<br />
<br />
Logfile of HijackThis v1.99.1<br />
Scan saved at 10:03:54 PM, on 4/26/2008<br />
Platform: Windows XP SP2 (WinNT 5.01.2600)<br />
MSIE: Internet Explorer v7.00 (7.00.6000.16640)</p>
<p>Running processes:<br />
C:\\\\WINDOWS\\\\System32\\\\smss.exe<br />
C:\\\\WINDOWS\\\\system32\\\\winlogon.exe<br />
C:\\\\WINDOWS\\\\system32\\\\services.exe<br />
C:\\\\WINDOWS\\\\system32\\\\lsass.exe<br />
C:\\\\WINDOWS\\\\system32\\\\svchost.exe<br />
C:\\\\WINDOWS\\\\system32\\\\svchost.exe<br />
C:\\\\WINDOWS\\\\explorer.exe<br />
C:\\\\Documents and Settings\\\\Owner\\\\Desktop\\\\HijackThis.exe</p>
<p>R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\\\\PROGRA~1\\\\Yahoo!\\\\Companion\\\\Installs\\\\cpn\\\\yt.dll<br />
F2 - REG:system.ini: Shell=explorer.exe<br />
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\\\\Program Files\\\\Orbitdownloader\\\\orbitcth.dll<br />
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\\\\PROGRA~1\\\\Yahoo!\\\\Companion\\\\Installs\\\\cpn\\\\yt.dll<br />
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\\\\Program Files\\\\Adobe\\\\Acrobat 7.0\\\\ActiveX\\\\AcroIEHelper.dll<br />
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\\\\PROGRA~1\\\\SPYBOT~1\\\\SDHelper.dll<br />
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)<br />
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\\\\Program Files\\\\Common Files\\\\Microsoft Shared\\\\Windows Live\\\\WindowsLiveLogin.dll<br />
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\\\\program files\\\\google\\\\googletoolbar1.dll<br />
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\\\\Program Files\\\\Windows Live Toolbar\\\\msntb.dll<br />
O2 - BHO: (no name) - {C57910E2-F661-4E22-8972-EEB5EBD8C43C} - (no file)<br />
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\\\\program files\\\\google\\\\googletoolbar1.dll<br />
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\\\\PROGRA~1\\\\Yahoo!\\\\Companion\\\\Installs\\\\cpn\\\\yt.dll<br />
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\\\\Program Files\\\\Windows Live Toolbar\\\\msntb.dll<br />
O3 - Toolbar: dpevflbg - {C71F6A92-8438-46A4-9237-15A1F1AF179D} - C:\\\\WINDOWS\\\\dpevflbg.dll<br />
O4 - HKLM\\\\..\\\\Run: [ehTray] C:\\\\WINDOWS\\\\ehome\\\\ehtray.exe<br />
O4 - HKLM\\\\..\\\\Run: [NeroFilterCheck] C:\\\\WINDOWS\\\\system32\\\\NeroCheck.exe<br />
O4 - HKLM\\\\..\\\\Run: [SunKistEM] C:\\\\Program Files\\\\Digital Media Reader\\\\shwiconem.exe<br />
O4 - HKLM\\\\..\\\\Run: [CHotkey] zHotkey.exe<br />
O4 - HKLM\\\\..\\\\Run: [SigmatelSysTrayApp] sttray.exe<br />
O4 - HKLM\\\\..\\\\Run: [IntelAudioStudio] \\”C:\\\\Program Files\\\\Intel Audio Studio\\\\IntelAudioStudio.exe\\” BOOT<br />
O4 - HKLM\\\\..\\\\Run: [Reminder] %WINDIR%\\\\Creator\\\\Remind_XP.exe<br />
O4 - HKLM\\\\..\\\\Run: [Recguard] %WINDIR%\\\\SMINST\\\\RECGUARD.EXE<br />
O4 - HKLM\\\\..\\\\Run: [RemoteControl] \\”C:\\\\Program Files\\\\CyberLink\\\\PowerDVD\\\\PDVDServ.exe\\”<br />
O4 - HKLM\\\\..\\\\Run: [IgfxTray] C:\\\\WINDOWS\\\\system32\\\\igfxtray.exe<br />
O4 - HKLM\\\\..\\\\Run: [HotKeysCmds] C:\\\\WINDOWS\\\\system32\\\\hkcmd.exe<br />
O4 - HKLM\\\\..\\\\Run: [Persistence] C:\\\\WINDOWS\\\\system32\\\\igfxpers.exe<br />
O4 - HKLM\\\\..\\\\Run: [QuickTime Task] \\”C:\\\\Program Files\\\\QuickTime\\\\QTTask.exe\\” -atboottime<br />
O4 - HKLM\\\\..\\\\Run: [iTunesHelper] \\”C:\\\\Program Files\\\\iTunes\\\\iTunesHelper.exe\\”<br />
O4 - HKLM\\\\..\\\\Run: [avgnt] \\”C:\\\\Program Files\\\\Avira\\\\AntiVir PersonalEdition Classic\\\\avgnt.exe\\” /min<br />
O4 - HKLM\\\\..\\\\Run: [EPSON Stylus CX4200 Series] C:\\\\WINDOWS\\\\System32\\\\spool\\\\DRIVERS\\\\W32X86\\\\3\\\\E_FATIAEA.EXE /P26 \\”EPSON Stylus CX4200 Series\\” /O6 \\”USB001\\” /M \\”Stylus CX4200\\”<br />
O4 - HKLM\\\\..\\\\Run: [EPSON Stylus CX4200 Series (Copy 1)] C:\\\\WINDOWS\\\\System32\\\\spool\\\\DRIVERS\\\\W32X86\\\\3\\\\E_FATIAEA.EXE /P35 \\”EPSON Stylus CX4200 Series (Copy 1)\\” /O6 \\”USB001\\” /M \\”Stylus CX4200\\”<br />
O4 - HKCU\\\\..\\\\Run: [Yahoo! Pager] \\”C:\\\\Program Files\\\\Yahoo!\\\\Messenger\\\\YahooMessenger.exe\\” -quiet<br />
O4 - HKCU\\\\..\\\\Run: [ctfmon.exe] C:\\\\WINDOWS\\\\system32\\\\ctfmon.exe<br />
O4 - HKCU\\\\..\\\\Run: [updateMgr] C:\\\\Program Files\\\\Adobe\\\\Acrobat 7.0\\\\Reader\\\\AdobeUpdateManager.exe AcRdB7_0_9<br />
O4 - HKCU\\\\..\\\\Run: [SpybotSD TeaTimer] C:\\\\Program Files\\\\Spybot - Search & Destroy\\\\TeaTimer.exe<br />
O4 - HKCU\\\\..\\\\Run: [MSMSGS] \\”C:\\\\Program Files\\\\Messenger\\\\msmsgs.exe\\” /background<br />
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\\\\Program Files\\\\Adobe\\\\Acrobat 7.0\\\\Reader\\\\reader_sl.exe<br />
O4 - Global Startup: Install Pending Files.LNK = C:\\\\Program Files\\\\SIFXINST\\\\SIFXINST.EXE<br />
O8 - Extra context menu item: &AOL Toolbar search - res://C:\\\\Program Files\\\\AOL Toolbar\\\\toolbar.dll/SEARCH.HTML<br />
O8 - Extra context menu item: &Download by Orbit - res://C:\\\\Program Files\\\\Orbitdownloader\\\\orbitmxt.dll/201<br />
O8 - Extra context menu item: &Grab video by Orbit - res://C:\\\\Program Files\\\\Orbitdownloader\\\\orbitmxt.dll/204<br />
O8 - Extra context menu item: &Windows Live Search - res://C:\\\\Program Files\\\\Windows Live Toolbar\\\\msntb.dll/search.htm<br />
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...uickadd.aspx<br />
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\\\\Program Files\\\\Orbitdownloader\\\\orbitmxt.dll/203<br />
O8 - Extra context menu item: Down&load all by Orbit - res://C:\\\\Program Files\\\\Orbitdownloader\\\\orbitmxt.dll/202<br />
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\\\\PROGRA~1\\\\MICROS~2\\\\OFFICE11\\\\EXCEL.EXE/3000<br />
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\\\\bdoscandel.exe (file missing)<br />
O9 - Extra \\’Tools\\’ menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\\\\bdoscandel.exe (file missing)<br />
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\\\\PROGRA~1\\\\MICROS~2\\\\OFFICE11\\\\REFIEBAR.DLL<br />
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\\\\WINDOWS\\\\system32\\\\Shdocvw.dll<br />
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\\\\Documents and Settings\\\\Owner\\\\Start Menu\\\\Programs\\\\IMVU\\\\Run IMVU.lnk<br />
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\\\\PROGRA~1\\\\SPYBOT~1\\\\SDHelper.dll<br />
O9 - Extra \\’Tools\\’ menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\\\\PROGRA~1\\\\SPYBOT~1\\\\SDHelper.dll<br />
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\\\\Network Diagnostic\\\\xpnetdiag.exe (file missing)<br />
O9 - Extra \\’Tools\\’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\\\\Network Diagnostic\\\\xpnetdiag.exe (file missing)<br />
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\\\\Program Files\\\\Messenger\\\\msmsgs.exe<br />
O9 - Extra \\’Tools\\’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\\\\Program Files\\\\Messenger\\\\msmsgs.exe<br />
O11 - Options group: [INTERNATIONAL] International*<br />
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail....MSNPUpld.cab<br />
O16 - DPF: {549F957E-2F89-11D6-8CFE-00C04F52B225} (CMV5 Class) - http://coolsavings.c......cmv5X.cab<br />
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebo......ader3.cab<br />
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd......scan8.cab<br />
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi......135967093<br />
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.......PkMSN.cab<br />
O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) - http://appdirectory.......WXMSN.cab<br />
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon......56907.cab<br />
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.gamehouse......oader.cab<br />
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\\\\PROGRA~1\\\\WI1F86~1\\\\MESSEN~1\\\\MSGRAP~1.DLL<br />
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\\\\PROGRA~1\\\\WI1F86~1\\\\MESSEN~1\\\\MSGRAP~1.DLL<br />
O20 - Winlogon Notify: igfxcui - C:\\\\WINDOWS\\\\SYSTEM32\\\\igfxdev.dll<br />
O21 - SSODL: wdpoefan - {9A540731-6D8D-4CAC-863C-8364A01F4310} - C:\\\\WINDOWS\\\\wdpoefan.dll<br />
O21 - SSODL: vadokmxt - {280FDD8E-62A8-473D-8F52-3CEA839484D4} - C:\\\\WINDOWS\\\\vadokmxt.dll<br />
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\\\\Program Files\\\\Avira\\\\AntiVir PersonalEdition Classic\\\\sched.exe<br />
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\\\\Program Files\\\\Avira\\\\AntiVir PersonalEdition Classic\\\\avguard.exe<br />
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\\\\Program Files\\\\Common Files\\\\Apple\\\\Mobile Device Support\\\\bin\\\\AppleMobileDeviceService.exe<br />
O23 - Service: iPod Service - Apple Inc. - C:\\\\Program Files\\\\iPod\\\\bin\\\\iPodService.exe<br />
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\\\\Program Files\\\\Common Files\\\\New Boundary\\\\PrismXL\\\\PRISMXL.SYS</p>
<p>