I have used Spybot Search and Destroy and my mcafee virus scanner multiple times, but I cant get rid of it. I haven't been able to update Windows for a while as I keep getting an error =(.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:46:04 PM, on 7/3/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\Program Files\FileZilla Server\FileZilla Server.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\conime.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\PROGRA~1\DiDi\HAMAS1~1\S1_2k.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Xfire\xfire.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: (no name) - {02675063-72DA-411D-AEB7-341ECAAF5B0A} - C:\WINDOWS\system32\vtUmLedD.dll (file missing)
O2 - BHO: {8f68d21e-a40a-6df9-5074-b2da924e3a91} - {19a3e429-ad2b-4705-9fd6-a04ae12d86f8} - C:\WINDOWS\system32\usgndm.dll
O2 - BHO: (no name) - {1AE6A6EE-C202-43C0-AC92-709FF94DE094} - C:\WINDOWS\system32\rqRKASkk.dll (file missing)
O2 - BHO: (no name) - {1E32B31D-3DAE-47FB-AE27-0D7C774DDA57} - C:\WINDOWS\system32\urqRIxxu.dll (file missing)
O2 - BHO: (no name) - {2EDB0BBE-4EC9-4F15-B662-292633868CE2} - C:\WINDOWS\system32\bwxvwddi.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5E5E7CDE-79C7-440D-8B2B-0051B0F0A8F2} - C:\WINDOWS\system32\rqRKCrSi.dll (file missing)
O2 - BHO: (no name) - {5F11D5D5-3FB2-4ADD-84AD-D69BC9A5D312} - C:\WINDOWS\system32\ssqQjJYs.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {8EEBB175-D7F9-4BC8-BB17-07298DF7FE81} - C:\WINDOWS\system32\mlJYstTJ.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [EPSON Stylus CX3800 Series on JYIP-DT (from YIP-J-XP2)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE /P54 "EPSON Stylus CX3800 Series on JYIP-DT (from YIP-J-XP2)" /O5 "TS001" /M "Stylus CX3800"
O4 - HKLM\..\Run: [EPSON Stylus CX3800 Series on emachine (from YIP-J-XP2)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE /P55 "EPSON Stylus CX3800 Series on emachine (from YIP-J-XP2)" /O5 "TS002" /M "Stylus CX3800"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [FileZilla Server Interface] "C:\Program Files\FileZilla Server\FileZilla Server Interface.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [EPSON Stylus CX3800 Series (from EMACHINE)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE /P42 "EPSON Stylus CX3800 Series (from EMACHINE)" /O5 "TS001" /M "Stylus CX3800"
O4 - HKLM\..\Run: [e0cae1c1] rundll32.exe "C:\WINDOWS\system32\lwacfwce.dll",b
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKLM\..\RunOnce: [SpybotDeletingA9128] command /c del "C:\WINDOWS\system32\rqRKASkk.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC480] cmd /c del "C:\WINDOWS\system32\rqRKASkk.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA1988] command /c del "C:\WINDOWS\system32\rqRKCrSi.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC8971] cmd /c del "C:\WINDOWS\system32\rqRKCrSi.dll_old"
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [La_View Mouse] C:\PROGRA~1\DiDi\HAMAS1~1\S1_2k.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ASUS SmartDoctor] C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe /start
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1197139957843
O16 - DPF: {BD08A9D5-0E5C-4F42-99A3-C0CB5E860557} (CSolidBrowserObj Object) - http://cdn1.acclaimdownloads.com/solidstateion.cab
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://ssl3.eclipsnet.com/dana-cached/setup/JuniperSetupSP1.cab
O20 - Winlogon Notify: ssqQjJYs - C:\WINDOWS\SYSTEM32\ssqQjJYs.dll
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - C:\Program Files\FileZilla Server\FileZilla Server.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 10784 bytes

I ran spybot search and destroy along with mcafee virus scanner numerous times and I cant get rid of the darn thing. I cant even update Windows.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:26:17 AM, on 7/4/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\Program Files\FileZilla Server\FileZilla Server.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\conime.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\PROGRA~1\DiDi\HAMAS1~1\S1_2k.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: (no name) - {02675063-72DA-411D-AEB7-341ECAAF5B0A} - C:\WINDOWS\system32\vtUmLedD.dll (file missing)
O2 - BHO: {8f68d21e-a40a-6df9-5074-b2da924e3a91} - {19a3e429-ad2b-4705-9fd6-a04ae12d86f8} - C:\WINDOWS\system32\usgndm.dll
O2 - BHO: (no name) - {1AE6A6EE-C202-43C0-AC92-709FF94DE094} - C:\WINDOWS\system32\rqRKASkk.dll (file missing)
O2 - BHO: (no name) - {1E32B31D-3DAE-47FB-AE27-0D7C774DDA57} - C:\WINDOWS\system32\urqRIxxu.dll (file missing)
O2 - BHO: (no name) - {2EDB0BBE-4EC9-4F15-B662-292633868CE2} - C:\WINDOWS\system32\bwxvwddi.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5E5E7CDE-79C7-440D-8B2B-0051B0F0A8F2} - C:\WINDOWS\system32\rqRKCrSi.dll (file missing)
O2 - BHO: (no name) - {5F11D5D5-3FB2-4ADD-84AD-D69BC9A5D312} - C:\WINDOWS\system32\ssqQjJYs.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {8EEBB175-D7F9-4BC8-BB17-07298DF7FE81} - C:\WINDOWS\system32\mlJYstTJ.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [EPSON Stylus CX3800 Series on JYIP-DT (from YIP-J-XP2)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE /P54 "EPSON Stylus CX3800 Series on JYIP-DT (from YIP-J-XP2)" /O5 "TS001" /M "Stylus CX3800"
O4 - HKLM\..\Run: [EPSON Stylus CX3800 Series on emachine (from YIP-J-XP2)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE /P55 "EPSON Stylus CX3800 Series on emachine (from YIP-J-XP2)" /O5 "TS002" /M "Stylus CX3800"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [FileZilla Server Interface] "C:\Program Files\FileZilla Server\FileZilla Server Interface.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [EPSON Stylus CX3800 Series (from EMACHINE)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE /P42 "EPSON Stylus CX3800 Series (from EMACHINE)" /O5 "TS001" /M "Stylus CX3800"
O4 - HKLM\..\Run: [e0cae1c1] rundll32.exe "C:\WINDOWS\system32\lwacfwce.dll",b
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKLM\..\RunOnce: [SpybotDeletingA9128] command /c del "C:\WINDOWS\system32\rqRKASkk.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC480] cmd /c del "C:\WINDOWS\system32\rqRKASkk.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA1988] command /c del "C:\WINDOWS\system32\rqRKCrSi.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC8971] cmd /c del "C:\WINDOWS\system32\rqRKCrSi.dll_old"
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [La_View Mouse] C:\PROGRA~1\DiDi\HAMAS1~1\S1_2k.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ASUS SmartDoctor] C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe /start
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1197139957843
O16 - DPF: {BD08A9D5-0E5C-4F42-99A3-C0CB5E860557} (CSolidBrowserObj Object) - http://cdn1.acclaimdownloads.com/solidstateion.cab
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://ssl3.eclipsnet.com/dana-cached/setup/JuniperSetupSP1.cab
O20 - Winlogon Notify: ssqQjJYs - C:\WINDOWS\SYSTEM32\ssqQjJYs.dll
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - C:\Program Files\FileZilla Server\FileZilla Server.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 10647 bytes

Hello,

Welcome to Safer Networking.

Please read Before You Post (http://forums.spybot.info/showthread.php?t=288)
That said, All advice given by anyone volunteering here, is taken at own risk.
While best efforts are made to assist in removing infections safely, unexpected stuff can happen.

Reply to this thread only by using the Submit Reply and do not start any new topics or we won't be able to keep track of you.


Open HijackThis > Do a System Scan Only, close your browser and all open windows including this one, the only program or window you should have open is HijackThis, check the following entries and click on Fix Checked.

O2 - BHO: (no name) - {02675063-72DA-411D-AEB7-341ECAAF5B0A} - C:\WINDOWS\system32\vtUmLedD.dll (file missing)
O2 - BHO: {8f68d21e-a40a-6df9-5074-b2da924e3a91} - {19a3e429-ad2b-4705-9fd6-a04ae12d86f8} - C:\WINDOWS\system32\usgndm.dll
O2 - BHO: (no name) - {1AE6A6EE-C202-43C0-AC92-709FF94DE094} - C:\WINDOWS\system32\rqRKASkk.dll (file missing)
O2 - BHO: (no name) - {1E32B31D-3DAE-47FB-AE27-0D7C774DDA57} - C:\WINDOWS\system32\urqRIxxu.dll (file missing)
O2 - BHO: (no name) - {2EDB0BBE-4EC9-4F15-B662-292633868CE2} - C:\WINDOWS\system32\bwxvwddi.dll
O2 - BHO: (no name) - {5E5E7CDE-79C7-440D-8B2B-0051B0F0A8F2} - C:\WINDOWS\system32\rqRKCrSi.dll (file missing)
O2 - BHO: (no name) - {5F11D5D5-3FB2-4ADD-84AD-D69BC9A5D312} - C:\WINDOWS\system32\ssqQjJYs.dll
O2 - BHO: (no name) - {8EEBB175-D7F9-4BC8-BB17-07298DF7FE81} - C:\WINDOWS\system32\mlJYstTJ.dll (file missing)

O4 - HKLM\..\Run: [e0cae1c1] rundll32.exe "C:\WINDOWS\system32\lwacfwce.dll",b
O4 - HKLM\..\RunOnce: [SpybotDeletingA9128] command /c del "C:\WINDOWS\system32\rqRKASkk.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC480] cmd /c del "C:\WINDOWS\system32\rqRKASkk.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA1988] command /c del "C:\WINDOWS\system32\rqRKCrSi.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC8971] cmd /c del "C:\WINDOWS\system32\rqRKCrSi.dll_old"

O20 - Winlogon Notify: ssqQjJYs - C:\WINDOWS\SYSTEM32\ssqQjJYs.dll

O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe



Go to your Add Remove Programs in the Control Panel and uninstall Viewpoint, it installs without your knowledge or consent, uses system resources and basically is not needed for anything.



Please download Malwarebytes' Anti-Malware from Here (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html) or Here (http://www.besttechie.net/tools/mbam-setup.exe)

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.<-- Don't forget this
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy and Paste the entire report in your next reply along with a New Hijackthis log.

Thank you very much Ken. I have followed every step exactly and in order. Here are my results:

MBAM-LOG
Malwarebytes' Anti-Malware 1.19
Database version: 921
Windows 5.1.2600 Service Pack 3

1:57:20 PM 7/4/2008
mbam-log-7-4-2008 (13-57-20).txt

Scan type: Quick Scan
Objects scanned: 50332
Time elapsed: 9 minute(s), 12 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 3
Registry Keys Infected: 10
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 15

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\lwacfwce.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\tsdaqrfr.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\ssqQjJYs.dll (Trojan.Vundo) -> Unloaded module successfully.

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{5f11d5d5-3fb2-4add-84ad-d69bc9a5d312} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5f11d5d5-3fb2-4add-84ad-d69bc9a5d312} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ssqqjjys (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\OneStepSearch (Adware.OneStepSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{5f11d5d5-3fb2-4add-84ad-d69bc9a5d312} (Trojan.Vundo) -> Delete on reboot.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\OneStepSearch (Adware.OneStepSearch) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\byXPJYss.dll_old (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\ssYJPXyb.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ssYJPXyb.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hgxqkslq.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qlskqxgh.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lwacfwce.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\ecwfcawl.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\trvjthks.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\skhtjvrt.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tsdaqrfr.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\rfrqadst.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ssqQjJYs.dll (Trojan.Vundo) -> Delete on reboot.
C:\Documents and Settings\DiDi\Local Settings\Temporary Internet Files\Content.IE5\S98F0NU1\CASDSXGF (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\xmp.bat (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully.


HIJACKTHIS Log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:05:28 PM, on 7/4/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\Program Files\FileZilla Server\FileZilla Server.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\program files\steam\steam.exe
C:\PROGRA~1\DiDi\HAMAS1~1\S1_2k.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: {b98b1e39-3cdc-b7eb-15d4-f9f6731712bb} - {bb217137-6f9f-4d51-be7b-cdc393e1b89b} - C:\WINDOWS\system32\jossrk.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {EDD022A0-8FEE-4DD4-9F4C-89B3E9215EC9} - C:\WINDOWS\system32\byXPJYss.dll (file missing)
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [EPSON Stylus CX3800 Series on JYIP-DT (from YIP-J-XP2)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE /P54 "EPSON Stylus CX3800 Series on JYIP-DT (from YIP-J-XP2)" /O5 "TS001" /M "Stylus CX3800"
O4 - HKLM\..\Run: [EPSON Stylus CX3800 Series on emachine (from YIP-J-XP2)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE /P55 "EPSON Stylus CX3800 Series on emachine (from YIP-J-XP2)" /O5 "TS002" /M "Stylus CX3800"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [FileZilla Server Interface] "C:\Program Files\FileZilla Server\FileZilla Server Interface.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [EPSON Stylus CX3800 Series (from EMACHINE)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE /P42 "EPSON Stylus CX3800 Series (from EMACHINE)" /O5 "TS001" /M "Stylus CX3800"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [La_View Mouse] C:\PROGRA~1\DiDi\HAMAS1~1\S1_2k.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ASUS SmartDoctor] C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe /start
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1197139957843
O16 - DPF: {BD08A9D5-0E5C-4F42-99A3-C0CB5E860557} (CSolidBrowserObj Object) - http://cdn1.acclaimdownloads.com/solidstateion.cab
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://ssl3.eclipsnet.com/dana-cached/setup/JuniperSetupSP1.cab
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - C:\Program Files\FileZilla Server\FileZilla Server.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 9053 bytes

Hi,

Your doing great, a bit more to do

You need to enable windows to show all files and folders, instructions Here (http://www.xtra.co.nz/help/0,,4155-1916458,00.html)

Remove these with HJT.

O2 - BHO: {b98b1e39-3cdc-b7eb-15d4-f9f6731712bb} - {bb217137-6f9f-4d51-be7b-cdc393e1b89b} - C:\WINDOWS\system32\jossrk.dll
O2 - BHO: (no name) - {EDD022A0-8FEE-4DD4-9F4C-89B3E9215EC9} - C:\WINDOWS\system32\byXPJYss.dll (file missing)


C:\WINDOWS\system32\jossrk.dll <== Delete this file



Download ComboFix from Here (http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe) or Here (http://download.bleepingcomputer.com/sUBs/ComboFix.exe) to your Desktop.

Double click combofix.exe and follow the prompts.
When finished, it shall produce a log for you. Post the Combofix log and a HiJackthis log in your next reply

Note: Do not mouseclick combofix's window while its running. That may cause it to stall

Thank you again Ken. Here are my results:

Combo Fix Log
ComboFix 08-07-04.2 - DiDi 2008-07-04 18:09:03.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.950.886.1033.18.1238 [GMT -7:00]
Running from: C:\Documents and Settings\DiDi\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\DdeLmUtv.ini
C:\WINDOWS\system32\DdeLmUtv.ini2
C:\WINDOWS\system32\grnviwso.dll
C:\WINDOWS\system32\iSrCKRqr.ini
C:\WINDOWS\system32\iSrCKRqr.ini2
C:\WINDOWS\system32\jossrk.dll
C:\WINDOWS\system32\JTtsYJlm.ini
C:\WINDOWS\system32\JTtsYJlm.ini2
C:\WINDOWS\system32\kkSAKRqr.ini
C:\WINDOWS\system32\kkSAKRqr.ini2
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\usgndm.dll
C:\WINDOWS\system32\uxxIRqru.ini
C:\WINDOWS\system32\uxxIRqru.ini2
C:\WINDOWS\system32\ygumlghb.dll

.
((((((((((((((((((((((((( Files Created from 2008-06-05 to 2008-07-05 )))))))))))))))))))))))))))))))
.

2008-07-04 13:37 . 2008-07-04 13:37 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-04 13:37 . 2008-07-04 13:37 <DIR> d-------- C:\Documents and Settings\DiDi\Application Data\Malwarebytes
2008-07-04 13:37 . 2008-07-04 13:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-04 13:37 . 2008-06-28 14:21 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-07-04 13:37 . 2008-06-28 14:21 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-07-03 15:44 . 2008-07-03 15:44 <DIR> d-------- C:\Program Files\Windows Defender
2008-06-29 12:56 . 2008-06-29 12:56 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-29 12:06 . 2008-06-29 12:07 4,615,176 --ahs---- C:\WINDOWS\system32\sncpwlkq.ini
2008-06-27 18:45 . 2006-02-28 05:00 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-06-27 18:26 . 2008-06-27 18:26 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-06-27 18:26 . 2008-06-27 18:26 <DIR> d-------- C:\WINDOWS\system32\en
2008-06-27 18:26 . 2008-06-27 18:26 <DIR> d-------- C:\WINDOWS\system32\bits
2008-06-27 18:26 . 2008-06-27 18:26 <DIR> d-------- C:\WINDOWS\l2schemas
2008-06-27 18:21 . 2008-06-27 18:21 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-06-27 17:34 . 2008-06-29 12:05 45 --a------ C:\TEST.XML
2008-06-27 17:04 . 2008-06-28 14:37 1,733,632 --ahs---- C:\WINDOWS\system32\abxeflqx.ini
2008-06-27 17:04 . 2008-06-29 17:04 110,419 --a------ C:\WINDOWS\BMe3f9d25d.xml
2008-06-27 17:03 . 2008-06-27 17:03 <DIR> d-------- C:\Program Files\Gameforge4D
2008-06-27 17:03 . 2004-05-10 13:14 118,272 --a------ C:\WINDOWS\system32\SX5363S.DLL
2008-06-27 17:03 . 2004-05-10 13:14 102,400 --a------ C:\WINDOWS\system32\RV32RTP.dll
2008-06-27 17:03 . 2004-05-10 13:15 40 --a------ C:\WINDOWS\system32\Sx5363.ini
2008-06-22 10:23 . 2008-06-27 16:18 1,733,400 --ahs---- C:\WINDOWS\system32\bnwwoipu.ini
2008-06-22 09:45 . 2008-06-22 09:45 <DIR> d-------- C:\Program Files\GPotato
2008-06-22 00:17 . 2008-06-22 00:20 <DIR> d-------- C:\Program Files\Microsoft Visual Studio 9.0
2008-06-22 00:17 . 2008-06-22 00:17 <DIR> d-------- C:\Program Files\Common Files\Merge Modules
2008-06-22 00:17 . 2008-06-22 00:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-06-22 00:15 . 2008-06-22 00:15 <DIR> d-------- C:\Program Files\Microsoft SDKs
2008-06-22 00:14 . 2008-06-22 00:14 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2008-06-22 00:14 . 2008-06-22 00:14 <DIR> d-------- C:\Program Files\Reference Assemblies
2008-06-22 00:14 . 2008-06-22 00:14 <DIR> d-------- C:\Program Files\MSBuild
2008-06-22 00:14 . 2006-06-29 13:07 14,048 --a------ C:\WINDOWS\system32\spmsg2.dll
2008-06-22 00:13 . 2008-06-22 00:13 <DIR> d-------- C:\Program Files\MSXML 6.0
2008-06-20 21:58 . 2008-06-22 09:56 <DIR> d-------- C:\cdcgames
2008-06-14 23:20 . 2008-06-14 23:20 <DIR> d-------- C:\Program Files\Common Files\BioWare
2008-06-14 23:04 . 2008-06-14 23:20 <DIR> d-------- C:\Program Files\Mass Effect
2008-06-13 20:27 . 2008-05-08 07:02 203,136 -----c--- C:\WINDOWS\system32\dllcache\rmcast.sys
2008-06-13 20:26 . 2008-06-13 04:05 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-13 20:26 . 2008-06-13 04:05 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-11 16:55 . 2008-06-11 16:55 41,296 --a------ C:\WINDOWS\system32\xfcodec.dll
2008-06-06 21:10 . 2008-04-13 17:11 21,504 --a------ C:\WINDOWS\system32\hidserv.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-05 01:16 --------- d-----w C:\Program Files\Steam
2008-07-04 22:50 196,608 ----a-w C:\WINDOWS\system32\drivers\nStandard.bin
2008-07-04 21:02 --------- d-----w C:\Documents and Settings\DiDi\Application Data\Xfire
2008-07-04 20:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-06-28 21:42 --------- d-s---w C:\Program Files\Xfire
2008-06-28 05:38 --------- d-----w C:\Documents and Settings\DiDi\Application Data\uTorrent
2008-06-22 16:51 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-22 16:51 --------- d-----w C:\Program Files\Electronic Arts
2008-06-22 16:45 65,536 ----a-w C:\WINDOWS\IFinst27.exe
2008-06-15 06:21 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-05-31 07:17 --------- d-----w C:\Program Files\Common Files\Futuremark Shared
2008-05-31 07:17 --------- d-----w C:\Documents and Settings\DiDi\Application Data\InstallShield
2008-05-30 05:54 --------- d-----w C:\Program Files\MAIET
2008-05-29 16:49 --------- d-----w C:\Program Files\TGTSoft
2008-05-29 16:31 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-05-29 16:19 --------- d-----w C:\Program Files\Megaupload
2008-05-25 18:11 --------- d-----w C:\Program Files\BOTS
2008-05-22 03:35 --------- d-----w C:\Documents and Settings\DiDi\Application Data\Hamachi
2008-05-18 04:54 --------- d-----w C:\Program Files\Sword of The New World
2008-05-08 14:02 203,136 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 05:12 1,288,192 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-26 18:30 2,829 ----a-w C:\WINDOWS\War3Unin.pif
2008-04-26 18:30 126,976 ----a-w C:\WINDOWS\War3Unin.exe
2008-04-21 06:44 666,112 ----a-w C:\WINDOWS\system32\wininet.dll
2008-04-14 12:42 985,088 ----a-w C:\WINDOWS\system32\setupapi.dll
2008-04-14 12:42 11,264 ----a-w C:\WINDOWS\system32\spnpinst.exe
2008-04-14 12:41 423,936 ----a-w C:\WINDOWS\system32\licdll.dll
2008-04-14 00:25 1,804 ----a-w C:\WINDOWS\system32\dcache.bin
2008-04-14 00:16 329,728 ----a-w C:\WINDOWS\system32\netsetup.exe
2008-04-14 00:13 92,424 ----a-w C:\WINDOWS\system32\rdpdd.dll
2008-04-14 00:13 87,176 ----a-w C:\WINDOWS\system32\rdpwsx.dll
2008-04-14 00:13 299,520 ----a-w C:\WINDOWS\system32\drmclien.dll
2008-04-14 00:13 12,168 ----a-w C:\WINDOWS\system32\tsddd.dll
2008-04-14 00:11 997,376 ----a-w C:\WINDOWS\system32\msgina.dll
2008-04-14 00:10 53,279 ----a-w C:\WINDOWS\system32\odbcji32.dll
2008-04-14 00:10 4,126 ----a-w C:\WINDOWS\system32\msdxmlc.dll
2008-04-14 00:10 3,584 ----a-w C:\WINDOWS\system32\msafd.dll
2008-04-13 19:30 1,845,632 ----a-w C:\WINDOWS\system32\win32k.sys
2008-04-13 19:27 2,188,928 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-04-13 18:44 17,664 ----a-w C:\WINDOWS\system32\watchdog.sys
2008-04-13 18:43 9,728 ----a-w C:\WINDOWS\system32\comsdupd.exe
2008-04-13 18:43 12,800 ----a-w C:\WINDOWS\system32\spiisupd.exe
2008-04-13 18:31 7,424 ----a-w C:\WINDOWS\system32\kd1394.dll
2008-04-13 18:31 2,065,792 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
2008-04-13 18:30 61,440 ----a-w C:\WINDOWS\system32\msvcrt40.dll
2008-04-13 18:14 76,800 ----a-w C:\WINDOWS\system32\msshavmsg.dll
2008-04-13 17:39 438,784 ----a-w C:\WINDOWS\system32\xpob2res.dll
2008-04-13 17:39 2,897,920 ----a-w C:\WINDOWS\system32\xpsp2res.dll
2008-04-13 17:39 187,392 ----a-w C:\WINDOWS\system32\xpsp1res.dll
2008-04-13 17:37 208,384 ----a-w C:\WINDOWS\system32\rsaenh.dll
2008-04-13 17:37 138,752 ----a-w C:\WINDOWS\system32\dssenh.dll
2008-04-13 17:27 79,872 ----a-w C:\WINDOWS\system32\msxml6r.dll
2008-04-13 17:26 94,208 ----a-w C:\WINDOWS\system32\odbcint.dll
2008-04-13 17:26 12,288 ----a-w C:\WINDOWS\system32\odbcp32r.dll
2008-04-13 17:26 12,288 ----a-w C:\WINDOWS\system32\mscpx32r.dll
2008-04-13 17:24 20,480 ----a-w C:\WINDOWS\system32\msorc32r.dll
2008-04-13 17:21 733,696 ----a-w C:\WINDOWS\system32\qedwipes.dll
2008-04-13 17:09 4,096 ----a-w C:\WINDOWS\system32\dsprpres.dll
2008-04-13 17:03 63,488 ----a-w C:\WINDOWS\system32\browselc.dll
2008-04-13 17:03 549,376 ----a-w C:\WINDOWS\system32\shdoclc.dll
2008-04-13 16:48 1,647,616 ----a-w C:\WINDOWS\system32\winbrand.dll
2008-04-13 16:45 216,064 ----a-w C:\WINDOWS\system32\moricons.dll
2008-04-13 16:26 56,832 ----a-w C:\WINDOWS\system32\mshtmler.dll
2008-04-13 16:23 48,128 ----a-w C:\WINDOWS\system32\msprivs.dll
2008-04-13 16:22 48,128 ----a-w C:\WINDOWS\system32\inetres.dll
2008-04-13 15:39 884,736 ----a-w C:\WINDOWS\system32\msimsg.dll
2008-02-05 02:00 22,328 ----a-w C:\Documents and Settings\DiDi\Application Data\PnkBstrK.sys
2007-03-13 22:20 35,979 ----a-w C:\Program Files\Photoshop CS3 Read Me.html
.

<pre>
----a-w 77,824 2007-12-03 20:53:00 C:\Documents and Settings\DiDi\Desktop\Hacks\Game Guard Bypass .exe
</pre>


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\steam\steam.exe" [2008-03-28 15:53 1271032]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]
"La_View Mouse"="C:\PROGRA~1\DiDi\HAMAS1~1\S1_2k.exe" [2005-07-26 15:34 2863104]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [N/A]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-01-17 09:51 486856]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 17:12 15360]
"ASUS SmartDoctor"="C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe" [2007-12-18 17:12 1126400]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2008-01-03 09:15 50528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EPSON Stylus CX3800 Series on JYIP-DT (from YIP-J-XP2)"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE" [2005-02-07 12:00 98304]
"EPSON Stylus CX3800 Series on emachine (from YIP-J-XP2)"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE" [2005-02-07 12:00 98304]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-12-08 12:16 185896]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"ShStatEXE"="C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2007-02-22 20:50 112216]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2008-01-20 00:05 217088]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 01:41 81920]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [N/A]
"McAfeeUpdaterUI"="C:\Program Files\McAfee\Common Framework\UdaterUI.exe" [2006-12-19 11:27 136768]
"FileZilla Server Interface"="C:\Program Files\FileZilla Server\FileZilla Server Interface.exe" [2007-12-25 14:25 937984]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"EPSON Stylus CX3800 Series (from EMACHINE)"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE" [2005-02-07 12:00 98304]
"nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe]
"RTHDCPL"="RTHDCPL.EXE" [2008-02-19 15:34 16858112 C:\WINDOWS\RTHDCPL.exe]

C:\Documents and Settings\DiDi\Start Menu\Programs\Startup\
Xfire.lnk - C:\Program Files\Xfire\xfire.exe [2008-06-11 16:55:02 3017040]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds"= C:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll
"VIDC.XFR1"= xfcodec.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\AIM6\\aim6.exe"=
"C:\\Program Files\\Softnyx\\Rakion\\Bin\\rakion.bin"=
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Steam\\steamapps\\ag05\\counter-strike\\hl.exe"=
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"=
"C:\\Program Files\\Microsoft Games\\Halo Trial\\halo.exe"=
"C:\\Program Files\\ASUS\\GamerOSD\\SBS.exe"=
"C:\\Program Files\\Xfire\\xfire.exe"=
"C:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"=
"C:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Ntreev\\Grand Chase\\main.exe"=
"C:\\Program Files\\Steam\\steamapps\\ag05\\half-life 2 deathmatch\\hl2.exe"=
"C:\\Program Files\\BOTS\\bots.dat"=
"C:\\Program Files\\BOTS\\bots.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\Starcraft\\StarCraft.exe"=
"C:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"C:\\Program Files\\Steam\\steamapps\\ag05\\garrysmod\\hl2.exe"=
"C:\\Program Files\\Hamachi\\hamachi.exe"=
"C:\\Program Files\\Steam\\steam.exe"=
"C:\\Program Files\\MAIET\\Gunz\\GunzLauncher.exe"=
"C:\\Program Files\\Mass Effect\\Binaries\\MassEffect.exe"=
"C:\\Program Files\\Mass Effect\\MassEffectLauncher.exe"=
"C:\\cdcgames\\lunia\\Lunia.exe"=
"C:\Program Files\Gameforge4D\AirRivals\Launcher.atm"= C:\Program Files\Gameforge4D\AirRivals\Launcher.atm:Enabled:GameExe2
"C:\Program Files\Gameforge4D\AirRivals\Res-Voip\SCVoIP.exe"= C:\Program Files\Gameforge4D\AirRivals\Res-Voip\SCVoIP.exe:Enabled:GameVoIP
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\McAfee\\VirusScan Enterprise\\mcconsol.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"20437:TCP"= 20437:TCP:*:Disabled:SolidNetworkManager
"20437:UDP"= 20437:UDP:*:Disabled:SolidNetworkManager
"6112:TCP"= 6112:TCP:Starcraft
"6112:UDP"= 6112:UDP:Starcraft
"61191:TCP"= 61191:TCP:uTorrent
"61191:UDP"= 61191:UDP:uTorrent
"27015:TCP"= 27015:TCP:Half Life Server
"27015:UDP"= 27015:UDP:Half Life Server

R1 oreans32;oreans32;C:\WINDOWS\system32\drivers\oreans32.sys [2008-02-18 13:42]
R3 dsNcAdpt;Juniper Network Connect Adapter;C:\WINDOWS\system32\DRIVERS\dsNcAdpt.sys [2007-04-10 16:05]
R3 Video3D;ASUS Video3D Service;C:\WINDOWS\system32\Drivers\Video3D32.sys [2007-09-13 15:54]
S3 IlvMoneyDRIVER53;IlvMoneyDRIVER53;C:\Documents and Settings\DiDi\Desktop\Hacks\Bots\new hack pack\IlvMoney1148.sys [2008-02-25 18:23]
S3 MayPro;TigerGame SuperJoy Box Pro Filter Service;C:\WINDOWS\system32\Drivers\MayPro.sys [2006-05-05 16:24]
S3 sys_com001;sys_com001;C:\Documents and Settings\DiDi\Desktop\Hacks\BOTS!! Hacks (www.L3af.com)\BOTS!! Hacks (www.L3af.com)\syscom.sys []
S3 XDva020;XDva020;C:\WINDOWS\system32\XDva020.sys []
S3 XDva090;XDva090;C:\WINDOWS\system32\XDva090.sys []

.
Contents of the 'Scheduled Tasks' folder
"2008-07-05 00:43:00 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-07-05 01:17:30 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-04 18:14:47
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\conime.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\Program Files\FileZilla Server\FileZilla server.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\McAfee\Common Framework\Mctray.exe
C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
C:\Program Files\AIM6\aolsoftware.exe
.
**************************************************************************
.
Completion time: 2008-07-04 18:21:22 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-05 01:21:05

Pre-Run: 141,461,975,040 bytes free
Post-Run: 143,357,988,864 bytes free

277 --- E O F --- 2008-07-04 21:29:38

HijackThis Log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:28:25 PM, on 7/4/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\conime.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\FileZilla Server\FileZilla Server.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\PROGRA~1\DiDi\HAMAS1~1\S1_2k.exe
C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [EPSON Stylus CX3800 Series on JYIP-DT (from YIP-J-XP2)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE /P54 "EPSON Stylus CX3800 Series on JYIP-DT (from YIP-J-XP2)" /O5 "TS001" /M "Stylus CX3800"
O4 - HKLM\..\Run: [EPSON Stylus CX3800 Series on emachine (from YIP-J-XP2)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE /P55 "EPSON Stylus CX3800 Series on emachine (from YIP-J-XP2)" /O5 "TS002" /M "Stylus CX3800"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [FileZilla Server Interface] "C:\Program Files\FileZilla Server\FileZilla Server Interface.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [EPSON Stylus CX3800 Series (from EMACHINE)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE /P42 "EPSON Stylus CX3800 Series (from EMACHINE)" /O5 "TS001" /M "Stylus CX3800"
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [La_View Mouse] C:\PROGRA~1\DiDi\HAMAS1~1\S1_2k.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ASUS SmartDoctor] C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe /start
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1197139957843
O16 - DPF: {BD08A9D5-0E5C-4F42-99A3-C0CB5E860557} (CSolidBrowserObj Object) - http://cdn1.acclaimdownloads.com/solidstateion.cab
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://ssl3.eclipsnet.com/dana-cached/setup/JuniperSetupSP1.cab
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - C:\Program Files\FileZilla Server\FileZilla Server.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 8597 bytes

Hi,

The Vundo infection you have has infected one of your programs, so do this please.

Open Notepad Go to Start> All Programs> Assessories> Notepad ( this will only work with Notepad )and copy all the text inside the Codebox by highlighting it all and pressing CTRL C on your keyboard, then paste it into Notepad, make sure there is no space before and above RenV::



RenV::
C:\Documents and Settings\DiDi\Desktop\Hacks\Game Guard Bypass .exe

File::
C:\WINDOWS\system32\sncpwlkq.ini
C:\WINDOWS\system32\abxeflqx.ini


Save this as CFScript to your desktop.

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

http://i24.photobucket.com/albums/c30/ken545/CFScript.gif


This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.




Go to VirusTotal (http://www.virustotal.com/) and submit this file for analysis, just use the browse feature and then Send File, you will get a report back, post the report into this thread for me to see.

C:\WINDOWS\system32\wmpns.dll <-- This file


Post the new Combofix log and the VirusTotal log please

Problem.

During Combofix I get a msg in the bluescreen saying:

The process cannot acces the file because it is being used by another process.

Right now, the Combofix AutoScan is stuck on the message above and not moving. What do I do?

I closed every program open except for Mcafee VirusScanner and my game mouse program (Hama-Slide).

Question: Does the CFScript need to be in .txt? And what about the encoding? (ANSI, Unicode, etc.)

You should name it CFScript.txt and save it as a text doc

Ken, after dragging the CFScript into Combofix

I get this message:
http://i35.photobucket.com/albums/d161/grimtooth6/combofixerror.jpg

^After that message the scan stops there and doesnt continue.

I have copied and pasted the highlighted Code Box that you have posted exactly. What is the problem?

Drag Combofix to the trash and download a new copy as its updated on a regular basis,


Download Combofix from any of the links below, and save it to your Desktop. <-- Important
Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)
Link 3 (http://subs.geekstogo.com/ComboFix.exe)

Try it again and if still the same error then run it in Safemode

To Enter Safemode

Go to Start> Shut off your Computer> Restart
As the computer starts to boot-up, Tap the F8 KEY somewhat rapidly,
this will bring up a menu.
Use the Up and Down Arrow Keys to scroll up to Safemode
Then press the Enter Key on your Keyboard

Tutorial if you need it How to boot into Safemode (http://www.bleepingcomputer.com/tutorials/tutorial61.html)

Thank you again for your help and precise steps Ken. Here are my Results

COMBOFIX LOG
ComboFix 08-07-05.1 - DiDi 2008-07-05 18:31:59.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.950.886.1033.18.1367 [GMT -7:00]
Running from: C:\Documents and Settings\DiDi\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\DiDi\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\system32\abxeflqx.ini
C:\WINDOWS\system32\sncpwlkq.ini
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\abxeflqx.ini
C:\WINDOWS\system32\sncpwlkq.ini

.
((((((((((((((((((((((((( Files Created from 2008-06-06 to 2008-07-06 )))))))))))))))))))))))))))))))
.

2008-07-05 11:09 . 2008-04-22 21:16 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-07-05 11:09 . 2007-04-17 02:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-07-05 11:09 . 2007-03-07 22:10 991,232 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-07-05 11:09 . 2008-04-22 21:16 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-07-05 11:09 . 2008-04-22 21:16 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-07-05 11:09 . 2008-04-22 21:16 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-07-05 11:09 . 2008-04-22 21:16 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-07-05 11:09 . 2008-04-22 21:16 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-07-05 11:09 . 2008-04-22 00:39 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-07-04 13:37 . 2008-07-04 13:37 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-04 13:37 . 2008-07-04 13:37 <DIR> d-------- C:\Documents and Settings\DiDi\Application Data\Malwarebytes
2008-07-04 13:37 . 2008-07-04 13:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-04 13:37 . 2008-06-28 14:21 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-07-04 13:37 . 2008-06-28 14:21 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-07-03 15:44 . 2008-07-03 15:44 <DIR> d-------- C:\Program Files\Windows Defender
2008-06-29 12:56 . 2008-06-29 12:56 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-27 18:45 . 2006-02-28 05:00 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-06-27 18:26 . 2008-06-27 18:26 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-06-27 18:26 . 2008-06-27 18:26 <DIR> d-------- C:\WINDOWS\system32\en
2008-06-27 18:26 . 2008-06-27 18:26 <DIR> d-------- C:\WINDOWS\system32\bits
2008-06-27 18:26 . 2008-06-27 18:26 <DIR> d-------- C:\WINDOWS\l2schemas
2008-06-27 18:21 . 2008-06-27 18:21 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-06-27 17:34 . 2008-06-29 12:05 45 --a------ C:\TEST.XML
2008-06-27 17:04 . 2008-06-29 17:04 110,419 --a------ C:\WINDOWS\BMe3f9d25d.xml
2008-06-27 17:03 . 2008-06-27 17:03 <DIR> d-------- C:\Program Files\Gameforge4D
2008-06-27 17:03 . 2004-05-10 13:14 118,272 --a------ C:\WINDOWS\system32\SX5363S.DLL
2008-06-27 17:03 . 2004-05-10 13:14 102,400 --a------ C:\WINDOWS\system32\RV32RTP.dll
2008-06-27 17:03 . 2004-05-10 13:15 40 --a------ C:\WINDOWS\system32\Sx5363.ini
2008-06-22 10:23 . 2008-06-27 16:18 1,733,400 --ahs---- C:\WINDOWS\system32\bnwwoipu.ini
2008-06-22 09:45 . 2008-06-22 09:45 <DIR> d-------- C:\Program Files\GPotato
2008-06-22 00:17 . 2008-06-22 00:20 <DIR> d-------- C:\Program Files\Microsoft Visual Studio 9.0
2008-06-22 00:17 . 2008-06-22 00:17 <DIR> d-------- C:\Program Files\Common Files\Merge Modules
2008-06-22 00:17 . 2008-06-22 00:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-06-22 00:15 . 2008-06-22 00:15 <DIR> d-------- C:\Program Files\Microsoft SDKs
2008-06-22 00:14 . 2008-06-22 00:14 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2008-06-22 00:14 . 2008-06-22 00:14 <DIR> d-------- C:\Program Files\Reference Assemblies
2008-06-22 00:14 . 2008-06-22 00:14 <DIR> d-------- C:\Program Files\MSBuild
2008-06-22 00:14 . 2006-06-29 13:07 14,048 --a------ C:\WINDOWS\system32\spmsg2.dll
2008-06-22 00:13 . 2008-06-22 00:13 <DIR> d-------- C:\Program Files\MSXML 6.0
2008-06-20 21:58 . 2008-06-22 09:56 <DIR> d-------- C:\cdcgames
2008-06-14 23:20 . 2008-06-14 23:20 <DIR> d-------- C:\Program Files\Common Files\BioWare
2008-06-14 23:04 . 2008-06-14 23:20 <DIR> d-------- C:\Program Files\Mass Effect
2008-06-13 20:27 . 2008-05-08 07:02 203,136 -----c--- C:\WINDOWS\system32\dllcache\rmcast.sys
2008-06-13 20:26 . 2008-06-13 04:05 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-13 20:26 . 2008-06-13 04:05 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-11 16:55 . 2008-06-11 16:55 41,296 --a------ C:\WINDOWS\system32\xfcodec.dll
2008-06-06 21:10 . 2008-04-13 17:11 21,504 --a------ C:\WINDOWS\system32\hidserv.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-05 18:32 --------- d-----w C:\Documents and Settings\DiDi\Application Data\Xfire
2008-07-05 18:25 196,608 ----a-w C:\WINDOWS\system32\drivers\nStandard.bin
2008-07-05 18:24 --------- d-----w C:\Program Files\Steam
2008-07-04 20:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-06-28 21:42 --------- d-s---w C:\Program Files\Xfire
2008-06-28 05:38 --------- d-----w C:\Documents and Settings\DiDi\Application Data\uTorrent
2008-06-22 16:51 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-22 16:51 --------- d-----w C:\Program Files\Electronic Arts
2008-06-22 16:45 65,536 ----a-w C:\WINDOWS\IFinst27.exe
2008-06-15 06:21 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-05-31 07:17 --------- d-----w C:\Program Files\Common Files\Futuremark Shared
2008-05-31 07:17 --------- d-----w C:\Documents and Settings\DiDi\Application Data\InstallShield
2008-05-30 05:54 --------- d-----w C:\Program Files\MAIET
2008-05-29 16:49 --------- d-----w C:\Program Files\TGTSoft
2008-05-29 16:31 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-05-29 16:19 --------- d-----w C:\Program Files\Megaupload
2008-05-25 18:11 --------- d-----w C:\Program Files\BOTS
2008-05-22 03:35 --------- d-----w C:\Documents and Settings\DiDi\Application Data\Hamachi
2008-05-18 04:54 --------- d-----w C:\Program Files\Sword of The New World
2008-05-08 14:02 203,136 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 05:12 1,288,192 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-26 18:30 2,829 ----a-w C:\WINDOWS\War3Unin.pif
2008-04-26 18:30 126,976 ----a-w C:\WINDOWS\War3Unin.exe
2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-04-14 12:42 985,088 ----a-w C:\WINDOWS\system32\setupapi.dll
2008-04-14 12:42 11,264 ----a-w C:\WINDOWS\system32\spnpinst.exe
2008-04-14 12:41 423,936 ----a-w C:\WINDOWS\system32\licdll.dll
2008-04-14 00:25 1,804 ----a-w C:\WINDOWS\system32\dcache.bin
2008-04-14 00:16 329,728 ----a-w C:\WINDOWS\system32\netsetup.exe
2008-04-14 00:13 92,424 ----a-w C:\WINDOWS\system32\rdpdd.dll
2008-04-14 00:13 87,176 ----a-w C:\WINDOWS\system32\rdpwsx.dll
2008-04-14 00:13 299,520 ----a-w C:\WINDOWS\system32\drmclien.dll
2008-04-14 00:13 12,168 ----a-w C:\WINDOWS\system32\tsddd.dll
2008-04-14 00:11 997,376 ----a-w C:\WINDOWS\system32\msgina.dll
2008-04-14 00:10 53,279 ----a-w C:\WINDOWS\system32\odbcji32.dll
2008-04-14 00:10 4,126 ----a-w C:\WINDOWS\system32\msdxmlc.dll
2008-04-14 00:10 3,584 ----a-w C:\WINDOWS\system32\msafd.dll
2008-04-13 19:30 1,845,632 ----a-w C:\WINDOWS\system32\win32k.sys
2008-04-13 19:27 2,188,928 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-04-13 18:44 17,664 ----a-w C:\WINDOWS\system32\watchdog.sys
2008-04-13 18:43 9,728 ----a-w C:\WINDOWS\system32\comsdupd.exe
2008-04-13 18:43 12,800 ----a-w C:\WINDOWS\system32\spiisupd.exe
2008-04-13 18:31 7,424 ----a-w C:\WINDOWS\system32\kd1394.dll
2008-04-13 18:31 2,065,792 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
2008-04-13 18:30 61,440 ----a-w C:\WINDOWS\system32\msvcrt40.dll
2008-04-13 18:14 76,800 ----a-w C:\WINDOWS\system32\msshavmsg.dll
2008-04-13 17:39 438,784 ----a-w C:\WINDOWS\system32\xpob2res.dll
2008-04-13 17:39 2,897,920 ----a-w C:\WINDOWS\system32\xpsp2res.dll
2008-04-13 17:39 187,392 ----a-w C:\WINDOWS\system32\xpsp1res.dll
2008-04-13 17:37 208,384 ----a-w C:\WINDOWS\system32\rsaenh.dll
2008-04-13 17:37 138,752 ----a-w C:\WINDOWS\system32\dssenh.dll
2008-04-13 17:27 79,872 ----a-w C:\WINDOWS\system32\msxml6r.dll
2008-04-13 17:26 94,208 ----a-w C:\WINDOWS\system32\odbcint.dll
2008-04-13 17:26 12,288 ----a-w C:\WINDOWS\system32\odbcp32r.dll
2008-04-13 17:26 12,288 ----a-w C:\WINDOWS\system32\mscpx32r.dll
2008-04-13 17:24 20,480 ----a-w C:\WINDOWS\system32\msorc32r.dll
2008-04-13 17:21 733,696 ----a-w C:\WINDOWS\system32\qedwipes.dll
2008-04-13 17:09 4,096 ----a-w C:\WINDOWS\system32\dsprpres.dll
2008-04-13 17:03 63,488 ----a-w C:\WINDOWS\system32\browselc.dll
2008-04-13 17:03 549,376 ----a-w C:\WINDOWS\system32\shdoclc.dll
2008-04-13 16:48 1,647,616 ----a-w C:\WINDOWS\system32\winbrand.dll
2008-04-13 16:45 216,064 ----a-w C:\WINDOWS\system32\moricons.dll
2008-04-13 16:23 48,128 ----a-w C:\WINDOWS\system32\msprivs.dll
2008-04-13 16:22 48,128 ----a-w C:\WINDOWS\system32\inetres.dll
2008-04-13 15:39 884,736 ----a-w C:\WINDOWS\system32\msimsg.dll
2008-02-05 02:00 22,328 ----a-w C:\Documents and Settings\DiDi\Application Data\PnkBstrK.sys
2007-03-13 22:20 35,979 ----a-w C:\Program Files\Photoshop CS3 Read Me.html
.

((((((((((((((((((((((((((((( snapshot@2008-07-04_18.20.52.46 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-07-05 01:14:20 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-07-05 18:21:36 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-04-14 00:11:48 61,440 -c--a-w C:\WINDOWS\ie7\admparse.dll
+ 2008-04-14 00:11:48 99,840 -c--a-w C:\WINDOWS\ie7\advpack.dll
+ 2008-04-14 00:11:51 33,792 -c--a-w C:\WINDOWS\ie7\custsat.dll
+ 2008-04-14 00:11:52 357,888 -c--a-w C:\WINDOWS\ie7\dxtmsft.dll
+ 2008-04-14 00:11:52 205,312 -c--a-w C:\WINDOWS\ie7\dxtrans.dll
+ 2008-04-14 00:11:53 55,808 -c--a-w C:\WINDOWS\ie7\extmgr.dll
+ 2008-04-14 00:11:54 38,912 -c--a-w C:\WINDOWS\ie7\hmmapi.dll
+ 2008-04-14 00:12:22 34,304 -c--a-w C:\WINDOWS\ie7\ie4uinit.exe
+ 2008-04-14 00:11:54 143,360 -c--a-w C:\WINDOWS\ie7\ieakeng.dll
+ 2008-04-14 00:11:54 216,576 -c--a-w C:\WINDOWS\ie7\ieaksie.dll
+ 2006-02-28 12:00:00 221,184 -c--a-w C:\WINDOWS\ie7\ieakui.dll
+ 2008-04-14 00:11:54 323,584 -c--a-w C:\WINDOWS\ie7\iedkcs32.dll
+ 2008-04-14 00:12:22 18,432 -c--a-w C:\WINDOWS\ie7\iedw.exe
+ 2008-04-14 00:11:54 251,904 -c--a-w C:\WINDOWS\ie7\iepeers.dll
+ 2008-04-14 00:11:54 48,640 -c--a-w C:\WINDOWS\ie7\iernonce.dll
+ 2008-04-14 00:11:54 62,976 -c--a-w C:\WINDOWS\ie7\iesetup.dll
+ 2008-04-14 00:12:22 93,184 -c--a-w C:\WINDOWS\ie7\iexplore.exe
+ 2008-04-14 00:11:54 35,840 -c--a-w C:\WINDOWS\ie7\imgutil.dll
+ 2008-04-14 00:11:55 96,256 -c--a-w C:\WINDOWS\ie7\inseng.dll
+ 2008-04-14 00:11:56 15,872 -c--a-w C:\WINDOWS\ie7\jsproxy.dll
+ 2008-04-14 00:11:56 22,016 -c--a-w C:\WINDOWS\ie7\licmgr10.dll
+ 2008-04-14 00:12:27 29,184 -c--a-w C:\WINDOWS\ie7\mshta.exe
+ 2008-04-21 06:44:29 3,066,880 -c--a-w C:\WINDOWS\ie7\mshtml.dll
+ 2008-04-14 00:11:59 449,024 -c--a-w C:\WINDOWS\ie7\mshtmled.dll
+ 2008-04-13 16:26:26 56,832 -c--a-w C:\WINDOWS\ie7\mshtmler.dll
+ 2006-02-28 12:00:00 146,432 -c--a-w C:\WINDOWS\ie7\msls31.dll
+ 2008-04-14 00:12:00 146,432 -c--a-w C:\WINDOWS\ie7\msrating.dll
+ 2008-04-14 00:12:00 532,480 -c--a-w C:\WINDOWS\ie7\mstime.dll
+ 2008-04-14 00:12:02 96,256 -c--a-w C:\WINDOWS\ie7\occache.dll
+ 2008-04-14 00:12:02 39,424 -c--a-w C:\WINDOWS\ie7\pngfilt.dll
+ 2007-08-14 01:54:42 32,960 -c--a-w C:\WINDOWS\ie7\spuninst\iecustom.dll
+ 2007-08-14 01:52:06 66,048 -c--a-w C:\WINDOWS\ie7\spuninst\ieResetIcons.exe
+ 2006-09-07 00:43:16 213,216 -c--a-w C:\WINDOWS\ie7\spuninst\spuninst.exe
+ 2006-09-07 00:43:18 371,424 -c--a-w C:\WINDOWS\ie7\spuninst\updspapi.dll
+ 2008-04-14 00:12:08 37,888 -c--a-w C:\WINDOWS\ie7\url.dll
+ 2008-04-14 00:12:08 619,520 -c--a-w C:\WINDOWS\ie7\urlmon.dll
+ 2008-04-14 00:12:08 851,968 -c--a-w C:\WINDOWS\ie7\vgx.dll
+ 2008-04-14 00:12:08 276,480 -c--a-w C:\WINDOWS\ie7\webcheck.dll
+ 2008-04-21 06:44:29 666,112 -c--a-w C:\WINDOWS\ie7\wininet.dll
+ 2007-08-14 01:39:00 123,904 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\advpack.dll
+ 2007-08-14 01:39:00 123,904 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\advpack.dll.000
+ 2007-08-14 01:35:46 346,624 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\dxtmsft.dll
+ 2007-08-14 01:35:46 346,624 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\dxtmsft.dll.000
+ 2007-08-14 01:35:38 214,528 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\dxtrans.dll
+ 2007-08-14 01:35:38 214,528 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\dxtrans.dll.000
+ 2007-08-14 01:54:10 131,584 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\extmgr.dll
+ 2007-08-14 01:54:10 131,584 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\extmgr.dll.000
+ 2007-08-14 01:36:26 61,952 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\icardie.dll
+ 2007-08-14 01:39:06 54,784 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ie4uinit.exe
+ 2007-08-14 01:39:06 54,784 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ie4uinit.exe.000
+ 2007-08-14 01:39:26 152,064 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieakeng.dll
+ 2007-08-14 01:39:26 152,064 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieakeng.dll.000
+ 2007-08-14 01:39:54 229,376 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieaksie.dll
+ 2007-08-14 01:39:54 229,376 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieaksie.dll.000
+ 2007-08-14 00:56:54 161,792 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieakui.dll
+ 2007-02-12 23:10:12 2,451,312 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieapfltr.dat
+ 2007-07-11 19:27:48 383,488 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieapfltr.dll
+ 2007-08-14 01:39:50 382,976 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\iedkcs32.dll
+ 2007-08-14 01:39:50 382,976 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\iedkcs32.dll.000
+ 2007-08-14 01:54:10 6,049,280 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieframe.dll
+ 2007-08-14 01:39:10 43,008 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\iernonce.dll
+ 2007-08-14 01:39:10 43,008 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\iernonce.dll.000
+ 2007-08-14 01:34:04 266,752 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\iertutil.dll
+ 2007-08-14 01:39:10 13,312 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieudinit.exe
+ 2007-08-14 01:43:56 622,080 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\iexplore.exe
+ 2007-08-14 01:43:56 622,080 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\iexplore.exe.000
+ 2007-08-14 01:54:10 27,136 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\jsproxy.dll
+ 2007-08-14 01:54:10 27,136 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\jsproxy.dll.000
+ 2007-08-14 01:54:10 458,752 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\msfeeds.dll
+ 2007-08-14 01:54:10 50,688 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\msfeedsbs.dll
+ 2007-08-14 01:54:12 3,578,368 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\mshtml.dll
+ 2007-08-14 01:54:10 475,648 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\mshtmled.dll
+ 2007-08-14 01:54:10 475,648 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\mshtmled.dll.000
+ 2007-08-14 01:44:26 192,000 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\msrating.dll
+ 2007-08-14 01:44:26 192,000 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\msrating.dll.000
+ 2007-08-14 01:54:10 670,720 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\mstime.dll
+ 2007-08-14 01:54:10 670,720 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\mstime.dll.000
+ 2007-08-14 01:44:06 101,376 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\occache.dll
+ 2007-08-14 01:44:06 101,376 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\occache.dll.000
+ 2007-08-14 01:36:12 44,544 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\pngfilt.dll
+ 2007-08-14 01:36:12 44,544 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\pngfilt.dll.000
+ 2007-03-06 01:22:39 213,216 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\updspapi.dll
+ 2007-08-14 01:44:30 105,984 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\url.dll
+ 2007-08-14 01:44:30 105,984 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\url.dll.000
+ 2007-08-14 01:54:10 1,162,240 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\urlmon.dll
+ 2007-08-14 01:54:10 1,162,240 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\urlmon.dll.000
+ 2007-08-14 01:54:10 231,424 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\webcheck.dll
+ 2007-08-14 01:54:10 231,424 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\webcheck.dll.000
+ 2007-08-14 01:54:10 818,688 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\wininet.dll
- 2008-04-14 00:11:48 61,440 ----a-w C:\WINDOWS\system32\admparse.dll
+ 2007-08-14 01:39:20 71,680 ----a-w C:\WINDOWS\system32\admparse.dll
- 2008-04-14 00:11:48 99,840 ----a-w C:\WINDOWS\system32\advpack.dll
+ 2008-04-23 04:16:28 124,928 ----a-w C:\WINDOWS\system32\advpack.dll
+ 2007-08-14 01:39:20 71,680 -c----w C:\WINDOWS\system32\dllcache\admparse.dll
+ 2008-04-23 04:16:28 124,928 -c----w C:\WINDOWS\system32\dllcache\advpack.dll
+ 2006-09-23 20:12:50 1,022,976 -c----w C:\WINDOWS\system32\dllcache\browseui.dll
+ 2007-08-14 01:42:54 17,408 -c----w C:\WINDOWS\system32\dllcache\corpol.dll
- 2008-04-14 00:11:51 33,792 -c--a-w C:\WINDOWS\system32\dllcache\custsat.dll
+ 2007-08-14 01:54:10 33,792 -c--a-w C:\WINDOWS\system32\dllcache\custsat.dll
+ 2008-04-23 04:16:28 347,136 -c----w C:\WINDOWS\system32\dllcache\dxtmsft.dll
+ 2008-04-23 04:16:28 214,528 -c----w C:\WINDOWS\system32\dllcache\dxtrans.dll
+ 2008-04-23 04:16:28 133,120 -c----w C:\WINDOWS\system32\dllcache\extmgr.dll
+ 2007-08-14 01:18:02 60,416 -c----w C:\WINDOWS\system32\dllcache\hmmapi.dll
+ 2008-04-22 07:39:58 70,656 -c----w C:\WINDOWS\system32\dllcache\ie4uinit.exe
+ 2008-04-23 04:16:28 153,088 -c----w C:\WINDOWS\system32\dllcache\ieakeng.dll
+ 2008-04-23 04:16:28 230,400 -c----w C:\WINDOWS\system32\dllcache\ieaksie.dll
- 2006-02-28 12:00:00 221,184 -c--a-w C:\WINDOWS\system32\dllcache\ieakui.dll
+ 2008-04-20 05:07:51 161,792 -c----w C:\WINDOWS\system32\dllcache\ieakui.dll
+ 2008-04-23 04:16:28 384,512 -c----w C:\WINDOWS\system32\dllcache\iedkcs32.dll
+ 2007-08-14 01:44:02 69,120 -c----w C:\WINDOWS\system32\dllcache\iedw.exe
+ 2007-08-14 01:45:18 78,336 -c----w C:\WINDOWS\system32\dllcache\ieencode.dll
+ 2007-08-14 01:54:10 191,488 -c----w C:\WINDOWS\system32\dllcache\iepeers.dll
+ 2008-04-23 04:16:28 44,544 -c----w C:\WINDOWS\system32\dllcache\iernonce.dll
+ 2007-08-14 01:39:12 55,296 -c----w C:\WINDOWS\system32\dllcache\iesetup.dll
+ 2008-04-22 07:40:18 625,664 -c----w C:\WINDOWS\system32\dllcache\iexplore.exe
+ 2007-08-14 01:36:06 36,352 -c----w C:\WINDOWS\system32\dllcache\imgutil.dll
+ 2007-08-14 01:39:02 92,672 -c----w C:\WINDOWS\system32\dllcache\inseng.dll
+ 2007-08-14 01:38:04 491,520 -c----w C:\WINDOWS\system32\dllcache\jscript.dll
+ 2008-04-23 04:16:28 27,648 -c----w C:\WINDOWS\system32\dllcache\jsproxy.dll
+ 2007-08-14 01:44:18 40,960 -c----w C:\WINDOWS\system32\dllcache\licmgr10.dll
+ 2007-08-14 01:32:30 45,568 -c----w C:\WINDOWS\system32\dllcache\mshta.exe
- 2008-04-21 06:44:29 3,066,880 -c----w C:\WINDOWS\system32\dllcache\mshtml.dll
+ 2008-04-24 05:16:30 3,591,680 -c----w C:\WINDOWS\system32\dllcache\mshtml.dll
+ 2008-04-23 04:16:28 478,208 -c----w C:\WINDOWS\system32\dllcache\mshtmled.dll
+ 2007-08-14 01:01:12 48,128 -c----w C:\WINDOWS\system32\dllcache\mshtmler.dll
- 2006-02-28 12:00:00 146,432 -c--a-w C:\WINDOWS\system32\dllcache\msls31.dll
+ 2007-08-14 01:54:10 156,160 -c--a-w C:\WINDOWS\system32\dllcache\msls31.dll
+ 2008-04-23 04:16:28 193,024 -c----w C:\WINDOWS\system32\dllcache\msrating.dll
+ 2008-04-23 04:16:28 671,232 -c----w C:\WINDOWS\system32\dllcache\mstime.dll
+ 2008-04-23 04:16:28 102,912 -c----w C:\WINDOWS\system32\dllcache\occache.dll
+ 2008-04-23 04:16:28 44,544 -c----w C:\WINDOWS\system32\dllcache\pngfilt.dll
+ 2006-09-23 20:12:50 1,497,088 -c----w C:\WINDOWS\system32\dllcache\shdocvw.dll
+ 2006-09-23 20:12:50 474,112 -c----w C:\WINDOWS\system32\dllcache\shlwapi.dll
+ 2008-04-23 04:16:28 105,984 -c----w C:\WINDOWS\system32\dllcache\url.dll
+ 2008-04-23 04:16:29 1,159,680 -c----w C:\WINDOWS\system32\dllcache\urlmon.dll
+ 2007-08-14 01:54:10 413,696 -c----w C:\WINDOWS\system32\dllcache\vbscript.dll
+ 2007-08-14 01:54:10 765,952 -c----w C:\WINDOWS\system32\dllcache\VGX.dll
+ 2008-04-23 04:16:29 233,472 -c----w C:\WINDOWS\system32\dllcache\webcheck.dll
- 2008-04-21 06:44:29 666,112 -c----w C:\WINDOWS\system32\dllcache\wininet.dll
+ 2008-04-23 04:16:29 826,368 -c----w C:\WINDOWS\system32\dllcache\wininet.dll
- 2008-04-14 00:11:52 357,888 ----a-w C:\WINDOWS\system32\dxtmsft.dll
+ 2008-04-23 04:16:28 347,136 ----a-w C:\WINDOWS\system32\dxtmsft.dll
- 2008-04-14 00:11:52 205,312 ----a-w C:\WINDOWS\system32\dxtrans.dll
+ 2008-04-23 04:16:28 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll
- 2008-04-14 00:11:53 55,808 ----a-w C:\WINDOWS\system32\extmgr.dll
+ 2008-04-23 04:16:28 133,120 ------w C:\WINDOWS\system32\extmgr.dll
+ 2008-04-23 04:16:28 63,488 ----a-w C:\WINDOWS\system32\icardie.dll
+ 2006-06-29 15:05:44 26,112 ------w C:\WINDOWS\system32\idndl.dll
- 2008-04-14 00:12:22 34,304 ----a-w C:\WINDOWS\system32\ie4uinit.exe
+ 2008-04-22 07:39:58 70,656 ------w C:\WINDOWS\system32\ie4uinit.exe
- 2008-04-14 00:11:54 143,360 ----a-w C:\WINDOWS\system32\ieakeng.dll
+ 2008-04-23 04:16:28 153,088 ------w C:\WINDOWS\system32\ieakeng.dll
- 2008-04-14 00:11:54 216,576 ----a-w C:\WINDOWS\system32\ieaksie.dll
+ 2008-04-23 04:16:28 230,400 ------w C:\WINDOWS\system32\ieaksie.dll
- 2006-02-28 12:00:00 221,184 ----a-w C:\WINDOWS\system32\ieakui.dll
+ 2008-04-20 05:07:51 161,792 ------w C:\WINDOWS\system32\ieakui.dll
+ 2007-04-17 09:32:38 2,455,488 ----a-w C:\WINDOWS\system32\ieapfltr.dat
+ 2008-04-23 04:16:28 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll
- 2008-04-14 00:11:54 323,584 ----a-w C:\WINDOWS\system32\iedkcs32.dll
+ 2008-04-23 04:16:28 384,512 ------w C:\WINDOWS\system32\iedkcs32.dll
+ 2008-04-23 04:16:28 6,066,176 ----a-w C:\WINDOWS\system32\ieframe.dll
- 2008-04-14 00:11:54 251,904 ----a-w C:\WINDOWS\system32\iepeers.dll
+ 2007-08-14 01:54:10 191,488 ----a-w C:\WINDOWS\system32\iepeers.dll
- 2008-04-14 00:11:54 48,640 ----a-w C:\WINDOWS\system32\iernonce.dll
+ 2008-04-23 04:16:28 44,544 ------w C:\WINDOWS\system32\iernonce.dll
+ 2008-04-23 04:16:28 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll
- 2008-04-14 00:11:54 62,976 ----a-w C:\WINDOWS\system32\iesetup.dll
+ 2007-08-14 01:39:12 55,296 ----a-w C:\WINDOWS\system32\iesetup.dll
+ 2008-04-22 07:39:58 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe
+ 2007-08-14 01:54:10 180,736 ------w C:\WINDOWS\system32\ieui.dll
- 2008-04-14 00:11:54 35,840 ----a-w C:\WINDOWS\system32\imgutil.dll
+ 2007-08-14 01:36:06 36,352 ----a-w C:\WINDOWS\system32\imgutil.dll
- 2008-04-14 00:11:55 96,256 ----a-w C:\WINDOWS\system32\inseng.dll
+ 2007-08-14 01:39:02 92,672 ----a-w C:\WINDOWS\system32\inseng.dll
- 2008-04-14 00:11:56 15,872 ----a-w C:\WINDOWS\system32\jsproxy.dll
+ 2008-04-23 04:16:28 27,648 ----a-w C:\WINDOWS\system32\jsproxy.dll
- 2008-04-14 00:11:56 22,016 ----a-w C:\WINDOWS\system32\licmgr10.dll
+ 2007-08-14 01:44:18 40,960 ----a-w C:\WINDOWS\system32\licmgr10.dll
+ 2008-04-23 04:16:28 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll
+ 2008-04-23 04:16:28 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll
+ 2007-08-14 01:36:40 12,288 ------w C:\WINDOWS\system32\msfeedssync.exe
- 2008-04-14 00:12:27 29,184 ----a-w C:\WINDOWS\system32\mshta.exe
+ 2007-08-14 01:32:30 45,568 ----a-w C:\WINDOWS\system32\mshta.exe
- 2008-04-21 06:44:29 3,066,880 ----a-w C:\WINDOWS\system32\mshtml.dll
+ 2008-04-24 05:16:30 3,591,680 ----a-w C:\WINDOWS\system32\mshtml.dll
- 2008-04-14 00:11:59 449,024 ----a-w C:\WINDOWS\system32\mshtmled.dll
+ 2008-04-23 04:16:28 478,208 ----a-w C:\WINDOWS\system32\mshtmled.dll
- 2008-04-13 16:26:26 56,832 ----a-w C:\WINDOWS\system32\mshtmler.dll
+ 2007-08-14 01:01:12 48,128 ----a-w C:\WINDOWS\system32\mshtmler.dll
- 2006-02-28 12:00:00 146,432 ----a-w C:\WINDOWS\system32\msls31.dll
+ 2007-08-14 01:54:10 156,160 ----a-w C:\WINDOWS\system32\msls31.dll
- 2008-04-14 00:12:00 146,432 ----a-w C:\WINDOWS\system32\msrating.dll
+ 2008-04-23 04:16:28 193,024 ------w C:\WINDOWS\system32\msrating.dll
- 2008-04-14 00:12:00 532,480 ----a-w C:\WINDOWS\system32\mstime.dll
+ 2008-04-23 04:16:28 671,232 ------w C:\WINDOWS\system32\mstime.dll
+ 2006-06-29 00:59:26 24,576 ------w C:\WINDOWS\system32\nlsdl.dll
+ 2006-06-29 15:05:44 23,552 ------w C:\WINDOWS\system32\normaliz.dll
- 2008-04-14 00:12:02 96,256 ----a-w C:\WINDOWS\system32\occache.dll
+ 2008-04-23 04:16:28 102,912 ------w C:\WINDOWS\system32\occache.dll
- 2008-04-14 00:12:02 39,424 ----a-w C:\WINDOWS\system32\pngfilt.dll
+ 2008-04-23 04:16:28 44,544 ----a-w C:\WINDOWS\system32\pngfilt.dll
- 2008-04-14 00:12:08 37,888 ----a-w C:\WINDOWS\system32\url.dll
+ 2008-04-23 04:16:28 105,984 ----a-w C:\WINDOWS\system32\url.dll
- 2008-04-14 00:12:08 619,520 ----a-w C:\WINDOWS\system32\urlmon.dll
+ 2008-04-23 04:16:29 1,159,680 ----a-w C:\WINDOWS\system32\urlmon.dll
- 2008-04-14 00:12:08 276,480 ----a-w C:\WINDOWS\system32\webcheck.dll
+ 2008-04-23 04:16:29 233,472 ----a-w C:\WINDOWS\system32\webcheck.dll
+ 2007-08-14 01:45:16 206,336 ------w C:\WINDOWS\system32\WinFXDocObj.exe
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\steam\steam.exe" [2008-03-28 15:53 1271032]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]
"La_View Mouse"="C:\PROGRA~1\DiDi\HAMAS1~1\S1_2k.exe" [2005-07-26 15:34 2863104]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-01-17 09:51 486856]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 17:12 15360]
"ASUS SmartDoctor"="C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe" [2007-12-18 17:12 1126400]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2008-01-03 09:15 50528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EPSON Stylus CX3800 Series on JYIP-DT (from YIP-J-XP2)"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE" [2005-02-07 12:00 98304]
"EPSON Stylus CX3800 Series on emachine (from YIP-J-XP2)"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE" [2005-02-07 12:00 98304]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-12-08 12:16 185896]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"ShStatEXE"="C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2007-02-22 20:50 112216]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2008-01-20 00:05 217088]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 01:41 81920]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776]
"McAfeeUpdaterUI"="C:\Program Files\McAfee\Common Framework\UdaterUI.exe" [2006-12-19 11:27 136768]
"FileZilla Server Interface"="C:\Program Files\FileZilla Server\FileZilla Server Interface.exe" [2007-12-25 14:25 937984]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"EPSON Stylus CX3800 Series (from EMACHINE)"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE" [2005-02-07 12:00 98304]
"nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe]
"RTHDCPL"="RTHDCPL.EXE" [2008-02-19 15:34 16858112 C:\WINDOWS\RTHDCPL.exe]

C:\Documents and Settings\DiDi\Start Menu\Programs\Startup\
Xfire.lnk - C:\Program Files\Xfire\xfire.exe [2008-06-11 16:55:02 3017040]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds"= C:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll
"VIDC.XFR1"= xfcodec.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\AIM6\\aim6.exe"=
"C:\\Program Files\\Softnyx\\Rakion\\Bin\\rakion.bin"=
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Steam\\steamapps\\ag05\\counter-strike\\hl.exe"=
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"=
"C:\\Program Files\\Microsoft Games\\Halo Trial\\halo.exe"=
"C:\\Program Files\\ASUS\\GamerOSD\\SBS.exe"=
"C:\\Program Files\\Xfire\\xfire.exe"=
"C:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"=
"C:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Ntreev\\Grand Chase\\main.exe"=
"C:\\Program Files\\Steam\\steamapps\\ag05\\half-life 2 deathmatch\\hl2.exe"=
"C:\\Program Files\\BOTS\\bots.dat"=
"C:\\Program Files\\BOTS\\bots.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\Starcraft\\StarCraft.exe"=
"C:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"C:\\Program Files\\Steam\\steamapps\\ag05\\garrysmod\\hl2.exe"=
"C:\\Program Files\\Hamachi\\hamachi.exe"=
"C:\\Program Files\\Steam\\steam.exe"=
"C:\\Program Files\\MAIET\\Gunz\\GunzLauncher.exe"=
"C:\\Program Files\\Mass Effect\\Binaries\\MassEffect.exe"=
"C:\\Program Files\\Mass Effect\\MassEffectLauncher.exe"=
"C:\\cdcgames\\lunia\\Lunia.exe"=
"C:\Program Files\Gameforge4D\AirRivals\Launcher.atm"= C:\Program Files\Gameforge4D\AirRivals\Launcher.atm:Enabled:GameExe2
"C:\Program Files\Gameforge4D\AirRivals\Res-Voip\SCVoIP.exe"= C:\Program Files\Gameforge4D\AirRivals\Res-Voip\SCVoIP.exe:Enabled:GameVoIP
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\McAfee\\VirusScan Enterprise\\mcconsol.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"20437:TCP"= 20437:TCP:*:Disabled:SolidNetworkManager
"20437:UDP"= 20437:UDP:*:Disabled:SolidNetworkManager
"6112:TCP"= 6112:TCP:Starcraft
"6112:UDP"= 6112:UDP:Starcraft
"61191:TCP"= 61191:TCP:uTorrent
"61191:UDP"= 61191:UDP:uTorrent
"27015:TCP"= 27015:TCP:Half Life Server
"27015:UDP"= 27015:UDP:Half Life Server

R1 oreans32;oreans32;C:\WINDOWS\system32\drivers\oreans32.sys [2008-02-18 13:42]
R3 dsNcAdpt;Juniper Network Connect Adapter;C:\WINDOWS\system32\DRIVERS\dsNcAdpt.sys [2007-04-10 16:05]
R3 Video3D;ASUS Video3D Service;C:\WINDOWS\system32\Drivers\Video3D32.sys [2007-09-13 15:54]
S3 IlvMoneyDRIVER53;IlvMoneyDRIVER53;C:\Documents and Settings\DiDi\Desktop\Hacks\Bots\new hack pack\IlvMoney1148.sys []
S3 MayPro;TigerGame SuperJoy Box Pro Filter Service;C:\WINDOWS\system32\Drivers\MayPro.sys [2006-05-05 16:24]
S3 sys_com001;sys_com001;C:\Documents and Settings\DiDi\Desktop\Hacks\BOTS!! Hacks (www.L3af.com)\BOTS!! Hacks (www.L3af.com)\syscom.sys []
S3 XDva020;XDva020;C:\WINDOWS\system32\XDva020.sys []
S3 XDva090;XDva090;C:\WINDOWS\system32\XDva090.sys []

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-07-06 00:43:01 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-07-05 18:24:41 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-05 18:36:17
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-07-05 18:38:40
ComboFix-quarantined-files.txt 2008-07-06 01:38:12
ComboFix2.txt 2008-07-05 02:45:55
ComboFix3.txt 2008-07-05 01:21:26

Pre-Run: 146,988,265,472 bytes free
Post-Run: 146,968,981,504 bytes free

467 --- E O F --- 2008-07-04 21:29:38

HIJACKTHIS LOG
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:46:39 PM, on 7/5/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\Program Files\FileZilla Server\FileZilla Server.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\PROGRA~1\DiDi\HAMAS1~1\S1_2k.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\conime.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [EPSON Stylus CX3800 Series on JYIP-DT (from YIP-J-XP2)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE /P54 "EPSON Stylus CX3800 Series on JYIP-DT (from YIP-J-XP2)" /O5 "TS001" /M "Stylus CX3800"
O4 - HKLM\..\Run: [EPSON Stylus CX3800 Series on emachine (from YIP-J-XP2)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE /P55 "EPSON Stylus CX3800 Series on emachine (from YIP-J-XP2)" /O5 "TS002" /M "Stylus CX3800"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [FileZilla Server Interface] "C:\Program Files\FileZilla Server\FileZilla Server Interface.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [EPSON Stylus CX3800 Series (from EMACHINE)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE /P42 "EPSON Stylus CX3800 Series (from EMACHINE)" /O5 "TS001" /M "Stylus CX3800"
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [La_View Mouse] C:\PROGRA~1\DiDi\HAMAS1~1\S1_2k.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ASUS SmartDoctor] C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe /start
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1197139957843
O16 - DPF: {BD08A9D5-0E5C-4F42-99A3-C0CB5E860557} (CSolidBrowserObj Object) - http://cdn1.acclaimdownloads.com/solidstateion.cab
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://ssl3.eclipsnet.com/dana-cached/setup/JuniperSetupSP1.cab
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - C:\Program Files\FileZilla Server\FileZilla Server.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 8395 bytes

Virus Total Log

File wmpns.dll received on 07.04.2008 13:23:50 (CET)
Current status: finished
Result: 0/33 (0.00%)
Compact Compact
Print results Print results
Antivirus Version Last Update Result
AhnLab-V3 2008.7.4.0 2008.07.03 -
AntiVir 7.8.0.64 2008.07.04 -
Authentium 5.1.0.4 2008.07.04 -
Avast 4.8.1195.0 2008.07.04 -
AVG 7.5.0.516 2008.07.03 -
BitDefender 7.2 2008.07.04 -
CAT-QuickHeal 9.50 2008.07.03 -
ClamAV 0.93.1 2008.07.04 -
DrWeb 4.44.0.09170 2008.07.04 -
eSafe 7.0.17.0 2008.07.03 -
eTrust-Vet 31.6.5925 2008.07.04 -
Ewido 4.0 2008.07.04 -
F-Prot 4.4.4.56 2008.07.03 -
F-Secure 7.60.13501.0 2008.07.03 -
Fortinet 3.14.0.0 2008.07.04 -
GData 2.0.7306.1023 2008.07.04 -
Ikarus T3.1.1.26.0 2008.07.04 -
Kaspersky 7.0.0.125 2008.07.04 -
McAfee 5331 2008.07.03 -
Microsoft 1.3704 2008.07.04 -
NOD32v2 3241 2008.07.04 -
Norman 5.80.02 2008.07.03 -
Panda 9.0.0.4 2008.07.03 -
Prevx1 V2 2008.07.04 -
Rising 20.51.42.00 2008.07.04 -
Sophos 4.30.0 2008.07.04 -
Sunbelt 3.1.1509.1 2008.07.04 -
Symantec 10 2008.07.04 -
TheHacker 6.2.96.370 2008.07.04 -
TrendMicro 8.700.0.1004 2008.07.04 -
VBA32 3.12.6.8 2008.07.03 -
VirusBuster 4.5.11.0 2008.07.03 -
Webwasher-Gateway 6.6.2 2008.07.04 -
Additional information
File size: 221184 bytes
MD5...: 275eb0f67c08cd051034be74961eafa2
SHA1..: 9dc0d9aa86339c597975f6b801a203a21ba9dff6
SHA256: 869524e5abb3b1f36405ac92f55fea3aeaba41e3c98d298c7585316fb0faaee9
SHA512: c767ac0a2c7e680edb9a0a42143ad777d47f2a5558678aeddf8cca0f614acd5d
a297b77fe79de733636ae2570bad11a963135093a9ef2fd1e5978ef1b223e22e
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x4b099aaf
timedatestamp.....: 0x411096e3 (Wed Aug 04 07:57:23 2004)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x2c693 0x2d000 6.31 9e3224bd6cd3066feeeef74448235587
.data 0x2e000 0x40f0 0x3000 5.63 4bd4ed928f16677f48c83d7df7239ae7
.rsrc 0x33000 0x3d8 0x1000 1.04 b1f9f3fc230509e17b143f93967209f4
.reloc 0x34000 0x3b40 0x4000 4.18 e2a088a1be3bf8c65b4822ef67e36ef8

( 10 imports )
> msvcrt.dll: wcsstr, _wcsnicmp, _wtol, _vsnwprintf, wcschr, wcspbrk, iswspace, memmove, wcslen, wcsncmp, towupper, _wcsicmp, wcsrchr, vswprintf, _beginthreadex, _wtoi, iswdigit, wcscmp, _snwprintf, wcsncpy, __3@YAXPAX@Z, _onexit, __dllonexit, _adjust_fdiv, malloc, _initterm, free, _purecall, _except_handler3, __2@YAPAXI@Z
> MPR.dll: WNetGetConnectionW, WNetGetConnectionA, WNetCancelConnection2W, WNetAddConnection2W
> KERNEL32.dll: CompareStringW, GetDriveTypeA, GetDriveTypeW, QueryDosDeviceA, QueryDosDeviceW, GetWindowsDirectoryW, GetLocaleInfoW, GetLocaleInfoA, GetVersionExW, lstrcpyW, lstrcatW, LoadLibraryW, lstrcpynW, GetModuleHandleW, GetModuleFileNameW, GetModuleFileNameA, GetFileAttributesW, GetFileAttributesA, lstrlenA, CloseHandle, GetCurrentThreadId, WaitForSingleObject, SetEvent, FlushInstructionCache, GetCurrentProcess, InterlockedIncrement, LeaveCriticalSection, EnterCriticalSection, InterlockedDecrement, SetLastError, GetLastError, FreeLibrary, SetErrorMode, GetProcAddress, GetExitCodeThread, CreateFileW, CreateFileA, DeviceIoControl, GetVersion, GetUserDefaultLangID, CreateThread, InitializeCriticalSection, HeapDestroy, DeleteCriticalSection, DisableThreadLibraryCalls, QueryPerformanceCounter, GetTickCount, GetCurrentProcessId, GetSystemTimeAsFileTime, TerminateProcess, CreateEventW, CreateEventA, CompareStringA, GetModuleHandleA, GetWindowsDirectoryA, lstrlenW, GetVersionExA, MultiByteToWideChar, WideCharToMultiByte, VirtualAlloc, VirtualFree, LoadLibraryA, HeapAlloc, GetProcessHeap, HeapFree, SetUnhandledExceptionFilter, UnhandledExceptionFilter
> GDI32.dll: SelectPalette, RealizePalette, RectVisible, SetDIBitsToDevice, StretchDIBits, MaskBlt, StretchBlt, CreateDIBSection, GetDIBColorTable, GetDeviceCaps, GetObjectW, GetObjectType, GetObjectA, CreateICW, CreateICA, GetClipBox, CreateCompatibleDC, SelectClipRgn, SelectObject, OffsetViewportOrgEx, DeleteDC, SetRectRgn, CreateRectRgnIndirect, DeleteObject
> USER32.dll: MessageBoxA, MessageBoxW, PeekMessageA, PeekMessageW, PostMessageA, PostMessageW, PostThreadMessageA, PostThreadMessageW, RegisterClassExA, RegisterClassExW, UnregisterClassA, UnregisterClassW, RegisterWindowMessageA, SendMessageW, SetWindowLongA, SetWindowLongW, wvsprintfW, GetMonitorInfoA, GetMonitorInfoW, CharNextW, GetCapture, ReleaseCapture, SetCapture, GetFocus, SetFocus, IsWindowVisible, GetDC, ReleaseDC, InvalidateRect, InvalidateRgn, PtInRect, MonitorFromRect, WindowFromDC, LoadCursorW, GetWindowTextW, GetWindowTextA, GetWindowLongW, GetWindowLongA, GetMessageW, GetMessageA, GetClassNameA, GetClassLongA, GetClassInfoExW, GetClassInfoExA, DispatchMessageW, DispatchMessageA, DefWindowProcW, DefWindowProcA, CreateWindowExW, CreateWindowExA, GetSystemMetrics, CharNextA, GetCursorPos, MapWindowPoints, CallWindowProcW, CallWindowProcA, BeginPaint, CopyRect, LoadCursorA, OffsetRect, EndPaint, IsChild, ShowWindow, GetClientRect, SetWindowPos, GetParent, GetWindowRect, TranslateMessage, SetParent, IsWindow, DestroyWindow, BringWindowToTop, SendMessageA
> ADVAPI32.dll: RegCreateKeyExA, RegCreateKeyExW, RegOpenKeyExA, RegOpenKeyExW, RegQueryValueExA, RegQueryValueExW, RegCloseKey
> ole32.dll: CoUninitialize, CoFreeUnusedLibraries, CoInitialize, CoCreateInstance
> COMCTL32.dll: InitCommonControlsEx
> OLEAUT32.dll: -, -, -, -, -, -, -
> SHLWAPI.dll: PathGetCharTypeW, PathGetCharTypeA

( 247 exports )
DllCanUnloadNow, DllGetClassObject, DllRegisterServer, DllUnregisterServer, _Java_WMPNS_EventThread_CheckEvents@8, _Java_WMPNS_EventThread_GetThreadID@8, _Java_WMPNS_EventThread_kill@12, _Java_WMPNS_IWMPCdromCollection_equalsNative@20, _Java_WMPNS_IWMPCdromCollection_getByDriveSpecifierNative@20, _Java_WMPNS_IWMPCdromCollection_getCountNative@16, _Java_WMPNS_IWMPCdromCollection_itemNative@24, _Java_WMPNS_IWMPCdrom_ejectNative@16, _Java_WMPNS_IWMPCdrom_equalsNative@20, _Java_WMPNS_IWMPCdrom_getDriveSpecifierNative@16, _Java_WMPNS_IWMPCdrom_getPlaylistNative@16, _Java_WMPNS_IWMPClosedCaption_equalsNative@20, _Java_WMPNS_IWMPClosedCaption_getCaptioningIDNative@16, _Java_WMPNS_IWMPClosedCaption_getSAMIFileNameNative@16, _Java_WMPNS_IWMPClosedCaption_getSAMILangCountNative@16, _Java_WMPNS_IWMPClosedCaption_getSAMILangIDNative@24, _Java_WMPNS_IWMPClosedCaption_getSAMILangNameNative@24, _Java_WMPNS_IWMPClosedCaption_getSAMILangNative@16, _Java_WMPNS_IWMPClosedCaption_getSAMIStyleCountNative@16, _Java_WMPNS_IWMPClosedCaption_getSAMIStyleNameNative@24, _Java_WMPNS_IWMPClosedCaption_getSAMIStyleNative@16, _Java_WMPNS_IWMPClosedCaption_setCaptioningIDNative@20, _Java_WMPNS_IWMPClosedCaption_setSAMIFileNameNative@20, _Java_WMPNS_IWMPClosedCaption_setSAMILangNative@20, _Java_WMPNS_IWMPClosedCaption_setSAMIStyleNative@20, _Java_WMPNS_IWMPControls_equalsNative@20, _Java_WMPNS_IWMPControls_fastForwardNative@16, _Java_WMPNS_IWMPControls_fastReverseNative@16, _Java_WMPNS_IWMPControls_getAudioLanguageCountNative@16, _Java_WMPNS_IWMPControls_getAudioLanguageDescriptionNative@24, _Java_WMPNS_IWMPControls_getAudioLanguageIDNative@24, _Java_WMPNS_IWMPControls_getCurrentAudioLanguageIndexNative@16, _Java_WMPNS_IWMPControls_getCurrentAudioLanguageNative@16, _Java_WMPNS_IWMPControls_getCurrentItemNative@16, _Java_WMPNS_IWMPControls_getCurrentMarkerNative@16, _Java_WMPNS_IWMPControls_getCurrentPositionNative@16, _Java_WMPNS_IWMPControls_getCurrentPositionStringNative@16, _Java_WMPNS_IWMPControls_getCurrentPositionTimecodeNative@16, _Java_WMPNS_IWMPControls_getLanguageNameNative@24, _Java_WMPNS_IWMPControls_isAvailableNative@20, _Java_WMPNS_IWMPControls_nextNative@16, _Java_WMPNS_IWMPControls_pauseNative@16, _Java_WMPNS_IWMPControls_playItemNative@20, _Java_WMPNS_IWMPControls_playNative@16, _Java_WMPNS_IWMPControls_previousNative@16, _Java_WMPNS_IWMPControls_setCurrentAudioLanguageIndexNative@24, _Java_WMPNS_IWMPControls_setCurrentAudioLanguageNative@24, _Java_WMPNS_IWMPControls_setCurrentItemNative@20, _Java_WMPNS_IWMPControls_setCurrentMarkerNative@24, _Java_WMPNS_IWMPControls_setCurrentPositionNative@24, _Java_WMPNS_IWMPControls_setCurrentPositionTimecodeNative@20, _Java_WMPNS_IWMPControls_stepNative@24, _Java_WMPNS_IWMPControls_stopNative@16, _Java_WMPNS_IWMPDVD_backNative@16, _Java_WMPNS_IWMPDVD_equalsNative@20, _Java_WMPNS_IWMPDVD_getDomainNative@16, _Java_WMPNS_IWMPDVD_isAvailableNative@20, _Java_WMPNS_IWMPDVD_resumeNative@16, _Java_WMPNS_IWMPDVD_titleMenuNative@16, _Java_WMPNS_IWMPDVD_topMenuNative@16, _Java_WMPNS_IWMPErrorItem_equalsNative@20, _Java_WMPNS_IWMPErrorItem_getConditionNative@16, _Java_WMPNS_IWMPErrorItem_getCustomUrlNative@16, _Java_WMPNS_IWMPErrorItem_getErrorCodeNative@16, _Java_WMPNS_IWMPErrorItem_getErrorContextNative@16, _Java_WMPNS_IWMPErrorItem_getErrorDescriptionNative@16, _Java_WMPNS_IWMPErrorItem_getRemedyNative@16, _Java_WMPNS_IWMPError_clearErrorQueueNative@16, _Java_WMPNS_IWMPError_equalsNative@20, _Java_WMPNS_IWMPError_getErrorCountNative@16, _Java_WMPNS_IWMPError_itemNative@24, _Java_WMPNS_IWMPError_webHelpNative@16, _Java_WMPNS_IWMPMediaCollection_addNative@20, _Java_WMPNS_IWMPMediaCollection_equalsNative@20, _Java_WMPNS_IWMPMediaCollection_getAllNative@16, _Java_WMPNS_IWMPMediaCollection_getAttributeStringCollectionNative@24, _Java_WMPNS_IWMPMediaCollection_getByAlbumNative@20, _Java_WMPNS_IWMPMediaCollection_getByAttributeNative@24, _Java_WMPNS_IWMPMediaCollection_getByAuthorNative@20, _Java_WMPNS_IWMPMediaCollection_getByGenreNative@20, _Java_WMPNS_IWMPMediaCollection_getByNameNative@20, _Java_WMPNS_IWMPMediaCollection_getMediaAtomNative@20, _Java_WMPNS_IWMPMediaCollection_isDeletedNative@20, _Java_WMPNS_IWMPMediaCollection_removeNative@24, _Java_WMPNS_IWMPMediaCollection_setDeletedNative@24, _Java_WMPNS_IWMPMedia_equalsNative@20, _Java_WMPNS_IWMPMedia_getAttributeCountByTypeNative@24, _Java_WMPNS_IWMPMedia_getAttributeCountNative@16, _Java_WMPNS_IWMPMedia_getAttributeNameNative@24, _Java_WMPNS_IWMPMedia_getDurationNative@16, _Java_WMPNS_IWMPMedia_getDurationStringNative@16, _Java_WMPNS_IWMPMedia_getErrorNative@16, _Java_WMPNS_IWMPMedia_getImageSourceHeightNative@16, _Java_WMPNS_IWMPMedia_getImageSourceWidthNative@16, _Java_WMPNS_IWMPMedia_getItemInfoByAtomNative@24, _Java_WMPNS_IWMPMedia_getItemInfoByTypeNative@32, _Java_WMPNS_IWMPMedia_getItemInfoNative@20, _Java_WMPNS_IWMPMedia_getMarkerCountNative@16, _Java_WMPNS_IWMPMedia_getMarkerNameNative@24, _Java_WMPNS_IWMPMedia_getMarkerTimeNative@24, _Java_WMPNS_IWMPMedia_getNameNative@16, _Java_WMPNS_IWMPMedia_getSourceURLNative@16, _Java_WMPNS_IWMPMedia_isIdenticalNative@20, _Java_WMPNS_IWMPMedia_isMemberOfNative@20, _Java_WMPNS_IWMPMedia_isReadOnlyItemNative@20, _Java_WMPNS_IWMPMedia_setItemInfoNative@24, _Java_WMPNS_IWMPMedia_setNameNative@20, _Java_WMPNS_IWMPNetwork_equalsNative@20, _Java_WMPNS_IWMPNetwork_getBandWidthNative@16, _Java_WMPNS_IWMPNetwork_getBitRateNative@16, _Java_WMPNS_IWMPNetwork_getBufferingCountNative@16, _Java_WMPNS_IWMPNetwork_getBufferingProgressNative@16, _Java_WMPNS_IWMPNetwork_getBufferingTimeNative@16, _Java_WMPNS_IWMPNetwork_getDownloadProgressNative@16, _Java_WMPNS_IWMPNetwork_getEncodedFrameRateNative@16, _Java_WMPNS_IWMPNetwork_getFrameRateNative@16, _Java_WMPNS_IWMPNetwork_getFramesSkippedNative@16, _Java_WMPNS_IWMPNetwork_getLostPacketsNative@16, _Java_WMPNS_IWMPNetwork_getMaxBandwidthNative@16, _Java_WMPNS_IWMPNetwork_getMaxBitRateNative@16, _Java_WMPNS_IWMPNetwork_getProxyBypassForLocalNative@20, _Java_WMPNS_IWMPNetwork_getProxyExceptionListNative@20, _Java_WMPNS_IWMPNetwork_getProxyNameNative@20, _Java_WMPNS_IWMPNetwork_getProxyPortNative@20, _Java_WMPNS_IWMPNetwork_getProxySettingsNative@20, _Java_WMPNS_IWMPNetwork_getReceivedPacketsNative@16, _Java_WMPNS_IWMPNetwork_getReceptionQualityNative@16, _Java_WMPNS_IWMPNetwork_getRecoveredPacketsNative@16, _Java_WMPNS_IWMPNetwork_getSourceProtocolNative@16, _Java_WMPNS_IWMPNetwork_setBufferingTimeNative@24, _Java_WMPNS_IWMPNetwork_setMaxBandwidthNative@24, _Java_WMPNS_IWMPNetwork_setProxyBypassForLocalNative@24, _Java_WMPNS_IWMPNetwork_setProxyExceptionListNative@24, _Java_WMPNS_IWMPNetwork_setProxyNameNative@24, _Java_WMPNS_IWMPNetwork_setProxyPortNative@28, _Java_WMPNS_IWMPNetwork_setProxySettingsNative@28, _Java_WMPNS_IWMPPlayerApplication_equalsNative@20, _Java_WMPNS_IWMPPlayerApplication_getHasDisplayNative@16, _Java_WMPNS_IWMPPlayerApplication_getPlayerDockedNative@16, _Java_WMPNS_IWMPPlayerApplication_switchToControlNative@16, _Java_WMPNS_IWMPPlayerApplication_switchToPlayerApplicationNative@16, _Java_WMPNS_IWMPPlayer_closeNative@16, _Java_WMPNS_IWMPPlayer_equalsNative@20, _Java_WMPNS_IWMPPlayer_getCdromCollectionNative@16, _Java_WMPNS_IWMPPlayer_getClosedCaptionNative@16, _Java_WMPNS_IWMPPlayer_getControlsNative@16, _Java_WMPNS_IWMPPlayer_getCurrentMediaNative@16, _Java_WMPNS_IWMPPlayer_getCurrentPlaylistNative@16, _Java_WMPNS_IWMPPlayer_getDvdNative@16, _Java_WMPNS_IWMPPlayer_getEnableContextMenuNative@16, _Java_WMPNS_IWMPPlayer_getEnabledNative@16, _Java_WMPNS_IWMPPlayer_getErrorNative@16, _Java_WMPNS_IWMPPlayer_getFullScreenNative@16, _Java_WMPNS_IWMPPlayer_getIsOnlineNative@16, _Java_WMPNS_IWMPPlayer_getIsRemoteNative@16, _Java_WMPNS_IWMPPlayer_getMediaCollectionNative@16, _Java_WMPNS_IWMPPlayer_getNetworkNative@16, _Java_WMPNS_IWMPPlayer_getOpenStateNative@16, _Java_WMPNS_IWMPPlayer_getPlayStateNative@16, _Java_WMPNS_IWMPPlayer_getPlayerApplicationNative@16, _Java_WMPNS_IWMPPlayer_getPlaylistCollectionNative@16, _Java_WMPNS_IWMPPlayer_getSettingsNative@16, _Java_WMPNS_IWMPPlayer_getStatusNative@16, _Java_WMPNS_IWMPPlayer_getStretchToFitNative@16, _Java_WMPNS_IWMPPlayer_getURLNative@16, _Java_WMPNS_IWMPPlayer_getUiModeNative@16, _Java_WMPNS_IWMPPlayer_getVersionInfoNative@16, _Java_WMPNS_IWMPPlayer_getWindowlessVideoNative@16, _Java_WMPNS_IWMPPlayer_launchURLNative@20, _Java_WMPNS_IWMPPlayer_newMediaNative@20, _Java_WMPNS_IWMPPlayer_newPlaylistNative@24, _Java_WMPNS_IWMPPlayer_openPlayerNative@20, _Java_WMPNS_IWMPPlayer_setCurrentMediaNative@20, _Java_WMPNS_IWMPPlayer_setCurrentPlaylistNative@20, _Java_WMPNS_IWMPPlayer_setEnableContextMenuNative@20, _Java_WMPNS_IWMPPlayer_setEnabledNative@20, _Java_WMPNS_IWMPPlayer_setFullScreenNative@20, _Java_WMPNS_IWMPPlayer_setStretchToFitNative@20, _Java_WMPNS_IWMPPlayer_setURLNative@20, _Java_WMPNS_IWMPPlayer_setUiModeNative@20, _Java_WMPNS_IWMPPlayer_setWindowlessVideoNative@20, _Java_WMPNS_IWMPPlaylistArray_equalsNative@20, _Java_WMPNS_IWMPPlaylistArray_getCountNative@16, _Java_WMPNS_IWMPPlaylistArray_itemNative@24, _Java_WMPNS_IWMPPlaylistCollection_equalsNative@20, _Java_WMPNS_IWMPPlaylistCollection_getAllNative@16, _Java_WMPNS_IWMPPlaylistCollection_getByNameNative@20, _Java_WMPNS_IWMPPlaylistCollection_importPlaylistNative@20, _Java_WMPNS_IWMPPlaylistCollection_isDeletedNative@20, _Java_WMPNS_IWMPPlaylistCollection_newPlaylistNative@20, _Java_WMPNS_IWMPPlaylistCollection_removeNative@20, _Java_WMPNS_IWMPPlaylistCollection_setDeletedNative@24, _Java_WMPNS_IWMPPlaylist_appendItemNative@20, _Java_WMPNS_IWMPPlaylist_clearNative@16, _Java_WMPNS_IWMPPlaylist_equalsNative@20, _Java_WMPNS_IWMPPlaylist_getAttributeCountNative@16, _Java_WMPNS_IWMPPlaylist_getAttributeNameNative@24, _Java_WMPNS_IWMPPlaylist_getCountNative@16, _Java_WMPNS_IWMPPlaylist_getItemInfoNative@20, _Java_WMPNS_IWMPPlaylist_getNameNative@16, _Java_WMPNS_IWMPPlaylist_insertItemNative@28, _Java_WMPNS_IWMPPlaylist_isIdenticalNative@20, _Java_WMPNS_IWMPPlaylist_itemNative@24, _Java_WMPNS_IWMPPlaylist_moveItemNative@32, _Java_WMPNS_IWMPPlaylist_removeItemNative@20, _Java_WMPNS_IWMPPlaylist_setItemInfoNative@24, _Java_WMPNS_IWMPPlaylist_setNameNative@20, _Java_WMPNS_IWMPSettings_equalsNative@20, _Java_WMPNS_IWMPSettings_getAutoStartNative@16, _Java_WMPNS_IWMPSettings_getBalanceNative@16, _Java_WMPNS_IWMPSettings_getBaseURLNative@16, _Java_WMPNS_IWMPSettings_getDefaultAudioLanguageNative@16, _Java_WMPNS_IWMPSettings_getDefaultFrameNative@16, _Java_WMPNS_IWMPSettings_getEnableErrorDialogsNative@16, _Java_WMPNS_IWMPSettings_getInvokeURLsNative@16, _Java_WMPNS_IWMPSettings_getMediaAccessRightsNative@16, _Java_WMPNS_IWMPSettings_getModeNative@20, _Java_WMPNS_IWMPSettings_getMuteNative@16, _Java_WMPNS_IWMPSettings_getPlayCountNative@16, _Java_WMPNS_IWMPSettings_getRateNative@16, _Java_WMPNS_IWMPSettings_getVolumeNative@16, _Java_WMPNS_IWMPSettings_isAvailableNative@20, _Java_WMPNS_IWMPSettings_requestMediaAccessRightsNative@20, _Java_WMPNS_IWMPSettings_setAutoStartNative@20, _Java_WMPNS_IWMPSettings_setBalanceNative@24, _Java_WMPNS_IWMPSettings_setBaseURLNative@20, _Java_WMPNS_IWMPSettings_setDefaultFrameNative@20, _Java_WMPNS_IWMPSettings_setEnableErrorDialogsNative@20, _Java_WMPNS_IWMPSettings_setInvokeURLsNative@20, _Java_WMPNS_IWMPSettings_setModeNative@24, _Java_WMPNS_IWMPSettings_setMuteNative@20, _Java_WMPNS_IWMPSettings_setPlayCountNative@24, _Java_WMPNS_IWMPSettings_setRateNative@24, _Java_WMPNS_IWMPSettings_setVolumeNative@24, _Java_WMPNS_IWMPStringCollection_equalsNative@20, _Java_WMPNS_IWMPStringCollection_getCountNative@16, _Java_WMPNS_IWMPStringCollection_itemNative@24, _Java_WMPNS_WMP_debug@12, _Java_WMPNS_WMP_getAppletHWND@8, _Java_WMPNS_WMP_getPlayer@12, _Java_WMPNS_WMP_getTargetHWND@12, _Java_WMPNS_WMP_killThread@12, _Java_WMPNS_WMP_spawnThread@16

Looking good,

Programs like GameGuard are going to get you into trouble

La_View Mouse <-- What can you tell me about this ??


Everything else looks fine, how is your system running now ??

Looking good,

Programs like GameGuard are going to get you into trouble

La_View Mouse <-- What can you tell me about this ??


Everything else looks fine, how is your system running now ??

Everything seems to be good. I can update windows and other programs now. La_View Mouse is the program to adjust/run my gaming mouse. Yea Gameguard is needed for the many free online games that I play >.<

THANK YOU VERY MUCH KEN.:bow::D:

Your very welcome :bigthumb:


Malwarebytes <-- Yours to keep also, check for updates and run a scan now and then.

Combofix Is not a general cleaning tool, just run it with supervision or you can bork your system


Click START then RUN
Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there.


http://i189.photobucket.com/albums/z176/EPL47/CF_Cleanup.png


When shown the disclaimer, Select "2"

The above procedure will:

Delete the following:
ComboFix and its associated files and folders.
VundoFix backups, if present
The C:\Deckard folder, if present
The C:_OtMoveIt folder, if present
Reset the clock settings.
Hide file extensions, if required.
Hide System/Hidden files, if required.
Reset System Restore.


Malware Complaints (http://malwarecomplaints.info/index.php)
Are you mad ? I mean really mad, seething mad, so mad your ready to spit, mad that you have taken your hard earned dollars to buy a computer only to have some Miscredents, Dirt Bags and Cyber Criminals install a malicious program on your computer without your knowledge or consent. You can post your complaint at the above site. If you live in the U.S.A. you can also report your grievance to your State Attorney Generals Office and the Federal Trade Commission's Bureau of Consumer Protection.


How did I get infected in the first place ? Read these links and find out how to prevent getting infected again.
Tutorial for System Restore (http://www.bleepingcomputer.com/tutorials/tutorial56.html) <-- Do this first to prevent yourself from being reinfected.
WhattheTech (http://forums.whatthetech.com/So_how_did_I_get_infected_in_the_first_place_t57817.html)
TonyKlein CastleCops (http://www.castlecops.com/postlite7736-.html)
Grinler BleepingComputer (http://www.bleepingcomputer.com/forums/topic2520.html)
GeeksTo Go (http://www.geekstogo.com/forum/index.php?autocom=custom&page=How_did_I)
Dslreports (http://www.dslreports.com/faq/10002)



Keep in mind if you install some of these programs. Only ONE Anti Virus and only ONE Firewall is recommended, more is overkill and can cause you problems. You can install all the Spyware programs I have listed without any problems. If you install Spyware Blaster, you can still install Spybot Search and Destroy but do not enable the TeaTimer in Spybot.

Here are some free programs to install, all free and highly regarded by the fine people in the Malware Removal Community

Spybot Search and Destroy 1.5 (http://www.safer-networking.org/en/download/)
Check for Updates/ Immunize and run a Full System Scan on a regular basis. If you install Spyware Blaster ( Recommended ) then do not enable the TeaTimer in Spybot Search and Destroy.

Spyware Blaster (http://www.javacoolsoftware.com/spywareblaster.html) It will prevent most spyware from ever being installed. No scan to run, just update about once a week and enable all protection.

Spyware Guard (http://www.javacoolsoftware.com/spywareguard.html) It offers realtime protection from spyware installation attempts, again, no scan to run, just install it and let it do its thing.

IE-Spyad (http://www.pcworld.com/downloads/file/fid,23332-order,1-page,1-c,antispywaretools/description.html)
IE-Spyad places over 6000 web sites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (cookies etc) from the sites listed, although you will still be able to connect to the sites.

Firefox 3 (http://www.mozilla.org/products/firefox/) It has more features and is a lot more secure than IE. It is a very easy and painless download and install, it will no way interfere with IE, you can use them both.


Glad we could help

Safe Surfn
Ken