Options
AIM Virus
Looks like this one is starting to spread bad. Thought the AIMFix tool would fix it but seems like it's still there. Can somebody take a look and let me know if you see anything that needs to be fixed.
Logfile of HijackThis v1.99.1
Scan saved at 10:44:45 PM, on 5/17/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
D:\Program Files\NavNT\vptray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Rage3DTweak\RegTwk.exe
D:\Program Files\AVPersonal\AVGUARD.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
D:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\system32\ctfmon.exe
D:\Program Files\NavNT\defwatch.exe
D:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\update.exe
C:\WINDOWS\msaccrt.exe
C:\Security\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://hsremove.com/done.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://hsremove.com/done.htm
O4 - HKLM\..\Run: [vptray] D:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RegTweak] C:\Program Files\Rage3DTweak\RegTwk.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvMixerTray] C:\Program Files\NVIDIA Corporation\NvMixer\NvMixerTray.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AVGCtrl] D:\Program Files\AVPersonal\AVGNT.EXE /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\Program Files\AOL Instant Messenger\aim.exe
O9 - Extra button: Free Surfer - {AFC3FA82-AD07-45cd-8B57-983435B9899E} - D:\Program Files\Free Surfer\FS20.exe
O9 - Extra 'Tools' menuitem: Free Surfer - {AFC3FA82-AD07-45cd-8B57-983435B9899E} - D:\Program Files\Free Surfer\FS20.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Microsoft AntiSpyware helper - {2FF508F0-AB33-44AC-95F9-E9D9AA670152} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {2FF508F0-AB33-44AC-95F9-E9D9AA670152} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {36F197C8-BCCC-42E7-AE8C-E2F2B50FCF03} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {36F197C8-BCCC-42E7-AE8C-E2F2B50FCF03} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {8E02A368-4C65-4B5D-AC6E-D21A6E1B05F6} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {8E02A368-4C65-4B5D-AC6E-D21A6E1B05F6} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {8E06B34C-3F1D-4FBF-B20A-EAFE2E20C6F5} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {8E06B34C-3F1D-4FBF-B20A-EAFE2E20C6F5} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {A9ECFD1F-38A8-4E79-8203-CFF595847578} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {A9ECFD1F-38A8-4E79-8203-CFF595847578} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {BF1D6075-68B7-4925-97F8-513ECDD4F694} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {BF1D6075-68B7-4925-97F8-513ECDD4F694} - (no file) (HKCU)
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall-beta.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20031216/qtinstall.info.apple.com/mickey/us/win/QuickTimeInstaller.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1093789607140
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {963BE66B-121D-4E6C-BF9F-1A774D9A2E41} (MSN Money Charting) - http://moneycentral.msn.com/cabs/pmupdate2.exe
O16 - DPF: {9BFC2253-B9D9-477E-9488-CA450232620D} (BinAg1 Class) - https://fastconnectkitsetup.cox.net/wizlet/CoxNA/static/controls/WebflowActiveX.CAB
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab27513.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O18 - Filter hijack: application/octet-stream - {6585E5B4-4D2A-4A1D-A219-4102C64BA999} - C:\WINDOWS\chp.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - D:\Program Files\AVPersonal\AVGUARD.EXE
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - D:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: DefWatch - Symantec Corporation - D:\Program Files\NavNT\defwatch.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - D:\Program Files\NavNT\rtvscan.exe
Logfile of HijackThis v1.99.1
Scan saved at 10:44:45 PM, on 5/17/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
D:\Program Files\NavNT\vptray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Rage3DTweak\RegTwk.exe
D:\Program Files\AVPersonal\AVGUARD.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
D:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\system32\ctfmon.exe
D:\Program Files\NavNT\defwatch.exe
D:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\update.exe
C:\WINDOWS\msaccrt.exe
C:\Security\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://hsremove.com/done.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://hsremove.com/done.htm
O4 - HKLM\..\Run: [vptray] D:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RegTweak] C:\Program Files\Rage3DTweak\RegTwk.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvMixerTray] C:\Program Files\NVIDIA Corporation\NvMixer\NvMixerTray.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AVGCtrl] D:\Program Files\AVPersonal\AVGNT.EXE /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\Program Files\AOL Instant Messenger\aim.exe
O9 - Extra button: Free Surfer - {AFC3FA82-AD07-45cd-8B57-983435B9899E} - D:\Program Files\Free Surfer\FS20.exe
O9 - Extra 'Tools' menuitem: Free Surfer - {AFC3FA82-AD07-45cd-8B57-983435B9899E} - D:\Program Files\Free Surfer\FS20.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Microsoft AntiSpyware helper - {2FF508F0-AB33-44AC-95F9-E9D9AA670152} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {2FF508F0-AB33-44AC-95F9-E9D9AA670152} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {36F197C8-BCCC-42E7-AE8C-E2F2B50FCF03} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {36F197C8-BCCC-42E7-AE8C-E2F2B50FCF03} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {8E02A368-4C65-4B5D-AC6E-D21A6E1B05F6} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {8E02A368-4C65-4B5D-AC6E-D21A6E1B05F6} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {8E06B34C-3F1D-4FBF-B20A-EAFE2E20C6F5} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {8E06B34C-3F1D-4FBF-B20A-EAFE2E20C6F5} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {A9ECFD1F-38A8-4E79-8203-CFF595847578} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {A9ECFD1F-38A8-4E79-8203-CFF595847578} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {BF1D6075-68B7-4925-97F8-513ECDD4F694} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {BF1D6075-68B7-4925-97F8-513ECDD4F694} - (no file) (HKCU)
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall-beta.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20031216/qtinstall.info.apple.com/mickey/us/win/QuickTimeInstaller.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1093789607140
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {963BE66B-121D-4E6C-BF9F-1A774D9A2E41} (MSN Money Charting) - http://moneycentral.msn.com/cabs/pmupdate2.exe
O16 - DPF: {9BFC2253-B9D9-477E-9488-CA450232620D} (BinAg1 Class) - https://fastconnectkitsetup.cox.net/wizlet/CoxNA/static/controls/WebflowActiveX.CAB
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab27513.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O18 - Filter hijack: application/octet-stream - {6585E5B4-4D2A-4A1D-A219-4102C64BA999} - C:\WINDOWS\chp.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - D:\Program Files\AVPersonal\AVGUARD.EXE
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - D:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: DefWatch - Symantec Corporation - D:\Program Files\NavNT\defwatch.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - D:\Program Files\NavNT\rtvscan.exe
0
Comments
Open my computer>tools>fiolder options>view>check show hidden files>untick "hide file extensions">apply>ok>exit
http://www.jayloden.com/VirusClean.htm
the AIMFix tool
Here's another log though if you wouldn't mind taking a look... just to make sure.
Logfile of HijackThis v1.99.1
Scan saved at 3:02:06 PM, on 5/18/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
D:\Program Files\AVPersonal\AVGUARD.EXE
D:\Program Files\AVPersonal\AVWUPSRV.EXE
D:\Program Files\NavNT\defwatch.exe
D:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\MsgSys.EXE
D:\Program Files\NavNT\vptray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Rage3DTweak\RegTwk.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
D:\Program Files\AVPersonal\AVGNT.EXE
C:\WINDOWS\system32\ctfmon.exe
D:\Program Files\AOL Instant Messenger\aim.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Security\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.animefuzion.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://hsremove.com/done.htm
O4 - HKLM\..\Run: [vptray] D:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RegTweak] C:\Program Files\Rage3DTweak\RegTwk.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvMixerTray] C:\Program Files\NVIDIA Corporation\NvMixer\NvMixerTray.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AVGCtrl] D:\Program Files\AVPersonal\AVGNT.EXE /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\Program Files\AOL Instant Messenger\aim.exe
O9 - Extra button: Free Surfer - {AFC3FA82-AD07-45cd-8B57-983435B9899E} - D:\Program Files\Free Surfer\FS20.exe
O9 - Extra 'Tools' menuitem: Free Surfer - {AFC3FA82-AD07-45cd-8B57-983435B9899E} - D:\Program Files\Free Surfer\FS20.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Microsoft AntiSpyware helper - {2FF508F0-AB33-44AC-95F9-E9D9AA670152} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {2FF508F0-AB33-44AC-95F9-E9D9AA670152} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {36F197C8-BCCC-42E7-AE8C-E2F2B50FCF03} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {36F197C8-BCCC-42E7-AE8C-E2F2B50FCF03} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {8E02A368-4C65-4B5D-AC6E-D21A6E1B05F6} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {8E02A368-4C65-4B5D-AC6E-D21A6E1B05F6} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {8E06B34C-3F1D-4FBF-B20A-EAFE2E20C6F5} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {8E06B34C-3F1D-4FBF-B20A-EAFE2E20C6F5} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {A9ECFD1F-38A8-4E79-8203-CFF595847578} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {A9ECFD1F-38A8-4E79-8203-CFF595847578} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {BF1D6075-68B7-4925-97F8-513ECDD4F694} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {BF1D6075-68B7-4925-97F8-513ECDD4F694} - (no file) (HKCU)
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall-beta.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20031216/qtinstall.info.apple.com/mickey/us/win/QuickTimeInstaller.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1093789607140
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {963BE66B-121D-4E6C-BF9F-1A774D9A2E41} (MSN Money Charting) - http://moneycentral.msn.com/cabs/pmupdate2.exe
O16 - DPF: {9BFC2253-B9D9-477E-9488-CA450232620D} (BinAg1 Class) - https://fastconnectkitsetup.cox.net/wizlet/CoxNA/static/controls/WebflowActiveX.CAB
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab27513.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O18 - Filter hijack: application/octet-stream - {6585E5B4-4D2A-4A1D-A219-4102C64BA999} - C:\WINDOWS\chp.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - D:\Program Files\AVPersonal\AVGUARD.EXE
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - D:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: DefWatch - Symantec Corporation - D:\Program Files\NavNT\defwatch.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - D:\Program Files\NavNT\rtvscan.exe
O9 - Extra button: Microsoft AntiSpyware helper - {2FF508F0-AB33-44AC-95F9-E9D9AA670152} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {2FF508F0-AB33-44AC-95F9-E9D9AA670152} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {36F197C8-BCCC-42E7-AE8C-E2F2B50FCF03} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {36F197C8-BCCC-42E7-AE8C-E2F2B50FCF03} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {8E02A368-4C65-4B5D-AC6E-D21A6E1B05F6} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {8E02A368-4C65-4B5D-AC6E-D21A6E1B05F6} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {8E06B34C-3F1D-4FBF-B20A-EAFE2E20C6F5} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {8E06B34C-3F1D-4FBF-B20A-EAFE2E20C6F5} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {A9ECFD1F-38A8-4E79-8203-CFF595847578} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {A9ECFD1F-38A8-4E79-8203-CFF595847578} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {BF1D6075-68B7-4925-97F8-513ECDD4F694} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {BF1D6075-68B7-4925-97F8-513ECDD4F694} - (no file) (HKCU)
O18 - Filter hijack: application/octet-stream - {6585E5B4-4D2A-4A1D-A219-4102C64BA999} - C:\WINDOWS\chp.dll
Fix those entries then find and delete this file:
C:\WINDOWS\chp.dll
Then reboot your computer and post a new log.