I did the dss and hijack here is the logs. My connection speed as of now is 1/4 before this ****** came along. I also tryed looking this up but I get no links when i try google or yahoo. Please help.

This guy is the culprit. Each time i get rid of him he comes back for more.
O4 - HKLM\..\Run: [BMf76d7e4d] Rundll32.exe "C:\WINDOWS\system32\bmyqwlie.dll",s



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:38:26 PM, on 6/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\DNA\btdna.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Pro\DTProAgent.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\AVG\AVG8\aAvgApi.exe
C:\Program Files\Sandboxie\SbieSvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {32341E7E-C319-46DE-91D0-E30BB1A3CABA} - (no file)
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {3E094941-27CA-445A-AF10-81E111174308} - (no file)
O2 - BHO: (no name) - {45CF19CD-D1BA-434C-BC01-B04A0DD20DB7} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {87C334F6-6777-4F03-8317-6438C58EF5CC} - (no file)
O2 - BHO: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: {2bfdb931-262c-6e4a-6904-1a4a13fb852f} - {f258bf31-a4a1-4096-a4e6-c262139bdfb2} - C:\WINDOWS\system32\ngpkjvvb.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [BMf76d7e4d] Rundll32.exe "C:\WINDOWS\system32\bmyqwlie.dll",s
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe"
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemydsl.verizon.net/sd...SL/tgctlcm.cab
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/Driver...aSmartScan.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor...fo/webscan.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MI1933~1\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: jkkHArOG - jkkHArOG.dll (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Prime95 Service - Unknown owner - C:\Program Files\Prime95\prime95.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Sandboxie Service (SbieSvc) - tzuk - C:\Program Files\Sandboxie\SbieSvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
--
End of file - 10309 bytes

==================================
Deckard's System Scanner v20071014.68
Run by Family on 2008-06-04 22:25:43
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
System Restore is disabled; attempting to re-enable...success.

-- Last 1 Restore Point(s) --
1: 2008-06-05 02:25:48 UTC - RP297 - System Checkpoint

Backed up registry hives.
Performed disk cleanup.
System Drive C: has 5.19 GiB (less than 15%) free.

-- HijackThis (run as Family.exe) ----------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:27:07 PM, on 6/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\DNA\btdna.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Pro\DTProAgent.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Family\Local Settings\Temporary Internet Files\Content.IE5\7W2JZPNB\dss[1].exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Family.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {32341E7E-C319-46DE-91D0-E30BB1A3CABA} - (no file)
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {3E094941-27CA-445A-AF10-81E111174308} - (no file)
O2 - BHO: (no name) - {45CF19CD-D1BA-434C-BC01-B04A0DD20DB7} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {87C334F6-6777-4F03-8317-6438C58EF5CC} - (no file)
O2 - BHO: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: {2bfdb931-262c-6e4a-6904-1a4a13fb852f} - {f258bf31-a4a1-4096-a4e6-c262139bdfb2} - C:\WINDOWS\system32\ngpkjvvb.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [BMf76d7e4d] Rundll32.exe "C:\WINDOWS\system32\bmyqwlie.dll",s
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemydsl.verizon.net/sd...SL/tgctlcm.cab
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/Driver...aSmartScan.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor...fo/webscan.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MI1933~1\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: jkkHArOG - jkkHArOG.dll (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Prime95 Service - Unknown owner - C:\Program Files\Prime95\prime95.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
--
End of file - 10106 bytes
-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------
backup-20080301-102750-415 O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
backup-20080301-102751-254 O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
backup-20080301-102751-412 O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
backup-20080301-102751-712 O4 - HKCU\..\Run: [hcvojk] c:\documents and settings\family\local settings\application data\hcvojk.exe hcvojk
backup-20080604-215119-700 O4 - HKLM\..\Run: [BMf76d7e4d] Rundll32.exe "C:\WINDOWS\system32\bmyqwlie.dll",s
backup-20080604-220828-949 O4 - HKLM\..\Run: [BMf76d7e4d] Rundll32.exe "C:\WINDOWS\system32\bmyqwlie.dll",s
backup-20080604-221607-870 O4 - HKLM\..\Run: [BMf76d7e4d] Rundll32.exe "C:\WINDOWS\system32\bmyqwlie.dll",s
backup-20080604-221702-265 O4 - HKLM\..\Run: [BMf76d7e4d] Rundll32.exe "C:\WINDOWS\system32\bmyqwlie.dll",s
backup-20080604-221722-381 O4 - HKLM\..\Run: [BMf76d7e4d] Rundll32.exe "C:\WINDOWS\system32\bmyqwlie.dll",s
backup-20080604-221803-640 O4 - HKLM\..\Run: [BMf76d7e4d] Rundll32.exe "C:\WINDOWS\system32\bmyqwlie.dll",s
-- File Associations -----------------------------------------------------------
All associations okay.

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R0 giveio - c:\windows\system32\giveio.sys
R0 speedfan - c:\windows\system32\speedfan.sys <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver>
R1 AsIO - c:\windows\system32\drivers\asio.sys
R1 oreans32 - c:\windows\system32\drivers\oreans32.sys
R3 Afc (PPdus ASPI Shell) - c:\windows\system32\drivers\afc.sys <Not Verified; Arcsoft, Inc.; Arcsoft(R) ASPI Shell>
R3 Iviaspi (IVI ASPI Shell) - c:\windows\system32\drivers\iviaspi.sys <Not Verified; InterVideo, Inc.; InterVideo ASPI Shell>
R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus(R) ASPI Shell>
S0 AmdAcpi (AmdAcpi Bus Filter Driver) - c:\windows\system32\drivers\amdacpi.sys (file missing)
S3 Ad-Watch Connect Filter (Ad-Watch Connect Kernel Filter) - c:\windows\system32\drivers\nsdriver.sys (file missing)
S3 KIKIDRIVER - c:\documents and settings\family\desktop\kiki engine 1.41 [unpacked]\kiki.sys (file missing)
S3 mcdbus (Driver for MagicISO SCSI Host Controller) - c:\windows\system32\drivers\mcdbus.sys (file missing)
S3 MREMPR5 (MREMPR5 NDIS Protocol Driver) - c:\program files\common files\motive\mrempr5.sys <Not Verified; Motive, Inc.; Motive Rawether for Windows>
S3 MRENDIS5 (MRENDIS5 NDIS Protocol Driver) - c:\program files\common files\motive\mrendis5.sys <Not Verified; Motive, Inc.; Motive Rawether for Windows>
S3 PciCon - d:\pcicon.sys (file missing)
S3 WUSB54GPV4SRV (Linksys Home Wireless-G USB Adaptor Driver) - c:\windows\system32\drivers\rt2500usb.sys <Not Verified; Ralink Technology Inc.; Ralink 802.11g Wireless USB Adapters>
S3 XDva064 - c:\windows\system32\xdva064.sys (file missing)
S3 XDva121 - c:\windows\system32\xdva121.sys (file missing)

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Viewpoint Manager Service - "c:\program files\viewpoint\common\viewpointservice.exe" <Not Verified; Viewpoint Corporation; Viewpoint Manager>
S2 Prime95 Service - c:\program files\prime95\prime95.exe (file missing)
S3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>
S4 Bonjour Service (##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762 ##) - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Computer, Inc.; Bonjour>

-- Device Manager: Disabled ----------------------------------------------------
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Universal Serial Bus (USB) Controller
Device ID: PCI\VEN_1039&DEV_7002&SUBSYS_70021039&REV_00\3&267 A616A&0&1B
Manufacturer:
Name: Universal Serial Bus (USB) Controller
PNP Device ID: PCI\VEN_1039&DEV_7002&SUBSYS_70021039&REV_00\3&267 A616A&0&1B
Service:
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Hamachi Network Interface
Device ID: ROOT\NET\0000
Manufacturer: LogMeIn, Inc.
Name: Hamachi Network Interface
PNP Device ID: ROOT\NET\0000
Service: hamachi

-- Scheduled Tasks -------------------------------------------------------------
2008-05-30 13:22:01 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job

-- Files created between 2008-05-04 and 2008-06-04 -----------------------------
2008-06-01 20:54:24 0 d-------- C:\WINDOWS\Prefetch
2008-06-01 20:43:55 0 d-------- C:\WINDOWS\system32\scripting
2008-06-01 20:43:54 0 d-------- C:\WINDOWS\l2schemas
2008-06-01 20:20:56 9437184 --a------ C:\Documents and Settings\Family\ntuser.dat
2008-06-01 19:27:46 0 d-------- C:\WINDOWS\system32\bits
2008-06-01 10:02:39 0 d-------- C:\WINDOWS\system32\drivers\Avg
2008-06-01 10:02:39 0 d-------- C:\Documents and Settings\Family\Application Data\AVGTOOLBAR
2008-06-01 10:02:22 0 d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-06-01 09:59:21 0 dr-h----- C:\Documents and Settings\Family\Recent
2008-05-31 16:46:13 0 d--h----- C:\$AVG8.VAULT$
2008-05-31 13:19:03 0 d-------- C:\Program Files\AVG
2008-05-31 12:42:45 132096 --a------ C:\WINDOWS\system32\ngpkjvvb.dll
2008-05-31 00:34:27 807680 --ahs---- C:\WINDOWS\system32\gMUFNXyb.ini2
2008-05-28 14:04:29 0 d-------- C:\Documents and Settings\All Users\Application Data\SwiftSwitch
2008-05-28 14:04:27 0 d-------- C:\Program Files\SwiftSwitch
2008-05-24 12:14:59 0 d-------- C:\Program Files\Prime95
2008-05-24 12:12:35 0 d-------- C:\Program Files\SpeedFan
2008-05-18 08:52:58 0 d-------- C:\Program Files\Lavalys
2008-05-13 20:26:15 0 d-------- C:\Documents and Settings\Family\_curSkin
2008-05-13 16:39:26 0 d-------- C:\WINDOWS\system32\_curSkin
2008-05-13 16:39:25 0 d-------- C:\Documents and Settings\Family\Application Data\GameComm
2008-05-13 16:38:23 0 d-------- C:\Program Files\GameComm
2008-05-05 20:39:57 0 d-------- C:\Program Files\Common Files\xing shared
2008-05-05 19:19:57 0 d-------- C:\Program Files\DNA
2008-05-05 19:19:57 0 d-------- C:\Documents and Settings\Family\Application Data\DNA
2008-05-05 18:58:53 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-05-05 18:58:52 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-05-04 09:56:14 0 d-------- C:\Program Files\Microsoft Works
2008-05-04 09:55:57 0 d-------- C:\Program Files\MSBuild
2008-05-04 09:53:39 0 d-------- C:\Program Files\Microsoft.NET
2008-05-04 09:47:45 0 d-------- C:\Program Files\MagicDisc
2008-05-04 09:38:39 0 d-------- C:\Program Files\MagicISO

-- Find3M Report ---------------------------------------------------------------
2008-06-04 21:35:58 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-04 21:34:55 0 d-------- C:\Program Files\AMD
2008-06-04 21:19:56 0 d-------- C:\Program Files\Warcraft III
2008-06-04 19:38:43 0 d-------- C:\Documents and Settings\Family\Application Data\Xfire
2008-06-02 12:18:54 0 d-------- C:\Program Files\Windows NT
2008-06-02 12:18:46 0 d-------- C:\Program Files\Movie Maker
2008-06-02 12:14:26 0 d-------- C:\Program Files\Messenger
2008-06-01 20:36:54 250048 -rahs---- C:\ntldr
2008-05-31 22:32:58 0 d-------- C:\Documents and Settings\Family\Application Data\Adobe
2008-05-31 01:25:42 0 d-------- C:\Documents and Settings\Family\Application Data\LimeWire
2008-05-29 15:38:43 0 d-------- C:\Program Files\Xfire
2008-05-20 08:48:46 0 d-------- C:\Program Files\Microsoft Silverlight
2008-05-16 12:21:21 0 d-------- C:\Program Files\Common Files\Adobe
2008-05-13 17:37:24 0 d-------- C:\Program Files\World of Warcraft
2008-05-12 00:57:20 0 d-------- C:\Program Files\Common Files\AOL
2008-05-10 22:45:09 0 d-------- C:\Documents and Settings\Family\Application Data\teamspeak2
2008-05-05 20:40:36 0 d-------- C:\Documents and Settings\Family\Application Data\Real
2008-05-05 20:39:57 0 d-------- C:\Program Files\Common Files
2008-05-05 20:39:52 0 d-------- C:\Program Files\Common Files\Real
2008-05-05 20:39:07 0 d-------- C:\Program Files\Real
2008-05-05 01:17:45 1324 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-05-04 00:29:41 0 d-------- C:\Program Files\Steam
2008-05-02 16:33:50 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-01 20:42:37 0 d-------- C:\Program Files\LimeWire
2008-04-30 20:45:06 0 d-------- C:\Program Files\Apple Software Update
2008-04-26 12:36:20 0 d-------- C:\Program Files\iTunes
2008-04-18 12:26:18 0 d-------- C:\Program Files\Logitech
2008-04-16 21:49:14 0 d-------- C:\Program Files\Curse
2008-04-16 14:29:21 0 d-------- C:\Documents and Settings\Family\Application Data\Ubisoft
2008-04-14 05:55:28 1804 --a------ C:\WINDOWS\system32\dcache.bin
2008-04-06 10:45:38 0 d-------- C:\Program Files\Viewpoint
2008-04-06 10:45:37 0 d-------- C:\Documents and Settings\Family\Application Data\Viewpoint
2008-04-05 15:48:43 2089 --a------ C:\Documents and Settings\Family\Application Data\Cosmos Prefs
2008-04-04 14:21:35 0 d-------- C:\Program Files\iPod
2008-04-04 14:20:19 0 d-------- C:\Program Files\QuickTime
2008-04-02 08:19:22 2560 --a------ C:\WINDOWS\system32\bitcometres.dll <Not Verified; BitComet; BitComet BCTP Helper>

-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{32341E7E-C319-46DE-91D0-E30BB1A3CABA}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3E094941-27CA-445A-AF10-81E111174308}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{45CF19CD-D1BA-434C-BC01-B04A0DD20DB7}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{87C334F6-6777-4F03-8317-6438C58EF5CC}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
06/01/2008 10:02 AM 2051328 --a------ C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{f258bf31-a4a1-4096-a4e6-c262139bdfb2}]
05/31/2008 12:42 PM 132096 --a------ C:\WINDOWS\system32\ngpkjvvb.dll
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [06/01/2008 10:02 AM 2051328]
[-HKEY_CLASSES_ROOT\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\M SConfig.exe" [08/04/2004 12:56 AM]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [12/05/2007 02:41 AM]
"BMf76d7e4d"="C:\WINDOWS\system32\bmyqwlie.dll " []
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [05/05/2008 07:20 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 12:56 AM]
"DAEMON Tools Pro Agent"="C:\Program Files\DAEMON Tools Pro\DTProAgent.exe" [09/06/2007 09:08 AM]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [01/28/2008 11:43 AM]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
InterVideo WinCinema Manager.lnk - C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe [10/16/2007 9:16:00 PM]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe [2/8/2008 5:06:29 PM]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2/8/2008 5:04:23 PM]
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\system]
"DisableRegistryTools"=0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkkHArOG]
jkkHArOG.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=avgrsstx.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\byXNFUMg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\aawservice"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\AVG Anti-Spyware Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\AVG Anti-Spyware Guard"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\vds]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\WdfLoadGroup]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BMf76d7e4d]
Rundll32.exe "C:\WINDOWS\system32\bmyqwlie.dll",s
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Bonjour Service"=2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{344f9b90-19d5-11dd-8eee-0013d4e9b7aa}]
AutoRun\command- I:\Launcher.exe


-- Hosts -----------------------------------------------------------------------
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 Command - Keeping Software Free
127.0.0.1 032439.com
8327 more entries in hosts file.

-- End of Deckard's System Scanner: finished at 2008-06-04 22:27:59 ------------

========================
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------
-- System Information ----------------------------------------------------------
Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English
CPU 0: AMD Athlon(tm) 64 X2 Dual Core Processor 4200+
CPU 1: AMD Athlon(tm) 64 X2 Dual Core Processor 4200+
Percentage of Memory in Use: 33%
Physical Memory (total/avail): 1534.61 MiB / 1016.73 MiB
Pagefile Memory (total/avail): 3430.54 MiB / 3075.66 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1925.57 MiB
A: is Removable (No Media)
C: is Fixed (NTFS) - 74.52 GiB total, 5.19 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)
F: is CDROM (No Media)
G: is CDROM (No Media)
\\.\PHYSICALDRIVE0 - WDC WD800AB-00CBA1 - 74.53 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 74.52 GiB - C:

-- Security Center -------------------------------------------------------------
AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.
AV: AVG Anti-Virus v8.0 (AVG Technologies)
[HKLM\System\CurrentControlSet\Services\SharedAcces s\Parameters\FirewallPolicy\DomainProfile\Authoriz edApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\syste m32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessen ger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessen ger.exe:*:Enabled:Logitech Desktop Messenger"
[HKLM\System\CurrentControlSet\Services\SharedAcces s\Parameters\FirewallPolicy\StandardProfile\Author izedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\syste m32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Xfire\\xfire.exe"="C:\\Program Files\\Xfire\\xfire.exe:*:Enabled:Xfire"
"C:\\Program Files\\BitComet\\BitComet.exe"="C:\\Program Files\\BitComet\\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"="C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe:*:Enabled:Veoh Client"
"C:\\Program Files\\Warcraft III\\Warcraft III.exe"="C:\\Program Files\\Warcraft III\\Warcraft III.exe:*:Enabled:Warcraft III"
"C:\\Program Files\\Warcraft III\\war3.exe"="C:\\Program Files\\Warcraft III\\war3.exe:*:Enabled:Warcraft III"
"C:\\Documents and Settings\\Family\\Desktop\\listchecker\\pickup.lis tchecker.exe"="C:\\Documents and Settings\\Family\\Desktop\\listchecker\\pickup.lis tchecker.exe:*:Enabled:listchecker"
"C:\\Program Files\\BitTorrent_DNA\\dna.exe"="C:\\Program Files\\BitTorrent_DNA\\dna.exe:*:Enabled:BitTorren t DNA"
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTor rent"
"C:\\Program Files\\THQ\\Dawn of War - Dark Crusade\\DarkCrusade.exe"="C:\\Program Files\\THQ\\Dawn of War - Dark Crusade\\DarkCrusade.exe:*:EnabledarkCrusade"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"="C:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe:*:Enabled:Battlefield 2"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjou r"
"C:\\Downloads\\Call of Duty 4 Modern Warfare Full-Rip Skullptura\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"="C:\\Downloads\\Call of Duty 4 Modern Warfare Full-Rip Skullptura\\Call of Duty 4 - Modern Warfare\\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM) "
"C:\\Downloads\\Universe.At.War.Earth.Assault. Full-Rip.Multi-12.Skullptura\\Universe At War Earth Assault\\UAWEA.exe"="C:\\Downloads\\Universe.At.Wa r.Earth.Assault.Full-Rip.Multi-12.Skullptura\\Universe At War Earth Assault\\UAWEA.exe:*:Enabled:Universe at War: Earth Assault Application"
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"="C:\\Progra m Files\\Real\\RealPlayer\\realplay.exe:*:Enabled:Re alPlayer"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Documents and Settings\\Family\\Local Settings\\Temp\\nsk6.tmp\\utorrent.exe"="C:\\Docum ents and Settings\\Family\\Local Settings\\Temp\\nsk6.tmp\\utorrent.exe:*:Enabled:µ Torrent"
"C:\\Program Files\\xchat\\xchat.exe"="C:\\Program Files\\xchat\\xchat.exe:*:Enabled:XChat IRC Client"
"C:\\Program Files\\Silkroad\\SilkErrSender.exe"="C:\\Program Files\\Silkroad\\SilkErrSender.exe:*:Enabled:FTPSe nder MFC ?? ????"
"C:\\Program Files\\Silkroad\\nuConnector.exe"="C:\\Program Files\\Silkroad\\nuConnector.exe:*:Enabled:nuConne ctor"
"C:\\Program Files\\Silkroad\\config\\nuConnector.exe"="C:\\Pro gram Files\\Silkroad\\config\\nuConnector.exe:*:Enabled :nuConnector"
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessen ger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessen ger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\\WINDOWS\\system32\\PnkBstrA.exe"="C:\\WINDOWS \\system32\\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\\WINDOWS\\system32\\PnkBstrB.exe"="C:\\WINDOWS \\system32\\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"
"C:\\Program Files\\THQ\\Dawn of War - Soulstorm\\Soulstorm.exe"="C:\\Program Files\\THQ\\Dawn of War - Soulstorm\\Soulstorm.exe:*:Enabled:Soulstorm"
"C:\\Program Files\\Silkroad\\nuConnector6.exe"="C:\\Program Files\\Silkroad\\nuConnector6.exe:*:Enabled:nuConn ector6"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\AIM6\\aim6.exe"="C:\\Program Files\\AIM6\\aim6.exe:*:Enabled:AIM"
"C:\\Program Files\\Steam\\steamapps\\evilcookie24\\condition zero deleted scenes\\hl.exe"="C:\\Program Files\\Steam\\steamapps\\evilcookie24\\condition zero deleted scenes\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\\Program Files\\DNA\\btdna.exe"="C:\\Program Files\\DNA\\btdna.exe:*:EnabledNA"
"C:\\Documents and Settings\\Family\\Desktop\\ProjectMonsterCMS.exe"= "C:\\Documents and Settings\\Family\\Desktop\\ProjectMonsterCMS.exe:* :Enabled:ProjectMonsterCMS"
"C:\\Program Files\\GameComm\\GameComm.exe"="C:\\Program Files\\GameComm\\GameComm.exe:*:Enabled:GameComm Client"
"C:\\Program Files\\SwiftSwitch\\SwiftSwitch.exe"="C:\\Program Files\\SwiftSwitch\\SwiftSwitch.exe:*:Enabled:Util ity for RuneScape"
"C:\\Program Files\\Hamachi\\hamachi.exe"="C:\\Program Files\\Hamachi\\hamachi.exe:*:Enabled:Hamachi"
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"="C:\\Program Files\\AVG\\AVG8\\avgupd.exe:*:Enabled:avgupd.exe"
"C:\\Program Files\\AVG\\AVG8\\avgnsx.exe"="C:\\Program Files\\AVG\\AVG8\\avgnsx.exe:*:Enabled:avgnsx.exe"

-- Environment Variables -------------------------------------------------------
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Family\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=FAMILY-DIITO91N
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Family
LOGONSERVER=\\FAMILY-DIITO91N
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\Sys tem32\Wbem;C:\Program Files\Microsoft SQL Server\80\Tools\Binn\;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WS F;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 35 Stepping 2, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=2302
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
RNLOG_BASEKEY=Software\RealNetworks\RealPlayer\6.0 \Preferences\BrowserRecordPluginLog
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Family\LOCALS~1\Temp
TMP=C:\DOCUME~1\Family\LOCALS~1\Temp
USERDOMAIN=FAMILY-DIITO91N
USERNAME=Family
USERPROFILE=C:\Documents and Settings\Family
windir=C:\WINDOWS
__COMPAT_LAYER=EnableNXShowUI

-- User Profiles ---------------------------------------------------------------
Family (admin)
Administrator (admin)

-- Add/Remove Programs ---------------------------------------------------------
--> "C:\Program Files\InstallShield Installation Information\{1A91D1FA-B9B3-4556-9878-5C61059A19B2}\setup.exe" REMOVEALL
--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> MsiExec /X{45235788-142C-44BE-8A4D-DDE9A84492E5}
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{89AD2814-AFA2-46AF-AE53-C27196D9FBE6}\setup.exe" REMOVEALL
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AAA4CCCE-78DB-47B0-A651-68270D838BD4}\setup.exe" REMOVEALL
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
AC3Filter (remove only) --> C:\Program Files\AC3Filter\uninstall.exe
Adobe Acrobat 5.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Anchor Service CS3 --> MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3 --> MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3 --> MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting --> MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0 --> MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps --> MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific --> MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings --> MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}
Adobe Color EU Extra Settings --> MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings --> MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings --> MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Default Language CS3 --> MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3 --> MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe ExtendScript Toolkit 2 --> MsiExec.exe /I{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activ eX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugi n.exe
Adobe Fonts All --> MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3 --> MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Image Viewer Plugin 4.0 --> C:\Program Files\Common Files\Adobe\Acrobat 5.0\ImageViewer\Winstall.exe -u -fC:\Program Files\Common Files\Adobe\Acrobat 5.0\ImageViewer\Install.log
Adobe Linguistics CS3 --> MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe PDF Library Files --> MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop Album Starter Edition --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{483616D1-867E-46F8-BEC7-3C6475933908}\apxp.ex_" -l0x9
Adobe Photoshop CS3 --> C:\Program Files\Common Files\Adobe\Installers\2ac78060bc5856b0c1cf873bb91 9b58\Setup.exe
Adobe Photoshop CS3 --> MsiExec.exe /I{0046FA01-C5B9-4985-BACB-398DC480FC05}
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Setup --> MsiExec.exe /I{D1BB4446-AE9C-4256-9A7F-4D46604D2462}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Adobe Stock Photos CS3 --> MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support --> MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3 --> MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client --> MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin --> MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP Panels CS3 --> MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
AGEIA PhysX v7.09.13 --> MsiExec.exe /X{45235788-142C-44BE-8A4D-DDE9A84492E5}
Ai Booster --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{74BF0A46-DF67-4D86-B038-BF0E51871B66}\setup.exe" -l0x9
AMD Power Monitor --> MsiExec.exe /X{5EE721AA-5619-4016-908D-84DCAAFA336F}
AMD Processor Driver --> C:\Program Files\InstallShield Installation Information\{C151CE54-E7EA-4804-854B-F515368B0798}\setup.exe -runfromtemp -l0x0009 -removeonly
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
ArcSoft PhotoImpression 5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D433ABC3-0CD8-4BB0-B6A9-84501B4B47B7}\Setup.exe" -l0x9
ASUSUpdate --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{587178E7-B1DF-494E-9838-FA4DD36E873C}\setup.exe" -l0x9
AVG 8.0 --> C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
AviSynth 2.5 --> "C:\Program Files\AviSynth 2.5\Uninstall.exe"
Battlefield 2(TM) --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\ 50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}\setup.exe" -l0x9 -removeonly
Battlefield 2: Special Forces --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\ 50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{50D4CB89-AF34-4978-96DC-C3034062E901}\setup.exe" -l0x9 -removeonly
BitComet 1.00 --> C:\Program Files\BitComet\uninst.exe
Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch --> C:\Program Files\InstallShield Installation Information\{3BD633E0-4BF8-4499-9149-88F0767D449C}\setup.exe -runfromtemp -l0x0409
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
CDDRV_Installer --> MsiExec.exe /I{8CC990CD-87C8-475C-AC32-8A7984E2FCFA}
CleanUp! --> C:\Program Files\CleanUp!\uninstall.exe
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DNA --> "C:\Program Files\DNA\btdna.exe" /UNINSTALL
DotA Client Build b1.7.2 (Beta) --> "C:\Program Files\DotA Gaming Network\unins000.exe"
Dual-Core Optimizer --> MsiExec.exe /X{FF3D660E-E5CC-47FD-8050-1B4DE3BA81A9}
EPSON Scan --> C:\Program Files\epson\escndv\setup\setup.exe /r
EVEREST Home Edition v2.20 --> "C:\Program Files\Lavalys\EVEREST Home Edition\unins000.exe"
Hamachi 1.0.2.5 --> C:\Program Files\Hamachi\uninstall.exe
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spunins t.exe"
Intel(R) PRO Network Connections Drivers --> Prounstl.exe
InterActual Player --> C:\Program Files\InterActual\InterActual Player\inuninst.exe
InterVideo Disc Master 2.5 --> "C:\Program Files\InstallShield Installation Information\{F366D0C4-18F2-44A6-A4E7-7ED2DD37F3D3}\setup.exe" --u:{F366D0C4-18F2-44A6-A4E7-7ED2DD37F3D3}
InterVideo DVDCopy 2 --> "C:\Program Files\InstallShield Installation Information\{96BF9A2A-1835-4DEE-A94F-9EA4F77976BF}\setup.exe" --u:{96BF9A2A-1835-4DEE-A94F-9EA4F77976BF}
InterVideo Home Theater --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F7514465-E5F3-48E9-A952-327DAEF33DE6}\setup.exe" REMOVEALL
InterVideo PhotoAlbum --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{40602E2C-AB5C-4887-8093-3BFE5B8B95B3}\setup.exe" REMOVEALL
InterVideo WinDVD --> "C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
InterVideo WinDVD Creator 2 --> "C:\Program Files\InstallShield Installation Information\{2FCE4FC5-6930-40E7-A4F1-F862207424EF}\setup.exe" REMOVEALL
InterVideo WinRip --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D32D4182-DE6C-457E-838C-8D7B9CE332BA}\setup.exe" REMOVEALL
IrfanView (remove only) --> C:\Program Files\IrfanView\iv_uninstall.exe
iTunes --> MsiExec.exe /I{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}
Java(TM) 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java(TM) 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Kaspersky Online Scanner --> C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
KhalInstallWrapper --> MsiExec.exe /I{56918C0C-0D87-4CA6-92BF-4975A43AC719}
LimeWire 4.16.7 --> "C:\Program Files\LimeWire\uninstall.exe"
Logitech Desktop Messenger --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\ 01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\SETUP.EXE" -l0x9 UNINSTALL
Logitech GamePanel Software 2.02 --> MsiExec.exe /X{0523EAF4-402C-4435-A0DA-13C40193D811}
Logitech Registration --> MsiExec.exe /I{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}
Logitech SetPoint --> C:\Program Files\InstallShield Installation Information\{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}\setup.exe -runfromtemp -l0x0009 -removeonly
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spu ninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 --> "C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spunins t.exe"
Microsoft Office Access MUI (English) 2007 --> MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007 --> MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007 --> MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007 --> MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007 --> MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007 --> MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007 --> MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Reader --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B6F7DBE7-2FE2-458F-A738-B10832746036}\Setup.exe" -L0x9
Microsoft Silverlight --> MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR) --> MsiExec.exe /X{E09B48B5-E141-427A-AB0C-D3605127224A}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spunin st.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Mozilla Firefox (2.0.0.13) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
NVIDIA Drivers --> C:\WINDOWS\system32\nvuninst.exe UninstallGUI
PC Probe II --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F7338FA3-DAB5-49B2-900D-0AFB5760C166}\setup.exe" -l0x9
PDF Settings --> MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
PerfectDisk --> MsiExec.exe /I{212F5777-1190-4DEF-8E4D-6B2F313B45E7}
PunkBuster Services --> C:\WINDOWS\system32\pbsvc.exe -u
QuickTime --> MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Rhapsody Player Engine --> MsiExec.exe /I{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}
Security Update for Excel 2007 (KB946974) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {85E83E2E-AF9B-439B-B4F9-EB9B7EF6A00E}
Security Update for Microsoft Office Publisher 2007 (KB950114) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office system 2007 (KB951808) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {8F375E11-4FD6-4B89-9E2B-A76D48B51E00}
Security Update for Microsoft Office Word 2007 (KB950113) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {AD72BABE-C733-4FCF-9674-4314466191B9}
Security Update for Office 2007 (KB947801) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {02B5A17B-01BE-4BA6-95F1-1CBB46EBC76E}
Security Update for Outlook 2007 (KB946983) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {66B9496E-C0C3-4065-9868-85CCA92126C3}
Sony Media Manager 2.2 --> MsiExec.exe /X{C9E129BC-27D3-436E-BAAC-4CE81E0962F1}
SoundMAX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\ 50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe" -l0x9 -removeonly
SpeedFan (remove only) --> "C:\Program Files\SpeedFan\uninstall.exe"
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Steam --> MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
SwiftSwitch --> C:\Program Files\SwiftSwitch\Uninstal.exe
System Requirements Lab --> C:\Program Files\SystemRequirementsLab\Uninstall.exe
TeamSpeak 2 RC2 --> "C:\Program Files\Teamspeak2_RC2\unins000.exe"
uberOptions 4.40.1 --> C:\Program Files\Logitech\SetPoint\uberOptions\uninst.exe
Universe at War Earth Assault --> 19
Update for Office 2007 (KB946691) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Outlook 2007 Junk Email Filter (kb950378) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F6296086-AED5-4EC0-938B-08EA0254F20E}
Ventrilo Client --> MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
VeohTV BETA --> C:\Program Files\InstallShield Installation Information\{0405E51E-9582-4207-8F38-AC44201D3808}\setup.exe -runfromtemp -l0x0409
Verizon Online Help and Support --> C:\PROGRA~1\Verizon\UNWISE.EXE C:\PROGRA~1\Verizon\INSTALL.LOG
Videora iPod Converter 3.06 --> C:\Program Files\Red Kawa\Video Converter 3\uninstaller.exe
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
Warcraft III: All Products --> C:\WINDOWS\War3Unin.exe C:\WINDOWS\War3Unin.dat
WC3Banlist --> "C:\Program Files\WC3Banlist\unins000.exe"
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spunin st.exe"
WinPcap 4.0.1 --> C:\Program Files\WinPcap\uninstall.exe
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
World of Warcraft --> C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft\Uninstall.exe
WowAceUpdater --> rundll32.exe dfshim.dll,ShArpMaintain WowAceUpdater.application, Culture=neutral, PublicKeyToken=4d89fb8d52541cc9, processorArchitecture=msil
XChat 2 (remove only) --> "C:\Program Files\xchat\uninstall.exe"
Xfire (remove only) --> "C:\Program Files\Xfire\uninst.exe"

-- Application Event Log -------------------------------------------------------
Event Record #/Type2389 / Error
Event Submitted/Written: 06/04/2008 07:35:44 PM
Event ID/Source: 0 /
Event Description:
7
Event Record #/Type2388 / Error
Event Submitted/Written: 06/04/2008 07:35:44 PM
Event ID/Source: 0 /
Event Description:
6
Event Record #/Type2387 / Error
Event Submitted/Written: 06/04/2008 03:25:05 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application iexplore.exe, version 7.0.6000.16640, faulting module unknown, version 0.0.0.0, fault address 0x04470fe0.
Processing media-specific event for [iexplore.exe!ws!]
Event Record #/Type2385 / Error
Event Submitted/Written: 06/04/2008 00:50:58 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application realplay.exe, version 11.0.0.446, faulting module mp4vdec.ax, version 0.8.6.1, fault address 0x0001d44c.
Processing media-specific event for [realplay.exe!ws!]
Event Record #/Type2384 / Error
Event Submitted/Written: 06/04/2008 00:49:59 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application mplayerc.exe, version 6.4.9.1, faulting module mp4vdec.ax, version 0.8.6.1, fault address 0x0001d44c.
Processing media-specific event for [mplayerc.exe!ws!]

-- Security Event Log ----------------------------------------------------------
No Errors/Warnings found.

-- System Event Log ------------------------------------------------------------
Event Record #/Type5349 / Error
Event Submitted/Written: 06/04/2008 10:12:35 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1053" attempting to start the service PDEngine with arguments "-Service"
in order to run the server:
{479C2019-B771-4324-AEA3-1FFECABBC790}
Event Record #/Type5348 / Error
Event Submitted/Written: 06/04/2008 10:12:35 PM
Event ID/Source: 7011 / Service Control Manager
Event Description:
Timeout (30000 milliseconds) waiting for a transaction response from the NVSvc service.
Event Record #/Type5347 / Error
Event Submitted/Written: 06/04/2008 10:12:35 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The PDEngine service failed to start due to the following error:
%%1053
Event Record #/Type5346 / Error
Event Submitted/Written: 06/04/2008 10:12:35 PM
Event ID/Source: 7009 / Service Control Manager
Event Description:
Timeout (30000 milliseconds) waiting for the PDEngine service to connect.
Event Record #/Type5342 / Error
Event Submitted/Written: 06/04/2008 10:11:55 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The Prime95 Service service failed to start due to the following error:
%%2

-- End of Deckard's System Scanner: finished at 2008-06-04 22:27:59 ------------

Ok.Its a Vundo infection.Lets fix it.....

Ok.We need to download ComboFix.exe. This will give a better view to the files running and also hidden on your computer and also those in the registry.
Please visit this webpage for download links, and instructions for running ComboFix
When the tool is finished, it will produce a report for you. Please copy and paste the "C:\ComboFix.txt" along with a new 'HijackThis' log so that we can continue to do any further cleaning that your system may require.
Caution: Never run and remove files with Combofix unless supervised by a qualified security analyst who is experienced in the use of Combofix. Mal use can cause serious computer problems
NOTE: Combofix prevents autorun of all CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you - please let me know.
=======================================
Please download SDFix from here and save it to your desktop
Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)
Please then reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, the Advanced Options Menu should appear;
Select the first option, to run Windows in Safe Mode, then press Enter.
Choose your usual account.
Open the extracted SDFix folder and double click RunThis.bat to start the script.
Type Y to begin the cleanup process.
It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
(Report.txt will also be copied to Clipboard ready for posting back on the forum).
Please copy and paste that log in your next reply.

here is the new scan logs. I did the scans in the order you set them to.




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:14:36 PM, on 6/5/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Sandboxie\SbieSvc.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\DAEMON Tools Pro\DTProAgent.exe
C:\Program Files\Sandboxie\SbieCtrl.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [BMf76d7e4d] Rundll32.exe "C:\WINDOWS\system32\bmyqwlie.dll",s
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe"
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemydsl.verizon.net/sd...SL/tgctlcm.cab
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/Driver...aSmartScan.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor...fo/webscan.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MI1933~1\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: jkkHArOG - jkkHArOG.dll (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Prime95 Service - Unknown owner - C:\Program Files\Prime95\prime95.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Sandboxie Service (SbieSvc) - tzuk - C:\Program Files\Sandboxie\SbieSvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
--
End of file - 9844 bytes

==========================
SDFix: Version 1.188
Run by Family on Thu 06/05/2008 at 09:26 PM
Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix\SDFix
Checking Services :

Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting

Checking Files :
No Trojan Files Found



Removing Temp Files
ADS Check :


Final Check :
catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-05 21:36:58
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]
"p0"="C:\Program Files\DAEMON Tools Pro\"
"h0"=dword:00000001
"hdf12"=hex:b1,ad,96,b0,62,97,45,05,b6,b5,b6,10,6e ,ff,16,94,a6,53,2f,3b,6a,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000 001]
"a0"=hex:20,01,00,00,99,4d,e8,c4,4c,27,70,6d,f9,86 ,ee,d9,e7,5c,50,04,af,..
"hdf12"=hex:80,b8,10,2e,ff,58,ac,23,49,67,6b,4b,23 ,47,10,1f,d4,e8,62,29,a0,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000 001\gdq0]
"hdf12"=hex:73,67,52,e5,15,c2,08,0e,05,1e,d5,e9,45 ,96,ad,27,3f,b7,25,02,9b,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000 001\gdq1]
"hdf12"=hex:e6,17,21,ca,65,b4,c4,8f,70,ec,2c,8b,44 ,a7,f4,06,e3,ec,28,07,68,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000 002]
"a0"=hex:20,01,00,00,dd,f9,e9,c4,3a,22,a8,ab,e5,37 ,f1,07,ca,10,97,11,20,..
"hdf12"=hex:84,4f,a0,34,c9,8a,a7,07,26,0c,69,87,54 ,df,0f,78,40,fa,25,39,0f,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000 002\gdq0]
"hdf12"=hex:ea,a0,a6,53,2a,2a,cb,19,be,22,ac,21,25 ,a0,8e,1b,b9,5e,42,97,d0,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000 002\gdq1]
"hdf12"=hex:a4,eb,8a,76,47,33,dc,36,6c,a0,c7,58,63 ,8a,13,93,7d,69,8a,98,68,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:ad,5a,32,e7,6b,cf,05,e9,39,98,a0,a9,00 ,ec,f4,6a,5a,e7,68,ac,a3,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\s ptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]
"p0"="C:\Program Files\DAEMON Tools Pro\"
"h0"=dword:00000001
"hdf12"=hex:b1,ad,96,b0,62,97,45,05,b6,b5,b6,10,6e ,ff,16,94,a6,53,2f,3b,6a,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\s ptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001]
"a0"=hex:20,01,00,00,99,4d,e8,c4,4c,27,70,6d,f9,86 ,ee,d9,e7,5c,50,04,af,..
"hdf12"=hex:80,b8,10,2e,ff,58,ac,23,49,67,6b,4b,23 ,47,10,1f,d4,e8,62,29,a0,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\s ptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\ gdq0]
"hdf12"=hex:73,67,52,e5,15,c2,08,0e,05,1e,d5,e9,45 ,96,ad,27,3f,b7,25,02,9b,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\s ptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\ gdq1]
"hdf12"=hex:e6,17,21,ca,65,b4,c4,8f,70,ec,2c,8b,44 ,a7,f4,06,e3,ec,28,07,68,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\s ptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002]
"a0"=hex:20,01,00,00,dd,f9,e9,c4,3a,22,a8,ab,e5,37 ,f1,07,ca,10,97,11,20,..
"hdf12"=hex:84,4f,a0,34,c9,8a,a7,07,26,0c,69,87,54 ,df,0f,78,40,fa,25,39,0f,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\s ptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\ gdq0]
"hdf12"=hex:ea,a0,a6,53,2a,2a,cb,19,be,22,ac,21,25 ,a0,8e,1b,b9,5e,42,97,d0,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\s ptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\ gdq1]
"hdf12"=hex:a4,eb,8a,76,47,33,dc,36,6c,a0,c7,58,63 ,8a,13,93,7d,69,8a,98,68,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\s ptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:ad,5a,32,e7,6b,cf,05,e9,39,98,a0,a9,00 ,ec,f4,6a,5a,e7,68,ac,a3,..
scanning hidden registry entries ...
[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell NoRoam\Bags\389\She]
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

Remaining Services :


Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\standard profile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\syste m32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Xfire\\xfire.exe"="C:\\Program Files\\Xfire\\xfire.exe:*:Enabled:Xfire"
"C:\\Program Files\\BitComet\\BitComet.exe"="C:\\Program Files\\BitComet\\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"="C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe:*:Enabled:Veoh Client"
"C:\\Program Files\\Warcraft III\\Warcraft III.exe"="C:\\Program Files\\Warcraft III\\Warcraft III.exe:*:Enabled:Warcraft III"
"C:\\Program Files\\Warcraft III\\war3.exe"="C:\\Program Files\\Warcraft III\\war3.exe:*:Enabled:Warcraft III"
"C:\\Documents and Settings\\Family\\Desktop\\listchecker\\pickup.lis tchecker.exe"="C:\\Documents and Settings\\Family\\Desktop\\listchecker\\pickup.lis tchecker.exe:*:Enabled:listchecker"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"="C:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe:*:Enabled:Battlefield 2"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjou r"
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"="C:\\Progra m Files\\Real\\RealPlayer\\realplay.exe:*:Enabled:Re alPlayer"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\xchat\\xchat.exe"="C:\\Program Files\\xchat\\xchat.exe:*:Enabled:XChat IRC Client"
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessen ger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessen ger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\\WINDOWS\\system32\\PnkBstrA.exe"="C:\\WINDOWS \\system32\\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\\WINDOWS\\system32\\PnkBstrB.exe"="C:\\WINDOWS \\system32\\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Steam\\steamapps\\evilcookie24\\condition zero deleted scenes\\hl.exe"="C:\\Program Files\\Steam\\steamapps\\evilcookie24\\condition zero deleted scenes\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\\Program Files\\DNA\\btdna.exe"="C:\\Program Files\\DNA\\btdna.exe:*:EnabledNA"
"C:\\Documents and Settings\\Family\\Desktop\\ProjectMonsterCMS.exe"= "C:\\Documents and Settings\\Family\\Desktop\\ProjectMonsterCMS.exe:* :Enabled:ProjectMonsterCMS"
"C:\\Program Files\\SwiftSwitch\\SwiftSwitch.exe"="C:\\Program Files\\SwiftSwitch\\SwiftSwitch.exe:*:Enabled:Util ity for RuneScape"
"C:\\Program Files\\Hamachi\\hamachi.exe"="C:\\Program Files\\Hamachi\\hamachi.exe:*:Enabled:Hamachi"
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"="C:\\Program Files\\AVG\\AVG8\\avgupd.exe:*:Enabled:avgupd.exe"
"C:\\Program Files\\AVG\\AVG8\\avgnsx.exe"="C:\\Program Files\\AVG\\AVG8\\avgnsx.exe:*:Enabled:avgnsx.exe"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\domainpr ofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\syste m32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessen ger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessen ger.exe:*:Enabled:Logitech Desktop Messenger"
Remaining Files :

Files with Hidden Attributes :
Mon 28 Jan 2008 1,404,240 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
Mon 28 Jan 2008 5,146,448 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
Mon 28 Jan 2008 2,097,488 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
Sat 27 Oct 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Mon 5 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\0a67b6c4 06b1d7e0f5c1e6f6d44a3f6e\BIT8.tmp"
Mon 5 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\26924cbc 8132a10b438ce6e2b49d4652\BIT6.tmp"
Mon 5 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\2769b111 678c52099a3b3123b12f2325\BITA.tmp"
Fri 2 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\385cb67d da0ffd4dea8c0d990dc65796\BIT5.tmp"
Mon 5 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\b69c46c5 109d0f8b0dee9fab84906813\BIT9.tmp"
Mon 5 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\d77b9b5b 8fed23dd91f50d167cce60d3\BITB.tmp"
Mon 5 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\fa6c916b b150f8a929e7a4ffdfbc120f\BIT7.tmp"
Fri 29 Feb 2008 5,853 ...HR --- "C:\Documents and Settings\Family\Application Data\SecuROM\UserData\securom_v7_01.bak"
Finished!
=============================
ComboFix 08-06-04.5 - Family 2008-06-05 21:02:57.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1099 [GMT -4:00]
Running from: C:\Documents and Settings\Family\Desktop\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2008-05-06 to 2008-06-06 )))))))))))))))))))))))))))))))
.
2008-06-05 11:34 . 2008-06-05 11:34 <DIR> d-------- C:\SDFix
2008-06-05 00:26 . 2008-06-05 00:26 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-06-05 00:26 . 2008-06-05 00:26 1,409 --a------ C:\WINDOWS\QTFont.for
2008-06-04 22:37 . 2008-06-04 22:37 <DIR> d-------- C:\Sandbox
2008-06-04 22:33 . 2008-06-04 23:03 1,712 --a------ C:\WINDOWS\Sandboxie.ini
2008-06-04 22:32 . 2008-06-04 22:32 <DIR> d-------- C:\Program Files\Sandboxie
2008-06-04 22:25 . 2008-06-04 22:25 <DIR> d-------- C:\Deckard
2008-06-01 20:43 . 2008-06-01 20:43 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-06-01 20:43 . 2008-06-01 20:43 <DIR> d-------- C:\WINDOWS\l2schemas
2008-06-01 20:35 . 2006-12-29 00:31 19,569 --a------ C:\WINDOWS\005833_.tmp
2008-06-01 19:27 . 2008-06-02 12:14 <DIR> d-------- C:\WINDOWS\system32\bits
2008-06-01 19:27 . 2007-03-29 08:56 409,600 -----c--- C:\WINDOWS\system32\dllcache\qmgr.dll
2008-06-01 19:27 . 2007-03-29 08:56 18,944 -----c--- C:\WINDOWS\system32\dllcache\qmgrprxy.dll
2008-06-01 19:27 . 2007-03-29 08:56 8,192 -----c--- C:\WINDOWS\system32\dllcache\bitsprx2.dll
2008-06-01 19:27 . 2007-03-29 08:56 7,168 -----c--- C:\WINDOWS\system32\dllcache\bitsprx4.dll
2008-06-01 19:27 . 2007-03-29 08:56 7,168 -----c--- C:\WINDOWS\system32\dllcache\bitsprx3.dll
2008-06-01 19:27 . 2007-03-29 08:56 7,168 --------- C:\WINDOWS\system32\bitsprx4.dll
2008-06-01 19:27 . 2008-06-01 19:27 1,355 --a------ C:\WINDOWS\imsins.BAK
2008-06-01 10:02 . 2008-06-05 18:36 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-06-01 10:02 . 2008-06-03 19:07 <DIR> d-------- C:\Documents and Settings\Family\Application Data\AVGTOOLBAR
2008-06-01 10:02 . 2008-06-01 10:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-06-01 10:02 . 2008-06-01 10:02 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-06-01 10:02 . 2008-06-01 10:02 75,272 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
2008-06-01 10:02 . 2008-06-01 10:02 12,424 --a------ C:\WINDOWS\system32\drivers\avgrkx86.sys
2008-06-01 10:02 . 2008-06-01 10:02 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-06-01 09:45 . 2008-06-01 09:48 14,688,256 --a------ C:\WINDOWS\sectest.db
2008-05-31 16:46 . 2008-06-01 21:03 <DIR> d--h----- C:\$AVG8.VAULT$
2008-05-31 13:25 . 2008-05-31 13:25 93 --a------ C:\WINDOWS\wininit.ini
2008-05-31 13:19 . 2008-05-31 13:19 <DIR> d-------- C:\Program Files\AVG
2008-05-28 14:04 . 2008-06-05 20:48 <DIR> d-------- C:\Program Files\SwiftSwitch
2008-05-28 14:04 . 2008-05-28 14:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SwiftSwitch
2008-05-24 12:14 . 2008-06-02 12:28 <DIR> d-------- C:\Program Files\Prime95
2008-05-24 12:12 . 2008-06-01 07:12 <DIR> d-------- C:\Program Files\SpeedFan
2008-05-18 08:52 . 2008-05-18 08:52 <DIR> d-------- C:\Program Files\Lavalys
2008-05-13 21:29 . 2008-05-13 21:29 41,296 --a------ C:\WINDOWS\system32\xfcodec.dll
2008-05-13 20:26 . 2008-05-13 20:26 <DIR> d-------- C:\Documents and Settings\Family\_curSkin
2008-05-13 16:39 . 2008-05-13 16:39 <DIR> d-------- C:\WINDOWS\system32\_curSkin
2008-05-13 16:39 . 2008-05-14 22:16 <DIR> d-------- C:\Documents and Settings\Family\Application Data\GameComm
2008-05-13 16:38 . 2008-06-04 22:14 <DIR> d-------- C:\Program Files\GameComm
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-06-06 01:02 --------- d-----w C:\Documents and Settings\Family\Application Data\DNA
2008-06-06 00:32 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-06-06 00:30 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-06-06 00:24 --------- d-----w C:\Documents and Settings\Family\Application Data\Xfire
2008-06-05 14:25 --------- d-----w C:\Program Files\Xfire
2008-06-05 01:35 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-06-05 01:34 --------- d-----w C:\Program Files\AMD
2008-06-05 01:19 --------- d-----w C:\Program Files\Warcraft III
2008-06-01 14:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-05-31 05:25 --------- d-----w C:\Documents and Settings\Family\Application Data\LimeWire
2008-05-28 23:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-05-20 12:48 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-05-16 16:21 --------- d-----w C:\Program Files\Common Files\Adobe
2008-05-13 21:37 --------- d-----w C:\Program Files\World of Warcraft
2008-05-12 04:57 --------- d-----w C:\Program Files\Common Files\AOL
2008-05-11 02:45 --------- d-----w C:\Documents and Settings\Family\Application Data\teamspeak2
2008-05-06 00:39 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2008-05-06 00:39 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2008-05-06 00:39 --------- d-----w C:\Program Files\Real
2008-05-06 00:39 --------- d-----w C:\Program Files\Common Files\xing shared
2008-05-06 00:39 --------- d-----w C:\Program Files\Common Files\Real
2008-05-05 23:19 --------- d-----w C:\Program Files\DNA
2008-05-05 22:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-05-04 16:45 --------- d-----w C:\Program Files\MagicISO
2008-05-04 16:45 --------- d-----w C:\Program Files\MagicDisc
2008-05-04 13:56 --------- d-----w C:\Program Files\Microsoft Works
2008-05-04 13:55 --------- d-----w C:\Program Files\MSBuild
2008-05-04 13:53 --------- d-----w C:\Program Files\Microsoft.NET
2008-05-04 04:29 --------- d-----w C:\Program Files\Steam
2008-05-02 20:33 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-02 00:42 --------- d-----w C:\Program Files\LimeWire
2008-05-01 00:45 --------- d-----w C:\Program Files\Apple Software Update
2008-04-30 22:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-30 22:34 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-04-30 20:19 33,824 ----a-w C:\WINDOWS\system32\drivers\oreans32.sys
2008-04-30 20:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2008-04-26 16:36 --------- d-----w C:\Program Files\iTunes
2008-04-26 15:32 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Apple Computer
2008-04-18 16:26 --------- d-----w C:\Program Files\Logitech
2008-04-18 16:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\Logitech
2008-04-17 01:49 --------- d-----w C:\Program Files\Curse
2008-04-16 18:29 --------- d-----w C:\Documents and Settings\Family\Application Data\Ubisoft
2008-04-16 18:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ubisoft
2008-04-14 09:55 1,804 ----a-w C:\WINDOWS\system32\dcache.bin
2008-04-06 14:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL OCP
2008-04-06 14:45 --------- d-----w C:\Program Files\Viewpoint
2008-04-06 14:45 --------- d-----w C:\Documents and Settings\Family\Application Data\Viewpoint
2008-04-06 14:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-04-06 14:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2008-04-06 02:52 --------- d---a-w C:\Documents and Settings\All Users\Application Data\temp
2008-04-02 12:19 2,560 ----a-w C:\WINDOWS\system32\bitcometres.dll
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-17 20:04 98,304 ----a-w C:\WINDOWS\DUMPcc1a.tmp
2008-03-17 20:03 98,304 ----a-w C:\WINDOWS\DUMPd810.tmp
2008-03-17 16:30 98,304 ----a-w C:\WINDOWS\DUMPdb6b.tmp
2008-03-17 00:47 98,304 ----a-w C:\WINDOWS\DUMPd4d4.tmp
2008-03-17 00:41 98,304 ----a-w C:\WINDOWS\DUMPd409.tmp
2008-03-17 00:01 98,304 ----a-w C:\WINDOWS\DUMPd33e.tmp
2008-03-16 19:46 98,304 ----a-w C:\WINDOWS\DUMPd66a.tmp
2008-03-01 00:34 22,328 ----a-w C:\Documents and Settings\Family\Application Data\PnkBstrK.sys
.
------- Sigcheck -------
2006-04-20 08:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys
2007-10-30 12:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
2008-04-02 14:17 360064 3f89432724dc5d72689e16f3354bccfc C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys
2004-08-03 23:14 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\$NtUninstallKB917953$\tcpip.sys
2007-12-19 18:53 359808 de891ad282e856acfd40990094a63b6f C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys
2004-08-03 23:14 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
2008-04-02 14:17 360064 3f89432724dc5d72689e16f3354bccfc C:\WINDOWS\system32\dllcache\tcpip.sys
2008-04-02 14:17 360064 3f89432724dc5d72689e16f3354bccfc C:\WINDOWS\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((( snapshot@2008-06-05_11.28.54.18 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-05 15:17:07 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-06 01:01:16 2,048 --s-a-w C:\WINDOWS\bootstat.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
2008-06-01 10:02 2051328 --a------ C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= "C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL" [2008-06-01 10:02 2051328]
[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-9990-79a187e2698e}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-06-01 10:02 2051328]
[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-9990-79a187e2698e}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-05-05 19:20 289088]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]
"DAEMON Tools Pro Agent"="C:\Program Files\DAEMON Tools Pro\DTProAgent.exe" [2007-09-06 09:08 136136]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
"SandboxieControl"="C:\Program Files\Sandboxie\SbieCtrl.exe" [2008-04-27 09:22 512512]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\M SConfig.exe" [2004-08-04 00:56 158208]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 02:41 8523776]
"BMf76d7e4d"="C:\WINDOWS\system32\bmyqwlie.dll " [ ]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
InterVideo WinCinema Manager.lnk - C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe [2007-10-16 21:16:00 200704]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe [2008-02-08 17:06:29 67128]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-02-08 17:04:23 692224]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkkHArOG]
jkkHArOG.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\aawservice]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\AVG Anti-Spyware Driver]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\AVG Anti-Spyware Guard]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\WdfLoadGroup]
@=""
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BMf76d7e4d]
C:\WINDOWS\system32\bmyqwlie.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Bonjour Service"=2 (0x2)
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Xfire\\xfire.exe"=
"C:\\Program Files\\BitComet\\BitComet.exe"=
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"C:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"C:\\Program Files\\Warcraft III\\war3.exe"=
"C:\\Documents and Settings\\Family\\Desktop\\listchecker\\pickup.lis tchecker.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\xchat\\xchat.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessen ger.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Steam\\steamapps\\evilcookie24\\condition zero deleted scenes\\hl.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\DNA\\btdna.exe"=
"C:\\Documents and Settings\\Family\\Desktop\\ProjectMonsterCMS.exe"=
"C:\\Program Files\\SwiftSwitch\\SwiftSwitch.exe"=
"C:\\Program Files\\Hamachi\\hamachi.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
"26946:TCP"= 26946:TCP:BitComet 26946 TCP
"26946:UDP"= 26946:UDP:BitComet 26946 UDP
"49182:TCP"= 49182:TCP:BitComet 49182 TCP
"49182:UDP"= 49182:UDP:BitComet 49182 UDP
"55555:TCP"= 55555:TCP:BitComet 55555 TCP
"55555:UDP"= 55555:UDP:BitComet 55555 UDP
R0 AvgRkx86;avgrkx86.sys;C:\WINDOWS\system32\Drivers\ avgrkx86.sys [2008-06-01 10:02]
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-06-01 10:02]
R1 oreans32;oreans32;C:\WINDOWS\system32\drivers\orea ns32.sys [2008-04-30 16:19]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-06-01 10:02]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-06-01 10:02]
R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 17:38]
R3 SbieDrv;SbieDrv;C:\Program Files\Sandboxie\SbieDrv.sys [2008-04-27 09:22]
S0 AmdAcpi;AmdAcpi Bus Filter Driver;C:\WINDOWS\system32\DRIVERS\AmdAcpi.sys []
S3 KIKIDRIVER;KIKIDRIVER;C:\Documents and Settings\Family\Desktop\Kiki Engine 1.41 [Unpacked]\kiki.sys []
S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [2007-06-28 20:01]
S3 PciCon;PciCon:\PciCon.sys []
S3 XDva064;XDva064;C:\WINDOWS\system32\XDva064.sys []
S3 XDva121;XDva121;C:\WINDOWS\system32\XDva121.sys []
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{344f9b90-19d5-11dd-8eee-0013d4e9b7aa}]
\Shell\AutoRun\command - I:\Launcher.exe
.
Contents of the 'Scheduled Tasks' folder
"2008-05-30 17:22:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
************************************************** ************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-05 21:08:38
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...

************************************************** ************************
"ImagePath"="\??\C:\Documents and Settings\Family\Desktop\Kiki Engine 1.41
[Unpacked]\kiki.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\K IKIDRIVER]
"ImagePath"="\??\C:\Documents and Settings\Family\Desktop\Kiki Engine 1.41
.
Completion time: 2008-06-05 21:13:20
ComboFix-quarantined-files.txt 2008-06-06 01:12:18
ComboFix2.txt 2008-06-06 00:54:00
ComboFix3.txt 2008-06-05 15:29:12
Pre-Run: 5,454,643,200 bytes free
Post-Run: 5,440,147,456 bytes free
248 --- E O F --- 2008-06-01 23:21:46

Before we can carry on with your cleanup we need to install your Recovery Console.
Go to Microsoft's website => How to obtain Windows XP Setup boot disks
Select the download that's appropriate for your Operating System



Download the file & save it as it's originally named, next to ComboFix.exe.



Now close all open windows and programs, including all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

• Drag the setup package onto ComboFix.exe and drop it.
• Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console.
• At the next prompt, click 'Yes' to run the full ComboFix scan.
  
• When the tool is finished, it will produce a report for you.

Please post the C:\ComboFix.txt along with a new HijackThis log for further review.

I did not reset my computer after running combofix. I ran hijackthis right after combofix. Is that important?


ComboFix 08-06-04.5 - Family 2008-06-06 8:34:32.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1089 [GMT -4:00]
Running from: C:\Documents and Settings\Family\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Family\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
* Created a new restore point
.
((((((((((((((((((((((((( Files Created from 2008-05-06 to 2008-06-06 )))))))))))))))))))))))))))))))
.
2008-06-05 21:19 . 2008-06-05 21:19 <DIR> d-------- C:\WINDOWS\ERUNT
2008-06-05 11:34 . 2008-06-05 11:34 <DIR> d-------- C:\SDFix
2008-06-05 00:26 . 2008-06-05 00:26 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-06-05 00:26 . 2008-06-05 00:26 1,409 --a------ C:\WINDOWS\QTFont.for
2008-06-04 22:37 . 2008-06-04 22:37 <DIR> d-------- C:\Sandbox
2008-06-04 22:32 . 2008-06-06 00:45 <DIR> d-------- C:\Program Files\Sandboxie
2008-06-04 22:25 . 2008-06-04 22:25 <DIR> d-------- C:\Deckard
2008-06-01 20:43 . 2008-06-01 20:43 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-06-01 20:43 . 2008-06-01 20:43 <DIR> d-------- C:\WINDOWS\l2schemas
2008-06-01 20:35 . 2006-12-29 00:31 19,569 --a------ C:\WINDOWS\005833_.tmp
2008-06-01 19:27 . 2008-06-02 12:14 <DIR> d-------- C:\WINDOWS\system32\bits
2008-06-01 19:27 . 2007-03-29 08:56 409,600 -----c--- C:\WINDOWS\system32\dllcache\qmgr.dll
2008-06-01 19:27 . 2007-03-29 08:56 18,944 -----c--- C:\WINDOWS\system32\dllcache\qmgrprxy.dll
2008-06-01 19:27 . 2007-03-29 08:56 8,192 -----c--- C:\WINDOWS\system32\dllcache\bitsprx2.dll
2008-06-01 19:27 . 2007-03-29 08:56 7,168 -----c--- C:\WINDOWS\system32\dllcache\bitsprx4.dll
2008-06-01 19:27 . 2007-03-29 08:56 7,168 -----c--- C:\WINDOWS\system32\dllcache\bitsprx3.dll
2008-06-01 19:27 . 2007-03-29 08:56 7,168 --------- C:\WINDOWS\system32\bitsprx4.dll
2008-06-01 19:27 . 2008-06-01 19:27 1,355 --a------ C:\WINDOWS\imsins.BAK
2008-06-01 10:02 . 2008-06-05 18:36 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-06-01 10:02 . 2008-06-03 19:07 <DIR> d-------- C:\Documents and Settings\Family\Application Data\AVGTOOLBAR
2008-06-01 10:02 . 2008-06-01 10:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-06-01 10:02 . 2008-06-01 10:02 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-06-01 10:02 . 2008-06-01 10:02 75,272 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
2008-06-01 10:02 . 2008-06-01 10:02 12,424 --a------ C:\WINDOWS\system32\drivers\avgrkx86.sys
2008-06-01 10:02 . 2008-06-01 10:02 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-06-01 09:45 . 2008-06-01 09:48 14,688,256 --a------ C:\WINDOWS\sectest.db
2008-05-31 16:46 . 2008-06-01 21:03 <DIR> d--h----- C:\$AVG8.VAULT$
2008-05-31 13:25 . 2008-05-31 13:25 93 --a------ C:\WINDOWS\wininit.ini
2008-05-31 13:19 . 2008-05-31 13:19 <DIR> d-------- C:\Program Files\AVG
2008-05-28 14:04 . 2008-06-06 01:27 <DIR> d-------- C:\Program Files\SwiftSwitch
2008-05-28 14:04 . 2008-05-28 14:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SwiftSwitch
2008-05-24 12:14 . 2008-06-02 12:28 <DIR> d-------- C:\Program Files\Prime95
2008-05-24 12:12 . 2008-06-01 07:12 <DIR> d-------- C:\Program Files\SpeedFan
2008-05-18 08:52 . 2008-05-18 08:52 <DIR> d-------- C:\Program Files\Lavalys
2008-05-13 21:29 . 2008-05-13 21:29 41,296 --a------ C:\WINDOWS\system32\xfcodec.dll
2008-05-13 20:26 . 2008-05-13 20:26 <DIR> d-------- C:\Documents and Settings\Family\_curSkin
2008-05-13 16:39 . 2008-05-13 16:39 <DIR> d-------- C:\WINDOWS\system32\_curSkin
2008-05-13 16:39 . 2008-05-14 22:16 <DIR> d-------- C:\Documents and Settings\Family\Application Data\GameComm
2008-05-13 16:38 . 2008-06-04 22:14 <DIR> d-------- C:\Program Files\GameComm
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-06-06 12:30 --------- d-----w C:\Documents and Settings\Family\Application Data\DNA
2008-06-06 01:55 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-06-06 01:52 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-06-06 00:24 --------- d-----w C:\Documents and Settings\Family\Application Data\Xfire
2008-06-05 14:25 --------- d-----w C:\Program Files\Xfire
2008-06-05 01:35 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-06-05 01:34 --------- d-----w C:\Program Files\AMD
2008-06-05 01:19 --------- d-----w C:\Program Files\Warcraft III
2008-06-01 14:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-05-31 05:25 --------- d-----w C:\Documents and Settings\Family\Application Data\LimeWire
2008-05-28 23:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-05-20 12:48 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-05-16 16:21 --------- d-----w C:\Program Files\Common Files\Adobe
2008-05-13 21:37 --------- d-----w C:\Program Files\World of Warcraft
2008-05-12 04:57 --------- d-----w C:\Program Files\Common Files\AOL
2008-05-11 02:45 --------- d-----w C:\Documents and Settings\Family\Application Data\teamspeak2
2008-05-06 00:39 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2008-05-06 00:39 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2008-05-06 00:39 --------- d-----w C:\Program Files\Real
2008-05-06 00:39 --------- d-----w C:\Program Files\Common Files\xing shared
2008-05-06 00:39 --------- d-----w C:\Program Files\Common Files\Real
2008-05-05 23:19 --------- d-----w C:\Program Files\DNA
2008-05-05 22:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-05-04 16:45 --------- d-----w C:\Program Files\MagicISO
2008-05-04 16:45 --------- d-----w C:\Program Files\MagicDisc
2008-05-04 13:56 --------- d-----w C:\Program Files\Microsoft Works
2008-05-04 13:55 --------- d-----w C:\Program Files\MSBuild
2008-05-04 13:53 --------- d-----w C:\Program Files\Microsoft.NET
2008-05-04 04:29 --------- d-----w C:\Program Files\Steam
2008-05-02 20:33 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-02 00:42 --------- d-----w C:\Program Files\LimeWire
2008-05-01 00:45 --------- d-----w C:\Program Files\Apple Software Update
2008-04-30 22:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-30 22:34 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-04-30 20:19 33,824 ----a-w C:\WINDOWS\system32\drivers\oreans32.sys
2008-04-30 20:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2008-04-26 16:36 --------- d-----w C:\Program Files\iTunes
2008-04-26 15:32 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Apple Computer
2008-04-18 16:26 --------- d-----w C:\Program Files\Logitech
2008-04-18 16:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\Logitech
2008-04-17 01:49 --------- d-----w C:\Program Files\Curse
2008-04-16 18:29 --------- d-----w C:\Documents and Settings\Family\Application Data\Ubisoft
2008-04-16 18:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ubisoft
2008-04-14 09:55 1,804 ----a-w C:\WINDOWS\system32\dcache.bin
2008-04-06 14:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL OCP
2008-04-06 14:45 --------- d-----w C:\Program Files\Viewpoint
2008-04-06 14:45 --------- d-----w C:\Documents and Settings\Family\Application Data\Viewpoint
2008-04-06 14:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-04-06 14:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2008-04-06 02:52 --------- d---a-w C:\Documents and Settings\All Users\Application Data\temp
2008-04-02 12:19 2,560 ----a-w C:\WINDOWS\system32\bitcometres.dll
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-17 20:04 98,304 ----a-w C:\WINDOWS\DUMPcc1a.tmp
2008-03-17 20:03 98,304 ----a-w C:\WINDOWS\DUMPd810.tmp
2008-03-17 16:30 98,304 ----a-w C:\WINDOWS\DUMPdb6b.tmp
2008-03-17 00:47 98,304 ----a-w C:\WINDOWS\DUMPd4d4.tmp
2008-03-17 00:41 98,304 ----a-w C:\WINDOWS\DUMPd409.tmp
2008-03-17 00:01 98,304 ----a-w C:\WINDOWS\DUMPd33e.tmp
2008-03-16 19:46 98,304 ----a-w C:\WINDOWS\DUMPd66a.tmp
2008-03-01 00:34 22,328 ----a-w C:\Documents and Settings\Family\Application Data\PnkBstrK.sys
.
------- Sigcheck -------
2006-04-20 08:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys
2007-10-30 12:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
2008-04-02 14:17 360064 3f89432724dc5d72689e16f3354bccfc C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys
2004-08-03 23:14 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\$NtUninstallKB917953$\tcpip.sys
2007-12-19 18:53 359808 de891ad282e856acfd40990094a63b6f C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys
2004-08-03 23:14 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
2008-04-02 14:17 360064 3f89432724dc5d72689e16f3354bccfc C:\WINDOWS\system32\dllcache\tcpip.sys
2008-04-02 14:17 360064 3f89432724dc5d72689e16f3354bccfc C:\WINDOWS\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((( snapshot@2008-06-05_11.28.54.18 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-05 15:17:07 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-06 12:29:46 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-05 14:42:39 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
+ 2008-06-06 01:21:11 9,404,416 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000001\ntuser.dat
+ 2008-06-06 01:21:11 417,792 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat
+ 2008-06-05 14:42:39 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2008-06-06 01:19:35 9,404,416 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000001\ntuser.dat
+ 2008-06-06 01:19:35 417,792 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
2008-06-01 10:02 2051328 --a------ C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= "C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL" [2008-06-01 10:02 2051328]
[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-9990-79a187e2698e}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-06-01 10:02 2051328]
[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-9990-79a187e2698e}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-05-05 19:20 289088]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]
"DAEMON Tools Pro Agent"="C:\Program Files\DAEMON Tools Pro\DTProAgent.exe" [2007-09-06 09:08 136136]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 02:41 8523776]
"BMf76d7e4d"="C:\WINDOWS\system32\bmyqwlie.dll " [ ]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
InterVideo WinCinema Manager.lnk - C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe [2007-10-16 21:16:00 200704]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe [2008-02-08 17:06:29 67128]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-02-08 17:04:23 692224]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkkHArOG]
jkkHArOG.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\aawservice]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\AVG Anti-Spyware Driver]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\AVG Anti-Spyware Guard]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\WdfLoadGroup]
@=""
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BMf76d7e4d]
C:\WINDOWS\system32\bmyqwlie.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Bonjour Service"=2 (0x2)
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Xfire\\xfire.exe"=
"C:\\Program Files\\BitComet\\BitComet.exe"=
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"C:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"C:\\Program Files\\Warcraft III\\war3.exe"=
"C:\\Documents and Settings\\Family\\Desktop\\listchecker\\pickup.lis tchecker.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\xchat\\xchat.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessen ger.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Steam\\steamapps\\evilcookie24\\condition zero deleted scenes\\hl.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\DNA\\btdna.exe"=
"C:\\Documents and Settings\\Family\\Desktop\\ProjectMonsterCMS.exe"=
"C:\\Program Files\\SwiftSwitch\\SwiftSwitch.exe"=
"C:\\Program Files\\Hamachi\\hamachi.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
"26946:TCP"= 26946:TCP:BitComet 26946 TCP
"26946:UDP"= 26946:UDP:BitComet 26946 UDP
"49182:TCP"= 49182:TCP:BitComet 49182 TCP
"49182:UDP"= 49182:UDP:BitComet 49182 UDP
"55555:TCP"= 55555:TCP:BitComet 55555 TCP
"55555:UDP"= 55555:UDP:BitComet 55555 UDP
R0 AvgRkx86;avgrkx86.sys;C:\WINDOWS\system32\Drivers\ avgrkx86.sys [2008-06-01 10:02]
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-06-01 10:02]
R1 oreans32;oreans32;C:\WINDOWS\system32\drivers\orea ns32.sys [2008-04-30 16:19]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-06-01 10:02]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-06-01 10:02]
R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 17:38]
S0 AmdAcpi;AmdAcpi Bus Filter Driver;C:\WINDOWS\system32\DRIVERS\AmdAcpi.sys []
S3 KIKIDRIVER;KIKIDRIVER;C:\Documents and Settings\Family\Desktop\Kiki Engine 1.41 [Unpacked]\kiki.sys []
S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [2007-06-28 20:01]
S3 PciCon;PciCon:\PciCon.sys []
S3 XDva064;XDva064;C:\WINDOWS\system32\XDva064.sys []
S3 XDva121;XDva121;C:\WINDOWS\system32\XDva121.sys []
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{344f9b90-19d5-11dd-8eee-0013d4e9b7aa}]
\Shell\AutoRun\command - I:\Launcher.exe
.
Contents of the 'Scheduled Tasks' folder
"2008-05-30 17:22:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
************************************************** ************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-06 08:38:37
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
************************************************** ************************
"ImagePath"="\??\C:\Documents and Settings\Family\Desktop\Kiki Engine 1.41
[Unpacked]\kiki.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\K IKIDRIVER]
"ImagePath"="\??\C:\Documents and Settings\Family\Desktop\Kiki Engine 1.41
.
Completion time: 2008-06-06 8:43:10
ComboFix-quarantined-files.txt 2008-06-06 12:42:57
ComboFix2.txt 2008-06-06 01:13:21
ComboFix3.txt 2008-06-06 00:54:00
ComboFix4.txt 2008-06-05 15:29:12
Pre-Run: 5,341,978,624 bytes free
Post-Run: 5,310,038,016 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOW S
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Micro soft Windows XP Professional" /fastdetect /NoExecute=OptIn /usepmtimer
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
262 --- E O F --- 2008-06-01 23:21:46
=======================================
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:48:11 AM, on 6/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [BMf76d7e4d] Rundll32.exe "C:\WINDOWS\system32\bmyqwlie.dll",s
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemydsl.verizon.net/sd...SL/tgctlcm.cab
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/Driver...aSmartScan.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor...fo/webscan.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MI1933~1\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: jkkHArOG - jkkHArOG.dll (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Prime95 Service - Unknown owner - C:\Program Files\Prime95\prime95.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
--
End of file - 9163 bytes

Have "Hijack This" fix all the following items in the list below by placing a check in the appropriate boxes.Confirm that you have only the listed ones checked, then press <Fix checked> and Close HJT.

O4 - HKLM\..\Run: [BMf76d7e4d] Rundll32.exe "C:\WINDOWS\system32\bmyqwlie.dll",s
O20 - Winlogon Notify: jkkHArOG - jkkHArOG.dll (file missing)
O23 - Service: Prime95 Service - Unknown owner - C:\Program Files\Prime95\prime95.exe (file missing)
Reboot........................



======================

Please copy this page to *Notepad* and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.
It's IMPORTANT to carry out the instructions in the sequence listed below.
1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Open *notepad* and copy/paste the text in the quotebox below into it:
Save this as CFScript.txt, in the same location as ComboFix.exe which is on the Desktop.


Refering to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt
Please copy and paste the ComboFix.txt along with a fresh HijackThis log in your next reply please.

*Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.Altering this script in any way could damage your computer*

Here ya go.