Thank you in advance for your help.
Logfile of HijackThis v1.99.1
Scan saved at 6:22:08 PM, on 4/7/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\drivers\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\xampplite\apache\bin\apache.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\HPQ\HDThermal\HDThermal.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\xampplite\apache\bin\apache.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
C:\Documents and Settings\All Users\Application Data\pilerklm\jwnedujo.exe
C:\Program Files\Compaq\EAB\EABSERVR.EXE
C:\WINDOWS\system32\ltmsg.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Compaq\Hotkey Software\hkss.exe
C:\Windows\system32\HPZipm12.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Windows\System32\PAStiSvc.exe
C:\Program Files\1&1\1&1 EasyLogin\EasyLogin.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\NETGEAR\SC101 Manager Utility\ZeteraService.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\Gcc.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\OdHost.exe
C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\Desktop\Hijackthis\HijackThis.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\windowsupdate.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O3 - Toolbar: (no name) - {84938242-5C5B-4A55-B6B9-A1507543B418} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: (no name) - {DB9FBA9D-AB1B-4CC6-9745-F3B549D64E40} - (no file)
O4 - HKLM\..\Run: [LidPolicy] c:\Program Files\Hewlett-Packard\LidSwitch Policy\pwrschem.exe
O4 - HKLM\..\Run: [hkss] C:\Program Files\Compaq\Hotkey Software\hkss.exe
O4 - HKLM\..\Run: [autoload] C:\Documents and Settings\LocalService\Local Settings\Application Data\windowsupdate.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\RunServices: [CPQDFWAG] C:\Windows\Cpqdiag\CpqDfwAg.exe
O4 - HKCU\..\Run: [1&1 EasyLogin] C:\Program Files\1&1\1&1 EasyLogin\EasyLogin.exe
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Wireless-G Notebook Adapter.lnk = C:\Program Files\Linksys\Wireless-G Notebook Adapter\Gcc.exe
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePokerMaster\EmpirePoker\RunEPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePokerMaster\EmpirePoker\RunEPoker.exe (file missing)
O9 - Extra button: (no name) - {9034a523-d068-4be8-a284-9df278be776e} - http://www.ieservice...om/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034a523-d068-4be8-a284-9df278be776e} - http://www.ieservice...om/redirect.php (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - E:\PARTY POKER\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - E:\PARTY POKER\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1168303283900
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{175D2D7F-4D54-4E70-B69B-533EEE5A8DB6}: NameServer = 85.255.115.6,85.255.112.12
O17 - HKLM\System\CCS\Services\Tcpip\..\{3D8726ED-5170-43B2-9DDC-74E6E669E15A}: NameServer = 85.255.115.6,85.255.112.12
O17 - HKLM\System\CCS\Services\Tcpip\..\{69CA3FBF-D82D-4BA8-A330-A90E0B50A398}: NameServer = 85.255.115.6,85.255.112.12
O17 - HKLM\System\CCS\Services\Tcpip\..\{F2E2F253-A95A-4E4D-B941-143DFA1C2222}: NameServer = 85.255.115.6,85.255.112.12
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.6 85.255.112.12
O17 - HKLM\System\CS1\Services\Tcpip\..\{175D2D7F-4D54-4E70-B69B-533EEE5A8DB6}: NameServer = 85.255.115.6,85.255.112.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.6 85.255.112.12
O21 - SSODL: eitheror - {2016a466-91a2-43c6-97d8-2fd380f065ef} - (no file)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: CheckWeb - {C111CF13-545F-6FF1-51AC-F623D452C63D} - C:\WINDOWS\system32\cryper.dll (file missing)
O21 - SSODL: VolumeKernel - {dd5cb760-7341-4994-ac45-94c4ca2bde0e} - C:\WINDOWS\Installer\{dd5cb760-7341-4994-ac45-94c4ca2bde0e}\VolumeKernel.dll (file missing)
O21 - SSODL: zip - {6ce92032-0c34-4eca-be58-cd26769fa925} - C:\WINDOWS\Installer\{6ce92032-0c34-4eca-be58-cd26769fa925}\zip.dll (file missing)
O21 - SSODL: MonDrive - {f8d4c823-8c28-4a33-92cf-7fa459d656de} - C:\WINDOWS\Resources\MonDrive.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apache2.2 - Unknown owner - C:\xampplite\apache\bin\apache.exe" -k runservice (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (avg7alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (avg7updsvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (avgems) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Hard Drive Thermal (HDThermal) - Hewlett-Packard Company - C:\Program Files\HPQ\HDThermal\HDThermal.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett Packard Company - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: NICSer_WPC54G - Unknown owner - C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\Windows\system32\HPZipm12.exe
O23 - Service: Task Scheduler (Schedule) - Unknown owner - C:\WINDOWS\system32\drivers\svchost.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: STI Simulator - Unknown owner - C:\Windows\System32\PAStiSvc.exe
O23 - Service: Zetera - Zetera Corporation - C:\Program Files\NETGEAR\SC101 Manager Utility\ZeteraService.exe
Here is my startup log
StartupList report, 4/8/2008, 2:37:17 PM
StartupList version: 1.52.2
Started from : C:\Documents and Settings\Owner\Desktop\Hijackthis\HijackThis.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180)
* Using default options
==================================================
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\drivers\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\xampplite\apache\bin\apache.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\xampplite\apache\bin\apache.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\HPQ\HDThermal\HDThermal.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
C:\Windows\system32\HPZipm12.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Windows\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NETGEAR\SC101 Manager Utility\ZeteraService.exe
C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\All Users\Application Data\pilerklm\jwnedujo.exe
C:\Program Files\Compaq\Hotkey Software\hkss.exe
C:\Program Files\1&1\1&1 EasyLogin\EasyLogin.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\Gcc.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\OdHost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\Desktop\Hijackthis\HijackThis.exe
--------------------------------------------------
Listing of startup folders:
Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
Wireless-G Notebook Adapter.lnk = C:\Program Files\Linksys\Wireless-G Notebook Adapter\Gcc.exe
--------------------------------------------------
Checking Windows NT UserInit:
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LidPolicy = c:\Program Files\Hewlett-Packard\LidSwitch Policy\pwrschem.exe
hkss = C:\Program Files\Compaq\Hotkey Software\hkss.exe
autoload = C:\Documents and Settings\LocalService\Local Settings\Application Data\windowsupdate.exe
MSConfig = C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
ntuser = C:\WINDOWS\system32\drivers\svchost.exe
BMf7c6a057 = Rundll32.exe "C:\WINDOWS\system32\vkuubsel.dll",s
f4f593cb = rundll32.exe "C:\WINDOWS\system32\liupwnhd.dll",b
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
CPQDFWAG = C:\Windows\Cpqdiag\CpqDfwAg.exe
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
1&1 EasyLogin = C:\Program Files\1&1\1&1 EasyLogin\EasyLogin.exe
RoboForm = "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
swg = C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe
Yahoo! Pager = "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
[OptionalComponents]
=
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
[AdobeUpdater]
=
--------------------------------------------------
Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:
Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*
Shell & screensaver key from Registry:
Shell=Explorer.exe
SCRNSAVE.EXE=C:\WINDOWS\system32\logon.scr
drivers=*Registry value not found*
Policies Shell key:
HKCU\..\Policies: Shell=*Registry value not found*
HKLM\..\Policies: Shell=*Registry value not found*
--------------------------------------------------
Enumerating Task Scheduler jobs:
AppleSoftwareUpdate.job
--------------------------------------------------
Enumerating Download Program Files:
[Installation Support]
InProcServer32 = C:\Program Files\Yahoo!\Common\Yinsthelper.dll
CODEBASE = C:\Program Files\Yahoo!\Common\Yinsthelper.dll
[WUWebControl Class]
InProcServer32 = C:\WINDOWS\system32\wuweb.dll
CODEBASE = http://update.micros...b?1168303283900
[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\system32\Macromed\Flash\Flash9e.ocx
CODEBASE = http://fpdownload2.m...ash/swflash.cab
--------------------------------------------------
Enumerating Winsock LSP files:
NameSpace #5: C:\Program Files\Bonjour\mdnsNSP.dll
--------------------------------------------------
Enumerating ShellServiceObjectDelayLoad items:
PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\system32\webcheck.dll
SysTray: C:\WINDOWS\system32\stobject.dll
UPnPMonitor: C:\Windows\system32\upnpui.dll
eitheror: *Registry key not found*
WPDShServiceObj: C:\WINDOWS\system32\WPDShServiceObj.dll
CheckWeb: C:\WINDOWS\system32\cryper.dll
VolumeKernel: C:\WINDOWS\Installer\{dd5cb760-7341-4994-ac45-94c4ca2bde0e}\VolumeKernel.dll
zip: C:\WINDOWS\Installer\{6ce92032-0c34-4eca-be58-cd26769fa925}\zip.dll
MonDrive: C:\WINDOWS\Resources\MonDrive.dll
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
user32.dll = C:\Program Files\Video Access ActiveX Object\isamntr.exe
rare = C:\Program Files\Video Access ActiveX Object\pmsnrr.exe
0i2GsaXRj2 = C:\Documents and Settings\All Users\Application Data\pilerklm\jwnedujo.exe
--------------------------------------------------
End of report, 7,663 bytes
Report generated in 1.172 seconds
Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only
Edited by mezloh, 08 April 2008 - 01:43 PM.