ive tried updating spybot, unplugging internet, restarting comp, running Spybot and restarting and that didnt even work. Virtumonde is the DEVIL!
Virtumonde = :devil:
PLEASE have a heart and help me save my computer!

I also have a question, is this virus contagious via lan network?

anyway here's the report :(

--- Spybot - Search & Destroy version: 1.5 (build: 20070830) ---

2007-08-31 blindman.exe (1.0.0.6)
2007-08-31 SDMain.exe (1.0.0.4)
2007-08-31 SDUpdate.exe (1.0.6.4)
2007-08-31 SDWinSec.exe (1.0.0.8)
2007-08-31 SpybotSD.exe (1.5.1.15)
2007-08-31 TeaTimer.exe (1.5.0.9)
2008-01-22 unins000.exe (51.46.0.0)
2007-08-31 Update.exe (1.4.0.5)
2007-08-31 advcheck.dll (1.5.3.0)
2007-04-02 aports.dll (2.1.0.0)
2007-04-02 DelZip179.dll (1.79.5.3)
2007-08-31 SDHelper.dll (1.5.0.8)
2007-08-31 Tools.dll (2.1.2.0)
2008-04-09 Includes\Cookies.sbi
2007-12-26 Includes\Dialer.sbi
2008-04-09 Includes\DialerC.sbi
2008-04-09 Includes\HeavyDuty.sbi
2008-03-19 Includes\Hijackers.sbi
2008-04-09 Includes\HijackersC.sbi
2008-02-27 Includes\Keyloggers.sbi
2008-04-09 Includes\KeyloggersC.sbi
2004-11-29 Includes\LSP.sbi
2008-03-26 Includes\Malware.sbi
2008-04-09 Includes\MalwareC.sbi
2008-03-26 Includes\PUPS.sbi
2008-04-09 Includes\PUPSC.sbi
2008-04-09 Includes\Revision.sbi
2008-01-09 Includes\Security.sbi
2008-04-09 Includes\SecurityC.sbi
2008-04-02 Includes\Spybots.sbi
2008-04-09 Includes\SpybotsC.sbi
2007-11-06 Includes\Tracks.uti
2008-04-02 Includes\Trojans.sbi
2008-04-09 Includes\TrojansC.sbi
2008-12-24 Plugins\TCPIPAddress.dll


--- System information ---
Windows XP (Build: 2600) Service Pack 2 (5.1.2600)
/ MSXML4SP2: Security update for MSXML4 SP2 (KB936181)
/ Windows / SP1: Microsoft Internationalized Domain Names Mitigation APIs
/ Windows / SP1: Microsoft National Language Support Downlevel APIs
/ Windows Media Format 11 SDK: Hotfix for Windows Media Format 11 SDK (KB929399)
/ Windows Media Player 10: Security Update for Windows Media Player 10 (KB911565)
/ Windows Media Player 10: Security Update for Windows Media Player 10 (KB917734)
/ Windows Media Player 10: Security Update for Windows Media Player 10 (KB936782)
/ Windows Media Player 11: Security Update for Windows Media Player 11 (KB936782)
/ Windows Media Player 11: Hotfix for Windows Media Player 11 (KB939683)
/ Windows Media Player 6.4: Security Update for Windows Media Player 6.4 (KB925398)
/ Windows XP: Security Update for Windows XP (KB923689)
/ Windows XP: Security Update for Windows XP (KB941569)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB938127)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB942615)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB944533)
/ Windows XP / SP0: Hotfix for Windows Internet Explorer 7 (KB947864)
/ Windows XP / SP10: Microsoft Compression Client Pack 1.0 for Windows XP
/ Windows XP / SP3: Windows XP Hotfix - KB834707
/ Windows XP / SP3: Windows XP Hotfix - KB873333
/ Windows XP / SP3: Windows XP Hotfix - KB873339
/ Windows XP / SP3: Security Update for Windows XP (KB883939)
/ Windows XP / SP3: Windows XP Hotfix - KB885835
/ Windows XP / SP3: Windows XP Hotfix - KB885836
/ Windows XP / SP3: Windows XP Hotfix - KB886185
/ Windows XP / SP3: Windows XP Hotfix - KB887472
/ Windows XP / SP3: Windows XP Hotfix - KB887742
/ Windows XP / SP3: Windows XP Hotfix - KB887797
/ Windows XP / SP3: Windows XP Hotfix - KB888113
/ Windows XP / SP3: Windows XP Hotfix - KB888302
/ Windows XP / SP3: Security Update for Windows XP (KB890046)
/ Windows XP / SP3: Windows XP Hotfix - KB890047
/ Windows XP / SP3: Windows XP Hotfix - KB890175
/ Windows XP / SP3: Windows XP Hotfix - KB890859
/ Windows XP / SP3: Windows XP Hotfix - KB890923
/ Windows XP / SP3: Windows XP Hotfix - KB891781
/ Windows XP / SP3: Security Update for Windows XP (KB893066)
/ Windows XP / SP3: Windows XP Hotfix - KB893086
/ Windows XP / SP3: Security Update for Windows XP (KB893756)
/ Windows XP / SP3: Update for Windows XP (KB894391)
/ Windows XP / SP3: Hotfix for Windows XP (KB896344)
/ Windows XP / SP3: Security Update for Windows XP (KB896358)
/ Windows XP / SP3: Security Update for Windows XP (KB896422)
/ Windows XP / SP3: Security Update for Windows XP (KB896423)
/ Windows XP / SP3: Security Update for Windows XP (KB896424)
/ Windows XP / SP3: Security Update for Windows XP (KB896428)
/ Windows XP / SP3: Update for Windows XP (KB896727)
/ Windows XP / SP3: Update for Windows XP (KB898461)
/ Windows XP / SP3: Security Update for Windows XP (KB899587)
/ Windows XP / SP3: Security Update for Windows XP (KB899588)
/ Windows XP / SP3: Security Update for Windows XP (KB899589)
/ Windows XP / SP3: Security Update for Windows XP (KB899591)
/ Windows XP / SP3: Update for Windows XP (KB900485)
/ Windows XP / SP3: Security Update for Windows XP (KB900725)
/ Windows XP / SP3: Security Update for Windows XP (KB901017)
/ Windows XP / SP3: Security Update for Windows XP (KB901214)
/ Windows XP / SP3: Security Update for Windows XP (KB902400)
/ Windows XP / SP3: Security Update for Windows XP (KB903235)
/ Windows XP / SP3: Security Update for Windows XP (KB904706)
/ Windows XP / SP3: Update for Windows XP (KB904942)
/ Windows XP / SP3: Security Update for Windows XP (KB905414)
/ Windows XP / SP3: Security Update for Windows XP (KB905749)
/ Windows XP / SP3: Security Update for Windows XP (KB905915)
/ Windows XP / SP3: Security Update for Windows XP (KB908519)
/ Windows XP / SP3: Update for Windows XP (KB908531)
/ Windows XP / SP3: Update for Windows XP (KB910437)
/ Windows XP / SP3: Update for Windows XP (KB911280)
/ Windows XP / SP3: Security Update for Windows XP (KB911562)
/ Windows XP / SP3: Security Update for Windows XP (KB911567)
/ Windows XP / SP3: Security Update for Windows XP (KB911927)
/ Windows XP / SP3: Security Update for Windows XP (KB912812)
/ Windows XP / SP3: Security Update for Windows XP (KB912919)
/ Windows XP / SP3: Security Update for Windows XP (KB913446)
/ Windows XP / SP3: Security Update for Windows XP (KB913580)
/ Windows XP / SP3: Security Update for Windows XP (KB914388)
/ Windows XP / SP3: Security Update for Windows XP (KB914389)
/ Windows XP / SP3: Hotfix for Windows XP (KB914440)
/ Windows XP / SP3: Hotfix for Windows XP (KB915865)
/ Windows XP / SP3: Security Update for Windows XP (KB916281)
/ Windows XP / SP3: Update for Windows XP (KB916595)
/ Windows XP / SP3: Security Update for Windows XP (KB917159)
/ Windows XP / SP3: Security Update for Windows XP (KB917344)
/ Windows XP / SP3: Security Update for Windows XP (KB917422)
/ Windows XP / SP3: Security Update for Windows XP (KB917953)
/ Windows XP / SP3: Security Update for Windows XP (KB918118)
/ Windows XP / SP3: Security Update for Windows XP (KB918439)
/ Windows XP / SP3: Security Update for Windows XP (KB919007)
/ Windows XP / SP3: Security Update for Windows XP (KB920213)
/ Windows XP / SP3: Security Update for Windows XP (KB920670)
/ Windows XP / SP3: Security Update for Windows XP (KB920683)
/ Windows XP / SP3: Security Update for Windows XP (KB920685)
/ Windows XP / SP3: Update for Windows XP (KB920872)
/ Windows XP / SP3: Security Update for Windows XP (KB921503)
/ Windows XP / SP3: Update for Windows XP (KB922582)
/ Windows XP / SP3: Security Update for Windows XP (KB922819)
/ Windows XP / SP3: Security Update for Windows XP (KB923191)
/ Windows XP / SP3: Security Update for Windows XP (KB923414)
/ Windows XP / SP3: Security Update for Windows XP (KB923694)
/ Windows XP / SP3: Security Update for Windows XP (KB923980)
/ Windows XP / SP3: Security Update for Windows XP (KB924191)
/ Windows XP / SP3: Security Update for Windows XP (KB924270)
/ Windows XP / SP3: Security Update for Windows XP (KB924496)
/ Windows XP / SP3: Security Update for Windows XP (KB924667)
/ Windows XP / SP3: Update for Windows XP (KB925876)
/ Windows XP / SP3: Security Update for Windows XP (KB925902)
/ Windows XP / SP3: Hotfix for Windows XP (KB926239)
/ Windows XP / SP3: Security Update for Windows XP (KB926255)
/ Windows XP / SP3: Security Update for Windows XP (KB926436)
/ Windows XP / SP3: Security Update for Windows XP (KB927779)
/ Windows XP / SP3: Security Update for Windows XP (KB927802)
/ Windows XP / SP3: Update for Windows XP (KB927891)
/ Windows XP / SP3: Security Update for Windows XP (KB928255)
/ Windows XP / SP3: Security Update for Windows XP (KB928843)
/ Windows XP / SP3: Security Update for Windows XP (KB929123)
/ Windows XP / SP3: Security Update for Windows XP (KB929969)
/ Windows XP / SP3: Security Update for Windows XP (KB930178)
/ Windows XP / SP3: Update for Windows XP (KB930916)
/ Windows XP / SP3: Security Update for Windows XP (KB931261)
/ Windows XP / SP3: Security Update for Windows XP (KB931784)
/ Windows XP / SP3: Update for Windows XP (KB931836)
/ Windows XP / SP3: Security Update for Windows XP (KB932168)
/ Windows XP / SP3: Security Update for Windows XP (KB933729)
/ Windows XP / SP3: Security Update for Windows XP (KB935839)
/ Windows XP / SP3: Security Update for Windows XP (KB935840)
/ Windows XP / SP3: Security Update for Windows XP (KB936021)
/ Windows XP / SP3: Update for Windows XP (KB936357)
/ Windows XP / SP3: Security Update for Windows XP (KB937894)
/ Windows XP / SP3: Security Update for Windows XP (KB938127)
/ Windows XP / SP3: Update for Windows XP (KB938828)
/ Windows XP / SP3: Security Update for Windows XP (KB938829)
/ Windows XP / SP3: Security Update for Windows XP (KB941202)
/ Windows XP / SP3: Security Update for Windows XP (KB941568)
/ Windows XP / SP3: Security Update for Windows XP (KB941644)
/ Windows XP / SP3: Security Update for Windows XP (KB941693)
/ Windows XP / SP3: Security Update for Windows XP (KB942615)
/ Windows XP / SP3: Update for Windows XP (KB942763)
/ Windows XP / SP3: Security Update for Windows XP (KB943055)
/ Windows XP / SP3: Security Update for Windows XP (KB943460)
/ Windows XP / SP3: Security Update for Windows XP (KB943485)
/ Windows XP / SP3: Security Update for Windows XP (KB944653)
/ Windows XP / SP3: Security Update for Windows XP (KB945553)
/ Windows XP / SP3: Security Update for Windows XP (KB946026)
/ Windows XP / SP3: Security Update for Windows XP (KB948590)
/ Windows XP / SP3: Security Update for Windows XP (KB948881)


--- Startup entries list ---
Located: HK_LM:Run, 2c8061bc
command: rundll32.exe "C:\WINDOWS\system32\rtiagjme.dll",b
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_LM:Run, BM2fb35220
command: Rundll32.exe "C:\WINDOWS\system32\bjsuiauf.dll",s
file: C:\WINDOWS\system32\bjsuiauf.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_LM:Run, NBKeyScan
command: "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
file: C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
size: 1828136
MD5: ADCE2803DD48CB34E9EE599E6BD659CA

Located: HK_LM:Run, NeroFilterCheck
command: C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
file: C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
size: 153136
MD5: 8112D0DACAE746290FC87B3A980FA719

Located: HK_LM:Run, NvCplDaemon
command: RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_LM:Run, NvMediaCenter
command: RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_LM:Run, nwiz
command: nwiz.exe /install
file: C:\WINDOWS\system32\nwiz.exe
size: 1626112
MD5: C865B582DB1F7D42FE30ECB623805D46

Located: HK_LM:Run, QuickTime Task
command: "C:\Program Files\QuickTime\QTTask.exe" -atboottime
file: C:\Program Files\QuickTime\QTTask.exe
size: 385024
MD5: F89DA660C511652EE511FE3AB2F04BFC

Located: HK_LM:Run, SigmatelSysTrayApp
command: sttray.exe
file: C:\WINDOWS\sttray.exe
size: 303104
MD5: 2DC12970E08D25122BB6AE536A2E61CE

Located: HK_CU:RunOnce, TSClientMSIUninstaller
where: .DEFAULT...
command: cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs"
file: C:\WINDOWS\system32\cmd.exe
size: 388608
MD5: EEB024F2C81F0D55936FB825D21A91D6

Located: HK_CU:RunOnce, TSClientMSIUninstaller
where: S-1-5-19...
command: cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs"
file: C:\WINDOWS\system32\cmd.exe
size: 388608
MD5: EEB024F2C81F0D55936FB825D21A91D6

Located: HK_CU:RunOnce, TSClientMSIUninstaller
where: S-1-5-20...
command: cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs"
file: C:\WINDOWS\system32\cmd.exe
size: 388608
MD5: EEB024F2C81F0D55936FB825D21A91D6

Located: HK_CU:Run, AlcoholAutomount
where: S-1-5-21-1177238915-1482476501-839522115-500...
command: "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
file: C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe
size: 217544
MD5: EBE01A82316B05FBBBEE67A11EE6F29A

Located: HK_CU:Run, BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}
where: S-1-5-21-1177238915-1482476501-839522115-500...
command: "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
file: C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
size: 202024
MD5: 5B2185DA1CDCDC40565B3F1ECDB11E75

Located: HK_CU:Run, ctfmon.exe
where: S-1-5-21-1177238915-1482476501-839522115-500...
command: C:\WINDOWS\system32\ctfmon.exe
file: C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 24232996A38C0B0CF151C2140AE29FC8

Located: HK_CU:Run, DAEMON Tools Lite
where: S-1-5-21-1177238915-1482476501-839522115-500...
command: C:\Program Files\DAEMON Tools Lite\daemon.exe -autorun
file: C:\Program Files\DAEMON Tools Lite\daemon.exe
size: 486856
MD5: 4DDC9855F979205414FCD9F7D1D65B7F

Located: HK_CU:Run, SpybotSD TeaTimer
where: S-1-5-21-1177238915-1482476501-839522115-500...
command: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
file: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
size: 1460560
MD5: B7D4586BFC0DD6C3BE7DCCC252A3E97E

Located: HK_CU:Run, uTorrent
where: S-1-5-21-1177238915-1482476501-839522115-500...
command: "C:\Program Files\uTorrent\uTorrent.exe"
file: C:\Program Files\uTorrent\uTorrent.exe
size: 219952
MD5: CA3F4554910E40A0053626C1BB66C5FE

Located: HK_CU:RunOnce, SpybotDeletingD2888
where: S-1-5-21-1177238915-1482476501-839522115-500...
command: cmd /c del "C:\WINDOWS\system32\jdvqhtii.dll_old"
file: C:\WINDOWS\system32\cmd.exe
size: 388608
MD5: EEB024F2C81F0D55936FB825D21A91D6

Located: HK_CU:RunOnce, TSClientMSIUninstaller
where: S-1-5-18...
command: cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs"
file: C:\WINDOWS\system32\cmd.exe
size: 388608
MD5: EEB024F2C81F0D55936FB825D21A91D6

Located: Startup (common), Enable Office Keyboard Driver.lnk
where: C:\Documents and Settings\All Users\Start Menu\Programs\Startup...
command: C:\Program Files\Office Keyboard\Versato.exe
file: C:\Program Files\Office Keyboard\Versato.exe
size: 241664
MD5: 7429C9BB59BEEDFED8D7740BA3FE571B

Located: WinLogon, crypt32chain
command: crypt32.dll
file: crypt32.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, cryptnet
command: cryptnet.dll
file: cryptnet.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, cscdll
command: cscdll.dll
file: cscdll.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, ScCertProp
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, Schedule
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, sclgntfy
command: sclgntfy.dll
file: sclgntfy.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, SensLogn
command: WlNotify.dll
file: WlNotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, termsrv
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, WgaLogon
command: WgaLogon.dll
file: WgaLogon.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, wlballoon
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, wvUmjjhf
command: wvUmjjhf.dll
file: wvUmjjhf.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!



--- Browser helper object list ---
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: AcroIEHlprObj Class
description: Adobe Acrobat reader
classification: Legitimate
known filename: AcroIEhelper.ocx<br>AcroIEhelper.dll
info link: http://www.adobe.com/products/acrobat/readstep2.html
info source: TonyKlein
Path: C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\
Long name: AcroIEHelper.ocx
Short name: ACROIE~1.OCX
Date (created): 1/21/2008 9:30:40 PM
Date (last access): 4/13/2008 9:27:54 PM
Date (last write): 3/2/2001 1:02:04 PM
Filesize: 37808
Attributes:
MD5: 8394ABFC1BE196A62C9F532511936DF7
CRC32: 71D6E350
Version: 1.0.0.1

{08A8068E-53D1-42B2-B197-6D568843721F} ()
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name:
Path: C:\WINDOWS\system32\
Long name: wvUmjjhf.dll
Short name:
Date (created): 4/12/2008 9:32:46 AM
Date (last access): 4/13/2008 9:43:46 PM
Date (last write): 4/12/2008 9:32:46 AM
Filesize: 39936
Attributes: archive
MD5: 47AC7B3EFE505021C0FAFCF7E5B87B0D
CRC32: C53518F4

{53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Spybot-S&D IE Protection
description: Spybot-S&D IE Browser plugin
classification: Legitimate
known filename: SDhelper.dll
info link: http://spybot.eon.net.au/
info source: Patrick M. Kolla
Path: C:\PROGRA~1\SPYBOT~1\
Long name: SDHelper.dll
Short name:
Date (created): 1/22/2008 6:54:16 PM
Date (last access): 4/13/2008 9:27:54 PM
Date (last write): 8/31/2007 5:46:14 PM
Filesize: 1122128
Attributes: archive
MD5: B8958471DAA4481E93B03DF8F991DD6E
CRC32: 35E35F14
Version: 1.5.0.8

{75402258-BD59-4EAB-B163-808B07EA1B7E} ()
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name:
Path: C:\WINDOWS\system32\
Long name: hgGyayax.dll

{7E853D72-626A-48EC-A868-BA8D5E23E045} ()
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name:

{98B17E32-8790-4566-AEF9-01BAF47C87CE} ()
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name:

{d5f429ef-d536-41e1-a6d4-2f09a6ec637a} ({a736ce6a-90f2-4d6a-1e14-635dfe924f5d})
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: {a736ce6a-90f2-4d6a-1e14-635dfe924f5d}
CLSID name:
Path: C:\WINDOWS\system32\
Long name: fopkjrvb.dll

{EB503C75-D646-41CD-8DD3-5814A2F382A4} ()
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name:
Path: C:\WINDOWS\system32\
Long name: ddcdBTkJ.dll

{F0ED4403-B849-49A1-9E38-6D3A04E41F61} ()
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name:



--- ActiveX list ---
{67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object)
DPF name:
CLSID name: DivXBrowserPlugin Object
Installer: C:\WINDOWS\Downloaded Program Files\DivXPlugin.inf
Codebase: http://download.divx.com/player/DivXBrowserPlugin.cab
description:
classification: Legitimate
known filename: npdivx32.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\DivX\DivX Web Player\
Long name: npdivx32.dll
Short name:
Date (created): 3/21/2008 2:28:46 PM
Date (last access): 4/13/2008 9:40:48 PM
Date (last write): 3/21/2008 2:28:46 PM
Filesize: 1335600
Attributes: archive
MD5: 56E18C09654020009012A53FD332D397
CRC32: 56B7CC16
Version: 1.4.0.233

{D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object)
DPF name:
CLSID name: Shockwave Flash Object
Installer: C:\WINDOWS\Downloaded Program Files\swflash.inf
Codebase: http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
description: Macromedia Shockwave Flash Player
classification: Legitimate
known filename:
info link:
info source: Patrick M. Kolla
Path: C:\WINDOWS\system32\Macromed\Flash\
Long name: Flash9e.ocx
Short name:
Date (created): 11/20/2007 6:04:14 PM
Date (last access): 4/13/2008 9:43:46 PM
Date (last write): 11/20/2007 6:04:14 PM
Filesize: 2987392
Attributes: readonly archive
MD5: D3C50535C26190FEAD7785A03499C0AC
CRC32: A77C3E92
Version: 9.0.115.0



--- Process list ---
PID: 0 ( 0) [System]
PID: 636 ( 0) \SystemRoot\System32\smss.exe
size: 50688
PID: 700 ( 0) \??\C:\WINDOWS\system32\csrss.exe
size: 6144
PID: 724 ( 0) \??\C:\WINDOWS\system32\winlogon.exe
size: 502272
PID: 768 ( 0) C:\WINDOWS\system32\services.exe
size: 108032
MD5: C6CE6EEC82F187615D1002BB3BB50ED4
PID: 780 ( 0) C:\WINDOWS\system32\lsass.exe
size: 13312
MD5: 84885F9B82F4D55C6146EBF6065D75D2
PID: 956 ( 0) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1024 ( 0) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1120 ( 0) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1244 ( 0) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1296 ( 0) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1380 ( 0) C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
size: 607576
MD5: 07AE10139D7713D69F57209FDF0425CC
PID: 1540 ( 0) C:\WINDOWS\system32\spoolsv.exe
size: 57856
MD5: DA81EC57ACD4CDC3D4C51CF3D409AF9F
PID: 1836 ( 0) C:\WINDOWS\Explorer.EXE
size: 1033216
MD5: 97BD6515465659FF8F3B7BE375B2EA87
PID: 1984 ( 0) C:\WINDOWS\sttray.exe
size: 303104
MD5: 2DC12970E08D25122BB6AE536A2E61CE
PID: 2020 ( 0) C:\WINDOWS\system32\RUNDLL32.EXE
size: 33280
MD5: DA285490BBD8A1D0CE6623577D5BA1FF
PID: 192 ( 0) C:\WINDOWS\system32\Rundll32.exe
size: 33280
MD5: DA285490BBD8A1D0CE6623577D5BA1FF
PID: 188 ( 0) C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
size: 1460560
MD5: B7D4586BFC0DD6C3BE7DCCC252A3E97E
PID: 196 ( 0) C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
size: 202024
MD5: 5B2185DA1CDCDC40565B3F1ECDB11E75
PID: 204 ( 0) C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 24232996A38C0B0CF151C2140AE29FC8
PID: 328 ( 0) C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
size: 110592
MD5: 1961CB10BB48EB4D97E37DB6373E9E63
PID: 500 ( 0) C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
size: 836904
MD5: A0101E836D2A39682E134C47B1565256
PID: 628 ( 0) C:\Program Files\Office Keyboard\Versato.exe
size: 241664
MD5: 7429C9BB59BEEDFED8D7740BA3FE571B
PID: 1072 ( 0) C:\WINDOWS\system32\nvsvc32.exe
size: 163908
MD5: DF6FD57D6807AE459B3463FBFDA02D49
PID: 1096 ( 0) C:\WINDOWS\system32\PnkBstrA.exe
size: 66872
MD5: 831883B107684301F48ACE752C963984
PID: 1352 ( 0) C:\WINDOWS\system32\STacSV.exe
size: 90112
MD5: B5FE66D088A74E7ADC8263519643B45D
PID: 1636 ( 0) C:\Program Files\Office Keyboard\OSD.EXE
size: 290816
MD5: 71241F0AC7980BEB748FA5A211B0CF49
PID: 268 ( 0) C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
size: 382248
MD5: 6EF0506CE1F553E9BD085645933C8686
PID: 1184 ( 0) C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
size: 1422632
MD5: 1ED843E61AEB221A65EE3508089B6B81
PID: 2092 ( 0) C:\WINDOWS\System32\alg.exe
size: 44544
MD5: F1958FBF86D5C004CF19A5951A9514B7
PID: 2212 ( 0) C:\WINDOWS\system32\wscntfy.exe
size: 13824
MD5: 49911DD39E023BB6C45E4E436CFBD297
PID: 2492 ( 0) C:\WINDOWS\system32\wbem\wmiprvse.exe
size: 218112
MD5: 075EA6C849AB0FE416A3D6DD65C3CF41
PID: 2640 ( 0) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
size: 4943184
MD5: C92780F50B8BB7A89E919585916494A9


--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 4/13/2008 9:53:02 PM

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\WINDOWS\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Bar
http://www.google.ca
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.watch-movies.net/
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
%SystemRoot%\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://go.microsoft.com/fwlink/?LinkId=54896
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
http://go.microsoft.com/fwlink/?LinkId=69157
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://go.microsoft.com/fwlink/?LinkId=69157
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://go.microsoft.com/fwlink/?LinkId=54896
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm


--- Winsock Layered Service Provider list ---
Protocol 0: MSAFD Tcpip [TCP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip

Protocol 1: MSAFD Tcpip [UDP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip

Protocol 2: MSAFD Tcpip [RAW/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip

Protocol 3: RSVP UDP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 4: RSVP TCP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 5: MSAFD NetBIOS [\Device\NetBT_Tcpip_{027BD86B-65EC-46C4-8DE1-E47489E28C89}] SEQPACKET 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 6: MSAFD NetBIOS [\Device\NetBT_Tcpip_{027BD86B-65EC-46C4-8DE1-E47489E28C89}] DATAGRAM 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 7: MSAFD NetBIOS [\Device\NetBT_Tcpip_{CF6FEC6C-A714-4E17-BF19-6C631F7648D5}] SEQPACKET 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 8: MSAFD NetBIOS [\Device\NetBT_Tcpip_{CF6FEC6C-A714-4E17-BF19-6C631F7648D5}] DATAGRAM 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 9: MSAFD NetBIOS [\Device\NetBT_Tcpip_{274A3486-3F86-46EB-98A8-6AC92A3179B7}] SEQPACKET 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 10: MSAFD NetBIOS [\Device\NetBT_Tcpip_{274A3486-3F86-46EB-98A8-6AC92A3179B7}] DATAGRAM 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 11: MSAFD NetBIOS [\Device\NetBT_Tcpip_{A0291B88-4628-421F-8094-C491F07208A5}] SEQPACKET 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 12: MSAFD NetBIOS [\Device\NetBT_Tcpip_{A0291B88-4628-421F-8094-C491F07208A5}] DATAGRAM 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Namespace Provider 0: Tcpip
GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP TCP/IP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: TCP/IP

Namespace Provider 1: NTDS
GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
Filename: %SystemRoot%\System32\winrnr.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\winrnr.dll
DB protocol: NTDS

Namespace Provider 2: Network Location Awareness (NLA) Namespace
GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: NLA-Namespace

btw i just want to say thanks so much for everything to everyone at Spybot. your all ive ever needed up to now and if you can fix this problem ill be one of your biggest advocates

ok i looked at someone else's post and read about Hijackthis, here is my hijackthis log thing:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:03:06 PM, on 4/14/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\STacSV.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\sttray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Office Keyboard\Versato.exe
C:\Program Files\Office Keyboard\OSD.EXE
C:\Program Files\Opera\Opera.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.ca
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.watch-movies.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.ca/
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [2c8061bc] rundll32.exe "C:\WINDOWS\system32\rtiagjme.dll",b
O4 - HKLM\..\Run: [BM2fb35220] Rundll32.exe "C:\WINDOWS\system32\bjsuiauf.dll",s
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe -autorun
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\RunOnce: [SpybotDeletingD2888] cmd /c del "C:\WINDOWS\system32\jdvqhtii.dll_old"
O4 - HKUS\S-1-5-19\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'Default user')
O4 - Global Startup: Enable Office Keyboard Driver.lnk = C:\Program Files\Office Keyboard\Versato.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.google.ca
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\STacSV.exe

--
End of file - 6104 bytes

ok i checked out some more virtumonde complaints on this forum and somewhere, someone got recommended to use "Combofix". I figured i'd give it a shot, i let it do it's thing and already my machine seems to be back up to where it used to be. I love you guys...

anyway here's the combofix log just in case im missing something... i think im ok though :D


ComboFix 08-04-13.3 - Administrator 2008-04-14 19:16:38.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1632 [GMT -6:00]
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\bjsuiauf.dll
C:\WINDOWS\system32\byXNGvus.dll
C:\WINDOWS\system32\drivers\npf.sys
C:\WINDOWS\system32\eprbgwwn.dll
C:\WINDOWS\system32\JkTBdcdd.ini
C:\WINDOWS\system32\JkTBdcdd.ini2
C:\WINDOWS\system32\nwwgbrpe.ini
C:\WINDOWS\system32\packet.dll
C:\WINDOWS\system32\suvGNXyb.ini
C:\WINDOWS\system32\suvGNXyb.ini2
C:\WINDOWS\system32\ttigjreo.dll
C:\WINDOWS\system32\wpcap.dll
C:\WINDOWS\system32\wvUmjjhf.dll
C:\WINDOWS\system32\xayayGgh.ini
C:\WINDOWS\system32\xayayGgh.ini2
C:\WINDOWS\system32\xdqcajeq.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\NPF


((((((((((((((((((((((((( Files Created from 2008-03-15 to 2008-04-15 )))))))))))))))))))))))))))))))
.

2008-04-14 19:02 . 2008-04-14 19:02 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-13 21:57 . 2008-04-13 21:57 3,648 --a------ C:\WINDOWS\system32\rcdwjpjc.dll
2008-04-13 12:12 . 2008-04-13 14:48 354 --ahs---- C:\WINDOWS\system32\iithqvdj.ini
2008-04-13 12:09 . 2008-04-13 12:09 92,736 --------- C:\WINDOWS\system32\fopkjrvb.dll_old
2008-04-13 12:06 . 2008-04-13 12:06 3,648 --a------ C:\WINDOWS\system32\kxxwadgj.dll
2008-04-13 10:53 . 2008-04-13 21:14 327 --a------ C:\WINDOWS\wininit.ini
2008-04-12 21:49 . 2008-04-13 10:55 414 --ahs---- C:\WINDOWS\system32\emjgaitr.ini
2008-04-12 21:46 . 2008-04-12 21:46 3,648 --a------ C:\WINDOWS\system32\jbvbbmms.dll
2008-04-12 21:43 . 2008-04-14 19:00 101,127 --a------ C:\WINDOWS\BM2fb35220.xml
2008-04-12 10:18 . 2008-04-12 10:18 <DIR> d-------- C:\Program Files\Lavasoft
2008-04-10 22:44 . 2008-04-10 22:44 <DIR> d-------- C:\Program Files\Alcohol Soft
2008-04-10 15:19 . 2008-04-10 15:19 <DIR> d--h----- C:\WINDOWS\PIF
2008-04-05 23:45 . 2008-04-05 23:45 <DIR> d-------- C:\Program Files\Telltale
2008-03-31 15:25 . 2008-03-31 15:25 831,488 --a------ C:\WINDOWS\system32\divx_xx0a.dll
2008-03-31 15:25 . 2008-03-31 15:25 823,296 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2008-03-31 15:25 . 2008-03-31 15:25 823,296 --a------ C:\WINDOWS\system32\divx_xx07.dll
2008-03-31 15:25 . 2008-03-31 15:25 802,816 --a------ C:\WINDOWS\system32\divx_xx11.dll
2008-03-31 15:25 . 2008-03-31 15:25 682,496 --a------ C:\WINDOWS\system32\DivX.dll
2008-03-31 15:25 . 2008-03-31 15:25 161,096 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-03-26 18:24 . 2008-03-26 18:24 <DIR> d-------- C:\Program Files\TRABULANCE
2008-03-26 18:16 . 2008-03-03 03:47 <DIR> d-------- C:\DBM_TheEye
2008-03-26 18:16 . 2008-03-03 03:47 <DIR> d-------- C:\DBM_BlackTemple
2008-03-26 18:16 . 2008-03-03 03:47 <DIR> d-------- C:\DamageMeters
2008-03-26 18:16 . 2008-03-03 03:47 <DIR> d-------- C:\CT_RaidAssist
2008-03-26 18:16 . 2008-03-03 03:47 <DIR> d-------- C:\CooldownHelper
2008-03-25 19:16 . 2008-03-25 19:16 <DIR> d-------- C:\Logs
2008-03-24 13:45 . 2008-03-24 13:45 630,784 --a------ C:\WINDOWS\system32\divxdec.ax
2008-03-23 16:15 . 2008-03-23 16:15 <DIR> d-------- C:\Program Files\4C Soft
2008-03-21 14:30 . 2008-03-21 14:30 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-03-21 14:30 . 2008-03-21 14:30 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
2008-03-21 14:30 . 2008-03-21 14:30 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe
2008-03-21 14:30 . 2008-03-21 14:30 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
2008-03-21 14:30 . 2008-03-21 14:30 4,816 --a------ C:\WINDOWS\system32\divxsm.tlb

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-14 22:46 --------- d-----w C:\Documents and Settings\Administrator\Application Data\uTorrent
2008-04-14 04:16 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Bioshock
2008-04-12 16:17 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-04-10 23:08 --------- d-----w C:\Program Files\DivX
2008-04-05 03:29 --------- d-----w C:\Program Files\World of Warcraft
2008-03-23 22:15 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-13 23:42 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Apple Computer
2008-03-08 19:49 141,909,560 ----a-w C:\Documents and Settings\Administrator\WoW-2.3.3.7799-to-0.4.0.7897-enUS-patch.exe
2008-03-05 04:31 --------- d-----w C:\Program Files\MagicISO
2008-03-05 01:45 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Microsoft Games
2008-03-01 03:06 --------- d-----w C:\Documents and Settings\Administrator\Application Data\DivX
2008-02-23 06:18 --------- d-----w C:\Program Files\Common Files\AVSMedia
2008-02-23 06:18 --------- d-----w C:\Program Files\AVSMedia
2008-02-23 05:57 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-02-21 00:28 --------- d-----w C:\Program Files\Opera
2008-02-17 16:19 --------- d-----w C:\Program Files\Windows Live
2008-02-17 04:08 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Talkback
2008-02-16 23:56 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-02-16 23:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-02-13 00:05 22,328 ----a-w C:\Documents and Settings\Administrator\Application Data\PnkBstrK.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{08A8068E-53D1-42B2-B197-6D568843721F}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3FFE9585-ED77-4AE9-BD91-A3D8FD6AC6FB}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{75402258-BD59-4EAB-B163-808B07EA1B7E}]
C:\WINDOWS\system32\hgGyayax.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{98B17E32-8790-4566-AEF9-01BAF47C87CE}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EB503C75-D646-41CD-8DD3-5814A2F382A4}]
C:\WINDOWS\system32\ddcdBTkJ.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0ED4403-B849-49A1-9E38-6D3A04E41F61}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 17:46 1460560]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-08-03 13:51 202024]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:56 15360]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-01-17 10:51 486856]
"uTorrent"="C:\Program Files\uTorrent\uTorrent.exe" [2008-01-30 20:02 219952]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-03-20 10:46 217544]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="sttray.exe" [2007-09-26 02:33 303104 C:\WINDOWS\sttray.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-05-11 07:03 8429568]
"nwiz"="nwiz.exe" [2007-05-11 07:03 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-05-11 07:03 81920]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 16:57 153136]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-08-08 10:25 1828136]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-10 16:27 385024]
"2c8061bc"="C:\WINDOWS\system32\rtiagjme.dll" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"TSClientMSIUninstaller"="cmd.exe" [2004-08-04 01:56 388608 C:\WINDOWS\system32\cmd.exe]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Enable Office Keyboard Driver.lnk - C:\Program Files\Office Keyboard\Versato.exe [2008-01-26 16:56:47 241664]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{001FF98C-D7A2-456A-AE04-EB9ABF822FE4}"= C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\wowow.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wvUmjjhf]
wvUmjjhf.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\World of Warcraft\\Repair.exe"=
"C:\\Program Files\\Opera\\Opera.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"E:\\Unreal Tournament 3\\Binaries\\UT3.exe"=
"E:\\Program Files\\Sierra\\FEAR\\FEAR.exe"=
"E:\\Program Files\\Sierra\\FEAR\\FEARMP.exe"=
"E:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"=
"E:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"E:\\Program Files\\Gears of War\\Binaries\\WarGame-G4WLive.exe"=
"C:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"6881:TCP"= 6881:TCP:Blizzard Downloader: 6881

R1 kbfilter;Keyboard Filter Driver;C:\WINDOWS\system32\drivers\kbfilter.sys [2007-04-09 16:58]
R1 UsbFltr;WayTechUSBFilterDriver;C:\WINDOWS\system32\drivers\UsbFltr.sys [2007-04-09 18:50]

.
Contents of the 'Scheduled Tasks' folder
"2008-03-12 15:20:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-14 19:20:01
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\stacsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Office Keyboard\OSD.EXE
.
**************************************************************************
.
Completion time: 2008-04-14 19:20:51 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-15 01:20:49

Pre-Run: 2,150,903,808 bytes free
Post-Run: 2,445,058,048 bytes free
.
2008-04-09 23:22:04 --- E O F ---


and once again... i love you guys

alright i ran another spybot scan and combofix didnt work... i dont know what else to do. any ideas?