Here the Hijack Log.
Logfile of HijackThis v1.99.1
Scan saved at 11:23:28 PM, on 5/6/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
E:\Grisoft\AVG7\avgamsvr.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\VM_STI.EXE
C:\Program Files\Windows Defender\MSASCui.exe
E:\Grisoft\AVG7\avgupsvc.exe
E:\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Documents and Settings\User\Desktop\HJT\Spyware.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://google.icq.co...earch_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
http://us.rd.yahoo.c...//www.yahoo.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [ScanRegistry] C:\W
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE Vimicro USB PC Camera (ZC0301PL)
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [AVG7_CC] E:\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "E:\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [WindowsService] rundll32.exe "C:\WINDOWS\system32\ekrlhgfx.dll",realset
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) -
http://zone.msn.com/...UI.cab46479.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
http://go.microsoft....k/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) -
http://messenger.zon...er.cab31267.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) -
http://zone.msn.com/...dy.cab32846.cab
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) -
https://www.e-games....GamesPlugin.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -
http://sankok.spaces...ad/MsnPUpld.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) -
http://zone.msn.com/...at.cab32846.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) -
http://messenger.zon...wn.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) -
http://messenger.zon...1/GAME_UNO1.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://update.micros...b?1147346808015
O16 - DPF: {80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA} (UnoCtrl Class) -
http://zone.msn.com/...O1.cab50727.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) -
http://messenger.zon...nt.cab31267.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) -
http://messenger.zon...ry/ZAxRcMgr.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) -
http://cdn2.zone.msn...ro.cab34246.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) -
http://messenger.zon...nt.cab56907.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) -
http://zone.msn.com/...xy.cab41227.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) -
http://messenger.zon...wn.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{247F486B-5DB1-4537-847C-D7A3B023797B}: NameServer = 202.188.0.133 202.188.1.5
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Ares Development Group - (no file)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - E:\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - E:\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - E:\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - E:\Grisoft\AVG7\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
VBG.txt Here
[05/06/2007, 23:03:35] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\User\Desktop\VirtumundoBeGone.exe" )
[05/06/2007, 23:03:39] - Detected System Information:
[05/06/2007, 23:03:39] - Windows Version: 5.1.2600, Service Pack 2
[05/06/2007, 23:03:39] - Current Username: User (Admin)
[05/06/2007, 23:03:39] - Windows is in NORMAL mode.
[05/06/2007, 23:03:39] - Searching for Browser Helper Objects:
[05/06/2007, 23:03:39] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[05/06/2007, 23:03:39] - BHO 2: {1F61428B-9817-492B-B419-4B6FFC4DBDB4} ()
[05/06/2007, 23:03:39] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/06/2007, 23:03:39] - Checking for HKLM\...\Winlogon\Notify\gamtdprx
[05/06/2007, 23:03:39] - Key not found: HKLM\...\Winlogon\Notify\gamtdprx, continuing.
[05/06/2007, 23:03:39] - BHO 3: {276A2D5C-DEB7-4367-9880-E95365B44C68} ()
[05/06/2007, 23:03:39] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/06/2007, 23:03:39] - Checking for HKLM\...\Winlogon\Notify\vtutu
[05/06/2007, 23:03:39] - Found: HKLM\...\Winlogon\Notify\vtutu - This is probably Virtumundo.
[05/06/2007, 23:03:39] - Assigning {276A2D5C-DEB7-4367-9880-E95365B44C68} MSEvents Object
[05/06/2007, 23:03:39] - BHO list has been changed! Starting over...
[05/06/2007, 23:03:39] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[05/06/2007, 23:03:39] - BHO 2: {1F61428B-9817-492B-B419-4B6FFC4DBDB4} ()
[05/06/2007, 23:03:40] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/06/2007, 23:03:40] - Checking for HKLM\...\Winlogon\Notify\gamtdprx
[05/06/2007, 23:03:40] - Key not found: HKLM\...\Winlogon\Notify\gamtdprx, continuing.
[05/06/2007, 23:03:40] - BHO 3: {276A2D5C-DEB7-4367-9880-E95365B44C68} (MSEvents Object)
[05/06/2007, 23:03:40] - ALERT: Found MSEvents Object!
[05/06/2007, 23:03:40] - BHO 4: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[05/06/2007, 23:03:40] - BHO 5: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[05/06/2007, 23:03:40] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/06/2007, 23:03:40] - No filename found. Continuing.
[05/06/2007, 23:03:40] - BHO 6: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[05/06/2007, 23:03:40] - BHO 7: {9E01FE64-8681-46F5-9332-2DB9EEDB5046} ()
[05/06/2007, 23:03:40] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/06/2007, 23:03:40] - Checking for HKLM\...\Winlogon\Notify\awturss
[05/06/2007, 23:03:40] - Found: HKLM\...\Winlogon\Notify\awturss - This is probably Virtumundo.
[05/06/2007, 23:03:40] - Assigning {9E01FE64-8681-46F5-9332-2DB9EEDB5046} MSEvents Object
[05/06/2007, 23:03:40] - BHO list has been changed! Starting over...
[05/06/2007, 23:03:40] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[05/06/2007, 23:03:40] - BHO 2: {1F61428B-9817-492B-B419-4B6FFC4DBDB4} ()
[05/06/2007, 23:03:40] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/06/2007, 23:03:40] - Checking for HKLM\...\Winlogon\Notify\gamtdprx
[05/06/2007, 23:03:40] - Key not found: HKLM\...\Winlogon\Notify\gamtdprx, continuing.
[05/06/2007, 23:03:40] - BHO 3: {276A2D5C-DEB7-4367-9880-E95365B44C68} (MSEvents Object)
[05/06/2007, 23:03:40] - ALERT: Found MSEvents Object!
[05/06/2007, 23:03:40] - BHO 4: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[05/06/2007, 23:03:40] - BHO 5: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[05/06/2007, 23:03:40] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/06/2007, 23:03:40] - No filename found. Continuing.
[05/06/2007, 23:03:40] - BHO 6: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[05/06/2007, 23:03:40] - BHO 7: {9E01FE64-8681-46F5-9332-2DB9EEDB5046} (MSEvents Object)
[05/06/2007, 23:03:40] - ALERT: Found MSEvents Object!
[05/06/2007, 23:03:40] - BHO 8: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (Windows Live Toolbar Helper)
[05/06/2007, 23:03:40] - BHO 9: {D651AFF4-9590-424d-BD1E-8E33E090DFB3} ()
[05/06/2007, 23:03:40] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/06/2007, 23:03:40] - Checking for HKLM\...\Winlogon\Notify\soistnpx
[05/06/2007, 23:03:40] - Key not found: HKLM\...\Winlogon\Notify\soistnpx, continuing.
[05/06/2007, 23:03:40] - Finished Searching Browser Helper Objects
[05/06/2007, 23:03:40] - *** Detected MSEvents Object
[05/06/2007, 23:03:40] - Trying to remove MSEvents Object...
[05/06/2007, 23:03:41] - Terminating Process: IEXPLORE.EXE
[05/06/2007, 23:03:41] - Terminating Process: RUNDLL32.EXE
[05/06/2007, 23:03:41] - Disabling Automatic Shell Restart
[05/06/2007, 23:03:41] - Terminating Process: EXPLORER.EXE
[05/06/2007, 23:03:41] - Suspending the NT Session Manager System Service
[05/06/2007, 23:03:41] - Terminating Windows NT Logon/Logoff Manager
[05/06/2007, 23:03:41] - Re-enabling Automatic Shell Restart
[05/06/2007, 23:03:41] - File to disable: C:\WINDOWS\system32\vtutu.dll
[05/06/2007, 23:03:41] - Renaming C:\WINDOWS\system32\vtutu.dll -> C:\WINDOWS\system32\vtutu.dll.vir
[05/06/2007, 23:03:41] - File successfully renamed!
[05/06/2007, 23:03:41] - Removing HKLM\...\Browser Helper Objects\{276A2D5C-DEB7-4367-9880-E95365B44C68}
[05/06/2007, 23:03:41] - Removing HKCR\CLSID\{276A2D5C-DEB7-4367-9880-E95365B44C68}
[05/06/2007, 23:03:41] - Adding Kill Bit for ActiveX for GUID: {276A2D5C-DEB7-4367-9880-E95365B44C68}
[05/06/2007, 23:03:41] - Deleting ATLEvents/MSEvents Registry entries
[05/06/2007, 23:03:41] - Removing HKLM\...\Winlogon\Notify\vtutu
[05/06/2007, 23:03:41] - Searching for Browser Helper Objects:
[05/06/2007, 23:03:41] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[05/06/2007, 23:03:41] - BHO 2: {1F61428B-9817-492B-B419-4B6FFC4DBDB4} ()
[05/06/2007, 23:03:41] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/06/2007, 23:03:41] - Checking for HKLM\...\Winlogon\Notify\gamtdprx
[05/06/2007, 23:03:41] - Key not found: HKLM\...\Winlogon\Notify\gamtdprx, continuing.
[05/06/2007, 23:03:41] - BHO 3: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[05/06/2007, 23:03:41] - BHO 4: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[05/06/2007, 23:03:41] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/06/2007, 23:03:41] - No filename found. Continuing.
[05/06/2007, 23:03:41] - BHO 5: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[05/06/2007, 23:03:41] - BHO 6: {9E01FE64-8681-46F5-9332-2DB9EEDB5046} (MSEvents Object)
[05/06/2007, 23:03:41] - ALERT: Found MSEvents Object!
[05/06/2007, 23:03:41] - BHO 7: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (Windows Live Toolbar Helper)
[05/06/2007, 23:03:41] - BHO 8: {D651AFF4-9590-424d-BD1E-8E33E090DFB3} ()
[05/06/2007, 23:03:41] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/06/2007, 23:03:41] - Checking for HKLM\...\Winlogon\Notify\soistnpx
[05/06/2007, 23:03:41] - Key not found: HKLM\...\Winlogon\Notify\soistnpx, continuing.
[05/06/2007, 23:03:41] - Finished Searching Browser Helper Objects
[05/06/2007, 23:03:41] - *** Detected MSEvents Object
[05/06/2007, 23:03:41] - Trying to remove MSEvents Object...
[05/06/2007, 23:03:42] - Terminating Process: IEXPLORE.EXE
[05/06/2007, 23:03:42] - Terminating Process: RUNDLL32.EXE
[05/06/2007, 23:03:42] - Disabling Automatic Shell Restart
[05/06/2007, 23:03:42] - Terminating Process: EXPLORER.EXE
[05/06/2007, 23:03:43] - Suspending the NT Session Manager System Service
[05/06/2007, 23:03:43] - Terminating Windows NT Logon/Logoff Manager
[05/06/2007, 23:03:43] - Re-enabling Automatic Shell Restart
[05/06/2007, 23:03:43] - File to disable: C:\WINDOWS\system32\awturss.dll
[05/06/2007, 23:03:43] - Renaming C:\WINDOWS\system32\awturss.dll -> C:\WINDOWS\system32\awturss.dll.vir
[05/06/2007, 23:03:43] - File successfully renamed!
[05/06/2007, 23:03:43] - Removing HKLM\...\Browser Helper Objects\{9E01FE64-8681-46F5-9332-2DB9EEDB5046}
[05/06/2007, 23:03:43] - Removing HKCR\CLSID\{9E01FE64-8681-46F5-9332-2DB9EEDB5046}
[05/06/2007, 23:03:43] - Adding Kill Bit for ActiveX for GUID: {9E01FE64-8681-46F5-9332-2DB9EEDB5046}
[05/06/2007, 23:03:43] - Deleting ATLEvents/MSEvents Registry entries
[05/06/2007, 23:03:43] - Removing HKLM\...\Winlogon\Notify\awturss
[05/06/2007, 23:03:43] - Searching for Browser Helper Objects:
[05/06/2007, 23:03:43] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[05/06/2007, 23:03:43] - BHO 2: {1F61428B-9817-492B-B419-4B6FFC4DBDB4} ()
[05/06/2007, 23:03:43] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/06/2007, 23:03:43] - Checking for HKLM\...\Winlogon\Notify\gamtdprx
[05/06/2007, 23:03:43] - Key not found: HKLM\...\Winlogon\Notify\gamtdprx, continuing.
[05/06/2007, 23:03:43] - BHO 3: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[05/06/2007, 23:03:43] - BHO 4: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[05/06/2007, 23:03:43] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/06/2007, 23:03:43] - No filename found. Continuing.
[05/06/2007, 23:03:43] - BHO 5: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[05/06/2007, 23:03:43] - BHO 6: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (Windows Live Toolbar Helper)
[05/06/2007, 23:03:43] - BHO 7: {D651AFF4-9590-424d-BD1E-8E33E090DFB3} ()
[05/06/2007, 23:03:43] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/06/2007, 23:03:43] - Checking for HKLM\...\Winlogon\Notify\soistnpx
[05/06/2007, 23:03:43] - Key not found: HKLM\...\Winlogon\Notify\soistnpx, continuing.
[05/06/2007, 23:03:43] - Finished Searching Browser Helper Objects
[05/06/2007, 23:03:43] - Finishing up...
[05/06/2007, 23:03:43] - A restart is needed.
[05/06/2007, 23:03:43] - Automatic Reboot on STOP Error is not set. User will have to manually restart.
[05/06/2007, 23:03:53] - Attempting to Restart via STOP error (Blue Screen!)
And I couldn't delete this file.
C:\WINDOWS\system32\gamtdprx.dll
No more error when startup.Could I possible know is there any spyware/virus exist in my computer?If yes,do I need post a new topic with new Hijackthis log?Because,recently,my Firefox/IE get directed or suddenly open in a new window/tab to a internet page.Thanks for the help.
Edited by Wat3rfalcon, 06 May 2007 - 09:31 AM.