I just dunno whats wrong with my computer and theres another problem when i log in to a forum like this it needs me to log it in everytime,like auto log out and i think this should be the log i should give you.Please tell me how to fix it!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:45:56 PM, on 3/19/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\IDA\ida.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Registry Clean Expert\RCHelper.exe
C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
C:\Program Files\HP\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\HP\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\HP\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\HP\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\HP\KBD\KBD.EXE
c:\windows\system\hpsysdrv.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Opera\Opera.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...RIO&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TY...RIO&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: IE 4.x-6.x BHO for Internet Download Accelerator - {2A646672-9C3A-4C28-9A7A-1FB0F63F28B6} - C:\PROGRA~1\IDA\idaiehlp.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\Scriptcl.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: {aa7d5ac8-8da3-93c8-b7f4-1ccca1c39a0e} - {e0a93c1a-ccc1-4f7b-8c39-3ad88ca5d7aa} - C:\WINDOWS\system32\ljservqq.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: (no name) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - (no file)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [BMef6f9a75] Rundll32.exe "C:\WINDOWS\system32\hadtcale.dll",s
O4 - HKCU\..\Run: [Internet Download Accelerator] C:\Program Files\IDA\ida.exe -autorun
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [RegClean Expert Scheduler] "C:\Program Files\Registry Clean Expert\RCHelper.exe" /startup
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1203417649562
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1203428722265
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: jkkllmj - jkkllmj.dll (file missing)
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PD91Agent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe
O23 - Service: PD91Engine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk2008\PD91Engine.exe
O23 - Service: PD91VMDefrag - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk2008\PD91VMDefrag.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 11415 bytes

Welcome,




Please download VundoFix.exe to your desktop.

• Double-click VundoFix.exe to run it.
• Click the Scan for Vundo button.
• Once it's done scanning, click the Remove Vundo button.
• You will receive a prompt asking if you want to remove the files, click YES
• Once you click yes, your desktop will go blank as it starts removing Vundo.
• When completed, it will prompt that it will reboot your computer, click OK.
• Please post the contents of C:\vundofix.txt and a new HiJackThis log.

Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.


Go here to learn how to show hidden files/folders:

http://www.xtra.co.nz/help/0,,4155-1916458,00.html#5

Re-hide after we are done



Go to next site:
http://www.virustotal.com/en/indexf.html
On top you'll find 'Browse'
Click the browse button and browse to next file:


C:\WINDOWS\system32\ljservqq.dll


Click open.
Then click the 'Send' button next to it.
This will scan the file. Please be patient.
Once scanned, copy and paste the results as well in your next reply.


If that one is to busy here is another option:


http://virusscan.jotti.org

And

http://www.kaspersky.com/scanforvirus.html




Update Java: Security Issue

* Go to Start > Control Panel double-click on the Software icon > add/remove programs.
* Search in the list for all previous installed versions of Java. (J2SE Runtime Environment.... )

It should have next icon next to it:
Select it and click Remove.
* The current version can be downloaded from Sun here: http://java.sun.com/javase/downloads/index.jsp Scroll down the page to 'Java Runtime Environment (JRE) 6u5 and press the 'Download' button. On the new web page, click the 'Accept License Agreement' button. Then select 'Windows Offline Installation, Multi-language' in the Windows Platform area just below the Accept button.


New hijackthis log also please.

[C:\WINDOWS\system32\ljservqq.dll scan]


AhnLab-V3 2008.3.20.2 2008.03.20 -
AntiVir 7.6.0.75 2008.03.20 TR/Vundo.Gen
Authentium 4.93.8 2008.03.20 -
Avast 4.7.1098.0 2008.03.20 -
AVG 7.5.0.516 2008.03.21 Lop
BitDefender 7.2 2008.03.21 -
CAT-QuickHeal 9.50 2008.03.20 -
ClamAV None 2008.03.21 -
DrWeb 4.44.0.09170 2008.03.20 Trojan.Virtumod.269
eSafe 7.0.15.0 2008.03.18 -
eTrust-Vet 31.3.5629 2008.03.20 -
Ewido 4.0 2008.03.20 -
FileAdvisor 1 2008.03.21 -
Fortinet 3.14.0.0 2008.03.20 -
F-Prot 4.4.2.54 2008.03.20 W32/Virtumonde.G.gen!Eldorado
F-Secure 6.70.13260.0 2008.03.20 -
Ikarus T3.1.1.20 2008.03.20 -
Kaspersky 7.0.0.125 2008.03.21 -
McAfee 5256 2008.03.20 -
Microsoft 1.3301 2008.03.21 Trojan:Win32/Vundo.gen!D
NOD32v2 2965 2008.03.20 -
Norman 5.80.02 2008.03.20 W32/Virtumonde.PNE
Panda 9.0.0.4 2008.03.20 -
Prevx1 V2 2008.03.21 Trojan.Vundo
Rising 20.36.32.00 2008.03.20 AdWare.Win32.Virtumonde.ggl
Sophos 4.27.0 2008.03.21 Troj/Virtum-Gen
Sunbelt 3.0.978.0 2008.03.18 -
Symantec 10 2008.03.21 Trojan.Vundo
TheHacker 6.2.92.250 2008.03.19 -
VBA32 3.12.6.3 2008.03.17 -
VirusBuster 4.3.26:9 2008.03.20 Adware.Vundo.Gen!Pac.18
Webwasher-Gateway 6.6.2 2008.03.20 Trojan.Vundo.Gen

[VundoFix Log]


VundoFix V7.0.3

Scan started at 7:52:57 AM 3/21/2008

Listing files found while scanning....

C:\Program Files\PowerISO\PWRISOSH.DLL

Beginning removal...

Attempting to delete C:\Program Files\PowerISO\PWRISOSH.DLL
C:\Program Files\PowerISO\PWRISOSH.DLL Has been deleted!

Performing Repairs to the registry.
Done!

New hijackthis log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:52:34 AM, on 3/21/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\IDA\ida.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Registry Clean Expert\RCHelper.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
C:\Program Files\HP\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\HP\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Xfire\xfire.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HP\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\HP\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...RIO&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TY...RIO&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: IE 4.x-6.x BHO for Internet Download Accelerator - {2A646672-9C3A-4C28-9A7A-1FB0F63F28B6} - C:\PROGRA~1\IDA\idaiehlp.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\Scriptcl.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: {aa7d5ac8-8da3-93c8-b7f4-1ccca1c39a0e} - {e0a93c1a-ccc1-4f7b-8c39-3ad88ca5d7aa} - C:\WINDOWS\system32\ljservqq.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: (no name) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - (no file)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [BMef6f9a75] Rundll32.exe "C:\WINDOWS\system32\hadtcale.dll",s
O4 - HKCU\..\Run: [Internet Download Accelerator] C:\Program Files\IDA\ida.exe -autorun
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [RegClean Expert Scheduler] "C:\Program Files\Registry Clean Expert\RCHelper.exe" /startup
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1203417649562
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1203428722265
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: jkkllmj - jkkllmj.dll (file missing)
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PD91Agent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe
O23 - Service: PD91Engine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk2008\PD91Engine.exe
O23 - Service: PD91VMDefrag - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk2008\PD91VMDefrag.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 11430 bytes

hope this helps on my computer!!

If you have previously downloaded ComboFix,please delete that version now.

Now download ComboFix and save to your desktop:

Note:

It is IMPORTANT that it is saved directly to your desktop

Close any open browsers.

Disconnect from the Internet.

Please do not re-connect your machine back to the Internet until Combofix has completely finished.

Disable your antivirus program and any realtime malware scanners now


How To Disable



Double click on combofix.exe and follow the prompts.

When it's finished it will produce a log.
Post the entire contents of C:\ComboFix.txt into your next reply.

Note:
Do not mouseclick combofix's window while it's running.

That may cause the program to freeze/hang.

Do NOT post the ComboFix-quarantined-files.txt unless I ask.

Re-enable your anti-virus and re-connect back to the internet and post the combofix log.



*Note*
In case your Antivirus or any other realtime scanner is displaying an alert after you downloaded Combofix or while you use Combofix,please disable your scanner and redownload Combofix again.
Some scanners may see some combofix related components as suspicious and block or delete them while there's nothing wrong with them.

ComboFix SHOULD NOT be used unless requested by a forum helper.


New hijackthis log also please, we are getting there.

Thanks!!hope we get there soon but it seems like combofix is clean!!

ComboFix 08-03-21.2 - Compaq_Owner 2008-03-22 10:10:43.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.477 [GMT 8:00]
Running from: C:\Documents and Settings\Compaq_Owner\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2008-02-22 to 2008-03-22 )))))))))))))))))))))))))))))))
.

2008-03-22 08:23 . 2008-03-22 08:23 <DIR> d-------- C:\Documents and Settings\sErAnGooon\Application Data\SiteAdvisor
2008-03-21 22:20 . 2008-03-21 22:20 <DIR> d-------- C:\Program Files\SiteAdvisor
2008-03-21 22:20 . 2008-03-21 22:20 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\SiteAdvisor
2008-03-21 22:20 . 2008-03-21 22:20 <DIR> d-------- C:\Documents and Settings\Compaq_Owner\Application Data\SiteAdvisor
2008-03-21 22:20 . 2008-03-22 08:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-03-21 09:24 . 2008-03-21 09:24 1,238 --a------ C:\WINDOWS\system32\msexcr.ini
2008-03-21 09:03 . 2008-03-21 20:15 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-03-21 09:03 . 2008-03-21 09:03 1,409 --a------ C:\WINDOWS\QTFont.for
2008-03-21 07:52 . 2008-03-21 08:13 <DIR> d-------- C:\VundoFix Backups
2008-03-19 20:45 . 2008-03-19 20:45 <DIR> d-------- C:\Program Files\Trend Micro
2008-03-19 15:54 . 2008-03-19 15:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\espionServerData
2008-03-19 15:36 . 2008-03-19 15:36 <DIR> d-------- C:\Documents and Settings\sErAnGooon\Application Data\Apple Computer
2008-03-19 15:21 . 2008-03-19 16:02 <DIR> d-------- C:\Documents and Settings\sErAnGooon\Application Data\U3
2008-03-18 22:05 . 2006-06-17 12:46 <DIR> d-------- C:\Documents and Settings\sErAnGooon\WINDOWS
2008-03-18 20:13 . 2008-03-18 20:13 <DIR> d-------- C:\Documents and Settings\Compaq_Owner\Application Data\Malwarebytes
2008-03-18 20:12 . 2008-03-18 20:12 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-03-18 20:12 . 2008-03-18 20:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-03-17 10:58 . 2008-03-19 09:47 <DIR> d-------- C:\Program Files\Fever Frenzy
2008-03-16 13:36 . 2008-03-17 18:29 1,371,939 ---hs---- C:\WINDOWS\system32\ebkxxptj.ini
2008-03-15 23:21 . 2008-03-16 13:30 1,366,863 ---hs---- C:\WINDOWS\system32\phtooysu.ini
2008-03-15 20:58 . 2008-03-21 18:03 <DIR> d-------- C:\Program Files\CABAL Online
2008-03-15 18:25 . 2008-03-15 18:25 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_C oinstaller_Critical.Wdf
2008-03-15 18:25 . 2008-03-15 18:25 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_ggsemc_010 05.Wdf
2008-03-15 15:14 . 2004-08-04 12:00 1,689,088 --a------ C:\WINDOWS\system32\b6fc1a0.dll
2008-03-15 15:14 . 2004-08-04 12:00 1,689,088 --a------ C:\WINDOWS\system32\72518d4.dll
2008-03-15 15:11 . 2004-08-04 12:00 1,689,088 --a------ C:\WINDOWS\system32\624de60.dll
2008-03-15 15:11 . 2004-08-04 12:00 1,689,088 --a------ C:\WINDOWS\system32\146c7c50.dll
2008-03-15 15:08 . 2008-03-15 15:08 63 --a------ C:\WINDOWS\system32\ec5cbb67
2008-03-15 15:07 . 2004-08-04 12:00 1,689,088 --a------ C:\WINDOWS\system32\6dd83e.dll
2008-03-15 15:07 . 2004-08-04 12:00 1,689,088 --a------ C:\WINDOWS\system32\61d49d6.dll
2008-03-15 15:07 . 2008-03-15 15:07 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
2008-03-15 15:04 . 2004-08-04 12:00 1,689,088 --a------ C:\WINDOWS\system32\776b5.dll
2008-03-15 15:04 . 2004-08-04 12:00 1,689,088 --a------ C:\WINDOWS\system32\184a6f7.dll
2008-03-15 13:37 . 2006-03-03 10:02 1,680,896 --a------ C:\WINDOWS\system32\vcl100.bpl
2008-03-15 13:37 . 2006-03-03 10:02 843,264 --a------ C:\WINDOWS\system32\rtl100.bpl
2008-03-15 13:37 . 2006-03-03 10:02 658,432 --a------ C:\WINDOWS\system32\cc3270mt.dll
2008-03-15 13:37 . 2006-03-03 10:02 287,744 --a------ C:\WINDOWS\system32\dbrtl100.bpl
2008-03-15 13:37 . 2006-03-03 10:02 273,920 --a------ C:\WINDOWS\system32\vcldb100.bpl
2008-03-15 11:36 . 2008-03-22 09:47 12 --a------ C:\WINDOWS\bthservsdp.dat
2008-03-14 23:03 . 2008-03-14 23:03 1,419,232 --a------ C:\WINDOWS\system32\wdfcoinstaller01005.dll
2008-03-14 23:03 . 2008-03-14 23:03 20,520 --a------ C:\WINDOWS\system32\drivers\ggsemc.sys
2008-03-14 23:03 . 2008-03-14 23:03 13,352 --a------ C:\WINDOWS\system32\drivers\ggflt.sys
2008-03-14 21:12 . 2008-03-14 21:12 <DIR> d-------- C:\Documents and Settings\Compaq_Owner\Application Data\Sony
2008-03-14 21:12 . 2008-03-14 21:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sony
2008-03-14 21:09 . 2008-03-14 21:09 <DIR> d-------- C:\Program Files\Sony
2008-03-14 21:07 . 2008-03-14 21:07 <DIR> d-------- C:\Program Files\Sony Setup
2008-03-14 19:47 . 2008-03-14 19:47 33,824 --a------ C:\WINDOWS\system32\drivers\oreans32.sys
2008-03-14 19:09 . 2008-03-14 19:09 <DIR> d-------- C:\Documents and Settings\Compaq_Owner\Application Data\Apple Computer
2008-03-14 18:09 . 2008-03-14 18:09 <DIR> d-------- C:\Program Files\Avanquest update
2008-03-14 18:09 . 2008-03-14 18:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\BVRP Software
2008-03-14 18:08 . 2008-03-14 22:57 <DIR> d-------- C:\Program Files\Sony Ericsson
2008-03-14 18:08 . 2008-03-14 18:08 <DIR> d-------- C:\Documents and Settings\Compaq_Owner\Application Data\InstallShield
2008-03-14 18:08 . 2008-03-14 23:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sony Ericsson
2008-03-14 17:51 . 2004-08-03 23:10 25,600 --a------ C:\WINDOWS\system32\drivers\hidbth.sys
2008-03-14 17:51 . 2004-08-03 23:10 25,600 --a------ C:\WINDOWS\system32\dllcache\hidbth.sys
2008-03-14 17:51 . 2004-08-03 22:58 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2008-03-14 17:51 . 2004-08-03 22:58 14,848 --a------ C:\WINDOWS\system32\dllcache\kbdhid.sys
2008-03-14 17:50 . 2004-08-03 23:10 38,016 --a------ C:\WINDOWS\system32\drivers\bthmodem.sys
2008-03-14 17:50 . 2004-08-03 23:10 38,016 --a------ C:\WINDOWS\system32\dllcache\bthmodem.sys
2008-03-14 17:49 . 2004-08-03 22:58 100,992 --a------ C:\WINDOWS\system32\drivers\bthpan.sys
2008-03-14 17:49 . 2004-08-03 22:58 100,992 --a------ C:\WINDOWS\system32\dllcache\bthpan.sys
2008-03-14 17:05 . 2008-03-14 17:05 <DIR> d-------- C:\Program Files\Betty's Beer Bar
2008-03-14 17:05 . 2008-03-14 17:32 294 --a------ C:\WINDOWS\bbbconfig.dat
2008-03-14 16:20 . 2008-03-15 12:31 <DIR> d-------- C:\Program Files\Roller Rush
2008-03-14 13:54 . 2008-03-14 13:59 <DIR> d-------- C:\Documents and Settings\sErAnGoOn.YOUR-8ABC512DA0\Application Data\SBTT
2008-03-14 13:40 . 2008-03-14 13:40 <DIR> d-------- C:\Program Files\SpongeBob SquarePants Obstacle Odyssey 2
2008-03-14 13:05 . 2008-03-14 13:05 <DIR> d-------- C:\Documents and Settings\sErAnGoOn.YOUR-8ABC512DA0\Application Data\Apple Computer
2008-03-14 13:03 . 2008-03-14 13:04 <DIR> d-------- C:\Program Files\QuickTime
2008-03-14 13:03 . 2008-03-14 13:03 <DIR> d-------- C:\Program Files\Apple Software Update
2008-03-14 13:03 . 2008-03-14 13:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-03-14 13:03 . 2008-03-14 13:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-03-13 20:50 . 2008-03-13 20:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\EscapeTheMuseum
2008-03-13 20:37 . 2008-03-18 10:12 <DIR> d-------- C:\Program Files\Beauty Factory
2008-03-13 20:24 . 2008-03-18 10:45 <DIR> d-------- C:\Program Files\Escape the Museum
2008-03-13 12:04 . 2008-03-13 13:04 <DIR> d-------- C:\Program Files\Fashion Fits
2008-03-13 12:04 . 2008-03-13 12:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Fugazo
2008-03-12 22:49 . 2008-03-12 22:49 <DIR> d-------- C:\Documents and Settings\sErAnGoOn.YOUR-8ABC512DA0\Application Data\Big Fish Games
2008-03-12 22:19 . 2008-03-12 22:19 <DIR> d-------- C:\Program Files\Chocolatier 2 - Secret Ingredients
2008-03-12 22:12 . 2008-03-12 22:12 <DIR> d-------- C:\Program Files\Vogue Tales
2008-03-12 22:03 . 2008-03-13 21:18 <DIR> d-------- C:\Program Files\SpongeBob Atlantis SquareOff
2008-03-12 15:28 . 2008-03-12 15:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\QB9 S.R.L
2008-03-12 08:40 . 2008-03-12 08:40 <DIR> d-------- C:\Program Files\MSXML 6.0
2008-03-11 19:57 . 2008-03-08 22:20 <DIR> d-------- C:\Program Files\Host Replacer
2008-03-10 21:15 . 2008-03-10 21:14 129,784 --------- C:\WINDOWS\system32\pxafs.dll
2008-03-10 21:15 . 2008-03-10 21:14 118,520 --------- C:\WINDOWS\system32\pxinsi64.exe
2008-03-10 21:15 . 2008-03-10 21:14 116,472 --------- C:\WINDOWS\system32\pxcpyi64.exe
2008-03-10 21:04 . 2008-03-21 08:14 <DIR> d-------- C:\Program Files\PowerISO
2008-03-10 19:49 . 2008-03-10 19:49 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2008-03-10 19:49 . 2008-03-10 19:49 <DIR> d-------- C:\Program Files\Reference Assemblies
2008-03-10 19:48 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2008-03-10 19:47 . 2008-03-10 19:47 <DIR> d-------- C:\ee63c0b1515317a627947a9b00b28e
2008-03-10 12:38 . 2008-03-10 12:38 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\Xfire
2008-03-10 12:04 . 2008-03-10 12:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2008-03-10 12:04 . 2006-12-19 15:06 1,495,552 --a------ C:\WINDOWS\system32\epoPGPsdk.dll
2008-03-10 12:04 . 2008-01-24 20:50 171,400 --a------ C:\WINDOWS\system32\drivers\mfehidk.sys
2008-03-10 12:04 . 2008-01-24 20:50 72,936 --a------ C:\WINDOWS\system32\drivers\mfeavfk.sys
2008-03-10 12:04 . 2008-01-24 20:50 64,232 --a------ C:\WINDOWS\system32\drivers\mfeapfk.sys
2008-03-10 12:04 . 2008-01-24 20:50 52,104 --a------ C:\WINDOWS\system32\drivers\mfetdik.sys
2008-03-10 12:04 . 2008-01-24 20:50 33,960 --a------ C:\WINDOWS\system32\drivers\mfebopk.sys
2008-03-10 12:04 . 2006-12-19 15:06 280 --a------ C:\WINDOWS\system32\epoPGPsdk.dll.sig

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-03-22 02:10 --------- d-----w C:\Documents and Settings\Compaq_Owner\Application Data\uTorrent
2008-03-22 01:15 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-21 08:03 --------- d-----w C:\Program Files\Oberon Media
2008-03-21 02:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-03-19 12:41 --------- d-----w C:\Documents and Settings\Compaq_Owner\Application Data\Xfire
2008-03-19 03:50 --------- d-----w C:\Program Files\Common Files\Oberon Media
2008-03-15 12:40 --------- d-----w C:\Program Files\Opera
2008-03-14 10:09 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-13 11:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\PlayFirst
2008-03-10 13:14 43,528 ------w C:\WINDOWS\system32\drivers\pxhelp20.sys
2008-03-10 11:54 --------- d-----w C:\Program Files\MSBuild
2008-03-10 04:15 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-03-10 02:53 --------- d-s---w C:\Program Files\Xfire
2008-03-09 11:54 --------- d-----w C:\Program Files\Shockwave.com
2008-03-09 11:39 0 ----a-w C:\Program Files\temp01
2008-02-28 07:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-02-21 13:55 --------- d-----w C:\Documents and Settings\sErAnGoOn.YOUR-8ABC512DA0\Application Data\AdobeUM
2008-02-21 11:55 --------- d-----w C:\Program Files\Common Files\INCA Shared
2008-02-21 01:57 54,608 ----a-w C:\WINDOWS\system32\xfcodec.dll
2008-02-20 11:22 --------- d-----w C:\Program Files\e-Games
2008-02-20 10:20 --------- d-----w C:\Documents and Settings\Compaq_Owner\Application Data\Internet Download Accelerator
2008-02-20 03:04 --------- d-----w C:\Program Files\PacNet Sign Up
2008-02-20 01:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sandlot Games
2008-02-20 01:22 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-02-19 11:25 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-02-19 11:10 --------- d-----w C:\Program Files\Windows Live Favorites
2008-02-19 10:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-02-19 10:31 --------- d-----w C:\Program Files\Symantec
2008-02-19 10:31 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-02-19 10:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-02-19 10:24 --------- d-----w C:\Documents and Settings\sErAnGoOn.YOUR-8ABC512DA0\Application Data\TuneUp Software
2008-02-19 10:23 --------- d-----w C:\Program Files\PC-Doctor 5 for Windows
2008-02-19 10:23 --------- d-----w C:\Documents and Settings\sErAnGoOn.YOUR-8ABC512DA0\Application Data\Hewlett-Packard
2008-02-19 09:49 1,886 --sha-r C:\WINDOWS\system32\drivers\103C_HP_CPC_RF263AA-AB4 SR1905AP AP630_YC_0Pres_QCNX628_E63APheREA1_48_IAsterope2_S Hewleet-Packard_V1.0_B3.16_T060622_WXH2_L409_M1024_J200_7I ntel_8Pentium D_93_#060811_N10EC8139_Z11C10620_G10DE0392.MRK
2008-02-19 09:26 --------- d-----w C:\Program Files\Google
2008-02-19 09:21 --------- d-----w C:\Program Files\Qmax Webcam
2008-02-18 13:56 --------- d-----w C:\Program Files\Sol Edit
2008-02-18 04:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\Go Go Gourmet
2008-02-18 03:56 --------- d-----w C:\Documents and Settings\Serangoon\Application Data\MegauploadToolbar
2008-02-17 11:10 --------- d-----w C:\Program Files\DAP
2008-02-17 10:24 --------- d-----w C:\Program Files\IDA
2008-02-17 10:18 --------- d-----w C:\Program Files\FlashGet
2008-02-16 16:24 43,693 ----a-w C:\WINDOWS\data5a.dll
2008-02-16 16:24 34,134 ----a-w C:\WINDOWS\data4a.dll
2008-02-16 16:24 20,480 ----a-w C:\WINDOWS\data3a.dll
2008-02-16 16:24 1,642,496 ----a-w C:\WINDOWS\data2a.dll
2008-02-16 15:28 --------- d-----w C:\Documents and Settings\Compaq_Owner\Application Data\clockfork
2008-02-16 15:27 --------- d-----w C:\Program Files\clockfork
2008-02-16 15:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Admin Inter 1 Mags
2008-02-16 10:53 --------- d-----w C:\Program Files\10 Talismans
2008-02-16 10:50 --------- d-----w C:\Program Files\Mysteryville 2
2008-02-16 04:39 --------- d-----w C:\Documents and Settings\Serangoon\Application Data\Oberon Games
2008-02-16 04:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Oberon Games
2008-02-16 03:57 --------- d-----w C:\Documents and Settings\Serangoon\Application Data\uTorrent
2008-02-14 09:18 --------- d-----w C:\Documents and Settings\Serangoon\Application Data\funkitron
2008-02-14 02:40 --------- d-----w C:\Documents and Settings\Serangoon\Application Data\Magic Match
2008-02-11 12:21 --------- d-----w C:\Program Files\MegauploadToolbar
2008-02-11 12:21 --------- d-----w C:\Documents and Settings\Compaq_Owner\Application Data\MEGAUPLOADTOOLBAR
2008-02-10 13:07 --------- d-----w C:\Program Files\AuditionSEA
2008-02-08 10:39 --------- d-----w C:\Documents and Settings\Compaq_Owner\Application Data\Mysteryville2
2008-02-08 08:26 --------- d-----w C:\Documents and Settings\Serangoon\Application Data\Mysteryville2
2008-02-08 07:32 --------- d-----w C:\Documents and Settings\Serangoon\Application Data\Jane s Hotel
2008-02-08 05:12 --------- d-----w C:\Documents and Settings\Serangoon\Application Data\PlayFirst
2008-02-08 00:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Trymedia
2008-02-08 00:54 --------- d-----w C:\Program Files\Yahoo! Games
2008-02-07 05:04 --------- d-----w C:\Documents and Settings\Serangoon\Application Data\Yahoo!
2008-02-07 04:26 --------- d-----w C:\Program Files\Yahoo!
2008-02-07 04:26 --------- d-----w C:\Documents and Settings\Compaq_Owner\Application Data\Yahoo!
2008-02-07 04:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-02-07 04:17 --------- d-----w C:\Program Files\PopCap Games
2008-02-07 03:05 --------- d-----w C:\Program Files\Mortimer Beckett And The Secrets Of Spooky Manor
2008-02-07 03:02 --------- d-----w C:\Program Files\Da Vincis Secret
2008-02-03 04:57 --------- d-----w C:\Documents and Settings\Serangoon\Application Data\Big Fish Games
2008-02-03 02:37 --------- d-----w C:\Program Files\ReflexiveArcade
2008-02-03 00:30 --------- d-----w C:\Documents and Settings\Serangoon\Application Data\7Wonders
2008-02-02 14:00 --------- d-----w C:\Documents and Settings\Serangoon\Application Data\HPQ
2008-02-02 13:54 --------- d-----w C:\Program Files\Bonjour
2008-02-02 13:41 --------- d-----w C:\Program Files\Common Files\Macrovision Shared
2008-02-02 13:27 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-02-02 11:38 --------- d-----w C:\Program Files\TuneUp Utilities 2008
2008-02-02 07:17 --------- d-----w C:\Program Files\The_Pirate_Bay
2008-02-02 07:17 --------- d-----w C:\Program Files\Conduit
2008-02-01 12:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-01 11:55 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-02-01 07:21 --------- d-----w C:\Documents and Settings\Serangoon\Application Data\Wildfire
2008-01-31 12:17 --------- d-----w C:\Documents and Settings\Compaq_Owner\Application Data\PC Suite
2008-01-31 04:29 --------- d-----w C:\Documents and Settings\Serangoon\Application Data\Nokia Multimedia Player
2008-01-31 04:24 --------- d-----w C:\Documents and Settings\Serangoon\Application Data\Nokia
2008-01-31 04:16 --------- d-----w C:\Documents and Settings\Serangoon\Application Data\DataLayer
2008-01-31 04:14 --------- d-----w C:\Program Files\Nokia
2008-01-31 04:14 --------- d-----w C:\Documents and Settings\Serangoon\Application Data\PC Suite
2008-01-31 04:13 --------- d-----w C:\Program Files\Common Files\PCSuite
2008-01-31 04:13 --------- d-----w C:\Program Files\Common Files\Nokia
2008-01-31 04:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Downloaded Installations
2008-01-30 09:42 --------- d-----w C:\Program Files\Smart Projects
2008-01-30 08:29 --------- d--h--w C:\Documents and Settings\Serangoon\Application Data\ijjigame
2008-01-30 08:16 --------- d-----w C:\Documents and Settings\Serangoon\Application Data\HP
2008-01-30 07:57 --------- d-----w C:\Documents and Settings\Serangoon\Application Data\Hewlett-Packard
2008-01-29 12:03 --------- d-----w C:\Documents and Settings\Serangoon\Application Data\BitDefender
2008-01-28 14:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Friends Games
.

Code:

<pre>
----a-w         7,019,335 2008-01-26 10:40:23  C:\Documents and Settings\Administrator\My Documents\My Completed Downloads\Download Accelerator Plus 8.6.1.4 Final\DAP Premium .exe
----a-w         7,019,335 2008-01-25 14:36:41  C:\Documents and Settings\sErAnGoOn.YOUR-8ABC512DA0\My Documents\Downloads\Download Accelerator Plus 8.6.1.4 Final\DAP Premium .exe
</pre>

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"Internet Download Accelerator"="C:\Program Files\IDA\ida.exe" [2008-02-05 17:49 2200576]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 12:00 15360]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]
"uTorrent"="C:\Program Files\uTorrent\uTorrent.exe" [2008-01-30 20:15 219952]
"RegClean Expert Scheduler"="C:\Program Files\Registry Clean Expert\RCHelper.exe" [2008-01-31 02:09 604920]
"AdobeUpdater"="C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-02-28 23:06 2321600]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2007-11-20 15:29 356352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.e xe" [2004-08-04 12:00 208952]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScI nst.exe" [2004-08-04 12:00 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT \TINTSETP.exe" [2004-08-04 12:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TIN TSETP.exe" [2004-08-04 12:00 455168]
"RTHDCPL"="RTHDCPL.EXE" [2006-03-08 19:54 16010240 C:\WINDOWS\RTHDCPL.EXE]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-02-14 12:05 7557120]
"nwiz"="nwiz.exe" [2006-02-14 12:05 1519616 C:\WINDOWS\system32\nwiz.exe]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2005-07-22 20:14 237568]
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 20:34 249856]
"Reminder"="C:\Windows\Creator\Remind_XP.exe" [2004-12-14 00:23 663552]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPwuSchd2.exe" [2005-02-17 04:11 49152]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-06-17 12:27 180269]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"ShStatEXE"="C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.exe" [2008-01-24 20:50 111952]
"McAfeeUpdaterUI"="C:\Program Files\McAfee\Common Framework\UdaterUI.exe" [2006-12-19 11:27 136768]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2008-01-20 15:05 217088]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe" [2007-09-11 00:43 67488]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-31 23:13 385024]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 12:00 110592 C:\WINDOWS\system32\bthprops.cpl]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6253\SiteAdv.exe" [2007-12-05 05:03 36640]

C:\Documents and Settings\sErAnGoOn.YOUR-8ABC512DA0\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2007-08-24 04:45:42 101784]

C:\Documents and Settings\Compaq_Owner\Start Menu\Programs\Startup\
Xfire.lnk - C:\Program Files\Xfire\xfire.exe [2008-02-21 09:57:28 2945872]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Compaq Connections.lnk - C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe [2006-06-17 12:49:25 36903]
hp psc 1000 series.lnk - C:\Program Files\HP\Digital Imaging\bin\hpohmr08.exe [2003-04-09 1838 147456]
hpoddt01.exe.lnk - C:\Program Files\HP\Digital Imaging\bin\hpotdd01.exe [2003-04-09 18:11:12 28672]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkkllmj]
jkkllmj.dll

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Compaq Connections\\5577497\\Program\\Compaq Connections.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=
"C:\\Program Files\\Xfire\\xfire.exe"=
"C:\\Program Files\\Abyss Web Server\\abyssws.exe"=
"C:\\ijji\\ENGLISH\\u_sf\\soldierfront.exe"=
"C:\\Documents and Settings\\Compaq_Owner\\Desktop\\Login Server.exe"=
"C:\\Program Files\\Sony Ericsson\\Sony Ericsson Media Manager\\MediaManager.exe"=
"C:\\Program Files\\Sony Ericsson\\Update Service\\Update Service.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Documents and Settings\\Compaq_Owner\\Desktop\\test\\GameServer. exe"=
"C:\\Documents and Settings\\Compaq_Owner\\Desktop\\test\\LoginServer .exe"=

R1 oreans32;oreans32;C:\WINDOWS\system32\drivers\orea ns32.sys [2008-03-14 19:47]
R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [2007-09-11 00:45]
R2 PD91Agent;PD91Agent;"C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe" [2008-02-28 10:44]
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2004-08-04 12:00]
R3 DCamUSBTP10;Qmax Webcam;C:\WINDOWS\system32\Drivers\TD0608.sys [2006-11-21 15:35]
S3 ggflt;SEMC USB Flash Driver Filter;C:\WINDOWS\system32\DRIVERS\ggflt.sys [2008-03-14 23:03]
S3 IlvMoneyDRIVER53;IlvMoneyDRIVER53;C:\Documents and Settings\Compaq_Owner\Desktop\Bypass\IlvMoney1148. sys [2008-03-19 20:26]
S3 PD91Engine;PD91Engine;"C:\Program Files\Raxco\PerfectDisk2008\PD91Engine.exe" [2008-02-29 14:08]
S3 PD91VMDefrag;PD91VMDefrag;"C:\Program Files\Raxco\PerfectDisk2008\PD91VMDefrag.exe" [2008-02-29 10:44]
S3 projectx1;projectx1;C:\DOCUME~1\COMPAQ~1\LOCALS~1\ Temp\Rar$EX01.390\ProjectX_4.0 Engine\FelipeZe.sys []
S3 XDva037;XDva037;C:\WINDOWS\system32\XDva037.sys []
S3 XDva104;XDva104;C:\WINDOWS\system32\XDva104.sys []

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

.
Contents of the 'Scheduled Tasks' folder
"2008-03-19 0302 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-03-22 01:38:01 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-03-20 10:23:00 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1203416236.job"
- C:\Program Files\HP\Digital Imaging\Bin\hpqfrucl.exe4-I
.
************************************************** ************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-22 10:15:45
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> C:\Program Files\SiteAdvisor\6253\saHook.dll
-> C:\WINDOWS\system32\nview.dll
.
Completion time: 2008-03-22 10:16:35
ComboFix-quarantined-files.txt 2008-03-22 02:16:31
ComboFix2.txt 2008-03-21 11:31:53
.
2008-03-12 09:11:30 --- E O F ---

And this is the new hijackthis log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:26:22 AM, on 3/22/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe
C:\Program Files\SiteAdvisor\6253\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\IDA\ida.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Registry Clean Expert\RCHelper.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
C:\Program Files\HP\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\HP\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Xfire\xfire.exe
C:\Program Files\HP\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\HP\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\HP\KBD\KBD.EXE
c:\windows\system\hpsysdrv.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TY...RIO&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: IE 4.x-6.x BHO for Internet Download Accelerator - {2A646672-9C3A-4C28-9A7A-1FB0F63F28B6} - C:\PROGRA~1\IDA\idaiehlp.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\Scriptcl.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: (no name) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - (no file)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
O4 - HKCU\..\Run: [Internet Download Accelerator] C:\Program Files\IDA\ida.exe -autorun
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [RegClean Expert Scheduler] "C:\Program Files\Registry Clean Expert\RCHelper.exe" /startup
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1203417649562
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1203428722265
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: jkkllmj - jkkllmj.dll (file missing)
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PD91Agent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe
O23 - Service: PD91Engine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk2008\PD91Engine.exe
O23 - Service: PD91VMDefrag - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk2008\PD91VMDefrag.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe

--
End of file - 11412 bytes

Go here to learn how to show hidden files/folders:

http://www.xtra.co.nz/help/0,,4155-1916458,00.html#5

Re-hide after we are done



Go to next site:
http://www.virustotal.com/en/indexf.html
On top you'll find 'Browse'
Click the browse button and browse to next file:


C:\WINDOWS\system32\b6fc1a0.dll


Click open.
Then click the 'Send' button next to it.
This will scan the file. Please be patient.
Once scanned, copy and paste the results as well in your next reply.


If that one is to busy here is another option:


http://virusscan.jotti.org

And

http://www.kaspersky.com/scanforvirus.html


Do the same for these please:

C:\WINDOWS\system32\776b5.dll
C:\WINDOWS\system32\61d49d6.dll
C:\WINDOWS\system32\776b5.dll
C:\WINDOWS\system32\ebkxxptj.ini
C:\WINDOWS\system32\phtooysu.ini


Please Download NoLop to your desktop from the links below...

NOLOP

If you are useing firefox you may have to right click NOLOP and select "open link in new window"


First close any other programs you have running as this will require a reboot.

Double click NoLop.exe to run it.



Now click the button labelled "Search and Destroy"
<<your computer will now be scanned for infected files>>

When scanning is finished you will be prompted to reboot only if infected, Click OK.

Now click the "REBOOT" Button.

A Message should popup from NoLop. If not, double click the program again and it will finish Please Post the contents of C:\NoLop.log along with a fresh HijackThis log.

--If you receive an error, "mscomctl.ocx or one of its dependencies are not correctly registered," please download mscomctl.ocx to your system32 folder then rerun the program. --


Download FindAWF

Save the file to the Desktop
Double-click the FindAWF icon.

If a Security Alert shows, allow the program to run.
As instructed, press any key to continue.
Use the following option: Press 1 then Enter to scan for bak folders
The scan may take a while, please be patient.

When done, a text file, Find AWF report is produced that we need to look at.
Please post it in your reply.

New hijackthis log please.

Jotti's malware scan 2.99-TRANSITION_TO_3.00-R1


File: b6fc1a0.dll
Status: OK
MD5: d67bdbbda86cc9aeebbaf3217c1717d8
Packers detected: -
Bit9 reports: No threat detected (more info)

Scanner results
Scan taken on 23 Mar 2008 0455 (GMT)
A-Squared Found nothing
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
Fortinet Found nothing
Ikarus Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Rising Antivirus Found nothing
Sophos Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found nothing


File: 776b5.dll
Status: OK
MD5: d67bdbbda86cc9aeebbaf3217c1717d8
Packers detected: -
Bit9 reports: No threat detected (more info)

Scanner results
Scan taken on 23 Mar 2008 04:24:32 (GMT)
A-Squared Found nothing
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
Fortinet Found nothing
Ikarus Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Rising Antivirus Found nothing
Sophos Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found nothing


File: 61d49d6.dll
Status: OK
MD5: d67bdbbda86cc9aeebbaf3217c1717d8
Packers detected: -
Bit9 reports: No threat detected (more info)

Scanner results
Scan taken on 23 Mar 2008 04:26:38 (GMT)
A-Squared Found nothing
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
Fortinet Found nothing
Ikarus Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Rising Antivirus Found nothing
Sophos Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found nothing


File: ebkxxptj.ini
Status: OK
MD5: e9fd9c7be6f347bde3268f291c98fa4a
Packers detected: -
Bit9 reports: File not found

Scanner results
Scan taken on 23 Mar 2008 04:29:37 (GMT)
A-Squared Found nothing
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
Fortinet Found nothing
Ikarus Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Rising Antivirus Found nothing
Sophos Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found nothing


File: phtooysu.ini
Status: OK
MD5: f22d1cf25c5862ba7ccefc62eaaa48f6
Packers detected: -
Bit9 reports: File not found

Scanner results
Scan taken on 23 Mar 2008 04:30:39 (GMT)
A-Squared Found nothing
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
Fortinet Found nothing
Ikarus Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Rising Antivirus Found nothing
Sophos Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found nothing


NoLop! Log by Skate_Punk_21

Fix running from: C:\Documents and Settings\Compaq_Owner
[3/23/2008]
[12:34:18 PM]

---Infection Files Found/Removed---
NO INFECTION FILES FOUND - Cleaning Aborted.

---Listing AppData sub directories---

C:\Documents and Settings\All Users\Application Data\Admin Inter 1 Mags
C:\Documents and Settings\All Users\Application Data\Adobe
C:\Documents and Settings\All Users\Application Data\Aliasworlds
C:\Documents and Settings\All Users\Application Data\Apple
C:\Documents and Settings\All Users\Application Data\Apple Computer
C:\Documents and Settings\All Users\Application Data\Bigfishgamescache
C:\Documents and Settings\All Users\Application Data\Bvrp Software
C:\Documents and Settings\All Users\Application Data\Cyberlink
C:\Documents and Settings\All Users\Application Data\Downloaded Installations
C:\Documents and Settings\All Users\Application Data\Escapethemuseum
C:\Documents and Settings\All Users\Application Data\Espionserverdata
C:\Documents and Settings\All Users\Application Data\Flexnet
C:\Documents and Settings\All Users\Application Data\Friends Games
C:\Documents and Settings\All Users\Application Data\Fugazo
C:\Documents and Settings\All Users\Application Data\Go Go Gourmet
C:\Documents and Settings\All Users\Application Data\Google
C:\Documents and Settings\All Users\Application Data\Hewlett-packard
C:\Documents and Settings\All Users\Application Data\Ijjigame
C:\Documents and Settings\All Users\Application Data\Installshield
C:\Documents and Settings\All Users\Application Data\Malwarebytes
C:\Documents and Settings\All Users\Application Data\Mcafee
C:\Documents and Settings\All Users\Application Data\Messenger Plus! -- EMPTY Directory
C:\Documents and Settings\All Users\Application Data\Microsoft
C:\Documents and Settings\All Users\Application Data\Microsoft Help
C:\Documents and Settings\All Users\Application Data\Montecristo
C:\Documents and Settings\All Users\Application Data\Oberon Games
C:\Documents and Settings\All Users\Application Data\Playfirst
C:\Documents and Settings\All Users\Application Data\Protexis
C:\Documents and Settings\All Users\Application Data\Qb9 S.r.l
C:\Documents and Settings\All Users\Application Data\Raxco
C:\Documents and Settings\All Users\Application Data\Sandlot Games
C:\Documents and Settings\All Users\Application Data\Sbsi
C:\Documents and Settings\All Users\Application Data\Siteadvisor
C:\Documents and Settings\All Users\Application Data\Sonic
C:\Documents and Settings\All Users\Application Data\Sony
C:\Documents and Settings\All Users\Application Data\Sony Ericsson
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
C:\Documents and Settings\All Users\Application Data\Symantec
C:\Documents and Settings\All Users\Application Data\Temp -- EMPTY Directory
C:\Documents and Settings\All Users\Application Data\Trymedia
C:\Documents and Settings\All Users\Application Data\Tuneup Software
C:\Documents and Settings\All Users\Application Data\Valusoft
C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
C:\Documents and Settings\All Users\Application Data\Wlinstaller
C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
C:\Documents and Settings\All Users\Application Data\Zylom
C:\Documents and Settings\Compaq_owner\Application Data\7wonders
C:\Documents and Settings\Compaq_owner\Application Data\Adobe
C:\Documents and Settings\Compaq_owner\Application Data\Adobeum -- EMPTY Directory
C:\Documents and Settings\Compaq_owner\Application Data\Apple Computer
C:\Documents and Settings\Compaq_owner\Application Data\Clockfork
C:\Documents and Settings\Compaq_owner\Application Data\Google
C:\Documents and Settings\Compaq_owner\Application Data\Hewlett-packard
C:\Documents and Settings\Compaq_owner\Application Data\Hpq
C:\Documents and Settings\Compaq_owner\Application Data\Identities
C:\Documents and Settings\Compaq_owner\Application Data\Ijjigame
C:\Documents and Settings\Compaq_owner\Application Data\Installshield
C:\Documents and Settings\Compaq_owner\Application Data\Internet Download Accelerator
C:\Documents and Settings\Compaq_owner\Application Data\Limewire
C:\Documents and Settings\Compaq_owner\Application Data\Macromedia
C:\Documents and Settings\Compaq_owner\Application Data\Malwarebytes
C:\Documents and Settings\Compaq_owner\Application Data\Megauploadtoolbar
C:\Documents and Settings\Compaq_owner\Application Data\Microsoft
C:\Documents and Settings\Compaq_owner\Application Data\Mozilla
C:\Documents and Settings\Compaq_owner\Application Data\Mxboost
C:\Documents and Settings\Compaq_owner\Application Data\Mysteryville2
C:\Documents and Settings\Compaq_owner\Application Data\Opera
C:\Documents and Settings\Compaq_owner\Application Data\Pc Suite
C:\Documents and Settings\Compaq_owner\Application Data\Prevxcsi -- EMPTY Directory
C:\Documents and Settings\Compaq_owner\Application Data\Real
C:\Documents and Settings\Compaq_owner\Application Data\Siteadvisor -- EMPTY Directory
C:\Documents and Settings\Compaq_owner\Application Data\Sony
C:\Documents and Settings\Compaq_owner\Application Data\Sun
C:\Documents and Settings\Compaq_owner\Application Data\Tuneup Software
C:\Documents and Settings\Compaq_owner\Application Data\Utorrent
C:\Documents and Settings\Compaq_owner\Application Data\Winrar -- EMPTY Directory
C:\Documents and Settings\Compaq_owner\Application Data\Xfire
C:\Documents and Settings\Compaq_owner\Application Data\Yahoo!
C:\Documents and Settings\Default User\Application Data\Identities
C:\Documents and Settings\Default User\Application Data\Microsoft
C:\Documents and Settings\Default User\Application Data\Real
C:\Documents and Settings\Localservice\Application Data\Microsoft
C:\Documents and Settings\Localservice\Application Data\Siteadvisor -- EMPTY Directory
C:\Documents and Settings\Localservice\Application Data\Xfire -- EMPTY Directory
C:\Documents and Settings\Networkservice\Application Data\Microsoft
C:\Documents and Settings\Networkservice\Application Data\Xfire -- EMPTY Directory
C:\Documents and Settings\Serangoon\Application Data\7wonders
C:\Documents and Settings\Serangoon\Application Data\Adobe
C:\Documents and Settings\Serangoon\Application Data\Adobeum
C:\Documents and Settings\Serangoon\Application Data\Big Fish Games
C:\Documents and Settings\Serangoon\Application Data\Bitdefender
C:\Documents and Settings\Serangoon\Application Data\Clockfork -- EMPTY Directory
C:\Documents and Settings\Serangoon\Application Data\Datalayer
C:\Documents and Settings\Serangoon\Application Data\Funkitron
C:\Documents and Settings\Serangoon\Application Data\Google
C:\Documents and Settings\Serangoon\Application Data\Hewlett-packard
C:\Documents and Settings\Serangoon\Application Data\Hp
C:\Documents and Settings\Serangoon\Application Data\Hpq
C:\Documents and Settings\Serangoon\Application Data\Identities
C:\Documents and Settings\Serangoon\Application Data\Ijjigame
C:\Documents and Settings\Serangoon\Application Data\Jane S Hotel
C:\Documents and Settings\Serangoon\Application Data\Leadertech
C:\Documents and Settings\Serangoon\Application Data\Macromedia
C:\Documents and Settings\Serangoon\Application Data\Magic Match
C:\Documents and Settings\Serangoon\Application Data\Megauploadtoolbar
C:\Documents and Settings\Serangoon\Application Data\Microsoft
C:\Documents and Settings\Serangoon\Application Data\Mozilla
C:\Documents and Settings\Serangoon\Application Data\Mysteryville2
C:\Documents and Settings\Serangoon\Application Data\Nokia
C:\Documents and Settings\Serangoon\Application Data\Nokia Multimedia Player
C:\Documents and Settings\Serangoon\Application Data\Oberon Games
C:\Documents and Settings\Serangoon\Application Data\Opera
C:\Documents and Settings\Serangoon\Application Data\Pc Suite
C:\Documents and Settings\Serangoon\Application Data\Playfirst
C:\Documents and Settings\Serangoon\Application Data\Real
C:\Documents and Settings\Serangoon\Application Data\Sonic
C:\Documents and Settings\Serangoon\Application Data\Sun
C:\Documents and Settings\Serangoon\Application Data\Tuneup Software
C:\Documents and Settings\Serangoon\Application Data\Utorrent
C:\Documents and Settings\Serangoon\Application Data\Wildfire
C:\Documents and Settings\Serangoon\Application Data\Winrar -- EMPTY Directory
C:\Documents and Settings\Serangoon\Application Data\Yahoo!
C:\Documents and Settings\Serangoon.your-8abc512da0\Application Data\7wonders
C:\Documents and Settings\Serangoon.your-8abc512da0\Application Data\Adobe
C:\Documents and Settings\Serangoon.your-8abc512da0\Application Data\Adobeum -- EMPTY Directory
C:\Documents and Settings\Serangoon.your-8abc512da0\Application Data\Apple Computer
C:\Documents and Settings\Serangoon.your-8abc512da0\Application Data\Big Fish Games
C:\Documents and Settings\Serangoon.your-8abc512da0\Application Data\Funkitron
C:\Documents and Settings\Serangoon.your-8abc512da0\Application Data\Gamelab
C:\Documents and Settings\Serangoon.your-8abc512da0\Application Data\Google
C:\Documents and Settings\Serangoon.your-8abc512da0\Application Data\Help -- EMPTY Directory
C:\Documents and Settings\Serangoon.your-8abc512da0\Application Data\Hewlett-packard
C:\Documents and Settings\Serangoon.your-8abc512da0\Application Data\Home Sweet Home
C:\Documents and Settings\Serangoon.your-8abc512da0\Application Data\Hp
C:\Documents and Settings\Serangoon.your-8abc512da0\Application Data\Hpq
C:\Documents and Settings\Serangoon.your-8abc512da0\Application Data\Identities
C:\Documents and Settings\Serangoon.your-8abc512da0\Application Data\Ijjigame
C:\Documents and Settings\Serangoon.your-8abc512da0\Application Data\Macromedia
C:\Documents and Settings\Serangoon.your-8abc512da0\Application Data\Microsoft
C:\Documents and Settings\Serangoon.your-8abc512da0\Application Data\Mozilla
C:\Documents and Settings\Serangoon.your-8abc512da0\Application Data\My Games
C:\Documents and Settings\Serangoon.your-8abc512da0\Application Data\Opera
C:\Documents and Settings\Serangoon.your-8abc512da0\Application Data\Playfirst
C:\Documents and Settings\Serangoon.your-8abc512da0\Application Data\Real
C:\Documents and Settings\Serangoon.your-8abc512da0\Application Data\Sandlot Games
C:\Documents and Settings\Serangoon.your-8abc512da0\Application Data\Sbtt
C:\Documents and Settings\Serangoon.your-8abc512da0\Application Data\Sun
C:\Documents and Settings\Serangoon.your-8abc512da0\Application Data\Total Eclipse
C:\Documents and Settings\Serangoon.your-8abc512da0\Application Data\Tuneup Software
C:\Documents and Settings\Serangoon.your-8abc512da0\Application Data\Valusoft
C:\Documents and Settings\Serangoon.your-8abc512da0\Application Data\Winrar -- EMPTY Directory
C:\Documents and Settings\Serangooon\Application Data\Adobe
C:\Documents and Settings\Serangooon\Application Data\Apple Computer
C:\Documents and Settings\Serangooon\Application Data\Google
C:\Documents and Settings\Serangooon\Application Data\Identities
C:\Documents and Settings\Serangooon\Application Data\Macromedia
C:\Documents and Settings\Serangooon\Application Data\Microsoft
C:\Documents and Settings\Serangooon\Application Data\Mozilla
C:\Documents and Settings\Serangooon\Application Data\Real
C:\Documents and Settings\Serangooon\Application Data\Siteadvisor -- EMPTY Directory
C:\Documents and Settings\Serangooon\Application Data\Sun
C:\Documents and Settings\Serangooon\Application Data\U3



Find AWF report by noahdfear ©2006
Version 1.40

The current date is: Sun 03/23/2008
The current time is: 12:36:40.73


bak folders found
~~~~~~~~~~~



Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~



end of report

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:42:13 PM, on 3/23/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe
C:\Program Files\SiteAdvisor\6253\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\IDA\ida.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Registry Clean Expert\RCHelper.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
C:\Program Files\HP\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\HP\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Xfire\xfire.exe
C:\Program Files\HP\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\HP\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\HP\KBD\KBD.EXE
c:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TY...RIO&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: IE 4.x-6.x BHO for Internet Download Accelerator - {2A646672-9C3A-4C28-9A7A-1FB0F63F28B6} - C:\PROGRA~1\IDA\idaiehlp.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\Scriptcl.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: (no name) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - (no file)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKCU\..\Run: [Internet Download Accelerator] C:\Program Files\IDA\ida.exe -autorun
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [RegClean Expert Scheduler] "C:\Program Files\Registry Clean Expert\RCHelper.exe" /startup
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1203417649562
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1203428722265
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: jkkllmj - jkkllmj.dll (file missing)
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PD91Agent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe
O23 - Service: PD91Engine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk2008\PD91Engine.exe
O23 - Service: PD91VMDefrag - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk2008\PD91VMDefrag.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe

--
End of file - 11648 bytes


Thats all needed right???