This is my log regarding the malware you said

[edchar]

Deckard's System Scanner v20071014.68
Run by user on 2007-12-23 16:56:21
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
16: 2007-12-23 08:56:36 UTC - RP105 - Deckard's System Scanner Restore Point
15: 2007-12-22 0557 UTC - RP104 - System Checkpoint
14: 2007-12-21 03:07:46 UTC - RP103 - System Checkpoint
13: 2007-12-18 11:39:42 UTC - RP102 - Installed Aventail OnDemand Proxy Agent
12: 2007-12-18 03:15:27 UTC - RP101 - System Checkpoint


-- First Restore Point --
1: 2007-12-04 11:50:20 UTC - RP90 - Installed DirectX


Backed up registry hives.
Performed disk cleanup.

System Drive C: has 0.43 GiB (less than 15%) free.


-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2007-12-23 16:58:13
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Free\avgamsvr.exe
C:\Program Files\Grisoft\AVG Free\avgupsvc.exe
C:\Program Files\Grisoft\AVG Free\avgemc.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
E:\DonDon's games\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: rightonads optimizer - {10F3E8BD-257A-4702-A2F5-DC02055B068C} - C:\WINDOWS\system32\gzmrt.dll
O2 - BHO: Search Assistant - {1648E328-3E5A-4EA5-A9C6-E5F09EE272DA} - C:\WINDOWS\system32\adssite_sidebar.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: ads_optimizer - {9C8A568E-4201-478a-8536-526CF371D2E2} - C:\WINDOWS\system32\nsg15.dll
O2 - BHO: WhIeHelperObj Class - {c900b400-cdfe-11d3-976a-00e02913a9e0} - C:\Program Files\webHancer\Programs\whiehlpr.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Adssite Toolbar - {41C29B07-6F91-4966-91BE-2E2841643C83} - C:\Program Files\Adssite Advanced Toolbar\toolbar.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [postSetupCheck] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\gzmrt.dll" DllStart
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: C:\Program Files\webHancer\Programs\webhdll.dll
O16 - DPF: {072039AB-2117-4ED5-A85F-9B9EB903E021} (NowStarter Control) - http://www.clubbox.co.kr/neo.fld/NowStarter.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1188908166000
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.shockwave.com/content/bej...loader_v10.cab
O18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG Free\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG Free\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG Free\avgemc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe


--
End of file - 8300 bytes

-- File Associations -----------------------------------------------------------

.scr - AutoCADScriptFile - shell\open\command - "C:\WINDOWS\system32\NOTEPAD.EXE" "%1"


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 NPPTNT2 - c:\windows\system32\npptnt2.sys <Not Verified; INCA Internet Co., Ltd.; nProtect NPSC Kernel Mode Driver for NT>
R2 CdaC15BA - c:\windows\system32\drivers\cdac15ba.sys <Not Verified; Macrovision Europe Ltd; Security Windows NT>
R3 ZSMC301b (ZSMC USB PC Camera) - c:\windows\system32\drivers\usbvm31b.sys <Not Verified; VM; >

S3 GMSIPCI - f:\install\gmsipci.sys (file missing)
S3 NOWMEMDF - c:\windows\system32\nowmemdf.sys <Not Verified; (c)NOWCOM; Nowcom Memory Defender>
S3 npkcrypt - e:\dondon's games\ro\npkcrypt.sys (file missing)
S3 NTACCESS - f:\ntaccess.sys (file missing)
S3 SetupNTGLM7X - f:\ntglm7x.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 C-DillaCdaC11BA - c:\windows\system32\drivers\cdac11ba.exe <Not Verified; Macrovision; SafeCast Windows NT>
R2 RichVideo (Cyberlink RichVideo Service(CRVS)) - "c:\program files\cyberlink\shared files\richvideo.exe" <Not Verified; ; RichVideo Module>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Bluetooth LAN Access Server Driver
Device ID: {95C7A0A0-3094-11D7-A202-00508B9D7D5A}\BTWDNDIS\1&30EE4AD&0&1000000020000
Manufacturer: Broadcom
Name: Bluetooth LAN Access Server Driver
PNP Device ID: {95C7A0A0-3094-11D7-A202-00508B9D7D5A}\BTWDNDIS\1&30EE4AD&0&1000000020000
Service: BTWDNDIS


-- Scheduled Tasks -------------------------------------------------------------

2007-12-12 18:14:04 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2007-11-23 and 2007-12-23 -----------------------------

2007-12-23 10:19:30 0 d--hs---- C:\FOUND.000
2007-12-18 19:38:25 0 d-------- C:\Documents and Settings\user\Application Data\Aventail
2007-12-17 13:53:26 0 d-------- C:\Documents and Settings\All Users\Application Data\Gogii
2007-12-17 13:43:55 0 d-------- C:\Program Files\Babysitting Mania
2007-12-17 13:19:07 0 d-------- C:\Program Files\bfgclient
2007-12-17 13:19:07 0 d-------- C:\Documents and Settings\All Users\Application Data\BigFishGamesCache
2007-12-16 14:36:00 0 d-------- C:\WINDOWS\network diagnostic
2007-12-16 14:24:10 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2007-12-14 20:18:55 0 d-------- C:\Documents and Settings\user\Application Data\Move Networks
2007-12-07 16:56:51 0 d-------- C:\Documents and Settings\All Users\Application Data\Fugazo
2007-12-07 16:55:22 0 d-------- C:\Program Files\Yahoo! Games
2007-12-05 20:27:29 77353 --a------ C:\WINDOWS\system32\adssite_sidebar_uninstall.exe
2007-12-05 09:33:48 0 d-------- C:\Program Files\MSXML 6.0
2007-12-04 01:12:02 282624 --a------ C:\WINDOWS\system32\adssite_sidebar.dll
2007-12-03 21:55:43 0 d-------- C:\Program Files\Common Files\Autodesk Shared
2007-12-03 21:50:24 0 d-------- C:\WINDOWS\SxsCaPendDel
2007-11-30 23:57:56 49664 --a------ C:\WINDOWS\system32\nsg15.dll
2007-11-30 22:30:59 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple
2007-11-28 22:52:14 64000 --a------ C:\WINDOWS\system32\gzmrt.dll
2007-11-24 17:44:51 0 d-------- C:\Program Files\Hometown Hero
2007-11-23 21:51:18 0 d-------- C:\Program Files\Diner Dash Hometown Hero


-- Find3M Report ---------------------------------------------------------------

2007-12-22 14:00:22 29 --a------ C:\WINDOWS\popcinfo.dat
2007-12-04 20:32:14 59384 --a------ C:\Documents and Settings\user\Application Data\GDIPFONTCACHEV1.DAT
2007-12-01 13:10:02 79868 --a------ C:\WINDOWS\system32\adssite-remove.exe
2007-11-29 14:21:06 40737 --a------ C:\WINDOWS\system32\rightonadz-uninst.exe
2007-11-16 18:21:04 19 --a------ C:\WINDOWS\popcinfot.dat
2007-11-09 18:09:16 0 --a------ C:\WINDOWS\popcreg.dat
2007-11-09 18:09:16 0 d-------- C:\Program Files\PopCap Games
2007-11-06 16:32:42 0 d-------- C:\Program Files\Dream Day Honeymoon
2007-11-02 20:43:22 2560 --a------ C:\WINDOWS\_MSRSTRT.EXE
2007-10-23 23:02:08 0 d-------- C:\Documents and Settings\user\Application Data\WinRAR
2007-10-01 21:08:34 966656 --a------ C:\WINDOWS\system32\btrez.dll <Not Verified; Broadcom Corporation.; Bluetooth Software>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{10F3E8BD-257A-4702-A2F5-DC02055B068C}]
11/28/2007 10:52 PM 64000 --a------ C:\WINDOWS\system32\gzmrt.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1648E328-3E5A-4EA5-A9C6-E5F09EE272DA}]
12/04/2007 01:12 AM 282624 --a------ C:\WINDOWS\system32\adssite_sidebar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9C8A568E-4201-478a-8536-526CF371D2E2}]
11/30/2007 11:57 PM 49664 --a------ C:\WINDOWS\system32\nsg15.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c900b400-cdfe-11d3-976a-00e02913a9e0}]
09/06/2007 10:56 AM 159744 --a------ C:\Program Files\webHancer\programs\whiehlpr.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [10/25/2006 06:58 PM]
"postSetupCheck"="C:\WINDOWS\system32\gzmrt.dll" [11/28/2007 10:52 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [07/12/2007 04:00 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/03/2004 04:56 PM]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [07/16/2007 03:17 PM]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [11/22/2004 08:18 AM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dd171882-7266-11dc-a67d-00046173bda1}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe FS6519.dll.vbs




-- End of Deckard's System Scanner: finished at 2007-12-23 16:59:05 ------------



Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel(R) Pentium(R) 4 CPU 2.40GHz
Percentage of Memory in Use: 40%
Physical Memory (total/avail): 767.48 MiB / 454.87 MiB
Pagefile Memory (total/avail): 1878.07 MiB / 1576.67 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1917.82 MiB

A: is Removable (No Media)
C: is Fixed (FAT32) - 9.57 GiB total, 0.43 GiB free.
D: is Fixed (FAT32) - 10.04 GiB total, 7.2 GiB free.
E: is Fixed (FAT32) - 18.64 GiB total, 3.74 GiB free.
F: is CDROM (No Media)
G: is CDROM (No Media)
H: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - Maxtor 6E040L0 - 38.29 GiB - 3 partitions
\PARTITION0 (bootable) - Unknown - 9.58 GiB - C:
\PARTITION1 - Extended w/Extended Int 13 - 28.7 GiB - D: - E:



-- Security Center -------------------------------------------------------------

AUOptions is disabled.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.
UpdatesDisableNotify is set.

AV: AVG 7.5.516 v7.5.516 (Grisoft)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"E:\\DonDon's games\\o2jam pud\\New Folder\\GGclient.exe"="E:\\DonDon's games\\o2jam pud\\New Folder\\GGclient.exe:*:Enabled:GG E-Sports Platform Client"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"E:\\paola\\limewire\\D\\LimeWire\\LimeWire.exe"="E:\\paola\\limewire\\D\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\WINDOWS\\System32\\fscagent.exe"="C:\\WINDOWS\\System32\\fscagent.exe:*:Enabled:???? ???? ??"
"C:\\WINDOWS\\System32\\clubbox.exe"="C:\\WINDOWS\\System32\\clubbox.exe:*:Enabled:嬷´¹ú½º æäàïàü¼û °ü¸®àú"
"C:\\WINDOWS\\System32\\grdmgr.exe"="C:\\WINDOWS\\System32\\grdmgr.exe:*:Enabled:CDN ???? ??"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"E:\\DonDon's games\\VeohClient.exe"="E:\\DonDon's games\\VeohClient.exe:*:Disabled:Veoh Client"
"C:\\Program Files\\Grisoft\\AVG Free\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files\\Grisoft\\AVG Free\\avgemc.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avgemc.exe:*:Enabled:avgemc.exe"
"E:\\DonDon's games\\o2jam pud\\New Folder\\utorrent.exe"="E:\\DonDon's games\\o2jam pud\\New Folder\\utorrent.exe:*:Enabled:µTorrent"
"E:\\DonDon's games\\o2jam pud\\utorrent.exe"="E:\\DonDon's games\\o2jam pud\\utorrent.exe:*:Enabled:µTorrent"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\user\Application Data
CLASSPATH=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=WINXPSP2
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\user
LOGONSERVER=\\WINXPSP2
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 7, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0207
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\QuickTime\QTSystem\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\user\LOCALS~1\Temp
TMP=C:\DOCUME~1\user\LOCALS~1\Temp
USERDOMAIN=WINXPSP2
USERNAME=user
USERPROFILE=C:\Documents and Settings\user
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

user (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> C:\WINDOWS\UNNMP.exe /UNINSTALL
--> MsiExec.exe /I{9A346205-EA92-4406-B1AB-50379DA3F057}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player 9 ActiveX --> MsiExec.exe /X{BB65C393-C76E-4F06-9B0C-2124AA8AF97B}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 7.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
Adssite Advanced Toolbar --> C:\Program Files\Adssite Advanced Toolbar\uninstall.exe
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
AutoCAD 2008 - English --> D:\Program Files\Acad\Setup\Setup.exe /P {5783F2D7-6001-0409-0002-0060B0CE6BBA} /M ACAD
AutoCAD 2008 Network License Activation Utility --> MsiExec.exe /X{AF4505CB-C93A-4B29-91B9-F15767AF43BE}
Autodesk CAD Manager Tools --> MsiExec.exe /X{5783F2D7-0111-0409-0010-0060B0CE6BBA}
Autodesk DWF Viewer 7 --> MsiExec.exe /I{9A346205-EA92-4406-B1AB-50379DA3F057}
Autodesk Network License Manager --> MsiExec.exe /X{FE2F2589-96A6-4F38-98F5-DDAC34BD41B9}
Aventail Access Manager --> C:\Documents and Settings\user\Application Data\Aventail\epi\epuninstall.exe
Aventail OnDemand Proxy Agent --> MsiExec.exe /X{1CC340A6-E2E8-4986-B4F6-300055258684}
Aventail Web Proxy Agent --> MsiExec.exe /X{9B0B46B3-10DF-4ADA-9501-0129D784563D}
Aventail Webifiers --> MsiExec.exe /X{54D44AD1-A083-48B9-BD6F-AFD517B7C775}
AVG Free Edition --> C:\Program Files\Grisoft\AVG Free\setup.exe /UNINSTALL
Babysitting Mania (remove only) --> "C:\Program Files\Babysitting Mania\Uninstall.exe"
Bejeweled Deluxe 1.87 --> C:\Program Files\PopCap Games\Bejeweled Deluxe\PopUninstall.exe "C:\Program Files\PopCap Games\Bejeweled Deluxe\Install.log"
Big Fish Games Client --> C:\Program Files\bfgclient\Uninstall.exe
Browser Optimizer Adssite --> C:\WINDOWS\system32\adssite-remove.exe
Browser Optimizer Rightonadz --> C:\WINDOWS\system32\rightonadz-uninst.exe
CleanUp! --> C:\Program Files\CleanUp!\uninstall.exe
EPSON Printer Software --> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
Fashion Fits (remove only) --> "C:\Program Files\Yahoo! Games\Fashion Fits\Uninstall.exe"
Feeding Frenzy --> C:\PROGRA~1\GAMEHO~1\FEEDIN~1\UNWISE.EXE /U C:\PROGRA~1\GAMEHO~1\FEEDIN~1\INSTALL.LOG
GG E-Sports Platform --> C:\Program Files\InstallShield Installation Information\{89C89156-A70F-4C6D-9CAE-2EA71F1396FE}\setup.exe -runfromtemp -l0x0009 -removeonly
GOM Player --> "E:\DonDon's games\o2jam pud\GOM\GomPlayer\Uninstall.exe"
Hometown Hero --> C:\Program Files\Hometown Hero\Uninstal.exe
Insaniquarium Deluxe --> C:\PROGRA~1\GAMEHO~1\INSANI~1\UNWISE.EXE /U C:\PROGRA~1\GAMEHO~1\INSANI~1\INSTALL.LOG
Inspector Parker --> C:\PROGRA~1\GAMEHO~1\INSPEC~1\UNWISE.EXE /U C:\PROGRA~1\GAMEHO~1\INSPEC~1\INSTALL.LOG
iTunes --> MsiExec.exe /I{446DBFFA-4088-48E3-8932-74316BA4CAE4}
Java 2 Runtime Environment, SE v1.4.2_04 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142040}
Java(TM) 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Jewel Quest II (remove only) --> "C:\Documents and Settings\user\My Documents\Jewel Quest II\Uninstall.exe"
LimeWire 4.14.8 --> "C:\Program Files\LimeWire\uninstall.exe"
Macromedia Shockwave Player --> C:\WINDOWS\system32\MACROMED\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\MACROMED\SHOCKW~1\Install.log
Microsoft Office XP Professional with FrontPage --> MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Microsoft Text-to-Speech Engine 4.0 (English) --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msTTSf22.inf, Uninstall
Move Networks Media Player for Internet Explorer --> C:\Documents and Settings\user\Application Data\Move Networks\ie_bin\Uninst.exe
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Nero Suite --> C:\Program Files\Common Files\Nero\Uninstall\setupx.exe /uninstall ExtraUninstallID=""
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
QuickTime --> MsiExec.exe /I{50D8FFDD-90CD-4859-841F-AA1961C7767A}
RagnarokOnline-Valkyrie --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4C964B9E-F8B0-4E60-8D1D-392CD77FA6F9}\setup.exe" -l0x9 -removeonly
Real Alternative 1.51 --> "E:\DonDon's games\o2jam pud\real alternative\Real Alternative\unins000.exe"
Realtek AC'97 Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
Ricochet --> C:\PROGRA~1\GAMEHO~1\RICOCHET\UNWISE.EXE /U C:\PROGRA~1\GAMEHO~1\RICOCHET\INSTALL.LOG
SafeCast Shared Components --> C:\Program Files\Common Files\Macrovision Shared\SafeCast\Install\CDAC13BA.EXE /uninstall
Sandlot Games Client Services --> "C:\Program Files\Common Files\Sandlot Shared\unins000.exe"
Search Assistant Adssite --> C:\WINDOWS\system32\adssite_sidebar_uninstall.exe
Super Gem Drop --> C:\PROGRA~1\GAMEHO~1\GEMDROP\UNWISE.EXE /U C:\PROGRA~1\GAMEHO~1\GEMDROP\INSTALL.LOG
Super Nisqually from GameHouse --> C:\PROGRA~1\GAMEHO~1\NISQUA~1\UNWISE.EXE /U C:\PROGRA~1\GAMEHO~1\NISQUA~1\INSTALL.LOG
Super Pop & Drop --> C:\PROGRA~1\GAMEHO~1\POPDROP\UNWISE.EXE /U C:\PROGRA~1\GAMEHO~1\POPDROP\INSTALL.LOG
Super Rumble Cube --> C:\PROGRA~1\GAMEHO~1\RUMBLE~1\UNWISE.EXE /U C:\PROGRA~1\GAMEHO~1\RUMBLE~1\INSTALL.LOG
Super TextTwist --> C:\PROGRA~1\GAMEHO~1\TEXTTW~1\UNWISE.EXE /U C:\PROGRA~1\GAMEHO~1\TEXTTW~1\INSTALL.LOG
Super WhatWord from GameHouse --> C:\PROGRA~1\GAMEHO~1\WHATWORD\UNWISE.EXE /U C:\PROGRA~1\GAMEHO~1\WHATWORD\INSTALL.LOG
The Sims 2 --> E:\Kitin's games\EAUninstall.exe
Ultimate Dominoes --> C:\PROGRA~1\GAMEHO~1\DOMINOES\UNWISE.EXE /U C:\PROGRA~1\GAMEHO~1\DOMINOES\INSTALL.LOG
Varmintz Deluxe --> C:\PROGRA~1\GAMEHO~1\VARMINTZ\UNWISE.EXE /U C:\PROGRA~1\GAMEHO~1\VARMINTZ\INSTALL.LOG
VIA Rhine-Family Fast Ethernet Adapter --> Rundll32.exe vuins32.dll,vuins32Ex $Rhine $VIA
VobSub v2.23 (Remove Only) --> "C:\Program Files\Gabest\VobSub\uninstall.exe"
WIDCOMM Bluetooth Software --> MsiExec.exe /X{84814E6B-2581-46EC-926A-823BD1C670F6}
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
Yahoo! Browser Services --> C:\PROGRA~1\Yahoo!\Common\UNIN_Y~1.EXE /S
Yahoo! Install Manager --> C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Internet Mail --> C:\WINDOWS\system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\YMMAPI.dll
Yahoo! Messenger --> C:\PROGRA~1\YAHOO!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\YAHOO!\MESSEN~1\INSTALL.LOG
Yahoo! Search Protection --> C:\PROGRA~1\Yahoo!\SEARCH~1\UNINST~1.EXE
Yahoo! Toolbar --> C:\PROGRA~1\Yahoo!\Common\unyt.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type2633 / Error
Event Submitted/Written: 12/15/2007 05:27:11 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application IEXPLORE.EXE, version 6.0.2900.2180, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type2604 / Error
Event Submitted/Written: 12/13/2007 02:00:57 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application IEXPLORE.EXE, version 6.0.2900.2180, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type2597 / Error
Event Submitted/Written: 12/13/2007 08:12:49 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application IEXPLORE.EXE, version 6.0.2900.2180, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type2574 / Error
Event Submitted/Written: 12/11/2007 09:54:00 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application iexplore.exe, version 6.0.2900.2180, faulting module unknown, version 0.0.0.0, fault address 0x00000034.
Processing media-specific event for [iexplore.exe!ws!]

Event Record #/Type2567 / Error
Event Submitted/Written: 12/11/2007 08:08:21 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application iexplore.exe, version 6.0.2900.2180, faulting module unknown, version 0.0.0.0, fault address 0x01f90a63.
Processing media-specific event for [iexplore.exe!ws!]



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type11650 / Warning
Event Submitted/Written: 12/23/2007 00:15:04 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type11649 / Warning
Event Submitted/Written: 12/23/2007 10:26:27 AM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type11629 / Warning
Event Submitted/Written: 12/20/2007 10:17:25 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type11603 / Warning
Event Submitted/Written: 12/20/2007 08:30:26 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type11602 / Warning
Event Submitted/Written: 12/20/2007 08:24:47 PM
Event ID/Source: 2504 / Server
Event Description:
The server could not bind to the transport \Device\NetBT_Tcpip_{C99F7C14-9C9C-492F-893E-66D8AC9061F3}.



-- End of Deckard's System Scanner: finished at 2007-12-23 16:59:05 ------------

[tetonbob]

Glad to see you followed up on it...

Quote:

System Drive C: has 0.43 GiB (less than 15%) free.

This is a serious issue, and needs to be addressed somehow.

Windows XP requires a minimum of 1.5GB free space to operate well.

--------------------------------------------------

P2P - I see you have P2P software ( Limewire) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation. This page will give you further information.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

References for the risk of these programs are here,
here and here.

I would strongly recommend that you uninstall them, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.

---------------------------------------------------------------------------------------------

Uninstall the following via the Add/Remove Panel (Start->(Settings)->Control Panel->Add/Remove Programs) if they exist:

Adssite Advanced Toolbar
Search Assistant Adssite
Browser Optimizer Adssite
Browser Optimizer Rightonadz

Ignore any prompts to reboot.

---------------------------------------------------------------------------------------------

Open HijackThis and click on 'Do a System Scan Only'. Check the following entries if they exist (make sure you do not miss any) and click Fix Checked


O2 - BHO: rightonads optimizer - {10F3E8BD-257A-4702-A2F5-DC02055B068C} - C:\WINDOWS\system32\gzmrt.dll
O2 - BHO: Search Assistant - {1648E328-3E5A-4EA5-A9C6-E5F09EE272DA} - C:\WINDOWS\system32\adssite_sidebar.dll
O2 - BHO: ads_optimizer - {9C8A568E-4201-478a-8536-526CF371D2E2} - C:\WINDOWS\system32\nsg15.dll
O2 - BHO: WhIeHelperObj Class - {c900b400-cdfe-11d3-976a-00e02913a9e0} - C:\Program Files\webHancer\Programs\whiehlpr.dll
O3 - Toolbar: Adssite Toolbar - {41C29B07-6F91-4966-91BE-2E2841643C83} - C:\Program Files\Adssite Advanced Toolbar\toolbar.dll
O4 - HKLM\..\Run: [postSetupCheck] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\gzmrt.dll" DllStart

Close HijackThis now.

---------------------------------------------------------------------------------------------

1. Download this file - http://download.bleepingcomputer.com...a/ComboFix.exe
   
   * IMPORTANT !!! Place combofix.exe on your Desktop
   
   
   
2. Disconnect from the internet....pull the plug!
   
3. Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
   
4. Go to -> Run -> paste in the following single line command & click OK
   
   

   "%userprofile%\desktop\combofix.exe" /killall

   
   
   
   
5. Follow the prompts. Type "1" and press Enter to begin the scan.
6. Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
   
7. When finished, it shall produce a log for you. Post that log in your next reply
   
   Note:
   Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
   
   ---------------------------------------------------------------------------------------------
   
8. Ensure your AntiVirus and AntiSpyware applications are re-enabled. A reboot should have done this.
   
9. Re-establish an internet connection.
   
10. Please download HijackThis to your desktop
    
    Alternate link
    
    Double-click on the file you just downloaded.
    Click on the "Unzip" button to install. It will by default install to the directory - C:\Program Files\Trend Micro\HijackThis
    
    Upon install, HijackThis should open for you.
    
    Should it not open, navigate to C:\Program Files\Trend Micro\HijackThis and double click on HijackThis.exe
    
    1. If it gives you an intro screen, just choose 'Do a system scan and save a logfile'.
    2. If you don't get the intro screen, just hit Scan and then click on Save log.
    3. Post the hijackthis.log file here. Do not fix anything in HijackThis since they may be harmless.
    
    ---------------------------------------------------------------------------------------------
    
    ---------------------------------------------------------------------------------------------

[edchar]

This was the result of the combofix u told me about ..

ComboFix 07-12-25.2 - user 2007-12-25 22:09:56.1 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.500 [GMT 8:00]
Running from: C:\Documents and Settings\user\desktop\combofix.exe
Command switches used :: /killall
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\webhancer
C:\Program Files\webhancer\Programs\license.txt
C:\Program Files\webhancer\Programs\readme.txt
C:\Program Files\webhancer\Programs\sporder.dll
C:\Program Files\webhancer\Programs\webhdll.dll
C:\Program Files\webhancer\Programs\whagent.exe
C:\Program Files\webhancer\Programs\whagent.ini
C:\Program Files\webhancer\Programs\whiehlpr.dll
C:\Program Files\webhancer\Programs\whinstaller.exe

.
((((((((((((((((((((((((( Files Created from 2007-11-25 to 2007-12-25 )))))))))))))))))))))))))))))))
.

2007-12-25 22:00 . 2007-12-25 22:00 <DIR> d--hs---- C:\FOUND.003
2007-12-25 21:01 . 2007-12-25 21:01 <DIR> d-------- C:\Program Files\eMule
2007-12-25 00:29 . 2007-12-25 00:29 <DIR> d--hs---- C:\FOUND.002
2007-12-24 00:03 . 2007-12-24 00:03 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-12-24 00:03 . 2007-12-25 00:47 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2007-12-24 00:03 . 2007-12-25 00:47 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2007-12-24 00:03 . 2007-12-25 00:47 1,406 --a------ C:\WINDOWS\system32\Help.ico
2007-12-23 20:17 . 2007-12-23 20:17 <DIR> d--hs---- C:\FOUND.001
2007-12-23 16:56 . 2007-12-23 16:56 <DIR> d-------- C:\Deckard
2007-12-23 10:19 . 2007-12-23 10:19 <DIR> d--hs---- C:\FOUND.000
2007-12-22 13:48 . 2007-12-22 13:48 13 --a------ C:\alrt_200.data
2007-12-18 19:39 . 2007-08-01 18:08 46,744 --a------ C:\WINDOWS\system32\drivers\odptdi.sys
2007-12-18 19:38 . 2007-12-18 19:38 <DIR> d-------- C:\Documents and Settings\user\Application Data\Aventail
2007-12-17 13:53 . 2007-12-17 13:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Gogii
2007-12-17 13:43 . 2007-12-17 13:43 <DIR> d-------- C:\Program Files\Babysitting Mania
2007-12-17 13:19 . 2007-12-17 13:19 <DIR> d-------- C:\Program Files\bfgclient
2007-12-17 13:19 . 2007-12-17 13:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\BigFishGamesCache
2007-12-16 14:43 . 2007-10-11 07:55 6,065,664 --------- C:\WINDOWS\system32\dllcache\ieframe.dll
2007-12-16 14:43 . 2007-07-01 11:31 2,455,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2007-12-16 14:43 . 2007-07-01 11:36 991,232 --------- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2007-12-16 14:43 . 2007-10-11 07:55 459,264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-12-16 14:43 . 2007-10-11 07:55 383,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-12-16 14:43 . 2007-10-11 07:55 267,776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll
2007-12-16 14:43 . 2007-10-11 07:55 63,488 --------- C:\WINDOWS\system32\dllcache\icardie.dll
2007-12-16 14:43 . 2007-10-11 07:55 52,224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-12-16 14:43 . 2007-10-10 18:59 13,824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-12-14 20:18 . 2007-12-14 20:18 <DIR> d-------- C:\Documents and Settings\user\Application Data\Move Networks
2007-12-07 16:56 . 2007-12-07 16:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Fugazo
2007-12-07 16:55 . 2007-12-07 16:55 <DIR> d-------- C:\Program Files\Yahoo! Games
2007-12-05 09:33 . 2007-12-05 09:33 <DIR> d-------- C:\Program Files\MSXML 6.0
2007-12-03 21:55 . 2007-12-03 21:55 <DIR> d-------- C:\Program Files\Common Files\Autodesk Shared
2007-12-03 21:50 . 2007-12-03 21:50 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2007-11-30 22:30 . 2007-11-30 22:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-04 12:32 59,384 ----a-w C:\Documents and Settings\user\Application Data\GDIPFONTCACHEV1.DAT
2007-11-24 09:44 --------- d-----w C:\Program Files\Hometown Hero
2007-11-23 13:51 --------- d-----w C:\Program Files\Diner Dash Hometown Hero
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-09 10:09 --------- d-----w C:\Program Files\PopCap Games
2007-11-06 08:32 --------- d-----w C:\Program Files\Dream Day Honeymoon
2007-10-30 21:12 3,590,656 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\dllcache\quartz.dll
2007-10-27 09:39 230,912 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-27 09:39 230,912 ----a-w C:\WINDOWS\system32\dllcache\wmasf.dll
2007-10-27 09:37 2,109,440 ----a-w C:\WINDOWS\system32\dllcache\wmvcore.dll
2007-10-26 03:34 8,460,288 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
2007-10-11 06:13 474,112 ----a-w C:\WINDOWS\system32\dllcache\shlwapi.dll
2007-10-11 06:13 151,040 ----a-w C:\WINDOWS\system32\dllcache\cdfview.dll
2007-10-11 06:13 1,494,528 ----a-w C:\WINDOWS\system32\dllcache\shdocvw.dll
2007-10-11 06:13 1,054,208 ----a-w C:\WINDOWS\system32\dllcache\danim.dll
2007-10-11 06:13 1,023,488 ----a-w C:\WINDOWS\system32\dllcache\browseui.dll
2007-10-10 23:56 824,832 ------w C:\WINDOWS\system32\dllcache\wininet.dll
2007-10-10 23:56 671,232 ------w C:\WINDOWS\system32\dllcache\mstime.dll
2007-10-10 23:56 232,960 ------w C:\WINDOWS\system32\dllcache\webcheck.dll
2007-10-10 23:56 105,984 ------w C:\WINDOWS\system32\dllcache\url.dll
2007-10-10 23:56 102,400 ------w C:\WINDOWS\system32\dllcache\occache.dll
2007-10-10 23:56 1,159,680 ------w C:\WINDOWS\system32\dllcache\urlmon.dll
2007-10-10 23:55 478,208 ------w C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-10-10 23:55 44,544 ------w C:\WINDOWS\system32\dllcache\iernonce.dll
2007-10-10 23:55 384,512 ------w C:\WINDOWS\system32\dllcache\iedkcs32.dll
2007-10-10 23:55 27,648 ------w C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-10-10 23:55 230,400 ------w C:\WINDOWS\system32\dllcache\ieaksie.dll
2007-10-10 23:55 214,528 ------w C:\WINDOWS\system32\dllcache\dxtrans.dll
2007-10-10 23:55 193,024 ------w C:\WINDOWS\system32\dllcache\msrating.dll
2007-10-10 23:55 153,088 ------w C:\WINDOWS\system32\dllcache\ieakeng.dll
2007-10-10 23:55 132,608 ------w C:\WINDOWS\system32\dllcache\extmgr.dll
2007-10-10 23:55 124,928 ------w C:\WINDOWS\system32\dllcache\advpack.dll
2007-10-10 10:59 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-10-10 10:59 625,152 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2007-10-10 05:46 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
2007-10-01 13:08 966,656 ----a-w C:\WINDOWS\system32\btrez.dll
2007-10-01 13:08 106,557 ----a-w C:\WINDOWS\system32\btw_ci.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AutoCAD Digital Signatures Icon Overlay Handler]
@={36A21736-36C2-4C11-8ACB-D4136F2B57BD}

[HKEY_CLASSES_ROOT\CLSID\{36A21736-36C2-4C11-8ACB-D4136F2B57BD}]
2007-02-12 14:12 44648 --a------ C:\WINDOWS\system32\AcSignIcon.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 16:56]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-07-16 15:17]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2004-11-22 08:18]
"RemoveIT Pro XT"="E:\DonDon's games\Program Files\InCode Solutions\RemoveIT Pro v4-Trial\removeit.exe" [2007-12-18 14:59]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 18:58]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe" [2007-10-24 10:35]

R1 Odptdi;Odptdi;C:\WINDOWS\system32\drivers\odptdi.sys [2007-08-01 18:08]
S3 NOWMEMDF;NOWMEMDF;C:\WINDOWS\system32\NOWMEMDF.sys [2005-11-02 19:23]
S3 SetupNTGLM7X;SetupNTGLM7X;F:\NTGLM7X.sys []

.
Contents of the 'Scheduled Tasks' folder
"2007-12-12 10:14:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-25 22:14:47
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.2180]
-> E:\DonDon's games\o2jam pud\New Folder\filter.dll
.
Completion time: 2007-12-25 22:15:42 - machine was rebooted [user]
.
2007-12-16 06:45:23 --- E O F ---





This is also the result of Hijackthis logfile.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:19:07 PM, on 12/25/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
E:\DonDon's games\Program Files\InCode Solutions\RemoveIT Pro v4-Trial\removeit.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\internet explorer\iexplore.exe
E:\DonDon's games\o2jam pud\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.finderg.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.yahoo.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\YAHOO!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\YAHOO!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\YAHOO!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [RemoveIT Pro XT] E:\DonDon's games\Program Files\InCode Solutions\RemoveIT Pro v4-Trial\removeit.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'c:\program files\webhancer\programs\webhdll.dll' missing
O16 - DPF: {072039AB-2117-4ED5-A85F-9B9EB903E021} (NowStarter Control) - http://www.clubbox.co.kr/neo.fld/NowStarter.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1188908166000
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.shockwave.com/content/bej...loader_v10.cab
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

--
End of file - 7247 bytes

[tetonbob]

P2P - I see you have P2P software ( Limewire ) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation. This page will give you further information.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

References for the risk of these programs are here,
here and here.

I would strongly recommend that you uninstall them, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.

---------------------------------------------------------------------------------------------

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

Updating Java:

• Download the latest version of Java Runtime Environment (JRE) 6 u3 and save to your desktop.
• Close any programs you may have running - especially your web browser.
• Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
• Check any item with Java Runtime Environment (JRE or J2SE) in the name.
• Click the Remove or Change/Remove button.
• Repeat as many times as necessary to remove each Java versions.
• Reboot your computer once all Java components are removed.
• Then from your desktop double-click on jre-6u3-windowsi586-p.exe to install the newest version.

• After the install is complete, go into the Control Panel and double-click the Java Icon. (looks like a coffee cup)
  • On the General tab, under Temporary Internet Files, click the Settings button.
  • Next, click on the Delete Files button
  • There are two options in the window to clear the cache - Leave BOTH Checked
    • Applications and Applets
      Trace and Log Files
  • Click OK on Delete Temporary Files Window
    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Temporary Files Window
  • Click OK to leave the Java Control Panel.

---------------------------------------------------------------------------------------------


Please run this online scan to help look for remnants.

First, Go to Start>Control Panel>Add/Remove Programs and remove Kaspersky online scanner if present prior to downloading the most up-to-date one.

Next, establish an internet connection & perform an online scan using Internet Explorer at Kaspersky Online Scanner

Answer Yes, when prompted to install an ActiveX component.

• The program will then begin downloading the latest definition files.
• Once the files have been downloaded click on NEXT
• Locate the Scan Settings button & configure to:
  • Scan using the following Anti-Virus database:
    • Extended
  • Scan Options:
    • Scan Archives
    • Scan Mail Bases
• Click OK & have it scan My Computer
• Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
• Click the Save as Text button to save the file to your desktop so that you may post it in your next reply

* Turn off the real time scanner of any existing antivirus program while performing the online scan

Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.

---------------------------------------------------------------------------------------------

Also post a new HijackThis Log.

[edchar]

This is the result of kaspersky online scan.

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Wednesday, December 26, 2007 4:01:40 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 26/12/2007
Kaspersky Anti-Virus database records: 494035
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\

Scan Statistics:
Total number of scanned objects: 60333
Number of viruses found: 16
Number of infected objects: 68
Number of suspicious objects: 0
Duration of the scan process: 02:09:21

Infected Object Name / Virus Name / Last Action
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\drivers\sptd2829.sys Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\drivers\dtscsi.sys Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\avg7\Log\emc.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\user\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\user\Local Settings\History\History.IE5\MSHist012007122620071227\index.dat Object is locked skipped
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\H7MV3I1O\video[1].flv Object is locked skipped
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\user\Local Settings\Temp\~DFE850.tmp Object is locked skipped
C:\Documents and Settings\user\Local Settings\Temp\fla34B.tmp Object is locked skipped
C:\Documents and Settings\user\Local Settings\Temp\fla3F5.tmp Object is locked skipped
C:\Documents and Settings\user\Local Settings\Temp\~DF33A7.tmp Object is locked skipped
C:\Documents and Settings\user\Local Settings\Temp\Perflib_Perfdata_c80.dat Object is locked skipped
C:\Documents and Settings\user\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\user\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\user\NTUSER.DAT Object is locked skipped
C:\Program Files\Yahoo!\Messenger\logs\client_user.log Object is locked skipped
C:\Program Files\Yahoo!\Messenger\logs\network_user.log Object is locked skipped
C:\Program Files\Yahoo!\Messenger\logs\billing_user.log Object is locked skipped
C:\Program Files\DAEMON Tools\SetupDTSB.exe Infected: not-a-virus:AdTool.Win32.WhenU.a skipped
C:\System Volume Information\_restore{148B2EF7-F99F-424C-9252-2AC631E0B5C0}\RP107\A0054006.DLL Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
C:\System Volume Information\_restore{148B2EF7-F99F-424C-9252-2AC631E0B5C0}\RP107\A0054007.DLL Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
C:\System Volume Information\_restore{148B2EF7-F99F-424C-9252-2AC631E0B5C0}\RP107\A0054008.exe Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
C:\System Volume Information\_restore{148B2EF7-F99F-424C-9252-2AC631E0B5C0}\RP108\A0054432.exe Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
C:\System Volume Information\_restore{148B2EF7-F99F-424C-9252-2AC631E0B5C0}\RP108\A0054433.DLL Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
C:\System Volume Information\_restore{148B2EF7-F99F-424C-9252-2AC631E0B5C0}\RP108\A0054434.DLL Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
C:\System Volume Information\_restore{148B2EF7-F99F-424C-9252-2AC631E0B5C0}\RP111\change.log Object is locked skipped
C:\Deckard\System Scanner\backup\WINDOWS\Downloaded Program Files\popcaploader.dll Infected: not-a-virus:Downloader.Win32.PopCap.b skipped
C:\qoobox\Quarantine\C\Program Files\webHancer\Programs\whinstaller.exe.vir Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
C:\qoobox\Quarantine\C\Program Files\webHancer\Programs\WEBHDLL.DLL.vir Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
C:\qoobox\Quarantine\C\Program Files\webHancer\Programs\WHIEHLPR.DLL.vir Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
D:\back-up files\Dondon\My Documents\Dondons Folder\BOTTING SYSTEM\setup_ares.exe/data0020/NHInstall.exe Infected: not-a-virus:AdWare.Win32.NavExcel.d skipped
D:\back-up files\Dondon\My Documents\Dondons Folder\BOTTING SYSTEM\setup_ares.exe/data0020/v2.0.4b.cab/NHelper.dll Infected: not-a-virus:AdWare.Win32.NavExcel.g skipped
D:\back-up files\Dondon\My Documents\Dondons Folder\BOTTING SYSTEM\setup_ares.exe/data0020/v2.0.4b.cab/NHUninstaller.exe Infected: not-a-virus:AdWare.Win32.NavExcel skipped
D:\back-up files\Dondon\My Documents\Dondons Folder\BOTTING SYSTEM\setup_ares.exe/data0020/v2.0.4b.cab/NHUpdater.exe Infected: not-a-virus:AdWare.Win32.NavExcel.b skipped
D:\back-up files\Dondon\My Documents\Dondons Folder\BOTTING SYSTEM\setup_ares.exe/data0020/v2.0.4b.cab Infected: not-a-virus:AdWare.Win32.NavExcel.b skipped
D:\back-up files\Dondon\My Documents\Dondons Folder\BOTTING SYSTEM\setup_ares.exe/data0020 Infected: not-a-virus:AdWare.Win32.NavExcel.b skipped
D:\back-up files\Dondon\My Documents\Dondons Folder\BOTTING SYSTEM\setup_ares.exe/data0021 Infected: not-a-virus:AdWare.Win32.NavExcel.i skipped
D:\back-up files\Dondon\My Documents\Dondons Folder\BOTTING SYSTEM\setup_ares.exe NSIS: infected - 7 skipped
D:\back-up files\Dondon\My Documents\Dondons Folder\BOTTING SYSTEM\BSINSTALL.exe/WISE0024.BIN/data0001.cab/VVSN.exe Infected: not-a-virus:AdWare.Win32.SaveNow.z skipped
D:\back-up files\Dondon\My Documents\Dondons Folder\BOTTING SYSTEM\BSINSTALL.exe/WISE0024.BIN/data0001.cab Infected: not-a-virus:AdWare.Win32.SaveNow.z skipped
D:\back-up files\Dondon\My Documents\Dondons Folder\BOTTING SYSTEM\BSINSTALL.exe/WISE0024.BIN Infected: not-a-virus:AdWare.Win32.SaveNow.z skipped
D:\back-up files\Dondon\My Documents\Dondons Folder\BOTTING SYSTEM\BSINSTALL.exe WiseSFX: infected - 3 skipped
D:\back-up files\Dondon\My Documents\Dondons Folder\BOTTING SYSTEM\BSINSTALL.exe WiseSFXDropper: infected - 3 skipped
D:\back-up files\Dondons Folder\New Folder\BSINSTALL.exe/WISE0024.BIN/data0001.cab/VVSN.exe Infected: not-a-virus:AdWare.Win32.SaveNow.z skipped
D:\back-up files\Dondons Folder\New Folder\BSINSTALL.exe/WISE0024.BIN/data0001.cab Infected: not-a-virus:AdWare.Win32.SaveNow.z skipped
D:\back-up files\Dondons Folder\New Folder\BSINSTALL.exe/WISE0024.BIN Infected: not-a-virus:AdWare.Win32.SaveNow.z skipped
D:\back-up files\Dondons Folder\New Folder\BSINSTALL.exe WiseSFX: infected - 3 skipped
D:\back-up files\Dondons Folder\New Folder\BSINSTALL.exe WiseSFXDropper: infected - 3 skipped
D:\back-up files\paola's folder\setups\setup_ares.exe/data0037/NHInstall.exe Infected: not-a-virus:AdWare.Win32.NavExcel.d skipped
D:\back-up files\paola's folder\setups\setup_ares.exe/data0037/v2.0.4b.cab/NHelper.dll Infected: not-a-virus:AdWare.Win32.NavExcel.g skipped
D:\back-up files\paola's folder\setups\setup_ares.exe/data0037/v2.0.4b.cab/NHUninstaller.exe Infected: not-a-virus:AdWare.Win32.NavExcel skipped
D:\back-up files\paola's folder\setups\setup_ares.exe/data0037/v2.0.4b.cab/NHUpdater.exe Infected: not-a-virus:AdWare.Win32.NavExcel.b skipped
D:\back-up files\paola's folder\setups\setup_ares.exe/data0037/v2.0.4b.cab Infected: not-a-virus:AdWare.Win32.NavExcel.b skipped
D:\back-up files\paola's folder\setups\setup_ares.exe/data0037 Infected: not-a-virus:AdWare.Win32.NavExcel.b skipped
D:\back-up files\paola's folder\setups\setup_ares.exe/data0038 Infected: not-a-virus:AdWare.Win32.NavExcel.i skipped
D:\back-up files\paola's folder\setups\setup_ares.exe NSIS: infected - 7 skipped
D:\back-up files\paola's folder\setups\BSINSTALL.exe/WISE0023.BIN/data0001.cab/VVSN.exe Infected: not-a-virus:AdWare.Win32.SaveNow.z skipped
D:\back-up files\paola's folder\setups\BSINSTALL.exe/WISE0023.BIN/data0001.cab Infected: not-a-virus:AdWare.Win32.SaveNow.z skipped
D:\back-up files\paola's folder\setups\BSINSTALL.exe/WISE0023.BIN Infected: not-a-virus:AdWare.Win32.SaveNow.z skipped
D:\back-up files\paola's folder\setups\BSINSTALL.exe/WISE0027.BIN Infected: not-a-virus:AdTool.Win32.WhenU.a skipped
D:\back-up files\paola's folder\setups\BSINSTALL.exe WiseSFX: infected - 4 skipped
D:\back-up files\paola's folder\setups\BSINSTALL.exe WiseSFXDropper: infected - 4 skipped
E:\System Volume Information\_restore{148B2EF7-F99F-424C-9252-2AC631E0B5C0}\RP111\change.log Object is locked skipped
E:\new backup from c\charry\asin.wm Infected: Trojan-Downloader.WMA.Wimad.m skipped
E:\new backup from c\paola\setup\setup_ares.exe/data0037/NHInstall.exe Infected: not-a-virus:AdWare.Win32.NavExcel.d skipped
E:\new backup from c\paola\setup\setup_ares.exe/data0037/v2.0.4b.cab/NHelper.dll Infected: not-a-virus:AdWare.Win32.NavExcel.g skipped
E:\new backup from c\paola\setup\setup_ares.exe/data0037/v2.0.4b.cab/NHUninstaller.exe Infected: not-a-virus:AdWare.Win32.NavExcel skipped
E:\new backup from c\paola\setup\setup_ares.exe/data0037/v2.0.4b.cab/NHUpdater.exe Infected: not-a-virus:AdWare.Win32.NavExcel.b skipped
E:\new backup from c\paola\setup\setup_ares.exe/data0037/v2.0.4b.cab Infected: not-a-virus:AdWare.Win32.NavExcel.b skipped
E:\new backup from c\paola\setup\setup_ares.exe/data0037 Infected: not-a-virus:AdWare.Win32.NavExcel.b skipped
E:\new backup from c\paola\setup\setup_ares.exe/data0038 Infected: not-a-virus:AdWare.Win32.NavExcel.i skipped
E:\new backup from c\paola\setup\setup_ares.exe NSIS: infected - 7 skipped
E:\new backup from c\paola\setup\bsplayer142.833.exe/data0011 Infected: not-a-virus:AdTool.Win32.WhenU.a skipped
E:\new backup from c\paola\setup\bsplayer142.833.exe NSIS: infected - 1 skipped
E:\new backup from c\repair systems\combofix.exe/0 Infected: Trojan.WinREG.Disabler.l skipped
E:\new backup from c\repair systems\combofix.exe/10 Infected: Trojan.WinREG.Qoologic skipped
E:\new backup from c\repair systems\combofix.exe/3 Infected: Trojan.BAT.Agent.aj skipped
E:\new backup from c\repair systems\combofix.exe/4 Infected: Trojan.BAT.Agent.ak skipped
E:\new backup from c\repair systems\combofix.exe/9 Infected: Trojan.BAT.Agent.al skipped
E:\new backup from c\repair systems\combofix.exe QuickBatch: infected - 5 skipped
E:\new backup from c\repair systems\combofix.exe UPX: infected - 5 skipped
E:\new backup from c\repair systems\combofix.exe PE_Patch.UPX: infected - 5 skipped
E:\new backup from c\repair systems\SmitfraudFix.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
E:\new backup from c\repair systems\SmitfraudFix.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
E:\new backup from c\repair systems\SmitfraudFix.exe RarSFX: infected - 2 skipped
E:\new backup from c\repair systems\SmitfraudFix.exe PE_Patch.UPX: infected - 2 skipped
E:\new backup from c\repair systems\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
E:\DonDon's games\o2jam pud\backu