crazymusic_lover19

Alright. Everything is duly noted. Once again, thank you very much for walking me through this entire thing. I really appreciate the wonderful help.

MBAM and HJT logfiles are as follows. Malwarebytes' Anti-Malware 1.33 Database version: 1730 Windows 5.1.2600 Service Pack 3 2/5/2009 8:03:07 PM mbam-log-2009-02-05 (20-03-07).txt Scan type: Quick Scan Objects scanned: 55101 Time elapsed: 4 minute(s), 25 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 8:03:19 PM, on 2/5/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\WINDOWS\VMSnap3.EXE C:\WINDOWS\Domino.EXE C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\DNA\btdna.exe C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe C:\Program Files\FinePixViewer\QuickDCF2.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe C:\WINDOWS\SYSTEM32\NOTEPAD.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [skyTel] SkyTel.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon O4 - HKLM\..\Run: [VMSnap3] C:\WINDOWS\VMSnap3.EXE O4 - HKLM\..\Run: [Domino] C:\WINDOWS\Domino.EXE O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [ClubBox] "C:\WINDOWS\system32\clubbox.exe" -l O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Program Files\DNA\btdna.exe" O4 - HKCU\..\Run: [cdloader] "C:\Documents and Settings\Chua\Application Data\mjusbsp\cdloader2.exe" MAGICJACK O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe" O4 - Global Startup: Bluetooth.lnk = ? O4 - Global Startup: ExifLauncher2.lnk = C:\Program Files\FinePixViewer\QuickDCF2.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/as...abs/tgctlsr.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1219554141350 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O23 - Service: avast! iAVS4 Control Service (aswupdsv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus (avast! antivirus) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner (avast! mail scanner) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner (avast! web scanner) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: Creative Service for CDROM Access (creative service for cdrom access) - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe -- End of file - 9422 bytes The computer is running great. It's as fast as it once was. Booting doesn't take much time and no error messages are popping up. Everything is back to normal and I'm really happy to say that there are no signs of infection anymore. Thank you very much for all the help.

Here are the MBAM and ComboFix logfiles. Thank you. Malwarebytes' Anti-Malware 1.33 Database version: 1730 Windows 5.1.2600 Service Pack 3 2/5/2009 6:55:09 PM mbam-log-2009-02-05 (18-55-09).txt Scan type: Quick Scan Objects scanned: 55634 Time elapsed: 4 minute(s), 51 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) ComboFix 09-02-04.04 - Chua 2009-02-05 18:58:58.2 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.573 [GMT 8:00] Running from: c:\documents and settings\Chua\Desktop\ComboFix.exe AV: avast! antivirus 4.8.1296 [VPS 090204-0] *On-access scanning disabled* (Updated) * Created a new restore point . ((((((((((((((((((((((((( Files Created from 2009-01-05 to 2009-02-05 ))))))))))))))))))))))))))))))) . 2009-02-03 20:34 . 2009-02-03 20:34 0 --a------ c:\windows\system32\RENF.tmp 2009-02-03 20:34 . 2009-02-03 20:34 0 --a------ c:\windows\system32\RENE.tmp 2009-02-03 20:34 . 2009-02-03 20:34 0 --a------ c:\windows\system32\REND.tmp 2009-02-03 01:36 . 2008-04-14 02:45 15,104 --a------ c:\windows\system32\drivers\usbscan.sys 2009-02-03 01:36 . 2008-04-14 02:45 15,104 --a--c--- c:\windows\system32\dllcache\usbscan.sys 2009-02-03 01:36 . 2001-08-17 22:36 5,632 --a------ c:\windows\system32\ptpusb.dll 2009-02-03 01:35 . 2008-04-14 08:12 159,232 --a------ c:\windows\system32\ptpusd.dll 2009-02-03 01:32 . 2009-02-03 01:36 <DIR> d-------- c:\documents and settings\Chua\Application Data\FUJIFILM 2009-02-03 01:30 . 2009-02-03 01:30 <DIR> d-------- c:\program files\REGSHAVE 2009-02-03 01:30 . 2009-02-03 20:19 <DIR> d-------- c:\program files\FinePixViewer 2009-02-03 01:30 . 2009-02-03 01:30 <DIR> d-------- c:\documents and settings\Chua\Application Data\InstallShield 2009-02-03 01:30 . 2003-09-03 16:45 274,432 --a------ c:\windows\system32\FFTIFF16.dll 2009-02-03 01:30 . 2006-07-12 14:39 208,896 --a------ c:\windows\system32\FFRafShellEx.dll 2009-02-03 01:30 . 2004-07-24 21:28 155,648 --a------ c:\windows\system32\FFRAFLIB.DLL 2009-02-03 01:30 . 2001-11-25 19:11 81,924 --------- c:\windows\system32\drivers\VC4CB104.SYS 2009-02-03 01:30 . 2002-02-06 00:33 69,632 --------- c:\windows\system32\FREGSHEX.DLL 2009-02-03 01:30 . 2002-02-27 19:27 65,536 --------- c:\windows\system32\FINFCHECK.dll 2009-02-03 01:30 . 2002-06-25 10:06 45,056 --------- c:\windows\system32\FINFCOPY.dll 2009-02-03 01:30 . 2002-02-13 18:00 45,056 --------- c:\windows\system32\FCLKBTN.DLL 2009-02-02 20:31 . 2009-02-02 20:31 <DIR> d-------- c:\program files\Trend Micro 2009-02-02 01:43 . 2009-02-05 02:29 <DIR> d-------- c:\documents and settings\Chua\.housecall6.6 2009-02-01 22:52 . 2009-02-01 22:52 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Malwarebytes 2009-02-01 19:24 . 2009-02-01 19:24 <DIR> d-------- c:\windows\system32\XPSViewer 2009-02-01 19:24 . 2009-02-01 19:24 <DIR> d-------- c:\program files\Reference Assemblies 2009-02-01 19:24 . 2009-02-01 19:24 <DIR> d-------- c:\program files\MSBuild 2009-02-01 19:23 . 2009-02-01 19:23 <DIR> d-------- C:\8957ead3fed9c454fe91 2009-02-01 19:23 . 2008-07-06 20:06 1,676,288 --------- c:\windows\system32\xpssvcs.dll 2009-02-01 19:23 . 2008-07-06 20:06 1,676,288 -----c--- c:\windows\system32\dllcache\xpssvcs.dll 2009-02-01 19:23 . 2008-07-06 18:50 597,504 -----c--- c:\windows\system32\dllcache\printfilterpipelinesvc.exe 2009-02-01 19:23 . 2008-07-06 20:06 575,488 --------- c:\windows\system32\xpsshhdr.dll 2009-02-01 19:23 . 2008-07-06 20:06 575,488 -----c--- c:\windows\system32\dllcache\xpsshhdr.dll 2009-02-01 19:23 . 2008-07-06 20:06 117,760 --------- c:\windows\system32\prntvpt.dll 2009-02-01 19:23 . 2008-07-06 20:06 89,088 -----c--- c:\windows\system32\dllcache\filterpipelineprintproc.dll 2009-02-01 19:18 . 2009-02-02 18:51 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware 2009-02-01 19:18 . 2009-02-01 19:18 <DIR> d-------- c:\documents and settings\Chua\Application Data\Malwarebytes 2009-02-01 19:18 . 2009-02-01 19:18 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-02-01 19:18 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2009-02-01 19:18 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2009-02-01 17:46 . 2009-02-01 17:54 <DIR> d-------- c:\program files\RegistryFix7 2009-02-01 16:07 . 2009-02-01 16:07 <DIR> d-------- c:\documents and settings\Administrator\Application Data\IObit 2009-02-01 15:57 . 2009-02-01 15:57 <DIR> d-------- c:\documents and settings\Administrator 2009-02-01 13:03 . 2009-02-01 13:03 61 --a------ c:\windows\wininit.ini 2009-01-31 23:05 . 1999-12-13 01:01 44,032 --------- c:\windows\system32\CTSVCCDA.EXE 2009-01-31 23:05 . 1999-11-18 01:00 25,088 --------- c:\windows\system32\CTSVCCTL.EXE 2009-01-31 22:59 . 2009-01-31 22:59 <DIR> d-------- c:\documents and settings\All Users\Application Data\Creative 2009-01-31 21:37 . 2003-10-03 13:21 174,592 --a------ c:\windows\system32\framedyn.dll 2009-01-31 20:05 . 2009-01-31 20:05 <DIR> d-------- c:\windows\E80F62FF5D3C4A1984099721F2928206.TMP 2009-01-31 19:57 . 2008-12-22 04:36 34 --a------ c:\documents and settings\Chua\readme.bat 2009-01-31 19:57 . 2009-01-31 20:34 2 --a------ C:\941367105 2009-01-31 18:52 . 2009-01-31 18:52 4,096 --a------ c:\windows\system32\drivers\symlcbrd.sys 2009-01-25 19:39 . 2001-08-17 22:37 24,576 --a--c--- c:\windows\system32\dllcache\agcgauge.ax 2009-01-25 13:57 . 2009-01-29 20:09 27 --a------ c:\windows\option.ini 2009-01-25 13:49 . 2009-01-25 13:49 <DIR> d-------- c:\program files\e-Games 2009-01-24 15:21 . 2009-01-24 15:21 <DIR> d-------- c:\program files\NOS 2009-01-24 15:21 . 2009-01-24 15:21 <DIR> d-------- c:\documents and settings\All Users\Application Data\NOS 2009-01-24 14:22 . 2009-01-24 14:22 <DIR> d-------- c:\program files\Alwil Software 2009-01-24 13:52 . 2009-01-24 13:52 <DIR> d-------- c:\documents and settings\Chua\Application Data\IObit 2009-01-24 13:37 . 2009-01-24 13:37 <DIR> d-------- c:\documents and settings\Chua\Application Data\vlc 2009-01-24 01:32 . 2009-01-24 01:32 <DIR> d-------- c:\program files\Common Files\xing shared 2009-01-24 01:31 . 2009-01-24 01:31 <DIR> d-------- c:\program files\Real 2009-01-24 00:14 . 2009-01-24 00:17 <DIR> d-------- c:\windows\system32\unknown 2009-01-23 14:09 . 2008-10-10 04:52 4,379,984 --a------ c:\windows\system32\D3DX9_40.dll 2009-01-23 14:09 . 2008-10-10 04:52 2,036,576 --a------ c:\windows\system32\D3DCompiler_40.dll 2009-01-23 14:09 . 2008-10-27 10:04 514,384 --a------ c:\windows\system32\XAudio2_3.dll 2009-01-23 14:09 . 2008-10-10 04:52 452,440 --a------ c:\windows\system32\d3dx10_40.dll 2009-01-23 14:09 . 2008-10-27 10:04 235,856 --a------ c:\windows\system32\xactengine3_3.dll 2009-01-23 14:09 . 2008-10-27 10:04 70,992 --a------ c:\windows\system32\XAPOFX1_2.dll 2009-01-23 14:09 . 2008-10-27 10:04 23,376 --a------ c:\windows\system32\X3DAudio1_5.dll 2009-01-21 18:36 . 2009-02-02 17:01 410,984 --a------ c:\windows\system32\deploytk.dll 2009-01-17 16:13 . 2009-01-17 16:13 <DIR> d-------- c:\documents and settings\Chua\Application Data\Audio Record Edit Toolbox Pro 2009-01-12 21:13 . 2009-01-31 10:02 <DIR> d-------- c:\documents and settings\Chua\Application Data\mjusbsp 2009-01-12 20:53 . 2008-04-14 02:45 60,032 --a------ c:\windows\system32\drivers\USBAUDIO.sys 2009-01-12 20:53 . 2008-04-14 02:45 60,032 --a--c--- c:\windows\system32\dllcache\usbaudio.sys 2009-01-12 20:53 . 2008-04-14 02:45 10,368 --a------ c:\windows\system32\drivers\hidusb.sys 2009-01-12 20:53 . 2008-04-14 02:45 10,368 --a--c--- c:\windows\system32\dllcache\hidusb.sys 2009-01-12 20:52 . 2008-04-14 02:45 32,128 --a------ c:\windows\system32\drivers\usbccgp.sys 2009-01-12 20:52 . 2008-04-14 02:45 32,128 --a--c--- c:\windows\system32\dllcache\usbccgp.sys 2009-01-10 01:30 . 2009-01-10 01:30 <DIR> d-------- c:\program files\Audio Recorder for Free . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-02-05 11:00 --------- d-----w c:\documents and settings\Chua\Application Data\DNA 2009-02-05 10:10 --------- d-----w c:\program files\DNA 2009-02-03 14:00 --------- d-----w c:\documents and settings\Chua\Application Data\BitTorrent 2009-02-02 17:32 --------- d--h--w c:\program files\InstallShield Installation Information 2009-02-02 10:05 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP 2009-01-31 15:08 --------- d--h--w c:\program files\Creative Installation Information 2009-01-31 15:01 --------- d-----w c:\program files\Creative 2009-01-31 12:33 --------- d-----w c:\program files\Common Files\Symantec Shared 2009-01-27 17:04 --------- d-----w c:\documents and settings\Chua\Application Data\GetRight 2009-01-27 17:03 1,508 ----a-w c:\windows\system32\ealregsnapshot1.reg 2009-01-26 12:18 --------- d-----w c:\documents and settings\Chua\Application Data\LimeWire 2009-01-26 10:16 --------- d-----w c:\documents and settings\All Users\Application Data\Yahoo! 2009-01-23 18:21 --------- d-----w c:\program files\Flock 2009-01-23 17:45 --------- d-----w c:\documents and settings\Chua\Application Data\Flock 2009-01-23 17:32 --------- d-----w c:\program files\Common Files\Real 2009-01-23 17:26 --------- d-----w c:\program files\GRETECH 2008-12-30 05:40 1,626,112 ----a-r c:\windows\system32\clubbox.exe 2008-12-21 04:39 --------- d-----w c:\program files\Windows Live SkyDrive 2008-12-21 04:39 --------- d-----w c:\program files\Microsoft 2008-12-13 12:26 --------- d-----w c:\program files\ffdshow 2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys 2008-12-05 15:47 --------- d-----w c:\program files\BitTorrent 2008-12-02 14:37 49,480 ----a-w c:\windows\system32\sirenacm.dll 2008-11-13 12:45 15,104 ----a-r c:\windows\system32\nowmemdf.sys 2008-11-13 12:36 155,648 ----a-r c:\windows\system32\downengine.dll 2008-08-26 06:51 30,024 ----a-w c:\documents and settings\Chua\Application Data\GDIPFONTCACHEV1.DAT 2008-09-04 09:27 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008081820080825\index.dat 2008-09-04 09:27 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008090420080905\index.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-01-08 4363504] "MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2008-12-02 3882312] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232] "BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2008-12-16 342848] "cdloader"="c:\documents and settings\Chua\Application Data\mjusbsp\cdloader2.exe" [2008-12-18 50520] "CTSyncU.exe"="c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe" [2006-09-28 700416] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952] "PHIME2002ASync"="c:\windows\System32\IME\TINTLGNT\TINTSETP.EXE" [2002-08-29 455168] "PHIME2002A"="c:\windows\System32\IME\TINTLGNT\TINTSETP.EXE" [2002-08-29 455168] "NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2006-03-09 7561216] "NvMediaCenter"="c:\windows\System32\NvMcTray.dll" [2006-03-09 86016] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2005-01-12 32768] "Easy-PrintToolBox"="c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2004-01-14 409600] "VMSnap3"="c:\windows\VMSnap3.EXE" [2006-08-30 49152] "Domino"="c:\windows\Domino.EXE" [2006-06-28 49152] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672] "ClubBox"="c:\windows\system32\clubbox.exe" [2008-12-30 1626112] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-01-24 185872] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-27 81000] "REGSHAVE"="c:\program files\REGSHAVE\REGSHAVE.EXE" [2002-02-04 53248] "RTHDCPL"="RTHDCPL.EXE" [2006-11-14 c:\windows\RTHDCPL.exe] "SkyTel"="SkyTel.EXE" [2006-05-16 c:\windows\SkyTel.exe] "nwiz"="nwiz.exe" [2006-03-09 c:\windows\system32\nwiz.exe] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2005-10-09 610365] ExifLauncher2.lnk - c:\program files\FinePixViewer\QuickDCF2.exe [2009-02-03 303104] [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"= "c:\\Program Files\\DNA\\btdna.exe"= "c:\\Program Files\\BitTorrent\\bittorrent.exe"= "c:\\WINDOWS\\system32\\FSCAgent.exe"= "c:\\WINDOWS\\system32\\ClubBox.exe"= "c:\\WINDOWS\\system32\\grdmgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Documents and Settings\\Chua\\Application Data\\mjusbsp\\magicJack.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "2251:UDP"= 2251:UDP:Windows Media Format SDK (firefox.exe) "2250:UDP"= 2250:UDP:Windows Media Format SDK (firefox.exe) "2253:UDP"= 2253:UDP:Windows Media Format SDK (firefox.exe) "2356:UDP"= 2356:UDP:Windows Media Format SDK (firefox.exe) "2357:UDP"= 2357:UDP:Windows Media Format SDK (firefox.exe) "2359:UDP"= 2359:UDP:Windows Media Format SDK (firefox.exe) R1 aswsp;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-01-31 111184] R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [2008-08-24 13696] R2 aswfsblk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-01-31 20560] R3 DM9USB;DM9601 USB To Fast Ethernet Adapter;c:\windows\system32\drivers\dm9usb.sys [2008-08-24 54272] R3 vmfilter303;vmfilter303;c:\windows\system32\drivers\vmfilter303.sys [2008-08-24 428160] S0 mglpewgn;mglpewgn;c:\windows\system32\drivers\mglpewgn.sys --> c:\windows\system32\drivers\mglpewgn.sys [?] S1 ethdmirb;ethdmirb;c:\windows\system32\drivers\ethdmirb.sys --> c:\windows\system32\drivers\ethdmirb.sys [?] S3 getPlus® Helper;getPlus® Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2009-01-24 33752] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d590e80d-e091-11dd-a686-00606e000062}] \Shell\AutoRun\command - E:\autorun.exe \Shell\phone\command - E:\autorun.exe . Contents of the 'Scheduled Tasks' folder 2009-02-04 c:\windows\Tasks\avast! Antivirus.job - c:\progra~1\ALWILS~1\Avast4\ashAvast.exe [2008-11-27 01:13] . - - - - ORPHANS REMOVED - - - - BHO-{e46bdcf0-99a4-4dab-8447-5f7856322a86} - c:\windows\system32\ativvax.dll . ------- Supplementary Scan ------- . uStart Page = about:blank IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm Trusted Zone: clubbox.co.kr\www DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab FF - ProfilePath - c:\documents and settings\Chua\Application Data\Mozilla\Firefox\Profiles\fz8wr221.default\ FF - prefs.js: browser.startup.homepage - about:blank FF - component: c:\documents and settings\Chua\Application Data\Mozilla\Firefox\Profiles\fz8wr221.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}\platform\WINNT\components\FoxyTunes.dll FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll FF - plugin: c:\program files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll ---- FIREFOX POLICIES ---- FF - user.js: general.useragent.extra.zencast - Creative ZENcast v1.02.12);user_pref(general.useragent.extra.zencast, . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-02-05 19:01:36 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2009-02-05 19:03:49 ComboFix-quarantined-files.txt 2009-02-05 11:03:18 Pre-Run: 85,289,725,952 bytes free Post-Run: 85,299,875,840 bytes free 233 --- E O F --- 2009-01-21 00:45:48

I think the AntiVir got it and others, as well. I ran MBAM Quick Scan right after AntiVir was done and MBAM showed there were no more infected files. Anyway, here is the logfile of AntiVir that I wrote down. Thank you so very much. AntiVir/Linux Version 2.1.12-113 Copyright © 2008 by Avira GmbH. All Rights Reserved. VDF Version: 1.1.1.222 Created 03 Feb 2009 AntiVir License: 149995 for AntiVir Rescue System checking the master boot record of drive 128 error (25): cannot read record checking the master boot record of driver 129 error (2): cannot read record auto excluding /sys/ from scans (is a special fs) auto exluding /proc from scans (is a special fs) checking drive/path (list): /mnt/ /mnt/sda1/bofde.exe ALERT: [TR/Drop.stj.78] /mnt/sda1/bofde.exe <<< Is a Trojan horse TR/Prop.stj.78 not removable. file renamed. /mnt/sda1/urwkcn.exe ALERT: [TR/Drop.stj.78] /mnt/sda1/urwkcn.exe <<< Is the Trojan horse TR/Drop.stj.78 not removable. file renamed. /mnt/sda1/Documents and Settings/Chua/.housecall.16.6/Quarantine/11.tmp.bac_a0156 ALERT: [TR/Dropper.Gen] /mnt/sda1/Documents and Settings/Chua/.housecall.16.6/Quarantine/11.tmp.bac_a0156 <<< Is the Trojan horse TR/Dropper.Gen not removable. file renamed. /mnt/sda1/Document and Setttings/Chua/Desktop/ComboFix.Exe ALERT: [TR/Dropper.Gen] /mnt/sda1/Document and Setttings/Chua/Desktop/ComboFix.Exe --> 32788K22FWJFW\Prep.com <<< Is the Trojan horse TR/Dropper.Gen /mnt/sda1/Document and Setttings/Chua/Desktop/ComboFix.Exe ALERT: [APPL/PSExec.E] /mnt/sda1/Document and Setttings/Chua/Desktop/ComboFix.Exe --> 32788.R22FWJFW\psexec.cfexe <<< Contains detection pattern of the application APPL/PsExec.E file renamed. /mnt/sda1/System Volume Information/_restore{1457a33x-f2b7-430D-AA17-63DCADC2878A}RP3/A0001612.exe ALERT: [TR/Fakealert.FM] /mnt/sda1/System Volume Information/_restore{1457a33x-f2b7-430D-AA17-63DCADC2878A}RP3/A0001612.exe <<< Is the Trojan horse TR/Fakealert.FM not removable. file renamed. /mnt/sda1/System Volume Information/_restore{1457A33C-F2B7-430D-AA47-63DCADC2878A}.RP3/A0001624.exe ALERT: [TR/Trash.Gen] /mnt/sda1/System Volume Information/_restore{1457A33C-F2B7-430D-AA47-63DCADC2878A}.RP3/A0001624.exe <<< Is the Trojan horse TR/Trash.Gen not removable. file renamed. /mnt/sda1/System Volume Information/_restore{1457A33C-F2B7-430D-AA47-63DCADC2878A}.RP3/A0001625.exe ALERT: [TR/Trash.Gen] /mnt/sda1/System Volume Information/_restore{1457A33C-F2B7-430D-AA47-63DCADC2878A}.RP3/A0001625.exe <<< Is the Trojan horse TR/Trash.Gen not removable. file renamed. /mnt/sda1/System Volume Information/_restore{1457A33C-F2B7-430D-AA17-63DCADC2878A}/RP7/A0002016.exe ALERT: [sPR/Tool.Reboot.F] /mnt/sda1/System Volume Information/_restore{1457A33C-F2B7-430D-AA17-63DCADC2878A}/RP7/A0002016.exe <<< Contains detection pattern of the SPR/Tool.Reboot.F program not removable. file renamed. /mnt/sda1/System Volume Information/_restore{1457A33C-F2B7-430D-AA17-63DCADC2878A}/RP7/A0001957.exe ALERT: [sPR/Tool.Reboot.F] /mnt/sda1/System Volume Information/_restore{1457A33C-F2B7-430D-AA17-63DCADC2878A}/RP7/A0001957.exe <<< Contains detection pattern of the SPR/Tool.Reboot.F program not removable. file renamed. /mnt/sda1/System Volume Information/_restore{1457A33C-F2B7-430D-AA17-63DCADC2878A}/RP7/A0001958.exe ALERT: [sPR/Tool.Reboot.A] /mnt/sda1/System Volume Information/_restore{1457A33C-F2B7-430D-AA17-63DCADC2878A}/RP7/A0001958.exe <<< Contains detection pattern of the SPR/Tool.Reboot.A program not removable. file renamed. /mnt/sda1/System Volume Information/_restore{1457A33C-F2B7-430D-AA17-63DCADC2878A}/RP7/A0001983.exe ALERT: [sPR/Tool.Reboot.F] /mnt/sda1/System Volume Information/_restore{1457A33C-F2B7-430D-AA17-63DCADC2878A}/RP7/A0001983.exe <<< Contains detection pattern of the SPR/Tool.Reboot.F program not removable. file renamed. /mnt/sda1/System Volume Information/_restore{1457A33C-F2B7-430D-AA17-63DCADC2878A}/RP7/A0001984.exe ALERT: [sPR/Tool.Reboot.A] /mnt/sda1/System Volume Information/_restore{1457A33C-F2B7-430D-AA17-63DCADC2878A}/RP7/A0001984.exe <<< Contains detection pattern of the SPR/Tool.Reboot.A program not removable. file renamed. /mnt/sda1/System Volume Information/_restore{1457A33C-F2B7-430D-AA17-63DCADC2878A}/RP7/A0002002.exe ALERT: [sPR/Tool.Reboot.F] /mnt/sda1/System Volume Information/_restore{1457A33C-F2B7-430D-AA17-63DCADC2878A}/RP7/A0002002.exe --> SmitFraudFix/Reboot.exe <<< Contains detection pattern of the SPR/Tool.Reboot.F program /mnt/sda1/System Volume Information/_restore{1457A33C-F2B7-430D-AA17-63DCADC2878A}/RP7/A0002002.exe ALERT: [sPR/Tool.Reboot.A] /mnt/sda1/System Volume Information/_restore{1457A33C-F2B7-430D-AA17-63DCADC2878A}/RP7/A0002002.exe --> SmitFraudFix/Reboot.exe <<< Contains detection pattern of the SPR/Tool.Hardoff.A program file renamed. /mnt/sda1/System Volume Information/_restore{1457A33C-F2B7-430D-AA17-63DCADC2878A}/RP7/A0002017.exe ALERT: [sPR/Tool.Reboot.A] /mnt/sda1/System Volume Information/_restore{1457A33C-F2B7-430D-AA17-63DCADC2878A}/RP7/A0002017.exe <<< Contains detection pattern of the SPR/Tool.Hardoff.A program not removable. file renamed. /mnt/sda1/System Volume Information/_restore{1457A33C-F2B7-430D-AA17-63DCADC2878A}/RP7/A0002093.com ALERT: [TR/Dropper.Gen] /mnt/sda1/System Volume Information/_restore{1457A33C-F2B7-430D-AA17-63DCADC2878A}/RP7/A0002093.com <<< Is the Trojan horse TR/Dropper.Gen not removable. file renamed. /mnt/sda1/System Volume Information/_restore{1457A33C-F2B7-430D-AA17-63DCADC2878A}/RP7/A0002135.exe ALERT: [APPL/PSExec.E] /mnt/sda1/System Volume Information/_restore{1457A33C-F2B7-430D-AA17-63DCADC2878A}/RP7/A0002135.EXE <<< contains detection pattern of the appliction APPL/PSExec.E not removable. file renamed. /mnt/sda1/WINDOWS/PSEXESVC.EXE ALERT: [APPL/PSExec.E] /mnt/sda1/WINDOWS/PSEXESV.EXE <<< Contains detection pattern of the application APPL/PSExec.E not removable. file renamed. /mnt/sda1/WINDOWS/system32/ativvax.dll ALERT: [TR/BHO.Gen] /mnt/sda1/WINDOWS/system32/ativvax.dll <<< Is the Trojan horse TR/BHO.Gen not removable. file renamed. /mnt/sda1/WINDOWS/system32/drivers/ethdmirb.exe ALERT: [TR/Rootkit.Gen] /mnt/sda1/WINDOWS/system32/drivers/ethdmirb.exe <<< Is the Trojan horse TR/Rootkit.Gen not removable. file renamed. /mnt/sda1/WINDOWS/system32/drivers/mglpewgn.sys ALERT: [TR/Rootkit.Gen] /mnt/sda1/WINDOWS/system32/drivers/mglpewgn.sys <<< Is the Trojan horse TR/Rootkit.Gen not removable. file renamed. -----------------scan results----------------- directories: 6243 scanned files: 279600 alerts: 22 suspicious: 0 repaired: 0 renamed: 20 quarantined: 0 scan time: 00.33.57

Hey. I read about the Avira AntiVir Rescue System on the net. Here

Here are the logfiles of JavaRa, MBAM and HJT. Thanks. JavaRa 1.12 Removal Log. Report follows after line. ------------------------------------ The JavaRa removal process was started on Mon Feb 02 17:58:49 2009 Found and removed: C:\Program Files\Java\jre1.6.0_04 Found and removed: C:\Program Files\Java\jre1.6.0_07 Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D610004 Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D610004 Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610004 Found and removed: SOFTWARE\Classes\JavaPlugin.160_04 Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_04 Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_04 Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610004 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610004 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610004 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160040} Found and removed: Software\Classes\JavaPlugin.160_04 Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA} Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_04 Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB} Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_04\ Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_04\bin\ Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_07\bin\ Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\Common Files\Java\Update\Base Images\jre1.6.0.b105\patch-jre1.6.0_04.b12\ ------------------------------------ Finished reporting. JavaRa 1.12 Removal Log. Report follows after line. ------------------------------------ The JavaRa removal process was started on Mon Feb 02 17:59:42 2009 JavaRa 1.12 Removal Log. Report follows after line. ------------------------------------ The JavaRa removal process was started on Mon Feb 02 18:00:19 2009 ------------------------------------ Finished reporting. JavaRa 1.13 Removal Log. Report follows after line. ------------------------------------ The JavaRa removal process was started on Tue Feb 03 20:44:29 2009 ------------------------------------ Finished reporting. Malwarebytes' Anti-Malware 1.33 Database version: 1718 Windows 5.1.2600 Service Pack 3 2/3/2009 20:56:13 mbam-log-2009-02-03 (20-56-13).txt Scan type: Quick Scan Objects scanned: 55025 Time elapsed: 5 minute(s), 53 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 2 Registry Values Infected: 4 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e46bdcf0-99a4-4dab-8447-5f7856322a86} (Trojan.BHO.H) -> Delete on reboot. HKEY_CLASSES_ROOT\CLSID\{e46bdcf0-99a4-4dab-8447-5f7856322a86} (Trojan.BHO.H) -> Delete on reboot. Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bf (Trojan.Agent) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bk (Trojan.Agent) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\iu (Trojan.Agent) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\mu (Trojan.Agent) -> Delete on reboot. Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\WINDOWS\system32\ativvax.dll (Trojan.BHO.H) -> Delete on reboot. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 09:01:42 PM, on 2/3/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\WINDOWS\VMSnap3.EXE C:\WINDOWS\Domino.EXE C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\DNA\btdna.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\FinePixViewer\QuickDCF2.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\fscagent.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wuauclt.exe C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: (no name) - {e46bdcf0-99a4-4dab-8447-5f7856322a86} - C:\WINDOWS\system32\ativvax.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [skyTel] SkyTel.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon O4 - HKLM\..\Run: [VMSnap3] C:\WINDOWS\VMSnap3.EXE O4 - HKLM\..\Run: [Domino] C:\WINDOWS\Domino.EXE O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [ClubBox] "C:\WINDOWS\system32\clubbox.exe" -l O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Program Files\DNA\btdna.exe" O4 - HKCU\..\Run: [cdloader] "C:\Documents and Settings\Chua\Application Data\mjusbsp\cdloader2.exe" MAGICJACK O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe" O4 - Global Startup: Bluetooth.lnk = ? O4 - Global Startup: ExifLauncher2.lnk = C:\Program Files\FinePixViewer\QuickDCF2.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/as...abs/tgctlsr.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1219554141350 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O23 - Service: avast! iAVS4 Control Service (aswupdsv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus (avast! antivirus) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner (avast! mail scanner) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner (avast! web scanner) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: Creative Service for CDROM Access (creative service for cdrom access) - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe -- End of file - 9624 bytes

I ran ComboFix. Also did another HJT Log. Here are the results. Thank you. ComboFix 09-02-02.04 - Chua 2009-02-03 19:49:17.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.587 [GMT 8:00] Running from: c:\documents and settings\Chua\Desktop\ComboFix.exe AV: avast! antivirus 4.8.1296 [VPS 090202-1] *On-access scanning disabled* (Updated) * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\cfcllwpx.ini c:\windows\system32\i c:\windows\system32\tmp.reg c:\windows\Tasks\vrhhxuqk.job . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_protect -------\Service_seneka ((((((((((((((((((((((((( Files Created from 2009-01-03 to 2009-02-03 ))))))))))))))))))))))))))))))) . 2009-02-03 01:36 . 2008-04-14 02:45 15,104 --a------ c:\windows\system32\drivers\usbscan.sys 2009-02-03 01:36 . 2008-04-14 02:45 15,104 --a--c--- c:\windows\system32\dllcache\usbscan.sys 2009-02-03 01:36 . 2001-08-17 22:36 5,632 --a------ c:\windows\system32\ptpusb.dll 2009-02-03 01:35 . 2008-04-14 08:12 159,232 --a------ c:\windows\system32\ptpusd.dll 2009-02-03 01:32 . 2009-02-03 01:36 <DIR> d-------- c:\documents and settings\Chua\Application Data\FUJIFILM 2009-02-03 01:30 . 2009-02-03 01:30 <DIR> d-------- c:\program files\REGSHAVE 2009-02-03 01:30 . 2009-02-03 01:35 <DIR> d-------- c:\program files\FinePixViewer 2009-02-03 01:30 . 2009-02-03 01:30 <DIR> d-------- c:\documents and settings\Chua\Application Data\InstallShield 2009-02-03 01:30 . 2003-09-03 16:45 274,432 --a------ c:\windows\system32\FFTIFF16.dll 2009-02-03 01:30 . 2006-07-12 14:39 208,896 --a------ c:\windows\system32\FFRafShellEx.dll 2009-02-03 01:30 . 2004-07-24 21:28 155,648 --a------ c:\windows\system32\FFRAFLIB.DLL 2009-02-03 01:30 . 2001-11-25 19:11 81,924 --------- c:\windows\system32\drivers\VC4CB104.SYS 2009-02-03 01:30 . 2002-02-06 00:33 69,632 --------- c:\windows\system32\FREGSHEX.DLL 2009-02-03 01:30 . 2002-02-27 19:27 65,536 --------- c:\windows\system32\FINFCHECK.dll 2009-02-03 01:30 . 2002-06-25 10:06 45,056 --------- c:\windows\system32\FINFCOPY.dll 2009-02-03 01:30 . 2002-02-13 18:00 45,056 --------- c:\windows\system32\FCLKBTN.DLL 2009-02-02 20:31 . 2009-02-02 20:31 <DIR> d-------- c:\program files\Trend Micro 2009-02-02 01:43 . 2009-02-02 18:59 <DIR> d-------- c:\documents and settings\Chua\.housecall6.6 2009-02-01 22:52 . 2009-02-01 22:52 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Malwarebytes 2009-02-01 19:24 . 2009-02-01 19:24 <DIR> d-------- c:\windows\system32\XPSViewer 2009-02-01 19:24 . 2009-02-01 19:24 <DIR> d-------- c:\program files\Reference Assemblies 2009-02-01 19:24 . 2009-02-01 19:24 <DIR> d-------- c:\program files\MSBuild 2009-02-01 19:23 . 2009-02-01 19:23 <DIR> d-------- C:\8957ead3fed9c454fe91 2009-02-01 19:23 . 2008-07-06 20:06 1,676,288 --------- c:\windows\system32\xpssvcs.dll 2009-02-01 19:23 . 2008-07-06 20:06 1,676,288 -----c--- c:\windows\system32\dllcache\xpssvcs.dll 2009-02-01 19:23 . 2008-07-06 18:50 597,504 -----c--- c:\windows\system32\dllcache\printfilterpipelinesvc.exe 2009-02-01 19:23 . 2008-07-06 20:06 575,488 --------- c:\windows\system32\xpsshhdr.dll 2009-02-01 19:23 . 2008-07-06 20:06 575,488 -----c--- c:\windows\system32\dllcache\xpsshhdr.dll 2009-02-01 19:23 . 2008-07-06 20:06 117,760 --------- c:\windows\system32\prntvpt.dll 2009-02-01 19:23 . 2008-07-06 20:06 89,088 -----c--- c:\windows\system32\dllcache\filterpipelineprintproc.dll 2009-02-01 19:18 . 2009-02-02 18:51 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware 2009-02-01 19:18 . 2009-02-01 19:18 <DIR> d-------- c:\documents and settings\Chua\Application Data\Malwarebytes 2009-02-01 19:18 . 2009-02-01 19:18 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-02-01 19:18 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2009-02-01 19:18 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2009-02-01 17:46 . 2009-02-01 17:54 <DIR> d-------- c:\program files\RegistryFix7 2009-02-01 16:07 . 2009-02-01 16:07 <DIR> d-------- c:\documents and settings\Administrator\Application Data\IObit 2009-02-01 15:57 . 2009-02-01 15:57 <DIR> d-------- c:\documents and settings\Administrator 2009-02-01 13:12 . 2009-02-01 13:12 <DIR> d-------- c:\program files\IObit 2009-02-01 13:03 . 2009-02-01 13:03 61 --a------ c:\windows\wininit.ini 2009-01-31 23:05 . 1999-12-13 01:01 44,032 --------- c:\windows\system32\CTSVCCDA.EXE 2009-01-31 23:05 . 1999-11-18 01:00 25,088 --------- c:\windows\system32\CTSVCCTL.EXE 2009-01-31 22:59 . 2009-01-31 22:59 <DIR> d-------- c:\documents and settings\All Users\Application Data\Creative 2009-01-31 21:37 . 2003-10-03 13:21 174,592 --a------ c:\windows\system32\framedyn.dll 2009-01-31 20:05 . 2009-01-31 20:05 <DIR> d-------- c:\windows\E80F62FF5D3C4A1984099721F2928206.TMP 2009-01-31 20:04 . 2009-01-31 20:20 138,240 --a------ c:\windows\system32\drivers\ethdmirb.sys 2009-01-31 19:58 . 2009-01-31 20:13 123,904 --a------ C:\urwkcn.exe 2009-01-31 19:58 . 2008-04-14 08:11 96,256 --a------ c:\windows\system32\ativvax.dll 2009-01-31 19:57 . 2009-01-31 19:59 123,904 --a------ C:\bofde.exe 2009-01-31 19:57 . 2008-12-22 04:36 34 --a------ c:\documents and settings\Chua\readme.bat 2009-01-31 19:57 . 2009-01-31 20:34 2 --a------ C:\941367105 2009-01-31 18:52 . 2009-01-31 18:52 4,096 --a------ c:\windows\system32\drivers\symlcbrd.sys 2009-01-25 19:39 . 2001-08-17 22:37 24,576 --a--c--- c:\windows\system32\dllcache\agcgauge.ax 2009-01-25 13:57 . 2009-01-29 20:09 27 --a------ c:\windows\option.ini 2009-01-25 13:49 . 2009-01-25 13:49 <DIR> d-------- c:\program files\e-Games 2009-01-24 15:21 . 2009-01-24 15:21 <DIR> d-------- c:\program files\NOS 2009-01-24 15:21 . 2009-01-24 15:21 <DIR> d-------- c:\documents and settings\All Users\Application Data\NOS 2009-01-24 14:22 . 2009-01-24 14:22 <DIR> d-------- c:\program files\Alwil Software 2009-01-24 13:52 . 2009-01-24 13:52 <DIR> d-------- c:\documents and settings\Chua\Application Data\IObit 2009-01-24 13:37 . 2009-01-24 13:37 <DIR> d-------- c:\documents and settings\Chua\Application Data\vlc 2009-01-24 01:32 . 2009-01-24 01:32 <DIR> d-------- c:\program files\Common Files\xing shared 2009-01-24 01:31 . 2009-01-24 01:31 <DIR> d-------- c:\program files\Real 2009-01-24 00:14 . 2009-01-24 00:17 <DIR> d-------- c:\windows\system32\unknown 2009-01-23 14:09 . 2008-10-10 04:52 4,379,984 --a------ c:\windows\system32\D3DX9_40.dll 2009-01-23 14:09 . 2008-10-10 04:52 2,036,576 --a------ c:\windows\system32\D3DCompiler_40.dll 2009-01-23 14:09 . 2008-10-27 10:04 514,384 --a------ c:\windows\system32\XAudio2_3.dll 2009-01-23 14:09 . 2008-10-10 04:52 452,440 --a------ c:\windows\system32\d3dx10_40.dll 2009-01-23 14:09 . 2008-10-27 10:04 235,856 --a------ c:\windows\system32\xactengine3_3.dll 2009-01-23 14:09 . 2008-10-27 10:04 70,992 --a------ c:\windows\system32\XAPOFX1_2.dll 2009-01-23 14:09 . 2008-10-27 10:04 23,376 --a------ c:\windows\system32\X3DAudio1_5.dll 2009-01-21 18:36 . 2009-02-02 17:01 410,984 --a------ c:\windows\system32\deploytk.dll 2009-01-17 16:13 . 2009-01-17 16:13 <DIR> d-------- c:\documents and settings\Chua\Application Data\Audio Record Edit Toolbox Pro 2009-01-12 21:13 . 2009-01-31 10:02 <DIR> d-------- c:\documents and settings\Chua\Application Data\mjusbsp 2009-01-12 20:53 . 2008-04-14 02:45 60,032 --a------ c:\windows\system32\drivers\USBAUDIO.sys 2009-01-12 20:53 . 2008-04-14 02:45 60,032 --a--c--- c:\windows\system32\dllcache\usbaudio.sys 2009-01-12 20:53 . 2008-04-14 02:45 10,368 --a------ c:\windows\system32\drivers\hidusb.sys 2009-01-12 20:53 . 2008-04-14 02:45 10,368 --a--c--- c:\windows\system32\dllcache\hidusb.sys 2009-01-12 20:52 . 2008-04-14 02:45 32,128 --a------ c:\windows\system32\drivers\usbccgp.sys 2009-01-12 20:52 . 2008-04-14 02:45 32,128 --a--c--- c:\windows\system32\dllcache\usbccgp.sys 2009-01-10 01:30 . 2009-01-10 01:30 <DIR> d-------- c:\program files\Audio Recorder for Free . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-02-03 11:52 --------- d-----w c:\program files\DNA 2009-02-03 11:52 --------- d-----w c:\documents and settings\Chua\Application Data\DNA 2009-02-02 17:32 --------- d--h--w c:\program files\InstallShield Installation Information 2009-02-02 10:05 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP 2009-02-02 09:59 --------- d-----w c:\program files\Java 2009-01-31 15:08 --------- d--h--w c:\program files\Creative Installation Information 2009-01-31 15:01 --------- d-----w c:\program files\Creative 2009-01-31 12:33 --------- d-----w c:\program files\Common Files\Symantec Shared 2009-01-27 17:04 --------- d-----w c:\documents and settings\Chua\Application Data\GetRight 2009-01-26 12:18 --------- d-----w c:\documents and settings\Chua\Application Data\LimeWire 2009-01-26 10:16 --------- d-----w c:\documents and settings\All Users\Application Data\Yahoo! 2009-01-23 18:21 --------- d-----w c:\program files\Flock 2009-01-23 17:45 --------- d-----w c:\documents and settings\Chua\Application Data\Flock 2009-01-23 17:32 --------- d-----w c:\program files\Common Files\Real 2009-01-23 17:26 --------- d-----w c:\program files\GRETECH 2008-12-21 04:39 --------- d-----w c:\program files\Windows Live SkyDrive 2008-12-21 04:39 --------- d-----w c:\program files\Microsoft 2008-12-13 12:26 --------- d-----w c:\program files\ffdshow 2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys 2008-12-05 17:12 --------- d-----w c:\documents and settings\Chua\Application Data\BitTorrent 2008-12-05 15:47 --------- d-----w c:\program files\BitTorrent 2008-08-26 06:51 30,024 ----a-w c:\documents and settings\Chua\Application Data\GDIPFONTCACHEV1.DAT 2008-09-04 09:27 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008081820080825\index.dat 2008-09-04 09:27 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008090420080905\index.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e46bdcf0-99a4-4dab-8447-5f7856322a86}] 2008-04-14 08:11 96256 --a------ c:\windows\system32\ativvax.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-01-08 4363504] "MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2008-12-02 3882312] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232] "BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2008-12-16 342848] "cdloader"="c:\documents and settings\Chua\Application Data\mjusbsp\cdloader2.exe" [2008-12-18 50520] "CTSyncU.exe"="c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe" [2006-09-28 700416] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952] "PHIME2002ASync"="c:\windows\System32\IME\TINTLGNT\TINTSETP.EXE" [2002-08-29 455168] "PHIME2002A"="c:\windows\System32\IME\TINTLGNT\TINTSETP.EXE" [2002-08-29 455168] "NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2006-03-09 7561216] "NvMediaCenter"="c:\windows\System32\NvMcTray.dll" [2006-03-09 86016] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2005-01-12 32768] "Easy-PrintToolBox"="c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2004-01-14 409600] "VMSnap3"="c:\windows\VMSnap3.EXE" [2006-08-30 49152] "Domino"="c:\windows\Domino.EXE" [2006-06-28 49152] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672] "ClubBox"="c:\windows\system32\clubbox.exe" [2008-12-30 1626112] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-01-24 185872] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-27 81000] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-02 136600] "REGSHAVE"="c:\program files\REGSHAVE\REGSHAVE.EXE" [2002-02-04 53248] "RTHDCPL"="RTHDCPL.EXE" [2006-11-14 c:\windows\RTHDCPL.exe] "SkyTel"="SkyTel.EXE" [2006-05-16 c:\windows\SkyTel.exe] "nwiz"="nwiz.exe" [2006-03-09 c:\windows\system32\nwiz.exe] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2005-10-09 610365] ExifLauncher2.lnk - c:\program files\FinePixViewer\QuickDCF2.exe [2009-02-03 303104] [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"= "c:\\Program Files\\DNA\\btdna.exe"= "c:\\Program Files\\BitTorrent\\bittorrent.exe"= "c:\\WINDOWS\\system32\\FSCAgent.exe"= "c:\\WINDOWS\\system32\\ClubBox.exe"= "c:\\WINDOWS\\system32\\grdmgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Documents and Settings\\Chua\\Application Data\\mjusbsp\\magicJack.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "2251:UDP"= 2251:UDP:Windows Media Format SDK (firefox.exe) "2250:UDP"= 2250:UDP:Windows Media Format SDK (firefox.exe) "2253:UDP"= 2253:UDP:Windows Media Format SDK (firefox.exe) "2356:UDP"= 2356:UDP:Windows Media Format SDK (firefox.exe) "2357:UDP"= 2357:UDP:Windows Media Format SDK (firefox.exe) "2359:UDP"= 2359:UDP:Windows Media Format SDK (firefox.exe) R0 mglpewgn;mglpewgn;c:\windows\system32\drivers\mglpewgn.sys [2002-08-29 23424] R1 aswsp;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-01-31 111184] R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [2008-08-24 13696] R2 aswfsblk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-01-31 20560] R3 DM9USB;DM9601 USB To Fast Ethernet Adapter;c:\windows\system32\drivers\dm9usb.sys [2008-08-24 54272] R3 vmfilter303;vmfilter303;c:\windows\system32\drivers\vmfilter303.sys [2008-08-24 428160] S1 ethdmirb;ethdmirb;c:\windows\system32\drivers\ethdmirb.sys [2009-01-31 138240] S3 getPlus® Helper;getPlus® Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2009-01-24 33752] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d590e80d-e091-11dd-a686-00606e000062}] \Shell\AutoRun\command - E:\autorun.exe \Shell\phone\command - E:\autorun.exe . Contents of the 'Scheduled Tasks' folder 2009-02-02 c:\windows\Tasks\avast! Antivirus.job - c:\progra~1\ALWILS~1\Avast4\ashAvast.exe [2008-11-27 01:13] . . ------- Supplementary Scan ------- . uStart Page = about:blank IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm Trusted Zone: clubbox.co.kr\www DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab FF - ProfilePath - c:\documents and settings\Chua\Application Data\Mozilla\Firefox\Profiles\fz8wr221.default\ FF - prefs.js: browser.startup.homepage - about:blank FF - component: c:\documents and settings\Chua\Application Data\Mozilla\Firefox\Profiles\fz8wr221.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}\platform\WINNT\components\FoxyTunes.dll FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll FF - plugin: c:\program files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll ---- FIREFOX POLICIES ---- FF - user.js: general.useragent.extra.zencast - Creative ZENcast v1.02.12);user_pref(general.useragent.extra.zencast, . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-02-03 19:52:36 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . c:\program files\Alwil Software\Avast4\aswUpdSv.exe c:\program files\Alwil Software\Avast4\ashServ.exe c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe c:\windows\system32\CTSVCCDA.EXE c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\LightScribe\LSSrvc.exe c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe c:\program files\Common Files\Microsoft Shared\VS7Debug\MDM.EXE c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe c:\windows\system32\nvsvc32.exe c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe c:\windows\system32\rundll32.exe c:\program files\Alwil Software\Avast4\ashMaiSv.exe c:\program files\Alwil Software\Avast4\ashWebSv.exe c:\windows\system32\FSCAgent.exe c:\program files\Yahoo!\Messenger\Ymsgr_tray.exe . ************************************************************************** . Completion time: 2009-02-03 19:58:39 - machine was rebooted ComboFix-quarantined-files.txt 2009-02-03 11:58:36 Pre-Run: 84,618,498,048 bytes free Post-Run: 84,802,998,272 bytes free WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn 275 --- E O F --- 2009-01-21 00:45:48 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:06:03, on 2/3/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\WINDOWS\VMSnap3.EXE C:\WINDOWS\Domino.EXE C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\DNA\btdna.exe C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe C:\Program Files\FinePixViewer\QuickDCF2.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: (no name) - {e46bdcf0-99a4-4dab-8447-5f7856322a86} - C:\WINDOWS\system32\ativvax.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [skyTel] SkyTel.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon O4 - HKLM\..\Run: [VMSnap3] C:\WINDOWS\VMSnap3.EXE O4 - HKLM\..\Run: [Domino] C:\WINDOWS\Domino.EXE O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [ClubBox] "C:\WINDOWS\system32\clubbox.exe" -l O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Program Files\DNA\btdna.exe" O4 - HKCU\..\Run: [cdloader] "C:\Documents and Settings\Chua\Application Data\mjusbsp\cdloader2.exe" MAGICJACK O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe" O4 - Global Startup: Bluetooth.lnk = ? O4 - Global Startup: ExifLauncher2.lnk = C:\Program Files\FinePixViewer\QuickDCF2.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/as...abs/tgctlsr.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1219554141350 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O23 - Service: avast! iAVS4 Control Service (aswupdsv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus (avast! antivirus) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner (avast! mail scanner) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner (avast! web scanner) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: Creative Service for CDROM Access (creative service for cdrom access) - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe -- End of file - 10213 bytes

Here you go. Thank you. Malwarebytes' Anti-Malware 1.33 Database version: 1718 Windows 5.1.2600 Service Pack 3 2/3/2009 4:57:36 PM mbam-log-2009-02-03 (16-57-36).txt Scan type: Quick Scan Objects scanned: 55865 Time elapsed: 8 minute(s), 43 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 2 Registry Values Infected: 4 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e46bdcf0-99a4-4dab-8447-5f7856322a86} (Trojan.BHO.H) -> Delete on reboot. HKEY_CLASSES_ROOT\CLSID\{e46bdcf0-99a4-4dab-8447-5f7856322a86} (Trojan.BHO.H) -> Delete on reboot. Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bf (Trojan.Agent) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bk (Trojan.Agent) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\iu (Trojan.Agent) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\mu (Trojan.Agent) -> Delete on reboot. Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\WINDOWS\system32\ativvax.dll (Trojan.BHO.H) -> Delete on reboot. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:03:00, on 2/3/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\WINDOWS\VMSnap3.EXE C:\WINDOWS\Domino.EXE C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\Program Files\DNA\btdna.exe C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\FinePixViewer\QuickDCF2.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\fscagent.exe C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: (no name) - {e46bdcf0-99a4-4dab-8447-5f7856322a86} - C:\WINDOWS\system32\ativvax.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [skyTel] SkyTel.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon O4 - HKLM\..\Run: [VMSnap3] C:\WINDOWS\VMSnap3.EXE O4 - HKLM\..\Run: [Domino] C:\WINDOWS\Domino.EXE O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [ClubBox] "C:\WINDOWS\system32\clubbox.exe" -l O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Program Files\DNA\btdna.exe" O4 - HKCU\..\Run: [cdloader] "C:\Documents and Settings\Chua\Application Data\mjusbsp\cdloader2.exe" MAGICJACK O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe" O4 - Global Startup: Bluetooth.lnk = ? O4 - Global Startup: ExifLauncher2.lnk = C:\Program Files\FinePixViewer\QuickDCF2.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/as...abs/tgctlsr.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1219554141350 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O23 - Service: avast! iAVS4 Control Service (aswupdsv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus (avast! antivirus) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner (avast! mail scanner) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner (avast! web scanner) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: Creative Service for CDROM Access (creative service for cdrom access) - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe -- End of file - 9949 bytes

Hello! Awesome work providing this kind of help. I really appreciate it and I