Task manager Processess

Pegasis · Jul 4, 2008

Ok, i had spyware on my laptop that caused my desktop and starbar to keep dissapearing, i have cleared the spyware but i cant stop the loss of my icons and startbar.

When i check task manager i see that the explorer.exe task turns off but then comes back on.

Any solutions?? All ideas would be great. Thanks for your time.

GrandpaBW · Jul 4, 2008

Pegasis said:

Ok, i had spyware on my laptop that caused my desktop and starbar to keep dissapearing, i have cleared the spyware but i cant stop the loss of my icons and startbar.

When i check task manager i see that the explorer.exe task turns off but then comes back on.

Any solutions?? All ideas would be great. Thanks for your time.
Click to expand...

You need to check for viruses, too. Looks like you may have one.

Pegasis · Jul 5, 2008

i thought that to but i run avast on all my machines and have had no problem with it.

I had a virus/spyware called Antivirus_2008, what happened was a friend borrowed my laptop and was browsing the web, then when i came to use my laptop after he had left, i began to have these problems.

It was probably a popup that said something like. WARNING your machine may be infected clean now. i have seen a few of em before.

But since its been there my icons and start bar dissapear.

I have removed the virus/spyware but im still having the icon and startbar trouble.

In Task manager i watch the processess and explorer.exe keeps ending then beggining again.

Any ideas on how to solve it?

Thanks GranpaBW for your help so far.

Pegasis · Jul 5, 2008

I forgot this twice now...

Its a StyleNote laptop, windows xp home edition, 512 mb ram, Intel Celeron 1.5

I dont have the original disks for it anymore so a format is outta the question.

borhan9 · Jul 5, 2008

You can try using SmitFraudFix and this will get rid of the virus that is left there its not fully gone.

http://www.afterdawn.com/software/desktop_software/desktop_security/smitfraudfix.cfm

Try this and keep us posted.

LOCOENG · Jul 5, 2008

Moved to appropriate forum.

Pegasis · Jul 5, 2008

Thanks but i have run the latest smitfraud and still it didnt solve the problem.

Pegasis · Jul 7, 2008

I am still unable to remove this problem from my laptop, any other ideas anyone?

Thanks to those who have helped so far.

2oldGeek · Jul 7, 2008

Hi Pegasis,

First, let’s do a little Cleaning and Post some Logs so we can see what’s going on…

Download and rename TrendMicro HijackThis.exe (HJT)

• Double-click on HJTInstall.
• Click on the Install button.
• It will automatically place HJT in C:\Program Files\TrendMicro\HijackThis\HijackThis.exe.
• Upon install, HijackThis should open for you.
• Close HijackThis and rename it.
• Go to C:\Program Files\Trend Micro\HijackThis.exe
• Right click on HijackThis.exe and select Rename.
• Type in Pegasisscanner.exe and press Enter.
• Right-click on Pegasisscanner.exe and select Send To > Desktop (create shortcut)
• From the desktop open Hijackthis. (aka Sam67scanner)
• If using Windows Vista, Right-click and Run As Administrator.
• Click on the Do a system scan and save a log file button
• Hijackthis will scan and then a log will open in notepad.
• Copy and then paste the entire contents of the log in your post.
• Do not have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

Although we have renamed Hijackthis to Pegasisscanner, we will still refer to it as Hijackthis or HJT.

Please download ATF Cleaner by Atribune & save it to your desktop. DO NOT use yet.

Please download and install SUPERAntiSpyware Free

• Double-click SUPERAntiSypware.exe and use the default settings for installation.
• An icon will be created on your desktop. Double-click that icon to launch the program.
• If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here and unzip into the program's folder.)
• Under the "Configuration and Preferences", click the Preferences... button.
• Click the "General and Startup" tab, and under Start-up Options, make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.
• Click the "Scanning Control" tab, and under Scanner Options, make sure the following are checked (leave all others unchecked):
o Close browsers before scanning.
o Scan for tracking cookies.
o Terminate memory threats before quarantining.
• Click the "Close" button to leave the control center screen and exit the program.
• Do not run a scan just yet.

Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Double-click ATF-Cleaner.exe to run the program.

• Under Main "Select Files to Delete" choose: Select All.
• Click the Empty Selected button.
• If you use Firefox browser click Firefox at the top and choose: Select All
• Click the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt.
• If you use Opera browser click Opera at the top and choose: Select All
• Click the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt.
• Click Exit on the Main menu to close the program.
Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".

Scan with SUPERAntiSpyware as follows:

• Launch the program and back on the main screen, under "Scan for Harmful Software" click Scan your computer.
• On the left, make sure you check C:\Fixed Drive.
• On the right, under "Complete Scan", choose Perform Complete Scan and click "Next".
• After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
• Make sure everything has a checkmark next to it and click "Next".
• A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
• If asked if you want to reboot, click "Yes" and reboot normally.
• To retrieve the removal information after reboot, launch SUPERAntispyware again.
o Click Preferences, then click the Statistics/Logs tab.
o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
o If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
o Please copy and paste the Scan Log results in your next reply.
• Click Close to exit the program.

Reboot to Normal Mode

Make a HijackThis Log

• From the desktop open Hijackthis.
• If using Windows Vista, Right-click and Run As Administrator.
• Click on the Do a system scan and save a log file button
• Hijackthis will scan and then a log will open in notepad.
• Copy and then paste the entire contents of the log in your post.
Do not have Hijackthis fix anything yet. Most of what it finds will be harmless or even required

Make an uninstall list using HijackThis
To access the Uninstall Manager you would do the following:

1. Start HijackThis
2. Click on the Config button
3. Click on the Misc Tools button
4. Click on the Open Uninstall Manager button.
5. Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad here in your next reply.

Please post the HijackThis log, SUPERAntiSpyware Log and Uninstall list in your next reply.

You didn't think it would be easy, did you?

2OG

Pegasis · Jul 7, 2008

Ok thanks for the help so far. here are the logs.

First HJT log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:11:44, on 09/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Elantech\Ktp.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Trend Micro\HijackThis\Pegasisscanner.exe.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.8.12.9:8080
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {5f90c0e3-4c0a-4d54-a8ac-5afe6163a99e} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: cpmsky browser optimizer - {7f3c30b7-67ae-2716-d551-30f4d45872f9} - C:\WINDOWS\system32\{20281ce0-63eb-30d8-3ad8-49eee2712d91}.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O2 - BHO: Burn4Free Toolbar Helper - {D187A56B-A33F-4CBE-9D77-459FC0BAE012} - C:\Program Files\Burn4Free Toolbar\v3.3.0.1\Burn4Free_Toolbar.dll
O2 - BHO: (no name) - {E142532D-5FCD-4BC1-A4F7-5094C9FA4135} - C:\WINDOWS\system32\opnlIxyx.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: (no name) - {1962c5bc-e475-465b-823b-133e711bceb9} - (no file)
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: Burn4Free Toolbar - {4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - C:\Program Files\Burn4Free Toolbar\v3.3.0.1\Burn4Free_Toolbar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [KTPWare] C:\Program Files\Elantech\Ktp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe

--
End of file - 7380 bytes

Superantispyware log

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 05/10/2008 at 02:39 AM

Application Version : 4.15.1000

Core Rules Database Version : 3498
Trace Rules Database Version: 1489

Scan type : Complete Scan
Total Scan Time : 03:07:45

Memory items scanned : 160
Memory threats detected : 1
Registry items scanned : 5533
Registry threats detected : 5
File items scanned : 56948
File threats detected : 1

Adware.Vundo Variant/Resident
C:\WINDOWS\SYSTEM32\OPNLIXYX.DLL
C:\WINDOWS\SYSTEM32\OPNLIXYX.DLL

Trojan.Vundo-Variant/Small-GEN
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9DF47CBC-D984-443F-A882-288B9A81FEE7}
HKCR\CLSID\{9DF47CBC-D984-443F-A882-288B9A81FEE7}
HKCR\CLSID\{9DF47CBC-D984-443F-A882-288B9A81FEE7}\InprocServer32
HKCR\CLSID\{9DF47CBC-D984-443F-A882-288B9A81FEE7}\InprocServer32#ThreadingModel

Adware.Vundo Variant/Rel
HKLM\SOFTWARE\Microsoft\RemoveRP

Adware.Tracking Cookie
ad.yieldmanager.com [ C:\Documents and Settings\DVPCMob\Application Data\Mozilla\Firefox\Profiles\kofzm81x.default\cookies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\DVPCMob\Application Data\Mozilla\Firefox\Profiles\kofzm81x.default\cookies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\DVPCMob\Application Data\Mozilla\Firefox\Profiles\kofzm81x.default\cookies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\DVPCMob\Application Data\Mozilla\Firefox\Profiles\kofzm81x.default\cookies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\DVPCMob\Application Data\Mozilla\Firefox\Profiles\kofzm81x.default\cookies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\DVPCMob\Application Data\Mozilla\Firefox\Profiles\kofzm81x.default\cookies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\DVPCMob\Application Data\Mozilla\Firefox\Profiles\kofzm81x.default\cookies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\DVPCMob\Application Data\Mozilla\Firefox\Profiles\kofzm81x.default\cookies.txt ]
ad.yieldmanager.com [ C:\Documents and Settings\DVPCMob\Application Data\Mozilla\Firefox\Profiles\kofzm81x.default\cookies.txt ]
imediablast.com [ C:\Documents and Settings\DVPCMob\Application Data\Mozilla\Firefox\Profiles\kofzm81x.default\cookies.txt ]
.doubleclick.net [ C:\Documents and Settings\DVPCMob\Application Data\Mozilla\Firefox\Profiles\kofzm81x.default\cookies.txt ]
.doubleclick.net [ C:\Documents and Settings\DVPCMob\Application Data\Mozilla\Firefox\Profiles\kofzm81x.default\cookies.txt ]
.zedo.com [ C:\Documents and Settings\DVPCMob\Application Data\Mozilla\Firefox\Profiles\kofzm81x.default\cookies.txt ]
.zedo.com [ C:\Documents and Settings\DVPCMob\Application Data\Mozilla\Firefox\Profiles\kofzm81x.default\cookies.txt ]
.zedo.com [ C:\Documents and Settings\DVPCMob\Application Data\Mozilla\Firefox\Profiles\kofzm81x.default\cookies.txt ]
.zedo.com [ C:\Documents and Settings\DVPCMob\Application Data\Mozilla\Firefox\Profiles\kofzm81x.default\cookies.txt ]
.zedo.com [ C:\Documents and Settings\DVPCMob\Application Data\Mozilla\Firefox\Profiles\kofzm81x.default\cookies.txt ]
.zedo.com [ C:\Documents and Settings\DVPCMob\Application Data\Mozilla\Firefox\Profiles\kofzm81x.default\cookies.txt ]
.ads.addynamix.com [ C:\Documents and Settings\DVPCMob\Application Data\Mozilla\Firefox\Profiles\kofzm81x.default\cookies.txt ]
ad1.clickhype.com [ C:\Documents and Settings\DVPCMob\Application Data\Mozilla\Firefox\Profiles\kofzm81x.default\cookies.txt ]
.tribalfusion.com [ C:\Documents and Settings\DVPCMob\Application Data\Mozilla\Firefox\Profiles\kofzm81x.default\cookies.txt ]
.clickbank.net [ C:\Documents and Settings\DVPCMob\Application Data\Mozilla\Firefox\Profiles\kofzm81x.default\cookies.txt ]
.atdmt.com [ C:\Documents and Settings\DVPCMob\Application Data\Mozilla\Firefox\Profiles\kofzm81x.default\cookies.txt ]

Second HJT log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:55:17, on 10/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\Pegasisscanner.exe.exe
C:\WINDOWS\explorer.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.8.12.9:8080
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {5f90c0e3-4c0a-4d54-a8ac-5afe6163a99e} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: cpmsky browser optimizer - {7f3c30b7-67ae-2716-d551-30f4d45872f9} - C:\WINDOWS\system32\{20281ce0-63eb-30d8-3ad8-49eee2712d91}.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {AC18F860-A088-4432-936B-AACAF33C3216} - C:\WINDOWS\system32\opnlIxyx.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O2 - BHO: Burn4Free Toolbar Helper - {D187A56B-A33F-4CBE-9D77-459FC0BAE012} - C:\Program Files\Burn4Free Toolbar\v3.3.0.1\Burn4Free_Toolbar.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: (no name) - {1962c5bc-e475-465b-823b-133e711bceb9} - (no file)
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: Burn4Free Toolbar - {4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - C:\Program Files\Burn4Free Toolbar\v3.3.0.1\Burn4Free_Toolbar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [KTPWare] C:\Program Files\Elantech\Ktp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe

--
End of file - 6932 bytes

Uninstall list

Adobe Flash Player ActiveX
Adobe Shockwave Player
Advanced WindowsCare
Archlord
Audacity 1.2.4
avast! Antivirus
Bluetooth Stack for Windows by Technika
Burn4Free CD and DVD
Burn4Free Toolbar
Bus Driver 1.0
Cakewalk Pro Audio 9
Crick Software WordBar
Cubasis VST 5
Diablo II
DivX Web Player
HDAUDIO Soft Data Fax Modem with SmartCP
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Format SDK (KB902344)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB896344)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB935448)
HP Image Zone Express
ImgBurn
Intel(R) Graphics Media Accelerator Driver for Mobile
Java(TM) 6 Update 4
Java(TM) 6 Update 5
KTP Ware PS/2-WDM 5.0.0.1
LimeWire 4.16.6
LiveReg (Symantec Corporation)
LiveUpdate 1.80 (Symantec Corporation)
Macromedia Flash Player 8
Messenger Plus! Live
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Professional
Microsoft Text-to-Speech Engine 4.0 (English)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Motorama 1.0
Mozilla Firefox (2.0.0.15)
MSN
MSXML4 Parser
Multimedia / Internet Keyboard Driver VerR8.15
Nero Suite
Neuratron PhotoScore Lite
Norton SystemWorks 2003
OpenAL
PowerDVD
PremierOpinion
QuickTime
RealPlayer
REALTEK Gigabit and Fast Ethernet NIC Driver
Realtek High Definition Audio Driver
River Raider II
Runtime 8.0 Libraries
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Sibelius 2
Sibelius Scorch
Sony Ericsson PC Suite
SUPER © Version 2007.bld.22 (Mar 14, 2007)
SUPERAntiSpyware Free Edition
SweetIM for Messenger 2.5
SweetIM Toolbar for Internet Explorer 3.1
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB900930)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Utherverse 3D Client
Utherverse 3D Client
VeohTV BETA
VideoLAN VLC media player 0.8.4a
Wav2MP3 Wizard
WaveLab Lite
Westwood Shared Internet Components
Windows Genuine Advantage v1.3.0254.0
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live installer
Windows Live Mail
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Connect
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 11
Windows Media Player 11
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB887797
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
WinRAR archiver
WinZip
Wireless LAN USB Dongle

if there is anything missing please let me know. i dont think there is i followed your help very closly.

thanks again for the help.

2oldGeek · Jul 7, 2008

Hi Pegasis,

Well, it don’t look too bad… It will take me some time to go over your Logs and map out an attack. I’ll get back to you as soon as I can.

2OG

2oldGeek · Jul 7, 2008

Hey Pegasis,

While I’m going over these Logs, please run the following and maybe we can kill 2 stones with one bird ; )

Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to the drive that contains the Windows Directory, typically C:\SDFix

Please then reboot your computer in Safe Mode by doing the following :
• Restart your computer
• After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
• Instead of Windows loading as normal, the Advanced Options Menu should appear;
• Select the first option, to run Windows in Safe Mode, then press Enter.
• Choose your usual account.
• Open the extracted SDFix folder and double click RunThis.bat to start the script.
• Type Y to begin the cleanup process.
• It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
• Press any Key and it will restart the PC.
• When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
• Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
(Report.txt will also be copied to Clipboard ready for posting back on the forum).
• Finally paste the contents of the Report.txt back on the forum with a new Hijack This log

2OG

Pegasis · Jul 8, 2008

Again thanks for your help so far.

This is the log from SDFix

SDFix: Version 1.203
Run by DVPCMob on 10/05/2008 at 11:49

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :

Name :
clbdriver

Path :
\??\globalroot\systemroot\system32\drivers\clbdriver.sys

clbdriver - Deleted

Restoring Default Security Values
Restoring Default Hosts File

Rebooting

Checking Files :

No Trojan Files Found

Removing Temp Files

ADS Check :

Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-10 11:57:15
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

IPC error: 2 The system cannot find the file specified.
scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:77,99,a6,00,3d,f7,17,cf,52,90,6a,79,03,68,96,c5,e1,30,61,7f,6d,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,ee,c5,ca,d5,57,f3,63,81,8a,ed,d6,0a,ce,28,04,86,00,..
"khjeh"=hex:05,13,30,40,e5,70,e6,5e,bb,0e,07,6b,ab,68,88,71,bf,7b,89,53,6b,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:17,2f,19,61,2c,c1,cc,7c,cb,a6,50,2a,98,fe,65,34,4d,2c,bf,7a,06,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:77,99,a6,00,3d,f7,17,cf,52,90,6a,79,03,68,96,c5,e1,30,61,7f,6d,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,ee,c5,ca,d5,57,f3,63,81,8a,ed,d6,0a,ce,28,04,86,00,..
"khjeh"=hex:05,13,30,40,e5,70,e6,5e,bb,0e,07,6b,ab,68,88,71,bf,7b,89,53,6b,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:17,2f,19,61,2c,c1,cc,7c,cb,a6,50,2a,98,fe,65,34,4d,2c,bf,7a,06,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:77,99,a6,00,3d,f7,17,cf,52,90,6a,79,03,68,96,c5,e1,30,61,7f,6d,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,ee,c5,ca,d5,57,f3,63,81,8a,ed,d6,0a,ce,28,04,86,00,..
"khjeh"=hex:05,13,30,40,e5,70,e6,5e,bb,0e,07,6b,ab,68,88,71,bf,7b,89,53,6b,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:17,2f,19,61,2c,c1,cc,7c,cb,a6,50,2a,98,fe,65,34,4d,2c,bf,7a,06,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:77,99,a6,00,3d,f7,17,cf,52,90,6a,79,03,68,96,c5,e1,30,61,7f,6d,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,ee,c5,ca,d5,57,f3,63,81,8a,ed,d6,0a,ce,28,04,86,00,..
"khjeh"=hex:05,13,30,40,e5,70,e6,5e,bb,0e,07,6b,ab,68,88,71,bf,7b,89,53,6b,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:17,2f,19,61,2c,c1,cc,7c,cb,a6,50,2a,98,fe,65,34,4d,2c,bf,7a,06,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:77,99,a6,00,3d,f7,17,cf,52,90,6a,79,03,68,96,c5,e1,30,61,7f,6d,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,ee,c5,ca,d5,57,f3,63,81,8a,ed,d6,0a,ce,28,04,86,00,..
"khjeh"=hex:05,13,30,40,e5,70,e6,5e,bb,0e,07,6b,ab,68,88,71,bf,7b,89,53,6b,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:17,2f,19,61,2c,c1,cc,7c,cb,a6,50,2a,98,fe,65,34,4d,2c,bf,7a,06,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Services\BTHPORT\Parameters\Keys\001060d2eb4c]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:77,99,a6,00,3d,f7,17,cf,52,90,6a,79,03,68,96,c5,e1,30,61,7f,6d,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,ee,c5,ca,d5,57,f3,63,81,8a,ed,d6,0a,ce,28,04,86,00,..
"khjeh"=hex:05,13,30,40,e5,70,e6,5e,bb,0e,07,6b,ab,68,88,71,bf,7b,89,53,6b,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:17,2f,19,61,2c,c1,cc,7c,cb,a6,50,2a,98,fe,65,34,4d,2c,bf,7a,06,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001060d2eb4c]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s0"=dword:2f4eab52
"s1"=dword:798664f9
"s2"=dword:856915cf
"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:77,99,a6,00,3d,f7,17,cf,52,90,6a,79,03,68,96,c5,e1,30,61,7f,6d,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,ee,c5,ca,d5,57,f3,63,81,8a,ed,d6,0a,ce,28,04,86,00,..
"khjeh"=hex:05,13,30,40,e5,70,e6,5e,bb,0e,07,6b,ab,68,88,71,bf,7b,89,53,6b,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:17,2f,19,61,2c,c1,cc,7c,cb,a6,50,2a,98,fe,65,34,4d,2c,bf,7a,06,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet008\Services\BTHPORT\Parameters\Keys\001060d2eb4c]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:77,99,a6,00,3d,f7,17,cf,52,90,6a,79,03,68,96,c5,e1,30,61,7f,6d,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,ee,c5,ca,d5,57,f3,63,81,8a,ed,d6,0a,ce,28,04,86,00,..
"khjeh"=hex:05,13,30,40,e5,70,e6,5e,bb,0e,07,6b,ab,68,88,71,bf,7b,89,53,6b,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:17,2f,19,61,2c,c1,cc,7c,cb,a6,50,2a,98,fe,65,34,4d,2c,bf,7a,06,..

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

Remaining Services :

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe:*:Enabled:hposid01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:uTorrent"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Documents and Settings\\DVPCMob\\Local Settings\\Temp\\~osE.tmp\\ossproxy.exe"="C:\\Documents and Settings\\DVPCMob\\Local Settings\\Temp\\~osE.tmp\\ossproxy.exe:*:Enabledssproxy.exe"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"D:\\Diablo II\\Diablo II\\Diablo II.exe"="D:\\Diablo II\\Diablo II\\Diablo II.exe:*:Enablediablo II"
"D:\\Archlord\\Archlord.exe"="D:\\Archlord\\Archlord.exe:*:Enabled:Archlord"
"C:\\Documents and Settings\\DVPCMob\\Local Settings\\Temp\\ElectronicArts_Patcher_000.exe"="C:\\Documents and Settings\\DVPCMob\\Local Settings\\Temp\\ElectronicArts_Patcher_000.exe:*:Enabled:ElectronicArts_Patcher_000"
"C:\\Westwood\\Dune2000\\DUNE2000.DAT"="C:\\Westwood\\Dune2000\\DUNE2000.DAT:*:Enabledune2000"
"D:\\Vietcong\\Vietcong\\vietcong.exe"="D:\\Vietcong\\Vietcong\\vietcong.exe:*:Enabled:vietcong"
"C:\\WINDOWS\\system32\\dpnsvr.exe"="C:\\WINDOWS\\system32\\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server"
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"="C:\\Program Files\\Real\\RealPlayer\\realplay.exe:*:Enabled:RealPlayer"
"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"="C:\\Program Files\\VideoLAN\\VLC\\vlc.exe:*:Enabled:VLC media player"
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"="C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe:*:Enabled:Veoh Client"
"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
"c:\\windows\\system32\\pmropn.exe"="c:\\windows\\system32\\pmropn.exe:*:Enabledmropn.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

Remaining Files :

Files with Hidden Attributes :

Wed 3 May 2006 163,328 ..SHR --- "C:\WINDOWS\system32\flvDX.dll"
Sat 20 Nov 2004 26,112 A..H. --- "C:\WINDOWS\system32\InsD1211.exe"
Tue 15 Nov 2005 26,112 A..H. --- "C:\WINDOWS\system32\InsD1215.exe"
Wed 6 Aug 2003 24,576 A..H. --- "C:\WINDOWS\system32\KCMDNIns.exe"
Wed 16 Nov 2005 24,576 A..HR --- "C:\WINDOWS\system32\Kill1211.exe"
Wed 21 Feb 2007 31,232 ..SHR --- "C:\WINDOWS\system32\msfDX.dll"
Thu 7 Aug 2003 24,576 A..H. --- "C:\WINDOWS\system32\reboot.exe"
Sat 20 Nov 2004 26,112 A..H. --- "C:\WINDOWS\system32\RemD1211.exe"
Tue 15 Nov 2005 26,112 A..H. --- "C:\WINDOWS\system32\RemD1215.exe"
Mon 30 Aug 2004 44,032 A..H. --- "C:\WINDOWS\system32\rescan.exe"
Sat 20 Nov 2004 26,112 A..H. --- "C:\WINDOWS\XDRV\InsD1211.exe"
Tue 15 Nov 2005 26,112 A..H. --- "C:\WINDOWS\XDRV\InsD1215.exe"
Mon 30 Aug 2004 44,032 A..H. --- "C:\WINDOWS\XDRV\rescan.exe"
Sun 23 Mar 2008 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Sun 26 Jun 2005 616,448 ..SHR --- "C:\Program Files\eRightSoft\SUPER\cygwin1.dll"
Tue 21 Jun 2005 45,568 ..SHR --- "C:\Program Files\eRightSoft\SUPER\cygz.dll"
Wed 11 Apr 2007 72,704 ..SHR --- "C:\Program Files\eRightSoft\SUPER\Setup.exe"
Mon 21 Jan 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Tue 4 Jun 2002 84,992 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\14_43260.dll"
Tue 4 Jun 2002 44,032 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\28_83260.dll"
Tue 10 Dec 2002 73,766 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\atrc3260.dll"
Tue 10 Dec 2002 65,575 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\cook3260.dll"
Sun 9 Jun 2002 36,864 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\ddnt3260.dll"
Tue 4 Jun 2002 20,480 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\dnet3260.dll"
Tue 10 Dec 2002 102,437 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\drv13260.dll"
Tue 10 Dec 2002 176,165 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\drv23260.dll"
Tue 10 Dec 2002 208,935 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\drv33260.dll"
Tue 10 Dec 2002 217,127 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\drv43260.dll"
Sun 9 Jun 2002 40,448 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\dspr3260.dll"
Sat 3 Nov 2001 225,280 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\ivvideo.dll"
Tue 10 Apr 2001 225,280 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\qtmlClient.dll"
Fri 20 Feb 2004 232,960 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\raac.dll"
Sun 9 Jun 2002 525,824 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rnco3260.dll"
Tue 10 Dec 2002 245,805 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rnlt3260.dll"
Tue 10 Dec 2002 45,093 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rv103260.dll"
Tue 10 Dec 2002 98,341 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rv203260.dll"
Tue 10 Dec 2002 94,247 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rv303260.dll"
Tue 10 Dec 2002 90,151 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rv403260.dll"
Tue 10 Dec 2002 102,439 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\sipr3260.dll"
Sun 9 Jun 2002 49,152 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\tokr3260.dll"
Thu 5 Jun 2008 857 A..HR --- "C:\Documents and Settings\DVPCMob\Application Data\SecuROM\UserData\securom_v7_01.bak"

Finished!

And here is the log from HJT after SDFix had been run

SDFix: Version 1.203
Run by DVPCMob on 10/05/2008 at 11:49

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :

Name :
clbdriver

Path :
\??\globalroot\systemroot\system32\drivers\clbdriver.sys

clbdriver - Deleted

Restoring Default Security Values
Restoring Default Hosts File

Rebooting

Checking Files :

No Trojan Files Found

Removing Temp Files

ADS Check :

Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-10 11:57:15
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

IPC error: 2 The system cannot find the file specified.
scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:77,99,a6,00,3d,f7,17,cf,52,90,6a,79,03,68,96,c5,e1,30,61,7f,6d,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,ee,c5,ca,d5,57,f3,63,81,8a,ed,d6,0a,ce,28,04,86,00,..
"khjeh"=hex:05,13,30,40,e5,70,e6,5e,bb,0e,07,6b,ab,68,88,71,bf,7b,89,53,6b,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:17,2f,19,61,2c,c1,cc,7c,cb,a6,50,2a,98,fe,65,34,4d,2c,bf,7a,06,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:77,99,a6,00,3d,f7,17,cf,52,90,6a,79,03,68,96,c5,e1,30,61,7f,6d,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,ee,c5,ca,d5,57,f3,63,81,8a,ed,d6,0a,ce,28,04,86,00,..
"khjeh"=hex:05,13,30,40,e5,70,e6,5e,bb,0e,07,6b,ab,68,88,71,bf,7b,89,53,6b,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:17,2f,19,61,2c,c1,cc,7c,cb,a6,50,2a,98,fe,65,34,4d,2c,bf,7a,06,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:77,99,a6,00,3d,f7,17,cf,52,90,6a,79,03,68,96,c5,e1,30,61,7f,6d,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,ee,c5,ca,d5,57,f3,63,81,8a,ed,d6,0a,ce,28,04,86,00,..
"khjeh"=hex:05,13,30,40,e5,70,e6,5e,bb,0e,07,6b,ab,68,88,71,bf,7b,89,53,6b,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:17,2f,19,61,2c,c1,cc,7c,cb,a6,50,2a,98,fe,65,34,4d,2c,bf,7a,06,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:77,99,a6,00,3d,f7,17,cf,52,90,6a,79,03,68,96,c5,e1,30,61,7f,6d,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,ee,c5,ca,d5,57,f3,63,81,8a,ed,d6,0a,ce,28,04,86,00,..
"khjeh"=hex:05,13,30,40,e5,70,e6,5e,bb,0e,07,6b,ab,68,88,71,bf,7b,89,53,6b,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:17,2f,19,61,2c,c1,cc,7c,cb,a6,50,2a,98,fe,65,34,4d,2c,bf,7a,06,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:77,99,a6,00,3d,f7,17,cf,52,90,6a,79,03,68,96,c5,e1,30,61,7f,6d,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,ee,c5,ca,d5,57,f3,63,81,8a,ed,d6,0a,ce,28,04,86,00,..
"khjeh"=hex:05,13,30,40,e5,70,e6,5e,bb,0e,07,6b,ab,68,88,71,bf,7b,89,53,6b,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:17,2f,19,61,2c,c1,cc,7c,cb,a6,50,2a,98,fe,65,34,4d,2c,bf,7a,06,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Services\BTHPORT\Parameters\Keys\001060d2eb4c]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:77,99,a6,00,3d,f7,17,cf,52,90,6a,79,03,68,96,c5,e1,30,61,7f,6d,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,ee,c5,ca,d5,57,f3,63,81,8a,ed,d6,0a,ce,28,04,86,00,..
"khjeh"=hex:05,13,30,40,e5,70,e6,5e,bb,0e,07,6b,ab,68,88,71,bf,7b,89,53,6b,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:17,2f,19,61,2c,c1,cc,7c,cb,a6,50,2a,98,fe,65,34,4d,2c,bf,7a,06,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001060d2eb4c]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s0"=dword:2f4eab52
"s1"=dword:798664f9
"s2"=dword:856915cf
"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:77,99,a6,00,3d,f7,17,cf,52,90,6a,79,03,68,96,c5,e1,30,61,7f,6d,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,ee,c5,ca,d5,57,f3,63,81,8a,ed,d6,0a,ce,28,04,86,00,..
"khjeh"=hex:05,13,30,40,e5,70,e6,5e,bb,0e,07,6b,ab,68,88,71,bf,7b,89,53,6b,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:17,2f,19,61,2c,c1,cc,7c,cb,a6,50,2a,98,fe,65,34,4d,2c,bf,7a,06,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet008\Services\BTHPORT\Parameters\Keys\001060d2eb4c]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:77,99,a6,00,3d,f7,17,cf,52,90,6a,79,03,68,96,c5,e1,30,61,7f,6d,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,ee,c5,ca,d5,57,f3,63,81,8a,ed,d6,0a,ce,28,04,86,00,..
"khjeh"=hex:05,13,30,40,e5,70,e6,5e,bb,0e,07,6b,ab,68,88,71,bf,7b,89,53,6b,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:17,2f,19,61,2c,c1,cc,7c,cb,a6,50,2a,98,fe,65,34,4d,2c,bf,7a,06,..

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

Remaining Services :

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe:*:Enabled:hposid01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:uTorrent"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Documents and Settings\\DVPCMob\\Local Settings\\Temp\\~osE.tmp\\ossproxy.exe"="C:\\Documents and Settings\\DVPCMob\\Local Settings\\Temp\\~osE.tmp\\ossproxy.exe:*:Enabledssproxy.exe"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"D:\\Diablo II\\Diablo II\\Diablo II.exe"="D:\\Diablo II\\Diablo II\\Diablo II.exe:*:Enablediablo II"
"D:\\Archlord\\Archlord.exe"="D:\\Archlord\\Archlord.exe:*:Enabled:Archlord"
"C:\\Documents and Settings\\DVPCMob\\Local Settings\\Temp\\ElectronicArts_Patcher_000.exe"="C:\\Documents and Settings\\DVPCMob\\Local Settings\\Temp\\ElectronicArts_Patcher_000.exe:*:Enabled:ElectronicArts_Patcher_000"
"C:\\Westwood\\Dune2000\\DUNE2000.DAT"="C:\\Westwood\\Dune2000\\DUNE2000.DAT:*:Enabledune2000"
"D:\\Vietcong\\Vietcong\\vietcong.exe"="D:\\Vietcong\\Vietcong\\vietcong.exe:*:Enabled:vietcong"
"C:\\WINDOWS\\system32\\dpnsvr.exe"="C:\\WINDOWS\\system32\\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server"
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"="C:\\Program Files\\Real\\RealPlayer\\realplay.exe:*:Enabled:RealPlayer"
"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"="C:\\Program Files\\VideoLAN\\VLC\\vlc.exe:*:Enabled:VLC media player"
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"="C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe:*:Enabled:Veoh Client"
"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
"c:\\windows\\system32\\pmropn.exe"="c:\\windows\\system32\\pmropn.exe:*:Enabledmropn.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

Remaining Files :

Files with Hidden Attributes :

Wed 3 May 2006 163,328 ..SHR --- "C:\WINDOWS\system32\flvDX.dll"
Sat 20 Nov 2004 26,112 A..H. --- "C:\WINDOWS\system32\InsD1211.exe"
Tue 15 Nov 2005 26,112 A..H. --- "C:\WINDOWS\system32\InsD1215.exe"
Wed 6 Aug 2003 24,576 A..H. --- "C:\WINDOWS\system32\KCMDNIns.exe"
Wed 16 Nov 2005 24,576 A..HR --- "C:\WINDOWS\system32\Kill1211.exe"
Wed 21 Feb 2007 31,232 ..SHR --- "C:\WINDOWS\system32\msfDX.dll"
Thu 7 Aug 2003 24,576 A..H. --- "C:\WINDOWS\system32\reboot.exe"
Sat 20 Nov 2004 26,112 A..H. --- "C:\WINDOWS\system32\RemD1211.exe"
Tue 15 Nov 2005 26,112 A..H. --- "C:\WINDOWS\system32\RemD1215.exe"
Mon 30 Aug 2004 44,032 A..H. --- "C:\WINDOWS\system32\rescan.exe"
Sat 20 Nov 2004 26,112 A..H. --- "C:\WINDOWS\XDRV\InsD1211.exe"
Tue 15 Nov 2005 26,112 A..H. --- "C:\WINDOWS\XDRV\InsD1215.exe"
Mon 30 Aug 2004 44,032 A..H. --- "C:\WINDOWS\XDRV\rescan.exe"
Sun 23 Mar 2008 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Sun 26 Jun 2005 616,448 ..SHR --- "C:\Program Files\eRightSoft\SUPER\cygwin1.dll"
Tue 21 Jun 2005 45,568 ..SHR --- "C:\Program Files\eRightSoft\SUPER\cygz.dll"
Wed 11 Apr 2007 72,704 ..SHR --- "C:\Program Files\eRightSoft\SUPER\Setup.exe"
Mon 21 Jan 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Tue 4 Jun 2002 84,992 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\14_43260.dll"
Tue 4 Jun 2002 44,032 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\28_83260.dll"
Tue 10 Dec 2002 73,766 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\atrc3260.dll"
Tue 10 Dec 2002 65,575 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\cook3260.dll"
Sun 9 Jun 2002 36,864 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\ddnt3260.dll"
Tue 4 Jun 2002 20,480 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\dnet3260.dll"
Tue 10 Dec 2002 102,437 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\drv13260.dll"
Tue 10 Dec 2002 176,165 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\drv23260.dll"
Tue 10 Dec 2002 208,935 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\drv33260.dll"
Tue 10 Dec 2002 217,127 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\drv43260.dll"
Sun 9 Jun 2002 40,448 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\dspr3260.dll"
Sat 3 Nov 2001 225,280 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\ivvideo.dll"
Tue 10 Apr 2001 225,280 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\qtmlClient.dll"
Fri 20 Feb 2004 232,960 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\raac.dll"
Sun 9 Jun 2002 525,824 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rnco3260.dll"
Tue 10 Dec 2002 245,805 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rnlt3260.dll"
Tue 10 Dec 2002 45,093 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rv103260.dll"
Tue 10 Dec 2002 98,341 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rv203260.dll"
Tue 10 Dec 2002 94,247 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rv303260.dll"
Tue 10 Dec 2002 90,151 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rv403260.dll"
Tue 10 Dec 2002 102,439 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\sipr3260.dll"
Sun 9 Jun 2002 49,152 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\tokr3260.dll"
Thu 5 Jun 2008 857 A..HR --- "C:\Documents and Settings\DVPCMob\Application Data\SecuROM\UserData\securom_v7_01.bak"

Finished!

Thanks again for your time.

Pegasis · Jul 8, 2008

Sorry bout the last post, im a bit tired.

Lets try that again.

This is the SDFix Log.

SDFix: Version 1.203
Run by DVPCMob on 10/05/2008 at 11:49

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :

Name :
clbdriver

Path :
\??\globalroot\systemroot\system32\drivers\clbdriver.sys

clbdriver - Deleted

Restoring Default Security Values
Restoring Default Hosts File

Rebooting

Checking Files :

No Trojan Files Found

Removing Temp Files

ADS Check :

Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-10 11:57:15
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

IPC error: 2 The system cannot find the file specified.
scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:77,99,a6,00,3d,f7,17,cf,52,90,6a,79,03,68,96,c5,e1,30,61,7f,6d,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,ee,c5,ca,d5,57,f3,63,81,8a,ed,d6,0a,ce,28,04,86,00,..
"khjeh"=hex:05,13,30,40,e5,70,e6,5e,bb,0e,07,6b,ab,68,88,71,bf,7b,89,53,6b,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:17,2f,19,61,2c,c1,cc,7c,cb,a6,50,2a,98,fe,65,34,4d,2c,bf,7a,06,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:77,99,a6,00,3d,f7,17,cf,52,90,6a,79,03,68,96,c5,e1,30,61,7f,6d,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,ee,c5,ca,d5,57,f3,63,81,8a,ed,d6,0a,ce,28,04,86,00,..
"khjeh"=hex:05,13,30,40,e5,70,e6,5e,bb,0e,07,6b,ab,68,88,71,bf,7b,89,53,6b,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:17,2f,19,61,2c,c1,cc,7c,cb,a6,50,2a,98,fe,65,34,4d,2c,bf,7a,06,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:77,99,a6,00,3d,f7,17,cf,52,90,6a,79,03,68,96,c5,e1,30,61,7f,6d,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,ee,c5,ca,d5,57,f3,63,81,8a,ed,d6,0a,ce,28,04,86,00,..
"khjeh"=hex:05,13,30,40,e5,70,e6,5e,bb,0e,07,6b,ab,68,88,71,bf,7b,89,53,6b,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:17,2f,19,61,2c,c1,cc,7c,cb,a6,50,2a,98,fe,65,34,4d,2c,bf,7a,06,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:77,99,a6,00,3d,f7,17,cf,52,90,6a,79,03,68,96,c5,e1,30,61,7f,6d,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,ee,c5,ca,d5,57,f3,63,81,8a,ed,d6,0a,ce,28,04,86,00,..
"khjeh"=hex:05,13,30,40,e5,70,e6,5e,bb,0e,07,6b,ab,68,88,71,bf,7b,89,53,6b,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:17,2f,19,61,2c,c1,cc,7c,cb,a6,50,2a,98,fe,65,34,4d,2c,bf,7a,06,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:77,99,a6,00,3d,f7,17,cf,52,90,6a,79,03,68,96,c5,e1,30,61,7f,6d,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,ee,c5,ca,d5,57,f3,63,81,8a,ed,d6,0a,ce,28,04,86,00,..
"khjeh"=hex:05,13,30,40,e5,70,e6,5e,bb,0e,07,6b,ab,68,88,71,bf,7b,89,53,6b,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:17,2f,19,61,2c,c1,cc,7c,cb,a6,50,2a,98,fe,65,34,4d,2c,bf,7a,06,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Services\BTHPORT\Parameters\Keys\001060d2eb4c]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:77,99,a6,00,3d,f7,17,cf,52,90,6a,79,03,68,96,c5,e1,30,61,7f,6d,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,ee,c5,ca,d5,57,f3,63,81,8a,ed,d6,0a,ce,28,04,86,00,..
"khjeh"=hex:05,13,30,40,e5,70,e6,5e,bb,0e,07,6b,ab,68,88,71,bf,7b,89,53,6b,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:17,2f,19,61,2c,c1,cc,7c,cb,a6,50,2a,98,fe,65,34,4d,2c,bf,7a,06,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001060d2eb4c]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s0"=dword:2f4eab52
"s1"=dword:798664f9
"s2"=dword:856915cf
"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:77,99,a6,00,3d,f7,17,cf,52,90,6a,79,03,68,96,c5,e1,30,61,7f,6d,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,ee,c5,ca,d5,57,f3,63,81,8a,ed,d6,0a,ce,28,04,86,00,..
"khjeh"=hex:05,13,30,40,e5,70,e6,5e,bb,0e,07,6b,ab,68,88,71,bf,7b,89,53,6b,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:17,2f,19,61,2c,c1,cc,7c,cb,a6,50,2a,98,fe,65,34,4d,2c,bf,7a,06,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet008\Services\BTHPORT\Parameters\Keys\001060d2eb4c]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:77,99,a6,00,3d,f7,17,cf,52,90,6a,79,03,68,96,c5,e1,30,61,7f,6d,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,ee,c5,ca,d5,57,f3,63,81,8a,ed,d6,0a,ce,28,04,86,00,..
"khjeh"=hex:05,13,30,40,e5,70,e6,5e,bb,0e,07,6b,ab,68,88,71,bf,7b,89,53,6b,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:17,2f,19,61,2c,c1,cc,7c,cb,a6,50,2a,98,fe,65,34,4d,2c,bf,7a,06,..

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

Remaining Services :

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe:*:Enabled:hposid01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:uTorrent"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Documents and Settings\\DVPCMob\\Local Settings\\Temp\\~osE.tmp\\ossproxy.exe"="C:\\Documents and Settings\\DVPCMob\\Local Settings\\Temp\\~osE.tmp\\ossproxy.exe:*:Enabledssproxy.exe"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"D:\\Diablo II\\Diablo II\\Diablo II.exe"="D:\\Diablo II\\Diablo II\\Diablo II.exe:*:Enablediablo II"
"D:\\Archlord\\Archlord.exe"="D:\\Archlord\\Archlord.exe:*:Enabled:Archlord"
"C:\\Documents and Settings\\DVPCMob\\Local Settings\\Temp\\ElectronicArts_Patcher_000.exe"="C:\\Documents and Settings\\DVPCMob\\Local Settings\\Temp\\ElectronicArts_Patcher_000.exe:*:Enabled:ElectronicArts_Patcher_000"
"C:\\Westwood\\Dune2000\\DUNE2000.DAT"="C:\\Westwood\\Dune2000\\DUNE2000.DAT:*:Enabledune2000"
"D:\\Vietcong\\Vietcong\\vietcong.exe"="D:\\Vietcong\\Vietcong\\vietcong.exe:*:Enabled:vietcong"
"C:\\WINDOWS\\system32\\dpnsvr.exe"="C:\\WINDOWS\\system32\\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server"
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"="C:\\Program Files\\Real\\RealPlayer\\realplay.exe:*:Enabled:RealPlayer"
"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"="C:\\Program Files\\VideoLAN\\VLC\\vlc.exe:*:Enabled:VLC media player"
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"="C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe:*:Enabled:Veoh Client"
"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
"c:\\windows\\system32\\pmropn.exe"="c:\\windows\\system32\\pmropn.exe:*:Enabledmropn.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

Remaining Files :

Files with Hidden Attributes :

Wed 3 May 2006 163,328 ..SHR --- "C:\WINDOWS\system32\flvDX.dll"
Sat 20 Nov 2004 26,112 A..H. --- "C:\WINDOWS\system32\InsD1211.exe"
Tue 15 Nov 2005 26,112 A..H. --- "C:\WINDOWS\system32\InsD1215.exe"
Wed 6 Aug 2003 24,576 A..H. --- "C:\WINDOWS\system32\KCMDNIns.exe"
Wed 16 Nov 2005 24,576 A..HR --- "C:\WINDOWS\system32\Kill1211.exe"
Wed 21 Feb 2007 31,232 ..SHR --- "C:\WINDOWS\system32\msfDX.dll"
Thu 7 Aug 2003 24,576 A..H. --- "C:\WINDOWS\system32\reboot.exe"
Sat 20 Nov 2004 26,112 A..H. --- "C:\WINDOWS\system32\RemD1211.exe"
Tue 15 Nov 2005 26,112 A..H. --- "C:\WINDOWS\system32\RemD1215.exe"
Mon 30 Aug 2004 44,032 A..H. --- "C:\WINDOWS\system32\rescan.exe"
Sat 20 Nov 2004 26,112 A..H. --- "C:\WINDOWS\XDRV\InsD1211.exe"
Tue 15 Nov 2005 26,112 A..H. --- "C:\WINDOWS\XDRV\InsD1215.exe"
Mon 30 Aug 2004 44,032 A..H. --- "C:\WINDOWS\XDRV\rescan.exe"
Sun 23 Mar 2008 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Sun 26 Jun 2005 616,448 ..SHR --- "C:\Program Files\eRightSoft\SUPER\cygwin1.dll"
Tue 21 Jun 2005 45,568 ..SHR --- "C:\Program Files\eRightSoft\SUPER\cygz.dll"
Wed 11 Apr 2007 72,704 ..SHR --- "C:\Program Files\eRightSoft\SUPER\Setup.exe"
Mon 21 Jan 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Tue 4 Jun 2002 84,992 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\14_43260.dll"
Tue 4 Jun 2002 44,032 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\28_83260.dll"
Tue 10 Dec 2002 73,766 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\atrc3260.dll"
Tue 10 Dec 2002 65,575 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\cook3260.dll"
Sun 9 Jun 2002 36,864 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\ddnt3260.dll"
Tue 4 Jun 2002 20,480 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\dnet3260.dll"
Tue 10 Dec 2002 102,437 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\drv13260.dll"
Tue 10 Dec 2002 176,165 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\drv23260.dll"
Tue 10 Dec 2002 208,935 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\drv33260.dll"
Tue 10 Dec 2002 217,127 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\drv43260.dll"
Sun 9 Jun 2002 40,448 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\dspr3260.dll"
Sat 3 Nov 2001 225,280 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\ivvideo.dll"
Tue 10 Apr 2001 225,280 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\qtmlClient.dll"
Fri 20 Feb 2004 232,960 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\raac.dll"
Sun 9 Jun 2002 525,824 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rnco3260.dll"
Tue 10 Dec 2002 245,805 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rnlt3260.dll"
Tue 10 Dec 2002 45,093 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rv103260.dll"
Tue 10 Dec 2002 98,341 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rv203260.dll"
Tue 10 Dec 2002 94,247 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rv303260.dll"
Tue 10 Dec 2002 90,151 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rv403260.dll"
Tue 10 Dec 2002 102,439 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\sipr3260.dll"
Sun 9 Jun 2002 49,152 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\tokr3260.dll"
Thu 5 Jun 2008 857 A..HR --- "C:\Documents and Settings\DVPCMob\Application Data\SecuROM\UserData\securom_v7_01.bak"

Finished!

And this is the HJT log after SDFix has been run.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:02:59, on 10/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Trend Micro\HijackThis\Pegasisscanner.exe.exe
C:\WINDOWS\explorer.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet

Settings,ProxyServer = 10.8.12.9:8080
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class -

{EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program

Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer -

{3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program

Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {5f90c0e3-4c0a-4d54-a8ac-5afe6163a99e} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -

C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: cpmsky browser optimizer -

{7f3c30b7-67ae-2716-d551-30f4d45872f9} -

C:\WINDOWS\system32\{20281ce0-63eb-30d8-3ad8-49eee2712d91}.dll (file

missing)
O2 - BHO: Windows Live Sign-in Helper -

{9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common

Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {B5D7E7ED-9BD8-40E1-944E-C260F526CA9B} -

C:\WINDOWS\system32\opnlIxyx.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program

Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O2 - BHO: Burn4Free Toolbar Helper -

{D187A56B-A33F-4CBE-9D77-459FC0BAE012} - C:\Program Files\Burn4Free

Toolbar\v3.3.0.1\Burn4Free_Toolbar.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program

Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -

C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: (no name) - {1962c5bc-e475-465b-823b-133e711bceb9} - (no

file)
O3 - Toolbar: SweetIM Toolbar for Internet Explorer -

{EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program

Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: Veoh Browser Plug-in -

{D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh

Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: Burn4Free Toolbar - {4F11ACBB-393F-4C86-A214-FF3D0D155CC3} -

C:\Program Files\Burn4Free Toolbar\v3.3.0.1\Burn4Free_Toolbar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut]

HDAShCut.exe
O4 - HKLM\..\Run: [KTPWare] C:\Program Files\Elantech\Ktp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor]

C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe"

-atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program

Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony

Ericsson\Mobile2\Application Launcher\Application Launcher.exe"

/startoptions
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe

bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common

Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media

Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE

(User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE

(User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE

(User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE

(User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel -

res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -

{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} -

C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 -

{e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network

Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program

Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software -

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil

Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program

Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program

Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common

Files\BOONTY Shared\Service\Boonty.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation -

C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Speed Disk service - Symantec Corporation -

C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe

--
End of file - 6811 bytes

Thanks for being patient.

2oldGeek · Jul 8, 2008

Hey Pegasis,

OOOPS, That last HJT Log got screwed up in shipment (I guess). I can’t make heads or tails out of it.

Please send me another HJT Log.. Thanks

2OG

Pegasis · Jul 8, 2008

Oh, Sorry.

Ok here is an HJT log after SDFix was run.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:01:00, on 10/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Elantech\Ktp.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\Pegasisscanner.exe.exe
C:\WINDOWS\system32\rundll32.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet

Settings,ProxyServer = 10.8.12.9:8080
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class -

{EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program

Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer -

{3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program

Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {5f90c0e3-4c0a-4d54-a8ac-5afe6163a99e} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -

C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: cpmsky browser optimizer -

{7f3c30b7-67ae-2716-d551-30f4d45872f9} -

C:\WINDOWS\system32\{20281ce0-63eb-30d8-3ad8-49eee2712d91}.dll (file

missing)
O2 - BHO: (no name) - {827DAE13-4341-47A7-B404-D2977F6048F3} -

C:\WINDOWS\system32\opnlIxyx.dll
O2 - BHO: Windows Live Sign-in Helper -

{9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common

Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program

Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O2 - BHO: Burn4Free Toolbar Helper -

{D187A56B-A33F-4CBE-9D77-459FC0BAE012} - C:\Program Files\Burn4Free

Toolbar\v3.3.0.1\Burn4Free_Toolbar.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program

Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -

C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: (no name) - {1962c5bc-e475-465b-823b-133e711bceb9} - (no

file)
O3 - Toolbar: SweetIM Toolbar for Internet Explorer -

{EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program

Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: Veoh Browser Plug-in -

{D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh

Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: Burn4Free Toolbar - {4F11ACBB-393F-4C86-A214-FF3D0D155CC3} -

C:\Program Files\Burn4Free Toolbar\v3.3.0.1\Burn4Free_Toolbar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut]

HDAShCut.exe
O4 - HKLM\..\Run: [KTPWare] C:\Program Files\Elantech\Ktp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor]

C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe"

-atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program

Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony

Ericsson\Mobile2\Application Launcher\Application Launcher.exe"

/startoptions
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe

bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common

Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media

Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE

(User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE

(User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE

(User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE

(User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel -

res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -

{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} -

C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 -

{e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network

Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program

Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software -

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil

Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program

Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program

Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common

Files\BOONTY Shared\Service\Boonty.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation -

C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Speed Disk service - Symantec Corporation -

C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe

--
End of file - 7148 bytes

2oldGeek · Jul 8, 2008

We got a little problem, Pegasis,
I cannot read the HJT Log, it’s completely FUBR.
SDFix found and deleted this file:

C:\WINDOWS\system32\drivers\clbdriver.sys

Description: Identified as a variant of the Rootkit.Win32.Clbd.cx rootkit.

Now the “Nasty” is pissed off and screwing things up as far as being able to read the Log.

Do you have a System Restore point that is before the time you ran the SDFix??

If so, please restore your computer to an earlier time and we will try to remove the rootkit before it can mess things up again..

Rootkits are difficult to remove and sometimes one must reformat/reinstall in order to get rid of them..

Step back a notch and keep your fingers crossed.. If you decide to fight it…
EDIT Stop the presses! I have recovered all but a couple of lines. Don't restore just yet! Let me see if I can use it... Hold on..
2OG

2oldGeek · Jul 8, 2008

OK Pegasis,

I got the HJT Log fixed so I could read it. Let’s try to get rid of the Rootkit before moving on:

Download ComboFix from -> Here to your Desktop.
• Double click combofix.exe and follow the prompts.
• When finished, it shall produce a log for you. Post the Combofix log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall

2OG

Pegasis · Jul 8, 2008

Ok here are the other 2 logs.

First this is the log from CombiFix

ComboFix 08-07-07.3 - DVPCMob 2008-07-09 1:21:37.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.233 [GMT 1:00]
Running from: C:\Documents and Settings\DVPCMob\My Documents\Downloads\All Spyware stuff\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\clbinit.dll
C:\WINDOWS\system32\ldpackage.dll
C:\WINDOWS\system32\model.dat
C:\WINDOWS\system32\opnlIxyx.dll
C:\WINDOWS\system32\xyxIlnpo.ini
C:\WINDOWS\system32\xyxIlnpo.ini2

.
((((((((((((((((((((((((( Files Created from 2008-06-09 to 2008-07-09 )))))))))))))))))))))))))))))))
.

2008-07-05 00:23 . 2008-05-08 23:29 3,584 --a------ C:\WINDOWS\system32\tmp.reg
2008-07-05 00:21 . 2008-05-08 23:32 <DIR> d-------- C:\SmitfraudFix
2008-07-05 00:21 . 2008-04-11 15:37 1,307,936 --a------ C:\SmitfraudFix.exe
2008-07-04 22:25 . 2008-07-05 01:12 347 --ahs---- C:\WINDOWS\system32\vDggOXyb.ini
2008-07-04 22:19 . 2004-08-04 13:00 4,224 --a------ C:\WINDOWS\system32\beep.sys
2008-07-03 23:58 . 2008-07-03 23:58 <DIR> d-------- C:\Program Files\Real
2008-07-03 23:58 . 2008-07-03 23:58 <DIR> d-------- C:\Program Files\Common Files\xing shared
2008-07-03 23:29 . 2008-07-03 23:29 <DIR> d-------- C:\Program Files\DivX
2008-06-29 19:52 . 2008-06-29 20:55 <DIR> d-------- C:\Program Files\Bus Driver
2008-06-26 00:11 . 2008-06-26 00:11 <DIR> d-------- C:\Program Files\OpenAL
2008-06-26 00:11 . 2008-06-26 00:11 413,696 --a------ C:\WINDOWS\system32\wrap_oal.dll
2008-06-26 00:11 . 2008-06-26 00:11 110,592 --a------ C:\WINDOWS\system32\OpenAL32.dll
2008-06-25 19:12 . 2008-06-25 19:20 <DIR> d-------- C:\WINDOWS\system32\Adobe
2008-06-25 18:56 . 2008-06-25 18:56 <DIR> d-------- C:\Program Files\Common Files\BOONTY Shared
2008-06-25 18:56 . 2008-06-25 18:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\BOONTY
2008-06-25 18:52 . 2008-06-25 23:25 <DIR> d-------- C:\Program Files\BoontyGames
2008-06-25 18:52 . 2008-06-25 18:52 <DIR> d-------- C:\Program Files\Boonty
2008-06-25 16:59 . 2008-06-25 16:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Trymedia
2008-06-23 23:12 . 2008-06-23 23:12 <DIR> d-------- C:\Documents and Settings\DVPCMob\Application Data\ImgBurn
2008-06-23 23:10 . 2008-06-23 23:10 <DIR> d-------- C:\Program Files\ImgBurn
2008-06-23 22:46 . 2008-06-23 22:46 <DIR> d-------- C:\Program Files\Burn4Free Toolbar
2008-06-23 22:46 . 2008-06-23 22:46 <DIR> d-------- C:\Program Files\Burn4Free
2008-06-23 22:46 . 2008-06-23 22:46 232,075 --a------ C:\WINDOWS\Burn4Free_Toolbar_Uninstaller_2921.exe
2008-06-21 14:18 . 2008-06-21 14:18 <DIR> d-------- C:\WINDOWS\Sun
2008-06-20 23:11 . 2008-06-23 21:29 <DIR> d-------- C:\Program Files\eMule
2008-06-20 22:47 . 2008-06-20 22:47 <DIR> d-------- C:\Documents and Settings\DVPCMob\inis
2008-06-20 00:25 . 2008-07-02 16:04 43,520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2008-06-14 17:08 . 2008-07-03 23:29 1,492 --a------ C:\WINDOWS\mozver.dat
2008-06-14 17:07 . 2008-06-14 17:07 <DIR> d-------- C:\Documents and Settings\DVPCMob\Application Data\Talkback
2008-06-14 17:06 . 2008-06-14 17:06 0 --a------ C:\WINDOWS\nsreg.dat
2008-06-14 03:44 . 2007-10-12 15:14 3,734,536 --a------ C:\WINDOWS\system32\d3dx9_36.dll
2008-06-14 03:44 . 2007-07-19 18:14 3,727,720 --a------ C:\WINDOWS\system32\d3dx9_35.dll
2008-06-14 03:44 . 2007-10-12 15:14 1,374,232 --a------ C:\WINDOWS\system32\D3DCompiler_36.dll
2008-06-14 03:44 . 2007-07-19 18:14 1,358,192 --a------ C:\WINDOWS\system32\D3DCompiler_35.dll
2008-06-14 03:44 . 2007-10-02 09:56 444,776 --a------ C:\WINDOWS\system32\d3dx10_36.dll
2008-06-14 03:44 . 2007-07-19 18:14 444,776 --a------ C:\WINDOWS\system32\d3dx10_35.dll
2008-06-14 03:44 . 2007-07-20 00:57 267,112 --a------ C:\WINDOWS\system32\xactengine2_9.dll
2008-06-14 03:44 . 2007-06-20 20:46 266,088 --a------ C:\WINDOWS\system32\xactengine2_8.dll
2008-06-14 03:44 . 2007-10-22 03:37 17,928 --a------ C:\WINDOWS\system32\X3DAudio1_2.dll
2008-06-14 03:43 . 2007-05-16 16:45 3,497,832 --a------ C:\WINDOWS\system32\d3dx9_34.dll
2008-06-14 03:43 . 2007-05-16 16:45 1,124,720 --a------ C:\WINDOWS\system32\D3DCompiler_34.dll
2008-06-14 03:43 . 2007-05-16 16:45 443,752 --a------ C:\WINDOWS\system32\d3dx10_34.dll
2008-06-14 03:43 . 2007-04-04 18:55 261,480 --a------ C:\WINDOWS\system32\xactengine2_7.dll
2008-06-14 03:43 . 2007-04-04 18:53 81,768 --a------ C:\WINDOWS\system32\xinput1_3.dll
2008-06-14 03:42 . 2007-03-12 16:42 3,495,784 --a------ C:\WINDOWS\system32\d3dx9_33.dll
2008-06-14 03:42 . 2006-09-28 16:05 2,414,360 --a------ C:\WINDOWS\system32\d3dx9_31.dll
2008-06-14 03:42 . 2007-03-12 16:42 1,123,696 --a------ C:\WINDOWS\system32\D3DCompiler_33.dll
2008-06-14 03:42 . 2007-03-15 16:57 443,752 --a------ C:\WINDOWS\system32\d3dx10_33.dll
2008-06-14 03:42 . 2007-01-24 15:27 255,848 --a------ C:\WINDOWS\system32\xactengine2_6.dll
2008-06-14 03:42 . 2006-12-08 12:02 251,672 --a------ C:\WINDOWS\system32\xactengine2_5.dll
2008-06-14 03:42 . 2006-09-28 16:05 237,848 --a------ C:\WINDOWS\system32\xactengine2_4.dll
2008-06-14 03:42 . 2007-03-05 12:42 15,128 --a------ C:\WINDOWS\system32\x3daudio1_1.dll
2008-06-14 03:41 . 2008-06-14 03:41 <DIR> d-------- C:\WINDOWS\Logs
2008-06-14 03:38 . 2008-06-14 03:39 <DIR> d--h-c--- C:\Documents and Settings\All Users\Application Data\{D2A9AAE9-BAF5-4CBE-8CC4-9314EE287B09}
2008-06-12 21:50 . 2008-06-12 21:50 <DIR> d-------- C:\Program Files\Veoh Networks
2008-06-12 21:33 . 2008-06-12 21:33 <DIR> d-------- C:\Documents and Settings\DVPCMob\Application Data\Conceiva
2008-06-11 01:04 . 2008-06-11 01:04 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
2008-06-11 01:04 . 2008-06-11 01:04 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-03 22:58 --------- d-----w C:\Program Files\Common Files\Real
2008-07-02 15:09 --------- d-----w C:\Documents and Settings\DVPCMob\Application Data\uTorrent
2008-06-25 18:35 --------- d-----w C:\Documents and Settings\DVPCMob\Application Data\LimeWire
2008-06-23 20:40 --------- d-----w C:\Program Files\Java
2008-06-23 20:36 --------- d-----w C:\Program Files\Steinberg
2008-06-23 20:30 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-10 20:47 --------- d-----w C:\Documents and Settings\DVPCMob\Application Data\dvdcss
2008-06-04 22:58 --------- d-----w C:\Documents and Settings\DVPCMob\Application Data\Command & Conquer 3 Tiberium Wars
2008-06-04 22:41 --------- d--h--r C:\Documents and Settings\DVPCMob\Application Data\SecuROM
2008-05-31 22:29 --------- d-----w C:\Program Files\SweetIM
2008-05-31 22:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\SweetIM
2008-05-31 00:29 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-05-31 00:28 --------- d-----w C:\Program Files\Norton SystemWorks
2008-05-30 23:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-05-30 21:42 --------- d-----w C:\Program Files\Alwil Software
2008-05-30 21:26 --------- d-----w C:\Program Files\Google
2008-05-30 21:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avg7
2008-05-18 11:16 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
2008-05-17 19:51 --------- d-----w C:\Program Files\Motorama
2008-05-17 19:49 --------- d-----w C:\Program Files\iPod
2008-05-16 23:47 94,208 ----a-w C:\WINDOWS\DIIUnin.exe
2008-05-16 23:47 2,829 ----a-w C:\WINDOWS\DIIUnin.pif
2008-05-09 22:24 --------- d-----w C:\Documents and Settings\Administrator.MARKTHAIN\Application Data\Sony Ericsson
2008-05-09 22:06 --------- d-----w C:\Program Files\Trend Micro
2008-04-09 22:50 286,720 ------w C:\WINDOWS\Setup1.exe
2008-01-21 14:27 25,440 ----a-w C:\Documents and Settings\DVPCMob\Application Data\GDIPFONTCACHEV1.DAT
2006-05-03 09:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
2007-02-21 10:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D187A56B-A33F-4CBE-9D77-459FC0BAE012}]
2008-06-23 22:46 806912 --a------ C:\Program Files\Burn4Free Toolbar\v3.3.0.1\Burn4Free_Toolbar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2008-03-27 14:12 1164600 --a------ C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-03-27 14:12 1164600]
"{4F11ACBB-393F-4C86-A214-FF3D0D155CC3}"= "C:\Program Files\Burn4Free Toolbar\v3.3.0.1\Burn4Free_Toolbar.dll" [2008-06-23 22:46 806912]

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]

[HKEY_CLASSES_ROOT\clsid\{4f11acbb-393f-4c86-a214-ff3d0d155cc3}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-03-27 14:12 1164600]
"{4F11ACBB-393F-4C86-A214-FF3D0D155CC3}"= "C:\Program Files\Burn4Free Toolbar\v3.3.0.1\Burn4Free_Toolbar.dll" [2008-06-23 22:46 806912]

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]

[HKEY_CLASSES_ROOT\clsid\{4f11acbb-393f-4c86-a214-ff3d0d155cc3}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 21:05 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-01-23 03:36 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-01-23 03:31 126976]
"KTPWare"="C:\Program Files\Elantech\Ktp.exe" [2005-04-04 04:51 253952]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 12:50 155648]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2006-05-23 16:57 100056]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-02-01 00:13 385024]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2006-11-24 02:06 487424]
"SweetIM"="C:\Program Files\SweetIM\Messenger\SweetIM.exe" [2008-03-27 19:31 111928]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-07-03 23:58 185896]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 18:07 61952 C:\WINDOWS\system32\HdAShCut.exe]
"RTHDCPL"="RTHDCPL.EXE" [2005-09-22 13:36 14854144 C:\WINDOWS\RTHDCPL.EXE]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 13:00 110592 C:\WINDOWS\system32\bthprops.cpl]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00 15360]
"ALUAlert"="C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe" [2002-08-07 09:04 54936]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 10:13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= i420vfw.dll
"vidc.yv12"= yv12vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
--a------ 2002-08-19 22:22 50880 C:\Program Files\Common Files\Symantec Shared\ccApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccRegVfy]
--a------ 2002-08-19 22:23 34504 C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2008-04-11 00:38 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CHotkey]
--a------ 2001-12-26 15:12 472576 C:\WINDOWS\mHotkey.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"NProtectService"=2 (0x2)
"navapsvc"=3 (0x3)
"IDriverT"=3 (0x3)
"gusvc"=3 (0x3)
"ccPwdSvc"=3 (0x3)
"ccEvtMgr"=2 (0x2)
"Belkin 54Mbps Wireless USB"=2 (0x2)
"SNDSrvc"=3 (0x3)
"ImapiService"=3 (0x3)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"D:\\Archlord\\Archlord.exe"=
"C:\\WINDOWS\\system32\\dpnsvr.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 00:20]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 00:16]
R3 Ktp;Elantech Touchpad;C:\WINDOWS\system32\DRIVERS\Ktp.sys [2005-04-19 10:24]
R3 ZD1211BU(ZyDAS);ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ZyDAS);C:\WINDOWS\system32\DRIVERS\zd1211Bu.sys [2005-10-28 12:38]
S3 Boonty Games;Boonty Games;C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe [2008-06-25 18:56]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\Shell\AutoRun\command - G:\theory.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b5932dc2-6bc2-11da-9872-806d6172696f}]
\Shell\AutoRun\command - E:\NCDSTART.EXE

.
Contents of the 'Scheduled Tasks' folder
"2008-05-08 12:40:00 C:\WINDOWS\Tasks\New Task.job"
"2008-07-09 00:30:28 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
- - - - ORPHANS REMOVED - - - -

BHO-{7f3c30b7-67ae-2716-d551-30f4d45872f9} - C:\WINDOWS\system32\{20281ce0-63eb-30d8-3ad8-49eee2712d91}.dll
MSConfigStartUp-AntiSpywareShield - C:\Program Files\AntiSpywareShield\AntiSpywareShield.exe
MSConfigStartUp-Getca - C:\Program Files\BELKIN USB Wireless Monitor\InfoMyCa.exe

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-09 01:27:16
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\PROGRA~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\rundll32.exe
.
**************************************************************************
.
Completion time: 2008-07-09 1:34:23 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-09 00:34:17

Pre-Run: 1,589,252,096 bytes free
Post-Run: 2,257,203,200 bytes free

240 --- E O F --- 2008-04-10 23:46:54

And here is the log from HJT after CombiFix had been run.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:35:30, on 09/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Elantech\Ktp.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\Pegasisscanner.exe.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.8.12.9:8080
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O2 - BHO: Burn4Free Toolbar Helper - {D187A56B-A33F-4CBE-9D77-459FC0BAE012} - C:\Program Files\Burn4Free Toolbar\v3.3.0.1\Burn4Free_Toolbar.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: Burn4Free Toolbar - {4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - C:\Program Files\Burn4Free Toolbar\v3.3.0.1\Burn4Free_Toolbar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [KTPWare] C:\Program Files\Elantech\Ktp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe

--
End of file - 6965 bytes

Here they are, thanks for your time and patience. this problem is a lot bigger than i thought.

2oldGeek · Jul 8, 2008

Hi Pegasis,

Well the real problem has been taken care of. This should get all the stragglers:

Boonty Games. Adware, Spyware, Malware. Very Important:

Will not uninstall from Add/Remove programs. This is from their Privacy Policy. "We also may share payment information with third parties who provide payment services and share aggregate data regarding the type and number of videogames you download, your age, gender, occupation, education level, geographic location, computer equipment data and on-line and video game interests, activities and practices to game publishers. In addition, we share e-mail addresses with third party e-mail carriers who assist us in sending out our e-mails to many of our customers at the same time. Subsidiaries and controlled affiliates are not viewed as third parties for the purpose of data transfers, and hence personal information may be shared within those subsidiaries and affiliates without obtaining additional consent."

Fix entries using HiJackThis[/b]

Launch HiJackThis
Click the Do a system scan only button
Put a check next to the entries listed below:

O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe

IMPORTANT: Do NOT click fix]/b] until you exit all browser sessions including the one you are reading in right now
Click the Fix checked button and close HiJackThis

LimeWire
You have LimeWire, a P2P/file sharing programs installed on your computer. P2P apps like it are the largest source of malware we see. You'll be doing yourself a favor by removing it.

I would recommend that you uninstall LimeWire, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.

If you wish to keep it, That’s up to you…

Click Start > Run > and type in:

services.msc

Click OK.

In the services window scroll and find this exact name

Boonty Games

Rightclick and choose "Properties". Beside "Startup Type" in the dropdown menu select "Disabled". On the "General" tab under "Service Status" click the "Stop" button to stop the service. Click Apply then OK. File-Exit the Services utility.

Next:
Please copy and paste the text in the code box into Notepad (Go to Start > Run, type Notepad and hit Enter)

Code:

@echo off sc stop "Boonty Games" sc delete "Boonty Games"

Go to File > Save As:. Save the file as "Fix.bat" (Including the quotes)

Double-click on Fix.bat to run the file.

DownLoad Killbox from one of these links

HERE or
HERE

Restart your computer into safe mode now. (Tapping F8 at the first black screen) Perform the following steps in safe mode:

Double-click on Killbox.exe to run it. Now put a tick by Standard File Kill. In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time then click on the button that has the red circle with the X in the middle after you enter each file. It will ask for confirmation to delete the file. Click Yes. Continue with that same procedure until you have copied and pasted all of these in the "Paste Full Path of File to Delete" box.

C:\Program Files\Common Files\BOONTY Shared
C:\WINDOWS\system32\opnlIxyx.dll

Note: It is possible that Killbox will tell you that one or more files do not exist. If that happens, just continue on with all the files. Be sure you don't miss any.

clean up the Windows Temp folder

Go to -> START –> RUN –> type in %temp% -> OK -> Edit –> Select all –> File –> Delete

Fire back a HJT Log and that should be about all of it.

2OG

Log in or Sign up

Task manager Processess

Pegasis Regular member

GrandpaBW Active member

Pegasis Regular member

Pegasis Regular member

borhan9 Active member

LOCOENG Moderator Staff Member

Pegasis Regular member

Pegasis Regular member

2oldGeek Active member

Pegasis Regular member

2oldGeek Active member

2oldGeek Active member

Pegasis Regular member

Pegasis Regular member

2oldGeek Active member

Pegasis Regular member

2oldGeek Active member

2oldGeek Active member

Pegasis Regular member

2oldGeek Active member

Share This Page

Log in or Sign up

Task manager Processess

Pegasis Regular member

GrandpaBW Active member

Pegasis Regular member

Pegasis Regular member

borhan9 Active member

LOCOENG Moderator Staff Member

Pegasis Regular member

Pegasis Regular member

2oldGeek Active member

Pegasis Regular member

2oldGeek Active member

2oldGeek Active member

Pegasis Regular member

Pegasis Regular member

2oldGeek Active member

Pegasis Regular member

2oldGeek Active member

2oldGeek Active member

Pegasis Regular member

2oldGeek Active member

Share This Page

Useful Searches