Hello and nice to see you. Great forum.
I think my PC is infected. I have a "Your privacy is in danger" background and pop-ups that say "Download antivirus to protect PC".
Here is the HijackThis log:

Logfile of Trend Micro HijackThis v2.0.2:

Scan saved at 01:14:23, on 8/25/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\WINDOWS\OEM02Mon.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
E:\Program Files\CyberLink\PowerDVD8\PowerDVD8\PDVD8Serv.exe
C:\Program Files\Cyberlink\Shared Files\brs.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\DELL\DELL Webcam Manager\DellWMgr.exe
C:\Program Files\DellAutomatedPCTuneUp\PTAgnt.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\explorer.exe
C:\Program Files\BitDefender\BitDefender 2008\seccenter.exe
C:\WINDOWS\system32\DllHost.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=...6Ojg5&lid=2
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: QXK Olive - {E350B1C6-A8DC-4EEF-90DB-61DCAE9D1B67} - C:\WINDOWS\rodqgpvlkoa.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O3 - Toolbar: qalkfxor - {18C388BB-5014-4906-AE38-E62BA5AA7387} - C:\WINDOWS\qalkfxor.dll
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\WINDOWS\OEM02Mon.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SigmaTel Audio] C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v133\setup.exe -postqfe
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [RemoteControl8] "E:\Program Files\CyberLink\PowerDVD8\PowerDVD8\PDVD8Serv.exe"
O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "E:\Program Files\CyberLink\PowerDVD8\PowerDVD8\Language\Language.exe"
O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe
O4 - HKCU\..\Run: [DELL Webcam Manager] "C:\Program Files\DELL\DELL Webcam Manager\DellWMgr.exe" /s
O4 - HKCU\..\Run: [DellAutomatedPCTuneUp] "C:\Program Files\DellAutomatedPCTuneUp\PTAgnt.exe" /startup
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - S-1-5-18 Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (User 'Default user')
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{D2B6555C-3974-4C66-B07B-917CA7DB01A8}: NameServer = 193.231.252.1 213.154.124.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: Antiwpa - C:\WINDOWS\SYSTEM32\antiwpa.dll
O21 - SSODL: pdoskegl - {BC955F78-E20A-4ED6-B951-1E1FBBD3DBDF} - C:\WINDOWS\pdoskegl.dll
O21 - SSODL: rqbmvpso - {216E3E49-1023-4EB9-99D4-633AD2C78E75} - C:\WINDOWS\rqbmvpso.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DellAMBrokerService - Unknown owner - C:\Program Files\DellAutomatedPCTuneUp\brkrsvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

--
End of file - 8988 bytes

Probably it will help, SmitFraudFix log:

SmitFraudFix v2.339

Scan done at 0:57:18.54, Mon 08/25/2008
Run from C:\Program Files\Mozilla Firefox\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\WINDOWS\OEM02Mon.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
E:\Program Files\CyberLink\PowerDVD8\PowerDVD8\PDVD8Serv.exe
C:\Program Files\Cyberlink\Shared Files\brs.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\DELL\DELL Webcam Manager\DellWMgr.exe
C:\Program Files\DellAutomatedPCTuneUp\PTAgnt.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\explorer.exe
C:\Program Files\BitDefender\BitDefender 2008\seccenter.exe
C:\WINDOWS\system32\DllHost.exe
C:\Program Files\BitDefender\BitDefender 2008\uiscan.exe
C:\Program Files\Mozilla Firefox\SmitfraudFix\Policies.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

C:\WINDOWS\privacy_danger FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Paul


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Paul\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Paul\FAVORI~1

C:\DOCUME~1\Paul\FAVORI~1\Error Cleaner.url FOUND !
C:\DOCUME~1\Paul\FAVORI~1\Privacy Protector.url FOUND !
C:\DOCUME~1\Paul\FAVORI~1\Spyware?Malware Protection.url FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

C:\DOCUME~1\Paul\Desktop\Error Cleaner.url FOUND !
C:\DOCUME~1\Paul\Desktop\Privacy Protector.url FOUND !
C:\DOCUME~1\Paul\Desktop\Spyware?Malware Protection.url FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="file:///C:\\WINDOWS\\privacy_danger\\index.htm"
"SubscribedURL"=""
"FriendlyName"="Privacy Protection"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!




»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
+--------------------------------------------------+
[!] Suspicious: rodqgpvlkoa.dll
BHO: QXK Olive - {E350B1C6-A8DC-4EEF-90DB-61DCAE9D1B67}
TypeLib: {31E49456-3EC8-4CF9-B756-CD4BB7D43F61}
Interface: {E3A8BB7F-47DF-4A13-9F50-CA0D1F89DA7F}
Interface: {FD929AF1-D3CE-4374-9A73-C8E70BC02C17}

[!] Suspicious: qalkfxor.dll
Toolbar: qalkfxor - {18C388BB-5014-4906-AE38-E62BA5AA7387}
TypeLib: {2E94E090-6554-4076-97A0-BC0EBE5CD9B2}
Interface: {ADE410F2-0722-420F-8B03-9A874F23A3BC}
Classe: qalkfxor.bpqk
Classe: qalkfxor.ToolBar.1

[!] Suspicious: pdoskegl.dll
SSODL: pdoskegl - {BC955F78-E20A-4ED6-B951-1E1FBBD3DBDF}

[!] Suspicious: rqbmvpso.dll
SSODL: rqbmvpso - {216E3E49-1023-4EB9-99D4-633AD2C78E75}


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, following keys are not inevitably infected!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» RK



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: WAN (PPP/SLIP) Interface
DNS Server Search Order: 193.231.252.1
DNS Server Search Order: 213.154.124.1

Description: Broadcom 440x 10/100 Integrated Controller - Packet Scheduler Miniport
DNS Server Search Order: 213.157.188.162

HKLM\SYSTEM\CCS\Services\Tcpip\..\{5426F3CF-BDC8-4D98-A574-814D4A757868}: DhcpNameServer=213.157.188.162
HKLM\SYSTEM\CCS\Services\Tcpip\..\{D2B6555C-3974-4C66-B07B-917CA7DB01A8}: NameServer=193.231.252.1 213.154.124.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{5426F3CF-BDC8-4D98-A574-814D4A757868}: DhcpNameServer=213.157.188.162
HKLM\SYSTEM\CS1\Services\Tcpip\..\{D2B6555C-3974-4C66-B07B-917CA7DB01A8}: NameServer=193.231.252.1 213.154.124.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{5426F3CF-BDC8-4D98-A574-814D4A757868}: DhcpNameServer=213.157.188.162
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=213.157.188.162
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=213.157.188.162
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=213.157.188.162


»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End

Please print out these instructions, or copy them to a Notepad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

Please reboot your computer in Safe Mode by doing the following :

• Restart your computer
• After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
• Instead of Windows loading as normal, a menu with options should appear;
• Select the first option, to run Windows in Safe Mode, then press Enter.
• Choose your usual account.

Once in Safe Mode, please double-click smitfraudfix.exe
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".


The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart anyway into normal Windows. A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply along with a new HijackThis log.
The report can also be found at the root of the system drive, usually at C:\rapport.txt

Warning!! : running option #2 on a non infected computer will remove your Desktop background.





NEXT


Please download Malwarebytes' Anti-Malware from HERE or HERE

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Full Scan", then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

SmitFraudFix log:


Malwarebytes' Anti-Malware log:


Hijack this log:

Hello.. Please don't use code/quote tags when posting your logs.. Just post them as it is.. It will be much easier for my eyes..


Tell me, how is your computer now?


Please re-open HijackThis and click on Do a system scan only. Check the boxes next to all the entries listed below.

O2 - BHO: QXK Olive - {E350B1C6-A8DC-4EEF-90DB-61DCAE9D1B67} - C:\WINDOWS\rodqgpvlkoa.dll (file missing)

Now close all windows other than HijackThis, then click Fix checked. Close HijackThis.




NEXT


Please do an online scan with Kaspersky WebScanner

Click on Accept

You will be promted to install an ActiveX component from Kaspersky, Click Yes.

• The program will launch and then begin downloading the latest definition files:
• Once the files have been downloaded click on NEXT
  
• Now click on Scan Settings
• In the scan settings make that the following are selected:
  • Scan using the following Anti-Virus database:
  Extended (if available otherwise Standard)
  • Scan Options:
  Scan Archives
  Scan Mail Bases
• Click OK
• Now under select a target to scan:
  Select My Computer
• This will program will start and scan your system.
• The scan will take a while so be patient and let it run.
• Once the scan is complete it will display if your system has been infected.
  
  • Now click on the Save as Text button:
• Save the file to your desktop.
• Copy and paste that information in your next post.

This post has been edited by fenzodahl512: Aug 25 2008, 02:14 PM

After updating the virus definitions a window pops that says "Kaspersky Online Scanner license has expired!"
I have never used Kaspersky so I don't why this happend.

Lets do this instead..

Please download OTViewIt to your desktop.

• Close all windows and double click OTViewIt
• Place a tick in the Scan all Users box
• In the File Age drop down box select 30 days
• Click Run Scan and let the program run uninterrupted
• On completion it will produce two logs on the Desktop, post the OTViewIt.txt and Extras.txt logs in your next post.

And tell me how is your computer now?

My computer is fine now. Thank you very much !!! No more malware & stuff

OTView it log:

OTViewIt logfile created on: 8/26/2008 2:33:05 AM - Run 1
OTViewIt by OldTimer - Version 1.0.0.12 Folder = C:\Documents and Settings\Paul\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 58.59 Gb Total Space | 8.75 Gb Free Space | 14.94% Space Free | Partition Type: NTFS
Drive D: | 119.74 Gb Total Space | 12.37 Gb Free Space | 10.33% Space Free | Partition Type: NTFS
Drive E: | 119.75 Gb Total Space | 0.63 Gb Free Space | 0.52% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LUCA
Current User Name: Paul
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users

===== Processes - Non-Microsoft Only =====

[10/09/2007 07:17 PM | 00,024,064 | ---- | M] () - C:\WINDOWS\system32\WLTRYSVC.EXE
[10/09/2007 07:17 PM | 01,921,024 | ---- | M] (Dell Inc.) - C:\WINDOWS\system32\BCMWLTRY.EXE
[07/10/2008 09:47 AM | 00,116,040 | ---- | M] (Apple Inc.) - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
[07/24/2007 03:17 PM | 00,229,376 | ---- | M] (Apple Inc.) - C:\Program Files\Bonjour\mDNSResponder.exe
[02/22/2008 05:46 AM | 00,155,716 | ---- | M] (NVIDIA Corporation) - C:\WINDOWS\system32\nvsvc32.exe
[07/24/2008 05:28 AM | 00,086,016 | ---- | M] (BitDefender) - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
[07/24/2008 05:28 AM | 01,155,072 | ---- | M] (BitDefender SRL) - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
[07/24/2008 05:28 AM | 01,253,376 | ---- | M] (BitDefender S.R.L.) - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
[02/22/2008 12:43 PM | 01,245,184 | ---- | M] (Dell Inc.) - C:\Program Files\Dell\QuickSet\quickset.exe
[05/10/2007 10:22 AM | 00,405,504 | ---- | M] (SigmaTel, Inc.) - C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
[05/10/2007 01:01 AM | 00,036,864 | ---- | M] (Creative Technology Ltd.) - C:\WINDOWS\OEM02Mon.exe
[10/09/2007 07:17 PM | 02,183,168 | ---- | M] (Dell Inc.) - C:\WINDOWS\system32\WLTRAY.EXE
[07/02/2007 01:29 PM | 00,159,744 | ---- | M] (Alps Electric Co., Ltd.) - C:\Program Files\DellTPad\Apoint.exe
[06/10/2008 04:27 AM | 00,144,784 | ---- | M] (Sun Microsystems, Inc.) - C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
[05/22/2007 02:18 PM | 00,050,736 | ---- | M] (Alps Electric Co., Ltd.) - C:\Program Files\DellTPad\ApMsgFwd.exe
[07/10/2008 10:51 AM | 00,289,064 | ---- | M] (Apple Inc.) - C:\Program Files\iTunes\iTunesHelper.exe
[07/24/2008 05:28 AM | 00,368,640 | ---- | M] (BitDefender S.R.L.) - C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
[03/20/2008 08:23 PM | 00,083,240 | ---- | M] (Cyberlink Corp.) - E:\Program Files\CyberLink\PowerDVD8\PowerDVD8\PDVD8Serv.exe
[09/08/2006 03:10 PM | 00,040,960 | ---- | M] (Alps Electric Co., Ltd.) - C:\Program Files\DellTPad\hidfind.exe
[06/06/2007 04:44 PM | 00,049,152 | ---- | M] (Alps Electric Co., Ltd.) - C:\Program Files\DellTPad\ApntEx.exe
[03/21/2008 10:21 AM | 00,091,432 | ---- | M] (cyberlink) - C:\Program Files\Cyberlink\Shared Files\brs.exe
[06/07/2007 11:14 AM | 00,118,784 | ---- | M] (Creative Technology Ltd.) - C:\Program Files\Dell\DELL Webcam Manager\DellWMgr.exe
[10/11/2007 09:49 AM | 00,465,136 | ---- | M] (Gteko Ltd.) - C:\Program Files\DellAutomatedPCTuneUp\PTAgnt.exe
[09/18/2005 06:40 PM | 01,421,824 | ---- | M] (Methlabs) - C:\Program Files\PeerGuardian2\pg2.exe
[08/16/2008 12:17 AM | 00,267,056 | ---- | M] (BitTorrent, Inc.) - C:\Program Files\uTorrent\uTorrent.exe
[02/27/2007 11:39 AM | 01,310,720 | ---- | M] (SUPERAntiSpyware.com) - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
[11/03/2006 06:02 PM | 00,050,688 | ---- | M] (Avanquest Software ) - C:\Program Files\Digital Line Detect\DLG.exe
[07/10/2008 10:51 AM | 00,532,264 | ---- | M] (Apple Inc.) - C:\Program Files\iPod\bin\iPodService.exe
[05/30/2008 03:54 PM | 21,718,312 | R--- | M] (Skype Technologies S.A.) - C:\Program Files\Skype\Phone\Skype.exe
[05/30/2008 03:54 PM | 00,076,744 | R--- | M] (Skype Technologies) - C:\Program Files\Skype\Plugin Manager\skypePM.exe
[08/30/2007 05:43 PM | 04,670,704 | ---- | M] (Yahoo! Inc.) - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
[07/08/2008 07:22 PM | 00,486,856 | ---- | M] (DT Soft Ltd) - C:\Program Files\DAEMON Tools Lite\daemon.exe
[08/26/2008 02:28 AM | 00,103,736 | ---- | M] () - C:\WINDOWS\system32\PnkBstrB.exe
[08/26/2008 02:28 AM | 00,066,872 | ---- | M] () - C:\WINDOWS\system32\PnkBstrA.exe
[07/17/2008 07:07 AM | 00,307,712 | ---- | M] (Mozilla Corporation) - C:\Program Files\Mozilla Firefox\firefox.exe
[08/26/2008 02:32 AM | 01,299,968 | ---- | M] (OldTimer Tools) - C:\Documents and Settings\Paul\Desktop\OTViewIt.exe

===== Win32 Services - Non-Microsoft Only =====

(Apple Mobile Device) Apple Mobile Device [Auto | Running]
[07/10/2008 09:47 AM | 00,116,040 | ---- | M] (Apple Inc.) - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

(Bonjour Service) Bonjour Service [Auto | Running]
[07/24/2007 03:17 PM | 00,229,376 | ---- | M] (Apple Inc.) - C:\Program Files\Bonjour\mDNSResponder.exe

(DellAMBrokerService) DellAMBrokerService [On_Demand | Stopped]
[10/11/2007 09:49 AM | 00,076,016 | ---- | M] () - C:\Program Files\DellAutomatedPCTuneUp\brkrsvc.exe

(dmadmin) Logical Disk Manager Administrative Service [On_Demand | Stopped]
[04/14/2008 03:00 PM | 00,224,768 | ---- | M] (Microsoft Corp., Veritas Software) - C:\WINDOWS\system32\dmadmin.exe

(FLEXnet Licensing Service) FLEXnet Licensing Service [On_Demand | Stopped]
[08/13/2008 12:46 AM | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

(iPod Service) iPod Service [On_Demand | Running]
[07/10/2008 10:51 AM | 00,532,264 | ---- | M] (Apple Inc.) - C:\Program Files\iPod\bin\iPodService.exe

(LIVESRV) BitDefender Desktop Update Service [Auto | Running]
[07/24/2008 05:28 AM | 01,155,072 | ---- | M] (BitDefender SRL) - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe

(NMIndexingService) NMIndexingService [On_Demand | Stopped]
File not found - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

(NVSvc) NVIDIA Display Driver Service [Auto | Running]
[02/22/2008 05:46 AM | 00,155,716 | ---- | M] (NVIDIA Corporation) - C:\WINDOWS\system32\nvsvc32.exe

(rpcapd) Remote Packet Capture Protocol v.0 (experimental) [On_Demand | Stopped]
[11/06/2007 11:22 PM | 00,092,792 | ---- | M] (CACE Technologies) - C:\Program Files\WinPcap\rpcapd.exe

(VSSERV) BitDefender Virus Shield [Auto | Running]
[07/24/2008 05:28 AM | 01,253,376 | ---- | M] (BitDefender S.R.L.) - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe

(wltrysvc) Dell Wireless WLAN Tray Service [Auto | Running]
[10/09/2007 07:17 PM | 00,024,064 | ---- | M] () - C:\WINDOWS\system32\WLTRYSVC.EXE

(XCOMM) BitDefender Communicator [Auto | Running]
[07/24/2008 05:28 AM | 00,086,016 | ---- | M] (BitDefender) - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe

(PnkBstrB) PnkBstrB [Auto | Running]
[08/26/2008 02:28 AM | 00,103,736 | ---- | M] () - C:\WINDOWS\system32\PnkBstrB.exe

(PnkBstrA) PnkBstrA [Auto | Running]
[08/26/2008 02:28 AM | 00,066,872 | ---- | M] () - C:\WINDOWS\system32\PnkBstrA.exe

===== Driver Services - Non-Microsoft Only =====

(ApfiltrService) Alps Touch Pad Filter Driver for Windows 2000/XP/Vista [On_Demand | Running]
[06/25/2007 06:53 PM | 00,155,136 | ---- | M] (Alps Electric Co., Ltd.) - C:\WINDOWS\system32\drivers\Apfiltr.sys

(APPDRV) APPDRV [System | Running]
[08/12/2005 04:50 PM | 00,016,128 | ---- | M] (Dell Inc) - C:\WINDOWS\system32\drivers\APPDRV.SYS

(BCM43XX) Dell Wireless WLAN Card Driver [On_Demand | Running]
[10/09/2007 07:17 PM | 01,123,328 | ---- | M] (Broadcom Corp.) - C:\WINDOWS\system32\drivers\BCMWL5.SYS

(bcm4sbxp) Broadcom 440x 10/100 Integrated Controller XP Driver [On_Demand | Running]
[11/21/2006 04:25 AM | 00,045,568 | R--- | M] (Broadcom Corporation) - C:\WINDOWS\system32\drivers\bcm4sbxp.sys

(Bdfndisf) BitDefender Firewall NDIS Filter Service [On_Demand | Running]
[07/24/2008 05:28 AM | 00,086,792 | ---- | M] (BitDefender SRL) - C:\WINDOWS\system32\drivers\bdfndisf.sys

(bdfsfltr) bdfsfltr [On_Demand | Running]
[01/07/2008 05:41 PM | 00,196,368 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) - C:\WINDOWS\system32\drivers\bdfsfltr.sys

(bdftdif) bdftdif [System | Running]
[07/24/2008 05:28 AM | 00,156,688 | ---- | M] (BitDefender SRL) - C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdftdif.sys

(BDSelfPr) BDSelfPr [On_Demand | Running]
[07/24/2008 05:28 AM | 00,008,320 | ---- | M] (BitDefender S.R.L.) - C:\Program Files\BitDefender\BitDefender 2008\bdselfpr.sys

(datunidr) DellAutomatedPCTuneUp UniDriver [Auto | Running]
[08/23/2007 06:29 PM | 00,005,376 | --S- | M] (Gteko Ltd.) - C:\WINDOWS\system32\drivers\datunidr.sys

(dmboot) dmboot [Disabled | Stopped]
[04/14/2008 03:00 PM | 00,799,744 | ---- | M] (Microsoft Corp., Veritas Software) - C:\WINDOWS\system32\drivers\dmboot.sys

(dmio) Logical Disk Manager Driver [Boot | Running]
[04/14/2008 03:00 PM | 00,153,344 | ---- | M] (Microsoft Corp., Veritas Software) - C:\WINDOWS\system32\drivers\dmio.sys

(dmload) dmload [Boot | Running]
[04/14/2008 03:00 PM | 00,005,888 | ---- | M] (Microsoft Corp., Veritas Software.) - C:\WINDOWS\system32\drivers\dmload.sys

(GEARAspiWDM) GEARAspiWDM [On_Demand | Running]
[01/29/2008 12:01 PM | 00,016,168 | ---- | M] (GEAR Software Inc.) - C:\WINDOWS\system32\drivers\GEARAspiWDM.sys

(HDAudBus) Microsoft UAA Bus Driver for High Definition Audio [On_Demand | Running]
[04/14/2008 03:00 PM | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) - C:\WINDOWS\system32\drivers\hdaudbus.sys

(HSFHWAZL) HSFHWAZL [On_Demand | Running]
[08/02/2007 05:34 PM | 00,211,200 | R--- | M] (Conexant Systems, Inc.) - C:\WINDOWS\system32\drivers\HSFHWAZL.sys

(HSF_DPV) HSF_DPV [On_Demand | Running]
[08/02/2007 05:35 PM | 00,989,952 | R--- | M] (Conexant Systems, Inc.) - C:\WINDOWS\system32\drivers\HSF_DPV.sys

(mdmxsdk) mdmxsdk [Auto | Running]
[06/19/2006 02:26 PM | 00,012,672 | R--- | M] (Conexant) - C:\WINDOWS\system32\drivers\mdmxsdk.sys

(NPF) NetGroup Packet Filter Driver [On_Demand | Stopped]
[11/06/2007 11:22 PM | 00,034,064 | ---- | M] (CACE Technologies) - C:\WINDOWS\system32\drivers\npf.sys

(nv) nv [On_Demand | Running]
[02/22/2008 05:46 AM | 06,658,592 | ---- | M] (NVIDIA Corporation) - C:\WINDOWS\system32\drivers\nv4_mini.sys

(OEM02Afx) Provides a software interface to control audio effects of OEM002 camera. [On_Demand | Running]
[06/08/2007 01:00 AM | 00,141,376 | ---- | M] (Creative Technology Ltd.) - C:\WINDOWS\system32\drivers\OEM02Afx.sys

(OEM02Dev) Creative Camera OEM002 Driver [On_Demand | Running]
[10/11/2007 01:03 AM | 00,235,648 | ---- | M] (Creative Technology Ltd.) - C:\WINDOWS\system32\drivers\OEM02Dev.sys

(OEM02Vfx) Creative Camera OEM002 Video VFX Driver [On_Demand | Running]
[03/05/2007 06:45 PM | 00,007,424 | ---- | M] (EyePower Games Pte. Ltd.) - C:\WINDOWS\system32\drivers\OEM02Vfx.sys

(Profos) Profos [On_Demand | Stopped]
[07/12/2007 01:32 AM | 00,012,800 | ---- | M] () - C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\profos.sys

(Ptilink) Direct Parallel Link Driver [On_Demand | Running]
[04/14/2008 03:00 PM | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) - C:\WINDOWS\system32\drivers\ptilink.sys

(PTproct) PTproct [On_Demand | Running]
[10/05/2006 04:07 PM | 00,004,736 | ---- | M] (Gteko Ltd.) - C:\Program Files\DellAutomatedPCTuneUp\GTAction\triggers\PTproct.sys

(PxHelp20) PxHelp20 [Boot | Running]
[03/08/2007 02:51 AM | 00,043,528 | ---- | M] (Sonic Solutions) - C:\WINDOWS\system32\drivers\PxHelp20.sys

(rimmptsk) rimmptsk [Auto | Running]
[11/15/2006 12:16 AM | 00,032,256 | ---- | M] (REDC) - C:\WINDOWS\system32\drivers\rimmptsk.sys

(rimsptsk) rimsptsk [Auto | Running]
[11/14/2006 07:42 PM | 00,043,520 | ---- | M] (REDC) - C:\WINDOWS\system32\drivers\rimsptsk.sys

(rismxdp) Ricoh xD-Picture Card Driver [Auto | Running]
[11/14/2006 05:35 PM | 00,037,376 | ---- | M] (REDC) - C:\WINDOWS\system32\drivers\rixdptsk.sys

(SASDIFSV) SASDIFSV [System | Running]
[10/10/2006 12:53 PM | 00,005,632 | ---- | M] () - C:\Program Files\SUPERAntiSpyware\sasdifsv.sys

(SASENUM) SASENUM [On_Demand | Running]
[02/16/2006 04:51 PM | 00,004,096 | R--- | M] (SuperAdBlocker, Inc.) - C:\Program Files\SUPERAntiSpyware\SASENUM.SYS

(SASKUTIL) SASKUTIL [System | Running]
[02/27/2007 11:39 AM | 00,032,256 | ---- | M] () - C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS

(Secdrv) Secdrv [On_Demand | Stopped]
[04/14/2008 03:00 PM | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) - C:\WINDOWS\system32\drivers\secdrv.sys

(sptd) sptd [Boot | Running]
[07/14/2008 12:57 PM | 00,717,296 | ---- | M] () - C:\WINDOWS\system32\drivers\sptd.sys

(STHDA) SigmaTel High Definition Audio CODEC [On_Demand | Running]
[05/10/2007 10:24 AM | 01,222,840 | ---- | M] (SigmaTel, Inc.) - C:\WINDOWS\system32\drivers\sthda.sys

(Trufos) Trufos [On_Demand | Stopped]
[07/10/2007 08:00 AM | 00,036,736 | ---- | M] () - C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\trufos.sys

(winachsf) winachsf [On_Demand | Running]
[08/02/2007 05:34 PM | 00,731,136 | R--- | M] (Conexant Systems, Inc.) - C:\WINDOWS\system32\drivers\HSF_CNXT.sys

({FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}) {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054} [Auto | Running]
[02/01/2008 05:24 PM | 00,041,456 | ---- | M] (Cyberlink Corp.) - E:\Program Files\CyberLink\PowerDVD8\PowerDVD8\000.fcl

(pgfilter) pgfilter [On_Demand | Running]
[09/18/2005 06:02 PM | 00,005,632 | ---- | M] () - C:\Program Files\PeerGuardian2\pgfilter.sys

(PnkBstrK) PnkBstrK [On_Demand | Running]
[08/26/2008 02:28 AM | 00,022,328 | ---- | M] () - C:\WINDOWS\system32\drivers\PnkBstrK.sys

===== Run Keys =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher" = "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [06/12/2008 02:38 AM | 00,034,672 | ---- | M] (Adobe Systems Incorporated)
"Apoint" = C:\Program Files\DellTPad\Apoint.exe [07/02/2007 01:29 PM | 00,159,744 | ---- | M] (Alps Electric Co., Ltd.)
"AppleSyncNotifier" = C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [07/10/2008 09:47 AM | 00,116,040 | ---- | M] (Apple Inc.)
"BDAgent" = "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe" [07/24/2008 05:28 AM | 00,368,640 | ---- | M] (BitDefender S.R.L.)
"BDRegion" = C:\Program Files\Cyberlink\Shared Files\brs.exe [03/21/2008 10:21 AM | 00,091,432 | ---- | M] (cyberlink)
"BitDefender Antiphishing Helper" = "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe" [07/24/2008 05:28 AM | 00,061,440 | ---- | M] (BitDefender)
"Broadcom Wireless Manager UI" = C:\WINDOWS\system32\WLTRAY.exe [10/09/2007 07:17 PM | 02,183,168 | ---- | M] (Dell Inc.)
"Dell QuickSet" = C:\Program Files\Dell\QuickSet\quickset.exe [02/22/2008 12:43 PM | 01,245,184 | ---- | M] (Dell Inc.)
"iTunesHelper" = "C:\Program Files\iTunes\iTunesHelper.exe" [07/10/2008 10:51 AM | 00,289,064 | ---- | M] (Apple Inc.)
"NvCplDaemon" = RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup [02/22/2008 05:46 AM | 13,508,608 | ---- | M] (NVIDIA Corporation)
"NVHotkey" = rundll32.exe nvHotkey.dll,Start [02/22/2008 05:46 AM | 00,086,016 | ---- | M] (NVIDIA Corporation)
"NvMediaCenter" = RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit [02/22/2008 05:46 AM | 00,086,016 | ---- | M] (NVIDIA Corporation)
"nwiz" = nwiz.exe /installquiet [02/22/2008 05:46 AM | 01,626,112 | ---- | M] ()
"OEM02Mon.exe" = C:\WINDOWS\OEM02Mon.exe [05/10/2007 01:01 AM | 00,036,864 | ---- | M] (Creative Technology Ltd.)
"PDVD8LanguageShortcut" = "E:\Program Files\CyberLink\PowerDVD8\PowerDVD8\Language\Language.exe" [12/14/2007 11:36 AM | 00,050,472 | ---- | M] ()
"QuickTime Task" = "C:\Program Files\QuickTime\QTTask.exe" -atboottime [05/27/2008 10:50 AM | 00,413,696 | ---- | M] (Apple Inc.)
"RemoteControl8" = "E:\Program Files\CyberLink\PowerDVD8\PowerDVD8\PDVD8Serv.exe" [03/20/2008 08:23 PM | 00,083,240 | ---- | M] (Cyberlink Corp.)
"SigmaTel Audio" = C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v133\setup.exe -postqfe [10/18/2007 03:46 PM | 00,117,200 | ---- | M] (InstallShield Software Corporation)
"SigmatelSysTrayApp" = %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe [05/10/2007 10:22 AM | 00,405,504 | ---- | M] (SigmaTel, Inc.)
"SunJavaUpdateSched" = "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [06/10/2008 04:27 AM | 00,144,784 | ---- | M] (Sun Microsystems, Inc.)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" = Reg Error: Value load does not exist or could not be read.
"run" = Reg Error: Value run does not exist or could not be read.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" = "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" File not found
"DELL Webcam Manager" = "C:\Program Files\DELL\DELL Webcam Manager\DellWMgr.exe" /s [06/07/2007 11:14 AM | 00,118,784 | ---- | M] (Creative Technology Ltd.)
"DellAutomatedPCTuneUp" = "C:\Program Files\DellAutomatedPCTuneUp\PTAgnt.exe" /startup [10/11/2007 09:49 AM | 00,465,136 | ---- | M] (Gteko Ltd.)
"PeerGuardian" = C:\Program Files\PeerGuardian2\pg2.exe [09/18/2005 06:40 PM | 01,421,824 | ---- | M] (Methlabs)
"SUPERAntiSpyware" = C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [02/27/2007 11:39 AM | 01,310,720 | ---- | M] (SUPERAntiSpyware.com)
"uTorrent" = "C:\Program Files\uTorrent\uTorrent.exe" [08/16/2008 12:17 AM | 00,267,056 | ---- | M] (BitTorrent, Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" =
"run" = Reg Error: Value run does not exist or could not be read.

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" =
"run" = Reg Error: Value run does not exist or could not be read.

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" =
"run" = Reg Error: Value run does not exist or could not be read.

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" =
"run" = Reg Error: Value run does not exist or could not be read.

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" =
"run" = Reg Error