Hi, once more, its me. People seem to like attacking my computer, I don't know why.

anyways there is this one file named

afcfbbadee.dll


Heres my HJT Log..note that I had just tried SmitFraud Fix:

Logfile of HijackThis v1.99.1
Scan saved at 11:34:38 AM, on 11/7/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Last.fm\LastFMHelper.exe
C:\Program Files\MSN Messenger\usnsvc.exe
D:\Program Files\Xfire\Xfire.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HI JACK!\scanner.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - Startup: Xfire.lnk = D:\Program Files\Xfire\Xfire.exe
O4 - Global Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - D:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin11USA.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: afcfbbadee - C:\WINDOWS\system32\afcfbbadee.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\system32\NMSSvc.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe


Thanks.

Hi demonic_angel :)

YOu're infected.

Please remove any existing versions of ComboFix.

1. Download this file - combofix.exe (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Here's the Combofix log:

ComboFix 07-11-08.1 - Darrell Lau 2007-11-09 12:30:34.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.268 [GMT -8:00]
Running from: C:\Documents and Settings\Darrell Lau\Desktop\ComboFix.exe
.

Unable to gain System Privileges

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Darrell Lau\Application Data\inst.exe
C:\Program Files\SoftPortal
C:\Program Files\SoftPortal\Soft\ATHtBt\ATHtBt.part01.rar
C:\Program Files\SoftPortal\Soft\ATHtBt\ATHtBt.part02.rar
C:\Program Files\SoftPortal\Soft\ATHtBt\ATHtBt.part03.rar
C:\Program Files\SoftPortal\Soft\ATHtBt\ATHtBt.part04.rar
C:\Program Files\SoftPortal\Soft\ATHtBt\ATHtBt.part05.rar
C:\Program Files\SoftPortal\Soft\ATHtBt\ATHtBt.part06.rar
C:\Program Files\SoftPortal\Soft\ATHtBt\ATHtBt.part07.rar
C:\Program Files\SoftPortal\Soft\ATHtBt\ATHtBt.part08.rar
C:\Program Files\SoftPortal\Soft\ATHtBt\ATHtBt.part09.rar
C:\Program Files\SoftPortal\Soft\ATHtBt\info.txt
C:\Program Files\SoftPortal\Soft\Auswise\ui.uim
C:\Program Files\SoftPortal\Soft\RTNKa\ui.uim
C:\Program Files\SoftPortal\Soft\XBS\ui.uim
C:\Program Files\SoftPortal\Soft\YellowB\info.txt
C:\Program Files\SoftPortal\Soft\YellowB\YellowB.part02.rar
C:\Program Files\SoftPortal\Soft\YellowB\YellowB.part03.rar
C:\Program Files\SoftPortal\Soft\YellowB\YellowB.part04.rar
C:\Program Files\SoftPortal\Soft\YellowB\YellowB.part06.rar
C:\Program Files\SoftPortal\Soft\YellowB\YellowB.part07.rar
C:\Program Files\SoftPortal\Soft\YellowB\YellowB.part08.rar
C:\Program Files\SoftPortal\Soft\YellowB\YellowB.part09.rar
C:\Program Files\SoftPortal\Soft\YellowB\YellowB.part10.rar
C:\Program Files\SoftPortal\Soft\YellowB\YellowB.part11.rar
C:\Program Files\SoftPortal\Soft\YellowB\YellowB.part12.rar
C:\Program Files\SoftPortal\Soft\YellowB\YellowB.part13.rar
C:\WINDOWS\system32\afcfbbadee.dll
C:\WINDOWS\system32\drivers\4_stars.gif
C:\WINDOWS\system32\drivers\5_stars.gif
C:\WINDOWS\system32\drivers\alert_icon.gif
C:\WINDOWS\system32\drivers\arrow.gif
C:\WINDOWS\system32\drivers\buy_btn.gif
C:\WINDOWS\system32\drivers\close_icon.gif
C:\WINDOWS\system32\drivers\detect.htm
C:\WINDOWS\system32\drivers\download_btn.gif
C:\WINDOWS\system32\drivers\features.gif
C:\WINDOWS\system32\drivers\header_bg.gif
C:\WINDOWS\system32\drivers\icon_warning.gif
C:\WINDOWS\system32\drivers\logo_bg.gif
C:\WINDOWS\system32\drivers\perfect_cleaner_box.jpg
C:\WINDOWS\system32\drivers\perfect_cleaner_box_small.jpg
C:\WINDOWS\system32\drivers\perfect_cleaner_header.gif
C:\WINDOWS\system32\drivers\perfect_cleaner_header_small.gif
C:\WINDOWS\system32\drivers\protect.gif
C:\WINDOWS\system32\drivers\pt.htm
C:\WINDOWS\system32\drivers\s_detect.htm
C:\WINDOWS\system32\drivers\secuity_center_logo.gif
C:\WINDOWS\system32\drivers\spy_away_box.jpg
C:\WINDOWS\system32\drivers\spy_away_box_small.jpg
C:\WINDOWS\system32\drivers\spy_away_header.gif
C:\WINDOWS\system32\drivers\spy_away_header_small.gif
C:\WINDOWS\system32\drivers\users_rating.gif
C:\WINDOWS\system32\drivers\v.gif
C:\WINDOWS\system32\drivers\x.gif
C:\WINDOWS\system32\gln.dll
C:\WINDOWS\system32\rtnka.dat
C:\WINDOWS\system32\rtnka.dll
C:\WINDOWS\system32\SoUI.dll

((((((((((((((((((((((((( Files Created from 2007-10-09 to 2007-11-09 )))))))))))))))))))))))))))))))
.

2007-11-08 06:16 <DIR> d-------- C:\Documents and Settings\NetworkService.NT AUTHORITY\Application Data\Xfire
2007-11-07 11:23 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-11-07 11:23 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2007-11-07 08:56 0 --a------ C:\WINDOWS\ativpsrm.bin
2007-11-07 04:04 <DIR> d-------- C:\Program Files\Apple Software Update
2007-11-07 04:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2007-11-05 03:52 1,156 --a------ C:\WINDOWS\mozver.dat
2007-11-01 02:40 <DIR> d-------- C:\Documents and Settings\Darrell Lau\Application Data\DivX
2007-11-01 02:39 <DIR> d-------- C:\Documents and Settings\Darrell Lau\Application Data\Talkback
2007-11-01 02:37 <DIR> d-------- C:\Program Files\DivX
2007-11-01 02:37 120,056 --------- C:\WINDOWS\system32\pxcpyi64.exe
2007-11-01 02:37 118,520 --------- C:\WINDOWS\system32\pxinsi64.exe
2007-10-20 02:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\InstallShield
2007-10-10 21:31 216,576 --a------ C:\WINDOWS\system32\monln.dll
2007-10-09 18:40 76,800 --a------ C:\WINDOWS\system32\unrar.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-07 19:34 --------- d-----w C:\Program Files\HI JACK!
2007-11-01 10:03 --------- d-----w C:\Documents and Settings\Darrell Lau\Application Data\Vso
2007-11-01 08:00 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-10-20 09:52 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-20 09:17 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-10-11 05:31 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2007-10-11 05:31 434,252 ----a-w C:\WINDOWS\system32\Msvcrtd.dll
2007-10-11 05:31 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2007-10-11 05:31 1,060,864 ----a-w C:\WINDOWS\system32\MFC71.dll
2007-10-11 05:31 --------- d-----w C:\Program Files\Comodo
2007-10-11 05:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Comodo
2007-10-10 15:43 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll
2007-10-09 05:03 --------- d-----w C:\Program Files\Java
2007-09-29 05:46 47,376 ----a-w C:\WINDOWS\system32\drivers\ativvpxx.vp
2007-09-29 05:05 593,920 ------w C:\WINDOWS\system32\ati2sgag.exe
2007-09-29 03:21 9,854,976 ----a-w C:\WINDOWS\system32\atioglx2.dll
2007-09-29 03:07 356,352 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll
2007-09-29 03:06 268,800 ----a-w C:\WINDOWS\system32\ati2dvag.dll
2007-09-29 03:05 2,456,064 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys
2007-09-29 02:58 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll
2007-09-29 02:58 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
2007-09-29 02:58 143,360 ----a-w C:\WINDOWS\system32\atipdlxx.dll
2007-09-29 02:58 122,880 ----a-w C:\WINDOWS\system32\Oemdspif.dll
2007-09-29 02:57 122,880 ----a-w C:\WINDOWS\system32\ati2evxx.dll
2007-09-29 02:56 483,328 ----a-w C:\WINDOWS\system32\ati2evxx.exe
2007-09-29 02:55 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
2007-09-29 02:49 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll
2007-09-29 02:47 3,130,720 ----a-w C:\WINDOWS\system32\ati3duag.dll
2007-09-29 02:47 172,032 ----a-w C:\WINDOWS\system32\atiok3x2.dll
2007-09-29 02:36 1,593,600 ----a-w C:\WINDOWS\system32\ativvaxx.dll
2007-09-29 02:23 5,435,392 ----a-w C:\WINDOWS\system32\atioglxx.dll
2007-09-29 02:22 376,832 ----a-w C:\WINDOWS\system32\atikvmag.dll
2007-09-29 02:20 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
2007-09-29 02:19 49,152 ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll
2007-09-29 02:14 499,712 ----a-w C:\WINDOWS\system32\ati2cqag.dll
2007-09-28 16:08 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2007-09-28 16:07 129,784 ------w C:\WINDOWS\system32\pxafs.dll
2007-09-28 07:32 --------- d-----w C:\Program Files\DAEMON Tools
2007-09-20 16:50 --------- d-----w C:\Program Files\Last.fm
2007-09-17 03:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Last.fm
2007-09-17 02:11 --------- d-----w C:\Documents and Settings\Darrell Lau\Application Data\Comodo
2007-09-12 23:53 --------- d-----w C:\Program Files\NHN USA
2007-09-12 16:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-09-10 19:55 692,224 ----a-w C:\WINDOWS\system32\ijjiSetup.exe
2007-09-10 04:00 --------- d-----w C:\Documents and Settings\Darrell Lau\Application Data\mIRC
2007-09-06 08:22 289,144 ----a-w C:\WINDOWS\system32\VCCLSID.exe
2007-07-25 05:23 45,008 ----a-w C:\Documents and Settings\Darrell Lau\Application Data\GDIPFONTCACHEV1.DAT
2006-11-05 21:52 92,064 ----a-w C:\Documents and Settings\Darrell Lau\mqdmmdm.sys
2006-11-05 21:52 9,232 ----a-w C:\Documents and Settings\Darrell Lau\mqdmmdfl.sys
2006-11-05 21:52 79,328 ----a-w C:\Documents and Settings\Darrell Lau\mqdmserd.sys
2006-11-05 21:52 66,656 ----a-w C:\Documents and Settings\Darrell Lau\mqdmbus.sys
2006-11-05 21:52 6,208 ----a-w C:\Documents and Settings\Darrell Lau\mqdmcmnt.sys
2006-11-05 21:52 5,936 ----a-w C:\Documents and Settings\Darrell Lau\mqdmwhnt.sys
2006-11-05 21:52 4,048 ----a-w C:\Documents and Settings\Darrell Lau\mqdmcr.sys
2006-11-05 21:52 25,600 ----a-w C:\Documents and Settings\Darrell Lau\usbsermptxp.sys
2006-11-05 21:52 22,768 ----a-w C:\Documents and Settings\Darrell Lau\usbsermpt.sys
2005-05-17 04:48 47,360 ----a-w C:\Documents and Settings\Darrell Lau\Application Data\pcouffin.sys
2007-04-26 02:57:49 927,765 --sh--w C:\WINDOWS\system32\bbefe.bak1
2007-04-26 03:03:56 928,097 --sh--w C:\WINDOWS\system32\bbefe.bak2
2006-05-03 09:06:54 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
2007-02-21 10:47:16 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll
2007-04-27 14:50:32 923,108 --sh--w C:\WINDOWS\system32\qqstv.bak1
.

((((((((((((((((((((((((((((( snapshot_2007-09-08_181258.01 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-07-20 08:47:22 109,056 ----a-w C:\WINDOWS\catchme.exe
+ 2007-10-30 02:56:19 136,192 ----a-w C:\WINDOWS\catchme.exe
+ 2002-07-26 01:13:18 24,576 ----a-w C:\WINDOWS\Downloaded Program Files\dwusplay.dll
+ 2002-07-26 01:13:12 196,608 ----a-w C:\WINDOWS\Downloaded Program Files\dwusplay.exe
+ 2007-09-21 23:53:44 385,536 ----a-w C:\WINDOWS\Downloaded Program Files\Housecall_ActiveX.dll
+ 2007-09-10 19:55:54 114,688 ----a-w C:\WINDOWS\Downloaded Program Files\ijjiSetup1010.dll
+ 2005-08-11 23:30:30 417,792 ----a-w C:\WINDOWS\Downloaded Program Files\isusweb.dll
- 2007-06-20 02:43:07 295,606 ----a-r C:\WINDOWS\Installer\{AC76BA86-7AD7-1033-7B44-A81000000003}\SC_Reader.exe
+ 2007-11-07 20:19:55 295,606 ----a-r C:\WINDOWS\Installer\{AC76BA86-7AD7-1033-7B44-A81000000003}\SC_Reader.exe
+ 2007-11-07 12:04:45 27,136 ----a-r C:\WINDOWS\Installer\{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}\AppleSoftwareUpdateIco.exe
+ 2001-10-10 22:56:44 69,632 ------w C:\WINDOWS\PPUNINST.EXE
- 2007-02-26 15:44:06 147,685 ----a-w C:\WINDOWS\system32\atiicdxx.dat
+ 2007-08-14 21:11:53 156,671 ----a-w C:\WINDOWS\system32\atiicdxx.dat
+ 2007-09-29 02:36:05 3,107,788 ----a-w C:\WINDOWS\system32\ativva5x.dat
+ 2007-09-29 02:36:05 972,072 ----a-w C:\WINDOWS\system32\ativva6x.dat
- 2007-03-02 20:53:19 1,972,224 -c--a-w C:\WINDOWS\system32\dllcache\ati2mtag.sys
+ 2007-09-29 03:05:59 2,456,064 -c--a-w C:\WINDOWS\system32\dllcache\ati2mtag.sys
+ 2007-09-17 02:07:46 75,520 ----a-w C:\WINDOWS\system32\drivers\cmdmon.sys
+ 2007-09-17 02:07:43 51,328 ----a-w C:\WINDOWS\system32\drivers\inspect.sys
+ 2007-08-02 06:47:26 102,664 ----a-w C:\WINDOWS\system32\drivers\tmcomm.sys
+ 2007-06-22 02:59:50 58,776 ----a-w C:\WINDOWS\system32\ijjiPlugin2.dll
- 2006-12-15 09:30:58 49,248 ----a-w C:\WINDOWS\system32\java.exe
+ 2007-09-25 06:30:28 135,168 ----a-w C:\WINDOWS\system32\java.exe
- 2006-12-15 09:31:06 53,346 ----a-w C:\WINDOWS\system32\javaw.exe
+ 2007-09-25 06:30:30 135,168 ----a-w C:\WINDOWS\system32\javaw.exe
- 2006-12-15 11:09:14 127,078 ----a-w C:\WINDOWS\system32\javaws.exe
+ 2007-09-25 07:31:42 139,264 ----a-w C:\WINDOWS\system32\javaws.exe
+ 2005-05-24 19:27:16 213,048 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll
+ 2007-09-07 19:29:00 94,208 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
+ 2007-09-07 19:29:00 946,176 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll
+ 2007-06-11 21:34:00 2,115,816 ----a-w C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
+ 2007-06-11 21:34:00 190,696 ----a-w C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
+ 2000-08-12 01:23:34 36,864 ------w C:\WINDOWS\system32\PPGOLINK.DLL
+ 2001-06-23 02:01:44 131,072 ------w C:\WINDOWS\system32\PPWORDW.DLL
+ 2001-08-18 06:36:30 5,632 ----a-w C:\WINDOWS\system32\ptpusb.dll
+ 2004-08-04 08:56:46 159,232 ----a-w C:\WINDOWS\system32\ptpusd.dll
- 2007-03-07 23:51:00 547,576 ------w C:\WINDOWS\system32\px.dll
+ 2007-09-28 16:07:48 551,672 ------w C:\WINDOWS\system32\px.dll
- 2007-03-07 23:51:00 64,760 ------w C:\WINDOWS\system32\pxcpya64.exe
+ 2007-09-28 16:07:48 66,296 ------w C:\WINDOWS\system32\pxcpya64.exe
- 2007-03-07 23:51:00 510,712 ------w C:\WINDOWS\system32\pxdrv.dll
+ 2007-09-28 16:07:48 518,904 ------w C:\WINDOWS\system32\pxdrv.dll
- 2007-03-07 23:51:00 72,440 ------w C:\WINDOWS\system32\pxhpinst.exe
+ 2007-09-28 16:07:50 72,440 ------w C:\WINDOWS\system32\pxhpinst.exe
- 2007-03-07 23:51:00 64,760 ------w C:\WINDOWS\system32\pxinsa64.exe
+ 2007-09-28 16:07:48 64,760 ------w C:\WINDOWS\system32\pxinsa64.exe
- 2007-03-07 23:51:00 187,128 ------w C:\WINDOWS\system32\pxmas.dll
+ 2007-09-28 16:07:50 187,128 ------w C:\WINDOWS\system32\pxmas.dll
- 2007-03-07 23:51:00 1,628,920 ------w C:\WINDOWS\system32\pxsfs.dll
+ 2007-09-28 16:07:50 1,628,920 ------w C:\WINDOWS\system32\pxsfs.dll
- 2007-03-07 23:51:00 379,640 ------w C:\WINDOWS\system32\pxwave.dll
+ 2007-09-28 16:07:50 379,640 ------w C:\WINDOWS\system32\pxwave.dll
+ 2007-03-02 20:54:35 307,200 ----a-w C:\WINDOWS\system32\ReinstallBackups\0000\DriverFiles\ATIDEMGX.dll
+ 2007-09-29 03:07:23 356,352 ----a-w C:\WINDOWS\system32\ReinstallBackups\0001\DriverFiles\ATIDEMGX.dll
- 2007-03-07 23:51:00 39,672 ------w C:\WINDOWS\system32\vxblock.dll
+ 2007-09-28 16:07:48 88,824 ------w C:\WINDOWS\system32\vxblock.dll
- 2007-08-03 06:28:22 65,024 ----a-w C:\WINDOWS\twain_32\ScanDrv5\ApInfo.DAT
+ 2007-10-23 06:15:37 65,024 ----a-w C:\WINDOWS\twain_32\ScanDrv5\ApInfo.DAT
- 2007-08-03 06:28:22 10,752 ----a-w C:\WINDOWS\twain_32\ScanDrv5\HWInfo.DAT
+ 2007-10-23 06:15:35 10,752 ----a-w C:\WINDOWS\twain_32\ScanDrv5\HWInfo.DAT
- 2007-08-03 06:19:02 21,504 ---ha-w C:\WINDOWS\twain_32\ScanDrv5\InApInfo.dat
+ 2007-10-23 06:12:28 21,504 ---ha-w C:\WINDOWS\twain_32\ScanDrv5\InApInfo.dat
- 2007-08-03 06:28:22 267,318 ----a-w C:\WINDOWS\twain_32\ScanDrv5\PrevImg4.Dat
+ 2007-10-23 06:15:37 267,318 ----a-w C:\WINDOWS\twain_32\ScanDrv5\PrevImg4.Dat
+ 2001-10-23 06:14:16 28,672 ----a-r C:\WINDOWS\Wintime\WtRemove.exe
.
-- Snapshot reset to current date --

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2005-05-20 18:19]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"COMODO Firewall Pro"="C:\Program Files\Comodo\Firewall\CPF.exe" [2007-09-16 18:06]
"QuickTime Task"="D:\Program Files\QuickTime\qttask.exe" [2007-07-23 19:20]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 11:54]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 11:35]

C:\Documents and Settings\Darrell Lau\Start Menu\Programs\Startup\
Xfire.lnk - D:\Program Files\Xfire\Xfire.exe [2007-10-24 14:12:30]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Last.fm Helper.lnk - C:\Program Files\Last.fm\LastFMHelper.exe [2007-07-02 12:53:11]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoInstrumentation"=1 (0x1)
"NoStartMenuSubFolders"=1 (0x1)
"NoFavoritesMenu"=1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{36CD708B-6077-4C02-9377-D73EAA495A0F}"= C:\WINDOWS\WinHttp.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Last.fm Helper.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Last.fm Helper.lnk
backup=C:\WINDOWS\pss\Last.fm Helper.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NOD32 Control Center.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NOD32 Control Center.lnk
backup=C:\WINDOWS\pss\NOD32 Control Center.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PenPower PenKeyboard.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PenPower PenKeyboard.lnk
backup=C:\WINDOWS\pss\PenPower PenKeyboard.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PenPower Start-Up.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PenPower Start-Up.lnk
backup=C:\WINDOWS\pss\PenPower Start-Up.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Darrell Lau^Start Menu^Programs^Startup^Xfire.lnk]
path=C:\Documents and Settings\Darrell Lau\Start Menu\Programs\Startup\Xfire.lnk
backup=C:\WINDOWS\pss\Xfire.lnkStartup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AWMON]
"C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitComet]
"D:\Program Files\BitComet\BitComet.exe" /tray

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
"C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DC1300 Monitor]
D:\Program Files\DC1300\DCMnt1_0\DC1300mi.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus Photo R300 Series]
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P30 "EPSON Stylus Photo R300 Series" /O6 "USB001" /M "Stylus Photo R300"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\itype]
"C:\Program Files\Microsoft IntelliType Pro\itype.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
"C:\Program Files\MSN Messenger\msnmsgr.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"D:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
"C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
"D:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WeatherEye]
C:\Program Files\TheWeatherNetwork\WeatherEye\WeatherEye

R2 NMSSvc;Intel(R) NMS;C:\WINDOWS\system32\NMSSvc.exe
R3 NMSCFG;NIC Management Service Configuration Driver;\??\C:\WINDOWS\system32\drivers\NMSCFG.SYS
S3 DC1300;DC 1300 WDM Video Capture;C:\WINDOWS\system32\Drivers\BSC504AV.SYS
S3 motmodem;Motorola USB CDC ACM Driver;C:\WINDOWS\system32\DRIVERS\motmodem.sys
S3 rtl8029;Realtek RTL8029(AS)-based PCI Ethernet Adapter NT Driver;C:\WINDOWS\system32\DRIVERS\RTL8029.SYS
S3 USBCamera;DC 1300 Still Image Capture;C:\WINDOWS\system32\Drivers\BscBulk.sys
S4 D428BA68;D428BA68;C:\WINDOWS\system32\8C4ED30.EXE -k

*Newly Created Service* - NMSCFG
.
Contents of the 'Scheduled Tasks' folder
"2007-11-09 19:52:55 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2006-12-25 11:48:20 C:\WINDOWS\Tasks\Microsoft_Hardware_Launch_IType_exe.job"
- C:\Program Files\Microsoft IntelliType Pro\itype.exe
.
**************************************************************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-09 12:39:43
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-09 12:41:56 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2003-09-09 22:46
C:\ComboFix2.txt ... 2003-09-09 22:46
C:\ComboFix3.txt ... 2007-09-09 18:20
.
--- E O F ---

Hi again, we'll continue :)

You should print these instructions or save these to a text file. Follow these instructions carefully.

Download ATF Cleaner (http://www.atribune.org/ccount/click.php?id=1) by Atribune to your desktop.
Do NOT run yet.

Make your hidden files visible:
Go to My Computer
Select the Tools menu and click Folder Options
Click the View tab.
Checkmark the "Display the contents of system folders"
Under the Hidden files and folders select "Show hidden files and folders"
Uncheck "Hide protected operating system files"
Click Apply and then the OK and close My Computer.

==================

Open "My Computer" and delete the following files (if present):
C:\WINDOWS\system32\bbefe.bak1
C:\WINDOWS\system32\bbefe.bak2
C:\WINDOWS\system32\qqstv.bak1
.
Run ATF Cleaner Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.

You should print these instructions or save these to a text file. Follow these instructions carefully.

Download Dr.Web CureIt to the desktop -> ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe

Restart your computer to the safe mode:
Restart your computer
Start tapping the F8 key when the computer restarts.
When the start menu opens, choose Safe mode
Press Enter. The computer then begins to start in Safe mode.
Run a scan with Dr.Web CureIt Doubleclick the drweb-cureit.exe file and Allow to run the express scan
This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
Once the short scan has finished, you should now mark the drives that you want to scan.
Select all drives. A red dot shows which drives have been chosen.
Click the green arrow at the right, and the scan will start.
Click 'Yes to all' if it asks if you want to cure/move the file.

When the scan has finished, look if you can click next icon next to the files found http://users.telenet.be/bluepatchy/miekiemoes/images/check.gif
If so, click it and then click the next icon right below and select Move incurable
After the scan, in the menu, click file and choose save report list
Save the report to your desktop. The report will be called DrWeb.csv
Close Dr.Web Cureit.
Reboot the computer in Normal Mode,
Post the Cure-it report and a fresh HijackThis log

Here's the Cureit log

revbrev.EXE;C:\;Modification of Trojan.DownLoader.13879;Moved.;
inst.exe;C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_2.2.78.1;Probably BACKDOOR.Trojan;Deleted.;
TLYQZZDA.NQF;C:\Program Files\ESET\infected;Trojan.Juan;Deleted.;
SoUI.dll.vir;C:\qoobox\Quarantine\C\WINDOWS\system32;Trojan.AVKill.319;Deleted.;
A0048137.dll;C:\System Volume Information\_restore{8879F6E1-FCF4-4F33-876A-185E7B8FEAC0}\RP281;Trojan.Fakealert.338;Deleted.;
A0048534.dll;C:\System Volume Information\_restore{8879F6E1-FCF4-4F33-876A-185E7B8FEAC0}\RP283;Trojan.AVKill.319;Deleted.;
A0048610.EXE;C:\System Volume Information\_restore{8879F6E1-FCF4-4F33-876A-185E7B8FEAC0}\RP283;Modification of Trojan.DownLoader.13879;Moved.;
Process.exe;C:\WINDOWS\system32;Tool.Prockill;Deleted.;


Here's the HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 12:58:49 AM, on 11/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Last.fm\LastFMHelper.exe
D:\Program Files\Xfire\Xfire.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HI JACK!\scanner.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - Startup: Xfire.lnk = D:\Program Files\Xfire\Xfire.exe
O4 - Global Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - D:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin11USA.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\system32\NMSSvc.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe

Hello :)

Looks pretty good now; how is the pc running?

seems good. however it seems my computer has beef with running msn

Hi :)

"however it seems my computer has beef with running msn"

What do you mean exactly?

Hi

My computer runs incredibly slow with msn on. Everytime I run a low requirement game, I have to turn everything on, or else it's really really choppy. My cousin doesn't have this problem, even though my computer has a better graphics card and processor, and we have the same amount of RAM.

Thanks

Hmm how much RAM do you have?
Have you defragged your harddrive?

You might wanna read this -> Help! My computer is slow! by miekiemoes (http://users.telenet.be/bluepatchy/miekiemoes/slowcomputer.html)

Let me know :bigthumb:

I have 512mb of RAM, and I defrag my hard drive regularly.

I can't see anything bad there. This doesn't sound like a malware related issue.

Did you follow the mikiemoes set of advice?

Are you using the latest version of MSN?

512...increasing the memory to 1gb could solve the issue...

Yeah, I followed the advice. I think I will have to buy a stick of RAM.

Thanks

Okie :)



You can remove the tools we used.

=============

Now that you seem to be clean, please follow these simple steps in order to keep your computer clean and secure:
Clear your system restore (http://www.microsoft.com/windowsxp/using/helpandsupport/learnmore/tips/mcgill1.mspx)
This will clear the system restore folders from possible malware that was left behind during the cleaning process.

Use ATF Cleaner (http://www.atribune.org/ccount/click.php?id=1)
Download and install ATF Cleaner. Clean your temporary files & folders with it regularly.

Use Spybot S&D (http://www.bleepingcomputer.com/forums/?showtutorial=43)
Download and install Spybot S&D. Update it and scan your computer regularly with it.

Install SpywareBlaster (http://www.bleepingcomputer.com/tutorials/tutorial49.html)
SpywareBlaster will prevent spyware from being installed.

Install MVPS Hosts file (http://mvps.org/winhelp2002/hosts.htm)
This prevents your computer from connecting to harmful sites.

Use Firefox browser (http://www.mozilla.org)
Firefox is faster and more secure browser than Internet Explorer.

Keep your systen up-to-date (http://windowsupdate.microsoft.com)
Visit Windows Update regularly. How to enable Automatic Updates? (http://www.bleepingcomputer.com/tutorials/tutorial35.html)

Keep your antivirus (http://forum.malwareremoval.com/viewtopic.php?p=53#53) and firewall (http://forum.malwareremoval.com/viewtopic.php?p=56#56) up-to-date
Scan your computer regularly with you antivirus software.

Read this article by TonyKlein (http://forums.spybot.info/showthread.php?t=279)
So how did I get infected in the first place?

Stand Up and Be Counted ! (http://www.malwarecomplaints.info/index.php)
The site offers people who have been (or are) victims of malware the opportunity to document their story and, in that way, launch a complaint against the malware and the makers of the malware.


Stay clean and be safe ;)