storage Manager
Intel(R) Graphics Media Accelerator Driver
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) SE Runtime Environment 6
Malwarebytes' Anti-Malware
Marvell Miniport Driver
Messenger Plus! Live
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (2.0.0.12)
MSCU for Microsoft Vista
MSXML 4.0 SP2 (KB936181)
Nero 7 Ultra Edition
neroxml
OmniMouse Driver 3.82
Radioshack USB-to-Serial cable
Real Alternative 1.60 Lite
Rhapsody Player Engine
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
Roxio Activation Module
Roxio Creator Copy
Roxio Creator Data
Roxio Creator EasyArchive
Roxio Creator Tools
RTC Client API v1.2
Sandlot Games Client Services
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Excel 2007 (KB946974)
Security Update for Office 2007 (KB947801)
Security Update for Outlook 2007 (KB946983)
SopCast 1.1.2
SpaceMonger 2.1.1
The Weather Channel Desktop
Touch Pad Driver
Update for Outlook 2007 Junk Email Filter (kb947945)
VCRedistSetup
VideoLAN VLC media player 0.8.6e
Virtools 3D Life Player
Windows Live installer
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Live OneCare safety scanner
Windows Live Sign-in Assistant
Windows Media Player Firefox Plugin
Windows Movie Maker 2.6
WinRAR archiver

Thanks for posting that. Before I ask you to download more scanners which may not be needed, please let me know if you are still seeing any symptoms of malware.

No, everythings running fine know without errors.

Althought the only problem is that I cannot full screen streaming videos. When I go on Youtube or Veoh, I click full screen and the whole screen then goes black or gray. I can exit it and go back to the previous screen by escape, but what do you think is causing this problem? I've installed the latest flash and everything, althought the problem still exsists.

Did you go to Adobe to see if you can test your flash?
http://www.adobe.com/shockwave/welcome/

 

Do you know what this is?
C:\Program Files\BPK\iseeyou.exe

Yep, my flash is tested and working.
That is my keylogger, I put it on my system, its safe. I've had it for a while.

We have a bit more to do...

Please launch HijackThis and place a checkmark next to the following:

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O23 - Service: stllssvr - Unknown owner - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing)

Close all other windows and click "Fix Checked". Close Hijackthis.
Reboot.

 

As long as you removed BitTorrent before we began, delete this folder:

C:\Program Files\DNA

Run DiskCleanup in each user's profile.

1. Open Disk Cleanup by clicking the Start button Picture of the Start button, clicking All Programs, clicking Accessories, clicking System Tools, and then clicking Disk Cleanup.
2. In the Disk Cleanup Options dialog box, choose whether you want to clean up your own files only or all of the files on the computer. Administrator permission required If you are prompted for an administrator password or confirmation, type the password or provide confirmation.
3. If the Disk Cleanup: Drive Selection dialog box appears, select the hard disk drive that you want to clean up, and then click OK.
4. Click the Disk Cleanup tab.
* Please make sure only the following are checked:
-- Downloaded Program Files
-- Temporary Internet Files
-- Recycle Bin
-- Temporary Files
5. When you finish selecting the files you want to delete, click OK, and then click Delete files to confirm the operation. Disk Cleanup proceeds to remove all unnecessary files from your computer.

I doubt this has anything to do with your video stream problem, but your Java needs to be updated.
Older versions have vulnerabilities that malware can use to infect your system. It is possible that you may be running Java code in your applications that absolutely require a specific version of the JRE to run. Please follow these steps to remove older version Java components and update.

Download the latest version of Java Runtime Environment (JRE) 6.

• Scroll down to where it says "Java Runtime Environment (JRE) 6u6 allows end-users to run Java applications".
• Click the "Download" button to the right.
• Check the box that says: "Accept License Agreement".
• The page will refresh.
• Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
• Close any programs you may have running - especially your web browser.
• Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
• Check any item with Java Runtime Environment (JRE or J2SE) in the name.
• Click the Remove or Change/Remove button.
• Repeat as many times as necessary to remove each of the Java versions.
• 
  
• Reboot your computer once all Java components are removed.
• Then from your desktop double-click on jre-6u6-windows-i586-p.exe to install the newest version.

Official JAVA Installation Instructions if needed.


If you continue to have problems, you will probably need to post your video stream question on the Vista Board to see if anyone there has any suggestions.

As soon as you get everything running smoothly, it would be good to flush System Restore so you can start fresh. We'll purge the old, infected Restore Points by turning System Restore off and on again.

To turn off Windows Vista System Restore:

1. Click Start.
2. Right-click the Computer icon, and then click Properties.
3. Click on System Protection under the Tasks column on the left side
4. Click on Continue on the "User Account Control" window that pops up
5. Under the System Protection tab, find Available Disks
6. Uncheck the box for any drive you wish to disable system restore on
7. When turning off System Restore, the existing restore points will be deleted. Click "Turn System Restore Off" on the popup window to do this.
8. Click OK
9. When you have finished, restart the computer and follow the instructions in the next section to turn on System Restore.

To turn on Windows Vista System Restore:

1. Click Start.
2. Right-click the Computer icon, and then click Properties.
3. Click on System Protection under the Tasks column on the left side
4. Click on Continue on the "User Account Control" window that pops up
5. Under the System Protection tab, find Available Disks
6. Place a checkmark in the box for any drive you wish to enable System Restore on
7. Click OK

Here is my standard list of simple steps that you can take to reduce the chance of infection in the future.
If you have installed Malwarebytes' Anti-Malware as part of your cleaning procedures, keep it updated and use it to scan every so often for malware, or upgrade to the paid version for realtime scanning and auto updating.

You may have already taken some of these steps, and depending on your current security, you may not need to implement all of these:

1. Visit Windows Update:
Make sure that you have all the Critical Updates recommended for your operating system and IE. The first defense against infection is a properly patched OS.
Windows Update: http://v4.windowsupdate.microsoft.com/en/default.asp

2. Please use a firewall and realtime anti-virus. Keep the anti-virus software and firewall software up to date.
Note: Zone Alarm Firewall (by Checkpoint) has a free version http://www.zonelabs.com/store/content/company/products/trial_zaFamily/trial_zaFamily.jsp?lid=home_freedownloads

3. You might consider installing Mozilla / Firefox.
http://www.mozilla.org/

4. Do not use file sharing. Even the safest P2P file sharing programs that do not contain bundled spyware, still expose you to risks because of the very nature of the P2P file sharing process. By default, most P2P file sharing programs are configured to automatically launch at startup. They are also configured to allow other P2P users on the same network open access to a shared directory on your computer. The reason for this is simple. File sharing relies on its members giving and gaining unfettered access to computers across the P2P network. However, this practice can make you vulnerable to data and identity theft. Even if you change those risky default settings to a safer configuration, the act of downloading files from an anonymous source greatly increases your exposure to infection. That is because the files you are downloading may actually contain a disguised threat. Many very malicious worms and trojans, such as the Storm Worm, target and spread across P2P files sharing networks because of their known
vulnerabilities.

5. Before using or purchasing any Spyware/Malware protection/removal program, always check the following Rogue/Suspect Spyware Lists.
http://www.spywarewarrior.com/rogue_anti-spyware.htm
http://www.malwarebytes.org/database.php

6. If you have not already done so, you might want to install CCleaner and run it in each user's profile: http://www.ccleaner.com/
** UNcheck the option to install the Yahoo toolbar that is checked by default for the Standard version, or download the toolbar-free versions (Slim or Basic) when given the option for those.

7. Practice Safe Surfing with with TrendProtect by Trendmicro.
TrendProtect is a browser plugin that assigns a safety rating to domains listed in your search engine. TrendProtect also adds a new button to your browser's toolbar area. The icon and color of the button changes to indicate whether the page currently open is safe, unsafe, trusted, or unrated, or whether it contains unwanted content.

The following color codes are used by TrendProtect to indicate the safety of each site.

Red for Warning
Yellow for Use Caution
Green for Safe
Grey for Unknown

8. You might consider installing SpywareBlaster: http://www.javacoolsoftware.com/spywareblaster.html
It will:
Prevent the installation of ActiveX-based spyware, adware, browser hijackers, dialers, and other potentially unwanted software.
Block spyware/tracking cookies in Internet Explorer and Mozilla Firefox.
Restrict the actions of potentially unwanted sites in Internet Explorer.
Tutorial here: http://www.bleepingcomputer.com/forums/tutorial49.html
Periodically check for updates.

9. Here are some helpful articles:
"How did I get infected?"
http://www.bleepingcomputer.com/forums/topic2520.html

"I'm not pulling your leg, honest"
by Sandi Hardmeier
http://www.microsoft.com/windows/IE/community/columns/pulling.mspx

Let us know if we have not resolved your problem. Otherwise, you are good to go.
Happy and Safe Surfing!
Let us know if we have not resolved your problem. Otherwise, you are good to go.

Happy and Safe Surfing!

perectly fine.

Thanks! 

Excellent! Have a great day and stay safe online. :)