same spyware again and again

[xdragonx]

i always run spyboy search and destroy about 3 times a week and for about a week i have been getting the same spyware again and again it just wont go away here is my logfile.....

Logfile of HijackThis v1.99.1
Scan saved at 701 PM, on 1/20/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\PhotoLinker.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Freechal\Fileguri\FileguriMain.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\Program Files\TVAnts\Tvants.exe
C:\WINDOWS\system32\conime.exe
C:\Program Files\FlashGet\flashget.exe
C:\Program Files\HotBrowser\HotBrowser.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\hijackthis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program

Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1

\FlashGet\jccatch.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program

Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} -

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AceSearch Class - {E0AACEAB-625A-4DDE-865F-16763445E314} - C:\Program

Files\acetoolbar\acebarext.dll (file missing)
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1

\FlashGet\fgiebar.dll
O3 - Toolbar: ACE Aø¹U(&X) - {A83C19E3-55A4-4a75-AC5B-5BA0CE86CDB2} - C:\Program

Files\acetoolbar\acebar.dll (file missing)
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10

\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio

Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef

/Migration32
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime

-Delay
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5

\avgas.exe" /minimized
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common

Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Cass Oxyion] C:\WINDOWS\wizonbm.exe
O4 - HKLM\..\Run: [pcdata] "C:\WINDOWS\system32\pcdata.exe" /shide
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software

Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [Fileguri] "C:\Program Files\Freechal\Fileguri\Fileguri.exe"

PathFileguri /background
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --

force_start_minimized
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WindowsACEbar] C:\Program Files\acetoolbar\acebarupdate.exe
O4 - HKCU\..\Run: [PhotoLinker] C:\WINDOWS\system32\PhotoLinker.exe
O4 - HKCU\..\Run: [dalgonaTVPlayer] C:\Program

Files\dalgonaTVPlayer\dalgonaTVPlayer.exe /WS
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe

Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat

7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital

Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital

Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2

\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: 플래쉬겟으로 모두 받기 - C:\Program

Files\FlashGet\jc_all.htm
O8 - Extra context menu item: 플래쉬겟으로 받기 - C:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}

- C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1

\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program

Files\AIM\aim.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1

\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} -

C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683}

- C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0AE0F5F9-8233-49A4-A3C8-004CE190787B} (BMSpeedCheck Control) -
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation

Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {68253470-5D4F-4CDF-8D9C-353C14A2F013} (SVPorsche Control) -

http://imgcdn.pandora.tv/pan_img/liv.../SVPorsche.cab
O16 - DPF: {7FC751A9-492D-41B1-9F8D-D2C8809D8907} (EmoWebInstallerCtl Class) -

http://pimg.hanmail.net/tv/cabs_2005...VInstaller.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -

http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {9B75502C-BBED-4BBD-8FE2-822E5E0AD32C} (MagicLockOCX Control) -

http://www.diodeo.com/DioDeoPlayer.cab
O16 - DPF: {9BF607E0-4CC1-4099-9A07-362C9E4FB090} (WStarter Control) -

http://live.pdbox.co.kr:8057/WStarter.cab
O16 - DPF: {9C33ABEA-52B6-4895-85B0-E3BAB337EE3E} (Pull0PlayerX Control) -

http://pullshot.pullbbang.com/images/Pull0Player.ocx
O16 - DPF: {A79A1664-9145-4B61-A34B-0139959EE714} (DioDeoPlayer Control) -

http://www.diodeo.com/DioDeoPlayer.cab
O16 - DPF: {A9A10555-AD70-4A69-A440-9159867E61B9} (muzmvset Class) -

http://player.muz.co.kr/package/muzmvset.cab
O16 - DPF: {AF11AA64-87A5-4146-AF3B-A7BD0F278485} (SBStarter Control) -

http://download.soribada.com/down/So...24/SBStart.CAB
O16 - DPF: {AF60D574-F249-4243-8040-5521AAA5BB5E} (PandoraTVSet Class) -

http://imgcdn.pandora.tv/pan_img/p3p...e/pdrtvset.cab
O16 - DPF: {B9B38E70-EEF6-4E3A-AE84-DDE59A053B7C} (Daum ActiveX manager Class) -

http://cafeimg.hanmail.net/cto/xman.cab?ver=1,2,3,1
O16 - DPF: {BD6BB450-7C69-43B8-96F3-689CAE57AB51} (SBSWebPlayer Class) -

http://netv.sbs.co.kr/object/player/SBSWebPlayer.cab
O16 - DPF: {BE81B237-0EE9-40F6-BABB-0CE2C1DA7832} (ImPlayer Control) -

http://activexdown.paran.com/paranac...a/ImPlayer.cab
O16 - DPF: {C294E262-4EC1-4407-8AB9-787269BC875D} (search_cb Control) -

http://www.findclubbox.co.kr/ax_cb/cb.cab
O16 - DPF: {C2C16510-10F4-46FE-A82C-4846435EBDEB} (p3muzset Class) -

http://casx.musiccity.co.kr/damoim/dll/p3damoimset.cab
O16 - DPF: {C4CD0ED6-5C46-432D-BF4E-3069700DEEBD} (PhotoTVControl Control) -

http://www.myphototv.com/Box/Control...oTVControl.cab
O16 - DPF: {D0122112-9444-463A-AE2D-7EF5E2793AEE} (ADZEROInstaller Class) -

http://update.ad-zero.com/cab/ADZEROCom.cab
O16 - DPF: {D26A941D-7E89-4098-B583-43291FC14218} (Pull0PlayerX Control) -

http://image.pullbbang.com/images/Pull0Control.ocx
O16 - DPF: {DF472C86-9DD8-46C4-86D3-4A861DE82650} (LiveUpdate Class) -

http://imgcdn.pandora.tv/pan_img/liv...iveUpdater.cab
O16 - DPF: {F4A1D5E2-AF49-47A7-A945-23038106F3A4} (Pandora_SetUp Control) -

http://imgcdn.pandora.tv/pan_img/lau...ra_SetUpAX.cab
O16 - DPF: {F9483795-6A21-47A0-949B-77E3E8A41989} (KTHPlayerCtrl Control) -

http://mbox.paran.com/mbox/cabinets/KTHPlayerCtrl.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1

\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1

\MSGRAP~1.DLL
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - WgaLogon.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe

Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32

\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program

Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program

Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation -

C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program

Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation

- C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation -

C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec

AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation -

C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program

Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program

Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec

AntiVirus\Rtvscan.exe

[xdragonx]

ok my computer is starting to slow down alot

[Ried]

Hello again xdragonx,

It's very difficult to analyze your log in that format. Please run a new scan with HijackThis, make sure WordWrap is Off, then post your log here and we'll get started.

[xdragonx]

hello again ried ...sorry bout that here is the new log file with word warp off...

Logfile of HijackThis v1.99.1
Scan saved at 6:03:07 PM, on 1/23/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\PhotoLinker.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Freechal\Fileguri\FileguriMain.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\conime.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\hijackthis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AceSearch Class - {E0AACEAB-625A-4DDE-865F-16763445E314} - C:\Program Files\acetoolbar\acebarext.dll (file missing)
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: ACE Aø¹U(&X) - {A83C19E3-55A4-4a75-AC5B-5BA0CE86CDB2} - C:\Program Files\acetoolbar\acebar.dll (file missing)
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Cass Oxyion] C:\WINDOWS\wizonbm.exe
O4 - HKLM\..\Run: [pcdata] "C:\WINDOWS\system32\pcdata.exe" /shide
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [Fileguri] "C:\Program Files\Freechal\Fileguri\Fileguri.exe" PathFileguri /background
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WindowsACEbar] C:\Program Files\acetoolbar\acebarupdate.exe
O4 - HKCU\..\Run: [PhotoLinker] C:\WINDOWS\system32\PhotoLinker.exe
O4 - HKCU\..\Run: [dalgonaTVPlayer] C:\Program Files\dalgonaTVPlayer\dalgonaTVPlayer.exe /WS
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: 플래쉬겟으로 모두 받기 - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: 플래쉬겟으로 받기 - C:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0AE0F5F9-8233-49A4-A3C8-004CE190787B} (BMSpeedCheck Control) -
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {68253470-5D4F-4CDF-8D9C-353C14A2F013} (SVPorsche Control) - http://imgcdn.pandora.tv/pan_img/liv.../SVPorsche.cab
O16 - DPF: {7FC751A9-492D-41B1-9F8D-D2C8809D8907} (EmoWebInstallerCtl Class) - http://pimg.hanmail.net/tv/cabs_2005...VInstaller.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {9B75502C-BBED-4BBD-8FE2-822E5E0AD32C} (MagicLockOCX Control) - http://www.diodeo.com/DioDeoPlayer.cab
O16 - DPF: {9BF607E0-4CC1-4099-9A07-362C9E4FB090} (WStarter Control) - http://live.pdbox.co.kr:8057/WStarter.cab
O16 - DPF: {9C33ABEA-52B6-4895-85B0-E3BAB337EE3E} (Pull0PlayerX Control) - http://pullshot.pullbbang.com/images/Pull0Player.ocx
O16 - DPF: {A79A1664-9145-4B61-A34B-0139959EE714} (DioDeoPlayer Control) - http://www.diodeo.com/DioDeoPlayer.cab
O16 - DPF: {A9A10555-AD70-4A69-A440-9159867E61B9} (muzmvset Class) - http://player.muz.co.kr/package/muzmvset.cab
O16 - DPF: {AF11AA64-87A5-4146-AF3B-A7BD0F278485} (SBStarter Control) - http://download.soribada.com/down/So...24/SBStart.CAB
O16 - DPF: {AF60D574-F249-4243-8040-5521AAA5BB5E} (PandoraTVSet Class) - http://imgcdn.pandora.tv/pan_img/p3p...e/pdrtvset.cab
O16 - DPF: {B9B38E70-EEF6-4E3A-AE84-DDE59A053B7C} (Daum ActiveX manager Class) - http://cafeimg.hanmail.net/cto/xman.cab?ver=1,2,3,1
O16 - DPF: {BD6BB450-7C69-43B8-96F3-689CAE57AB51} (SBSWebPlayer Class) - http://netv.sbs.co.kr/object/player/SBSWebPlayer.cab
O16 - DPF: {BE81B237-0EE9-40F6-BABB-0CE2C1DA7832} (ImPlayer Control) - http://activexdown.paran.com/paranac...a/ImPlayer.cab
O16 - DPF: {C294E262-4EC1-4407-8AB9-787269BC875D} (search_cb Control) - http://www.findclubbox.co.kr/ax_cb/cb.cab
O16 - DPF: {C2C16510-10F4-46FE-A82C-4846435EBDEB} (p3muzset Class) - http://casx.musiccity.co.kr/damoim/dll/p3damoimset.cab
O16 - DPF: {C4CD0ED6-5C46-432D-BF4E-3069700DEEBD} (PhotoTVControl Control) - http://www.myphototv.com/Box/Control...oTVControl.cab
O16 - DPF: {D0122112-9444-463A-AE2D-7EF5E2793AEE} (ADZEROInstaller Class) - http://update.ad-zero.com/cab/ADZEROCom.cab
O16 - DPF: {D26A941D-7E89-4098-B583-43291FC14218} (Pull0PlayerX Control) - http://image.pullbbang.com/images/Pull0Control.ocx
O16 - DPF: {DF472C86-9DD8-46C4-86D3-4A861DE82650} (LiveUpdate Class) - http://imgcdn.pandora.tv/pan_img/liv...iveUpdater.cab
O16 - DPF: {F4A1D5E2-AF49-47A7-A945-23038106F3A4} (Pandora_SetUp Control) - http://imgcdn.pandora.tv/pan_img/lau...ra_SetUpAX.cab
O16 - DPF: {F9483795-6A21-47A0-949B-77E3E8A41989} (KTHPlayerCtrl Control) - http://mbox.paran.com/mbox/cabinets/KTHPlayerCtrl.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - WgaLogon.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

[Ried]

Hiya,

You've downloaded a lot of programs since we last cleaned your system. Some are known to be 'bad', others I'm not finding much on so you may want to consider what programs you added and when the spyware began to come onto your system.

Please copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

***************************************************

Please ensure AVG Anti-Spyware has the latest definitions:

Double-click the icon on Desktop to launch AVG

• On the top of the main screen click Update.
• Then click on Start Update. The update will start and a progress bar will show the updates being installed.
• Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
• Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
• Under "Reports"
  • Select "Automatically generate report after every scan"
  • Un-Select "Only if threats were found"

When you have finished updating, EXIT AVG Anti Spyware. Do Not run a scan just yet, we will shortly.

--------------------------------------------------------------------

Please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Use the up arrow key to highlight Safe Mode and press Enter.
5) Login with your usual account. Make sure to close any open browsers.

--------------------------------------------------------------------

Uninstall the following via the Add/Remove Panel (Start->(Settings)->Control Panel->Add/Remove Programs) if they exist:

acetoolbar
dalgonaTVPlayer

--------------------------------------------------------------------

Open HijackThis and click on 'Do a System Scan Only'. 'Check' the following entries:

O2 - BHO: AceSearch Class - {E0AACEAB-625A-4DDE-865F-16763445E314} - C:\Program Files\acetoolbar\acebarext.dll (file missing)
O3 - Toolbar: ACE Aø¹U(&X) - {A83C19E3-55A4-4a75-AC5B-5BA0CE86CDB2} - C:\Program Files\acetoolbar\acebar.dll (file missing)
O4 - HKLM\..\Run: [Cass Oxyion] C:\WINDOWS\wizonbm.exe
O4 - HKCU\..\Run: [WindowsACEbar] C:\Program Files\acetoolbar\acebarupdate.exe
O4 - HKCU\..\Run: [dalgonaTVPlayer] C:\Program Files\dalgonaTVPlayer\dalgonaTVPlayer.exe /WS

Click 'Fix Checked' and close HijackThis.

--------------------------------------------------------------------

Go to My Computer->Tools->Folder Options->View tab:
* Under the Hidden files and folders heading:
* select Show hidden files and folders.
* Uncheck Hide protected operating system files (recommended) option.
*Also, make sure there is no checkmark beside Hide file extensions for known file types.
* Click OK.

--------------------------------------------------------------------

Using 'My Computer', navigate to and delete the following File and Folders if they still exist.

C:\WINDOWS\ wizonbm.exe
C:\Program Files\ acetoolbar
C:\Program Files\ dalgonaTVPlayer

--------------------------------------------------------------------

You should still have CleanUp from our last session:

*WARNING* Cleanup deletes EVERYTHING out of temp/temporary folders and does not make backups. If you have any documents or programs that are saved in any Temporary Folders, please make a backup of these before running CleanUp! or move them to a permanent location.

Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu). Set the program up as follows:
*Click "Options..."
*Move the arrow down to "Custom CleanUp!"
*Put a check next to the following:

• Empty Recycle Bins
• Delete Cookies
• Delete Prefetch files
• Cleanup! All Users
• Click on the "Temporary Files" and uncheck the box for "Scan drives for file matching" if it's checked.

Click OK
Press the CleanUp! button to start the program. Do NOT reboot/logoff when prompted.

--------------------------------------------------------------------

IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess:
Run AVG Anti-Spyware with it's updated definitions:(...it's important that all windows must be closed)

• Click Scanner
• Click on the Scan tab
• Click Complete System Scan to begin scanning.
  Once the scan is complete do the following:
• If you have any infections you will prompted, **Please ensure it is set to Quarantine then select "Apply all actions"
• Once finished, click the Save report button, then click Save Report As and save it to your desktop. (make sure to remember where you saved that file, this is important).

--------------------------------------------------------------------

Reboot into Normal Mode.

--------------------------------------------------------------------

Please run this online scan to search for any remnants. It can take some time, so please be patient and allow it to run it's full course:

Perform an online scan with Internet Explorer with Panda ActiveScan

1. Click on located at the bottom of the page.
2. A "pop up" window will appear. * Please ensure that your pop up blocker doesn't block it *
3. Enter your e-mail address, country, and state & click "Free Online Scan" *The download of the 8 MB Panda's ActiveX control will take place*

Begin the scan by selecting

• If it finds any malware, it will offer you a report.
• Please ignore any entry it finds and the offer to buy the program to remove the entry, as we will address this later.
• Click on then click

* You needn't remain online while it's doing the scan but you have to re-connect after it has finished to see the report.
* Turn off the real time scanner of any existing antivirus program while performing the online scan

--------------------------------------------------------------------

Download Combofix and save it to your desktop.

**Note: It is important that it is saved directly to your desktop**

-------------------------------------

Close any open browsers.

-------------------------------------

Double click on combofix.exe & follow the prompts.
When finished, it shall produce a log for you.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall

Post the ComboFix.txt in your next reply.

--------------------------------------------------------------------

Run a new scan with HijackThis and save the log.

--------------------------------------------------------------------

Please include the following in your next reply:

AVG Anti-Spyware results
Panda results
ComboFix.txt
New HijackThis log

[xdragonx]

here is the avg results

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 9:43:59 PM 1/24/2007

+ Scan result:



Nothing found.


::Report end


the panda report

Incident Status Location

Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\1sivde9s.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\1sivde9s.default\cookies.txt[.atdmt.com/]
Adware:Adware/Ezurl Not disinfected C:\WINDOWS\system32\cbhproc.dll

[xdragonx]

here is the combo fix report

"admin" - 07-01-25 15:37:58 Service Pack 2
ComboFix 07-01-25 - Running from: "C:\Documents and Settings\admin\Desktop"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\SVKP.sys


((((((((((((((((((((((((((((((( Files Created from 2006-12-25 to 2007-01-25 ))))))))))))))))))))))))))))))))))


2007-01-24 21:55 <DIR> d-------- C:\WINDOWS\LastGood
2007-01-24 18:07 272,384 --a------ C:\dalgonaTVPlayer.exe
2007-01-23 19:07 <DIR> d-------- C:\Program Files\Smart Projects
2007-01-22 20:24 <DIR> d-------- C:\Program Files\danny_kay1710
2007-01-19 21:21 <DIR> d-------- C:\Program Files\Stardock
2007-01-19 21:20 12,119,320 --a------ C:\Program Files\iconpackager_public.exe
2007-01-18 18:45 <DIR> d-------- C:\Program Files\windows vista icon
2007-01-18 18:40 <DIR> d-------- C:\Program Files\windows vista cg
2007-01-18 18:16 <DIR> d-------- C:\Program Files\Common Files\stardock
2007-01-18 16:42 <DIR> d-------- C:\Program Files\TGTSoft
2007-01-18 16:39 <DIR> d-------- C:\Program Files\windows vista theme
2007-01-17 18:54 <DIR> d-------- C:\WINDOWS\Prefetch
2007-01-16 22:13 95,424 --------- C:\WINDOWS\system32\drivers\slnthal.sys
2007-01-16 22:13 9,728 --------- C:\WINDOWS\system32\rwnh.dll
2007-01-16 22:13 9,728 --------- C:\WINDOWS\system32\comsdupd.exe
2007-01-16 22:13 870,784 --------- C:\WINDOWS\system32\ati3d1ag.dll
2007-01-16 22:13 86,016 --------- C:\WINDOWS\system32\mdmxsdk.dll
2007-01-16 22:13 78,464 --------- C:\WINDOWS\system32\drivers\usbvideo.sys
2007-01-16 22:13 73,832 --------- C:\WINDOWS\system32\slcoinst.dll
2007-01-16 22:13 73,796 --------- C:\WINDOWS\system32\slserv.exe
2007-01-16 22:13 73,216 --------- C:\WINDOWS\system32\drivers\atintuxx.sys
2007-01-16 22:13 685,056 --------- C:\WINDOWS\system32\drivers\hsfcxts2.sys
2007-01-16 22:13 63,663 --------- C:\WINDOWS\system32\drivers\ati1rvxx.sys
2007-01-16 22:13 63,488 --------- C:\WINDOWS\system32\drivers\atinxsxx.sys
2007-01-16 22:13 6,016 --------- C:\WINDOWS\system32\drivers\smbali.sys
2007-01-16 22:13 59,648 --------- C:\WINDOWS\system32\drivers\rfcomm.sys
2007-01-16 22:13 57,856 --------- C:\WINDOWS\system32\drivers\atinbtxx.sys
2007-01-16 22:13 56,623 --------- C:\WINDOWS\system32\drivers\ati1btxx.sys
2007-01-16 22:13 52,224 --------- C:\WINDOWS\system32\drivers\atinraxx.sys
2007-01-16 22:13 46,464 --------- C:\WINDOWS\system32\drivers\gagp30kx.sys
2007-01-16 22:13 452,736 --------- C:\WINDOWS\system32\drivers\mtxparhm.sys
2007-01-16 22:13 44,928 --------- C:\WINDOWS\system32\drivers\agpcpq.sys
2007-01-16 22:13 43,008 --------- C:\WINDOWS\system32\drivers\amdagp.sys
2007-01-16 22:13 42,752 --------- C:\WINDOWS\system32\drivers\alim1541.sys
2007-01-16 22:13 42,368 --------- C:\WINDOWS\system32\drivers\agp440.sys
2007-01-16 22:13 42,240 --------- C:\WINDOWS\system32\drivers\viaagp.sys
2007-01-16 22:13 41,088 --------- C:\WINDOWS\system32\drivers\sisagp.sys
2007-01-16 22:13 404,990 --------- C:\WINDOWS\system32\drivers\slntamr.sys
2007-01-16 22:13 40,832 --------- C:\WINDOWS\system32\drivers\irbus.sys
2007-01-16 22:13 4,274,816 --------- C:\WINDOWS\system32\nv4_disp.dll
2007-01-16 22:13 4,255 --------- C:\WINDOWS\system32\drivers\adv01nt5.dll
2007-01-16 22:13 397,056 --------- C:\WINDOWS\system32\s3gnb.dll
2007-01-16 22:13 38,016 --------- C:\WINDOWS\system32\drivers\bthmodem.sys
2007-01-16 22:13 377,984 --------- C:\WINDOWS\system32\ati2dvaa.dll
2007-01-16 22:13 36,463 --------- C:\WINDOWS\system32\drivers\ati1tuxx.sys
2007-01-16 22:13 35,456 --------- C:\WINDOWS\system32\drivers\bthprint.sys
2007-01-16 22:13 34,735 --------- C:\WINDOWS\system32\drivers\ati1xsxx.sys
2007-01-16 22:13 327,040 --------- C:\WINDOWS\system32\drivers\ati2mtaa.sys
2007-01-16 22:13 32,866 --------- C:\WINDOWS\system32\slrundll.exe
2007-01-16 22:13 32,866 --------- C:\WINDOWS\slrundll.exe
2007-01-16 22:13 32,768 --------- C:\WINDOWS\system32\ativtmxx.dll
2007-01-16 22:13 32,285 --------- C:\WINDOWS\system32\hsfcisp2.dll
2007-01-16 22:13 31,744 --------- C:\WINDOWS\system32\drivers\atinxbxx.sys
2007-01-16 22:13 30,671 --------- C:\WINDOWS\system32\drivers\ati1raxx.sys
2007-01-16 22:13 30,080 --------- C:\WINDOWS\system32\drivers\rndismpx.sys
2007-01-16 22:13 3,967 --------- C:\WINDOWS\system32\drivers\adv02nt5.dll
2007-01-16 22:13 3,901 --------- C:\WINDOWS\system32\drivers\siint5.dll
2007-01-16 22:13 3,775 --------- C:\WINDOWS\system32\drivers\adv11nt5.dll
2007-01-16 22:13 3,711 --------- C:\WINDOWS\system32\drivers\adv09nt5.dll
2007-01-16 22:13 3,647 --------- C:\WINDOWS\system32\drivers\adv07nt5.dll
2007-01-16 22:13 3,615 --------- C:\WINDOWS\system32\drivers\adv05nt5.dll
2007-01-16 22:13 3,135 --------- C:\WINDOWS\system32\drivers\adv08nt5.dll
2007-01-16 22:13 29,455 --------- C:\WINDOWS\system32\drivers\ati1xbxx.sys
2007-01-16 22:13 286,792 --------- C:\WINDOWS\system32\slextspk.dll
2007-01-16 22:13 28,672 --------- C:\WINDOWS\system32\drivers\atinsnxx.sys
2007-01-16 22:13 274,304 --------- C:\WINDOWS\system32\drivers\bthport.sys
2007-01-16 22:13 26,367 --------- C:\WINDOWS\system32\drivers\ati1snxx.sys
2007-01-16 22:13 25,600 --------- C:\WINDOWS\system32\drivers\hidbth.sys
2007-01-16 22:13 25,471 --------- C:\WINDOWS\system32\drivers\watv10nt.sys
2007-01-16 22:13 25,471 --------- C:\WINDOWS\system32\drivers\atv04nt5.dll
2007-01-16 22:13 220,032 --------- C:\WINDOWS\system32\drivers\hsfbs2s2.sys
2007-01-16 22:13 22,271 --------- C:\WINDOWS\system32\drivers\watv06nt.sys
2007-01-16 22:13 21,343 --------- C:\WINDOWS\system32\drivers\ati1ttxx.sys
2007-01-16 22:13 21,183 --------- C:\WINDOWS\system32\drivers\atv01nt5.dll
2007-01-16 22:13 188,508 --------- C:\WINDOWS\system32\slgen.dll
2007-01-16 22:13 180,360 --------- C:\WINDOWS\system32\drivers\ntmtlfax.sys
2007-01-16 22:13 18,944 --------- C:\WINDOWS\system32\drivers\bthusb.sys
2007-01-16 22:13 17,279 --------- C:\WINDOWS\system32\drivers\atv10nt5.dll
2007-01-16 22:13 17,024 --------- C:\WINDOWS\system32\drivers\bthenum.sys
2007-01-16 22:13 166,912 --------- C:\WINDOWS\system32\drivers\s3gnbm.sys
2007-01-16 22:13 15,423 --------- C:\WINDOWS\system32\drivers\ch7xxnt5.dll
2007-01-16 22:13 15,104 --------- C:\WINDOWS\system32\drivers\hidir.sys
2007-01-16 22:13 14,336 --------- C:\WINDOWS\system32\drivers\atinpdxx.sys
2007-01-16 22:13 14,143 --------- C:\WINDOWS\system32\drivers\atv06nt5.dll
2007-01-16 22:13 13,824 --------- C:\WINDOWS\system32\drivers\atinttxx.sys
2007-01-16 22:13 13,824 --------- C:\WINDOWS\system32\drivers\atinmdxx.sys
2007-01-16 22:13 13,776 --------- C:\WINDOWS\system32\drivers\recagent.sys
2007-01-16 22:13 13,568 --------- C:\WINDOWS\system32\drivers\wacompen.sys
2007-01-16 22:13 13,240 --------- C:\WINDOWS\system32\drivers\slwdmsup.sys
2007-01-16 22:13 129,535 --------- C:\WINDOWS\system32\drivers\slnt7554.sys
2007-01-16 22:13 126,686 --------- C:\WINDOWS\system32\drivers\mtlmnt5.sys
2007-01-16 22:13 12,672 --------- C:\WINDOWS\system32\drivers\usb8023x.sys
2007-01-16 22:13 12,672 --------- C:\WINDOWS\system32\drivers\mutohpen.sys
2007-01-16 22:13 12,047 --------- C:\WINDOWS\system32\drivers\ati1pdxx.sys
2007-01-16 22:13 11,935 --------- C:\WINDOWS\system32\drivers\wadv11nt.sys
2007-01-16 22:13 11,871 --------- C:\WINDOWS\system32\drivers\wadv09nt.sys
2007-01-16 22:13 11,868 --------- C:\WINDOWS\system32\drivers\mdmxsdk.sys
2007-01-16 22:13 11,807 --------- C:\WINDOWS\system32\drivers\wadv07nt.sys
2007-01-16 22:13 11,615 --------- C:\WINDOWS\system32\drivers\ati1mdxx.sys
2007-01-16 22:13 11,359 --------- C:\WINDOWS\system32\drivers\atv02nt5.dll
2007-01-16 22:13 11,325 --------- C:\WINDOWS\system32\drivers\vchnt5.dll
2007-01-16 22:13 11,295 --------- C:\WINDOWS\system32\drivers\wadv08nt.sys
2007-01-16 22:13 104,960 --------- C:\WINDOWS\system32\drivers\atinrvxx.sys
2007-01-16 22:13 100,992 --------- C:\WINDOWS\system32\drivers\bthpan.sys
2007-01-16 22:13 10,752 --------- C:\WINDOWS\system32\smtpapi.dll
2007-01-16 22:13 1,897,408 --------- C:\WINDOWS\system32\drivers\nv4_mini.sys
2007-01-16 22:13 1,737,856 --------- C:\WINDOWS\system32\mtxparhd.dll
2007-01-16 22:13 1,309,184 --------- C:\WINDOWS\system32\drivers\mtlstrm.sys
2007-01-16 22:13 1,041,536 --------- C:\WINDOWS\system32\drivers\hsfdpsp2.sys
2007-01-16 22:08 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2007-01-15 13:07 <DIR> d-------- C:\Program Files\Mozilla Firefox
2007-01-15 12:54 5,971,432 --a------ C:\Program Files\Firefox Setup 2.0.0.1.exe
2007-01-13 20:35 <DIR> d-------- C:\WINDOWS\WBEM
2007-01-13 20:35 <DIR> d-------- C:\WINDOWS\system32\en-US
2007-01-13 20:29 <DIR> d-------- C:\WINDOWS\network diagnostic
2007-01-13 20:23 15,505,200 --a------ C:\Program Files\IE7-WindowsXP-x86-enu.exe
2007-01-13 19:51 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2007-01-13 19:51 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2007-01-13 19:43 <DIR> d-------- C:\Program Files\windows genuine crack
2007-01-13 19:36 25,755,448 --a------ C:\Program Files\wmp11-windowsxp-x86-enu.exe
2007-01-11 21:46 <DIR> d-------- C:\DOCUME~1\admin\Application Data\HP
2007-01-11 21:45 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\HP
2007-01-11 21:44 <DIR> d-------- C:\bin
2007-01-11 21:42 <DIR> d-------- C:\Program Files\Common Files\Sonic Shared
2007-01-11 21:42 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Sonic
2007-01-11 21:40 <DIR> d-------- C:\Program Files\Common Files\HP
2007-01-11 21:37 <DIR> d-------- C:\Program Files\Hewlett-Packard
2007-01-11 21:37 <DIR> d-------- C:\Program Files\Common Files\Hewlett-Packard
2007-01-11 21:36 49,664 -ra------ C:\WINDOWS\system32\drivers\HPZid412.sys
2007-01-11 21:36 16,496 -ra------ C:\WINDOWS\system32\drivers\HPZipr12.sys
2007-01-11 21:35 77,824 -ra------ C:\WINDOWS\system32\HPZIDS01.dll
2007-01-11 21:35 38,400 --a------ C:\WINDOWS\system32\hpz3l054.dll
2007-01-11 21:35 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2007-01-11 21:33 94,208 --a------ C:\WINDOWS\system32\HPZipt12.dll
2007-01-11 21:33 69,632 --a------ C:\WINDOWS\system32\HPZipm12.exe
2007-01-11 21:33 65,536 --a------ C:\WINDOWS\system32\HPZinw12.exe
2007-01-11 21:33 57,344 --a------ C:\WINDOWS\system32\HPZisn12.dll
2007-01-11 21:33 282,680 --a------ C:\WINDOWS\system32\HPZidr12.dll
2007-01-11 21:33 204,800 --a------ C:\WINDOWS\system32\HPZipr12.dll
2007-01-11 21:32 <DIR> d-------- C:\Program Files\HP
2007-01-11 21:31 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2007-01-08 17:58 36,528 --------- C:\WINDOWS\system32\drivers\PxHelp20.sys
2007-01-08 17:58 129,784 --------- C:\WINDOWS\system32\pxafs.dll
2007-01-08 17:58 115,880 --------- C:\WINDOWS\system32\pxinsi64.exe
2007-01-08 17:57 6,653,000 --a------ C:\Program Files\winamp532_full_emusic-7plus.exe
2007-01-06 03:19 466,944 --a------ C:\WINDOWS\system32\PhotoTVPlayer.exe
2007-01-06 03:19 217,088 --a------ C:\WINDOWS\system32\PhotoLinker.exe
2007-01-05 17:34 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2007-01-05 17:33 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2007-01-05 13:05 456,392 --a------ C:\WINDOWS\system32\muzctrl.dll
2007-01-05 13:05 167,936 --a------ C:\WINDOWS\system32\muz.exe
2007-01-05 13:05 135,168 --a------ C:\WINDOWS\system32\muzmf1.dll
2007-01-01 03:48 <DIR> d-------- C:\Program Files\MyTV
2007-01-01 03:46 <DIR> d-------- C:\Program Files\Daum
2006-12-28 20:45 <DIR> d-------- C:\WINDOWS\Sun
2006-12-27 15:33 252,416 --a------ C:\Program Files\uninstall_flash_player.exe
2006-12-27 15:24 <DIR> d-------- C:\DOCUME~1\admin\Application Data\Sun
2006-12-25 20:10 <DIR> d-------- C:\DOCUME~1\admin\Application Data\GetRightToGo
2006-12-25 19:40 23,510,720 --a------ C:\Program Files\dotnetfx.exe
2006-12-25 18:25 <DIR> d-------- C:\07_backup_2
2006-12-25 18:13 <DIR> d-------- C:\Program Files\Fifa Master
2006-12-25 16:57 <DIR> d-------- C:\Program Files\EA SPORTS
2006-12-25 13:49 <DIR> d-------- C:\Program Files\DAEMON Tools
2006-12-25 13:43 639,224 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2006-12-25 13:22 1,511,320 --a------ C:\Program Files\daemon408-x86.exe


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-01-25 15:36 -------- d-------- C:\Program Files\flashget
2007-01-24 22:45 -------- d-------- C:\Program Files\winamp
2007-01-24 22:44 -------- d-------- C:\Program Files\symantec antivirus
2007-01-24 22:39 -------- d-------- C:\Program Files\msn messenger
2007-01-24 22:28 -------- d-------- C:\Program Files\Common Files\symantec shared
2007-01-24 22:26 -------- d-------- C:\Program Files\aim
2007-01-24 21:51 -------- d-------- C:\DOCUME~1\admin\Application Data\fileguri
2007-01-24 18:08 -------- d-------- C:\Program Files\hijackthis
2007-01-23 18:42 -------- d-------- C:\Program Files\hotbrowser
2007-01-20 13:38 778240 --a------ C:\WINDOWS\system32\pdrtvctl.dll
2007-01-20 13:38 204800 --a------ C:\WINDOWS\system32\pdrtvsvr.exe
2007-01-20 13:38 204800 --a------ C:\WINDOWS\system32\pdrtvf2.dll
2007-01-20 13:38 147456 --a------ C:\WINDOWS\system32\pdrtvf1.dll
2007-01-20 13:38 1091584 --a------ C:\WINDOWS\system32\pavc.dll
2007-01-19 22:30 -------- d-------- C:\DOCUME~1\admin\Application Data\utorrent
2007-01-19 21:34 201 --ah----- C:\Program Files\desktop.ini
2007-01-19 21:16 19415424 --a------ C:\Program Files\stylexpinstallmale.zip
2007-01-18 21:28 -------- d-------- C:\Program Files\stepmania
2007-01-18 19:22 -------- d-------- C:\DOCUME~1\admin\Application Data\limewire
2007-01-18 19:03 2455613 --a------ C:\Program Files\vista-high-px-icontweaker-crystalxp.net-223978102.zip
2007-01-18 18:53 863669 --a------ C:\Program Files\vista-high-px-iconpackager-crystalxp.net-217578102.zip
2007-01-18 18:47 8072279 --a------ C:\Program Files\vista-ultimate-crystalxp.net-283378102.zip
2007-01-18 18:40 1381251 --a------ C:\Program Files\vista-cg-crystalxp.net-250578102.zip
2007-01-18 16:25 1608857 --a------ C:\Program Files\vista-inspirat-crystalxp.net-212778102.zip
2007-01-16 16:33 -------- d-------- C:\DOCUME~1\admin\Application Data\adobe
2007-01-15 13:07 -------- d-------- C:\DOCUME~1\admin\Application Data\mozilla
2007-01-14 19:07 -------- d--h----- C:\Program Files\installshield installation information
2007-01-14 18:57 -------- d---s---- C:\DOCUME~1\admin\Application Data\microsoft
2007-01-13 19:48 665 --a------ C:\Program Files\windowslicence.rar
2007-01-13 15:42 936624 --a------ C:\Program Files\windows.genuine.advantage.validation.v1.5.723.1.cracked-eth0.rar
2006-12-27 15:03 -------- d-------- C:\Program Files\java
2006-12-25 19:17 65536 --a------ C:\WINDOWS\ifinst27.exe
2006-12-23 22:46 -------- d-------- C:\Program Files\fruityloops3
2006-12-21 03:22 716800 --a------ C:\WINDOWS\system32\muzmvctl.dll
2006-12-21 03:22 28672 --a------ C:\WINDOWS\system32\mzwhatimlisten2.dll
2006-12-21 03:22 192512 --a------ C:\WINDOWS\system32\muzmvf2.dll
2006-12-21 03:22 176128 --a------ C:\WINDOWS\system32\muzmvsvr.exe
2006-12-21 03:22 143360 --a------ C:\WINDOWS\system32\muzmvf1.dll
2006-12-19 23:46 24576 --a------ C:\WINDOWS\system32\pcdata.exe
2006-12-18 14:12 161040 --a------ C:\WINDOWS\system32\websetup2.exe
2006-12-18 03:00 53248 --a------ C:\Program Files\movireader.exe
2006-12-18 01:26 -------- d-------- C:\Program Files\littlegiant
2006-12-17 22:46 1785856 --a------ C:\WINDOWS\system32\sbswebplayercore.dll
2006-12-06 21:29 2374472 --a------ C:\WINDOWS\system32\wmvcore.dll
2006-12-05 01:51 155648 --a------ C:\WINDOWS\system32\pcturbor.exe
2006-12-02 12:57 359808 --a------ C:\WINDOWS\system32\drivers\TCPIP.SYS
2006-12-02 12:57 -------- d-------- C:\Program Files\Common Files\synacast
2006-12-02 12:57 -------- d-------- C:\DOCUME~1\admin\Application Data\pplive
2006-11-30 18:11 -------- d-------- C:\Program Files\dtsfilter
2006-11-30 18:10 415794 --a------ C:\Program Files\dtsfiltersetup.exe
2006-11-25 18:20 -------- d-------- C:\DOCUME~1\admin\Application Data\sports interactive
2006-11-25 17:41 -------- d-------- C:\Program Files\sports interactive
2006-11-25 17:39 -------- d-------- C:\Program Files\Common Files\installshield
2006-11-19 16:43 8657180 --a------ C:\Program Files\rmcv38.rar
2006-11-14 19:54 507904 --a------ C:\Program Files\ie-spyad.exe
2006-11-07 21:06 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-11-07 18:23 339257 --a------ C:\Program Files\cleanup452.exe
2006-11-07 18:05 6469352 --a------ C:\Program Files\avgas-setup-7.5.0.50.exe
2006-11-07 03:26 13312 --a------ C:\WINDOWS\system32\ieudinit.exe
2006-11-04 15:20 212849 --a------ C:\Program Files\hijackthis.zip
2006-11-04 14:14 1245696 --a------ C:\WINDOWS\system32\msxml4.dll
2006-11-02 15:05 1286144 --a------ C:\WINDOWS\system32\xman.dll
2006-11-01 17:47 143360 --a------ C:\WINDOWS\system32\xmaninf.exe
2006-10-07 17:39 6951803 --a------ C:\Program Files\dvdconverter.rar


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"Fileguri"="\"C:\\Program Files\\Freechal\\Fileguri\\Fileguri.exe\" PathFileguri /background"
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"BitTorrent"="\"C:\\Program Files\\BitTorrent\\bittorrent.exe\" --force_start_minimized"
"AIM"="C:\\Program Files\\AIM\\aim.exe -cnetwait.odl"
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"PhotoLinker"="C:\\WINDOWS\\system32\\PhotoLinker.exe"
"STYLEXP"="C:\\Program Files\\TGTSoft\\StyleXP\\StyleXP.exe -Hide"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"vptray"="C:\\PROGRA~1\\SYMANT~1\\VPTray.exe"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_10\\bin\\jusched.exe\""
"SoundMan"="SOUNDMAN.EXE"
"RoxioEngineUtility"="\"C:\\Program Files\\Common Files\\Roxio Shared\\System\\EngUtil.exe\""
"RemoteControl"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\""
"PHIME2002ASync"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC"
"PHIME2002A"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName"
"IMJPMIG8.1"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32"
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"ATICCC"="\"C:\\Program Files\\ATI Technologies\\ATI.ACE\\cli.exe\" runtime -Delay"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"DAEMON Tools"="\"C:\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1033"
"pcdata"="\"C:\\WINDOWS\\system32\\pcdata.exe\" /shide"
"WinampAgent"="C:\\Program Files\\Winamp\\winampa.exe"
"HP Software Update"="C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"0aMCPClient"="{F5DF91F9-15E9-416B-A7C3-7519B11ECBFC}"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
Usnsvc REG_MULTI_SZ usnsvc\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0


[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E]
Shell\AutoRun\command E:\RunGame.exe

Completion time: 07-01-25 15:42:49

[xdragonx]

here is the new hijackthis logfile

Logfile of HijackThis v1.99.1
Scan saved at 15:47, on 1/25/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\PhotoLinker.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\conime.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\hijackthis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [pcdata] "C:\WINDOWS\system32\pcdata.exe" /shide
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [Fileguri] "C:\Program Files\Freechal\Fileguri\Fileguri.exe" PathFileguri /background
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [PhotoLinker] C:\WINDOWS\system32\PhotoLinker.exe
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: 플래쉬겟으로 모두 받기 - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: 플래쉬겟으로 받기 - C:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0AE0F5F9-8233-49A4-A3C8-004CE190787B} (BMSpeedCheck Control) -
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {68253470-5D4F-4CDF-8D9C-353C14A2F013} (SVPorsche Control) - http://imgcdn.pandora.tv/pan_img/liv.../SVPorsche.cab
O16 - DPF: {7FC751A9-492D-41B1-9F8D-D2C8809D8907} (EmoWebInstallerCtl Class) - http://pimg.hanmail.net/tv/cabs_2005...VInstaller.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {9B75502C-BBED-4BBD-8FE2-822E5E0AD32C} (MagicLockOCX Control) - http://www.diodeo.com/DioDeoPlayer.cab
O16 - DPF: {9BF607E0-4CC1-4099-9A07-362C9E4FB090} (WStarter Control) - http://live.pdbox.co.kr:8057/WStarter.cab
O16 - DPF: {9C33ABEA-52B6-4895-85B0-E3BAB337EE3E} (Pull0PlayerX Control) - http://pullshot.pullbbang.com/images/Pull0Player.ocx
O16 - DPF: {A79A1664-9145-4B61-A34B-0139959EE714} (DioDeoPlayer Control) - http://www.diodeo.com/DioDeoPlayer.cab
O16 - DPF: {A9A10555-AD70-4A69-A440-9159867E61B9} (muzmvset Class) - http://player.muz.co.kr/package/muzmvset.cab
O16 - DPF: {AF11AA64-87A5-4146-AF3B-A7BD0F278485} (SBStarter Control) - http://download.soribada.com/down/So...24/SBStart.CAB
O16 - DPF: {AF60D574-F249-4243-8040-5521AAA5BB5E} (PandoraTVSet Class) - http://imgcdn.pandora.tv/pan_img/p3p...e/pdrtvset.cab
O16 - DPF: {B9B38E70-EEF6-4E3A-AE84-DDE59A053B7C} (Daum ActiveX manager Class) - http://cafeimg.hanmail.net/cto/xman.cab?ver=1,2,3,1
O16 - DPF: {BD6BB450-7C69-43B8-96F3-689CAE57AB51} (SBSWebPlayer Class) - http://netv.sbs.co.kr/object/player/SBSWebPlayer.cab
O16 - DPF: {BE81B237-0EE9-40F6-BABB-0CE2C1DA7832} (ImPlayer Control) - http://activexdown.paran.com/paranac...a/ImPlayer.cab
O16 - DPF: {C294E262-4EC1-4407-8AB9-787269BC875D} (search_cb Control) - http://www.findclubbox.co.kr/ax_cb/cb.cab
O16 - DPF: {C2C16510-10F4-46FE-A82C-4846435EBDEB} (p3muzset Class) - http://casx.musiccity.co.kr/damoim/dll/p3damoimset.cab
O16 - DPF: {C4CD0ED6-5C46-432D-BF4E-3069700DEEBD} (PhotoTVControl Control) - http://www.myphototv.com/Box/Control...oTVControl.cab
O16 - DPF: {D0122112-9444-463A-AE2D-7EF5E2793AEE} (ADZEROInstaller Class) - http://update.ad-zero.com/cab/ADZEROCom.cab
O16 - DPF: {D26A941D-7E89-4098-B583-43291FC14218} (Pull0PlayerX Control) - http://image.pullbbang.com/images/Pull0Control.ocx
O16 - DPF: {DF472C86-9DD8-46C4-86D3-4A861DE82650} (LiveUpdate Class) - http://imgcdn.pandora.tv/pan_img/liv...iveUpdater.cab
O16 - DPF: {F4A1D5E2-AF49-47A7-A945-23038106F3A4} (Pandora_SetUp Control) - http://imgcdn.pandora.tv/pan_img/lau...ra_SetUpAX.cab
O16 - DPF: {F9483795-6A21-47A0-949B-77E3E8A41989} (KTHPlayerCtrl Control) - http://mbox.paran.com/mbox/cabinets/KTHPlayerCtrl.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - WgaLogon.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

[Ried]

Hi,

Delete this file:

C:\WINDOWS\system32\ cbhproc.dll

**If the above resists deletion, boot into Safe Mode and delete it.

--------------------------------------------------------

How is your system behaving now? Is Spybot still finding the same malware over and over? If so, what is it finding?

[xdragonx]

comp is back to normal ....thanks again ried

[Ried]

Glad to hear it. You need to be careful of the sites you visit and where you get your downloads from. This time around, I'm going to suggest this free program to help you with that:

Download the McAfee Site Advisor--free. The folks there check out websites and based on their findings, rate it as Safe, Unknown, Caution, Bad.


Reset hidden/system files and folders
Windows XP
===============
Click Start.
* Open My Computer.
* Select the Tools menu and click Folder Options.
* Select the View tab.
* Deselect the Show hidden files and folders option.
* Select the Hide file extensions for known types option.
* Select the Hide protected operating system files option.
Click Yes to confirm.
Click OK.

Enable Windows Auto Update
*Go to Start>Run - type wuaucpl.cpl
*Tick on the checkbox - "Automatically download the updates, and install them on the schedule that I specify".
Click on "OK".

Create a new System Restore point
Click Start >> Run - type SYSDM.CPL & press Enter
* Select the System Restore Tab
* Tick on the checkbox - "Turn off System Restore on all drives"
Click Apply
* Then untick the same checkbox & click OK
This will prevent any reinfection from previous restore points.

[xdragonx]

once again thanks ried