[thefreed]

I downloaded something yesterday from a torrent, I restarted my computer later and my sound didn't work, I tried to fix it and went on to a device manager but then I couldnt do anything to it and it said I didnt hav the device plugged.
i can ever run some of my games Rome total war, and it says Rome: total War encountered an unspecified error and will now exit... it ran perfectly fine be4

heres my hijackthis log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 오후 1:50:20, on 2008-03-18
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Nexon\Mabinogi\npkcmsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\SPACE INTERNATIONAL\CDSpace 5\LCDPlyer.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O4 - Global Startup: LCDPlayer.lnk = C:\Program Files\SPACE INTERNATIONAL\CDSpace 5\LCDPlyer.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00001025-A15C-11D4-97A4-0050BF0FBE67} (NetmarbleStarter25 Class) - http://download.netm...NMStarter25.cab
O16 - DPF: {072039AB-2117-4ED5-A85F-9B9EB903E021} (NowStarter Control) - http://www.clubbox.c.../NowStarter.cab
O16 - DPF: {18709344-7656-46BA-96BD-ADC785B60EC7} (NamoWeCtl 6.0 for sjnamo_BrainUP) - http://www.brainon.c...Wec/NamoWec.cab
O16 - DPF: {1DE9BB01-B121-401D-8877-BCD5ED5B7EE5} (Tpwin Control) - http://www.crezio.co...On/AlwaysOn.CAB
O16 - DPF: {386EDCD0-72B4-42F4-9942-049B8A92FC48} (FgAddOn Control) - http://down.fileguri.com/FgAddOn.cab
O16 - DPF: {522062F6-F635-486A-9ADD-8E12CF0A34D9} (EZYNKCtrl Class) - http://www.ezf.co.kr...YNK_Control.cab
O16 - DPF: {7623BE59-D4CF-4379-ABC4-B39E11854D66} (MabinogiWebAvatarRenderer Class) - http://avatar.mabino...eb.2007.4.4.cab
O16 - DPF: {8218BB3D-2D62-4719-B6EC-FEBE7A079CBD} (PanLoader Class) - http://imgcdn.pandor...2/FirstLoad.cab
O16 - DPF: {92E82FBB-DA00-41E0-ABFE-95482E21A4F6} (NMTransX Module) - http://download.netm...tX/NMTransX.cab
O16 - DPF: {938527D1-CDB7-4147-998A-B20FCA5CC976} (Cdmcco Class) - http://cafeimg.hanma...ersion=1,0,0,10
O16 - DPF: {9CDD57AC-CA86-464C-B920-3228A388CC78} (NaverFileControl Control) - http://file.naver.co...x/NaverFile.cab
O16 - DPF: {A1D886C6-4039-4451-97A9-515F5BE5D4C2} (mkdplusCtrl Class) - http://ahnlabdownloa...cab/mkdplus.cab
O16 - DPF: {A4508A45-F1C4-40F3-99B4-0CA08AC77E3B} (Kdfense8 Control) - http://download.netm...kdfense8237.cab
O16 - DPF: {BFBC3059-9C61-5BA1-2075-85C8B6ECFC07} ({BFBC3059-9C61-5BA1-2075-85C8B6ECFC07}) - http://mabinogi.or.tp/etc/mwfre.2.cab
O16 - DPF: {C044CD87-DFB0-4130-A5E4-49361106FBC8} (HanSetupCtrl1010 Class) - http://cdn.hangame.c...anSetup1010.cab
O16 - DPF: {DB1009C9-9555-43D5-97A6-02A844332146} (WebLauncher Control) - http://202.9.107.13/...WebLauncher.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: npkcmsvc - INCA Internet Co., Ltd. - C:\Nexon\Mabinogi\npkcmsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 6086 bytes

[Advertisements]

Welcome to geekstogo. I'm Ryan, and I'll be helping you clean your computer.

== Clear Temporary Files ==

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyClose all Internet Explorer, Firefox, and Opera windows before continuing.

Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.


== Clear System Restore==

Let's make a new restore point and clear the others:Go - Start>Programmes>Accessories>System Tools>System Restore>Create a New Restore point.
Go - Start>Programmes>Accessories>System Tools>Disc Cleanup>"More Options" Tab>Remove All But Most Recent Point. Please do this for each hard drive that you have connected to the computer


== Kaspersky Web Scanner ==

Please do an online scan with Kaspersky WebScanner
You will need to use Internet Explorer to do this

Click on Accept

You will be promted to install an ActiveX component from Kaspersky, Click Yes.

• The program will launch and then begin downloading the latest definition files:
• Once the files have been downloaded click on NEXT
  
• Now click on Scan Settings
• In the scan settings make that the following are selected:
  • Scan using the following Anti-Virus database:
  Extended (if available otherwise Standard)
  
  • Scan Options:
  Scan Archives
  Scan Mail Bases
• Click OK
• Now under select a target to scan:Select My Computer
• This will program will start and scan your system.
• The scan will take a while so be patient and let it run.
• Once the scan is complete it will display if your system has been infected.
  
  • Now click on the Save as Text button:
• Save the file to your desktop.
• Copy and paste that information in your next post.

== Request Logs ==

Please post the log from the Kaspersky scan and an Uninstall List

To obtain an Uninstall list.

Open HijackThis, click Config, click Misc Tools
Click "Open Uninstall Manager"
Click "Save List" (generates uninstall_list.txt)

-Ryan

[Ryan]

Welcome to geekstogo. I'm Ryan, and I'll be helping you clean your computer.

== Clear Temporary Files ==

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyClose all Internet Explorer, Firefox, and Opera windows before continuing.

Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.


== Clear System Restore==

Let's make a new restore point and clear the others:Go - Start>Programmes>Accessories>System Tools>System Restore>Create a New Restore point.
Go - Start>Programmes>Accessories>System Tools>Disc Cleanup>"More Options" Tab>Remove All But Most Recent Point. Please do this for each hard drive that you have connected to the computer


== Kaspersky Web Scanner ==

Please do an online scan with Kaspersky WebScanner
You will need to use Internet Explorer to do this

Click on Accept

You will be promted to install an ActiveX component from Kaspersky, Click Yes.

• The program will launch and then begin downloading the latest definition files:
• Once the files have been downloaded click on NEXT
  
• Now click on Scan Settings
• In the scan settings make that the following are selected:
  • Scan using the following Anti-Virus database:
  Extended (if available otherwise Standard)
  
  • Scan Options:
  Scan Archives
  Scan Mail Bases
• Click OK
• Now under select a target to scan:Select My Computer
• This will program will start and scan your system.
• The scan will take a while so be patient and let it run.
• Once the scan is complete it will display if your system has been infected.
  
  • Now click on the Save as Text button:
• Save the file to your desktop.
• Copy and paste that information in your next post.

== Request Logs ==

Please post the log from the Kaspersky scan and an Uninstall List

To obtain an Uninstall list.

Open HijackThis, click Config, click Misc Tools
Click "Open Uninstall Manager"
Click "Save List" (generates uninstall_list.txt)

-Ryan

[thefreed]

I just found out something about Rome:total war it appears if my sound card isnt working then the message appears its really weird because I cant configure anything... anyways
heres my uninstall list

파일구리 Pro
판도라TV 미니
판도라TV 미니라이트
한게임 자동 인스톨러
Ad-Aware SE Professional
Adobe Flash Player ActiveX
Adobe Flash Player Plugin
Adobe Reader 7.0
Adobe Shockwave Player
AIDA32 v3.88
AIM 6
avast! Antivirus
Black & White Creature Isle
Black and White
Brain Booster
CDDRV_Installer
CDSpace 5
Conexant D850 56K V.9x DFVc Modem
DivX Content Uploader
DivX Web Player
EasyKeytec(키보드 보안 프로그램)
GOM Player
Hangul 2005
HijackThis 2.0.2
ijji Auto Installer
I-MEPS
Intel® Extreme Graphics 2 Driver
Intel® PRO Network Connections Drivers
Java™ 6 Update 2
Java™ 6 Update 3
Kaspersky Online Scanner
K-Defense8 Control - 키보드 보안
KhalInstallWrapper
LimeWire PRO 4.14.10
LiveUpdate 2.6 (Symantec Corporation)
Logitech SetPoint
Mabinogi
Mall Tycoon 3 (remove only)
Megaupload Toolbar
Microsoft .NET Framework 2.0
Microsoft AppLocale
Microsoft Bootvis
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Office Professional Edition 2003
Microsoft Windows Application Compatibility Database
Mozilla Firefox (2.0.0.12)
MSN
Nero 6 Ultra Edition
Norton Ghost Personal Edition
PandoraTV VimCaster
PandoraTV VimViewer
PandoraTV WebPlayer Uninstaller
Playboy - The Mansion
Playboy The Mansion - Private Party
PowerDVD
PSXMemTool 1.19b (remove only)
Rome - Total War™
Roxio DLA
Security Update for Microsoft .NET Framework 2.0 (KB928365)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944533)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB946026)
Shockwave
SoftCamp Secure KeyStroke 4.0
SoundMAX
Starcraft
StealthBot v2.6 Revision 3 (remove only)
SUPERAntiSpyware Free Edition
UnInstall_SealOnline
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)




and heres my kapersky list... sorry I didnt save as text and did something else and exited it...

KASPERSKY ONLINE SCANNER REPORT
Tuesday, March 18, 2008 7:56:58 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 18/03/2008
Kaspersky Anti-Virus database records: 639178


Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\

Scan Statistics
Total number of scanned objects 46062
Number of viruses found 2
Number of infected objects 3
Number of suspicious objects 0
Duration of the scan process 01:50:04

Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\Owner\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\pf9u1m8l.default\Cache\_CACHE_001_ Object is locked skipped

C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\pf9u1m8l.default\Cache\_CACHE_002_ Object is locked skipped

C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\pf9u1m8l.default\Cache\_CACHE_003_ Object is locked skipped

C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\pf9u1m8l.default\Cache\_CACHE_MAP_ Object is locked skipped

C:\Documents and Settings\Owner\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Owner\Local Settings\History\History.IE5\MSHist012008031820080319\index.dat Object is locked skipped

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Owner\ntuser.dat Object is locked skipped

C:\Documents and Settings\Owner\ntuser.dat.LOG Object is locked skipped

C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped

C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped

C:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws Object is locked skipped

C:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log Object is locked skipped

C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped

C:\Program Files\Alwil Software\Avast4\DATA\report\__ __.txt Object is locked skipped

C:\Program Files\Mozilla Firefox\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\System Volume Information\_restore{8757C950-4197-45E1-B299-A74857A4B9EA}\RP137\change.log Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\system32\acloptdv.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb Object is locked skipped

C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\default Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\software Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\system Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat Object is locked skipped

C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\hxabcsum.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped

C:\WINDOWS\system32\Proxy.Dll Object is locked skipped

C:\WINDOWS\system32\ProxyM.dll Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\TEMP\Perflib_Perfdata_5e8.dat Object is locked skipped

C:\WINDOWS\TEMP\_avast4_\Webshlock.txt Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

D:\System Volume Information\_restore{8757C950-4197-45E1-B299-A74857A4B9EA}\RP137\change.log Object is locked skipped

Scan process completed.





I really don't get why some people use their knowledge of computer to do bad things, do they get a chuckle out of it?
you might get this a lot but I really appreciate you helping me, their need to be more people like you!

[Ryan]

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

• Please, never rename Combofix unless instructed.
• Close any open browsers.
• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  

  -----------------------------------------------------------

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    

    -----------------------------------------------------------

  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

  -----------------------------------------------------------

• Double click on combofix.exe & follow the prompts.
• When finished, it will produce a report for you.
• Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

-Ryan

[thefreed]

heres the log for combo fix

ComboFix 08-03-17.1 - Owner 2008-03-18 21:12:32.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.949.1.1033.18.290 [GMT -7:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Start Menu\Live Safety Center.lnk
C:\Documents and Settings\All Users\Start Menu\Online Security Guide.lnk
C:\WINDOWS\cookies.ini

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_NPF


((((((((((((((((((((((((( Files Created from 2008-02-19 to 2008-03-19 )))))))))))))))))))))))))))))))
.

2008-03-18 19:32 . 2008-03-18 19:32 248 --a------ C:\WINDOWS\RomeTW.ini
2008-03-18 17:38 . 2008-03-18 17:38 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-03-18 17:38 . 2008-03-18 17:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-03-18 13:37 . 2008-03-18 13:37 <DIR> d-------- C:\Program Files\AIDA32 - Network System Information
2008-03-16 22:28 . 2008-03-16 22:28 <DIR> d-------- C:\Program Files\Activision
2008-03-14 19:45 . 2008-03-14 19:45 <DIR> d-------- C:\Program Files\Cat Daddy Games
2008-03-09 18:17 . 2008-03-10 11:22 <DIR> d-------- C:\Program Files\Playboy - The Mansion
2008-03-09 00:08 . 2008-03-14 19:42 <DIR> d-------- C:\Program Files\Political Tycoon
2008-03-05 23:21 . 2008-03-05 23:21 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\WeatherDPA
2008-03-05 23:21 . 2008-03-17 23:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ZangoSA
2008-03-05 23:21 . 2008-03-05 23:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\2ACA5CC3-0F83-453D-A079-1076FE1A8B65
2008-03-04 01:10 . 2008-03-17 19:31 <DIR> d-------- C:\Program Files\Neffy
2008-03-04 00:38 . 2008-03-04 00:38 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\OZ Intermedia
2008-03-04 00:38 . 2008-03-04 00:38 80 --ah----- C:\WINDOWS\system32\HsInfo.dat
2008-03-04 00:37 . 2008-03-04 00:37 0 --a------ C:\WINDOWS\OZ.dat
2008-03-02 05:03 . 2008-03-04 00:45 <DIR> d-------- C:\Program Files\OZ Intermedia
2008-03-02 03:26 . 2007-10-12 16:14 3,734,536 --a------ C:\WINDOWS\system32\d3dx9_36.dll
2008-03-02 03:26 . 2007-07-19 19:14 3,727,720 --a------ C:\WINDOWS\system32\d3dx9_35.dll
2008-03-02 03:26 . 2007-10-12 16:14 1,374,232 --a------ C:\WINDOWS\system32\D3DCompiler_36.dll
2008-03-02 03:26 . 2007-07-19 19:14 1,358,192 --a------ C:\WINDOWS\system32\D3DCompiler_35.dll
2008-03-02 03:26 . 2007-10-02 10:56 444,776 --a------ C:\WINDOWS\system32\d3dx10_36.dll
2008-03-02 03:26 . 2007-07-19 19:14 444,776 --a------ C:\WINDOWS\system32\d3dx10_35.dll
2008-03-02 03:26 . 2007-10-22 04:39 267,272 --a------ C:\WINDOWS\system32\xactengine2_10.dll
2008-03-02 03:26 . 2007-07-20 01:57 267,112 --a------ C:\WINDOWS\system32\xactengine2_9.dll
2008-03-02 03:25 . 2008-03-02 03:25 <DIR> d--h----- C:\WINDOWS\msdownld.tmp
2008-03-02 03:25 . 2007-05-16 17:45 3,497,832 --a------ C:\WINDOWS\system32\d3dx9_34.dll
2008-03-02 03:25 . 2007-05-16 17:45 1,124,720 --a------ C:\WINDOWS\system32\D3DCompiler_34.dll
2008-03-02 03:25 . 2007-05-16 17:45 443,752 --a------ C:\WINDOWS\system32\d3dx10_34.dll
2008-03-02 03:25 . 2007-06-20 21:46 266,088 --a------ C:\WINDOWS\system32\xactengine2_8.dll
2008-03-02 03:25 . 2007-10-22 04:37 17,928 --a------ C:\WINDOWS\system32\X3DAudio1_2.dll
2008-03-02 03:21 . 2008-03-02 03:21 <DIR> d-------- C:\Program Files\RedlightCenter
2008-03-01 23:55 . 2008-03-01 23:55 <DIR> d-------- C:\Program Files\SignGATE
2008-03-01 23:55 . 2003-07-09 16:22 94,208 --a------ C:\WINDOWS\system32\sgkey.dll
2008-03-01 23:55 . 2003-04-18 17:29 82,432 --a------ C:\WINDOWS\system32\msxml4r.dll
2008-03-01 23:55 . 2003-07-09 16:22 73,728 --a------ C:\WINDOWS\system32\securek08.dll
2008-03-01 23:55 . 2003-08-21 10:40 61,440 --a------ C:\WINDOWS\system32\sgcard.dll
2008-03-01 23:55 . 2003-07-09 16:22 49,152 --a------ C:\WINDOWS\system32\sgmagerkey.dll
2008-03-01 23:55 . 2003-04-18 17:29 44,544 --a------ C:\WINDOWS\system32\msxml4a.dll
2008-03-01 23:55 . 2003-07-09 16:22 21,990 --a------ C:\WINDOWS\system32\drivers\securkey.sys
2008-03-01 23:55 . 2003-07-09 16:22 20,780 --a------ C:\WINDOWS\system32\drivers\MagerKey.sys
2008-03-01 23:29 . 2008-03-02 00:33 300 --a------ C:\WINDOWS\system32\hancmd.enc
2008-03-01 23:28 . 2008-03-01 23:29 <DIR> d--h----- C:\Documents and Settings\Owner\Application Data\Hangame
2008-03-01 23:27 . 2007-03-22 14:32 956,112 --a------ C:\WINDOWS\system32\HanWebMsg1050.dll
2008-03-01 23:21 . 2007-07-26 18:28 1,314,901 --a------ C:\WINDOWS\system32\SCSK4.ocx
2008-03-01 23:21 . 2007-07-21 01:07 931,480 --a------ C:\WINDOWS\system32\SCSKAppLink.dll
2008-03-01 23:21 . 2008-03-01 23:31 169,109 --a------ C:\WINDOWS\system32\drivers\scskusbs.sys
2008-03-01 23:21 . 2007-07-13 18:16 128,488 --a------ C:\WINDOWS\system32\HGReport.dll
2008-03-01 23:21 . 2007-11-16 17:14 40,640 --a------ C:\WINDOWS\system32\HanGamePlugin19.dll
2008-03-01 23:21 . 2008-03-01 23:21 28,672 --a------ C:\WINDOWS\system32\UnSCSK.exe
2008-03-01 23:21 . 2008-03-01 23:31 11,385 --a------ C:\WINDOWS\system32\drivers\scskusbf.sys
2008-02-28 03:58 . 2008-02-28 03:58 1,536,000 -ra------ C:\WINDOWS\system32\clubbox.exe
2008-02-28 03:57 . 2008-02-28 03:57 155,648 -ra------ C:\WINDOWS\system32\downengine.dll
2008-02-25 09:24 . 2008-02-25 09:24 159,744 -ra------ C:\WINDOWS\system32\fscagent.exe
2008-02-23 07:12 . 2008-02-23 07:12 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\fltk.org
2008-02-22 20:52 . 2008-02-22 20:53 <DIR> d----c--- C:\Downloads
2008-02-19 03:15 . 2008-02-19 03:15 <DIR> d-------- C:\Program Files\Microsoft Games

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-19 04:15 --------- d-----w C:\Documents and Settings\Owner\Application Data\DNA
2008-03-19 04:10 --------- d-----w C:\Documents and Settings\Owner\Application Data\BitTorrent
2008-03-19 03:14 --------- d-----w C:\Documents and Settings\Owner\Application Data\Xfire
2008-03-19 02:34 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-18 20:46 --------- d-----w C:\Program Files\I-MEPS
2008-03-18 17:11 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-03-10 01:19 --------- d-----w C:\Program Files\Warcraft III
2008-03-07 17:30 --------- d-----w C:\Documents and Settings\Owner\Application Data\LimeWire
2008-03-05 21:30 --------- d-----w C:\Program Files\Starcraft
2008-03-02 11:48 --------- d-----w C:\Program Files\PandoraTVMini
2008-02-24 22:59 --------- d-----w C:\Documents and Settings\Owner\Application Data\Move Networks
2008-02-19 10:15 65,536 ----a-w C:\WINDOWS\IFinst27.exe
2008-02-19 03:32 --------- d-----w C:\Program Files\AOL Search
2008-02-19 03:32 --------- d-----w C:\Program Files\AIM6
2008-02-19 03:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-02-19 03:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2008-02-16 04:05 --------- d-----w C:\Documents and Settings\NetworkService\Application Data\Xfire
2008-02-09 14:13 --------- d-----w C:\Program Files\Firaxis Games
2008-02-09 07:11 --------- d-----w C:\Program Files\Lionhead Studios Ltd
2008-02-09 00:25 --------- d-----w C:\Program Files\Xfire
2008-02-09 00:23 --------- d-----w C:\Program Files\Microsoft Bootvis
2008-02-08 06:24 --------- d-----w C:\Program Files\NHN USA
2008-02-08 06:13 --------- d--h--w C:\Documents and Settings\Owner\Application Data\ijjigame
2008-02-07 03:48 --------- d-----w C:\Documents and Settings\Owner\Application Data\Lionhead Studios
2008-02-06 08:33 --------- d-----w C:\Documents and Settings\Owner\Application Data\NHN Corporation
2008-02-06 06:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\IJJIGame
2008-02-04 21:04 --------- d-----w C:\Program Files\Common Files\INCA Shared
2008-02-03 01:08 --------- d-----w C:\Documents and Settings\Owner\Application Data\Nexon
2008-01-30 09:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\Trymedia
2008-01-29 22:40 --------- d-----w C:\Program Files\Brain Booster
2008-01-26 03:11 --------- d-----w C:\Program Files\AhnLab
2008-01-21 07:20 6,631 ----a-w C:\WINDOWS\system32\drivers\CDSpace5.cfg
2008-01-21 07:14 --------- d-----w C:\Program Files\DNA
2008-01-21 07:14 --------- d-----w C:\Program Files\BitTorrent
2007-12-26 09:31 423,299 ----a-w C:\Program Files\BLEEDUS.SAV
2007-12-26 06:59 10,834 ---ha-w C:\Program Files\BLEEDUS.GID
2003-12-03 00:35 2,154,880 ------w C:\Program Files\ISF
2003-12-02 17:19 600 ------w C:\Program Files\BLEEDUS.CNT
2003-12-02 16:21 1,023,432 ------w C:\Program Files\BLEEDUS.HLP
2003-11-27 16:19 244,046,160 ------w C:\Program Files\GGD
2003-11-26 20:57 1,420,143 ------w C:\Program Files\BLEEDUS.EXE
2003-11-18 17:26 85 ------w C:\Program Files\BLEEDUS.SUF
2003-11-17 17:59 800,030 ------w C:\Program Files\MIDI
2003-11-17 17:59 352,974 ------w C:\Program Files\WMSC
2003-11-17 17:59 18,118 ------w C:\Program Files\DATA
2003-11-17 17:59 11,444,942 ------w C:\Program Files\SE
2003-11-17 17:58 179,246,838 ------w C:\Program Files\VOICE
2004-08-03 15:56 134,019 --sha-w C:\WINDOWS\system32\ProxyM.dll
2007-11-11 07:21 342,048 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
.

------- Sigcheck -------

2004-08-03 08:56 14336 bfee9f0b9c68f33c2966d528cba0afc7 C:\WINDOWS\system32\svchost.exe
2004-08-03 08:56 14336 8f078ae4ed187aaabc0a305146de6716 C:\WINDOWS\system32\dllcache\svchost.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 08:56 15360]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-03-18 10:11 1481968]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-04-03 15:29 165784]
"Aim6"="" []
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-03-17 20:18 287040]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2008-01-30 11:11 3497984]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 08:56 15360]

C:\Documents and Settings\Owner\Start Menu\Programs\Startup\
Xfire.lnk - C:\Program Files\Xfire\xfire.exe [2007-08-06 11:25:14 2713936]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
LCDPlayer.lnk - C:\Program Files\SPACE INTERNATIONAL\CDSpace 5\LCDPlyer.exe [2000-01-18 03:59:36 323584]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 14:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 14:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
backup=C:\WINDOWS\pss\Logitech SetPoint.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2004-08-03 08:56 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
--a------ 2005-09-20 11:32 77824 C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
--a------ 2005-09-20 11:36 114688 C:\WINDOWS\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
--a------ 2005-09-20 11:35 94208 C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
--a------ 2004-08-03 06:32 208952 C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
--a------ 2007-04-11 16:32 56080 C:\WINDOWS\KHALMNPR.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
--a------ 2004-08-03 06:32 455168 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
--a------ 2004-08-03 06:32 455168 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a------ 2004-11-02 20:24 32768 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
--a------ 2004-10-14 14:42 1404928 C:\Program Files\Analog Devices\Core\smax4pnp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-09-25 02:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
--a------ 2008-01-30 11:11 3497984 C:\Program Files\Veoh Networks\Veoh\VeohClient.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\fscagent.exe"=
"C:\\WINDOWS\\system32\\clubbox.exe"=
"C:\\WINDOWS\\system32\\pdrtvsvr.exe"=
"C:\\WINDOWS\\system32\\grdmgr.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\Program Files\\Freechal\\Fileguri\\FileguriMain.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\PandoraTVMini\\MiniWB.exe"=
"C:\\Program Files\\PandoraTVMini\\MiniUpdate.exe"=
"C:\\Program Files\\Pandora.TV\\MiniLite\\MiniLite.exe"= C:\\Program Files\\pandora.tv\\minilite\\MiniLite.exe
"C:\\Program Files\\pandora.tv\\minilite\\MiniStream.exe"=
"C:\\Program Files\\PandoraTVMini\\addon\\LIVE\\VimViewer\\LiveRelay.exe"=
"C:\\Program Files\\PandoraTVMini\\addon\\LIVE\\VimViewer\\VimViewer.dll"=
"C:\\Program Files\\DNA\\btdna.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"29101:TCP"= 29101:TCP:파일전송 데몬
"21378:TCP"= 21378:TCP:BitComet 21378 TCP
"21378:UDP"= 21378:UDP:BitComet 21378 UDP

R1 XSPACEWG;XSPACEWG;C:\WINDOWS\system32\drivers\XSpaceWg.sys [2003-05-20 18:26]
R2 npkcmsvc;npkcmsvc;C:\Nexon\Mabinogi\npkcmsvc.exe [2007-08-02 13:33]
R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 14:38]
R3 cdspacex;cdspacex;C:\WINDOWS\system32\DRIVERS\CDSPACEX.sys [2005-01-20 15:37]
R3 TwoRabts;Two Rabbits Live Bus;C:\WINDOWS\system32\DRIVERS\TwoRabts.sys [2003-04-23 16:39]
S3 ezty2;ezty2;C:\WINDOWS\system32\ezty2.sys []
S3 IlvMoneyDRIVER53;IlvMoneyDRIVER53;C:\Documents and Settings\Owner\Desktop\HackPack\asdf\IlvMoney1129.sys []
S3 pcwe;pcwe;C:\Program Files\PC Wizard 2006\pcw86-32.sys []
S3 scskusbf;USB SCSK Filter Driver Service;C:\WINDOWS\system32\drivers\scskusbf.sys [2008-03-01 23:31]
S3 scskusbs;USB SCSK Driver Service;C:\WINDOWS\system32\drivers\scskusbs.sys [2008-03-01 23:31]
S3 VIROBOT;VIROBOT;C:\WINDOWS\system32\VIROBOT.SYS []
S3 XDva076;XDva076;C:\WINDOWS\system32\XDva076.sys []

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Evilotus

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-18 21:17:00
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\conime.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
.
**************************************************************************
.
Completion time: 2008-03-18 21:19:34 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-19 04:19:31
.
2008-03-12 18:01:42 --- E O F ---



heres the hijack this log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 오후 9:20:42, on 2008-03-18
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\conime.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Nexon\Mabinogi\npkcmsvc.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O4 - Global Startup: LCDPlayer.lnk = C:\Program Files\SPACE INTERNATIONAL\CDSpace 5\LCDPlyer.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00001025-A15C-11D4-97A4-0050BF0FBE67} (NetmarbleStarter25 Class) - http://download.netm...NMStarter25.cab
O16 - DPF: {072039AB-2117-4ED5-A85F-9B9EB903E021} (NowStarter Control) - http://www.clubbox.c.../NowStarter.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {18709344-7656-46BA-96BD-ADC785B60EC7} (NamoWeCtl 6.0 for sjnamo_BrainUP) - http://www.brainon.c...Wec/NamoWec.cab
O16 - DPF: {1DE9BB01-B121-401D-8877-BCD5ED5B7EE5} (Tpwin Control) - http://www.crezio.co...On/AlwaysOn.CAB
O16 - DPF: {386EDCD0-72B4-42F4-9942-049B8A92FC48} (FgAddOn Control) - http://down.fileguri.com/FgAddOn.cab
O16 - DPF: {522062F6-F635-486A-9ADD-8E12CF0A34D9} (EZYNKCtrl Class) - http://www.ezf.co.kr...YNK_Control.cab
O16 - DPF: {7623BE59-D4CF-4379-ABC4-B39E11854D66} (MabinogiWebAvatarRenderer Class) - http://avatar.mabino...eb.2007.4.4.cab
O16 - DPF: {8218BB3D-2D62-4719-B6EC-FEBE7A079CBD} (PanLoader Class) - http://imgcdn.pandor...2/FirstLoad.cab
O16 - DPF: {92E82FBB-DA00-41E0-ABFE-95482E21A4F6} (NMTransX Module) - http://download.netm...tX/NMTransX.cab
O16 - DPF: {938527D1-CDB7-4147-998A-B20FCA5CC976} (Cdmcco Class) - http://cafeimg.hanma...ersion=1,0,0,10
O16 - DPF: {9CDD57AC-CA86-464C-B920-3228A388CC78} (NaverFileControl Control) - http://file.naver.co...x/NaverFile.cab
O16 - DPF: {A1D886C6-4039-4451-97A9-515F5BE5D4C2} (mkdplusCtrl Class) - http://ahnlabdownloa...cab/mkdplus.cab
O16 - DPF: {A4508A45-F1C4-40F3-99B4-0CA08AC77E3B} (Kdfense8 Control) - http://download.netm...kdfense8237.cab
O16 - DPF: {BFBC3059-9C61-5BA1-2075-85C8B6ECFC07} ({BFBC3059-9C61-5BA1-2075-85C8B6ECFC07}) - http://mabinogi.or.tp/etc/mwfre.2.cab
O16 - DPF: {C044CD87-DFB0-4130-A5E4-49361106FBC8} (HanSetupCtrl1010 Class) - http://cdn.hangame.c...anSetup1010.cab
O16 - DPF: {DB1009C9-9555-43D5-97A6-02A844332146} (WebLauncher Control) - http://202.9.107.13/...WebLauncher.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: npkcmsvc - INCA Internet Co., Ltd. - C:\Nexon\Mabinogi\npkcmsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 5984 bytes

[Ryan]

Go to Microsoft's website => http://support.microsoft.com/kb/310994
Select the download that's appropriate for your Operating System.





Download the file & save it as it's originally named, next to ComboFix.exe.






Now close all open windows and programs, then drag the setup package onto ComboFix.exe and drop it. Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console. When complete, a log named CF_RC.txt will open. Please post the contents of that log.

Please do not reboot your machine until we have reviewed the log.

-Ryan

[thefreed]

here it is

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

do i reboot now or is it not necessary

[Ryan]

1. Please open Notepad

• Click Start , then Run
• Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

File::
C:\WINDOWS\system32\hxabcsum.dll
C:\WINDOWS\system32\acloptdv.dll
C:\WINDOWS\IFinst27.exe


Folder::
C:\Program Files\Mozilla Firefox\SmitfraudFix\

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.




5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

• Combofix.txt
• A new HijackThis log.

-Ryan

[thefreed]

the combofix log

ComboFix 08-03-17.1 - Owner 2008-03-18 21:49:23.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.949.1.1033.18.293 [GMT -7:00]
Running from: C:\Documents and Settings\Owner\Desktop\Comp stuff\ComboFix.exe
Command switches used :: C:\Documents and Settings\Owner\Desktop\Comp stuff\CFScript.txt
* Created a new restore point

FILE ::
C:\WINDOWS\IFinst27.exe
C:\WINDOWS\system32\acloptdv.dll
C:\WINDOWS\system32\hxabcsum.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\Mozilla Firefox\SmitfraudFix\
C:\Program Files\Mozilla Firefox\SmitfraudFix\\dumphive.exe
C:\Program Files\Mozilla Firefox\SmitfraudFix\\exit.exe
C:\Program Files\Mozilla Firefox\SmitfraudFix\\GenericRenosFix.exe
C:\Program Files\Mozilla Firefox\SmitfraudFix\\HostsChk.exe
C:\Program Files\Mozilla Firefox\SmitfraudFix\\Process.exe
C:\Program Files\Mozilla Firefox\SmitfraudFix\\Reboot.exe
C:\Program Files\Mozilla Firefox\SmitfraudFix\\restart.exe
C:\Program Files\Mozilla Firefox\SmitfraudFix\\SmitfraudFix.cmd
C:\Program Files\Mozilla Firefox\SmitfraudFix\\SmiUpdate.exe
C:\Program Files\Mozilla Firefox\SmitfraudFix\\SrchSTS.exe
C:\Program Files\Mozilla Firefox\SmitfraudFix\\swreg.exe
C:\Program Files\Mozilla Firefox\SmitfraudFix\\swsc.exe
C:\Program Files\Mozilla Firefox\SmitfraudFix\\swxcacls.exe
C:\Program Files\Mozilla Firefox\SmitfraudFix\\unzip.exe
C:\Program Files\Mozilla Firefox\SmitfraudFix\\VCCLSID.exe
C:\Program Files\Mozilla Firefox\SmitfraudFix\\WS2Fix.exe
C:\WINDOWS\IFinst27.exe
C:\WINDOWS\system32\acloptdv.dll
C:\WINDOWS\system32\hxabcsum.dll

.
((((((((((((((((((((((((( Files Created from 2008-02-19 to 2008-03-19 )))))))))))))))))))))))))))))))
.

2008-03-18 19:32 . 2008-03-18 19:32 248 --a------ C:\WINDOWS\RomeTW.ini
2008-03-18 17:38 . 2008-03-18 17:38 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-03-18 17:38 . 2008-03-18 17:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-03-18 13:37 . 2008-03-18 13:37 <DIR> d-------- C:\Program Files\AIDA32 - Network System Information
2008-03-16 22:28 . 2008-03-16 22:28 <DIR> d-------- C:\Program Files\Activision
2008-03-14 19:45 . 2008-03-14 19:45 <DIR> d-------- C:\Program Files\Cat Daddy Games
2008-03-09 18:17 . 2008-03-10 11:22 <DIR> d-------- C:\Program Files\Playboy - The Mansion
2008-03-09 00:08 . 2008-03-14 19:42 <DIR> d-------- C:\Program Files\Political Tycoon
2008-03-05 23:21 . 2008-03-05 23:21 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\WeatherDPA
2008-03-05 23:21 . 2008-03-17 23:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ZangoSA
2008-03-05 23:21 . 2008-03-05 23:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\2ACA5CC3-0F83-453D-A079-1076FE1A8B65
2008-03-04 00:38 . 2008-03-04 00:38 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\OZ Intermedia
2008-03-04 00:38 . 2008-03-04 00:38 80 --ah----- C:\WINDOWS\system32\HsInfo.dat
2008-03-04 00:37 . 2008-03-04 00:37 0 --a------ C:\WINDOWS\OZ.dat
2008-03-02 05:03 . 2008-03-04 00:45 <DIR> d-------- C:\Program Files\OZ Intermedia
2008-03-02 03:26 . 2007-10-12 16:14 3,734,536 --a------ C:\WINDOWS\system32\d3dx9_36.dll
2008-03-02 03:26 . 2007-07-19 19:14 3,727,720 --a------ C:\WINDOWS\system32\d3dx9_35.dll
2008-03-02 03:26 . 2007-10-12 16:14 1,374,232 --a------ C:\WINDOWS\system32\D3DCompiler_36.dll
2008-03-02 03:26 . 2007-07-19 19:14 1,358,192 --a------ C:\WINDOWS\system32\D3DCompiler_35.dll
2008-03-02 03:26 . 2007-10-02 10:56 444,776 --a------ C:\WINDOWS\system32\d3dx10_36.dll
2008-03-02 03:26 . 2007-07-19 19:14 444,776 --a------ C:\WINDOWS\system32\d3dx10_35.dll
2008-03-02 03:26 . 2007-10-22 04:39 267,272 --a------ C:\WINDOWS\system32\xactengine2_10.dll
2008-03-02 03:26 . 2007-07-20 01:57 267,112 --a------ C:\WINDOWS\system32\xactengine2_9.dll
2008-03-02 03:25 . 2008-03-02 03:25 <DIR> d--h----- C:\WINDOWS\msdownld.tmp
2008-03-02 03:25 . 2007-05-16 17:45 3,497,832 --a------ C:\WINDOWS\system32\d3dx9_34.dll
2008-03-02 03:25 . 2007-05-16 17:45 1,124,720 --a------ C:\WINDOWS\system32\D3DCompiler_34.dll
2008-03-02 03:25 . 2007-05-16 17:45 443,752 --a------ C:\WINDOWS\system32\d3dx10_34.dll
2008-03-02 03:25 . 2007-06-20 21:46 266,088 --a------ C:\WINDOWS\system32\xactengine2_8.dll
2008-03-02 03:25 . 2007-10-22 04:37 17,928 --a------ C:\WINDOWS\system32\X3DAudio1_2.dll
2008-03-02 03:21 . 2008-03-02 03:21 <DIR> d-------- C:\Program Files\RedlightCenter
2008-03-01 23:55 . 2008-03-01 23:55 <DIR> d-------- C:\Program Files\SignGATE
2008-03-01 23:55 . 2003-07-09 16:22 94,208 --a------ C:\WINDOWS\system32\sgkey.dll
2008-03-01 23:55 . 2003-04-18 17:29 82,432 --a------ C:\WINDOWS\system32\msxml4r.dll
2008-03-01 23:55 . 2003-07-09 16:22 73,728 --a------ C:\WINDOWS\system32\securek08.dll
2008-03-01 23:55 . 2003-08-21 10:40 61,440 --a------ C:\WINDOWS\system32\sgcard.dll
2008-03-01 23:55 . 2003-07-09 16:22 49,152 --a------ C:\WINDOWS\system32\sgmagerkey.dll
2008-03-01 23:55 . 2003-04-18 17:29 44,544 --a------ C:\WINDOWS\system32\msxml4a.dll
2008-03-01 23:55 . 2003-07-09 16:22 21,990 --a------ C:\WINDOWS\system32\drivers\securkey.sys
2008-03-01 23:55 . 2003-07-09 16:22 20,780 --a------ C:\WINDOWS\system32\drivers\MagerKey.sys
2008-03-01 23:29 . 2008-03-02 00:33 300 --a------ C:\WINDOWS\system32\hancmd.enc
2008-03-01 23:28 . 2008-03-01 23:29 <DIR> d--h----- C:\Documents and Settings\Owner\Application Data\Hangame
2008-03-01 23:27 . 2007-03-22 14:32 956,112 --a------ C:\WINDOWS\system32\HanWebMsg1050.dll
2008-03-01 23:21 . 2007-07-26 18:28 1,314,901 --a------ C:\WINDOWS\system32\SCSK4.ocx
2008-03-01 23:21 . 2007-07-21 01:07 931,480 --a------ C:\WINDOWS\system32\SCSKAppLink.dll
2008-03-01 23:21 . 2008-03-01 23:31 169,109 --a------ C:\WINDOWS\system32\drivers\scskusbs.sys
2008-03-01 23:21 . 2007-07-13 18:16 128,488 --a------ C:\WINDOWS\system32\HGReport.dll
2008-03-01 23:21 . 2007-11-16 17:14 40,640 --a------ C:\WINDOWS\system32\HanGamePlugin19.dll
2008-03-01 23:21 . 2008-03-01 23:21 28,672 --a------ C:\WINDOWS\system32\UnSCSK.exe
2008-03-01 23:21 . 2008-03-01 23:31 11,385 --a------ C:\WINDOWS\system32\drivers\scskusbf.sys
2008-02-28 03:58 . 2008-02-28 03:58 1,536,000 -ra------ C:\WINDOWS\system32\clubbox.exe
2008-02-28 03:57 . 2008-02-28 03:57 155,648 -ra------ C:\WINDOWS\system32\downengine.dll
2008-02-25 09:24 . 2008-02-25 09:24 159,744 -ra------ C:\WINDOWS\system32\fscagent.exe
2008-02-23 07:12 . 2008-02-23 07:12 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\fltk.org
2008-02-19 03:15 . 2008-02-19 03:15 <DIR> d-------- C:\Program Files\Microsoft Games

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-19 04:15 --------- d-----w C:\Documents and Settings\Owner\Application Data\DNA
2008-03-19 04:10 --------- d-----w C:\Documents and Settings\Owner\Application Data\BitTorrent
2008-03-19 03:14 --------- d-----w C:\Documents and Settings\Owner\Application Data\Xfire
2008-03-19 02:34 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-18 20:46 --------- d-----w C:\Program Files\I-MEPS
2008-03-18 17:11 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-03-10 01:19 --------- d-----w C:\Program Files\Warcraft III
2008-03-07 17:30 --------- d-----w C:\Documents and Settings\Owner\Application Data\LimeWire
2008-03-05 21:30 --------- d-----w C:\Program Files\Starcraft
2008-03-02 11:48 --------- d-----w C:\Program Files\PandoraTVMini
2008-02-24 22:59 --------- d-----w C:\Documents and Settings\Owner\Application Data\Move Networks
2008-02-19 03:32 --------- d-----w C:\Program Files\AOL Search
2008-02-19 03:32 --------- d-----w C:\Program Files\AIM6
2008-02-19 03:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-02-19 03:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2008-02-16 04:05 --------- d-----w C:\Documents and Settings\NetworkService\Application Data\Xfire
2008-02-09 14:13 --------- d-----w C:\Program Files\Firaxis Games
2008-02-09 07:11 --------- d-----w C:\Program Files\Lionhead Studios Ltd
2008-02-09 00:25 --------- d-----w C:\Program Files\Xfire
2008-02-09 00:23 --------- d-----w C:\Program Files\Microsoft Bootvis
2008-02-08 06:24 --------- d-----w C:\Program Files\NHN USA
2008-02-08 06:13 --------- d--h--w C:\Documents and Settings\Owner\Application Data\ijjigame
2008-02-07 03:48 --------- d-----w C:\Documents and Settings\Owner\Application Data\Lionhead Studios
2008-02-06 08:33 --------- d-----w C:\Documents and Settings\Owner\Application Data\NHN Corporation
2008-02-06 06:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\IJJIGame
2008-02-04 21:04 --------- d-----w C:\Program Files\Common Files\INCA Shared
2008-02-03 01:08 --------- d-----w C:\Documents and Settings\Owner\Application Data\Nexon
2008-01-30 09:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\Trymedia
2008-01-29 22:40 --------- d-----w C:\Program Files\Brain Booster
2008-01-26 03:11 --------- d-----w C:\Program Files\AhnLab
2008-01-24 22:27 73,728 ----a-w C:\WINDOWS\system32\kdfapi.dll
2008-01-24 22:27 47,104 ----a-w C:\WINDOWS\system32\Kdfhok.dll
2008-01-24 22:27 159,744 ----a-w C:\WINDOWS\system32\kdfmgr.exe
2008-01-21 22:57 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll
2008-01-21 07:20 6,631 ----a-w C:\WINDOWS\system32\drivers\CDSpace5.cfg
2008-01-21 07:14 --------- d-----w C:\Program Files\DNA
2008-01-21 07:14 --------- d-----w C:\Program Files\BitTorrent
2008-01-16 23:25 679,936 ----a-w C:\WINDOWS\system32\ijjiSetup.exe
2008-01-06 12:03 108,144 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-12-26 23:06 308,760 ----a-w C:\WINDOWS\system32\NaverFDL.exe
2007-12-26 09:31 423,299 ----a-w C:\Program Files\BLEEDUS.SAV
2007-12-26 06:59 10,834 ---ha-w C:\Program Files\BLEEDUS.GID
2003-12-03 00:35 2,154,880 ------w C:\Program Files\ISF
2003-12-02 17:19 600 ------w C:\Program Files\BLEEDUS.CNT
2003-12-02 16:21 1,023,432 ------w C:\Program Files\BLEEDUS.HLP
2003-11-27 16:19 244,046,160 ------w C:\Program Files\GGD
2003-11-26 20:57 1,420,143 ------w C:\Program Files\BLEEDUS.EXE
2003-11-18 17:26 85 ------w C:\Program Files\BLEEDUS.SUF
2003-11-17 17:59 800,030 ------w C:\Program Files\MIDI
2003-11-17 17:59 352,974 ------w C:\Program Files\WMSC
2003-11-17 17:59 18,118 ------w C:\Program Files\DATA
2003-11-17 17:59 11,444,942 ------w C:\Program Files\SE
2003-11-17 17:58 179,246,838 ------w C:\Program Files\VOICE
2004-08-03 15:56 134,019 --sha-w C:\WINDOWS\system32\ProxyM.dll
2007-11-11 07:21 342,048 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
.

------- Sigcheck -------

2004-08-03 08:56 14336 bfee9f0b9c68f33c2966d528cba0afc7 C:\WINDOWS\system32\svchost.exe
2004-08-03 08:56 14336 8f078ae4ed187aaabc0a305146de6716 C:\WINDOWS\system32\dllcache\svchost.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 08:56 15360]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-03-18 10:11 1481968]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-04-03 15:29 165784]
"Aim6"="" []
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-03-17 20:18 287040]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2008-01-30 11:11 3497984]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 08:56 15360]

C:\Documents and Settings\Owner\Start Menu\Programs\Startup\
Xfire.lnk - C:\Program Files\Xfire\xfire.exe [2007-08-06 11:25:14 2713936]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
LCDPlayer.lnk - C:\Program Files\SPACE INTERNATIONAL\CDSpace 5\LCDPlyer.exe [2000-01-18 03:59:36 323584]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 14:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 14:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
backup=C:\WINDOWS\pss\Logitech SetPoint.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2004-08-03 08:56 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
--a------ 2005-09-20 11:32 77824 C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
--a------ 2005-09-20 11:36 114688 C:\WINDOWS\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
--a------ 2005-09-20 11:35 94208 C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
--a------ 2004-08-03 06:32 208952 C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
--a------ 2007-04-11 16:32 56080 C:\WINDOWS\KHALMNPR.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
--a------ 2004-08-03 06:32 455168 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
--a------ 2004-08-03 06:32 455168 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a------ 2004-11-02 20:24 32768 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
--a------ 2004-10-14 14:42 1404928 C:\Program Files\Analog Devices\Core\smax4pnp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-09-25 02:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
--a------ 2008-01-30 11:11 3497984 C:\Program Files\Veoh Networks\Veoh\VeohClient.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\fscagent.exe"=
"C:\\WINDOWS\\system32\\clubbox.exe"=
"C:\\WINDOWS\\system32\\pdrtvsvr.exe"=
"C:\\WINDOWS\\system32\\grdmgr.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\Program Files\\Freechal\\Fileguri\\FileguriMain.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\PandoraTVMini\\MiniWB.exe"=
"C:\\Program Files\\PandoraTVMini\\MiniUpdate.exe"=
"C:\\Program Files\\Pandora.TV\\MiniLite\\MiniLite.exe"= C:\\Program Files\\pandora.tv\\minilite\\MiniLite.exe
"C:\\Program Files\\pandora.tv\\minilite\\MiniStream.exe"=
"C:\\Program Files\\PandoraTVMini\\addon\\LIVE\\VimViewer\\LiveRelay.exe"=
"C:\\Program Files\\PandoraTVMini\\addon\\LIVE\\VimViewer\\VimViewer.dll"=
"C:\\Program Files\\DNA\\btdna.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"29101:TCP"= 29101:TCP:파일전송 데몬
"21378:TCP"= 21378:TCP:BitComet 21378 TCP
"21378:UDP"= 21378:UDP:BitComet 21378 UDP

R1 XSPACEWG;XSPACEWG;C:\WINDOWS\system32\drivers\XSpaceWg.sys [2003-05-20 18:26]
R2 npkcmsvc;npkcmsvc;C:\Nexon\Mabinogi\npkcmsvc.exe [2007-08-02 13:33]
R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 14:38]
R3 cdspacex;cdspacex;C:\WINDOWS\system32\DRIVERS\CDSPACEX.sys [2005-01-20 15:37]
R3 TwoRabts;Two Rabbits Live Bus;C:\WINDOWS\system32\DRIVERS\TwoRabts.sys [2003-04-23 16:39]
S3 ezty2;ezty2;C:\WINDOWS\system32\ezty2.sys []
S3 IlvMoneyDRIVER53;IlvMoneyDRIVER53;C:\Documents and Settings\Owner\Desktop\HackPack\asdf\IlvMoney1129.sys []
S3 pcwe;pcwe;C:\Program Files\PC Wizard 2006\pcw86-32.sys []
S3 scskusbf;USB SCSK Filter Driver Service;C:\WINDOWS\system32\drivers\scskusbf.sys [2008-03-01 23:31]
S3 scskusbs;USB SCSK Driver Service;C:\WINDOWS\system32\drivers\scskusbs.sys [2008-03-01 23:31]
S3 VIROBOT;VIROBOT;C:\WINDOWS\system32\VIROBOT.SYS []
S3 XDva076;XDva076;C:\WINDOWS\system32\XDva076.sys []

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Evilotus

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-18 21:50:52
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-03-18 21:51:30
ComboFix-quarantined-files.txt 2008-03-19 04:51:22
ComboFix2.txt 2008-03-19 04:19:35
.
2008-03-12 18:01:42 --- E O F ---


and the Hijackthis log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 오후 9:52:51, on 2008-03-18
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Nexon\Mabinogi\npkcmsvc.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\conime.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O4 - Global Startup: LCDPlayer.lnk = C:\Program Files\SPACE INTERNATIONAL\CDSpace 5\LCDPlyer.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00001025-A15C-11D4-97A4-0050BF0FBE67} (NetmarbleStarter25 Class) - http://download.netm...NMStarter25.cab
O16 - DPF: {072039AB-2117-4ED5-A85F-9B9EB903E021} (NowStarter Control) - http://www.clubbox.c.../NowStarter.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {18709344-7656-46BA-96BD-ADC785B60EC7} (NamoWeCtl 6.0 for sjnamo_BrainUP) - http://www.brainon.c...Wec/NamoWec.cab
O16 - DPF: {1DE9BB01-B121-401D-8877-BCD5ED5B7EE5} (Tpwin Control) - http://www.crezio.co...On/AlwaysOn.CAB
O16 - DPF: {386EDCD0-72B4-42F4-9942-049B8A92FC48} (FgAddOn Control) - http://down.fileguri.com/FgAddOn.cab
O16 - DPF: {522062F6-F635-486A-9ADD-8E12CF0A34D9} (EZYNKCtrl Class) - http://www.ezf.co.kr...YNK_Control.cab
O16 - DPF: {7623BE59-D4CF-4379-ABC4-B39E11854D66} (MabinogiWebAvatarRenderer Class) - http://avatar.mabino...eb.2007.4.4.cab
O16 - DPF: {8218BB3D-2D62-4719-B6EC-FEBE7A079CBD} (PanLoader Class) - http://imgcdn.pandor...2/FirstLoad.cab
O16 - DPF: {92E82FBB-DA00-41E0-ABFE-95482E21A4F6} (NMTransX Module) - http://download.netm...tX/NMTransX.cab
O16 - DPF: {938527D1-CDB7-4147-998A-B20FCA5CC976} (Cdmcco Class) - http://cafeimg.hanma...ersion=1,0,0,10
O16 - DPF: {9CDD57AC-CA86-464C-B920-3228A388CC78} (NaverFileControl Control) - http://file.naver.co...x/NaverFile.cab
O16 - DPF: {A1D886C6-4039-4451-97A9-515F5BE5D4C2} (mkdplusCtrl Class) - http://ahnlabdownloa...cab/mkdplus.cab
O16 - DPF: {A4508A45-F1C4-40F3-99B4-0CA08AC77E3B} (Kdfense8 Control) - http://download.netm...kdfense8237.cab
O16 - DPF: {BFBC3059-9C61-5BA1-2075-85C8B6ECFC07} ({BFBC3059-9C61-5BA1-2075-85C8B6ECFC07}) - http://mabinogi.or.tp/etc/mwfre.2.cab
O16 - DPF: {C044CD87-DFB0-4130-A5E4-49361106FBC8} (HanSetupCtrl1010 Class) - http://cdn.hangame.c...anSetup1010.cab
O16 - DPF: {DB1009C9-9555-43D5-97A6-02A844332146} (WebLauncher Control) - http://202.9.107.13/...WebLauncher.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: npkcmsvc - INCA Internet Co., Ltd. - C:\Nexon\Mabinogi\npkcmsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 6017 bytes

[Ryan]

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply, and let me know how your computer is running.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

-Ryan