Hello.I'm begging some of you experts to take a look at ...

[drazenn]

Hello.I have a lot of problems with my pc,and I know that I have some kind of malware inside because,that "somebody" has even stole my pictures and published them in a Paltalk-audio/video chat messenger,and has even break through my password,and EVEN stole my e-mail accont ,now he reads my mail first,and then he forwards mail to my another mail account.My system suddenly stops from time to time,VLC stops ithout a reason,windows explorer also,but it can't be due to a PC cos I've 4Gigs of DDR2 on XP(I know that hit recognise just 3.25,but doesn't matter,and a CPU AMD AM2+ 5400+ black edition,and I don't doing nothing special to overload it.
Now I've turn everything on so maybe you can easier see where and in what is the problem.
I,ve tried really everything,don't know how many antispayware and antiviruses I've tried,but neither of them hekos.

So,PLEASE,if some of you experts can take a look what should I move out from my PC and how?

And  I'll be very greatfull,if you recommend me what to install to stop all this shits.

You are really my only hope,because I don't even have any more ideas what to do.For over then three months I am fighting with this,have already reformated 2 or three times,and he always find the way how to find me even if I change my MSN adress,and a nick on Paltalk,yahoo or anywhere else.

Thank you in advance,even if you just take a look without solving a problem.

Here is my HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:52, on 18.9.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\Cyberlink\Shared files\RichVideo.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\gigabyte\RCApp\RCApp.exe
C:\WINDOWS\vsnpstd3.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\SPYWAREfighter\spftray.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\CyberLink\PowerCinema\PCMService.exe
C:\Program Files\SPYWAREfighter\spfprc.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\gigabyte\I-Cool\ICool.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\rsmsink.exe
C:\Program Files\Hide My IP 2008\SecureSrv.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Orbitdownloader\orbitdm.exe
C:\Program Files\Orbitdownloader\orbitnet.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\Paltalk Messenger\paltalk.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\TMD-Recruit.5.1\mirc.exe
C:\Program Files\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = file://c:\windows\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = file://c:\windows\system32\blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 9\SnagItBHO.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Pomoc za prijavu - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 9\SnagItIEAddin.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [RTHDCPL] "C:\WINDOWS\RTHDCPL.EXE"
O4 - HKLM\..\Run: [Alcmtr] "C:\WINDOWS\ALCMTR.EXE"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [RCApp] "C:\Program Files\gigabyte\RCApp\RCApp.exe"
O4 - HKLM\..\Run: [snpstd3] "C:\WINDOWS\vsnpstd3.exe"
O4 - HKLM\..\Run: [tsnpstd3] "C:\WINDOWS\tsnpstd3.exe"
O4 - HKLM\..\Run: [ScanSoft OmniPage SE 4.0-reminder] "C:\Program Files\ScanSoft\OmniPageSE4.0\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\OmniPageSE4.0\Ereg\ereg.ini"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [spywarefighterguard] "C:\Program Files\SPYWAREfighter\spftray.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [CTFMON.EXE] "C:\WINDOWS\system32\ctfmon.exe"
O4 - HKCU\..\Run: [] "C:\Program Files\gigabyte\I-Cool\ICool.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Stavi na blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Stavi na blog u Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\securenet.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\securenet.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\securenet.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1219871338062
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{FE64775A-A546-4C18-B15F-9C83E7615327}: NameServer = 195.29.149.196 195.29.149.197
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
O23 - Service: SecureSrv - Unknown owner - C:\Program Files\Hide My IP 2008\SecureSrv.exe
O23 - Service: SPYWAREfighterRP - SpamFighter APS - C:\Program Files\SPYWAREfighter\spfprc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (www.webroot.com) - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: Webroot Client Service (WRConsumerService) - Webroot Software, Inc.  - C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe

--
End of file - 11127 bytes

Again,thank you all in advance,
best regards
Drazenn from Zagreb,Croatia

[Guest]

Hello, visitor!

The Hijack This log analyzer has analyzed your log. Please take a closer look on the results.

Your system seems to be infected with malicious parasites. Please follow the steps below in order to eliminate the infection and clean up your computer.

1.   Download the Pocket KillBox utility. You will need it later to delete parasite-related files and folders.
2. Use HijackThis to fix the following entries:

O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 9\SnagItBHO.dll

3. The following entries are not malicious, but some of them are not used anymore. You may use HijackThis to fix a few of them. However, please keep in mind that some of the entries marked as Questionable or Not Needed are fully legitimate and might be required by installed software to work properly, while some others might be related to certain parasites. It is up to you to decide whether you need any of them, or not.
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = file://c:\windows\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = file://c:\windows\system32\blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ''LOCAL SERVICE'')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ''NETWORK SERVICE'')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ''SYSTEM'')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ''Default user'')
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra ''Tools'' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Stavi na blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra ''Tools'' menuitem: &Stavi na blog u Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra ''Tools'' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra ''Tools'' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\securenet.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\securenet.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\securenet.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1219871338062
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{FE64775A-A546-4C18-B15F-9C83E7615327}: NameServer = 195.29.149.196 195.29.149.197
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

4. Now restart your system in Safe Mode. This step is very important!
5.   Use the Pocket KillBox utility to delete the following files:

C:\Program Files\TechSmith\SnagIt 9\SnagItBHO.dll


The following files and Windows registry entries are marked as "unknown". Currently, the HijackThis Log Analyzer cannot provide required information on these items. The files and entries in the list below can be both malicious and fully legitimate. Because of this, please do not take any action! Wait for the forum responders or other forum users to provide you with necessary details and further instructions.
C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Program Files\gigabyte\RCApp\RCApp.exe
C:\WINDOWS\vsnpstd3.exe
C:\Program Files\SPYWAREfighter\spftray.exe
C:\Program Files\SPYWAREfighter\spfprc.exe
C:\Program Files\gigabyte\I-Cool\ICool.exe
C:\WINDOWS\system32\rsmsink.exe
C:\Program Files\Hide My IP 2008\SecureSrv.exe
C:\Program Files\Orbitdownloader\orbitdm.exe
C:\Program Files\Orbitdownloader\orbitnet.exe
C:\Program Files\Paltalk Messenger\paltalk.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 9\SnagItIEAddin.dll
O4 - HKLM\..\Run: [RCApp] "C:\Program Files\gigabyte\RCApp\RCApp.exe"
O4 - HKLM\..\Run: [snpstd3] "C:\WINDOWS\vsnpstd3.exe"
O4 - HKLM\..\Run: [tsnpstd3] "C:\WINDOWS\tsnpstd3.exe"
O4 - HKLM\..\Run: [ScanSoft OmniPage SE 4.0-reminder] "C:\Program Files\ScanSoft\OmniPageSE4.0\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\OmniPageSE4.0\Ereg\ereg.ini"
O4 - HKLM\..\Run: [spywarefighterguard] "C:\Program Files\SPYWAREfighter\spftray.exe"
O4 - HKCU\..\Run: [] "C:\Program Files\gigabyte\I-Cool\ICool.exe"
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O23 - Service: SecureSrv - Unknown owner - C:\Program Files\Hide My IP 2008\SecureSrv.exe
O23 - Service: SPYWAREfighterRP - SpamFighter APS - C:\Program Files\SPYWAREfighter\spfprc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Webroot Client Service (WRConsumerService) - Webroot Software, Inc.  - C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe
After going through all the steps, run another HijackThis scan and post a fresh log to the HijackThis analyzer. It is possible that some parasites your system was infected with were not removed completely and may restore themselves later.


If you want to see more detailed analysis of your log, click here.

Thank you for using the 2-Spyware.com HijackThis log analyzer!

[Bobby]

hello there,

your computer should be better after you follow instructions posted by HJT Analyzer.
formating hard drive erases all the information and it takes more that some remote-controlled malware to retrieve information. i'm trying to say that after you format the drives and re-install operating system, the viruses are gone. as they re-appear, there might be several ways how they get on your computer again. you may download the same software you used before the format. and the software might be malicious itself or it might carry some viruses. you may visit the same websites you take as legitimate but they are not. finally you may have some "friends" using your computer and messing with you.

you hadn't mentioned any security software. and by taking a quick look at your hijackthis log i don't see tracks of anti-spyware or anti-virus or firewall. there are plenty of free-to-use security products online. you should start with anti-spyware : some suggestions here : http://www.2-spyware.com/compare2.php if there is some backdoor or remote control program aboard your machine, antispyware will detect it. you should also change all the passwords, but do it only after the viruses are removed, cos if you change passwords while your computer is infected, the attacker will most likely get the new password via viruses.

you've mentioned some programs are not responsive, this might be due to viruses, but this can also happen due to corruptions in system files. is you windows legitimate?

hope to hear from you soon.

[drazenn]

you hadn't mentioned any security software. and by taking a quick look at your hijackthis log i don't see tracks of anti-spyware or anti-virus or firewall. .

Yes,I have them,it was the first thing after last  windows instalation,which was maybe a 2 months ago,because,I've bought new MBO,another CPU AMD AM2 5400+ black edition,4x1GB RAM DDR2 Apacer cos of dual channe,even if I know that XP recognizes only 3,25 GB(2x1 GB Kingmax was before)and 2 Samsungs HDs-250GB,so I can put them in the RAID,but I still didn't do this cos I've plugged just one HD.

So:
Antivirus -Avast Professional 4.8(Alwil software in the log)
Firewall -Zone Alarm PRO(zonelab)
Antispyware-Spybot S&D 1.60

but in a meanwhile,I've also tried Ad-Aware 2008 Pro,Spywaredoctor(but I had a problem with it,because,I couldn't even open some sites which are safe 100%),UnhackMe(but  it was a spyware which cleans trojans,rootkits and other shits,but downloads just one,his own,trojan),Spyhunter,etc.
And at the end,few days ago,I've installed tried everything I was able to find(antispyware)what you can see from  my HJT log:-webrootspysweeper,Trojan Remover and Spywarefighter,all of them in the same time,even if I know that's not good.

there are plenty of free-to-use security products online. you should start with anti-spyware : some suggestions here : http://www.2-spyware.com/compare2.php if there is some backdoor or remote control program aboard your machine, antispyware will detect it. you should also change all the passwords, but do it only after the viruses are removed, cos if you change passwords while your computer is infected, the attacker will most likely get the new password via viruses.

Yes,I know this,but I was hoping that maybe someone will be able to discover which of this programs downloads trojans or rootkits,and opens a "back dooor".

you've mentioned some programs are not responsive, this might be due to viruses, but this can also happen due to corruptions in system files. is you windows legitimate?

Yes,At the beginning,it was happening really rare,but now,I'm not shore would it be possible even to open windows explorer withou"not responding" message,and now,in network conection,there are not any letters under icons any more.

Today,I was very busy,but tomorrow or in saturday,I'll format my C partition.

And,for the end,I have one more question.
On all my other partitions,I have just some data,not much(pictures,movies and music),no program files ar all,and I've shutt down system restore,do I have to format hem to?

Thank you for your time,advices,and patience with answering on my questions.

hope to hear from you soon.

Thank you on everyithing,bye....and I'm sorry for my bad English,,,it's not my native language

[Bobby]

hello again,
no you don't have to format other hard drives. but you've mentioned you got music an movies on those drives and this gave me an idea. are videos and mp3s legitimate or did you downloaded it from somewhere? all those trojans mostly spread by attaching themselves to videos. there's also another very popular way to infect computers: once you download video or mp3 from malicious websites, you can't watch/listen the files as they require codecs. and the codecs are usually trojans. if the situation sounds to be very familiar to you, you should format other hard drives as well.

[drazenn]

hello again,
no you don't have to format other hard drives. but you've mentioned you got music an movies on those drives and this gave me an idea. are videos and mp3s legitimate or did you downloaded it from somewhere? all those trojans mostly spread by attaching themselves to videos. there's also another very popular way to infect computers: once you download video or mp3 from malicious websites, you can't watch/listen the files as they require codecs. and the codecs are usually trojans. if the situation sounds to be very familiar to you, you should format other hard drives as well.

Bullseye!

Yes,it's possible that you're right.
I am ususually downloading movies from TMD-Moviez(irc channel),and they are offering their own codec(TMD codec),and I downloadit every time,even if I can watch movies with VLC(videolan).
But,I don't understand how comes that a friends,when I give them that movies,do not get infected?
Probably,trojan infects just a person who download that codec which is apsolutely unnecessary,as I see now(I think,don't know,I'm not a geek,I'm happy that I even can turn on,and turn off the pc,cos after ZX Spectrum 48K and Amstrad/Schneider CPC 464 and then 6128-with BASIC,of course, I started to use PC maybe 2-3 years ago,and from then not so often,because I was doing some other "jobs" )

Thank you very much....that is the only solution left....and a Paltalk,which is known as a hackers nest.

So,now,I'll format all my partitions,put  on Avast PRO,Zone Alarm,and as you recommend Spyware doctor and Malware bight.

I'll leave Spybot S&D just for cases if some prog wants to make a change in my registry or in a startup,and because it is blocking malware on warez sytes like phazeddl.com,etc.

Again,thank you very much on your advices and a wasted time.

Best regards.
Drazen.
Zagreb,Croatia

[Bobby]

hey there,
i hope reformating helps. i use VLC myself, and it's good because it doesn't require any codecs! so you've been tricked. i'm glad we found root of the evil windows media player and some other video players may ask for codecs but VLC has those built-in the program you you don't need to download anything. good luck with keeping your computer safe!