• Welcome Guest, to the Spybot Forums! It's 2025, and we just upgraded our forum software.

    Today is Safer Internet Day, and with our new forum, you can finally use passkeys to login. That was about time!

    Of course, you could ask if a forum is still useful, with so many social media networks out there where you might already have an account, and met a lot of users. You can now use your login from some of those networks to log in here. And by posting here, your question and data is stored on our servers and not automatically shared with a whole social media network.

    We'll also start using the forum for small bits of information, announcements and more again.

cmdService Help

M

Marvelous007

New member
Hey,

I was just experiencing some slowdowns on my computer and decided to run Spybot check. It came up with several issues that were easily fixed. But cmdService could not be removed even after the program requested to run after a restart. Here is my HJT File. Thanks.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:18:30 PM, on 11/17/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\dXNlcg\command.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\PnkBstrA.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\DrvMon.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Documents and Settings\user\Application Data\gadcom\gadcom.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\Program Files\Codebox\BitMeter\BitMeter2.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\ncnttsdl.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\regsvr32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [CmUsbSound] RunDll32 cmcnfgu.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [BIND SUPPORT SEEK FIRST] C:\Documents and Settings\All Users\Application Data\dumb pure bind support\link manager.exe
O4 - HKLM\..\Run: [media poll bib first] C:\Documents and Settings\All Users\Application Data\up creative first dumb\Date Grim Team.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [kqavmauuntaw] C:\WINDOWS\System32\regsvr32.exe /s "C:\WINDOWS\system32\dysmsnjuqslhnpv.dll"
O4 - HKLM\..\Run: [{5F-F5-5F-F3-DW}] c:\windows\system32\dwwnw64r.exe DWmmm01FF
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DrvMon.exe] C:\WINDOWS\System32\DrvMon.exe
O4 - HKCU\..\Run: [Intra Bike] C:\DOCUME~1\user\APPLIC~1\slowlist\Mix Bash Coal.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [gadcom] "C:\Documents and Settings\user\Application Data\gadcom\gadcom.exe" 61A847B5BBF72813329B385772FF01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
O4 - Startup: Deewoo.lnk = C:\WINDOWS\system32\ncnttsdl.exe
O4 - Startup: DW_Start.lnk = C:\WINDOWS\system32\dwwnw64r.exe
O4 - Global Startup: Bitmeter2.lnk = C:\Program Files\Codebox\BitMeter\BitMeter2.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/us/kavwebscan_unicode.cab
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file://C:\Program Files\Monopoly\Images\stg_drm.ocx
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1218296795078
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file://C:\Program Files\Monopoly\Images\armhelper.ocx
O20 - AppInit_DLLs: pcaqvx.dll dwhjsy.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\dXNlcg\command.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\System32\PnkBstrA.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe

--
End of file - 8927 bytes
 
Hi Marvelous007

Looking over your log, it seems you don't have any evidence of an anti-virus software.

Anti-virus software are programs that detect, cleanse, and erase harmful virus files on a computer, Web server, or network. Unchecked, virus files can unintentionally be forwarded to others, including trading partners and thereby spreading infection. Because new viruses regularly emerge, anti-virus software should be updated frequently. Anti-virus software can scan the computer memory and disk drives for malicious code. They can alert the user if a virus is present, and will clean, delete (or quarantine) infected files or directories. Please download a free anti-virus software from one these excellent vendors NOW:

1) Antivir PersonalEdition Classic - Free anti-virus software for Windows. Free support.
2) avast! 4 Home Edition - Anti-virus program for Windows. The home edition is freeware for noncommercial users.
3) AVG Anti-Virus Free Edition - Free edition of the AVG anti-virus program for Windows.

You should run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and results in program conflicts and false virus alerts.

After that, rename HijackThis.exe to Marvelous007.exe and post back a fresh HijackThis log, please :)
 
Hey!

Well I downloaded AntiVir and installed it. It was giving me a pop up every so often saying I had TR/Vundo.fyd.21. So I ran Spybot and a Kaspersky in safe mode and thought I managed to reduce some problems. After restarting in regular mode I ran Spybot and it keeps detecting Virtumonde, even after I fix it with Spybot. I only ran the steps above because my computer became so unstable I could not even open Firefox.

Here is my HijackThis file after renaming to Marvelous007.exe. Thanks.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:19:58 PM, on 11/19/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\PnkBstrA.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\DrvMon.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Codebox\BitMeter\BitMeter2.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [CmUsbSound] RunDll32 cmcnfgu.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [BIND SUPPORT SEEK FIRST] C:\Documents and Settings\All Users\Application Data\dumb pure bind support\link manager.exe
O4 - HKLM\..\Run: [media poll bib first] C:\Documents and Settings\All Users\Application Data\up creative first dumb\Date Grim Team.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [kqavmauuntaw] C:\WINDOWS\System32\regsvr32.exe /s "C:\WINDOWS\system32\dysmsnjuqslhnpv.dll"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DrvMon.exe] C:\WINDOWS\System32\DrvMon.exe
O4 - HKCU\..\Run: [Intra Bike] C:\DOCUME~1\user\APPLIC~1\slowlist\Mix Bash Coal.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [gadcom] "C:\Documents and Settings\user\Application Data\gadcom\gadcom.exe" 61A847B5BBF72813329B385772FF01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
O4 - Global Startup: Bitmeter2.lnk = C:\Program Files\Codebox\BitMeter\BitMeter2.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/us/kavwebscan_unicode.cab
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file://C:\Program Files\Monopoly\Images\stg_drm.ocx
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1218296795078
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file://C:\Program Files\Monopoly\Images\armhelper.ocx
O20 - AppInit_DLLs: pcaqvx.dll dwhjsy.dll
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\System32\PnkBstrA.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe

--
End of file - 8582 bytes
 
Hey I just read your post again and I realized I only renamed the shortcut to HijackThis.exe. So i went into the program file and renamed it to Marvelous007.exe and created a log. Here it is:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:29:41 PM, on 11/19/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\PnkBstrA.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\DrvMon.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Codebox\BitMeter\BitMeter2.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\Marvelous007.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {10BAFF9B-E6DB-4B9D-9D4E-EA8F3CB1ADED} - C:\WINDOWS\system32\mlJDvusR.dll
O2 - BHO: netupbanner browser enhancer - {3E093889-A8E8-B9DF-A1CF-E9AEDB4A0FE7} - C:\WINDOWS\system32\dysmsnjuqslhnpv.dll (file missing)
O2 - BHO: agadoo browser optimizer - {41e28ddb-ab53-f0fa-ae43-1675f6b802a8} - C:\WINDOWS\system32\ynhduzpdar.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {63D19E9D-E380-4910-A13D-AF21E149624D} - (no file)
O2 - BHO: (no name) - {73259091-9574-4ED8-A40F-7F65AFC28634} - C:\WINDOWS\system32\mlJDvSLE.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: mysidesearch search enhancer - {89786c04-cf6f-dc6a-178c-fa881cb0675c} - C:\WINDOWS\system32\cgybkeyqhsxqe.dll (file missing)
O2 - BHO: {2831a1f0-024d-324a-9354-5afab5b58be8} - {8eb85b5b-afa5-4539-a423-d4200f1a1382} - C:\WINDOWS\system32\dwhjsy.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [CmUsbSound] RunDll32 cmcnfgu.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [BIND SUPPORT SEEK FIRST] C:\Documents and Settings\All Users\Application Data\dumb pure bind support\link manager.exe
O4 - HKLM\..\Run: [media poll bib first] C:\Documents and Settings\All Users\Application Data\up creative first dumb\Date Grim Team.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [kqavmauuntaw] C:\WINDOWS\System32\regsvr32.exe /s "C:\WINDOWS\system32\dysmsnjuqslhnpv.dll"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DrvMon.exe] C:\WINDOWS\System32\DrvMon.exe
O4 - HKCU\..\Run: [Intra Bike] C:\DOCUME~1\user\APPLIC~1\slowlist\Mix Bash Coal.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [gadcom] "C:\Documents and Settings\user\Application Data\gadcom\gadcom.exe" 61A847B5BBF72813329B385772FF01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
O4 - Global Startup: Bitmeter2.lnk = C:\Program Files\Codebox\BitMeter\BitMeter2.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/us/kavwebscan_unicode.cab
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file://C:\Program Files\Monopoly\Images\stg_drm.ocx
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1218296795078
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file://C:\Program Files\Monopoly\Images\armhelper.ocx
O20 - AppInit_DLLs: pcaqvx.dll dwhjsy.dll
O20 - Winlogon Notify: mlJDvSLE - mlJDvSLE.dll (file missing)
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\System32\PnkBstrA.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe

--
End of file - 10035 bytes
 
There are multiple infections present. Let's start with this:

Download ComboFix from one of these locations:

Link 1
Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


RcAuto1.gif


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

whatnext.png



Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply along with a fresh HijackThis log.
 
Hey, I downloaded ComboFix, disabled my AntiVirus and my AntiSpyware and ran the file. It downloaded Windows Recovery Console and scanned my computer, restarted and created a log file. Here it is:

ComboFix 08-11-19.08 - user 2008-11-20 11:44:32.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.561 [GMT -5:00]
Running from: c:\documents and settings\user\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\user\Application Data\gadcom
c:\documents and settings\user\Application Data\inst.exe
c:\documents and settings\user\Desktop\Videos.url
c:\documents and settings\user\Local Settings\Temporary Internet Files\fbk.sts
c:\documents and settings\user\Local Settings\Temporary Internet Files\sph264.dll
c:\documents and settings\user\Local Settings\Temporary Internet Files\spmpeg4.dll
c:\documents and settings\user\Local Settings\Temporary Internet Files\sptheo.dll
c:\documents and settings\user\Local Settings\Temporary Internet Files\StreamPlug.dll
C:\Documents
c:\windows\system32\bjfmiphv.ini
c:\windows\system32\ckijgvrs.ini
c:\windows\system32\iodlyi.dll
c:\windows\system32\m1
c:\windows\system32\mlJDvusR.dll
c:\windows\system32\MSINET.oca
c:\windows\system32\rloobrft.ini
c:\windows\system32\RsuvDJlm.ini
c:\windows\system32\RsuvDJlm.ini2
c:\windows\system32\tfrboolr.dll
c:\windows\system32\tqljfhtc.dll
c:\windows\system32\winpfz33.sys

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_CMDSERVICE
-------\Legacy_NETWORK_MONITOR


((((((((((((((((((((((((( Files Created from 2008-10-20 to 2008-11-20 )))))))))))))))))))))))))))))))
.

2008-11-19 09:26 . 2008-11-19 09:26 <DIR> d-------- C:\VundoFix Backups
2008-11-19 09:18 . 2008-11-19 11:04 488 --a------ c:\windows\wininit.ini
2008-11-18 18:57 . 2008-11-18 18:58 <DIR> d-------- c:\documents and settings\Administrator
2008-11-18 13:38 . 2008-11-18 13:38 <DIR> d-------- c:\program files\Avira
2008-11-18 13:38 . 2008-11-18 13:38 <DIR> d-------- c:\documents and settings\All Users\Application Data\Avira
2008-11-17 14:23 . 2008-11-17 14:23 <DIR> d-------- c:\program files\TeaTimer (Spybot - Search & Destroy)
2008-11-17 14:23 . 2008-11-17 14:23 <DIR> d-------- c:\program files\SDHelper (Spybot - Search & Destroy)
2008-11-17 14:23 . 2008-11-17 14:23 <DIR> d-------- c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2008-11-17 14:23 . 2008-11-17 14:23 <DIR> d-------- c:\program files\File Scanner Library (Spybot - Search & Destroy)
2008-11-17 14:07 . 2008-11-17 17:01 64,859 --a------ c:\windows\system32\fayqhusytjjvhqzbr.exe
2008-11-17 12:40 . 2008-11-17 12:40 <DIR> d-------- c:\program files\Trend Micro
2008-11-17 00:10 . 2008-11-17 00:10 90,915 --a------ c:\windows\system32\cgybkeyqhsxqe.dll-uninst.exe
2008-11-17 00:09 . 2008-11-18 17:48 <DIR> d-------- c:\windows\system32\sys3
2008-11-17 00:09 . 2008-11-18 17:48 <DIR> d-------- c:\windows\system32\sX3i19
2008-11-17 00:09 . 2008-11-18 17:48 <DIR> d-------- c:\windows\system32\ES
2008-11-17 00:09 . 2008-11-17 00:09 <DIR> d-------- c:\windows\system32\emi
2008-11-17 00:09 . 2008-11-17 00:09 <DIR> d-------- c:\temp\PRE45
2008-11-17 00:09 . 2008-11-17 15:01 <DIR> d-------- C:\Temp
2008-11-17 00:09 . 2008-11-17 00:09 79,094 --a------ c:\windows\system32\dxxntgbdovynrgzcx.exe
2008-10-27 13:08 . 2008-10-27 13:08 <DIR> d-------- c:\program files\Codebox
2008-10-27 13:08 . 2008-10-27 13:10 <DIR> d-------- c:\documents and settings\user\Application Data\Bitmeter2
2008-10-27 13:08 . 2008-11-20 11:55 <DIR> d-------- c:\documents and settings\All Users\Application Data\Bitmeter2
2008-10-21 00:11 . 2008-10-21 00:11 <DIR> d-------- c:\program files\CDisplay

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-20 16:35 --------- d-----w c:\program files\mIRC
2008-11-20 01:59 --------- d-----w c:\documents and settings\user\Application Data\Hamachi
2008-11-20 01:59 --------- d-----w c:\documents and settings\user\Application Data\dvdcss
2008-11-20 00:49 --------- d-----w c:\program files\Warcraft III
2008-11-18 20:04 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-11-17 21:51 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-17 19:03 --------- d-s---w c:\program files\Xfire
2008-11-17 19:03 --------- d-----w c:\program files\HollywoodPoker
2008-11-17 19:03 --------- d-----w c:\documents and settings\user\Application Data\Xfire
2008-11-17 18:59 --------- d-----w c:\program files\Java
2008-11-04 21:58 --------- d-----w c:\program files\PokerStars
2008-11-04 21:41 --------- d-----w c:\documents and settings\user\Application Data\uTorrent
2008-10-22 07:56 --------- d-----w c:\program files\DivX
2008-10-04 15:40 --------- d-----w c:\program files\iTunes
2008-10-04 15:40 --------- d-----w c:\program files\iPod
2008-10-04 15:40 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-01 17:01 32,000 ----a-w c:\windows\system32\drivers\usbaapl.sys
2008-09-27 23:14 --------- d-----w c:\documents and settings\user\Application Data\U3
2008-09-24 15:49 --------- d-----w c:\documents and settings\user\Application Data\ByteOMeter
2008-08-29 14:18 87,336 ----a-w c:\windows\system32\dns-sd.exe
2008-08-29 13:53 61,440 ----a-w c:\windows\system32\dnssd.dll
2007-08-16 14:54 47,360 ----a-w c:\documents and settings\user\Application Data\pcouffin.sys
2007-04-08 23:34 18,224 ----a-w c:\documents and settings\user\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"DrvMon.exe"="c:\windows\System32\DrvMon.exe" [2004-11-29 53248]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2007-11-17 171464]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-02-03 185896]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"NeroCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"diagent"="c:\program files\Creative\SBLive\Diagnostics\diagent.exe" [2002-04-03 135264]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2008-03-06 236016]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"nwiz"="nwiz.exe" [2006-10-22 c:\windows\system32\nwiz.exe]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bitmeter2.lnk - c:\program files\Codebox\BitMeter\BitMeter2.exe [2008-10-11 1462272]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoViewOnDrive"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=pcaqvx.dll dwhjsy.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.iv31"= c:\windows\System32\ir32_32.dll
"vidc.iv32"= c:\windows\System32\ir32_32.dll
"msacm.ctmp3"= c:\windows\System32\ctmp3.acm
"VIDC.XFR1"= xfcodec.dll
"vidc.ir41"= c:\windows\System32\ir41_32.ax

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-08-04 02:56 1667584 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=
"c:\\Program Files\\FlashFXP\\FlashFXP.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Documents and Settings\\user\\Desktop\\utorrent.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

S3 cmudau32;C-Media USB UDA Sound Interface;c:\windows\system32\drivers\cmudaxu.sys [2007-11-09 1414528]
S3 mamotou;mamotou;c:\windows\system32\DRIVERS\mamotou.sys [2007-02-17 49399]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2005-08-02 32512]
S3 xbreader;ActionReplay XBox Driver (xbreader.sys);c:\windows\system32\Drivers\xbreader.sys [2007-08-30 19677]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\Shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b4eedc15-8036-11dd-8233-0007e98f97d6}]
\Shell\AutoRun\command - G:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder

2008-11-20 c:\windows\Tasks\ADD2B54A918D2892.job
- c:\docume~1\user\applic~1\slowlist\64 sect hide.exe []

2008-11-15 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
- - - - ORPHANS REMOVED - - - -

BHO-{10BAFF9B-E6DB-4B9D-9D4E-EA8F3CB1ADED} - c:\windows\system32\mlJDvusR.dll
BHO-{3E093889-A8E8-B9DF-A1CF-E9AEDB4A0FE7} - c:\windows\system32\dysmsnjuqslhnpv.dll
BHO-{41e28ddb-ab53-f0fa-ae43-1675f6b802a8} - c:\windows\system32\ynhduzpdar.dll
BHO-{63D19E9D-E380-4910-A13D-AF21E149624D} - (no file)
BHO-{73259091-9574-4ED8-A40F-7F65AFC28634} - (no file)
BHO-{89786c04-cf6f-dc6a-178c-fa881cb0675c} - c:\windows\system32\cgybkeyqhsxqe.dll
BHO-{8eb85b5b-afa5-4539-a423-d4200f1a1382} - c:\windows\system32\dwhjsy.dll
HKCU-Run-Intra Bike - c:\docume~1\user\APPLIC~1\slowlist\Mix Bash Coal.exe
HKCU-Run-Veoh - c:\program files\Veoh Networks\Veoh\VeohClient.exe
HKLM-Run-BIND SUPPORT SEEK FIRST - c:\documents and settings\All Users\Application Data\dumb pure bind support\link manager.exe
HKLM-Run-media poll bib first - c:\documents and settings\All Users\Application Data\up creative first dumb\Date Grim Team.exe
HKLM-Run-kqavmauuntaw - c:\windows\system32\dysmsnjuqslhnpv.dll
HKLM-Run-CmUsbSound - cmcnfgu.cpl
Notify-mlJDvSLE - mlJDvSLE.dll
MSConfigStartUp-InternetCalls - c:\program files\InternetCalls.com\InternetCalls\InternetCalls.exe


.
------- Supplementary Scan -------
.
FireFox -: Profile - c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\l2x2yqkk.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.ca/ig?hl=en
FF -: plugin - c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
FF -: plugin - c:\program files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - c:\program files\Microsoft Silverlight\2.0.30523.8\npctrl.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\NPStreamPlug.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-20 11:52:34
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\CTsvcCDA.EXE
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\wdfmgr.exe
c:\program files\RealVNC\VNC4\winvnc4.exe
c:\windows\system32\MsPMSPSv.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-11-20 12:04:00 - machine was rebooted
ComboFix-quarantined-files.txt 2008-11-20 17:03:56

Pre-Run: 3,095,019,520 bytes free
Post-Run: 3,040,419,840 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

224 --- E O F --- 2007-08-02 23:56:03


I then ran HijackThis (renamed to Marvelous007.exe). Here is the log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:06:18 PM, on 11/20/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\PnkBstrA.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\DrvMon.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\Program Files\Codebox\BitMeter\BitMeter2.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\Marvelous007.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DrvMon.exe] C:\WINDOWS\System32\DrvMon.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Bitmeter2.lnk = C:\Program Files\Codebox\BitMeter\BitMeter2.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/us/kavwebscan_unicode.cab
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file://C:\Program Files\Monopoly\Images\stg_drm.ocx
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1218296795078
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file://C:\Program Files\Monopoly\Images\armhelper.ocx
O20 - AppInit_DLLs: pcaqvx.dll dwhjsy.dll
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\System32\PnkBstrA.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe

--
End of file - 8842 bytes


Thanks.
 
We will continue with this:

Disable resident protections (Antivirus...); you'll re-enable them after the scan

DownloadLop S&D here

Double-click Lop S&D.exe
Choose the language, then choose Option 1 (Search)
Wait till the end of the scan
Post the log which is created: (C:\lopR.txt)
 
I disabled AntiVirus and AntiSpyware and ran the search. Here is the log:


--------------------\\ Lop S&D 4.2.4-9c XP/Vista

Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 2
X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) 4 CPU 2.60GHz )
BIOS : Default System BIOS
USER : user ( Administrator )
BOOT : Normal boot
Antivirus : Avira AntiVir PersonalEdition 8.0.1.30 (Not Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:38 Go (Free:0 Go)
D:\ (CD or DVD) - UDF - Total:6 Go (Free:0 Go)
F:\ (CD or DVD)

"C:\Lop SD" ( MAJ : 01-11-2008|16:30 )
Option : [1] ( Thu 11/20/2008|22:15 )

--------------------\\ Listing folders in APPLIC~1

[11/18/2008|08:25] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Adobe
[11/18/2008|08:25] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Macromedia
[11/18/2008|08:26] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Microsoft
[11/18/2008|07:56] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Mozilla
[11/18/2008|08:26] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Sun

[10/04/2008|10:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> {3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[08/16/2007|09:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> 1Click DVD Copy
[08/09/2008|11:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Adobe
[03/29/2008|03:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Apple
[08/09/2008|11:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Apple Computer
[11/18/2008|01:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Avira
[11/20/2008|10:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Bitmeter2
[05/07/2008|12:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> CanonBJ
[01/10/2007|02:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Creative
[08/10/2008|10:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> InstallShield
[04/07/2008|10:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Kaspersky Lab
[03/13/2007|08:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Microsoft
[06/26/2008|11:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> NexonUS
[02/12/2007|10:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> NVIDIA
[02/22/2007|10:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> nView_Profiles
[08/11/2008|03:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Roxio
[08/10/2008|10:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Sonic
[11/17/2008|04:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Spybot - Search & Destroy
[10/28/2007|10:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> TEMP
[08/24/2007|12:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Trymedia
[08/09/2008|10:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Windows Genuine Advantage

[01/10/2007|12:00] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Microsoft

[11/17/2008|08:47] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Macromedia
[01/10/2007|12:00] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Microsoft
[11/17/2008|02:03] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Mozilla
[08/10/2008|10:07] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Roxio

[01/10/2007|12:00] C:\DOCUME~1\NETWOR~1\APPLIC~1\<DIR> Microsoft

[04/02/2008|12:09] C:\DOCUME~1\user\APPLIC~1\<DIR> Activision
[12/06/2007|09:01] C:\DOCUME~1\user\APPLIC~1\<DIR> Adobe
[01/21/2007|02:00] C:\DOCUME~1\user\APPLIC~1\<DIR> Apple Computer
[03/22/2007|08:17] C:\DOCUME~1\user\APPLIC~1\<DIR> Azureus
[10/27/2008|01:10] C:\DOCUME~1\user\APPLIC~1\<DIR> Bitmeter2
[09/24/2008|10:49] C:\DOCUME~1\user\APPLIC~1\<DIR> ByteOMeter
[03/01/2007|02:23] C:\DOCUME~1\user\APPLIC~1\<DIR> CyberLink
[11/20/2008|01:49] C:\DOCUME~1\user\APPLIC~1\<DIR> dvdcss
[08/31/2007|09:42] C:\DOCUME~1\user\APPLIC~1\<DIR> FlashFXP
[05/06/2007|09:08] C:\DOCUME~1\user\APPLIC~1\<DIR> gtk-2.0
[11/20/2008|07:21] C:\DOCUME~1\user\APPLIC~1\<DIR> Hamachi
[08/15/2007|09:27] C:\DOCUME~1\user\APPLIC~1\<DIR> Help
[01/10/2007|12:09] C:\DOCUME~1\user\APPLIC~1\<DIR> Identities
[09/04/2007|10:38] C:\DOCUME~1\user\APPLIC~1\<DIR> ImgBurn
[04/05/2007|09:48] C:\DOCUME~1\user\APPLIC~1\<DIR> InternetCalls
[02/13/2007|03:45] C:\DOCUME~1\user\APPLIC~1\<DIR> Leadertech
[05/11/2008|08:11] C:\DOCUME~1\user\APPLIC~1\<DIR> LimeWire
[01/21/2007|01:44] C:\DOCUME~1\user\APPLIC~1\<DIR> Macromedia
[08/09/2008|11:30] C:\DOCUME~1\user\APPLIC~1\<DIR> Microsoft
[06/17/2008|05:32] C:\DOCUME~1\user\APPLIC~1\<DIR> Mozilla
[02/28/2007|10:28] C:\DOCUME~1\user\APPLIC~1\<DIR> Real
[08/10/2008|10:05] C:\DOCUME~1\user\APPLIC~1\<DIR> Research In Motion
[08/10/2008|10:07] C:\DOCUME~1\user\APPLIC~1\<DIR> Roxio
[08/02/2007|11:17] C:\DOCUME~1\user\APPLIC~1\<DIR> slowlist
[11/24/2007|01:57] C:\DOCUME~1\user\APPLIC~1\<DIR> Smartsims
[10/28/2007|10:13] C:\DOCUME~1\user\APPLIC~1\<DIR> SpinTop
[03/21/2007|06:46] C:\DOCUME~1\user\APPLIC~1\<DIR> Sun
[12/11/2007|12:25] C:\DOCUME~1\user\APPLIC~1\<DIR> SystemRequirementsLab
[06/08/2008|12:44] C:\DOCUME~1\user\APPLIC~1\<DIR> teamspeak2
[09/27/2008|06:14] C:\DOCUME~1\user\APPLIC~1\<DIR> U3
[11/04/2008|04:41] C:\DOCUME~1\user\APPLIC~1\<DIR> uTorrent
[07/27/2007|11:34] C:\DOCUME~1\user\APPLIC~1\<DIR> Ventrilo
[05/21/2007|12:08] C:\DOCUME~1\user\APPLIC~1\<DIR> vlc
[08/16/2007|09:54] C:\DOCUME~1\user\APPLIC~1\<DIR> Vso
[11/17/2008|02:03] C:\DOCUME~1\user\APPLIC~1\<DIR> Xfire

--------------------\\ Scheduled Tasks located in C:\WINDOWS\Tasks

[11/15/2008 11:35 AM][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[11/20/2008 10:00 PM][--ah-----] C:\WINDOWS\tasks\ADD2B54A918D2892.job
[11/20/2008 11:50 AM][--ah-----] C:\WINDOWS\tasks\SA.DAT
[09/03/2002 02:48 PM][-r-h-----] C:\WINDOWS\tasks\desktop.ini

( ADD2B54A918D2892.job )=( c:\docume~1\user\applic~1\slowlist\64secthide.exe )

--------------------\\ Listing Folders in C:\Program Files

[05/21/2007|12:11] C:\Program Files\<DIR> 3wPlayer
[08/09/2008|11:32] C:\Program Files\<DIR> Adobe
[08/16/2007|09:33] C:\Program Files\<DIR> Ahead
[07/11/2007|11:20] C:\Program Files\<DIR> Alcohol Soft
[09/11/2008|10:16] C:\Program Files\<DIR> Apple Software Update
[11/18/2008|01:38] C:\Program Files\<DIR> Avira
[09/11/2008|09:49] C:\Program Files\<DIR> Bonjour
[10/21/2008|12:11] C:\Program Files\<DIR> CDisplay
[07/30/2008|11:49] C:\Program Files\<DIR> Cedelia
[11/09/2007|12:06] C:\Program Files\<DIR> C-Media USB Sound
[10/27/2008|01:08] C:\Program Files\<DIR> Codebox
[11/20/2008|11:46] C:\Program Files\<DIR> Common Files
[01/10/2007|11:57] C:\Program Files\<DIR> ComPlus Applications
[01/10/2007|02:15] C:\Program Files\<DIR> Creative
[01/10/2007|02:18] C:\Program Files\<DIR> CyberLink
[11/21/2007|12:39] C:\Program Files\<DIR> DAEMON Tools
[08/30/2007|04:18] C:\Program Files\<DIR> Datel
[09/03/2008|10:45] C:\Program Files\<DIR> Debugging Tools for Windows (x86)
[04/02/2008|09:15] C:\Program Files\<DIR> Dell
[03/29/2008|03:38] C:\Program Files\<DIR> Deusty
[10/22/2008|02:56] C:\Program Files\<DIR> DivX
[03/25/2008|03:38] C:\Program Files\<DIR> EA GAMES
[12/13/2007|08:57] C:\Program Files\<DIR> EA SPORTS
[11/17/2008|02:23] C:\Program Files\<DIR> File Scanner Library (Spybot - Search & Destroy)
[08/31/2007|11:52] C:\Program Files\<DIR> FlashFXP
[05/06/2007|08:38] C:\Program Files\<DIR> GIMP-2.0
[11/20/2008|12:17] C:\Program Files\<DIR> Gravity
[01/28/2008|07:16] C:\Program Files\<DIR> Hamachi
[11/17/2008|02:03] C:\Program Files\<DIR> HollywoodPoker
[09/04/2007|10:35] C:\Program Files\<DIR> ImgBurn
[10/14/2007|01:01] C:\Program Files\<DIR> Infogrames
[11/20/2008|12:17] C:\Program Files\<DIR> InstallShield Installation Information
[01/10/2007|02:01] C:\Program Files\<DIR> Intel
[08/10/2008|02:48] C:\Program Files\<DIR> Internet Explorer
[10/04/2008|10:40] C:\Program Files\<DIR> iPod
[10/04/2008|10:40] C:\Program Files\<DIR> iTunes
[11/17/2008|01:59] C:\Program Files\<DIR> Java
[03/16/2007|08:31] C:\Program Files\<DIR> LimeWire
[03/11/2007|06:11] C:\Program Files\<DIR> Logitech
[08/10/2008|02:48] C:\Program Files\<DIR> Messenger
[01/22/2007|09:39] C:\Program Files\<DIR> Microsoft ActiveSync
[01/10/2007|12:00] C:\Program Files\<DIR> microsoft frontpage
[01/22/2007|09:38] C:\Program Files\<DIR> Microsoft Office
[09/01/2008|11:46] C:\Program Files\<DIR> Microsoft Silverlight
[11/20/2008|11:35] C:\Program Files\<DIR> mIRC
[11/17/2008|02:23] C:\Program Files\<DIR> Misc. Support Library (Spybot - Search & Destroy)
[08/11/2007|07:08] C:\Program Files\<DIR> Mobile Action
[08/10/2008|02:48] C:\Program Files\<DIR> Movie Maker
[11/20/2008|05:21] C:\Program Files\<DIR> Mozilla Firefox
[01/10/2007|11:56] C:\Program Files\<DIR> MSN
[01/10/2007|11:56] C:\Program Files\<DIR> MSN Gaming Zone
[08/09/2008|11:31] C:\Program Files\<DIR> MSN Messenger
[08/10/2008|02:48] C:\Program Files\<DIR> NetMeeting
[01/10/2007|11:59] C:\Program Files\<DIR> Online Services
[08/10/2008|02:48] C:\Program Files\<DIR> Outlook Express
[11/04/2008|04:58] C:\Program Files\<DIR> PokerStars
[09/16/2007|06:39] C:\Program Files\<DIR> Project64 1.6
[09/11/2008|09:48] C:\Program Files\<DIR> QuickTime
[02/03/2007|05:38] C:\Program Files\<DIR> Real
[11/04/2007|09:24] C:\Program Files\<DIR> RealVNC
[08/11/2008|03:27] C:\Program Files\<DIR> Research In Motion
[05/20/2008|07:46] C:\Program Files\<DIR> RocketDock
[08/11/2008|03:31] C:\Program Files\<DIR> Roxio
[09/11/2008|09:52] C:\Program Files\<DIR> Safari
[11/17/2008|02:23] C:\Program Files\<DIR> SDHelper (Spybot - Search & Destroy)
[10/04/2007|12:24] C:\Program Files\<DIR> SmartSims
[09/07/2008|04:15] C:\Program Files\<DIR> SopCast
[07/21/2008|02:41] C:\Program Files\<DIR> SpeedFan
[11/18/2008|03:04] C:\Program Files\<DIR> Spybot - Search & Destroy
[07/31/2008|01:27] C:\Program Files\<DIR> Steam
[01/21/2007|07:20] C:\Program Files\<DIR> Teamspeak2_RC2
[11/17/2008|02:23] C:\Program Files\<DIR> TeaTimer (Spybot - Search & Destroy)
[11/17/2008|12:40] C:\Program Files\<DIR> Trend Micro
[01/10/2007|12:09] C:\Program Files\<DIR> Uninstall Information
[03/06/2008|03:17] C:\Program Files\<DIR> Ventrilo
[05/21/2007|12:07] C:\Program Files\<DIR> VideoLAN
[11/20/2008|06:34] C:\Program Files\<DIR> Warcraft III
[05/06/2008|10:48] C:\Program Files\<DIR> WC3Banlist
[08/10/2008|02:48] C:\Program Files\<DIR> Windows Media Player
[08/10/2008|02:48] C:\Program Files\<DIR> Windows NT
[01/22/2007|07:21] C:\Program Files\<DIR> WindowsUpdate
[12/27/2007|12:53] C:\Program Files\<DIR> WinPcap
[08/15/2007|09:27] C:\Program Files\<DIR> WinRAR
[08/30/2007|07:05] C:\Program Files\<DIR> XBCD
[01/10/2007|12:00] C:\Program Files\<DIR> xerox
[11/17/2008|02:03] C:\Program Files\<DIR> Xfire

--------------------\\ Listing Folders in C:\Program Files\Common Files

[08/09/2008|11:33] C:\Program Files\Common Files\<DIR> Adobe
[08/16/2007|09:33] C:\Program Files\Common Files\<DIR> Ahead
[08/09/2008|11:35] C:\Program Files\Common Files\<DIR> Apple
[07/19/2008|04:59] C:\Program Files\Common Files\<DIR> Blizzard Entertainment
[01/22/2007|09:38] C:\Program Files\Common Files\<DIR> Designer
[05/06/2007|08:37] C:\Program Files\Common Files\<DIR> GTK
[05/30/2008|10:11] C:\Program Files\Common Files\<DIR> INCA Shared
[08/10/2008|09:57] C:\Program Files\Common Files\<DIR> InstallShield
[03/16/2007|08:26] C:\Program Files\Common Files\<DIR> Java
[04/21/2007|09:19] C:\Program Files\Common Files\<DIR> L&H
[07/01/2008|08:30] C:\Program Files\Common Files\<DIR> Microsoft Shared
[08/11/2007|07:05] C:\Program Files\Common Files\<DIR> Motorola Shared
[01/10/2007|11:58] C:\Program Files\Common Files\<DIR> MSSoap
[01/10/2007|06:36] C:\Program Files\Common Files\<DIR> ODBC
[02/03/2007|05:38] C:\Program Files\Common Files\<DIR> Real
[03/11/2007|06:12] C:\Program Files\Common Files\<DIR> Remote Control Software Shared
[08/11/2008|03:28] C:\Program Files\Common Files\<DIR> Research In Motion
[08/11/2008|03:32] C:\Program Files\Common Files\<DIR> Roxio Shared
[01/10/2007|11:58] C:\Program Files\Common Files\<DIR> Services
[08/11/2008|03:30] C:\Program Files\Common Files\<DIR> Sonic Shared
[01/10/2007|06:36] C:\Program Files\Common Files\<DIR> SpeechEngines
[08/10/2008|02:47] C:\Program Files\Common Files\<DIR> System
[03/06/2008|03:15] C:\Program Files\Common Files\<DIR> Wise Installation Wizard
[02/03/2007|05:38] C:\Program Files\Common Files\<DIR> xing shared

--------------------\\ Process

( 37 Processes )

... OK !

--------------------\\ Searching with S_Lop

No Lop folder found !

--------------------\\ Searching for Lop Files - Folders

C:\DOCUME~1\user\APPLIC~1\slowlist
C:\Program Files\3wPlayer
C:\DOCUME~1\user\Cookies\user@adopt.euroclick[1].txt
C:\DOCUME~1\user\Cookies\user@partypoker[2].txt
C:\WINDOWS\Tasks\ADD2B54A918D2892.job

--------------------\\ Searching within the Registry

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

..... OK !

--------------------\\ Checking the Hosts file

Hosts file CLEAN


--------------------\\ Searching for hidden files with Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-20 22:16:52
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 2

--------------------\\ Searching for other infections

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\user\Desktop\Warcraft_3_1.21a_no-cd_cracks_and_online_play.3714028.TPB.torrent
C:\DOCUME~1\user\Recent\Warcraft_3_1.21a_no-cd_cracks_and_online_play.3714028.TPB.torrent.lnk


[F:1][D:1]-> C:\DOCUME~1\user\LOCALS~1\Temp
[F:86][D:0]-> C:\DOCUME~1\user\Cookies
[F:97][D:4]-> C:\DOCUME~1\user\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - Thu 11/20/2008|22:18 - Option : [1]

--------------------\\ Scan completed at 22:18:29
 
Restart Lop S&D

This time choose Option 3 (Fix - Hosts)
Don't close the window during suppression!
Post the log which is created: (C:\lopR.txt)
 
Here is the log file:


--------------------\\ Lop S&D 4.2.4-9c XP/Vista

Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 2
X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) 4 CPU 2.60GHz )
BIOS : Default System BIOS
USER : user ( Administrator )
BOOT : Normal boot
Antivirus : Avira AntiVir PersonalEdition 8.0.1.30 (Not Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:38 Go (Free:0 Go)
D:\ (CD or DVD) - UDF - Total:6 Go (Free:0 Go)
F:\ (CD or DVD)

"C:\Lop SD" ( MAJ : 01-11-2008|16:30 )
Option : [3] ( Fri 11/21/2008|18:02 )


\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ FIX

Deleted! - C:\DOCUME~1\user\Cookies\user@adopt.euroclick[1].txt
Deleted! - C:\DOCUME~1\user\Cookies\user@partypoker[2].txt
Deleted! - C:\WINDOWS\Tasks\ADD2B54A918D2892.job
Deleted! - C:\DOCUME~1\user\APPLIC~1\slowlist
Deleted! - C:\Program Files\3wPlayer

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\


--------------------\\ Listing folders in APPLIC~1

[11/18/2008|08:25] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Adobe
[11/18/2008|08:25] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Macromedia
[11/18/2008|08:26] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Microsoft
[11/18/2008|07:56] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Mozilla
[11/18/2008|08:26] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Sun

[10/04/2008|10:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> {3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[08/16/2007|09:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> 1Click DVD Copy
[08/09/2008|11:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Adobe
[03/29/2008|03:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Apple
[08/09/2008|11:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Apple Computer
[11/18/2008|01:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Avira
[11/21/2008|06:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Bitmeter2
[05/07/2008|12:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> CanonBJ
[01/10/2007|02:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Creative
[08/10/2008|10:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> InstallShield
[04/07/2008|10:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Kaspersky Lab
[03/13/2007|08:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Microsoft
[06/26/2008|11:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> NexonUS
[02/12/2007|10:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> NVIDIA
[02/22/2007|10:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> nView_Profiles
[08/11/2008|03:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Roxio
[08/10/2008|10:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Sonic
[11/17/2008|04:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Spybot - Search & Destroy
[10/28/2007|10:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> TEMP
[08/24/2007|12:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Trymedia
[08/09/2008|10:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Windows Genuine Advantage

[01/10/2007|12:00] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Microsoft

[11/17/2008|08:47] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Macromedia
[01/10/2007|12:00] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Microsoft
[11/17/2008|02:03] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Mozilla
[08/10/2008|10:07] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Roxio

[01/10/2007|12:00] C:\DOCUME~1\NETWOR~1\APPLIC~1\<DIR> Microsoft

[04/02/2008|12:09] C:\DOCUME~1\user\APPLIC~1\<DIR> Activision
[12/06/2007|09:01] C:\DOCUME~1\user\APPLIC~1\<DIR> Adobe
[01/21/2007|02:00] C:\DOCUME~1\user\APPLIC~1\<DIR> Apple Computer
[03/22/2007|08:17] C:\DOCUME~1\user\APPLIC~1\<DIR> Azureus
[10/27/2008|01:10] C:\DOCUME~1\user\APPLIC~1\<DIR> Bitmeter2
[09/24/2008|10:49] C:\DOCUME~1\user\APPLIC~1\<DIR> ByteOMeter
[03/01/2007|02:23] C:\DOCUME~1\user\APPLIC~1\<DIR> CyberLink
[11/20/2008|01:49] C:\DOCUME~1\user\APPLIC~1\<DIR> dvdcss
[08/31/2007|09:42] C:\DOCUME~1\user\APPLIC~1\<DIR> FlashFXP
[05/06/2007|09:08] C:\DOCUME~1\user\APPLIC~1\<DIR> gtk-2.0
[11/21/2008|02:20] C:\DOCUME~1\user\APPLIC~1\<DIR> Hamachi
[08/15/2007|09:27] C:\DOCUME~1\user\APPLIC~1\<DIR> Help
[01/10/2007|12:09] C:\DOCUME~1\user\APPLIC~1\<DIR> Identities
[09/04/2007|10:38] C:\DOCUME~1\user\APPLIC~1\<DIR> ImgBurn
[04/05/2007|09:48] C:\DOCUME~1\user\APPLIC~1\<DIR> InternetCalls
[02/13/2007|03:45] C:\DOCUME~1\user\APPLIC~1\<DIR> Leadertech
[05/11/2008|08:11] C:\DOCUME~1\user\APPLIC~1\<DIR> LimeWire
[01/21/2007|01:44] C:\DOCUME~1\user\APPLIC~1\<DIR> Macromedia
[08/09/2008|11:30] C:\DOCUME~1\user\APPLIC~1\<DIR> Microsoft
[06/17/2008|05:32] C:\DOCUME~1\user\APPLIC~1\<DIR> Mozilla
[02/28/2007|10:28] C:\DOCUME~1\user\APPLIC~1\<DIR> Real
[08/10/2008|10:05] C:\DOCUME~1\user\APPLIC~1\<DIR> Research In Motion
[08/10/2008|10:07] C:\DOCUME~1\user\APPLIC~1\<DIR> Roxio
[11/24/2007|01:57] C:\DOCUME~1\user\APPLIC~1\<DIR> Smartsims
[10/28/2007|10:13] C:\DOCUME~1\user\APPLIC~1\<DIR> SpinTop
[03/21/2007|06:46] C:\DOCUME~1\user\APPLIC~1\<DIR> Sun
[12/11/2007|12:25] C:\DOCUME~1\user\APPLIC~1\<DIR> SystemRequirementsLab
[06/08/2008|12:44] C:\DOCUME~1\user\APPLIC~1\<DIR> teamspeak2
[09/27/2008|06:14] C:\DOCUME~1\user\APPLIC~1\<DIR> U3
[11/04/2008|04:41] C:\DOCUME~1\user\APPLIC~1\<DIR> uTorrent
[07/27/2007|11:34] C:\DOCUME~1\user\APPLIC~1\<DIR> Ventrilo
[05/21/2007|12:08] C:\DOCUME~1\user\APPLIC~1\<DIR> vlc
[08/16/2007|09:54] C:\DOCUME~1\user\APPLIC~1\<DIR> Vso
[11/17/2008|02:03] C:\DOCUME~1\user\APPLIC~1\<DIR> Xfire

--------------------\\ Scheduled Tasks located in C:\WINDOWS\Tasks

[11/15/2008 11:35 AM][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[11/20/2008 11:50 AM][--ah-----] C:\WINDOWS\tasks\SA.DAT
[09/03/2002 02:48 PM][-r-h-----] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Listing Folders in C:\Program Files

[08/09/2008|11:32] C:\Program Files\<DIR> Adobe
[08/16/2007|09:33] C:\Program Files\<DIR> Ahead
[07/11/2007|11:20] C:\Program Files\<DIR> Alcohol Soft
[09/11/2008|10:16] C:\Program Files\<DIR> Apple Software Update
[11/18/2008|01:38] C:\Program Files\<DIR> Avira
[09/11/2008|09:49] C:\Program Files\<DIR> Bonjour
[10/21/2008|12:11] C:\Program Files\<DIR> CDisplay
[07/30/2008|11:49] C:\Program Files\<DIR> Cedelia
[11/09/2007|12:06] C:\Program Files\<DIR> C-Media USB Sound
[10/27/2008|01:08] C:\Program Files\<DIR> Codebox
[11/20/2008|11:46] C:\Program Files\<DIR> Common Files
[01/10/2007|11:57] C:\Program Files\<DIR> ComPlus Applications
[01/10/2007|02:15] C:\Program Files\<DIR> Creative
[01/10/2007|02:18] C:\Program Files\<DIR> CyberLink
[11/21/2007|12:39] C:\Program Files\<DIR> DAEMON Tools
[08/30/2007|04:18] C:\Program Files\<DIR> Datel
[09/03/2008|10:45] C:\Program Files\<DIR> Debugging Tools for Windows (x86)
[04/02/2008|09:15] C:\Program Files\<DIR> Dell
[03/29/2008|03:38] C:\Program Files\<DIR> Deusty
[10/22/2008|02:56] C:\Program Files\<DIR> DivX
[03/25/2008|03:38] C:\Program Files\<DIR> EA GAMES
[12/13/2007|08:57] C:\Program Files\<DIR> EA SPORTS
[11/17/2008|02:23] C:\Program Files\<DIR> File Scanner Library (Spybot - Search & Destroy)
[08/31/2007|11:52] C:\Program Files\<DIR> FlashFXP
[05/06/2007|08:38] C:\Program Files\<DIR> GIMP-2.0
[11/20/2008|12:17] C:\Program Files\<DIR> Gravity
[01/28/2008|07:16] C:\Program Files\<DIR> Hamachi
[11/17/2008|02:03] C:\Program Files\<DIR> HollywoodPoker
[09/04/2007|10:35] C:\Program Files\<DIR> ImgBurn
[10/14/2007|01:01] C:\Program Files\<DIR> Infogrames
[11/20/2008|12:17] C:\Program Files\<DIR> InstallShield Installation Information
[01/10/2007|02:01] C:\Program Files\<DIR> Intel
[08/10/2008|02:48] C:\Program Files\<DIR> Internet Explorer
[10/04/2008|10:40] C:\Program Files\<DIR> iPod
[10/04/2008|10:40] C:\Program Files\<DIR> iTunes
[11/17/2008|01:59] C:\Program Files\<DIR> Java
[03/16/2007|08:31] C:\Program Files\<DIR> LimeWire
[03/11/2007|06:11] C:\Program Files\<DIR> Logitech
[08/10/2008|02:48] C:\Program Files\<DIR> Messenger
[01/22/2007|09:39] C:\Program Files\<DIR> Microsoft ActiveSync
[01/10/2007|12:00] C:\Program Files\<DIR> microsoft frontpage
[01/22/2007|09:38] C:\Program Files\<DIR> Microsoft Office
[09/01/2008|11:46] C:\Program Files\<DIR> Microsoft Silverlight
[11/20/2008|11:35] C:\Program Files\<DIR> mIRC
[11/17/2008|02:23] C:\Program Files\<DIR> Misc. Support Library (Spybot - Search & Destroy)
[08/11/2007|07:08] C:\Program Files\<DIR> Mobile Action
[08/10/2008|02:48] C:\Program Files\<DIR> Movie Maker
[11/21/2008|05:59] C:\Program Files\<DIR> Mozilla Firefox
[01/10/2007|11:56] C:\Program Files\<DIR> MSN
[01/10/2007|11:56] C:\Program Files\<DIR> MSN Gaming Zone
[08/09/2008|11:31] C:\Program Files\<DIR> MSN Messenger
[08/10/2008|02:48] C:\Program Files\<DIR> NetMeeting
[01/10/2007|11:59] C:\Program Files\<DIR> Online Services
[08/10/2008|02:48] C:\Program Files\<DIR> Outlook Express
[11/04/2008|04:58] C:\Program Files\<DIR> PokerStars
[09/16/2007|06:39] C:\Program Files\<DIR> Project64 1.6
[09/11/2008|09:48] C:\Program Files\<DIR> QuickTime
[02/03/2007|05:38] C:\Program Files\<DIR> Real
[11/04/2007|09:24] C:\Program Files\<DIR> RealVNC
[08/11/2008|03:27] C:\Program Files\<DIR> Research In Motion
[05/20/2008|07:46] C:\Program Files\<DIR> RocketDock
[08/11/2008|03:31] C:\Program Files\<DIR> Roxio
[09/11/2008|09:52] C:\Program Files\<DIR> Safari
[11/17/2008|02:23] C:\Program Files\<DIR> SDHelper (Spybot - Search & Destroy)
[10/04/2007|12:24] C:\Program Files\<DIR> SmartSims
[09/07/2008|04:15] C:\Program Files\<DIR> SopCast
[07/21/2008|02:41] C:\Program Files\<DIR> SpeedFan
[11/18/2008|03:04] C:\Program Files\<DIR> Spybot - Search & Destroy
[07/31/2008|01:27] C:\Program Files\<DIR> Steam
[01/21/2007|07:20] C:\Program Files\<DIR> Teamspeak2_RC2
[11/17/2008|02:23] C:\Program Files\<DIR> TeaTimer (Spybot - Search & Destroy)
[11/17/2008|12:40] C:\Program Files\<DIR> Trend Micro
[01/10/2007|12:09] C:\Program Files\<DIR> Uninstall Information
[03/06/2008|03:17] C:\Program Files\<DIR> Ventrilo
[05/21/2007|12:07] C:\Program Files\<DIR> VideoLAN
[11/21/2008|05:34] C:\Program Files\<DIR> Warcraft III
[05/06/2008|10:48] C:\Program Files\<DIR> WC3Banlist
[08/10/2008|02:48] C:\Program Files\<DIR> Windows Media Player
[08/10/2008|02:48] C:\Program Files\<DIR> Windows NT
[01/22/2007|07:21] C:\Program Files\<DIR> WindowsUpdate
[12/27/2007|12:53] C:\Program Files\<DIR> WinPcap
[08/15/2007|09:27] C:\Program Files\<DIR> WinRAR
[08/30/2007|07:05] C:\Program Files\<DIR> XBCD
[01/10/2007|12:00] C:\Program Files\<DIR> xerox
[11/17/2008|02:03] C:\Program Files\<DIR> Xfire

--------------------\\ Listing Folders in C:\Program Files\Common Files

[08/09/2008|11:33] C:\Program Files\Common Files\<DIR> Adobe
[08/16/2007|09:33] C:\Program Files\Common Files\<DIR> Ahead
[08/09/2008|11:35] C:\Program Files\Common Files\<DIR> Apple
[07/19/2008|04:59] C:\Program Files\Common Files\<DIR> Blizzard Entertainment
[01/22/2007|09:38] C:\Program Files\Common Files\<DIR> Designer
[05/06/2007|08:37] C:\Program Files\Common Files\<DIR> GTK
[05/30/2008|10:11] C:\Program Files\Common Files\<DIR> INCA Shared
[08/10/2008|09:57] C:\Program Files\Common Files\<DIR> InstallShield
[03/16/2007|08:26] C:\Program Files\Common Files\<DIR> Java
[04/21/2007|09:19] C:\Program Files\Common Files\<DIR> L&H
[07/01/2008|08:30] C:\Program Files\Common Files\<DIR> Microsoft Shared
[08/11/2007|07:05] C:\Program Files\Common Files\<DIR> Motorola Shared
[01/10/2007|11:58] C:\Program Files\Common Files\<DIR> MSSoap
[01/10/2007|06:36] C:\Program Files\Common Files\<DIR> ODBC
[02/03/2007|05:38] C:\Program Files\Common Files\<DIR> Real
[03/11/2007|06:12] C:\Program Files\Common Files\<DIR> Remote Control Software Shared
[08/11/2008|03:28] C:\Program Files\Common Files\<DIR> Research In Motion
[08/11/2008|03:32] C:\Program Files\Common Files\<DIR> Roxio Shared
[01/10/2007|11:58] C:\Program Files\Common Files\<DIR> Services
[08/11/2008|03:30] C:\Program Files\Common Files\<DIR> Sonic Shared
[01/10/2007|06:36] C:\Program Files\Common Files\<DIR> SpeechEngines
[08/10/2008|02:47] C:\Program Files\Common Files\<DIR> System
[03/06/2008|03:15] C:\Program Files\Common Files\<DIR> Wise Installation Wizard
[02/03/2007|05:38] C:\Program Files\Common Files\<DIR> xing shared

--------------------\\ Process

( 34 Processes )

... OK !

--------------------\\ Searching with S_Lop

No Lop folder found !

--------------------\\ Searching for Lop Files - Folders

No Lop folder found !

--------------------\\ Searching within the Registry

..... OK !

--------------------\\ Checking the Hosts file

Hosts file CLEAN


--------------------\\ Searching for hidden files with Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-21 18:03:14
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 2

--------------------\\ Searching for other infections

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\user\Desktop\Warcraft_3_1.21a_no-cd_cracks_and_online_play.3714028.TPB.torrent
C:\DOCUME~1\user\Recent\Warcraft_3_1.21a_no-cd_cracks_and_online_play.3714028.TPB.torrent.lnk


[F:84][D:0]-> C:\DOCUME~1\user\Cookies
[F:100][D:4]-> C:\DOCUME~1\user\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - Thu 11/20/2008|22:18 - Option : [1]
2 - "C:\Lop SD\LopR_2.txt" - Fri 11/21/2008|18:04 - Option : [3]

--------------------\\ Scan completed at 18:04:30


Before I ran this I got a couple alerts from AntiVir saying vundo was detected. Just thought u should know. Thanks.
 
To access the Uninstall Manager you would do the following:

1. Start HijackThis
2. Click on the Config button
3. Click on the Misc Tools button
4. Click on the Open Uninstall Manager button.

You will now be presented with a screen similar to the one below:

uninstall-man.jpg


5. Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad here on your next reply.
 
Here is the list:

ActionReplay Xbox
Adobe Flash Player ActiveX
Adobe Flash Player Plugin
Adobe Reader 8.1.2
Adobe Shockwave Player
Advertisement Service
Ahead Nero Burning ROM
Apple Mobile Device Support
Apple Software Update
Avira AntiVir Personal - Free Antivirus
Battlefield 2(TM)
BitMeter
BlackBerry Desktop Software 4.5
BlackBerry Desktop Software 4.5
Bonjour
Canon i320
CDisplay 1.8
C-Media USB Sound
Debugging Tools for Windows (x86)
Dell ResourceCD
DivX Web Player
EA SPORTS online 2008
FlashFXP v3
GTK+ 2.10.6-1 runtime environment
Hamachi 1.0.2.5
HijackThis 2.0.2
HollywoodPoker.com (remove only)
ImgBurn (Remove Only)
Intel(R) PRO Network Adapters and Drivers
iTunes
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 3
Java(TM) 6 Update 2
Java(TM) 6 Update 7
Java(TM) SE Runtime Environment 6 Update 1
Kaspersky Online Scanner
LimeWire PRO 4.9.41
Logitech Harmony Remote Software 7
Microsoft .NET Framework 2.0
Microsoft Office XP Professional with FrontPage
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
MikesBikes-Intro
mIRC
MobileMe Control Panel
Mojo
Motorola Driver Installation
Motorola PEBL U6-RAZR V3 USB - Handset Manager V9.5
Mozilla Firefox (3.0.4)
MSXML 6.0 Parser
MySidesearch Search Assistant Bfinding
NVIDIA Drivers
OpenSSL 0.9.8g
PokerStars
PowerDVD
Project64 1.6
QuickTime
RagnarokOnline
RealPlayer
RocketDock 1.3.5
RON Tool Netupbanner
Roxio Media Manager
Safari
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB920683)
SopCast 2.0.2
Sound Blaster Live!
SpeechRedist
SpeedFan (remove only)
Spybot - Search & Destroy
Spybot - Search & Destroy 1.4
StreamPlug Player
TeamSpeak 2 RC2
The GIMP 2.2.13
Update for Windows XP (KB898461)
Update for Windows XP (KB908531)
Ventrilo Client
VeohTV BETA
VideoLAN VLC media player 0.8.6b
VNC Free Edition 4.1.2
WC3Banlist
Windows Installer 3.1 (KB893803)
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Format Runtime
WinPcap 3.1
WinRAR archiver
WoWscape Server Browser
XBCD 1.07
Xfire (remove only)
 
IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

LimeWire PRO 4.9.41

I'd like you to read the this thread.

Please go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).

Uninstall also these:

J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 3
Java(TM) 6 Update 2
Java(TM) SE Runtime Environment 6 Update 1

Please run a new uninstall list scan when finished and post the log back here.
 
Here is the new uninstall log:

ActionReplay Xbox
Adobe Flash Player ActiveX
Adobe Flash Player Plugin
Adobe Reader 8.1.2
Adobe Shockwave Player
Advertisement Service
Ahead Nero Burning ROM
Apple Mobile Device Support
Apple Software Update
Avira AntiVir Personal - Free Antivirus
Battlefield 2(TM)
BitMeter
BlackBerry Desktop Software 4.5
BlackBerry Desktop Software 4.5
Bonjour
Canon i320
CDisplay 1.8
C-Media USB Sound
Debugging Tools for Windows (x86)
Dell ResourceCD
DivX Web Player
EA SPORTS online 2008
FlashFXP v3
GTK+ 2.10.6-1 runtime environment
Hamachi 1.0.2.5
HijackThis 2.0.2
HollywoodPoker.com (remove only)
ImgBurn (Remove Only)
Intel(R) PRO Network Adapters and Drivers
iTunes
Java(TM) 6 Update 7
Kaspersky Online Scanner
Logitech Harmony Remote Software 7
Microsoft .NET Framework 2.0
Microsoft Office XP Professional with FrontPage
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
MikesBikes-Intro
mIRC
MobileMe Control Panel
Mojo
Motorola Driver Installation
Motorola PEBL U6-RAZR V3 USB - Handset Manager V9.5
Mozilla Firefox (3.0.4)
MSXML 6.0 Parser
MySidesearch Search Assistant Bfinding
NVIDIA Drivers
OpenSSL 0.9.8g
PokerStars
PowerDVD
Project64 1.6
QuickTime
RagnarokOnline
RealPlayer
RocketDock 1.3.5
RON Tool Netupbanner
Roxio Media Manager
Safari
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB920683)
SopCast 2.0.2
Sound Blaster Live!
SpeechRedist
SpeedFan (remove only)
Spybot - Search & Destroy
Spybot - Search & Destroy 1.4
StreamPlug Player
TeamSpeak 2 RC2
The GIMP 2.2.13
Update for Windows XP (KB898461)
Update for Windows XP (KB908531)
Ventrilo Client
VeohTV BETA
VideoLAN VLC media player 0.8.6b
VNC Free Edition 4.1.2
WC3Banlist
Windows Installer 3.1 (KB893803)
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Format Runtime
WinPcap 3.1
WinRAR archiver
WoWscape Server Browser
XBCD 1.07
Xfire (remove only)
 
Uninstall also these:

Advertisement Service
MySidesearch Search Assistant Bfinding

We need first to disable TeaTimer that it doesn't interfere with fixes. You can re-enable it when you're clean again:

1. Run Spybot-S&D in Advanced Mode.
2. If it is not already set to do this Go to the Mode menu select "Advanced Mode"
3. On the left hand side, Click on Tools
4. Then click on the Resident Icon in the List
5. Uncheck "Resident TeaTimer" and OK any prompts.
6. Restart your computer.

Open notepad and copy/paste the text in the codebox below into it:

Code: 
File::
c:\windows\system32\fayqhusytjjvhqzbr.exe
c:\windows\system32\cgybkeyqhsxqe.dll-uninst.exe
c:\windows\system32\dxxntgbdovynrgzcx.exe

Folder::
c:\windows\system32\sys3
c:\windows\system32\sX3i19
c:\windows\system32\ES
c:\windows\system32\emi
c:\temp\PRE45
c:\documents and settings\user\Application Data\uTorrent
c:\documents and settings\user\Application Data\LimeWire
C:\Program Files\LimeWire

Save this as "CFScript"

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

CFScriptB-4.gif


This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.

Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.
 
I disabled Tea timer and AntiVirus then rebooted, then created the CFScript file and dragged it over ComboFix. It scanned and produced a log file without requiring restart. I also created a new HijackThis log then reenabled my local protections. Here are the logs:


ComboFix 08-11-19.08 - user 2008-11-24 10:36:28.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.666 [GMT -5:00]
Running from: c:\documents and settings\user\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\user\Desktop\CFScript.txt
* Created a new restore point

FILE ::
c:\windows\system32\cgybkeyqhsxqe.dll-uninst.exe
c:\windows\system32\dxxntgbdovynrgzcx.exe
c:\windows\system32\fayqhusytjjvhqzbr.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\user\Application Data\LimeWire
c:\documents and settings\user\Application Data\LimeWire\.NetworkShare\LimeWireWin4.16.6.exe
c:\documents and settings\user\Application Data\LimeWire\49splashpro.png
c:\documents and settings\user\Application Data\LimeWire\createtimes.cache
c:\documents and settings\user\Application Data\LimeWire\fileurns.bak
c:\documents and settings\user\Application Data\LimeWire\fileurns.cache
c:\documents and settings\user\Application Data\LimeWire\filters.props
c:\documents and settings\user\Application Data\LimeWire\gnutella.net
c:\documents and settings\user\Application Data\LimeWire\installation.props
c:\documents and settings\user\Application Data\LimeWire\library.dat
c:\documents and settings\user\Application Data\LimeWire\limewire.props
c:\documents and settings\user\Application Data\LimeWire\pub1.key
c:\documents and settings\user\Application Data\LimeWire\public.key
c:\documents and settings\user\Application Data\LimeWire\questions.props
c:\documents and settings\user\Application Data\LimeWire\simpp.xml
c:\documents and settings\user\Application Data\LimeWire\spam.dat
c:\documents and settings\user\Application Data\LimeWire\tables.props
c:\documents and settings\user\Application Data\LimeWire\themes\black_theme.lwtp
c:\documents and settings\user\Application Data\LimeWire\themes\black_theme\01_star.gif
c:\documents and settings\user\Application Data\LimeWire\themes\black_theme\02_star.gif
c:\documents and settings\user\Application Data\LimeWire\themes\black_theme\03_star.gif
c:\documents and settings\user\Application Data\LimeWire\themes\black_theme\04_star.gif
c:\documents and settings\user\Application Data\LimeWire\themes\black_theme\05_star.gif
c:\documents and settings\user\Application Data\LimeWire\themes\black_theme\chat.gif
c:\documents and settings\user\Application Data\LimeWire\themes\black_theme\dir_closed.gif
c:\documents and settings\user\Application Data\LimeWire\themes\black_theme\dir_open.gif
c:\documents and settings\user\Application Data\LimeWire\themes\black_theme\forward_dn.gif
c:\documents and settings\user\Application Data\LimeWire\themes\black_theme\forward_up.gif
c:\documents and settings\user\Application Data\LimeWire\themes\black_theme\kill.gif
c:\documents and settings\user\Application Data\LimeWire\themes\black_theme\kill_on.gif
c:\documents and settings\user\Application Data\LimeWire\themes\black_theme\lime.gif
c:\documents and settings\user\Application Data\LimeWire\themes\black_theme\logo.gif
c:\documents and settings\user\Application Data\LimeWire\themes\black_theme\notsearching.gif
c:\documents and settings\user\Application Data\LimeWire\themes\black_theme\pause_dn.gif
c:\documents and settings\user\Application Data\LimeWire\themes\black_theme\pause_up.gif
c:\documents and settings\user\Application Data\LimeWire\themes\black_theme\play_dn.gif
c:\documents and settings\user\Application Data\LimeWire\themes\black_theme\play_up.gif
c:\documents and settings\user\Application Data\LimeWire\themes\black_theme\question.gif
c:\documents and settings\user\Application Data\LimeWire\themes\black_theme\rewind_dn.gif
c:\documents and settings\user\Application Data\LimeWire\themes\black_theme\rewind_up.gif
c:\documents and settings\user\Application Data\LimeWire\themes\black_theme\searching.gif
c:\documents and settings\user\Application Data\LimeWire\themes\black_theme\splash.png
c:\documents and settings\user\Application Data\LimeWire\themes\black_theme\stop_dn.gif
c:\documents and settings\user\Application Data\LimeWire\themes\black_theme\stop_up.gif
c:\documents and settings\user\Application Data\LimeWire\themes\black_theme\theme.txt
c:\documents and settings\user\Application Data\LimeWire\themes\black_theme\warning.gif
c:\documents and settings\user\Application Data\LimeWire\themes\classic_theme.lwtp
c:\documents and settings\user\Application Data\LimeWire\themes\classic_theme\01_star.gif
c:\documents and settings\user\Application Data\LimeWire\themes\classic_theme\02_star.gif
c:\documents and settings\user\Application Data\LimeWire\themes\classic_theme\03_star.gif
c:\documents and settings\user\Application Data\LimeWire\themes\classic_theme\04_star.gif
c:\documents and settings\user\Application Data\LimeWire\themes\classic_theme\05_star.gif
c:\documents and settings\user\Application Data\LimeWire\themes\classic_theme\chat.gif
c:\documents and settings\user\Application Data\LimeWire\themes\classic_theme\dir_closed.gif
c:\documents and settings\user\Application Data\LimeWire\themes\classic_theme\dir_open.gif
c:\documents and settings\user\Application Data\LimeWire\themes\classic_theme\forward_dn.gif
c:\documents and settings\user\Application Data\LimeWire\themes\classic_theme\forward_up.gif
c:\documents and settings\user\Application Data\LimeWire\themes\classic_theme\kill.gif
c:\documents and settings\user\Application Data\LimeWire\themes\classic_theme\logo.gif
c:\documents and settings\user\Application Data\LimeWire\themes\classic_theme\notsearching.gif
c:\documents and settings\user\Application Data\LimeWire\themes\classic_theme\pause_dn.gif
c:\documents and settings\user\Application Data\LimeWire\themes\classic_theme\pause_up.gif
c:\documents and settings\user\Application Data\LimeWire\themes\classic_theme\play_dn.gif
c:\documents and settings\user\Application Data\LimeWire\themes\classic_theme\play_up.gif
c:\documents and settings\user\Application Data\LimeWire\themes\classic_theme\question.gif
c:\documents and settings\user\Application Data\LimeWire\themes\classic_theme\rewind_dn.gif
c:\documents and settings\user\Application Data\LimeWire\themes\classic_theme\rewind_up.gif
c:\documents and settings\user\Application Data\LimeWire\themes\classic_theme\search.gif
c:\documents and settings\user\Application Data\LimeWire\themes\classic_theme\searching.gif
c:\documents and settings\user\Application Data\LimeWire\themes\classic_theme\splash.png
c:\documents and settings\user\Application Data\LimeWire\themes\classic_theme\stop_dn.gif
c:\documents and settings\user\Application Data\LimeWire\themes\classic_theme\stop_up.gif
c:\documents and settings\user\Application Data\LimeWire\themes\classic_theme\theme.txt
c:\documents and settings\user\Application Data\LimeWire\themes\classic_theme\warning.gif
c:\documents and settings\user\Application Data\LimeWire\themes\limewire_theme.lwtp
c:\documents and settings\user\Application Data\LimeWire\themes\limewire_theme\01_star.gif
c:\documents and settings\user\Application Data\LimeWire\themes\limewire_theme\02_star.gif
c:\documents and settings\user\Application Data\LimeWire\themes\limewire_theme\03_star.gif
c:\documents and settings\user\Application Data\LimeWire\themes\limewire_theme\04_star.gif
c:\documents and settings\user\Application Data\LimeWire\themes\limewire_theme\05_star.gif
c:\documents and settings\user\Application Data\LimeWire\themes\limewire_theme\chat.gif
c:\documents and settings\user\Application Data\LimeWire\themes\limewire_theme\dir_closed.gif
c:\documents and settings\user\Application Data\LimeWire\themes\limewire_theme\dir_open.gif
c:\documents and settings\user\Application Data\LimeWire\themes\limewire_theme\forward_dn.gif
c:\documents and settings\user\Application Data\LimeWire\themes\limewire_theme\forward_up.gif
c:\documents and settings\user\Application Data\LimeWire\themes\limewire_theme\kill.gif
c:\documents and settings\user\Application Data\LimeWire\themes\limewire_theme\kill_on.gif
c:\documents and settings\user\Application Data\LimeWire\themes\limewire_theme\lime.gif
c:\documents and settings\user\Application Data\LimeWire\themes\limewire_theme\logo.gif
c:\documents and settings\user\Application Data\LimeWire\themes\limewire_theme\notsearching.gif
c:\documents and settings\user\Application Data\LimeWire\themes\limewire_theme\pause_dn.gif
c:\documents and settings\user\Application Data\LimeWire\themes\limewire_theme\pause_up.gif
c:\documents and settings\user\Application Data\LimeWire\themes\limewire_theme\play_dn.gif
c:\documents and settings\user\Application Data\LimeWire\themes\limewire_theme\play_up.gif
c:\documents and settings\user\Application Data\LimeWire\themes\limewire_theme\question.gif
c:\documents and settings\user\Application Data\LimeWire\themes\limewire_theme\rewind_dn.gif
c:\documents and settings\user\Application Data\LimeWire\themes\limewire_theme\rewind_up.gif
c:\documents and settings\user\Application Data\LimeWire\themes\limewire_theme\searching.gif
c:\documents and settings\user\Application Data\LimeWire\themes\limewire_theme\splash.png
c:\documents and settings\user\Application Data\LimeWire\themes\limewire_theme\stop_dn.gif
c:\documents and settings\user\Application Data\LimeWire\themes\limewire_theme\stop_up.gif
c:\documents and settings\user\Application Data\LimeWire\themes\limewire_theme\theme.txt
c:\documents and settings\user\Application Data\LimeWire\themes\limewire_theme\warning.gif
c:\documents and settings\user\Application Data\LimeWire\themes\limewirePro_theme.lwtp
c:\documents and settings\user\Application Data\LimeWire\themes\limewirePro_theme\01_star.gif
c:\documents and settings\user\Application Data\LimeWire\themes\limewirePro_theme\02_star.gif
c:\documents and settings\user\Application Data\LimeWire\themes\limewirePro_theme\03_star.gif
c:\documents and settings\user\Application Data\LimeWire\themes\limewirePro_theme\04_star.gif
c:\documents and settings\user\Application Data\LimeWire\themes\limewirePro_theme\05_star.gif
c:\documents and settings\user\Application Data\LimeWire\themes\limewirePro_theme\chat.gif
c:\documents and settings\user\Application Data\LimeWire\themes\limewirePro_theme\dir_closed.gif
c:\documents and settings\user\Application Data\LimeWire\themes\limewirePro_theme\dir_open.gif
c:\documents and settings\user\Application Data\LimeWire\themes\limewirePro_theme\forward_dn.gif
c:\documents and settings\user\Application Data\LimeWire\themes\limewirePro_theme\forward_up.gif
c:\documents and settings\user\Application Data\LimeWire\themes\limewirePro_theme\kill.gif
c:\documents and settings\user\Application Data\LimeWire\themes\limewirePro_theme\kill_on.gif
c:\documents and settings\user\Application Data\LimeWire\themes\limewirePro_theme\lime.gif
c:\documents and settings\user\Application Data\LimeWire\themes\limewirePro_theme\logo.gif
c:\documents and settings\user\Application Data\LimeWire\themes\limewirePro_theme\notsearching.gif
c:\documents and settings\user\Application Data\LimeWire\themes\limewirePro_theme\pause_dn.gif
c:\documents and settings\user\Application Data\LimeWire\themes\limewirePro_theme\pause_up.gif
c:\documents and settings\user\Application Data\LimeWire\themes\limewirePro_theme\play_dn.gif
c:\documents and settings\user\Application Data\LimeWire\themes\limewirePro_theme\play_up.gif
c:\documents and settings\user\Application Data\LimeWire\themes\limewirePro_theme\question.gif
c:\documents and settings\user\Application Data\LimeWire\themes\limewirePro_theme\rewind_dn.gif
c:\documents and settings\user\Application Data\LimeWire\themes\limewirePro_theme\rewind_up.gif
c:\documents and settings\user\Application Data\LimeWire\themes\limewirePro_theme\searching.gif
c:\documents and settings\user\Application Data\LimeWire\themes\limewirePro_theme\splash.png
c:\documents and settings\user\Application Data\LimeWire\themes\limewirePro_theme\stop_dn.gif
c:\documents and settings\user\Application Data\LimeWire\themes\limewirePro_theme\stop_up.gif
c:\documents and settings\user\Application Data\LimeWire\themes\limewirePro_theme\theme.txt
c:\documents and settings\user\Application Data\LimeWire\themes\limewirePro_theme\warning.gif
c:\documents and settings\user\Application Data\LimeWire\themes\other_theme.lwtp
c:\documents and settings\user\Application Data\LimeWire\themes\other_theme\01_star.gif
c:\documents and settings\user\Application Data\LimeWire\themes\other_theme\02_star.gif
c:\documents and settings\user\Application Data\LimeWire\themes\other_theme\03_star.gif
c:\documents and settings\user\Application Data\LimeWire\themes\other_theme\04_star.gif
c:\documents and settings\user\Application Data\LimeWire\themes\other_theme\05_star.gif
c:\documents and settings\user\Application Data\LimeWire\themes\other_theme\chat.gif
c:\documents and settings\user\Application Data\LimeWire\themes\other_theme\forward_dn.gif
c:\documents and settings\user\Application Data\LimeWire\themes\other_theme\forward_up.gif
c:\documents and settings\user\Application Data\LimeWire\themes\other_theme\kill.gif
c:\documents and settings\user\Application Data\LimeWire\themes\other_theme\kill_on.gif
c:\documents and settings\user\Application Data\LimeWire\themes\other_theme\logo.png
c:\documents and settings\user\Application Data\LimeWire\themes\other_theme\notsearching.png
c:\documents and settings\user\Application Data\LimeWire\themes\other_theme\pause_dn.gif
c:\documents and settings\user\Application Data\LimeWire\themes\other_theme\pause_up.gif
c:\documents and settings\user\Application Data\LimeWire\themes\other_theme\play_dn.gif
c:\documents and settings\user\Application Data\LimeWire\themes\other_theme\play_up.gif
c:\documents and settings\user\Application Data\LimeWire\themes\other_theme\question.gif
c:\documents and settings\user\Application Data\LimeWire\themes\other_theme\rewind_dn.gif
c:\documents and settings\user\Application Data\LimeWire\themes\other_theme\rewind_up.gif
c:\documents and settings\user\Application Data\LimeWire\themes\other_theme\searching.gif
c:\documents and settings\user\Application Data\LimeWire\themes\other_theme\splash.png
c:\documents and settings\user\Application Data\LimeWire\themes\other_theme\stop_dn.gif
c:\documents and settings\user\Application Data\LimeWire\themes\other_theme\stop_up.gif
c:\documents and settings\user\Application Data\LimeWire\themes\other_theme\theme.txt
c:\documents and settings\user\Application Data\LimeWire\themes\other_theme\warning.gif
c:\documents and settings\user\Application Data\LimeWire\themes\windows_theme.lwtp
c:\documents and settings\user\Application Data\LimeWire\themes\windows_theme\01_star.gif
c:\documents and settings\user\Application Data\LimeWire\themes\windows_theme\02_star.gif
c:\documents and settings\user\Application Data\LimeWire\themes\windows_theme\03_star.gif
c:\documents and settings\user\Application Data\LimeWire\themes\windows_theme\04_star.gif
c:\documents and settings\user\Application Data\LimeWire\themes\windows_theme\05_star.gif
c:\documents and settings\user\Application Data\LimeWire\themes\windows_theme\chat.gif
c:\documents and settings\user\Application Data\LimeWire\themes\windows_theme\forward_dn.gif
c:\documents and settings\user\Application Data\LimeWire\themes\windows_theme\forward_up.gif
c:\documents and settings\user\Application Data\LimeWire\themes\windows_theme\kill.gif
c:\documents and settings\user\Application Data\LimeWire\themes\windows_theme\kill_on.gif
c:\documents and settings\user\Application Data\LimeWire\themes\windows_theme\logo.png
c:\documents and settings\user\Application Data\LimeWire\themes\windows_theme\notsearching.png
c:\documents and settings\user\Application Data\LimeWire\themes\windows_theme\pause_dn.gif
c:\documents and settings\user\Application Data\LimeWire\themes\windows_theme\pause_up.gif
c:\documents and settings\user\Application Data\LimeWire\themes\windows_theme\play_dn.gif
c:\documents and settings\user\Application Data\LimeWire\themes\windows_theme\play_up.gif
c:\documents and settings\user\Application Data\LimeWire\themes\windows_theme\question.gif
c:\documents and settings\user\Application Data\LimeWire\themes\windows_theme\rewind_dn.gif
c:\documents and settings\user\Application Data\LimeWire\themes\windows_theme\rewind_up.gif
c:\documents and settings\user\Application Data\LimeWire\themes\windows_theme\searching.gif
c:\documents and settings\user\Application Data\LimeWire\themes\windows_theme\splash.png
c:\documents and settings\user\Application Data\LimeWire\themes\windows_theme\stop_dn.gif
c:\documents and settings\user\Application Data\LimeWire\themes\windows_theme\stop_up.gif
c:\documents and settings\user\Application Data\LimeWire\themes\windows_theme\theme.txt
c:\documents and settings\user\Application Data\LimeWire\themes\windows_theme\warning.gif
c:\documents and settings\user\Application Data\LimeWire\ttree.cache
c:\documents and settings\user\Application Data\LimeWire\update.xml
c:\documents and settings\user\Application Data\LimeWire\version.key
c:\documents and settings\user\Application Data\LimeWire\version.xml
c:\documents and settings\user\Application Data\LimeWire\xml\data\audio.sxml
c:\documents and settings\user\Application Data\LimeWire\xml\data\delete_me
c:\documents and settings\user\Application Data\LimeWire\xml\data\video.sxml
c:\documents and settings\user\Application Data\LimeWire\xml\misc\application.gif
c:\documents and settings\user\Application Data\LimeWire\xml\misc\audio.gif
c:\documents and settings\user\Application Data\LimeWire\xml\misc\document.gif
c:\documents and settings\user\Application Data\LimeWire\xml\misc\image.gif
c:\documents and settings\user\Application Data\LimeWire\xml\misc\video.gif
c:\documents and settings\user\Application Data\LimeWire\xml\schemas\application.xsd
c:\documents and settings\user\Application Data\LimeWire\xml\schemas\audio.xsd
c:\documents and settings\user\Application Data\LimeWire\xml\schemas\document.xsd
c:\documents and settings\user\Application Data\LimeWire\xml\schemas\image.xsd
c:\documents and settings\user\Application Data\LimeWire\xml\schemas\video.xsd
c:\documents and settings\user\Application Data\uTorrent
c:\documents and settings\user\Application Data\uTorrent\Agent.Cody.Banks.2003.Swesub.DVDRip.Xvid-monica112.torrent
c:\documents and settings\user\Application Data\uTorrent\Batman - The Killing Joke.cbr.torrent
c:\documents and settings\user\Application Data\uTorrent\Batman Begins - Soundtrack [2005].rar.torrent
c:\documents and settings\user\Application Data\uTorrent\batman_the_killing_joke_deluxe_edition_marsh07.rar.torrent
c:\documents and settings\user\Application Data\uTorrent\Blade Runner The final cut KLAXXON.torrent
c:\documents and settings\user\Application Data\uTorrent\Boiler.Room.2000.iNT.DVDRip.XViD-EXT.torrent
c:\documents and settings\user\Application Data\uTorrent\Dead Poets Society.avi.torrent
c:\documents and settings\user\Application Data\uTorrent\dht.dat
c:\documents and settings\user\Application Data\uTorrent\dht.dat.old
c:\documents and settings\user\Application Data\uTorrent\Ennio Morricone.torrent
c:\documents and settings\user\Application Data\uTorrent\Entourage S03E19 HDTV XviD-LOL.torrent
c:\documents and settings\user\Application Data\uTorrent\GReYs aNaToMy (S04).torrent
c:\documents and settings\user\Application Data\uTorrent\Harry.Potter.And.The.Order.Of.The.Phoenix[2007]DvDrip[Eng]-aXXo.torrent
c:\documents and settings\user\Application Data\uTorrent\How_I_Met_Your_Mother.S03E18.Rebound_Bro.HDTV_XviD-FoV.[MFD].avi.torrent
c:\documents and settings\user\Application Data\uTorrent\LOST - Complete Season 3 (x264-AAC-mkv).torrent
c:\documents and settings\user\Application Data\uTorrent\Lost 4x06 The Other Woman PROPER HDTV XviD-FoV [btarena.org].avi.torrent
c:\documents and settings\user\Application Data\uTorrent\Lost.S04E01.HDTV.XviD-XOR.avi.torrent
c:\documents and settings\user\Application Data\uTorrent\Lost.S04E02.HDTV.XviD-2HD.avi.torrent
c:\documents and settings\user\Application Data\uTorrent\Lost.S04E03.HDTV.XviD-XOR.avi.torrent
c:\documents and settings\user\Application Data\uTorrent\Lost.S04E04.REPACK.HDTV.XviD-0TV.torrent
c:\documents and settings\user\Application Data\uTorrent\Lost.S04E05.HDTV[Www.Yestorrent.Com].torrent
c:\documents and settings\user\Application Data\uTorrent\Lost.S04E06.HDTV.XviD-2HD [btarena.org].avi.torrent
c:\documents and settings\user\Application Data\uTorrent\Lost.S04E06.The.Other.Woman.PROPER.HDTV.XviD-FoV.[www.torrentfive.com].torrent
c:\documents and settings\user\Application Data\uTorrent\Lost.S04E13-E14.HDTV.XviD-2HD.avi.torrent
c:\documents and settings\user\Application Data\uTorrent\Lost_Season02_Episodes_01-24.1.torrent
c:\documents and settings\user\Application Data\uTorrent\Lost_Season02_Episodes_01-24.2.torrent
c:\documents and settings\user\Application Data\uTorrent\Lost_Season02_Episodes_01-24.torrent
c:\documents and settings\user\Application Data\uTorrent\Marvel.Ultimate.Alliance.[XBOX][ProjectX][BlackDivX.org].torrent
c:\documents and settings\user\Application Data\uTorrent\Marvel.Ultimate.Alliance.PROPER-RELOADED.1.torrent
c:\documents and settings\user\Application Data\uTorrent\Marvel.Ultimate.Alliance.PROPER-RELOADED.torrent
c:\documents and settings\user\Application Data\uTorrent\Microsoft Office 2007 Complete Version + CD Key.torrent
c:\documents and settings\user\Application Data\uTorrent\Microsoft Office Enterprise 2007 (VOXIGEN@mininova.org).torrent
c:\documents and settings\user\Application Data\uTorrent\MILF Hunter - Ryan(FULL).asf.torrent
c:\documents and settings\user\Application Data\uTorrent\Moby.rar.torrent
c:\documents and settings\user\Application Data\uTorrent\MS.Office.2007.Enterprise.Complete.XP.Vista-HeartBug.torrent
c:\documents and settings\user\Application Data\uTorrent\NBA_Live_08-HATRED.torrent
c:\documents and settings\user\Application Data\uTorrent\No.Country.For.Old.Men.2007.DvDRip.Eng-FxM.torrent
c:\documents and settings\user\Application Data\uTorrent\Reggae Gold 2007.www.lokotorrents.com.torrent
c:\documents and settings\user\Application Data\uTorrent\resume.dat
c:\documents and settings\user\Application Data\uTorrent\resume.dat.old
c:\documents and settings\user\Application Data\uTorrent\rss.dat
c:\documents and settings\user\Application Data\uTorrent\rss.dat.old
c:\documents and settings\user\Application Data\uTorrent\Season 2.1.torrent
c:\documents and settings\user\Application Data\uTorrent\Season 2.torrent
c:\documents and settings\user\Application Data\uTorrent\settings.dat
c:\documents and settings\user\Application Data\uTorrent\settings.dat.old
c:\documents and settings\user\Application Data\uTorrent\Smallville.S07E09.PROPER.HDTV.XviD-XOR.avi.torrent
c:\documents and settings\user\Application Data\uTorrent\smallville.s07e10.real.proper.hdtv.xvid-notv.[VTV].avi.torrent
c:\documents and settings\user\Application Data\uTorrent\Smallville.S07E11.REPACK.PROPER.HDTV.XviD-2HD.avi.torrent
c:\documents and settings\user\Application Data\uTorrent\Smallville.S07E12.PROPER.HDTV.XviD-XOR.torrent
c:\documents and settings\user\Application Data\uTorrent\Smallville.S07E13.HDTV.XviD-NoTV.avi.torrent
c:\documents and settings\user\Application Data\uTorrent\Smallville.S07E14.HDTV.XviD-NoTV.avi.torrent
c:\documents and settings\user\Application Data\uTorrent\Smallville.S07E15.HDTV.XviD-XOR.avi.torrent
c:\documents and settings\user\Application Data\uTorrent\Softmod.Installer.Deluxe.v5.0.Xbox-Hq.torrent
c:\documents and settings\user\Application Data\uTorrent\Softmod.Installer.Deluxe.v5.01.Xbox-Hq.torrent
c:\documents and settings\user\Application Data\uTorrent\Soul_Calibur_II_USA_XBOX-ProjectX.torrent
c:\documents and settings\user\Application Data\uTorrent\System.Shock.2.PC.Game.[FROSTY].iso.torrent
c:\documents and settings\user\Application Data\uTorrent\The Big Bang Theory - Season 1.torrent
c:\documents and settings\user\Application Data\uTorrent\The Notorious B.I.G. Discography.torrent
c:\documents and settings\user\Application Data\uTorrent\The Office Season 3 US.torrent
c:\documents and settings\user\Application Data\uTorrent\The.Namesake.2006.PROPER.DVDRip.XviD-AFO.torrent
c:\documents and settings\user\Application Data\uTorrent\The_Game_-_L.A.X._[Explicit_Retail_08]-FOZZYDABEAR.torrent
c:\documents and settings\user\Application Data\uTorrent\There.Will.Be.Blood.REPACK.DVDSCR.XViD-mVs.torrent
c:\documents and settings\user\Application Data\uTorrent\Top Gear - [12x01] - 2008.11.02 [RiVER].avi.torrent
c:\documents and settings\user\Application Data\uTorrent\Top Gear - [12x02] - 2008.11.09 [AFFiNiTY].avi.torrent
c:\documents and settings\user\Application Data\uTorrent\Top Gear - [12x03] - 2008.11.16 [RiVER].avi.torrent
c:\documents and settings\user\Application Data\uTorrent\UT2004.zip.torrent
c:\documents and settings\user\Application Data\uTorrent\utorrent.lng
c:\documents and settings\user\Application Data\uTorrent\Warcraft III Reign of Chaos, The Frozen Throne + Update Patch War3TFT_121b_English +CD Key.torrent
c:\documents and settings\user\Application Data\uTorrent\Watchmen - complete.rar.torrent
c:\documents and settings\user\Application Data\uTorrent\Wedding Daze[2008]DvDrip[Eng]-FXG.torrent
c:\documents and settings\user\Application Data\uTorrent\XBOX Krayzie Ndure SOFTMOD Pack.torrent
c:\documents and settings\user\Application Data\uTorrent\Y - The Last Man.torrent
c:\program files\LimeWire
c:\program files\LimeWire\log.txt
c:\temp\PRE45
c:\temp\PRE45\pG8.log
c:\windows\system32\dxxntgbdovynrgzcx.exe
c:\windows\system32\emi
c:\windows\system32\ES
c:\windows\system32\fayqhusytjjvhqzbr.exe
c:\windows\system32\sX3i19
c:\windows\system32\sys3

.
((((((((((((((((((((((((( Files Created from 2008-10-24 to 2008-11-24 )))))))))))))))))))))))))))))))
.

2008-11-20 22:15 . 2008-11-21 18:04 <DIR> d-------- C:\Lop SD
2008-11-20 12:17 . 2008-11-20 12:17 <DIR> d-------- c:\program files\Gravity
2008-11-19 09:26 . 2008-11-19 09:26 <DIR> d-------- C:\VundoFix Backups
2008-11-19 09:18 . 2008-11-19 11:04 488 --a------ c:\windows\wininit.ini
2008-11-18 18:57 . 2008-11-18 18:58 <DIR> d-------- c:\documents and settings\Administrator
2008-11-18 13:38 . 2008-11-18 13:38 <DIR> d-------- c:\program files\Avira
2008-11-18 13:38 . 2008-11-18 13:38 <DIR> d-------- c:\documents and settings\All Users\Application Data\Avira
2008-11-17 14:23 . 2008-11-17 14:23 <DIR> d-------- c:\program files\TeaTimer (Spybot - Search & Destroy)
2008-11-17 14:23 . 2008-11-17 14:23 <DIR> d-------- c:\program files\SDHelper (Spybot - Search & Destroy)
2008-11-17 14:23 . 2008-11-17 14:23 <DIR> d-------- c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2008-11-17 14:23 . 2008-11-17 14:23 <DIR> d-------- c:\program files\File Scanner Library (Spybot - Search & Destroy)
2008-11-17 12:40 . 2008-11-17 12:40 <DIR> d-------- c:\program files\Trend Micro
2008-11-17 00:09 . 2008-11-24 10:37 <DIR> d-------- C:\Temp
2008-10-27 13:08 . 2008-10-27 13:08 <DIR> d-------- c:\program files\Codebox
2008-10-27 13:08 . 2008-10-27 13:10 <DIR> d-------- c:\documents and settings\user\Application Data\Bitmeter2
2008-10-27 13:08 . 2008-11-24 10:40 <DIR> d-------- c:\documents and settings\All Users\Application Data\Bitmeter2

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-24 04:31 --------- d-----w c:\documents and settings\user\Application Data\dvdcss
2008-11-24 04:24 --------- d-----w c:\program files\Warcraft III
2008-11-23 02:11 --------- d-----w c:\documents and settings\user\Application Data\Hamachi
2008-11-23 02:10 --------- d-----w c:\program files\Java
2008-11-20 17:17 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-20 16:35 --------- d-----w c:\program files\mIRC
2008-11-18 20:04 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-11-17 21:51 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-17 19:03 --------- d-s---w c:\program files\Xfire
2008-11-17 19:03 --------- d-----w c:\program files\HollywoodPoker
2008-11-17 19:03 --------- d-----w c:\documents and settings\user\Application Data\Xfire
2008-11-04 21:58 --------- d-----w c:\program files\PokerStars
2008-10-22 07:56 --------- d-----w c:\program files\DivX
2008-10-21 05:11 --------- d-----w c:\program files\CDisplay
2008-10-04 15:40 --------- d-----w c:\program files\iTunes
2008-10-04 15:40 --------- d-----w c:\program files\iPod
2008-10-04 15:40 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-01 17:01 32,000 ----a-w c:\windows\system32\drivers\usbaapl.sys
2008-09-27 23:14 --------- d-----w c:\documents and settings\user\Application Data\U3
2008-09-24 15:49 --------- d-----w c:\documents and settings\user\Application Data\ByteOMeter
2008-08-29 14:18 87,336 ----a-w c:\windows\system32\dns-sd.exe
2008-08-29 13:53 61,440 ----a-w c:\windows\system32\dnssd.dll
2007-08-16 14:54 47,360 ----a-w c:\documents and settings\user\Application Data\pcouffin.sys
2007-04-08 23:34 18,224 ----a-w c:\documents and settings\user\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"DrvMon.exe"="c:\windows\System32\DrvMon.exe" [2004-11-29 53248]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2007-11-17 171464]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-02-03 185896]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"NeroCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"diagent"="c:\program files\Creative\SBLive\Diagnostics\diagent.exe" [2002-04-03 135264]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2008-03-06 236016]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"nwiz"="nwiz.exe" [2006-10-22 c:\windows\system32\nwiz.exe]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bitmeter2.lnk - c:\program files\Codebox\BitMeter\BitMeter2.exe [2008-10-11 1462272]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoViewOnDrive"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=pcaqvx.dll dwhjsy.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.iv31"= c:\windows\System32\ir32_32.dll
"vidc.iv32"= c:\windows\System32\ir32_32.dll
"msacm.ctmp3"= c:\windows\System32\ctmp3.acm
"VIDC.XFR1"= xfcodec.dll
"vidc.ir41"= c:\windows\System32\ir41_32.ax

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-08-04 02:56 1667584 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=
"c:\\Program Files\\FlashFXP\\FlashFXP.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Documents and Settings\\user\\Desktop\\utorrent.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

S3 cmudau32;C-Media USB UDA Sound Interface;c:\windows\system32\drivers\cmudaxu.sys [2007-11-09 1414528]
S3 mamotou;mamotou;c:\windows\system32\DRIVERS\mamotou.sys [2007-02-17 49399]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2005-08-02 32512]
S3 xbreader;ActionReplay XBox Driver (xbreader.sys);c:\windows\system32\Drivers\xbreader.sys [2007-08-30 19677]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\Shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b4eedc15-8036-11dd-8233-0007e98f97d6}]
\Shell\AutoRun\command - G:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder

2008-11-22 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-24 10:39:43
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
Completion time: 2008-11-24 10:43:15
ComboFix-quarantined-files.txt 2008-11-24 15:42:13
ComboFix2.txt 2008-11-20 17:04:01

Pre-Run: 1,548,902,400 bytes free
Post-Run: 1,581,948,928 bytes free

426 --- E O F --- 2007-08-02 23:56:03









Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:44:36 AM, on 11/24/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\PnkBstrA.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\System32\DrvMon.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Codebox\BitMeter\BitMeter2.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\Marvelous007.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DrvMon.exe] C:\WINDOWS\System32\DrvMon.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Bitmeter2.lnk = C:\Program Files\Codebox\BitMeter\BitMeter2.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/us/kavwebscan_unicode.cab
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file://C:\Program Files\Monopoly\Images\stg_drm.ocx
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1218296795078
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file://C:\Program Files\Monopoly\Images\armhelper.ocx
O20 - AppInit_DLLs: pcaqvx.dll dwhjsy.dll
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\System32\PnkBstrA.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe

--
End of file - 8570 bytes


Thanks.
 
Another round is needed:

Open notepad and copy/paste the text in the codebox below into it:

Code: 
File::
c:\Documents and Settings\user\Desktop\utorrent.exe

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=-

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Documents and Settings\\user\\Desktop\\utorrent.exe"=-

Save this as "CFScript"

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

CFScriptB-4.gif


This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.

Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.
 
Here is the ComboFix Log:

ComboFix 08-11-19.08 - user 2008-11-24 14:29:18.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.629 [GMT -5:00]
Running from: c:\documents and settings\user\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\user\Desktop\CFScript.txt
* Created a new restore point

FILE ::
c:\documents and settings\user\Desktop\utorrent.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\user\Desktop\utorrent.exe

.
((((((((((((((((((((((((( Files Created from 2008-10-24 to 2008-11-24 )))))))))))))))))))))))))))))))
.

2008-11-24 10:50 . 2008-11-24 11:01 <DIR> d-------- c:\documents and settings\user\Application Data\uTorrent
2008-11-20 22:15 . 2008-11-21 18:04 <DIR> d-------- C:\Lop SD
2008-11-20 12:17 . 2008-11-20 12:17 <DIR> d-------- c:\program files\Gravity
2008-11-19 09:26 . 2008-11-19 09:26 <DIR> d-------- C:\VundoFix Backups
2008-11-19 09:18 . 2008-11-19 11:04 488 --a------ c:\windows\wininit.ini
2008-11-18 18:57 . 2008-11-18 18:58 <DIR> d-------- c:\documents and settings\Administrator
2008-11-18 13:38 . 2008-11-18 13:38 <DIR> d-------- c:\program files\Avira
2008-11-18 13:38 . 2008-11-18 13:38 <DIR> d-------- c:\documents and settings\All Users\Application Data\Avira
2008-11-17 14:23 . 2008-11-17 14:23 <DIR> d-------- c:\program files\TeaTimer (Spybot - Search & Destroy)
2008-11-17 14:23 . 2008-11-17 14:23 <DIR> d-------- c:\program files\SDHelper (Spybot - Search & Destroy)
2008-11-17 14:23 . 2008-11-17 14:23 <DIR> d-------- c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2008-11-17 14:23 . 2008-11-17 14:23 <DIR> d-------- c:\program files\File Scanner Library (Spybot - Search & Destroy)
2008-11-17 12:40 . 2008-11-17 12:40 <DIR> d-------- c:\program files\Trend Micro
2008-11-17 00:09 . 2008-11-24 10:37 <DIR> d-------- C:\Temp
2008-10-27 13:08 . 2008-10-27 13:08 <DIR> d-------- c:\program files\Codebox
2008-10-27 13:08 . 2008-10-27 13:10 <DIR> d-------- c:\documents and settings\user\Application Data\Bitmeter2
2008-10-27 13:08 . 2008-11-24 14:33 <DIR> d-------- c:\documents and settings\All Users\Application Data\Bitmeter2

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-24 18:23 --------- d-----w c:\program files\Warcraft III
2008-11-24 04:31 --------- d-----w c:\documents and settings\user\Application Data\dvdcss
2008-11-23 02:11 --------- d-----w c:\documents and settings\user\Application Data\Hamachi
2008-11-23 02:10 --------- d-----w c:\program files\Java
2008-11-20 17:17 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-20 16:35 --------- d-----w c:\program files\mIRC
2008-11-18 20:04 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-11-17 21:51 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-17 19:03 --------- d-s---w c:\program files\Xfire
2008-11-17 19:03 --------- d-----w c:\program files\HollywoodPoker
2008-11-17 19:03 --------- d-----w c:\documents and settings\user\Application Data\Xfire
2008-11-04 21:58 --------- d-----w c:\program files\PokerStars
2008-10-22 07:56 --------- d-----w c:\program files\DivX
2008-10-21 05:11 --------- d-----w c:\program files\CDisplay
2008-10-04 15:40 --------- d-----w c:\program files\iTunes
2008-10-04 15:40 --------- d-----w c:\program files\iPod
2008-10-04 15:40 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-01 17:01 32,000 ----a-w c:\windows\system32\drivers\usbaapl.sys
2008-09-27 23:14 --------- d-----w c:\documents and settings\user\Application Data\U3
2008-09-24 15:49 --------- d-----w c:\documents and settings\user\Application Data\ByteOMeter
2008-08-29 14:18 87,336 ----a-w c:\windows\system32\dns-sd.exe
2008-08-29 13:53 61,440 ----a-w c:\windows\system32\dnssd.dll
2007-08-16 14:54 47,360 ----a-w c:\documents and settings\user\Application Data\pcouffin.sys
2007-04-08 23:34 18,224 ----a-w c:\documents and settings\user\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"DrvMon.exe"="c:\windows\System32\DrvMon.exe" [2004-11-29 53248]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2007-11-17 171464]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-02-03 185896]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"NeroCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"diagent"="c:\program files\Creative\SBLive\Diagnostics\diagent.exe" [2002-04-03 135264]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2008-03-06 236016]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"nwiz"="nwiz.exe" [2006-10-22 c:\windows\system32\nwiz.exe]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bitmeter2.lnk - c:\program files\Codebox\BitMeter\BitMeter2.exe [2008-10-11 1462272]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoViewOnDrive"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.iv31"= c:\windows\System32\ir32_32.dll
"vidc.iv32"= c:\windows\System32\ir32_32.dll
"msacm.ctmp3"= c:\windows\System32\ctmp3.acm
"VIDC.XFR1"= xfcodec.dll
"vidc.ir41"= c:\windows\System32\ir41_32.ax

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-08-04 02:56 1667584 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=
"c:\\Program Files\\FlashFXP\\FlashFXP.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2005-08-02 32512]
S3 cmudau32;C-Media USB UDA Sound Interface;c:\windows\system32\drivers\cmudaxu.sys [2007-11-09 1414528]
S3 mamotou;mamotou;c:\windows\system32\DRIVERS\mamotou.sys [2007-02-17 49399]
S3 xbreader;ActionReplay XBox Driver (xbreader.sys);c:\windows\system32\Drivers\xbreader.sys [2007-08-30 19677]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\Shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b4eedc15-8036-11dd-8233-0007e98f97d6}]
\Shell\AutoRun\command - G:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder

2008-11-22 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-24 14:32:01
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
Completion time: 2008-11-24 14:35:38
ComboFix-quarantined-files.txt 2008-11-24 19:34:34
ComboFix2.txt 2008-11-24 15:43:17
ComboFix3.txt 2008-11-20 17:04:01

Pre-Run: 1,538,293,760 bytes free
Post-Run: 1,520,709,632 bytes free

139 --- E O F --- 2007-08-02 23:56:03









HJT log:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:39:50 PM, on 11/24/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\PnkBstrA.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\System32\DrvMon.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Codebox\BitMeter\BitMeter2.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\Marvelous007.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DrvMon.exe] C:\WINDOWS\System32\DrvMon.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Bitmeter2.lnk = C:\Program Files\Codebox\BitMeter\BitMeter2.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/us/kavwebscan_unicode.cab
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file://C:\Program Files\Monopoly\Images\stg_drm.ocx
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1218296795078
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file://C:\Program Files\Monopoly\Images\armhelper.ocx
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\System32\PnkBstrA.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe

--
End of file - 8526 bytes
 
Delete this folder:

c:\documents and settings\user\Application Data\uTorrent

Empty Recycle Bin.

Please go to Kaspersky website and perform an online antivirus scan.

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

  1. Read through the requirements and privacy statement and click on Accept button.
  2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  3. When the downloads have finished, click on Settings.
  4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
  5. Click on My Computer under Scan.
  6. Once the scan is complete, it will display the results. Click on View Scan Report.
  7. You will see a list of infected items there. Click on Save Report As....
  8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  9. Please post this log in your next reply along with a fresh HijackThis log.

If you need a tutorial, see here
 
Here is the Kaspersky Log:

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Tuesday, November 25, 2008
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Monday, November 24, 2008 19:40:58
Records in database: 1409941
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\

Scan statistics:
Files scanned: 62693
Threat name: 2
Infected objects: 17
Suspicious objects: 0
Duration of the scan: 01:54:00


File name / Threat name / Threats count
C:\Program Files\RealVNC\VNC4\WinVNC4.exe/C:\Program Files\RealVNC\VNC4\WinVNC4.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 1
C:\Documents and Settings\user\Desktop\Software Upstairs\vnc-4_1_2-x86_win32.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 3
C:\Documents and Settings\user\Desktop\vnc-4_1_2-x86_win32.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 3
C:\Media\Software\vnc-4_1_2-x86_win32.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 3
C:\Media\Software\vnc-4_1_2-x86_win32.zip Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 3
C:\Program Files\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.617 1
C:\Program Files\RealVNC\VNC4\vncconfig.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 1
C:\Program Files\RealVNC\VNC4\vncviewer.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 1
C:\Program Files\RealVNC\VNC4\winvnc4.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 1

The selected area was scanned.






HJT Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:51:49 PM, on 11/25/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\PnkBstrA.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\System32\DrvMon.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Codebox\BitMeter\BitMeter2.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Trend Micro\HijackThis\Marvelous007.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DrvMon.exe] C:\WINDOWS\System32\DrvMon.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Bitmeter2.lnk = C:\Program Files\Codebox\BitMeter\BitMeter2.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/us/kavwebscan_unicode.cab
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file://C:\Program Files\Monopoly\Images\stg_drm.ocx
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1218296795078
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file://C:\Program Files\Monopoly\Images\armhelper.ocx
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\System32\PnkBstrA.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe

--
End of file - 8530 bytes


Thanks.
 
You must log in or register to reply here.
Back
Top