Computer Problems

Hello Djwoo91 and welcome to Geeks to Go!

My name is reconman and I am currently going over your log. Please be patient as I am still in training and my replies must be approved by a G2G staff member before posting so there may be some delay between my responses.

Hello Djwoo91,

After going over your HJT log, I have found some indications of malware on your system. I'm going to have you run a few scans so I can get a better idea of what's on your machine. Please do the following:

You may want to print out all of the instructions I give you as some of the fix may require you to boot into safemode and you will not be able to access this page.


Step 1:

Unhide Hidden System Files and Folders.

• Click Start.
• Open My Computer.
• Select the Tools menu and click Folder Options.
• Select the View tab.
• Under the Hidden files and folders heading SELECT Show Hidden files and folders.
• Click Yes to confirm.
• Click OK.

Step 2:

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

O2 - BHO: (no name) - {332187AA-112D-D746-295F-0055213002F1} - C:\WINDOWS\system32\qvlpykai.dll
O4 - HKLM\..\Run: [{cb005c08-b2ef-aff5-a349-a8062dd1d08a}] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\{7e285d6f-32c0-795d-5a58-40d8af2dfc89}.dll" DllInit

Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis.


Step 3:

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.


Step 4:

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Full Scan", then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.


Step 5:

Please do an online scan with Kaspersky WebScanner

Kaspersky online scanner uses JAVA tecnology to perform the scan. If you do not have the latest JAVA version, follow the instrutions below under Upgrading Java, to download and install the latest vesion.

• Read through the requirements and privacy statement and click on Accept button.
• It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
• When the downloads have finished, click on Settings.
• Make sure the following is checked.
  
  • Spyware, Adware, Dialers, and other potentially dangerous programs
    Archives
    Mail databases
• Click on My Computer under Scan.
• Once the scan is complete, it will display the results. Click on View Scan Report.
• You will see a list of infected items there. Click on Save Report As....
• Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
• Please post this log in your next reply.

Upgrading Java:

• Download the latest version of Java Runtime Environment (JRE) 6 Update 6.
• Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
• Click the "Download" button to the right.
• Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.".
• Click on Continue.
• Click on the link to download Windows Offline Installation (jre-6u6-windows-i586-p.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
• Close any programs you may have running - especially your web browser.
• Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
• Check any item with Java Runtime Environment (JRE or J2SE) in the name.
• Click the Remove or Change/Remove button.
• Repeat as many times as necessary to remove each Java version.
• Reboot your computer once all Java components are removed.
• Then from your desktop double-click on the download to install the newest version.(Vista users, right cklick on the jre-6u6-windows-i586-p.exe and select "Run as an Administrator.")

Step 6:

Please download Deckard's System Scanner (DSS) and save it to your Desktop.

• Close all other windows before proceeding.
• Double-click on dss.exe and follow the prompts.
• When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

Please make as many posts as you need in order to post all of the logs I ask for.

In your next reply I need the following:
- MBAM scan log
- Kaspersky results
- DSS logs (main.txt and extra.txt)

Hello reconman,

Thank you very much for agreeing to help.
I followed the steps and here are the logs u requested

MBAM Log:

Malwarebytes' Anti-Malware 1.18
Database version: 897

11:01:00 PM 6/27/2008
mbam-log-6-27-2008 (23-01-00).txt

Scan type: Full Scan (C:\|D:\|E:\|F:\|G:\|)
Objects scanned: 98484
Time elapsed: 20 minute(s), 9 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 29
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 35
Files Infected: 26

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\AXPFixer (Rogue.AdvancedXPFixer) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\AXPDefender (Rogue.AdvancedXPDefender) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AllFilesystemObjects\shellex\ContextMenuHandlers\pcsd.dll (Rogue.PCAntispyware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shellex\ContextMenuHandlers\pcsd.dll (Rogue.PCAntispyware) -> Quarantined and deleted successfully.
\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\nextads (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\Sidebar.DLL (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MySidesearchSearchAssistant (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MySidesearch (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\uninstall (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\mwc (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AllFilesystemObjects\shellex\ContextMenuHandlers\pcsd (Rogue.PC-Cleaner) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shellex\ContextMenuHandlers\pcsd (Rogue.PC-Cleaner) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\PC-Cleaner (Rogue.PC-Cleaner) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\xpre (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DataDisp32 (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\jkwslist (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\aldd (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\wkey (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Juan (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispBackgroundPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispScrSavPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\Documents and Settings\Administrator\Start Menu\Programs\Outerinfo (Malware.Trace) -> Quarantined and deleted successfully.
C:\Program Files\Outerinfo (Adware.Outerinfo) -> Quarantined and deleted successfully.
C:\Program Files\Outerinfo\FF (Adware.Outerinfo) -> Quarantined and deleted successfully.
C:\Program Files\Outerinfo\FF\components (Adware.Outerinfo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Start Menu\Programs\Awola6 (Rogue.Awola) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ExTmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\IDE2 (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pinz1 (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bharebio01 (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\AXPDefender (Rogue.AdvancedXPDefender) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\AXPDefender\AXPDefender (Rogue.AdvancedXPDefender) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\AXPDefender\AXPDefender\Quarantine (Rogue.AdvancedXPDefender) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\AXPDefender\AXPDefender\Quarantine\Autorun (Rogue.AdvancedXPDefender) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\AXPDefender\AXPDefender\Quarantine\Autorun\HKCU (Rogue.AdvancedXPDefender) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\AXPDefender\AXPDefender\Quarantine\Autorun\HKCU\RunOnce (Rogue.AdvancedXPDefender) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\AXPDefender\AXPDefender\Quarantine\Autorun\HKLM (Rogue.AdvancedXPDefender) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\AXPDefender\AXPDefender\Quarantine\Autorun\HKLM\RunOnce (Rogue.AdvancedXPDefender) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\AXPDefender\AXPDefender\Quarantine\Autorun\StartMenuAllUsers (Rogue.AdvancedXPDefender) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\AXPDefender\AXPDefender\Quarantine\Autorun\StartMenuCurrentUser (Rogue.AdvancedXPDefender) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\AXPDefender\AXPDefender\Quarantine\BrowserObjects (Rogue.AdvancedXPDefender) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\AXPDefender\AXPDefender\Quarantine\Packages (Rogue.AdvancedXPDefender) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\AXPFixer (Rogue.AdvancedXPFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\AXPFixer\AXPFixer (Rogue.AdvancedXPFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\AXPFixer\AXPFixer\Quarantine (Rogue.AdvancedXPFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\AXPFixer\AXPFixer\Quarantine\Autorun (Rogue.AdvancedXPFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\AXPFixer\AXPFixer\Quarantine\Autorun\HKCU (Rogue.AdvancedXPFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\AXPFixer\AXPFixer\Quarantine\Autorun\HKCU\RunOnce (Rogue.AdvancedXPFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\AXPFixer\AXPFixer\Quarantine\Autorun\HKLM (Rogue.AdvancedXPFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\AXPFixer\AXPFixer\Quarantine\Autorun\HKLM\RunOnce (Rogue.AdvancedXPFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\AXPFixer\AXPFixer\Quarantine\Autorun\StartMenuAllUsers (Rogue.AdvancedXPFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\AXPFixer\AXPFixer\Quarantine\Autorun\StartMenuCurrentUser (Rogue.AdvancedXPFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\AXPFixer\AXPFixer\Quarantine\BrowserObjects (Rogue.AdvancedXPFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\AXPFixer\AXPFixer\Quarantine\Packages (Rogue.AdvancedXPFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService\Application Data\NetMon (Trojan.NetMon) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008 (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\blackster.scr (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Start Menu\Programs\Outerinfo\Terms.lnk (Malware.Trace) -> Quarantined and deleted successfully.
C:\Program Files\Outerinfo\Terms.rtf (Adware.Outerinfo) -> Quarantined and deleted successfully.
C:\Program Files\Outerinfo\FF\chrome.manifest (Adware.Outerinfo) -> Quarantined and deleted successfully.
C:\Program Files\Outerinfo\FF\install.rdf (Adware.Outerinfo) -> Quarantined and deleted successfully.
C:\Program Files\Outerinfo\FF\components\OuterinfoAds.xpt (Adware.Outerinfo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Start Menu\Programs\Awola6\Awola Anti-Spyware 6.0.lnk (Rogue.Awola) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Start Menu\Programs\Awola6\Uninstall Awola Anti-Spyware 6.0.lnk (Rogue.Awola) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService\Application Data\NetMon\domains.txt (Trojan.NetMon) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService\Application Data\NetMon\log.txt (Trojan.NetMon) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\Antivirus XP 2008.lnk (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\How to Register Antivirus XP 2008.lnk (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\License Agreement.lnk (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\Register Antivirus XP 2008.lnk (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\Uninstall.lnk (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully.
C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gside.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\winpfz33.sys (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\{7e285d6f-32c0-795d-5a58-40d8af2dfc89}.dll-uninst.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pac.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msnav32.ax (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\zxdnt3d.cfg (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Favorites\Online Security Test.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\core.cache.dsk (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008.lnk (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully.

Kaspersky Webscanner Log:

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Saturday, June 28, 2008
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Saturday, June 28, 2008 17:43:15
Records in database: 895741
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\
G:\

Scan statistics:
Files scanned: 73971
Threat name: 1
Infected objects: 2
Suspicious objects: 0
Duration of the scan: 02:07:29


File name / Threat name / Threats count
C:\Documents and Settings\Administrator\Desktop\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f 1
C:\Documents and Settings\Administrator\Desktop\SmitfraudFix.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f 1

The DSS Logs

Main:

Deckard's System Scanner v20071014.68
Run by Administrator on 2008-06-28 12:25:43
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
5: 2008-06-28 19:25:50 UTC - RP10 - Deckard's System Scanner Restore Point
4: 2008-06-28 06:09:30 UTC - RP9 - Installed Java™ 6 Update 6
3: 2008-06-28 06:07:42 UTC - RP8 - Installed Java™ SE Development Kit 6 Update 6
2: 2008-06-27 06:04:35 UTC - RP7 - System Checkpoint
1: 2008-06-25 01:14:01 UTC - RP6 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Administrator.exe) ---------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:26:55 PM, on 6/28/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Administrator\Desktop\dss.exe
C:\WINDOWS\system32\conime.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Administrator.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ALYac] "C:\Program Files\ESTsoft\ALYac\AYUpdate.exe" /run
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - Startup: RollerCoaster Tycoon 3 Registration.lnk = C:\Documents and Settings\Administrator\Local Settings\Temp\{07A1B793-444C-4CD6-A66E-DED0548DC091}\{907B4640-266B-4A21-92FB-CD1A86CD0F63}\ATR1.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2019DC25-D1C0-11D6-97B3-0008A124F542} (StreamPlug Class) - http://www.streamplu...lug/beta/SP.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://plugin.driver...driveragent.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: ALYac_PZSrv - Unknown owner - C:\Program.exe (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 5582 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20080627-221509-217 O2 - BHO: (no name) - {332187AA-112D-D746-295F-0055213002F1} - C:\WINDOWS\system32\qvlpykai.dll
backup-20080627-221510-860 O4 - HKLM\..\Run: [{cb005c08-b2ef-aff5-a349-a8062dd1d08a}] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\{7e285d6f-32c0-795d-5a58-40d8af2dfc89}.dll" DllInit

-- File Associations -----------------------------------------------------------

.reg - regfile - shell\open\command - regedit.exe "%1" %*
.scr - scrfile - shell\open\command - "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 AsIO - c:\windows\system32\drivers\asio.sys
R2 npkcrypt - c:\nexon\maplestory\npkcrypt.sys <Not Verified; INCA Internet Co., Ltd.; nProtect KeyCrypt Driver>
R3 ADIHdAudAddService (ADI UAA Function Driver for High Definition Audio Service) - c:\windows\system32\drivers\adihdaud.sys <Not Verified; Analog Devices, Inc.; SoundMAX Digital HD Audio Driver>
R3 AEAudio (AE Audio Service) - c:\windows\system32\drivers\aeaudio.sys <Not Verified; Andrea Electronics Corporation; Andrea Audio Driver>
R3 npkcusb - c:\nexon\maplestory\npkcusb.sys <Not Verified; INCA Internet Co., Ltd.; nProtect KeyCrypt Driver>

S1 fastfatt - c:\windows\system32\drivers\fastfatt.sys (file missing)
S3 TVICHW32 - c:\windows\system32\drivers\tvichw32.sys <Not Verified; EnTech Taiwan; TVicHW32 Generic Device Driver for Windows 95/98/ME/NT/2000/2003/XP/XP64>
S3 XDva120 - c:\windows\system32\xdva120.sys (file missing)
S3 XDva134 - c:\windows\system32\xdva134.sys (file missing)
S3 XDva158 - c:\windows\system32\xdva158.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: NVIDIA nForce Networking Controller
Device ID: {1A3E09BE-1E45-494B-9174-D7385B45BBF5}\NVNET_DEV0373\4&55C493A&0&00
Manufacturer: NVIDIA
Name: NVIDIA nForce Networking Controller
PNP Device ID: {1A3E09BE-1E45-494B-9174-D7385B45BBF5}\NVNET_DEV0373\4&55C493A&0&00
Service: NVENETFD


-- Scheduled Tasks -------------------------------------------------------------

2008-06-23 14:01:15 320 --a------ C:\WINDOWS\Tasks\WebReg officejet 4300 series.job
2008-06-18 09:32:01 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-05-28 and 2008-06-28 -----------------------------

2008-06-27 23:10:49 0 d-------- C:\WINDOWS\Sun
2008-06-27 23:10:04 0 d-------- C:\Program Files\Sun
2008-06-27 23:07:51 0 d-------- C:\Program Files\Java
2008-06-27 23:07:44 0 d-------- C:\Program Files\Common Files\Java
2008-06-27 23:07:04 0 d-------- C:\Documents and Settings\Administrator\Application Data\Sun
2008-06-27 22:18:37 0 d-------- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2008-06-27 22:18:35 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-27 22:18:35 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-24 18:13:22 0 d--h----- C:\$AVG8.VAULT$
2008-06-24 18:11:32 0 d-------- C:\WINDOWS\system32\drivers\Avg
2008-06-24 18:11:27 0 d-------- C:\Program Files\AVG
2008-06-24 18:11:27 0 d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-06-24 18:05:55 0 d-------- C:\Program Files\Trend Micro
2008-06-21 22:43:14 0 d-------- C:\Documents and Settings\Administrator\Application Data\rhcaplj0e7f7
2008-06-19 21:09:52 0 d-------- C:\Program Files\Windows Media Connect 2
2008-06-19 21:09:00 0 d-------- C:\WINDOWS\system32\drivers\UMDF
2008-06-15 18:04:27 0 d-------- C:\Program Files\Veoh Networks
2008-06-13 12:12:04 0 d-------- C:\Documents and Settings\All Users\Application Data\Trymedia
2008-06-13 10:51:50 0 d-------- C:\Program Files\Eidos
2008-06-09 10:20:43 0 d-------- C:\Program Files\directx
2008-06-09 10:19:20 0 d-------- C:\DeusEx
2008-06-09 00:49:35 507 --a------ C:\WINDOWS\eReg.dat
2008-06-09 00:49:35 0 d-------- C:\Program Files\EA SPORTS
2008-06-04 15:37:21 0 d-------- C:\Documents and Settings\Administrator\Application Data\shc9plj0e7f7
2008-05-31 23:09:15 0 d-------- C:\Program Files\Project64 1.6


-- Find3M Report ---------------------------------------------------------------

2008-06-27 23:07:44 0 d-------- C:\Program Files\Common Files
2008-06-24 18:03:54 0 d-------- C:\Program Files\Activision
2008-06-23 21:46:49 2450 --a------ C:\WINDOWS\system32\tmp.reg
2008-06-20 10:31:00 33 --a------ C:\Documents and Settings\Administrator\Application Data\install.ini
2008-06-20 07:51:46 0 --ahs---- C:\Documents and Settings\Administrator\Application Data\004814305d3ff91e1a5f11d2701985ec701985ec709e0185980ba1e2bc.dat
2008-06-13 10:51:50 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-13 04:53:58 0 d-------- C:\Program Files\BitComet
2008-06-07 16:43:07 98304 --a------ C:\WINDOWS\system32\CmdLineExt.dll <Not Verified; Sony DADC Austria AG.; >
2008-05-26 18:25:13 0 d-------- C:\Program Files\AviSynth 2.5
2008-05-26 18:25:10 0 d-------- C:\Program Files\Red Kawa
2008-05-20 15:16:36 0 d-------- C:\Program Files\illusion
2008-05-09 21:19:19 21840 --a-----t C:\WINDOWS\system32\SIntfNT.dll
2008-05-09 21:19:19 17212 --a-----t C:\WINDOWS\system32\SIntf32.dll
2008-05-09 21:19:19 12067 --a-----t C:\WINDOWS\system32\SIntf16.dll
2008-05-09 18:49:59 0 d-------- C:\Documents and Settings\Administrator\Application Data\Atari
2008-05-09 18:37:08 0 d-------- C:\Documents and Settings\Administrator\Application Data\Leadertech
2008-05-09 18:33:35 0 d-------- C:\Program Files\Atari
2008-05-09 18:22:55 0 d-------- C:\Program Files\DAEMON Tools Lite
2008-05-09 18:18:40 0 d-------- C:\Documents and Settings\Administrator\Application Data\DAEMON Tools
2008-05-08 22:31:50 0 d-------- C:\Documents and Settings\Administrator\Application Data\Nexon
2008-05-08 22:05:56 0 d-------- C:\Program Files\Common Files\INCA Shared
2008-04-28 08:03:06 82944 --a------ C:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-04-28 08:03:06 82944 --a------ C:\WINDOWS\system32\404Fix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-04-24 08:10:33 86528 --a------ C:\WINDOWS\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
2008-04-16 18:12:13 10752 --a------ C:\WINDOWS\DCEBoot.exe
2008-04-16 00:39:42 284295 --ahs---- C:\WINDOWS\system32\hhRBJRqr.ini2
2008-04-15 18:40:07 6682 --a------ C:\WINDOWS\system32\vwesagyf.dll
2008-04-13 12:22:40 2560 --a------ C:\WINDOWS\system32\bitcometres.dll <Not Verified; BitComet; BitComet BCTP Helper>
2008-04-13 11:33:10 122880 --a------ C:\WINDOWS\system32\qvlpykai.dll
2008-04-13 11:22:29 0 --a------ C:\WINDOWS\nsreg.dat
2008-04-05 14:05:55 110055 --a------ C:\WINDOWS\hpoins08.dat
2008-04-01 11:40:53 65536 --a------ C:\WINDOWS\IFinst27.exe
2008-03-31 18:32:17 761856 --a------ C:\WINDOWS\system32\CDDBUIRoxio.dll <Not Verified; Gracenote; CDDBUIControl Module>
2008-03-31 18:32:17 589824 --a------ C:\WINDOWS\system32\CDDBControlRoxio.dll <Not Verified; Gracenote (formerly CDDB, Inc.); CDDBControl Core Module>
2008-03-31 17:06:40 155136 --a------ C:\WINDOWS\system32\fdco_l2052.dll
2008-03-31 17:06:40 158720 --a------ C:\WINDOWS\system32\fdco_l1046.dll
2008-03-31 17:06:40 156672 --a------ C:\WINDOWS\system32\fdco_l1042.dll
2008-03-31 17:06:40 156672 --a------ C:\WINDOWS\system32\fdco_l1041.dll
2008-03-31 17:06:40 158720 --a------ C:\WINDOWS\system32\fdco_l1040.dll
2008-03-31 17:06:40 159232 --a------ C:\WINDOWS\system32\fdco_l1036.dll
2008-03-31 16:51:18 24064 --a------ C:\WINDOWS\system32\PostProc.dll <Not Verified; Analog Devices, Inc.; SoundMAX coinstaller>
2008-03-31 16:51:18 65536 --a------ C:\WINDOWS\system32\a3d.dll <Not Verified; Sensaura Ltd; Sensaura>
2008-03-31 14:25:48 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2008-03-31 14:25:48 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2008-03-31 14:25:46 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-03-31 14:25:46 831488 --a------ C:\WINDOWS\system32\divx_xx0a.dll
2008-03-31 14:25:46 682496 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2008-03-31 13:50:51 24576 --a------ C:\WINDOWS\system32\AsIO.dll <Not Verified; ; AsIO Dynamic Link Library>
2008-03-31 13:42:34 0 -rahs---- C:\MSDOS.SYS
2008-03-31 13:42:34 0 -rahs---- C:\IO.SYS
2008-03-31 13:42:34 0 --a------ C:\CONFIG.SYS
2008-03-31 13:42:34 0 --a------ C:\AUTOEXEC.BAT
2008-03-31 13:40:14 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-03-31 13:38:22 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-03-31 05:34:50 62 --ahs---- C:\Documents and Settings\Administrator\Application Data\desktop.ini


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [08/12/2004 05:00 AM]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [08/12/2004 05:00 AM]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [08/12/2004 05:00 AM]
"ALYac"="C:\Program Files\ESTsoft\ALYac\AYUpdate.exe" [01/11/2008 07:36 PM]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [02/01/2008 04:32 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [03/28/2008 11:37 PM]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [06/24/2008 06:11 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [03/25/2008 04:28 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/12/2004 05:00 AM]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [04/01/2008 02:39 AM]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [05/15/2008 04:11 PM]
"@"="" []
"AdobeUpdater"="C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [04/08/2008 10:12 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoDispBackgroundPage"=0 (0x0)
"NoDispScrSavPage"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\rqRJBRhh

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^DW_Start.lnk]
path=C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\DW_Start.lnk
backup=C:\WINDOWS\pss\DW_Start.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\8cf3a929]
rundll32.exe "C:\WINDOWS\system32\smrsmswt.dll",b

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\g]eeV]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\g]eeV\mWhjlnspB]
C:\WINDOWS\system32\pcntokdn.exe DWram

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HncUpdate]
C:\Program Files\Common Files\Hnc\HncUtils\HncUpdate.exe /A

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
%systemroot%\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Launch Ai Booster]
"C:\Program Files\ASUS\Ai Booster\OverClk.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lkpyludu]
regsvr32 /u "C:\Documents and Settings\All Users\Application Data\lkpyludu.dll"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSDisp32]
rundll32.exe C:\WINDOWS\system32\drvhaz.dll,startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
"C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
"C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioEngineUtility]
"C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
"C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
C:\Program Files\Analog Devices\Core\smax4pnp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\spa_start]
C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\{7e285d6f-32c0-795d-5a58-40d8af2dfc89}.dll" DllInit

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ubjtrqat]
C:\WINDOWS\system32\ubjtrqat.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UfSeAgnt.exe]
"C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"




-- End of Deckard's System Scanner: finished at 2008-06-28 12:27:23 ------------

Extra:

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Athlon™ 64 X2 Dual Core Processor 3800+
CPU 1: AMD Athlon™ 64 X2 Dual Core Processor 3800+
Percentage of Memory in Use: 19%
Physical Memory (total/avail): 2046.48 MiB / 1649.82 MiB
Pagefile Memory (total/avail): 3938.98 MiB / 3648.84 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1934.78 MiB

C: is Fixed (NTFS) - 60 GiB total, 29.45 GiB free.
D: is Fixed (NTFS) - 238.08 GiB total, 201.32 GiB free.
E: is CDROM (CDFS)
F: is CDROM (No Media)
G: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - ST3320620AS - 298.09 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 60 GiB - C:
\PARTITION1 - Extended w/Extended Int 13 - 238.08 GiB - D:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.
AntivirusOverride is set.

AV: 알약 vv1.1 (ESTsoft Corp) Disabled
AV: AVG Anti-Virus Free v8.0 (AVG Technologies)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"="C:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe:*:Enabled:Battlefield 2"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe:*:Enabled:hposid01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\win27.exe"="C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\win27.exe:*:Enabled:win27"
"C:\\Program Files\\BitComet\\BitComet.exe"="C:\\Program Files\\BitComet\\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\MAIET\\Gunz\\GunzLauncher.exe"="C:\\Program Files\\MAIET\\Gunz\\GunzLauncher.exe:*:Enabled:GunzLauncher"
"C:\\Program Files\\MAIET\\Gunz\\Gunz.exe"="C:\\Program Files\\MAIET\\Gunz\\Gunz.exe:*:Enabled:Gunz"
"C:\\Documents and Settings\\Administrator\\Local Settings\\Temp\\.tt5.tmp"="C:\\Documents and Settings\\Administrator\\Local Settings\\Temp\\.tt5.tmp:*:Enabled:enable"
"C:\\Program Files\\EA SPORTS\\NBA Live 2003\\nba2003.exe"="C:\\Program Files\\EA SPORTS\\NBA Live 2003\\nba2003.exe:*:Enabled:NBA Live 2003"
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"="C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe:*:Enabled:Veoh Client"
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"="C:\\Program Files\\AVG\\AVG8\\avgupd.exe:*:Enabled:avgupd.exe"
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"="C:\\Program Files\\AVG\\AVG8\\avgemc.exe:*:Enabled:avgemc.exe"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Administrator\Application Data
CLASSPATH=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=USER
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Administrator
LOGONSERVER=\\USER
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared;C:\Program Files\ESTsoft\ALZip;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\ESTsoft\ALZip
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 75 Stepping 2, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=4b02
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\QuickTime\QTSystem\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
USERDOMAIN=USER
USERNAME=Administrator
USERPROFILE=C:\Documents and Settings\Administrator
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A80000000002}
Ai Booster --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{74BF0A46-DF67-4D86-B038-BF0E51871B66}\Setup.exe" -l0x9
ALUpdate --> "C:\Program Files\ESTsoft\ALUpdate\unins000.exe"
ALZip --> "C:\Program Files\ESTsoft\ALZip\unins000.exe"
Amazing Slow Downer (remove only) --> "C:\Program Files\Roni Music\Amazing Slow Downer EE\uninstall.exe"
AntivirXP08 --> "C:\Program Files\rhcaplj0e7f7\uninstall.exe"
AoA Audio Extractor 1.0 --> "C:\Program Files\AoA Audio Extractor\unins000.exe"
APCD Calculus Demo --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\APCD Calculus Demo\Uninst.isu"
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
AVG Free 8.0 --> C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
AviSynth 2.5 --> "C:\Program Files\AviSynth 2.5\Uninstall.exe"
Battlefield 2: Deluxe Edition --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}\setup.exe" -l0x9 -removeonly
BitComet 1.00 --> C:\Program Files\BitComet\uninst.exe
Compatibility Pack for the 2007 Office system --> MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Easy CD & DVD Creator 6 --> MsiExec.exe /I{46DDF76F-ACD4-42BC-B48F-B89C4EE2E1A9}
Enhancement Browser Tools Nextads --> C:\WINDOWS\system32\{7e285d6f-32c0-795d-5a58-40d8af2dfc89}.dll-uninst.exe
Finale NotePad 2003a --> C:\WINDOWS\unvise32.exe C:\Program Files\Finale NotePad 2003a\uninstal.log
GOM Player --> "C:\Program Files\GRETECH\GomPlayer\Uninstall.exe"
Haansoft Hangul 2007 --> MsiExec.exe /I{B2423C36-006E-4270-AEBC-CFC4CAF2C310}
High Definition Audio Driver Package - KB888111 --> C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hitman Blood Money --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A804B134-F03D-4EFD-9BC0-DCD257AA1B22}\setup.exe" -l0x9 -removeonly
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
HP Imaging Device Functions 6.1 --> C:\Program Files\HP\Digital Imaging\DigitalImagingMonitor\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart Essential --> MsiExec.exe /X{D7CAE58E-26DE-49B7-A75D-EAEDF76726BE}
HP PSC & OfficeJet 6.1.A --> "C:\Program Files\HP\Digital Imaging\{E5A8DDAB-AE80-48C6-A75B-D0FAB83B299D}\setup\hpzscr01.exe" -datfile hposcr08.dat
HP Software Update --> MsiExec.exe /X{ECFDD6BD-E0C0-41CC-A171-E6D6AF4C0E93}
HP Solution Center and Imaging Support Tools 6.1 --> C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
iTunes --> MsiExec.exe /I{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}
Java DB 10.3.1.4 --> MsiExec.exe /X{CD49361E-3FE6-457E-90A1-9C59E29B5D02}
Java™ 6 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160060}
Java™ SE Development Kit 6 Update 6 --> MsiExec.exe /I{32A3A4F4-B792-11D6-A78A-00B0D0160060}
Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
MapleStory --> MsiExec.exe /I{0A41BC21-EA0F-4B0B-BEA4-2997B80DB0D9}
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{20110409-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mozilla Firefox (2.0.0.14) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
NVIDIA Drivers --> C:\WINDOWS\system32\nvunrm.exe UninstallGUI
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
QuickTime --> MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}
Realtek AC'97 Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" -l0x12 -removeonly
RollerCoaster Tycoon 3 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{907B4640-266B-4A21-92FB-CD1A86CD0F63}\Setup.exe" -l0x9
SmartMusic Content (shared music files) --> C:\Program Files\SmartMusic Applications\UninstallContent.exe
SmartMusic for Essential Elements 2000 Band Book 1 Student Edition --> C:\WINDOWS\unvise32.exe C:\Program Files\SmartMusic Applications\EE2k Band Book 1 Student\uninstal.log
SoundMAX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe" -l0x12 -removeonly
VeohTV BETA --> C:\Program Files\InstallShield Installation Information\{0405E51E-9582-4207-8F38-AC44201D3808}\setup.exe -runfromtemp -l0x0409
VIA Rhine-Family Fast-Ethernet Adapter --> Rundll32.exe vuins32.dll,vuins32Ex $Rhine $VIA
Videora iPod touch Converter 3.07 --> C:\Program Files\Red Kawa\Video Converter 3\uninstaller.exe
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
알약 --> "C:\Program Files\ESTsoft\ALYac\unins000.exe"


-- Application Event Log -------------------------------------------------------

Event Record #/Type1355 / Warning
Event Submitted/Written: 06/28/2008 03:08:55 AM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Event Record #/Type1347 / Warning
Event Submitted/Written: 06/27/2008 11:01:27 PM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Event Record #/Type1342 / Warning
Event Submitted/Written: 06/27/2008 10:38:41 PM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Event Record #/Type1337 / Warning
Event Submitted/Written: 06/27/2008 03:36:16 PM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Event Record #/Type1332 / Warning
Event Submitted/Written: 06/26/2008 11:23:24 PM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type7175 / Error
Event Submitted/Written: 06/28/2008 11:50:46 AM
Event ID/Source: 7011 / Service Control Manager
Event Description:
Timeout (30000 milliseconds) waiting for a transaction response from the ALYac_PZSrv service.

Event Record #/Type7174 / Error
Event Submitted/Written: 06/28/2008 11:50:18 AM
Event ID/Source: 7011 / Service Control Manager
Event Description:
Timeout (30000 milliseconds) waiting for a transaction response from the ALYac_PZSrv service.

Event Record #/Type7091 / Error
Event Submitted/Written: 06/27/2008 00:32:39 PM
Event ID/Source: 10010 / DCOM
Event Description:
The server {0002DF01-0000-0000-C000-000000000046} did not register with DCOM within the required timeout.

Event Record #/Type6535 / Warning
Event Submitted/Written: 06/20/2008 09:28:21 PM
Event ID/Source: 36 / W32Time
Event Description:
The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.

Event Record #/Type6188 / Warning
Event Submitted/Written: 06/15/2008 07:21:31 PM
Event ID/Source: 36 / W32Time
Event Description:
The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.



-- End of Deckard's System Scanner: finished at 2008-06-28 12:27:23 ------------

Hi Djwoo91,

I'm happy to help

You currently have more than one Anti-Virus program installed. While one of those is disabled, it's best to uninstall the AV program completely as you never want more than one AV program installed on your computer. I recommend keeping AVG8 and removing the disabled one.


On to the fix, please do the following:

Step 1:

Please download DAFT and save it to your desktop:

• Double-click the daft.exe icon.
• Click on the Scan button.
• Select everything it is displaying there
• Click the Fix button.
• Then rescan with DAFT again - it should say now that "All associations are OK"
• Close DAFT if you receive that message. This means that it is fixed now.

Step 2:

Download ComboFix from one of the locations below, and save it to your Desktop.
Link 1
Link 2
Link 3


Go to Microsoft's website => http://support.microsoft.com/kb/310994
Select the download that's appropriate for your Operating System.





Download the file & save it as it's originally named, next to ComboFix.exe.






Now close all open windows and programs, then drag the setup package onto ComboFix.exe and drop it. Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console.

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:

1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
2. Click Yes to allow ComboFix to continue scanning for malware.


When the tool is finished, it will produce a report for you. Save this log to your desktop as Combofix.txt and post it in your next reply.

(Note: Combofix will also save the report to C:\Combofix.txt)


In your next reply I need the following:
-Combofix log
-New HJT log

Here You Go:

ComboFix Log:

ComboFix 08-06-20.4 - Administrator 2008-06-28 23:17:56.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.949.82.1033.18.1642 [GMT -7:00]
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Administrator\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Administrator\Application Data\MCROSO~1.NET
C:\Documents and Settings\Administrator\Application Data\MCROSO~1.NET\M?crosoft.NET\
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\temp\tn3
C:\WINDOWS\BM8fc09ab5.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\hhRBJRqr.ini
C:\WINDOWS\system32\hhRBJRqr.ini2
C:\WINDOWS\system32\MSINET.oca

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SYSREST.SYS


((((((((((((((((((((((((( Files Created from 2008-05-28 to 2008-06-29 )))))))))))))))))))))))))))))))
.

2008-06-28 12:25 . 2008-06-28 12:25 <DIR> d-------- C:\Deckard
2008-06-27 23:10 . 2008-06-27 23:10 <DIR> d-------- C:\WINDOWS\Sun
2008-06-27 23:10 . 2008-06-27 23:10 <DIR> d-------- C:\Program Files\Sun
2008-06-27 23:10 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-06-27 23:07 . 2008-06-27 23:10 <DIR> d-------- C:\Program Files\Java
2008-06-27 23:07 . 2008-06-27 23:07 <DIR> d-------- C:\Program Files\Common Files\Java
2008-06-27 22:18 . 2008-06-27 22:18 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-27 22:18 . 2008-06-27 22:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-27 22:18 . 2008-06-27 22:18 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2008-06-27 22:18 . 2008-06-19 17:48 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-27 22:18 . 2008-06-19 17:47 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-06-24 18:13 . 2008-06-26 12:33 <DIR> d--h----- C:\$AVG8.VAULT$
2008-06-24 18:11 . 2008-06-28 10:00 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-06-24 18:11 . 2008-06-24 18:11 <DIR> d-------- C:\Program Files\AVG
2008-06-24 18:11 . 2008-06-27 12:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-06-24 18:11 . 2008-06-24 18:11 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-06-24 18:11 . 2008-06-24 18:11 75,272 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
2008-06-24 18:11 . 2008-06-24 18:11 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-06-24 18:05 . 2008-06-24 18:05 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-23 21:02 . 2008-06-23 20:52 60,928 --a------ C:\WINDOWS\system32\E9.tmp
2008-06-23 20:42 . 2008-06-23 20:32 60,928 --a------ C:\WINDOWS\system32\E4.tmp
2008-06-23 17:12 . 2008-06-23 17:02 60,928 --a------ C:\WINDOWS\system32\9F.tmp
2008-06-22 20:29 . 2008-06-22 20:19 60,928 --a------ C:\WINDOWS\system32\3C.tmp
2008-06-22 20:09 . 2008-06-22 19:59 60,928 --a------ C:\WINDOWS\system32\34.tmp
2008-06-22 10:45 . 2008-06-22 10:45 0 --a------ C:\WINDOWS\system32\5.tmp
2008-06-22 09:03 . 2008-06-22 09:03 0 --a------ C:\WINDOWS\system32\6.tmp
2008-06-22 00:13 . 2008-06-22 00:03 60,928 --a------ C:\WINDOWS\system32\D7.tmp
2008-06-21 22:43 . 2008-06-21 22:43 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\rhcaplj0e7f7
2008-06-21 22:12 . 2008-06-21 22:02 60,928 --a------ C:\WINDOWS\system32\B2.tmp
2008-06-21 13:06 . 2008-06-21 12:56 60,928 --a------ C:\WINDOWS\system32\31.tmp
2008-06-19 21:09 . 2008-06-19 21:09 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-06-19 21:09 . 2008-06-19 21:09 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2008-06-15 18:04 . 2008-06-15 18:04 <DIR> d-------- C:\Program Files\Veoh Networks
2008-06-13 12:12 . 2008-06-13 12:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Trymedia
2008-06-13 10:56 . 2005-05-26 15:34 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2008-06-13 10:51 . 2008-06-13 10:51 <DIR> d-------- C:\Program Files\Eidos
2008-06-10 15:34 . 2008-06-13 06:10 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-10 15:34 . 2008-06-13 06:10 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-09 10:20 . 2008-06-09 10:20 <DIR> d-------- C:\Program Files\directx
2008-06-09 10:19 . 2008-06-09 21:09 <DIR> d-------- C:\DeusEx
2008-06-09 00:49 . 2008-06-09 00:49 <DIR> d-------- C:\Program Files\EA SPORTS
2008-06-09 00:49 . 2008-06-09 00:49 507 --a------ C:\WINDOWS\eReg.dat
2008-06-04 15:37 . 2008-06-04 15:37 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\shc9plj0e7f7
2008-05-31 23:09 . 2008-05-31 23:10 <DIR> d-------- C:\Program Files\Project64 1.6

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-25 05:02 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-25 01:03 --------- d-----w C:\Program Files\Activision
2008-06-24 04:46 2,450 ----a-w C:\WINDOWS\system32\tmp.reg
2008-06-20 14:51 0 --sha-w C:\Documents and Settings\Administrator\Application Data\004814305d3ff91e1a5f11d2701985ec701985ec709e0185980ba1e2bc.dat
2008-06-13 17:51 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-13 11:53 --------- d-----w C:\Program Files\BitComet
2008-06-12 01:55 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-06-12 01:54 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-06-07 23:43 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-05-27 01:25 --------- d-----w C:\Program Files\Red Kawa
2008-05-27 01:25 --------- d-----w C:\Program Files\AviSynth 2.5
2008-05-20 22:16 --------- d-----w C:\Program Files\illusion
2008-05-10 05:10 360,064 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-05-10 04:19 21,840 ----atw C:\WINDOWS\system32\SIntfNT.dll
2008-05-10 04:19 17,212 ----atw C:\WINDOWS\system32\SIntf32.dll
2008-05-10 04:19 12,067 ----atw C:\WINDOWS\system32\SIntf16.dll
2008-05-10 01:49 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Atari
2008-05-10 01:37 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Leadertech
2008-05-10 01:33 --------- d-----w C:\Program Files\Atari
2008-05-10 01:22 --------- d-----w C:\Program Files\DAEMON Tools Lite
2008-05-10 01:18 717,296 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-05-10 01:18 --------- d-----w C:\Documents and Settings\Administrator\Application Data\DAEMON Tools
2008-05-09 05:31 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Nexon
2008-05-09 05:05 --------- d-----w C:\Program Files\Common Files\INCA Shared
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-02 18:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Trend Micro
2008-04-28 15:03 82,944 ----a-w C:\WINDOWS\system32\IEDFix.exe
2008-04-28 15:03 82,944 ----a-w C:\WINDOWS\system32\404Fix.exe
2008-04-24 15:10 86,528 ----a-w C:\WINDOWS\system32\VACFix.exe
2008-04-21 07:04 659,456 ----a-w C:\WINDOWS\system32\wininet.dll
2008-04-17 01:12 10,752 ----a-w C:\WINDOWS\DCEBoot.exe
2008-04-16 01:40 6,682 ----a-w C:\WINDOWS\system32\vwesagyf.dll
2008-04-13 19:22 2,560 ----a-w C:\WINDOWS\system32\bitcometres.dll
2008-04-13 18:33 122,880 ----a-w C:\WINDOWS\system32\qvlpykai.dll
2008-04-13 18:33 122,880 ----a-w C:\Documents and Settings\All Users\Application Data\lkpyludu.dll
2008-04-03 02:33 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2008-04-01 18:40 65,536 ----a-w C:\WINDOWS\IFinst27.exe
2008-04-01 01:32 761,856 ----a-w C:\WINDOWS\system32\CDDBUIRoxio.dll
2008-04-01 01:32 61,440 ----a-w C:\WINDOWS\system32\cdrtc.dll
2008-04-01 01:32 589,824 ----a-w C:\WINDOWS\system32\CDDBControlRoxio.dll
2008-04-01 01:32 45,056 ----a-w C:\WINDOWS\system32\cdral.dll
2008-04-01 00:06 208,384 ----a-w C:\WINDOWS\system32\fdco1.dll
2008-04-01 00:06 159,232 ----a-w C:\WINDOWS\system32\fdco_l1036.dll
2008-04-01 00:06 159,232 ----a-w C:\WINDOWS\system32\fdco_l1034.dll
2008-04-01 00:06 159,232 ----a-w C:\WINDOWS\system32\fdco_l1031.dll
2008-04-01 00:06 158,720 ----a-w C:\WINDOWS\system32\fdco_l1046.dll
2008-04-01 00:06 158,720 ----a-w C:\WINDOWS\system32\fdco_l1040.dll
2008-04-01 00:06 156,672 ----a-w C:\WINDOWS\system32\fdco_l1042.dll
2008-04-01 00:06 156,672 ----a-w C:\WINDOWS\system32\fdco_l1041.dll
2008-04-01 00:06 155,648 ----a-w C:\WINDOWS\system32\fdco_l1028.dll
2008-04-01 00:06 155,136 ----a-w C:\WINDOWS\system32\fdco_l2052.dll
2008-03-31 23:51 65,536 ----a-w C:\WINDOWS\system32\a3d.dll
2008-03-31 23:51 24,064 ----a-w C:\WINDOWS\system32\PostProc.dll
2008-03-31 21:25 831,488 ----a-w C:\WINDOWS\system32\divx_xx0a.dll
2008-03-31 21:25 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2008-03-31 21:25 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2008-03-31 21:25 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2008-03-31 21:25 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
2008-03-31 21:25 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-03-31 20:50 24,576 ----a-w C:\WINDOWS\system32\AsIO.dll
2007-02-09 08:01 3,656 ----a-w C:\Program Files\Read_Me.txt
.

------- Sigcheck -------

2007-10-30 09:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
2004-08-12 05:00 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys
2008-05-09 22:10 360064 4ec50bf8a1edd8c684415c590274779e C:\WINDOWS\system32\dllcache\tcpip.sys
2008-05-09 22:10 360064 4ec50bf8a1edd8c684415c590274779e C:\WINDOWS\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-12 05:00 15360]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-04-01 02:39 486856]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2008-05-15 16:11 3644464]
"AdobeUpdater"="C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2008-04-08 22:12 2321600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-12 05:00 208952]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-12 05:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-12 05:00 455168]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-02-01 16:32 8523776]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-06-24 18:11 1177368]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= msaud32_divx.acm

[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^DW_Start.lnk]
path=C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\DW_Start.lnk
backup=C:\WINDOWS\pss\DW_Start.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\8cf3a929]
C:\WINDOWS\system32\smrsmswt.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\g]eeV]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\g]eeV\mWhjlnspB]
C:\WINDOWS\system32\pcntokdn.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HncUpdate]
--a------ 2001-03-12 09:40 475136 C:\Program Files\Common Files\Hnc\HncUtils\HncUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2005-12-15 12:18 49152 C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-03-30 10:36 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Launch Ai Booster]
--a------ 2005-06-16 16:36 3627520 C:\Program Files\ASUS\Ai Booster\OverClk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lkpyludu]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSDisp32]
C:\WINDOWS\system32\drvhaz.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
--a------ 2004-08-12 05:00 59392 C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2008-02-01 16:32 8523776 C:\WINDOWS\system32\NvCpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2008-02-01 16:32 81920 C:\WINDOWS\system32\NvMcTray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2008-02-01 16:32 1626112 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-03-28 23:37 413696 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a------ 2003-10-31 20:42 32768 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
--a------ 2003-07-18 18:23 868352 C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioEngineUtility]
--a------ 2003-05-01 19:44 65536 C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
--a------ 2006-04-10 10:19 729088 C:\Program Files\Analog Devices\SoundMAX\Smax4.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
--a------ 2008-03-31 16:51 843776 C:\Program Files\Analog Devices\Core\smax4pnp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\spa_start]
C:\WINDOWS\system32\{7e285d6f-32c0-795d-5a58-40d8af2dfc89}.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ubjtrqat]
C:\WINDOWS\system32\ubjtrqat.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UfSeAgnt.exe]
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"C:\\Program Files\\BitComet\\BitComet.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"16888:TCP"= 16888:TCP:BitComet 16888 TCP
"16888:UDP"= 16888:UDP:BitComet 16888 UDP
"28960:TCP"= 28960:TCP:BitComet 28960 TCP
"28960:UDP"= 28960:UDP:BitComet 28960 UDP
"28900:TCP"= 28900:TCP:BitComet 28900 TCP
"28900:UDP"= 28900:UDP:BitComet 28900 UDP

R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-06-24 18:11]
R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-06-24 18:11]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-06-24 18:11]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-06-24 18:11]
R3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2007-07-05 15:33]
S1 fastfatt;fastfatt;C:\WINDOWS\system32\drivers\fastfatt.sys []
S3 XDva120;XDva120;C:\WINDOWS\system32\XDva120.sys []
S3 XDva134;XDva134;C:\WINDOWS\system32\XDva134.sys []
S3 XDva158;XDva158;C:\WINDOWS\system32\XDva158.sys []

.
Contents of the 'Scheduled Tasks' folder
"2008-06-18 16:32:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-06-23 21:01:15 C:\WINDOWS\Tasks\WebReg officejet 4300 series.job"
- C:\Program Files\HP\Digital Imaging\bin\hpqwrg.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-28 23:20:54
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\conime.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
.
**************************************************************************
.
Completion time: 2008-06-28 23:22:49 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-29 06:22:47

Pre-Run: 31,555,788,800 bytes free
Post-Run: 31,488,442,368 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

299 --- E O F --- 2008-06-21 06:43:36


HijackThis Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:24:32 PM, on 6/28/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\conime.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - Startup: RollerCoaster Tycoon 3 Registration.lnk = C:\Documents and Settings\Administrator\Local Settings\Temp\{07A1B793-444C-4CD6-A66E-DED0548DC091}\{907B4640-266B-4A21-92FB-CD1A86CD0F63}\ATR1.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2019DC25-D1C0-11D6-97B3-0008A124F542} (StreamPlug Class) - http://www.streamplu...lug/beta/SP.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://plugin.driver...driveragent.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 5462 bytes

Hello again,

Please do the following:


Step 1:

1. Please open Notepad

• Click Start , then Run
• Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

File::
c:\windows\system32\drivers\fastfatt.sys
C:\Documents and Settings\Administrator\Application Data\004814305d3ff91e1a5f11d2701985ec701985ec709e0185980ba1e2bc.dat
C:\WINDOWS\DCEBoot.exe
C:\WINDOWS\system32\vwesagyf.dll
C:\WINDOWS\system32\qvlpykai.dll
C:\WINDOWS\IFinst27.exe
C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\DW_Start.lnk
C:\WINDOWS\pss\DW_Start.lnkStartup
C:\WINDOWS\system32\smrsmswt.dll
C:\WINDOWS\system32\pcntokdn.exe
C:\Documents and Settings\All Users\Application Data\lkpyludu.dll
C:\WINDOWS\system32\drvhaz.dll
C:\WINDOWS\system32\{7e285d6f-32c0-795d-5a58-40d8af2dfc89}.dll
C:\WINDOWS\system32\ubjtrqat.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\win27.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\.tt5.tmp
C:\WINDOWS\system32\E9.tmp
C:\WINDOWS\system32\E4.tmp
C:\WINDOWS\system32\9F.tmp
C:\WINDOWS\system32\3C.tmp
C:\WINDOWS\system32\34.tmp
C:\WINDOWS\system32\5.tmp
C:\WINDOWS\system32\5.tmp
C:\WINDOWS\system32\6.tmp
C:\WINDOWS\system32\D7.tmp
C:\WINDOWS\system32\B2.tmp
C:\WINDOWS\system32\31.tmp

Folder::
C:\Documents and Settings\Administrator\Application Data\rhcaplj0e7f7
C:\Documents and Settings\Administrator\Application Data\shc9plj0e7f7
C:\WINDOWS\system32\rqRJBRhh

Registry::
HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\win27.exe"=-
"C:\\Documents and Settings\\Administrator\\Local Settings\\Temp\\.tt5.tmp"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^DW_Start.lnk]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\8cf3a929]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\g]eeV]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lkpyludu]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSDisp32]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\spa_start]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ubjtrqat]

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.




5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

• Combofix.txt
• A new HijackThis log.

Let me know how your computer is running as well.

Hello again,

Here are the logs

ComboFix Log:


ComboFix 08-06-20.4 - Administrator 2008-06-29 16:44:46.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.949.82.1033.18.1645 [GMT -7:00]
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Administrator\Desktop\CFScript.txt
* Created a new restore point

FILE ::
C:\Documents and Settings\Administrator\Application Data\004814305d3ff91e1a5f11d2701985ec701985ec709e0185980ba1e2bc.dat
C:\Documents and Settings\Administrator\Local Settings\Temp\.tt5.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\win27.exe
C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\DW_Start.lnk
C:\Documents and Settings\All Users\Application Data\lkpyludu.dll
C:\WINDOWS\DCEBoot.exe
C:\WINDOWS\IFinst27.exe
C:\WINDOWS\pss\DW_Start.lnkStartup
C:\WINDOWS\system32\{7e285d6f-32c0-795d-5a58-40d8af2dfc89}.dll
C:\WINDOWS\system32\31.tmp
C:\WINDOWS\system32\34.tmp
C:\WINDOWS\system32\3C.tmp
C:\WINDOWS\system32\5.tmp
C:\WINDOWS\system32\6.tmp
C:\WINDOWS\system32\9F.tmp
C:\WINDOWS\system32\B2.tmp
C:\WINDOWS\system32\D7.tmp
c:\windows\system32\drivers\fastfatt.sys
C:\WINDOWS\system32\drvhaz.dll
C:\WINDOWS\system32\E4.tmp
C:\WINDOWS\system32\E9.tmp
C:\WINDOWS\system32\pcntokdn.exe
C:\WINDOWS\system32\qvlpykai.dll
C:\WINDOWS\system32\smrsmswt.dll
C:\WINDOWS\system32\ubjtrqat.exe
C:\WINDOWS\system32\vwesagyf.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Administrator\Application Data\004814305d3ff91e1a5f11d2701985ec701985ec709e0185980ba1e2bc.dat
C:\Documents and Settings\Administrator\Application Data\rhcaplj0e7f7
C:\Documents and Settings\Administrator\Application Data\shc9plj0e7f7
C:\Documents and Settings\All Users\Application Data\lkpyludu.dll
C:\WINDOWS\DCEBoot.exe
C:\WINDOWS\IFinst27.exe
C:\WINDOWS\pss\DW_Start.lnkStartup
C:\WINDOWS\system32\31.tmp
C:\WINDOWS\system32\34.tmp
C:\WINDOWS\system32\3C.tmp
C:\WINDOWS\system32\5.tmp
C:\WINDOWS\system32\6.tmp
C:\WINDOWS\system32\9F.tmp
C:\WINDOWS\system32\B2.tmp
C:\WINDOWS\system32\D7.tmp
C:\WINDOWS\system32\E4.tmp
C:\WINDOWS\system32\E9.tmp
C:\WINDOWS\system32\qvlpykai.dll
C:\WINDOWS\system32\vwesagyf.dll

.
((((((((((((((((((((((((( Files Created from 2008-05-28 to 2008-06-29 )))))))))))))))))))))))))))))))
.

2008-06-28 12:25 . 2008-06-28 12:25 <DIR> d-------- C:\Deckard
2008-06-27 23:10 . 2008-06-27 23:10 <DIR> d-------- C:\WINDOWS\Sun
2008-06-27 23:10 . 2008-06-27 23:10 <DIR> d-------- C:\Program Files\Sun
2008-06-27 23:10 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-06-27 23:07 . 2008-06-27 23:10 <DIR> d-------- C:\Program Files\Java
2008-06-27 23:07 . 2008-06-27 23:07 <DIR> d-------- C:\Program Files\Common Files\Java
2008-06-27 22:18 . 2008-06-27 22:18 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-27 22:18 . 2008-06-27 22:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-27 22:18 . 2008-06-27 22:18 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2008-06-27 22:18 . 2008-06-19 17:48 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-27 22:18 . 2008-06-19 17:47 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-06-24 18:13 . 2008-06-26 12:33 <DIR> d--h----- C:\$AVG8.VAULT$
2008-06-24 18:11 . 2008-06-29 09:46 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-06-24 18:11 . 2008-06-24 18:11 <DIR> d-------- C:\Program Files\AVG
2008-06-24 18:11 . 2008-06-27 12:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-06-24 18:11 . 2008-06-24 18:11 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-06-24 18:11 . 2008-06-24 18:11 75,272 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
2008-06-24 18:11 . 2008-06-24 18:11 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-06-24 18:05 . 2008-06-24 18:05 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-19 21:09 . 2008-06-19 21:09 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-06-19 21:09 . 2008-06-19 21:09 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2008-06-15 18:04 . 2008-06-15 18:04 <DIR> d-------- C:\Program Files\Veoh Networks
2008-06-13 12:12 . 2008-06-13 12:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Trymedia
2008-06-13 10:56 . 2005-05-26 15:34 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2008-06-13 10:51 . 2008-06-13 10:51 <DIR> d-------- C:\Program Files\Eidos
2008-06-10 15:34 . 2008-06-13 06:10 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-10 15:34 . 2008-06-13 06:10 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-09 10:20 . 2008-06-09 10:20 <DIR> d-------- C:\Program Files\directx
2008-06-09 10:19 . 2008-06-09 21:09 <DIR> d-------- C:\DeusEx
2008-06-09 00:49 . 2008-06-09 00:49 <DIR> d-------- C:\Program Files\EA SPORTS
2008-06-09 00:49 . 2008-06-09 00:49 507 --a------ C:\WINDOWS\eReg.dat
2008-05-31 23:09 . 2008-05-31 23:10 <DIR> d-------- C:\Program Files\Project64 1.6

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-25 05:02 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-25 01:03 --------- d-----w C:\Program Files\Activision
2008-06-24 04:46 2,450 ----a-w C:\WINDOWS\system32\tmp.reg
2008-06-13 17:51 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-13 11:53 --------- d-----w C:\Program Files\BitComet
2008-06-12 01:55 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-06-12 01:54 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-06-07 23:43 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-05-27 01:25 --------- d-----w C:\Program Files\Red Kawa
2008-05-27 01:25 --------- d-----w C:\Program Files\AviSynth 2.5
2008-05-20 22:16 --------- d-----w C:\Program Files\illusion
2008-05-10 05:10 360,064 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-05-10 04:19 21,840 ----atw C:\WINDOWS\system32\SIntfNT.dll
2008-05-10 04:19 17,212 ----atw C:\WINDOWS\system32\SIntf32.dll
2008-05-10 04:19 12,067 ----atw C:\WINDOWS\system32\SIntf16.dll
2008-05-10 01:49 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Atari
2008-05-10 01:37 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Leadertech
2008-05-10 01:33 --------- d-----w C:\Program Files\Atari
2008-05-10 01:22 --------- d-----w C:\Program Files\DAEMON Tools Lite
2008-05-10 01:18 717,296 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-05-10 01:18 --------- d-----w C:\Documents and Settings\Administrator\Application Data\DAEMON Tools
2008-05-09 05:31 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Nexon
2008-05-09 05:05 --------- d-----w C:\Program Files\Common Files\INCA Shared
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-02 18:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Trend Micro
2008-04-28 15:03 82,944 ----a-w C:\WINDOWS\system32\IEDFix.exe
2008-04-28 15:03 82,944 ----a-w C:\WINDOWS\system32\404Fix.exe
2008-04-24 15:10 86,528 ----a-w C:\WINDOWS\system32\VACFix.exe
2008-04-21 07:04 659,456 ----a-w C:\WINDOWS\system32\wininet.dll
2008-04-13 19:22 2,560 ----a-w C:\WINDOWS\system32\bitcometres.dll
2008-04-03 02:33 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2008-04-01 01:32 761,856 ----a-w C:\WINDOWS\system32\CDDBUIRoxio.dll
2008-04-01 01:32 61,440 ----a-w C:\WINDOWS\system32\cdrtc.dll
2008-04-01 01:32 589,824 ----a-w C:\WINDOWS\system32\CDDBControlRoxio.dll
2008-04-01 01:32 45,056 ----a-w C:\WINDOWS\system32\cdral.dll
2008-04-01 00:06 208,384 ----a-w C:\WINDOWS\system32\fdco1.dll
2008-04-01 00:06 159,232 ----a-w C:\WINDOWS\system32\fdco_l1036.dll
2008-04-01 00:06 159,232 ----a-w C:\WINDOWS\system32\fdco_l1034.dll
2008-04-01 00:06 159,232 ----a-w C:\WINDOWS\system32\fdco_l1031.dll
2008-04-01 00:06 158,720 ----a-w C:\WINDOWS\system32\fdco_l1046.dll
2008-04-01 00:06 158,720 ----a-w C:\WINDOWS\system32\fdco_l1040.dll
2008-04-01 00:06 156,672 ----a-w C:\WINDOWS\system32\fdco_l1042.dll
2008-04-01 00:06 156,672 ----a-w C:\WINDOWS\system32\fdco_l1041.dll
2008-04-01 00:06 155,648 ----a-w C:\WINDOWS\system32\fdco_l1028.dll
2008-04-01 00:06 155,136 ----a-w C:\WINDOWS\system32\fdco_l2052.dll
2008-03-31 23:51 65,536 ----a-w C:\WINDOWS\system32\a3d.dll
2008-03-31 23:51 24,064 ----a-w C:\WINDOWS\system32\PostProc.dll
2008-03-31 21:25 831,488 ----a-w C:\WINDOWS\system32\divx_xx0a.dll
2008-03-31 21:25 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2008-03-31 21:25 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2008-03-31 21:25 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2008-03-31 21:25 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
2008-03-31 21:25 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-03-31 20:50 24,576 ----a-w C:\WINDOWS\system32\AsIO.dll
2007-02-09 08:01 3,656 ----a-w C:\Program Files\Read_Me.txt
.

------- Sigcheck -------

2007-10-30 09:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
2004-08-12 05:00 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys
2008-05-09 22:10 360064 4ec50bf8a1edd8c684415c590274779e C:\WINDOWS\system32\dllcache\tcpip.sys
2008-05-09 22:10 360064 4ec50bf8a1edd8c684415c590274779e C:\WINDOWS\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((( snapshot@2008-06-28_23.22.37.06 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-29 06:20:33 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-29 23:41:51 2,048 --s-a-w C:\WINDOWS\bootstat.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-12 05:00 15360]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-04-01 02:39 486856]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2008-05-15 16:11 3644464]
"AdobeUpdater"="C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2008-04-08 22:12 2321600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-12 05:00 208952]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-12 05:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-12 05:00 455168]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-02-01 16:32 8523776]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-06-24 18:11 1177368]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= msaud32_divx.acm

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HncUpdate]
--a------ 2001-03-12 09:40 475136 C:\Program Files\Common Files\Hnc\HncUtils\HncUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2005-12-15 12:18 49152 C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-03-30 10:36 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Launch Ai Booster]
--a------ 2005-06-16 16:36 3627520 C:\Program Files\ASUS\Ai Booster\OverClk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
--a------ 2004-08-12 05:00 59392 C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2008-02-01 16:32 8523776 C:\WINDOWS\system32\NvCpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2008-02-01 16:32 81920 C:\WINDOWS\system32\NvMcTray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2008-02-01 16:32 1626112 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-03-28 23:37 413696 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a------ 2003-10-31 20:42 32768 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
--a------ 2003-07-18 18:23 868352 C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioEngineUtility]
--a------ 2003-05-01 19:44 65536 C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
--a------ 2006-04-10 10:19 729088 C:\Program Files\Analog Devices\SoundMAX\Smax4.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
--a------ 2008-03-31 16:51 843776 C:\Program Files\Analog Devices\Core\smax4pnp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UfSeAgnt.exe]
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"C:\\Program Files\\BitComet\\BitComet.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"16888:TCP"= 16888:TCP:BitComet 16888 TCP
"16888:UDP"= 16888:UDP:BitComet 16888 UDP
"28960:TCP"= 28960:TCP:BitComet 28960 TCP
"28960:UDP"= 28960:UDP:BitComet 28960 UDP
"28900:TCP"= 28900:TCP:BitComet 28900 TCP
"28900:UDP"= 28900:UDP:BitComet 28900 UDP

R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-06-24 18:11]
R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-06-24 18:11]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-06-24 18:11]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-06-24 18:11]
R3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2007-07-05 15:33]
S1 fastfatt;fastfatt;C:\WINDOWS\system32\drivers\fastfatt.sys []
S3 XDva120;XDva120;C:\WINDOWS\system32\XDva120.sys []
S3 XDva134;XDva134;C:\WINDOWS\system32\XDva134.sys []
S3 XDva158;XDva158;C:\WINDOWS\system32\XDva158.sys []

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-06-18 16:32:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-06-23 21:01:15 C:\WINDOWS\Tasks\WebReg officejet 4300 series.job"
- C:\Program Files\HP\Digital Imaging\bin\hpqwrg.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-29 16:46:18
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-06-29 16:46:51
ComboFix-quarantined-files.txt 2008-06-29 23:46:47
ComboFix2.txt 2008-06-29 06:22:50

Pre-Run: 31,503,056,896 bytes free
Post-Run: 31,512,322,048 bytes free

287 --- E O F --- 2008-06-21 06:43:36

HijackThis Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:48:09 PM, on 6/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\conime.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - Startup: RollerCoaster Tycoon 3 Registration.lnk = C:\Documents and Settings\Administrator\Local Settings\Temp\{07A1B793-444C-4CD6-A66E-DED0548DC091}\{907B4640-266B-4A21-92FB-CD1A86CD0F63}\ATR1.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2019DC25-D1C0-11D6-97B3-0008A124F542} (StreamPlug Class) - http://www.streamplu...lug/beta/SP.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://plugin.driver...driveragent.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 5410 bytes

Hello Djwoo91,

Your logs look good but there are a few things I want you to do to make sure we got everything.


Step 1:

Please copy (Ctrl C) and paste (Ctrl V) the following text in the quote box to Notepad. Save it as "All Files" and name it FixServices.bat. Please save it on your desktop.

@echo off
sc stop "fastfatt"
sc delete "fastfatt"
exit

Double click FixServices.bat. A window will open and close. This is normal.


Step 2:

Please run ATF-Cleaner again.Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.

For Technical Support, double-click the e-mail address located at the bottom of each menu.


Step 3:

Download and scan with SUPERAntiSpyware Free for Home Users

• Double-click SUPERAntiSpyware.exe and use the default settings for installation.
• An icon will be created on your desktop. Double-click that icon to launch the program.
• If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
• Under "Configuration and Preferences", click the Preferences button.
• Click the Scanning Control tab.
• Under Scanner Options make sure the following are checked (leave all others unchecked):
  • Close browsers before scanning.
  • Scan for tracking cookies.
  • Terminate memory threats before quarantining.
• Click the "Close" button to leave the control center screen.
• Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
• On the left, make sure you check C:\Fixed Drive.
• On the right, under "Complete Scan", choose Perform Complete Scan.
• Click "Next" to start the scan. Please be patient while it scans your computer.
• After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
• Make sure everything has a checkmark next to it and click "Next".
• A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
• If asked if you want to reboot, click "Yes".
• To retrieve the removal information after reboot, launch SUPERAntispyware again.
  • Click Preferences, then click the Statistics/Logs tab.
  • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
  • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
  • Please copy and paste the Scan Log results in your next reply.
• Click Close to exit the program.

Step 4:

Please do an online scan with Kaspersky WebScanner

• Read through the requirements and privacy statement and click on Accept button.
• It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
• When the downloads have finished, click on Settings.
• Make sure the following is checked.
  
  • Spyware, Adware, Dialers, and other potentially dangerous programs
    Archives
    Mail databases
• Click on My Computer under Scan.
• Once the scan is complete, it will display the results. Click on View Scan Report.
• You will see a list of infected items there. Click on Save Report As....
• Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
• Please post this log in your next reply.

Step 5:

Please rescan with Deckard's System Scanner (DSS).

• Close all other windows before proceeding.
• Double-click on dss.exe and follow the prompts.
• When it has finished, dss will open main.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt in your next reply.

How's you're system running? Let me know if you're still experiencing any problems.

In your next reply I need the following:
-SUPERAntiSpyware results
-Kaskpersky results
-DSS log main.txt

Thank You
My computer is doing MUCH better and no more annoying popups

P.S. You advised me to never have more than 1 anti virus software at a time so should i uninstall avg8 or superanti?


DSS MAIN LOG

Deckard's System Scanner v20071014.68
Run by Administrator on 2008-06-30 18:07:11
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Administrator.exe) ---------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:07:19 PM, on 6/30/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\QuickTime\QuickTimePlayer.exe
C:\Documents and Settings\Administrator\Desktop\dss.exe
C:\WINDOWS\system32\conime.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\ADMINI~1.EXE

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: RollerCoaster Tycoon 3 Registration.lnk = C:\Documents and Settings\Administrator\Local Settings\Temp\{07A1B793-444C-4CD6-A66E-DED0548DC091}\{907B4640-266B-4A21-92FB-CD1A86CD0F63}\ATR1.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2019DC25-D1C0-11D6-97B3-0008A124F542} (StreamPlug Class) - http://www.streamplu...lug/beta/SP.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://plugin.driver...driveragent.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 5668 bytes

-- Files created between 2008-05-30 and 2008-06-30 -----------------------------

2008-06-30 13:52:35 0 d-------- C:\Program Files\Common Files\Adobe
2008-06-30 13:03:19 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-06-30 13:03:14 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-06-30 13:03:14 0 d-------- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2008-06-30 13:02:59 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-29 19:55:23 60273 --a------ C:\WINDOWS\system32\pthreadGC2.dll <Not Verified; Open Source Software community project; >
2008-06-29 19:55:23 7680 --a------ C:\WINDOWS\system32\ff_vfw.dll
2008-06-29 19:55:22 0 d-------- C:\Program Files\ffdshow
2008-06-28 23:17:44 0 d-------- C:\cmdcons
2008-06-28 23:16:26 68096 --a------ C:\WINDOWS\zip.exe
2008-06-28 23:16:26 49152 --a------ C:\WINDOWS\VFind.exe
2008-06-28 23:16:26 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-06-28 23:16:26 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-06-28 23:16:26 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-06-28 23:16:26 98816 --a------ C:\WINDOWS\sed.exe
2008-06-28 23:16:26 80412 --a------ C:\WINDOWS\grep.exe
2008-06-28 23:16:26 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-06-27 23:10:49 0 d-------- C:\WINDOWS\Sun
2008-06-27 23:10:04 0 d-------- C:\Program Files\Sun
2008-06-27 23:07:51 0 d-------- C:\Program Files\Java
2008-06-27 23:07:44 0 d-------- C:\Program Files\Common Files\Java
2008-06-27 23:07:04 0 d-------- C:\Documents and Settings\Administrator\Application Data\Sun
2008-06-27 22:18:37 0 d-------- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2008-06-27 22:18:35 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-27 22:18:35 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-24 18:13:22 0 d--h----- C:\$AVG8.VAULT$
2008-06-24 18:11:32 0 d-------- C:\WINDOWS\system32\drivers\Avg
2008-06-24 18:11:27 0 d-------- C:\Program Files\AVG
2008-06-24 18:11:27 0 d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-06-24 18:05:55 0 d-------- C:\Program Files\Trend Micro
2008-06-19 21:09:52 0 d-------- C:\Program Files\Windows Media Connect 2
2008-06-19 21:09:00 0 d-------- C:\WINDOWS\system32\drivers\UMDF
2008-06-15 18:04:27 0 d-------- C:\Program Files\Veoh Networks
2008-06-13 12:12:04 0 d-------- C:\Documents and Settings\All Users\Application Data\Trymedia
2008-06-13 10:51:50 0 d-------- C:\Program Files\Eidos
2008-06-09 10:20:43 0 d-------- C:\Program Files\directx
2008-06-09 10:19:20 0 d-------- C:\DeusEx
2008-06-09 00:49:35 507 --a------ C:\WINDOWS\eReg.dat
2008-06-09 00:49:35 0 d-------- C:\Program Files\EA SPORTS
2008-05-31 23:09:15 0 d-------- C:\Program Files\Project64 1.6


-- Find3M Report ---------------------------------------------------------------

2008-06-30 13:52:35 0 d-------- C:\Program Files\Common Files
2008-06-24 18:03:54 0 d-------- C:\Program Files\Activision
2008-06-23 21:46:49 2450 --a------ C:\WINDOWS\system32\tmp.reg
2008-06-20 10:31:00 33 --a------ C:\Documents and Settings\Administrator\Application Data\install.ini
2008-06-13 10:51:50 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-13 04:53:58 0 d-------- C:\Program Files\BitComet
2008-06-07 16:43:07 98304 --a------ C:\WINDOWS\system32\CmdLineExt.dll <Not Verified; Sony DADC Austria AG.; >
2008-05-26 18:25:13 0 d-------- C:\Program Files\AviSynth 2.5
2008-05-26 18:25:10 0 d-------- C:\Program Files\Red Kawa
2008-05-20 15:16:36 0 d-------- C:\Program Files\illusion
2008-05-09 21:19:19 21840 --a-----t C:\WINDOWS\system32\SIntfNT.dll
2008-05-09 21:19:19 17212 --a-----t C:\WINDOWS\system32\SIntf32.dll
2008-05-09 21:19:19 12067 --a-----t C:\WINDOWS\system32\SIntf16.dll
2008-05-09 18:49:59 0 d-------- C:\Documents and Settings\Administrator\Application Data\Atari
2008-05-09 18:37:08 0 d-------- C:\Documents and Settings\Administrator\Application Data\Leadertech
2008-05-09 18:33:35 0 d-------- C:\Program Files\Atari
2008-05-09 18:22:55 0 d-------- C:\Program Files\DAEMON Tools Lite
2008-05-09 18:18:40 0 d-------- C:\Documents and Settings\Administrator\Application Data\DAEMON Tools
2008-05-08 22:31:50 0 d-------- C:\Documents and Settings\Administrator\Application Data\Nexon
2008-05-08 22:05:56 0 d-------- C:\Program Files\Common Files\INCA Shared
2008-04-28 08:03:06 82944 --a------ C:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-04-28 08:03:06 82944 --a------ C:\WINDOWS\system32\404Fix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-04-24 08:10:33 86528 --a------ C:\WINDOWS\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
2008-04-13 12:22:40 2560 --a------ C:\WINDOWS\system32\bitcometres.dll <Not Verified; BitComet; BitComet BCTP Helper>
2008-04-13 11:22:29 0 --a------ C:\WINDOWS\nsreg.dat
2008-04-05 14:05:55 110055 --a------ C:\WINDOWS\hpoins08.dat
2008-03-31 18:32:17 761856 --a------ C:\WINDOWS\system32\CDDBUIRoxio.dll <Not Verified; Gracenote; CDDBUIControl Module>
2008-03-31 18:32:17 589824 --a------ C:\WINDOWS\system32\CDDBControlRoxio.dll <Not Verified; Gracenote (formerly CDDB, Inc.); CDDBControl Core Module>
2008-03-31 17:06:40 155136 --a------ C:\WINDOWS\system32\fdco_l2052.dll
2008-03-31 17:06:40 158720 --a------ C:\WINDOWS\system32\fdco_l1046.dll
2008-03-31 17:06:40 156672 --a------ C:\WINDOWS\system32\fdco_l1042.dll
2008-03-31 17:06:40 156672 --a------ C:\WINDOWS\system32\fdco_l1041.dll
2008-03-31 17:06:40 158720 --a------ C:\WINDOWS\system32\fdco_l1040.dll
2008-03-31 17:06:40 159232 --a------ C:\WINDOWS\system32\fdco_l1036.dll
2008-03-31 16:51:18 24064 --a------ C:\WINDOWS\system32\PostProc.dll <Not Verified; Analog Devices, Inc.; SoundMAX coinstaller>
2008-03-31 16:51:18 65536 --a------ C:\WINDOWS\system32\a3d.dll <Not Verified; Sensaura Ltd; Sensaura>
2008-03-31 14:25:48 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2008-03-31 14:25:48 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2008-03-31 14:25:46 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-03-31 14:25:46 831488 --a------ C:\WINDOWS\system32\divx_xx0a.dll
2008-03-31 14:25:46 682496 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2008-03-31 13:50:51 24576 --a------ C:\WINDOWS\system32\AsIO.dll <Not Verified; ; AsIO Dynamic Link Library>
2008-03-31 13:42:34 0 -rahs---- C:\MSDOS.SYS
2008-03-31 13:42:34 0 -rahs---- C:\IO.SYS
2008-03-31 13:42:34 0 --a------ C:\CONFIG.SYS
2008-03-31 13:42:34 0 --a------ C:\AUTOEXEC.BAT
2008-03-31 13:40:14 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-03-31 13:38:22 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-03-31 05:34:50 62 --ahs---- C:\Documents and Settings\Administrator\Application Data\desktop.ini


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [08/12/2004 05:00 AM]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [08/12/2004 05:00 AM]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [08/12/2004 05:00 AM]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [02/01/2008 04:32 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [03/28/2008 11:37 PM]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [06/24/2008 06:11 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [03/25/2008 04:28 AM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 10:16 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/12/2004 05:00 AM]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [04/01/2008 02:39 AM]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [05/15/2008 04:11 PM]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [05/28/2008 10:33 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [05/13/2008 10:13 AM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/2007 01:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HncUpdate]
C:\Program Files\Common Files\Hnc\HncUtils\HncUpdate.exe /A

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
%systemroot%\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Launch Ai Booster]
"C:\Program Files\ASUS\Ai Booster\OverClk.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
"C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
"C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioEngineUtility]
"C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
"C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
C:\Program Files\Analog Devices\Core\smax4pnp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UfSeAgnt.exe]
"C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"




-- End of Deckard's System Scanner: finished at 2008-06-30 18:07:42 ------------


KASPERSKY LOG

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Monday, June 30, 2008
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Monday, June 30, 2008 17:42:31
Records in database: 899354
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\
G:\

Scan statistics:
Files scanned: 74691
Threat name: 2
Infected objects: 6
Suspicious objects: 0
Duration of the scan: 02:10:24


File name / Threat name / Threats count
C:\Documents and Settings\Administrator\Desktop\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f 1
C:\Documents and Settings\Administrator\Desktop\SmitfraudFix.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f 1
E:\프로그램\vnc-4_1_2-x86_win32.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 4

The selected area was scanned


SUPERAnti LOG

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 06/30/2008 at 01:42 PM

Application Version : 4.15.1000

Core Rules Database Version : 3493
Trace Rules Database Version: 1484

Scan type : Complete Scan
Total Scan Time : 00:36:53

Memory items scanned : 338
Memory threats detected : 0
Registry items scanned : 5023
Registry threats detected : 0
File items scanned : 73263
File threats detected : 12

NotHarmful.Sysinternals Bluescreen Screen Saver
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\31.TMP.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\34.TMP.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\3C.TMP.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\9F.TMP.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\B2.TMP.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\D7.TMP.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\E4.TMP.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\E9.TMP.VIR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{ECD7CCAF-3852-45AE-B50A-39D76AEA846B}\RP6\A0001073.SCR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{ECD7CCAF-3852-45AE-B50A-39D76AEA846B}\RP6\A0002142.SCR

Adware.Unknown Origin
C:\SYSTEM VOLUME INFORMATION\_RESTORE{ECD7CCAF-3852-45AE-B50A-39D76AEA846B}\RP7\A0002280.CFG

Browser Hijacker.Favorites
D:\MY DOCUMENTS\FAVORITES\ONLINE SECURITY TEST.URL

Hello Djwoo91,

SUPERAntiSpyware is an anti-spyware/adware program (like MBAM), not an anti-virus program, so you can leave it on your computer

Do you recognize this program?

vnc-4_1_2-x86_win32.exe

You currently have BitComet installed on your computer. BitComet is a P2P (peer to peer) program that increases the chance of getting an infection. It is recommended you uninstall BitComet as well as any other p2p programs you may have installed on your computer. If you decide to keep BitComet on your computer, you can skip Step 1: below:


Step 1:

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)

Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis.

Please go to Start > Control Panel > Add/Remove Programs and remove the following (if present):

BitComet

Please note any other programs that you dont recognize in that list in your next response

Using Windows Explorer (to get there right-click your Start button and go to "Explore"), please delete these folders (if present):

C:\Program Files\BitComet


Step 2:

Follow these steps to uninstall Combofix and tools used in the removal of malware

• Click START then RUN
• Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there.
  

-------------------------------------------------------------------------
Congratulations! Your system appears to be clear of any malware

Let's do some last minute steps!

Re-hide Hidden System Files and Folders.

• Click Start.
• Open My Computer.
• Select the Tools menu and click Folder Options.
• Select the View tab.
• Under the Hidden files and folders heading SELECT Do Not Show Hidden files and folders.
• Click Yes to confirm.
• Click OK.

Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs from changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected)1. Turn off System Restore.On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.
2. Restart your computer.

3. Turn ON System Restore.On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check Turn off System Restore.
Click Apply, and then click OK.
[/list]System Restore will now be active again.
-----------------------------------------------------------------------------------
The following lists consists of some tools that I like to recommend to keep your computer safer in the future:

Free Anti-Virus Programs:

• Anti-Vir *Recommended
• Avast
• AVG

With out an Anti-Virus program, your practically inviting malware onto your computer! Just remember to never install more than one.

Free Anti-Spyware Programs:

• Malwarebytes' Anti-Malware
• SUPERAntiSpyware

Add to your systems protection with a few Anti-Spyware programs. Remember to only have at most one resident shield running at a time.

Free Firewall Programs:

• Comodo Firewall
• ZoneAlarm

Keep the hackers out with a good firewall program.

Spyware preventions tools:

• Spyware Blaster
  This application does not scan or detect spyware but it does prevent it from being installed. Spyware Blaster is a great application that uses no computer resources, it is a must if you want to keep your computer safer from spyware.
• Spyware Guard
  A realtime protection against spyware that is meant to work along side Spyware Blaster.

Online Scanners:

• Kaspersky Online Scanner
• Panda ActiveScan

While having a traditional Anti-Virus program is necessary from keeping many pieces of malware off of your system, no protection program is fool proof. Online scanners have a much larger data base than stand alone scanners and it is recommended that you use an online scanner once every week or so to see if any malware got by your current protection programs.
NOTE: Most online scanners will only detect what's on your computer, not disinfect the malware itself.

To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein

Have a great day and stay safe!