I intend to install bitdefender v 10 but i cant run it although i already installed, i cant uninstall it either, so i guess i'm encounter virus, pls help me.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:50:40 PM, on 7/18/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\necmfk\necmfk.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\Apoint2K\HidFind.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Xerox\Xerox WorkCentre PE220 Series\RCP\Scan2Pc.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Softwin\BitDefender10\bdagent.exe
C:\WINDOWS\NCLAUNCH.EXe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: AddTask Class - {24F06550-65E3-4D1C-8CFE-839C296B5530} - C:\Program Files\eREAD6.0\eREAD6.0\IEeREAD.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: Nothing - {686a161d-5bd1-4999-8832-6393f41e564c} - C:\WINDOWS\System32\hp100.tmp (file missing)
O2 - BHO: AddTask Class - {6A19C29D-ED45-4483-8999-9F939C8161F2} - C:\Program Files\eREAD6.0\eREAD6.0\WebHook.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {83314D5C-DFD5-4D66-9F6D-8311F004C905} - (no file)
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll (file missing)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [NECMFK] C:\Program Files\necmfk\necmfk.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [AdwareAlert] C:\Program Files\AdwareAlert\AdwareAlert.Exe -boot
O4 - HKLM\..\Run: [BDSwitchAgent] "C:\PROGRA~1\Softwin\BITDEF~1\bdswitch.exe"
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [WhitneyXerox_S2P] C:\Program Files\Xerox\Xerox WorkCentre PE220 Series\RCP\Scan2Pc.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [BDMCon] C:\PROGRA~1\Softwin\BITDEF~2\bdmcon.exe
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe
O4 - HKCU\..\Run: [lbvlxnl] c:\windows\grljimb.exe
O4 - HKCU\..\Run: [wqgroix] c:\windows\grljimb.exe
O4 - HKCU\..\Run: [ehokasy] c:\windows\grljimb.exe
O4 - HKCU\..\Run: [mvquqbt] c:\windows\grljimb.exe
O4 - HKCU\..\Run: [gubluig] c:\windows\grljimb.exe
O4 - HKCU\..\Run: [ffjdrbc] c:\windows\grljimb.exe
O4 - HKCU\..\Run: [yjfmwel] c:\windows\grljimb.exe
O4 - HKCU\..\Run: [aatntai] c:\windows\grljimb.exe
O4 - HKCU\..\Run: [adpkavi] c:\windows\grljimb.exe
O4 - HKCU\..\Run: [wfiugqi] c:\windows\grljimb.exe
O4 - HKCU\..\Run: [vmdlfeu] c:\windows\grljimb.exe
O4 - HKCU\..\Run: [bvbqlhj] c:\windows\grljimb.exe
O4 - HKCU\..\Run: [ljebmxs] c:\windows\grljimb.exe
O4 - HKCU\..\Run: [bowbayl] c:\windows\grljimb.exe <---- too many this lines, i cut the middle part

O4 - HKCU\..\Run: [yyoalje] c:\windows\gfcgnoh.exe
O4 - HKCU\..\Run: [srwxmia] c:\windows\gfcgnoh.exe
O4 - HKCU\..\Run: [fjmpxoq] c:\windows\gfcgnoh.exe
O4 - HKCU\..\Run: [hnwmroh] c:\windows\gfcgnoh.exe
O4 - HKCU\..\Run: [wmbyend] c:\windows\gfcgnoh.exe
O4 - HKCU\..\Run: [eyrpmxw] c:\windows\gfcgnoh.exe
O4 - HKCU\..\Run: [dnjrkpk] c:\windows\gfcgnoh.exe
O4 - HKCU\..\Run: [gbiedjt] c:\windows\gfcgnoh.exe
O4 - HKCU\..\Run: [hcbehwm] c:\windows\gfcgnoh.exe
O4 - HKCU\..\Run: [adrflne] c:\windows\gfcgnoh.exe
O4 - HKCU\..\Run: [blltldy] c:\windows\gfcgnoh.exe
O4 - HKCU\..\Run: [fhisooe] c:\windows\gfcgnoh.exe
O4 - HKCU\..\Run: [lkehuwt] c:\windows\gfcgnoh.exe
O4 - HKCU\..\Run: [rsgrpex] c:\windows\gfcgnoh.exe
O4 - HKCU\..\Run: [rpvlbvd] c:\windows\gfcgnoh.exe
O4 - HKCU\..\Run: [ydghwhx] c:\windows\gfcgnoh.exe
O4 - HKCU\..\Run: [vsmmnxv] c:\windows\gfcgnoh.exe
O4 - HKCU\..\Run: [fgmokly] c:\windows\gfcgnoh.exe
O4 - HKCU\..\Run: [iussetb] c:\windows\gfcgnoh.exe
O4 - HKCU\..\Run: [rngcpsv] c:\windows\gfcgnoh.exe
O4 - HKCU\..\Run: [cptlcya] c:\windows\gfcgnoh.exe
O4 - HKCU\..\Run: [mphrjyb] c:\windows\gfcgnoh.exe
O4 - HKCU\..\Run: [svlhgqn] c:\windows\gfcgnoh.exe
O4 - HKCU\..\Run: [kcidoxe] c:\windows\gfcgnoh.exe
O4 - HKCU\..\Run: [kbrknwi] c:\windows\gfcgnoh.exe
O4 - HKCU\..\Run: [iktepsb] c:\windows\gfcgnoh.exe
O4 - HKCU\..\Run: [psccajd] c:\windows\gfcgnoh.exe
O4 - HKCU\..\Run: [tmvgqaw] c:\windows\gfcgnoh.exe
O4 - HKCU\..\Run: [nebyvys] c:\windows\gfcgnoh.exe
O4 - HKCU\..\Run: [wrenrnc] c:\windows\gfcgnoh.exe
O4 - HKCU\..\Run: [neepall] c:\windows\gfcgnoh.exe
O4 - HKCU\..\Run: [rtiampw] c:\windows\gfcgnoh.exe
O4 - HKCU\..\Run: [envcwgd] c:\windows\gfcgnoh.exe
O4 - HKCU\..\Run: [oyflfpv] c:\windows\gfcgnoh.exe
O4 - HKCU\..\Run: [kcgpnje] c:\windows\gfcgnoh.exe
O4 - HKCU\..\Run: [cyyqbnd] c:\windows\gfcgnoh.exe
O4 - HKCU\..\Run: [ymocycv] c:\windows\gfcgnoh.exe
O4 - HKCU\..\Run: [lcgrnuq] c:\windows\gfcgnoh.exe
O4 - HKCU\..\Run: [ibubcdh] c:\windows\gfcgnoh.exe
O4 - HKCU\..\Run: [plqcnxv] c:\windows\gfcgnoh.exe
O4 - HKCU\..\Run: [vvkjmmm] c:\windows\gfcgnoh.exe
O4 - HKCU\..\Run: [hhlfkfr] c:\windows\gfcgnoh.exe
O4 - HKCU\..\Run: [eqrecpn] c:\windows\gfcgnoh.exe
O4 - HKCU\..\Run: [chbrrut] c:\windows\gfcgnoh.exe
O4 - HKCU\..\Run: [bdhqqok] c:\windows\gfcgnoh.exe
O4 - HKCU\..\Run: [xxaxsmf] c:\windows\gfcgnoh.exe
O4 - HKCU\..\Run: [ixbgudc] c:\windows\gfcgnoh.exe
O4 - HKCU\..\Run: [pwdlyqg] c:\windows\gfcgnoh.exe
O4 - HKCU\..\Run: [nafqhbr] c:\windows\gfcgnoh.exe
O4 - HKCU\..\Run: [dshtgkr] c:\windows\gfcgnoh.exe
O4 - HKCU\..\Run: [iwttrpg] c:\windows\gfcgnoh.exe
O4 - HKCU\..\Run: [vgbrupj] c:\windows\gfcgnoh.exe
O4 - HKCU\..\Run: [vxjehqn] c:\windows\gfcgnoh.exe
O4 - HKCU\..\Run: [gibldcb] c:\windows\gfcgnoh.exe
O4 - HKCU\..\Run: [rwkciji] c:\windows\gfcgnoh.exe
O4 - HKCU\..\Run: [xmkdoyk] c:\windows\gfcgnoh.exe
O4 - HKCU\..\Run: [uhjynne] c:\windows\gfcgnoh.exe
O4 - HKCU\..\Run: [wrorttu] c:\windows\gfcgnoh.exe
O4 - HKCU\..\Run: [icppbgy] c:\windows\gfcgnoh.exe
O4 - HKCU\..\Run: [cfntcvt] c:\windows\gfcgnoh.exe
O4 - HKCU\..\Run: [ycjtlpj] c:\windows\gfcgnoh.exe
O4 - HKCU\..\Run: [pmavmvh] c:\windows\gfcgnoh.exe
O4 - HKCU\..\Run: [mveomhg] c:\windows\gfcgnoh.exe
O4 - HKCU\..\Run: [lbmxmgf] c:\windows\gfcgnoh.exe
O4 - HKCU\..\Run: [rfjcrik] c:\windows\gfcgnoh.exe
O4 - HKCU\..\Run: [oogbbru] c:\windows\gfcgnoh.exe
O4 - HKCU\..\Run: [kggaoaw] c:\windows\gfcgnoh.exe
O4 - HKCU\..\Run: [kaobtuc] c:\windows\gfcgnoh.exe
O4 - HKCU\..\Run: [kyfgwsg] c:\windows\gfcgnoh.exe
O4 - HKCU\..\Run: [imobnuw] c:\windows\gfcgnoh.exe
O4 - HKCU\..\Run: [vlntuxm] c:\windows\gfcgnoh.exe
O4 - HKCU\..\Run: [sxdqmcq] c:\windows\gfcgnoh.exe
O4 - HKCU\..\Run: [qnaijcx] c:\windows\gfcgnoh.exe
O4 - HKCU\..\Run: [jvigyij] c:\windows\gfcgnoh.exe
O4 - HKCU\..\Run: [weljiwr] c:\windows\gfcgnoh.exe
O4 - HKCU\..\Run: [xyyklbx] c:\windows\gfcgnoh.exe
O4 - HKCU\..\Run: [ogcaqhm] c:\windows\gfcgnoh.exe
O4 - HKCU\..\Run: [ypolyrq] c:\windows\gfcgnoh.exe
O4 - HKCU\..\Run: [rckalrj] c:\windows\gfcgnoh.exe
O4 - HKCU\..\Run: [danwole] c:\windows\gfcgnoh.exe
O4 - HKCU\..\Run: [rhjrjij] c:\windows\gfcgnoh.exe
O4 - HKCU\..\Run: [swwcmpv] c:\windows\gfcgnoh.exe
O4 - HKCU\..\Run: [ajwigju] c:\windows\gfcgnoh.exe
O4 - HKCU\..\Run: [pbysgjb] c:\windows\gfcgnoh.exe
O4 - HKCU\..\Run: [lwmevpm] c:\windows\gfcgnoh.exe
O4 - HKCU\..\Run: [iavukbc] c:\windows\gfcgnoh.exe
O4 - HKCU\..\Run: [ayqqjqu] c:\windows\gfcgnoh.exe
O4 - HKCU\..\Run: [psnghmo] c:\windows\gfcgnoh.exe
O4 - HKCU\..\Run: [cvyutol] c:\windows\gfcgnoh.exe
O4 - HKCU\..\Run: [ffbtkfo] c:\windows\gfcgnoh.exe
O4 - HKCU\..\Run: [xfaptlc] c:\windows\gfcgnoh.exe
O4 - HKCU\..\Run: [apmsptp] c:\windows\gfcgnoh.exe
O4 - HKCU\..\Run: [ibjiwyt] c:\windows\gfcgnoh.exe
O4 - HKCU\..\Run: [ixjglgs] c:\windows\gfcgnoh.exe
O4 - HKCU\..\Run: [tcwhfgg] c:\windows\gfcgnoh.exe
O4 - HKCU\..\Run: [xxnctqw] c:\windows\gfcgnoh.exe
O4 - HKCU\..\Run: [usnxuly] c:\windows\gfcgnoh.exe
O4 - HKCU\..\Run: [rhdwonp] c:\windows\gfcgnoh.exe
O4 - HKCU\..\Run: [vtdbeqc] c:\windows\gfcgnoh.exe
O4 - HKCU\..\Run: [lpxbqpe] c:\windows\gfcgnoh.exe
O4 - HKCU\..\Run: [bevxktw] c:\windows\gfcgnoh.exe
O4 - HKCU\..\Run: [fnfiphu] c:\windows\gfcgnoh.exe
O4 - HKCU\..\Run: [tcpohos] c:\windows\gfcgnoh.exe
O4 - HKCU\..\Run: [kbotjpm] c:\windows\gfcgnoh.exe
O4 - HKCU\..\Run: [bvfawnu] c:\windows\gfcgnoh.exe
O4 - HKCU\..\Run: [eojjtvw] c:\windows\gfcgnoh.exe
O4 - HKCU\..\Run: [uwkrjau] c:\windows\gfcgnoh.exe
O4 - HKCU\..\Run: [ykiesml] c:\windows\gfcgnoh.exe
O4 - HKCU\..\Run: [wblxfjn] c:\windows\gfcgnoh.exe
O4 - HKCU\..\Run: [gdkxkcj] c:\windows\gfcgnoh.exe
O4 - HKCU\..\Run: [vmbjqeu] c:\windows\gfcgnoh.exe
O4 - HKCU\..\Run: [gbembjf] c:\windows\gfcgnoh.exe
O4 - HKCU\..\Run: [pgkpslv] c:\windows\gfcgnoh.exe
O4 - HKCU\..\Run: [wogrscd] c:\windows\gfcgnoh.exe
O4 - HKCU\..\Run: [wfsqycy] c:\windows\gfcgnoh.exe
O4 - HKCU\..\Run: [fyinsfr] c:\windows\gfcgnoh.exe
O4 - HKCU\..\Run: [ppcxfcl] c:\windows\gfcgnoh.exe
O4 - HKCU\..\Run: [dyfjhgk] c:\windows\gfcgnoh.exe
O4 - HKCU\..\Run: [uokqbbs] c:\windows\gfcgnoh.exe
O4 - HKCU\..\Run: [fjmjeea] c:\windows\gfcgnoh.exe
O4 - HKCU\..\Run: [qiwwdvf] c:\windows\gfcgnoh.exe
O4 - HKCU\..\Run: [hvfmbya] c:\windows\gfcgnoh.exe
O4 - HKCU\..\Run: [cbxhjyt] c:\windows\gfcgnoh.exe
O4 - HKCU\..\Run: [rubkcyi] c:\windows\gfcgnoh.exe
O4 - HKCU\..\Run: [iewfrik] c:\windows\gfcgnoh.exe
O4 - HKCU\..\Run: [oivkqco] c:\windows\gfcgnoh.exe
O4 - HKCU\..\Run: [ssutbtl] c:\windows\xuktlgf.exe
O4 - HKCU\..\Run: [axgjikd] c:\windows\xuktlgf.exe
O4 - HKCU\..\Run: [fvndiqr] c:\windows\xuktlgf.exe
O4 - HKCU\..\Run: [atqahnk] c:\windows\xuktlgf.exe
O4 - HKCU\..\Run: [frlerqj] c:\windows\xuktlgf.exe
O4 - HKCU\..\Run: [rfgjojs] c:\windows\xuktlgf.exe
O4 - HKCU\..\Run: [eeeeldu] c:\windows\xuktlgf.exe
O4 - HKCU\..\Run: [syrtgtu] c:\windows\pfivjeq.exe
O4 - HKCU\..\Run: [ingbdtp] c:\windows\pfivjeq.exe
O4 - HKCU\..\Run: [gxhbtfl] c:\windows\pfivjeq.exe
O4 - HKCU\..\Run: [abrtoly] c:\windows\pfivjeq.exe
O4 - HKCU\..\Run: [srglsdu] c:\windows\pfivjeq.exe
O4 - HKCU\..\Run: [cgwudrd] c:\windows\pfivjeq.exe
O4 - HKCU\..\Run: [obnqrsp] c:\windows\pfivjeq.exe
O4 - HKCU\..\Run: [dbbvaqo] c:\windows\pfivjeq.exe
O4 - HKCU\..\Run: [uarjfhk] c:\windows\pfivjeq.exe
O4 - HKCU\..\Run: [hpwrnln] c:\windows\pfivjeq.exe
O4 - HKCU\..\Run: [swjsopa] c:\windows\pfivjeq.exe
O4 - HKCU\..\Run: [dhajpix] c:\windows\pfivjeq.exe
O4 - HKCU\..\Run: [pvcbqrj] c:\windows\pfivjeq.exe
O4 - HKCU\..\Run: [rleplvb] c:\windows\pfivjeq.exe
O4 - HKCU\..\Run: [pfljaph] c:\windows\pfivjeq.exe
O4 - HKCU\..\Run: [ymjgtby] c:\windows\pfivjeq.exe
O4 - HKCU\..\Run: [davfnci] c:\windows\pfivjeq.exe
O4 - HKCU\..\Run: [sutpftv] c:\windows\pfivjeq.exe
O4 - HKCU\..\Run: [qntecnb] c:\windows\pfivjeq.exe
O4 - HKCU\..\Run: [gvflpru] c:\windows\afpaifw.exe
O4 - HKCU\..\Run: [shonfxy] c:\windows\afpaifw.exe
O4 - HKCU\..\Run: [cjifica] c:\windows\afpaifw.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
O4 - HKLM\..\Policies\Explorer\Run: [dcomcfg.exe] dcomcfg.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\microsoft office\office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Add to &Windows Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {03B39B10-9AB9-4DBB-8189-7F76E0CE5F3F} (FavImport Class) - https://favorites.live.com/cab/ImportAx.cab?v=13,0,0831,02
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://huiyek.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) - http://aolsvc.aol.com/onlinegames/trydiner...h2.1.0.0.48.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9F356F9F-2747-4F2E-93B1-4B23B9F9BA91}: NameServer = 69.50.176.198,195.225.176.153
O17 - HKLM\System\CCS\Services\Tcpip\..\{E703F5ED-56BC-496C-B9F2-6342C2757A14}: NameServer = 202.188.0.133 202.188.1.5
O17 - HKLM\System\CS1\Services\Tcpip\..\{9F356F9F-2747-4F2E-93B1-4B23B9F9BA91}: NameServer = 69.50.176.198,195.225.176.153
O22 - SharedTaskScheduler: chromatodysopia - {55059d4f-a1ac-4837-ae07-4859101f598d} - C:\WINDOWS\System32\icima.dll (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe (file missing)
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SymWMI Service (SymWSC) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe (file missing)
O24 - Desktop Component 0: (no name) - http://pages.videotron.com/tiber/nani.jpg

--
End of file - 188204 bytes

Welcome to the forum.
This computer is really bad and to be honest you would be much better off if you just reformatted it instead of trying to clean it up. I will help you clean it up though but there are no guarantees that it will work.(and its probably going to be very time consuming as well).

That being said if you do want to try to fix this please create a new hijackthis log and attach it to the forum instead of copying and pasting. That way I can see the whole thing.

Hi rridgely, thanks for your reply, I'm using NEC Versa E2000 laptop, not sure can I reformat it because I remembered the sale man told me to use the NEC cd to restore instead of reformat, so I'm not sure the procedure. Surprisingly, I run hijackthis again, this is the logfile, much more shorter this time, so I can straight away copy and paste, could it be I installed CCleaner? but I still cant uninstall the bitdefender.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:47:16 PM, on 7/19/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\necmfk\necmfk.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Softwin\BitDefender10\bdagent.exe
C:\WINDOWS\NCLAUNCH.EXe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Apoint2K\HidFind.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\CCleaner\CCleaner.exe
C:\WINDOWS\System32\msiexec.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: AddTask Class - {24F06550-65E3-4D1C-8CFE-839C296B5530} - C:\Program Files\eREAD6.0\eREAD6.0\IEeREAD.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: (no name) - {686a161d-5bd1-4999-8832-6393f41e564c} - (no file)
O2 - BHO: AddTask Class - {6A19C29D-ED45-4483-8999-9F939C8161F2} - C:\Program Files\eREAD6.0\eREAD6.0\WebHook.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {83314D5C-DFD5-4D66-9F6D-8311F004C905} - (no file)
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)
O3 - Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [NECMFK] C:\Program Files\necmfk\necmfk.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe
O4 - HKLM\..\Policies\Explorer\Run: [dcomcfg.exe] dcomcfg.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\microsoft office\office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Add to &Windows Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {03B39B10-9AB9-4DBB-8189-7F76E0CE5F3F} (FavImport Class) - https://favorites.live.com/cab/ImportAx.cab?v=13,0,0831,02
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://huiyek.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) - http://aolsvc.aol.com/onlinegames/trydiner...h2.1.0.0.48.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9F356F9F-2747-4F2E-93B1-4B23B9F9BA91}: NameServer = 69.50.176.198,195.225.176.153
O17 - HKLM\System\CS1\Services\Tcpip\..\{9F356F9F-2747-4F2E-93B1-4B23B9F9BA91}: NameServer = 69.50.176.198,195.225.176.153
O22 - SharedTaskScheduler: chromatodysopia - {55059d4f-a1ac-4837-ae07-4859101f598d} - (no file)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe (file missing)
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SymWMI Service (SymWSC) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe (file missing)
O24 - Desktop Component 0: (no name) - http://pages.videotron.com/tiber/nani.jpg

--
End of file - 8140 bytes

I've deleted Adobe photoshop and from the previous hijackthis, i checked a few toolbar file and selected fix checked. I then run hijackthis again, this is the new log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:48:12 PM, on 7/19/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\necmfk\necmfk.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\NCLAUNCH.EXe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Apoint2K\HidFind.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: AddTask Class - {24F06550-65E3-4D1C-8CFE-839C296B5530} - C:\Program Files\eREAD6.0\eREAD6.0\IEeREAD.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: (no name) - {686a161d-5bd1-4999-8832-6393f41e564c} - (no file)
O2 - BHO: AddTask Class - {6A19C29D-ED45-4483-8999-9F939C8161F2} - C:\Program Files\eREAD6.0\eREAD6.0\WebHook.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {83314D5C-DFD5-4D66-9F6D-8311F004C905} - (no file)
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [NECMFK] C:\Program Files\necmfk\necmfk.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe
O4 - HKLM\..\Policies\Explorer\Run: [dcomcfg.exe] dcomcfg.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Add to &Windows Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {03B39B10-9AB9-4DBB-8189-7F76E0CE5F3F} (FavImport Class) - https://favorites.live.com/cab/ImportAx.cab?v=13,0,0831,02
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://huiyek.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) - http://aolsvc.aol.com/onlinegames/trydiner...h2.1.0.0.48.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9F356F9F-2747-4F2E-93B1-4B23B9F9BA91}: NameServer = 69.50.176.198,195.225.176.153
O17 - HKLM\System\CS1\Services\Tcpip\..\{9F356F9F-2747-4F2E-93B1-4B23B9F9BA91}: NameServer = 69.50.176.198,195.225.176.153
O22 - SharedTaskScheduler: chromatodysopia - {55059d4f-a1ac-4837-ae07-4859101f598d} - (no file)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe (file missing)
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SymWMI Service (SymWSC) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe (file missing)

--
End of file - 7595 bytes

as you can see from previous hijackthis log, i was running ewido anti-spyware online scan, so many spyware, there's one trojon somemore. Here is the hijackthis log after the scan.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:50:20 PM, on 7/19/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\necmfk\necmfk.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\NCLAUNCH.EXe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Apoint2K\HidFind.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: AddTask Class - {24F06550-65E3-4D1C-8CFE-839C296B5530} - C:\Program Files\eREAD6.0\eREAD6.0\IEeREAD.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: (no name) - {686a161d-5bd1-4999-8832-6393f41e564c} - (no file)
O2 - BHO: AddTask Class - {6A19C29D-ED45-4483-8999-9F939C8161F2} - C:\Program Files\eREAD6.0\eREAD6.0\WebHook.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {83314D5C-DFD5-4D66-9F6D-8311F004C905} - (no file)
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [NECMFK] C:\Program Files\necmfk\necmfk.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe
O4 - HKLM\..\Policies\Explorer\Run: [dcomcfg.exe] dcomcfg.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Add to &Windows Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://huiyek.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9F356F9F-2747-4F2E-93B1-4B23B9F9BA91}: NameServer = 69.50.176.198,195.225.176.153
O17 - HKLM\System\CS1\Services\Tcpip\..\{9F356F9F-2747-4F2E-93B1-4B23B9F9BA91}: NameServer = 69.50.176.198,195.225.176.153
O22 - SharedTaskScheduler: chromatodysopia - {55059d4f-a1ac-4837-ae07-4859101f598d} - (no file)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe (file missing)
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SymWMI Service (SymWSC) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe (file missing)

--
End of file - 7244 bytes

This time i managed to complete the bitdefender online scan and there's no virus found.

So does this mean my window is clean?

I tried to uninstalled bidefender v10, still cant make it, it says "fatal error during installation"

The cd you have is probably just a restore cd and it should make your computer exactly the way it was when you took it out of the box.
If you want to clean it up then do the below:


Download Superantispyware

1. Load Superantispyware and click the check for updates button.
2. Once the update is finished click the scan your computer button.
3. Check Perform Complete Scan and then next.
4. Superantispyware will now scan your computer and when its finished it will list all the infections it has found.
5. Make sure that they all have a check next to them and press next.
6. Click finish and you will be taken back to the main interface.
7. Click Preferences and then click the statistics/logs tab. Click the dated log and press view log and a text file will appear.
8. Copy and paste the log onto the forum.

Post the superantispyware log and a new hijackthis log.

here are the log files:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 07/20/2007 at 12:40 PM

Application Version : 3.9.1008

Core Rules Database Version : 3271
Trace Rules Database Version: 1282

Scan type : Complete Scan
Total Scan Time : 00:46:53

Memory items scanned : 314
Memory threats detected : 1
Registry items scanned : 5308
Registry threats detected : 20
File items scanned : 33872
File threats detected : 4

Trojan.WINTEMS
C:\WINDOWS\SYSTEM32\WINTEMS.EXE
C:\WINDOWS\SYSTEM32\WINTEMS.EXE
[german.exe] C:\WINDOWS\SYSTEM32\WINTEMS.EXE
C:\WINDOWS\Prefetch\WINTEMS.EXE-377E42D4.pf

Trojan.Homepage
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{686a161d-5bd1-4999-8832-6393f41e564c}

Malware.SpywareQuake
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler#{55059d4f-a1ac-4837-ae07-4859101f598d}
HKCR\CLSID\{5B55C4E3-C179-BA0B-B4FD-F2DB862D6202}
HKCR\CLSID\{5B55C4E3-C179-BA0B-B4FD-F2DB862D6202}\adArrkbkk
HKCR\CLSID\{5B55C4E3-C179-BA0B-B4FD-F2DB862D6202}\aGrQvWv
HKCR\CLSID\{5B55C4E3-C179-BA0B-B4FD-F2DB862D6202}\DarYgtfndI
HKCR\CLSID\{5B55C4E3-C179-BA0B-B4FD-F2DB862D6202}\ekekoUzbn
HKCR\CLSID\{5B55C4E3-C179-BA0B-B4FD-F2DB862D6202}\hgxqUymt
HKCR\CLSID\{5B55C4E3-C179-BA0B-B4FD-F2DB862D6202}\InprocServer32
HKCR\CLSID\{5B55C4E3-C179-BA0B-B4FD-F2DB862D6202}\InprocServer32#ThreadingModel
HKCR\CLSID\{5B55C4E3-C179-BA0B-B4FD-F2DB862D6202}\nOGk
HKCR\CLSID\{5B55C4E3-C179-BA0B-B4FD-F2DB862D6202}\ohlaLm
HKCR\CLSID\{5B55C4E3-C179-BA0B-B4FD-F2DB862D6202}\oYvnasuvlqrv
HKCR\CLSID\{5B55C4E3-C179-BA0B-B4FD-F2DB862D6202}\rvvzhtf
HKCR\CLSID\{5B55C4E3-C179-BA0B-B4FD-F2DB862D6202}\vhqi
HKCR\CLSID\{5B55C4E3-C179-BA0B-B4FD-F2DB862D6202}\VjRtckYdibuYk
HKCR\CLSID\{5B55C4E3-C179-BA0B-B4FD-F2DB862D6202}\VwCtKwr
HKCR\CLSID\{5B55C4E3-C179-BA0B-B4FD-F2DB862D6202}\ylyszFPttaz

Trojan.DCOMCfg
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run#dcomcfg.exe [ dcomcfg.exe ]

Trojan.Unknown Origin
C:\WINDOWS\SYSTEM32\OT.ICO
C:\WINDOWS\SYSTEM32\TS.ICO




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:50:52 PM, on 7/20/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\necmfk\necmfk.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Apoint2K\HidFind.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\NCLAUNCH.EXe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\notepad.exe
C:\WINDOWS\System32\taskmgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: AddTask Class - {24F06550-65E3-4D1C-8CFE-839C296B5530} - C:\Program Files\eREAD6.0\eREAD6.0\IEeREAD.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: AddTask Class - {6A19C29D-ED45-4483-8999-9F939C8161F2} - C:\Program Files\eREAD6.0\eREAD6.0\WebHook.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {83314D5C-DFD5-4D66-9F6D-8311F004C905} - (no file)
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [NECMFK] C:\Program Files\necmfk\necmfk.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Add to &Windows Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://huiyek.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9F356F9F-2747-4F2E-93B1-4B23B9F9BA91}: NameServer = 69.50.176.198,195.225.176.153
O17 - HKLM\System\CS1\Services\Tcpip\..\{9F356F9F-2747-4F2E-93B1-4B23B9F9BA91}: NameServer = 69.50.176.198,195.225.176.153
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe (file missing)
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SymWMI Service (SymWSC) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe (file missing)

--
End of file - 7118 bytes

Run Kaspersky WebScanner

• Please go HERE and click Kaspersky Online Scanner
• Read and Accept the Agreement
• You will be promted to install an ActiveX component from Kaspersky, Click Yes.
• If you see a Windows dialog asking if you want to install this software, click the Install button.
• The program will launch and then begin downloading the latest definition files,
• When the "Update progress" line changes to "Ready" and the "NEXT ->" button becomes available, please click on it.
• Click on the Scan Settings button, and in the next window select the Extended database, and click Ok.
• Under "Please select a target to scan:", click My Computer to start the scan.
• When the scan is finished, click the "Save as Text" button, and save the file as kavscan.txt to your Desktop, close the Kaspersky On-line Scanner window.
• Paste kaspersky log onto forum.

KASPERSKY ONLINE SCANNER REPORT
Friday, July 20, 2007 2:52:22 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 1 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 20/07/2007
Kaspersky Anti-Virus database records: 365434
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
Q:\

Scan Statistics:
Total number of scanned objects: 52987
Number of viruses found: 2
Number of infected objects: 8 / 0
Number of suspicious objects: 0
Duration of the scan process: 01:00:00

Infected Object Name / Virus Name / Last Action
C:\APPS\Monitor.exe Object is locked skipped
C:\Documents and Settings\HUiYUe\Application Data\Mozilla\Firefox\Profiles\xhhr5mvy.huiyue\cert8.db Object is locked skipped
C:\Documents and Settings\HUiYUe\Application Data\Mozilla\Firefox\Profiles\xhhr5mvy.huiyue\formhistory.dat Object is locked skipped
C:\Documents and Settings\HUiYUe\Application Data\Mozilla\Firefox\Profiles\xhhr5mvy.huiyue\history.dat Object is locked skipped
C:\Documents and Settings\HUiYUe\Application Data\Mozilla\Firefox\Profiles\xhhr5mvy.huiyue\key3.db Object is locked skipped
C:\Documents and Settings\HUiYUe\Application Data\Mozilla\Firefox\Profiles\xhhr5mvy.huiyue\parent.lock Object is locked skipped
C:\Documents and Settings\HUiYUe\Application Data\Mozilla\Firefox\Profiles\xhhr5mvy.huiyue\search.sqlite Object is locked skipped
C:\Documents and Settings\HUiYUe\Application Data\Mozilla\Firefox\Profiles\xhhr5mvy.huiyue\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\HUiYUe\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SUPERANTISPYWARE.LOG Object is locked skipped
C:\Documents and Settings\HUiYUe\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\HUiYUe\Local Settings\Application Data\Microsoft\Messenger\hui_yue@hotmail.com\SharingMetadata\Logs\Dfsr00005.log Object is locked skipped
C:\Documents and Settings\HUiYUe\Local Settings\Application Data\Microsoft\Messenger\hui_yue@hotmail.com\SharingMetadata\pending.dat Object is locked skipped
C:\Documents and Settings\HUiYUe\Local Settings\Application Data\Microsoft\Messenger\hui_yue@hotmail.com\SharingMetadata\Working\database_DEA4_E523_A4E4_FF41\dfsr.db Object is locked skipped
C:\Documents and Settings\HUiYUe\Local Settings\Application Data\Microsoft\Messenger\hui_yue@hotmail.com\SharingMetadata\Working\database_DEA4_E523_A4E4_FF41\fsr.log Object is locked skipped
C:\Documents and Settings\HUiYUe\Local Settings\Application Data\Microsoft\Messenger\hui_yue@hotmail.com\SharingMetadata\Working\database_DEA4_E523_A4E4_FF41\fsrtmp.log Object is locked skipped
C:\Documents and Settings\HUiYUe\Local Settings\Application Data\Microsoft\Messenger\hui_yue@hotmail.com\SharingMetadata\Working\database_DEA4_E523_A4E4_FF41\tmp.edb Object is locked skipped
C:\Documents and Settings\HUiYUe\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\HUiYUe\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\HUiYUe\Local Settings\Application Data\Microsoft\Windows Live Contacts\hui_yue@hotmail.com\real\members.stg Object is locked skipped
C:\Documents and Settings\HUiYUe\Local Settings\Application Data\Microsoft\Windows Live Contacts\hui_yue@hotmail.com\shadow\members.stg Object is locked skipped
C:\Documents and Settings\HUiYUe\Local Settings\Application Data\Mozilla\Firefox\Profiles\xhhr5mvy.huiyue\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\HUiYUe\Local Settings\Application Data\Mozilla\Firefox\Profiles\xhhr5mvy.huiyue\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\HUiYUe\Local Settings\Application Data\Mozilla\Firefox\Profiles\xhhr5mvy.huiyue\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\HUiYUe\Local Settings\Application Data\Mozilla\Firefox\Profiles\xhhr5mvy.huiyue\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\HUiYUe\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\HUiYUe\Local Settings\History\History.IE5\MSHist012007072020070721\index.dat Object is locked skipped
C:\Documents and Settings\HUiYUe\Local Settings\Temp\KB380008.TMP Object is locked skipped
C:\Documents and Settings\HUiYUe\Local Settings\Temp\~DF4AEF.tmp Object is locked skipped
C:\Documents and Settings\HUiYUe\Local Settings\Temp\~DF4AF7.tmp Object is locked skipped
C:\Documents and Settings\HUiYUe\Local Settings\Temp\~DF5524.tmp Object is locked skipped
C:\Documents and Settings\HUiYUe\Local Settings\Temp\~DF552C.tmp Object is locked skipped
C:\Documents and Settings\HUiYUe\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\HUiYUe\ntuser.dat Object is locked skipped
C:\Documents and Settings\HUiYUe\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\DRV\Monitor.exe Object is locked skipped
C:\ILS\buf_pro.DBF Object is locked skipped
C:\ILS\DATA\ACEC.DBF Object is locked skipped
C:\ILS\DATA\ADHOC_P.CDX Object is locked skipped
C:\ILS\DATA\ADHOC_P.DBF Object is locked skipped
C:\ILS\DATA\AI_CLASS.CDX Object is locked skipped
C:\ILS\DATA\AI_CLASS.DBF Object is locked skipped
C:\ILS\DATA\AI_INDUS.DBF Object is locked skipped
C:\ILS\DATA\APP_INFO.CDX Object is locked skipped
C:\ILS\DATA\APP_INFO.DBF Object is locked skipped
C:\ILS\DATA\CALRID01.CDX Object is locked skipped
C:\ILS\DATA\CALRID01.DBF Object is locked skipped
C:\ILS\DATA\CALRID02.CDX Object is locked skipped
C:\ILS\DATA\CALRID02.DBF Object is locked skipped
C:\ILS\DATA\CALRID03.CDX Object is locked skipped
C:\ILS\DATA\CALRID03.DBF Object is locked skipped
C:\ILS\DATA\CALRID04.CDX Object is locked skipped
C:\ILS\DATA\CALRID04.DBF Object is locked skipped
C:\ILS\DATA\CALRID05.CDX Object is locked skipped
C:\ILS\DATA\CALRID05.DBF Object is locked skipped
C:\ILS\DATA\CALRID06.CDX Object is locked skipped
C:\ILS\DATA\CALRID06.DBF Object is locked skipped
C:\ILS\DATA\CALRID08.CDX Object is locked skipped
C:\ILS\DATA\CALRID08.DBF Object is locked skipped
C:\ILS\DATA\CASHVAL.CDX Object is locked skipped
C:\ILS\DATA\CASHVAL.DBF Object is locked skipped
C:\ILS\DATA\CHECK.DBF Object is locked skipped
C:\ILS\DATA\CLR.DBF Object is locked skipped
C:\ILS\DATA\covpg2.DBF Object is locked skipped
C:\ILS\DATA\COVPG3.CDX Object is locked skipped
C:\ILS\DATA\COVPG3.DBF Object is locked skipped
C:\ILS\DATA\DIVDVAL.CDX Object is locked skipped
C:\ILS\DATA\DIVDVAL.DBF Object is locked skipped
C:\ILS\DATA\DTR_PREM.CDX Object is locked skipped
C:\ILS\DATA\DTR_PREM.DBF Object is locked skipped
C:\ILS\DATA\EAPPATH.DBF Object is locked skipped
C:\ILS\DATA\EAPPFILE.DBF Object is locked skipped
C:\ILS\DATA\eapp_info.DBF Object is locked skipped
C:\ILS\DATA\EC_OPT.DBF Object is locked skipped
C:\ILS\DATA\EXTRA_P.CDX Object is locked skipped
C:\ILS\DATA\EXTRA_P.DBF Object is locked skipped
C:\ILS\DATA\F_PL_RID.DBF Object is locked skipped
C:\ILS\DATA\HS_OCC.DBF Object is locked skipped
C:\ILS\DATA\IDB_HS1.DBF Object is locked skipped
C:\ILS\DATA\ID_HB1.DBF Object is locked skipped
C:\ILS\DATA\ID_HB2.DBF Object is locked skipped
C:\ILS\DATA\ID_HS1.DBF Object is locked skipped
C:\ILS\DATA\ID_HS2.DBF Object is locked skipped
C:\ILS\DATA\MHIALL.DBF Object is locked skipped
C:\ILS\DATA\MHICI.DBF Object is locked skipped
C:\ILS\DATA\MHIEPB.DBF Object is locked skipped
C:\ILS\DATA\MHIRDI.DBF Object is locked skipped
C:\ILS\DATA\MHISIR.DBF Object is locked skipped
C:\ILS\DATA\MII.CDX Object is locked skipped
C:\ILS\DATA\MII.DBF Object is locked skipped
C:\ILS\DATA\MODFAC.DBF Object is locked skipped
C:\ILS\DATA\MORTAL.CDX Object is locked skipped
C:\ILS\DATA\MORTAL.DBF Object is locked skipped
C:\ILS\DATA\MORTEPB.CDX Object is locked skipped
C:\ILS\DATA\MORTEPB.DBF Object is locked skipped
C:\ILS\DATA\MSA_FAC.DBF Object is locked skipped
C:\ILS\DATA\NOFILE.DBF Object is locked skipped
C:\ILS\DATA\NONSMOK.CDX Object is locked skipped
C:\ILS\DATA\NONSMOK.DBF Object is locked skipped
C:\ILS\DATA\NOP.DBF Object is locked skipped
C:\ILS\DATA\NOP.FPT Object is locked skipped
C:\ILS\DATA\PLANMAST.CDX Object is locked skipped
C:\ILS\DATA\PLANMAST.DBF Object is locked skipped
C:\ILS\DATA\PLANRIDE.CDX Object is locked skipped
C:\ILS\DATA\PLANRIDE.DBF Object is locked skipped
C:\ILS\DATA\PREMRATE.CDX Object is locked skipped
C:\ILS\DATA\PREMRATE.DBF Object is locked skipped
C:\ILS\DATA\PROPOSAL.DBF Object is locked skipped
C:\ILS\DATA\PRO_INFO.CDX Object is locked skipped
C:\ILS\DATA\pro_info.DBF Object is locked skipped
C:\ILS\DATA\PYSP_OR.DBF Object is locked skipped
C:\ILS\DATA\PYSP_P.DBF Object is locked skipped
C:\ILS\DATA\RIDERMAS.CDX Object is locked skipped
C:\ILS\DATA\RIDERMAS.DBF Object is locked skipped
C:\ILS\DATA\RID_CASH.DBF Object is locked skipped
C:\ILS\DATA\RID_RID.DBF Object is locked skipped
C:\ILS\DATA\SISYS.DBF Object is locked skipped
C:\ILS\DATA\SIZEDISC.DBF Object is locked skipped
C:\ILS\DATA\sp_info.DBF Object is locked skipped
C:\ILS\DATA\SS_PRATE.DBF Object is locked skipped
C:\ILS\DATA\SURRDIVD.DBF Object is locked skipped
C:\ILS\DATA\SUSTAIN.DBF Object is locked skipped
C:\ILS\DATA\TEMOCCSP.DBF Object is locked skipped
C:\ILS\DATA\TEMPOCC.DBF Object is locked skipped
C:\ILS\DATA\TERMDIVD.DBF Object is locked skipped
C:\ILS\DATA\TOPUP_P.CDX Object is locked skipped
C:\ILS\DATA\topup_p.DBF Object is locked skipped
C:\ILS\DATA\TPDLOAD.DBF Object is locked skipped
C:\ILS\DATA\t_covpg2.DBF Object is locked skipped
C:\ILS\DATA\UDR_EPB.CDX Object is locked skipped
C:\ILS\DATA\UDR_EPB.DBF Object is locked skipped
C:\ILS\DATA\UDR_NOR.CDX Object is locked skipped
C:\ILS\DATA\UDR_NOR.DBF Object is locked skipped
C:\ILS\DATA\UL.DBF Object is locked skipped
C:\ILS\DATA\ULMEC.DBF Object is locked skipped
C:\ILS\DATA\ULMGP.DBF Object is locked skipped
C:\ILS\DATA\ULSURR.DBF Object is locked skipped
C:\ILS\DATA\ULTP.DBF Object is locked skipped
C:\ILS\DATA\WPUL.DBF Object is locked skipped
C:\Program Files\eMule\Incoming\Personal Document Organizer v3.3.979.English.Incl.[r-ITS0dAY.zip/pdopatcher.exe Infected: Trojan.Win32.Agent.acw skipped
C:\Program Files\eMule\Incoming\Personal Document Organizer v3.3.979.English.Incl.[r-ITS0dAY.zip ZIP: infected - 1 skipped
C:\WINDOWS\Debug\oakley.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\exefld\10682400.exe Infected: Trojan-Downloader.Win32.Bagle.cc skipped
C:\WINDOWS\exefld\10688118.exe Infected: Trojan-Downloader.Win32.Bagle.cc skipped
C:\WINDOWS\exefld\1071160.exe Infected: Trojan-Downloader.Win32.Bagle.cc skipped
C:\WINDOWS\exefld\240495.exe Infected: Trojan-Downloader.Win32.Bagle.cc skipped
C:\WINDOWS\exefld\531424.exe Infected: Trojan-Downloader.Win32.Bagle.cc skipped
C:\WINDOWS\exefld\784658.exe Infected: Trojan-Downloader.Win32.Bagle.cc skipped
C:\WINDOWS\PREFETCH\AUTOEXEC.NT Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped

Scan process completed.

after scanned by superantispyware, my taskbar is not well function, programs that i opened could not show in the taskbar.

Find and delete the following:

C:\Program Files\eMule\Incoming\Personal Document Organizer v3.3.979.English.Incl.[r-ITS0dAY.zip ZIP
C:\WINDOWS\exefld\10682400.exe
C:\WINDOWS\exefld\10688118.exe
C:\WINDOWS\exefld\1071160.exe
C:\WINDOWS\exefld\240495.exe
C:\WINDOWS\exefld\531424.exe
C:\WINDOWS\exefld\784658.exe

Then reboot your computer. Post a new hijackthis log and let me know if your task bar problem is fixed.

I'm sorry to tell you the problem is not fixed, really appreciate you help
here's the hijackthis log.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:47:10 PM, on 7/21/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\necmfk\necmfk.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Apoint2K\HidFind.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\NCLAUNCH.EXe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\SopCast\SopCast.exe
C:\Documents and Settings\HUiYUe\Application Data\SopCast\adv\SopAdver.exe
C:\WINDOWS\System32\taskmgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aiadirect.com.my
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: AddTask Class - {24F06550-65E3-4D1C-8CFE-839C296B5530} - C:\Program Files\eREAD6.0\eREAD6.0\IEeREAD.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: AddTask Class - {6A19C29D-ED45-4483-8999-9F939C8161F2} - C:\Program Files\eREAD6.0\eREAD6.0\WebHook.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {83314D5C-DFD5-4D66-9F6D-8311F004C905} - (no file)
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [NECMFK] C:\Program Files\necmfk\necmfk.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Add to &Windows Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://huiyek.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9F356F9F-2747-4F2E-93B1-4B23B9F9BA91}: NameServer = 69.50.176.198,195.225.176.153
O17 - HKLM\System\CS1\Services\Tcpip\..\{9F356F9F-2747-4F2E-93B1-4B23B9F9BA91}: NameServer = 69.50.176.198,195.225.176.153
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe (file missing)
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SymWMI Service (SymWSC) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe (file missing)

--
End of file - 7511 bytes

Go ahead and uninstall superantispyware. Maybe its conflicting causing the taskbar problem.

Download AVG Anti-Spyware

1. Load AVG antispyware and then click the Update tab at the top. Under Manual Update click Start update.
2. After the update finishes (the status bar at the bottom will display "Update successful")
3. Click on the Scanner tab at the top and then click on Complete System Scan
4. Ewido will list any infections found on the left, when the scan has finished, it will automatically set the recommended action. Click the Apply all actions button. AVG antispyware will then display "All actions have been applied" on the right.
5. Click on "Save Report", then "Save Report As". This will create a text file which you can then save to the Desktop and post back

Note that this is not AVG antivirus but the program formally known as Ewido.

Post the avg log and a new hijackthis log.

here is the reports:

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 4:22:44 PM 7/24/2007

+ Scan result:



C:\Documents and Settings\HUiYUe\Application Data\hidires\hidr.exe -> Worm.Bagle.ir : Cleaned with backup (quarantined).


::Report end



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:27:06 PM, on 7/24/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\necmfk\necmfk.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\Apoint2K\HidFind.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\NCLAUNCH.EXe
C:\WINDOWS\System32\taskmgr.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Documents and Settings\HUiYUe\Application Data\SopCast\adv\SopAdver.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aiadirect.com.my
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: AddTask Class - {24F06550-65E3-4D1C-8CFE-839C296B5530} - C:\Program Files\eREAD6.0\eREAD6.0\IEeREAD.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: AddTask Class - {6A19C29D-ED45-4483-8999-9F939C8161F2} - C:\Program Files\eREAD6.0\eREAD6.0\WebHook.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {83314D5C-DFD5-4D66-9F6D-8311F004C905} - (no file)
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [NECMFK] C:\Program Files\necmfk\necmfk.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe
O4 - HKCU\..\Run: [drvsyskit] C:\Documents and Settings\HUiYUe\Application Data\hidires\hidr.exe
O4 - HKCU\..\Run: [hldrrr] C:\WINDOWS\System32\hldrrr.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Add to &Windows Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://huiyek.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9F356F9F-2747-4F2E-93B1-4B23B9F9BA91}: NameServer = 69.50.176.198,195.225.176.153
O17 - HKLM\System\CS1\Services\Tcpip\..\{9F356F9F-2747-4F2E-93B1-4B23B9F9BA91}: NameServer = 69.50.176.198,195.225.176.153
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe (file missing)
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SymWMI Service (SymWSC) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe (file missing)

--
End of file - 7818 bytes

Run a scan with hijackthis. Then check off the following:

O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {83314D5C-DFD5-4D66-9F6D-8311F004C905} - (no file)
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)
O4 - HKCU\..\Run: [drvsyskit] C:\Documents and Settings\HUiYUe\Application Data\hidires\hidr.exe
O4 - HKCU\..\Run: [hldrrr] C:\WINDOWS\System32\hldrrr.exe

Then press fix checked and exit hijackthis.

----------------

Find and delete the following files:

C:\Documents and Settings\HUiYUe\Application Data\hidires\hidr.exe
C:\WINDOWS\System32\hldrrr.exe

-------

Reboot the computer and come back with a new hijackthis log. Let me know if the computer is back to normal.

i could not find these files

C:\Documents and Settings\HUiYUe\Application Data\hidires\hidr.exe
C:\WINDOWS\System32\hldrrr.exe

so i just fixed the 6 item, after reboot, i still cant uninstall the bindefender v 10 (do u think i need to delete it manually?) and also the task bar is not functioning well. here is the hijackthis log.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:50:26 PM, on 7/25/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\necmfk\necmfk.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\NCLAUNCH.EXe
C:\Program Files\Apoint2K\HidFind.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\taskmgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aiadirect.com.my
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: AddTask Class - {24F06550-65E3-4D1C-8CFE-839C296B5530} - C:\Program Files\eREAD6.0\eREAD6.0\IEeREAD.dll
O2 - BHO: AddTask Class - {6A19C29D-ED45-4483-8999-9F939C8161F2} - C:\Program Files\eREAD6.0\eREAD6.0\WebHook.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [NECMFK] C:\Program Files\necmfk\necmfk.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Add to &Windows Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://huiyek.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9F356F9F-2747-4F2E-93B1-4B23B9F9BA91}: NameServer = 69.50.176.198,195.225.176.153
O17 - HKLM\System\CS1\Services\Tcpip\..\{9F356F9F-2747-4F2E-93B1-4B23B9F9BA91}: NameServer = 69.50.176.198,195.225.176.153
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe (file missing)
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SymWMI Service (SymWSC) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe (file missing)

--
End of file - 7202 bytes

Download this:
http://djlizard.net/software/Dial-a-fix-v0.60.0.24.zip

Unzip the file and open up dial a fix.exe

Once dial a fix is open press the green checkmarks and press go. Let me know if that fixes some of the problems your having with your taskbar and stuff.

hi, the problem remains.

Download this file - combofix.exe and save it to your desktop.
Double click combofix.exe & follow the prompts.
When it's finished, it will produce a log of what it found. Please post the contents of that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running as it may cause it to stall

Post the combofix log and a new hijackthis log.

"HUiYUe" - 2007-07-28 14:13:40 [GMT 8:00] - ComboFix 07-07-24 - Service Pack 1 NTFS


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\DOCUME~1\HUiYUe\APPLIC~1.\hidires
C:\DOCUME~1\HUiYUe\APPLIC~1.\hidires\rosa.sys
C:\Documents and Settings\All Users\Documents\_desktop.ini
C:\WINDOWS\DOWNLO~1.\3721
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\accessories\dirty_dishes.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\accessories\foodtray.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\accessories\heart1.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\accessories\heart2.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\accessories\heart3.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\accessories\menu_down.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\accessories\menu_up.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\accessories\mop_prop.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\accessories\ticket.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\audio\music\cafe\cafe_music_a1.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\audio\music\cafe\cafe_music_a2.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\audio\music\cafe\cafe_music_a3.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\audio\music\cafe\cafe_music_a4.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\audio\music\mainmenumusic.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\audio\sfx\baby_cry.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\audio\sfx\chef_cook1.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\audio\sfx\closing_time.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\audio\sfx\customer_ditch.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\audio\sfx\dialog_down.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\audio\sfx\dialog_up.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\audio\sfx\drink_table.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\audio\sfx\expert.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\audio\sfx\highchair_deliver.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\audio\sfx\highchair_pickup.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\audio\sfx\keystroke2.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\audio\sfx\level_lose.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\audio\sfx\level_win.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\audio\sfx\menu_click.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\audio\sfx\menu_rollover.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\audio\sfx\mop_pickup.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\audio\sfx\mop_spill.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\audio\sfx\sfx_bring_check_1_snd.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\audio\sfx\sfx_deliver_food_1_snd.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\audio\sfx\sfx_dish_dropoff_1_snd.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\audio\sfx\sfx_dropoff_drinks_1.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\audio\sfx\sfx_food_ready_1_snd.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\audio\sfx\sfx_gain_heart_1.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\audio\sfx\sfx_get_drinks_1_snd.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\audio\sfx\sfx_menu_down.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\audio\sfx\sfx_party_arrive_1_snd.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\audio\sfx\sfx_pencil_write_2.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\audio\sfx\sfx_pickup_food_1_snd.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\audio\sfx\sfx_seat_people_snd.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\audio\sfx\spill.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\audio\sfx\table_drink.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\audio\sfx\tip_2.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\backgrounds\flo_lose.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\backgrounds\flo_win.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\backgrounds\fullscreendialog.jpg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\backgrounds\high_score_menu_bg.jpg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\backgrounds\levelintro.jpg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\backgrounds\levelintro.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\backgrounds\levelover.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\backgrounds\longdialog.jpg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\backgrounds\longdialog.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\backgrounds\mainmenu.jpg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\backgrounds\mainmenu_logo.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\backgrounds\popup.jpg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\backgrounds\popup.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\backgrounds\textfield.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\backgrounds\upgrade_lines.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\buttons\arrowdown_a.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\buttons\arrowdown_b.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\buttons\arrowdown_c.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\buttons\arrowup_a.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\buttons\arrowup_b.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\buttons\arrowup_c.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\buttons\checkbox_a.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\buttons\checkbox_b.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\buttons\checkbox_rotated_a.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\buttons\checkbox_rotated_b.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\buttons\decor_highlight.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\buttons\decor_normal.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\buttons\decor_selected.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\buttons\dialog_button_a_large_1.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\buttons\dialog_button_a_large_2.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\buttons\dialog_button_a_large_3.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\buttons\dialog_button_a_small_1.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\buttons\dialog_button_a_small_2.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\buttons\dialog_button_a_small_3.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\buttons\dialog_button_a1.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\buttons\dialog_button_a2.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\buttons\dialog_button_a3.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\buttons\left_arrow_a.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\buttons\left_arrow_b.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\buttons\left_arrow_c.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\buttons\main_menu_button1_a.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\buttons\main_menu_button1_b.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\buttons\main_menu_button1_c.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\buttons\main_menu_button1_mask.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\buttons\main_menu_button2_a.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\buttons\main_menu_button2_b.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\buttons\main_menu_button2_c.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\buttons\main_menu_button2_mask.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\buttons\map_button_a.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\buttons\map_button_b.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\buttons\map_button_c.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\buttons\right_arrow_a.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\buttons\right_arrow_b.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\buttons\right_arrow_c.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\buttons\upgrade_down.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\buttons\upgrade_over.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\buttons\upgrade_up.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\buttons\welcome_player.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\config\actionpoints.bin
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\config\career.bin
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\config\customer.bin
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\config\endless.bin
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\config\global.bin
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\config\powerups.bin
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\cook\stove.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\cursor\arrow.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\cursor\click.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\cursor\click2.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\cursor\grab.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\cursor\open.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\customers\dad_male\anim.anm
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\customers\dad_male\anim.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\customers\dad_male\blue.pal
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\customers\dad_male\blue_legs.pal
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\customers\dad_male\legs.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\customers\dad_male\red.pal
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\customers\dad_male\red_legs.pal
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\customers\kid_male\anim.anm
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\customers\kid_male\anim.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\customers\kid_male\blue.pal
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\customers\kid_male\blue_legs.pal
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\customers\kid_male\legs.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\customers\kid_male\red.pal
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\customers\kid_male\red_legs.pal
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\customers\mom_female\anim.anm
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\customers\mom_female\anim.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\customers\mom_female\baby.anm
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\customers\mom_female\baby.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\customers\mom_female\blue.pal
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\customers\mom_female\blue_baby.pal
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\customers\mom_female\blue_legs.pal
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\customers\mom_female\legs.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\customers\mom_female\red.pal
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\customers\mom_female\red_baby.pal
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\customers\mom_female\red_legs.pal
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\customers\young_female\anim.anm
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\customers\young_female\anim.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\customers\young_female\blue.pal
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\customers\young_female\blue_legs.pal
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\customers\young_female\legs.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\customers\young_female\red.pal
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\customers\young_female\red_legs.pal
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\flo\idle.anm
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\flo\idle.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\flo\lower.anm
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\flo\lower.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\flo\upper.anm
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\flo\upper.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\fonts\mercurius.mvec
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\furniture\bench.anm
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\furniture\bench.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\furniture\blue_highchairbaby.pal
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\furniture\chair.anm
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\furniture\chair.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\furniture\dirt2top.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\furniture\dirt4top.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\furniture\dishcart.anm
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\furniture\dishcart.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\furniture\green_highchairbaby.pal
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\furniture\highchair_prop_a.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\furniture\highchair_prop_b.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\furniture\highchairbaby.anm
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\furniture\highchairbaby.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\furniture\luxury_bench.anm
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\furniture\luxury_bench.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\furniture\mop_station_a.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\furniture\mop_station_b.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\furniture\mop_station_c.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\furniture\podium.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\furniture\podium_heart.anm
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\furniture\podium_heart.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\furniture\purple_highchairbaby.pal
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\furniture\radio.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\furniture\red_highchairbaby.pal
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\furniture\spill.anm
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\furniture\spill.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\furniture\stereo.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\furniture\ticketstation.anm
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\furniture\ticketstation.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\furniture\yellow_highchairbaby.pal
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\help\family.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\help\help_dividerline.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\help\help1_colormatch1.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\help\help1_colormatch2.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\help\help1_noise.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\help\help1_score.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\help\help2_cleardishes.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\help\help2_givecheck.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\help\help2_pickupfood.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\help\help2_servefood.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\help\help2_takeorder.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\hiscore\local-hs-bb.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\hiscore\p1icon.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\layouts\career_1_1.bin
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\layouts\career_1_2.bin
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\layouts\career_1_3.bin
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\layouts\career_1_4.bin
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\layouts\career_1_5.bin
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\layouts\career_1_6.bin
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\layouts\endless_1_1.bin
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\layouts\endless_1_1_a.bin
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\layouts\endless_1_1_b.bin
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\layouts\endless_1_1_c.bin
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\playfirstlogo.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\restaurants\cafe\background.jpg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\restaurants\cafe\chairs\blue.pal
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\restaurants\cafe\chairs\green.anm
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\restaurants\cafe\chairs\green.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\restaurants\cafe\chairs\grey.pal
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\restaurants\cafe\chairs\red.pal
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\restaurants\cafe\food\cup1.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\restaurants\cafe\food\food.anm
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\restaurants\cafe\food\food.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\restaurants\cafe\frames\2_0.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\restaurants\cafe\frames\2_1.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\restaurants\cafe\furniture\drinkstation1_a.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\restaurants\cafe\furniture\drinkstation1_b.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\restaurants\cafe\furniture\drinkstation1_c.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\restaurants\cafe\people\cook.anm
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\restaurants\cafe\people\cook.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\restaurants\cafe\props\cup_prop1.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\restaurants\cafe\tables\2top.anm
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\restaurants\cafe\tables\2top.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\restaurants\cafe\tables\4top.anm
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\restaurants\cafe\tables\4top.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\restaurants\cafe\upgrade_icons\cafe_icon_2_0.jpg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\restaurants\cafe\upgrade_icons\cafe_icon_2_1.jpg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\restaurants\cafe\upgrades.xml
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\restaurants\tableshadow.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\scripts\careerupgrade.lua
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\scripts\choosedifficulty.lua
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\scripts\closeconfirm.lua
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\scripts\entername.lua
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\scripts\game.lua
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\scripts\getmoregames.lua
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\scripts\help1.lua
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\scripts\help2.lua
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\scripts\hiscore.lua
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\scripts\hiscoreinfo.lua
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\scripts\hiscoresubmit.lua
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\scripts\levelintro.lua
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\scripts\levelover.lua
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\scripts\loading.lua
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\scripts\mainloop.lua
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\scripts\mainmenu.lua
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\scripts\ok.lua
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\scripts\pause.lua
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\scripts\style.lua
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\scripts\upgrade.lua
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\scripts\upsell.lua
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\scripts\yesno.lua
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\splash\aol_logo.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\splash\playfirst_logo.jpg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\strings.xml
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui\angersmoke.anm
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui\angersmoke.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui\bubbles\request_bubble.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui\bubbles\request_mop.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui\bubbles\request_rejectmeal.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui\chairflags.anm
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui\chairflags.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui\check.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui\checkmark.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui\closed.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui\coinflip.anm
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui\coinflip.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui\decor_lines.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui\dollar.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui\expert.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui\foodpoof.anm
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui\foodpoof.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui\heartgrow.anm
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui\heartgrow.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui\jar.anm
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui\jar.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui\lives_icon.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui\noisering.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui\notes\music_boost_a.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui\notes\music_boost_b.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui\notes\music_boost_c.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui\notes\music_boost_d.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui\notes\music_boost_e.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui\notes\music_boost_f.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui\tablenumber_a.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui\tablenumber_b.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui\traynumber.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui\tutorialarrow.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui\tutorialbox.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui\ui_base.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui\ui_hand.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui\ui_timer_off.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui\ui_timer_on.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui\upgradeanim.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_bench_a.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_bench_b.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_bench_c.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_drink_station1_a.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_drink_station1_b.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_drink_station1_c.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_luxury_bench_a.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_luxury_bench_b.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_luxury_bench_c.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_oven_a.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_oven_b.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_oven_c.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_podium_a.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_podium_b.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_podium_c.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_powerbars_a.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_powerbars_b.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_powerbars_c.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_radio_a.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_radio_b.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_radio_c.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_stereo_a.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_stereo_b.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_stereo_c.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_table_a.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_table_b.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\ui\upgrades\icon_table_c.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\upsell\dd1.jpg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\upsell\dd2.jpg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\upsell\dd3.jpg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\assets\upsell\dd4.jpg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.48\dinerdash2.exe
C:\WINDOWS\system32\_000003_.tmp.dll
C:\WINDOWS\system32\_000006_.tmp.dll
C:\WINDOWS\system32\_000007_.tmp.dll
C:\WINDOWS\system32\_000008_.tmp.dll
C:\WINDOWS\system32\_000010_.tmp.dll
C:\WINDOWS\system32\_000015_.tmp.dll
C:\WINDOWS\system32\_000016_.tmp.dll
C:\WINDOWS\system32\_000017_.tmp.dll
C:\WINDOWS\system32\_000020_.tmp.dll
C:\WINDOWS\system32\_000021_.tmp.dll
C:\WINDOWS\system32\drivers\npf.sys
C:\WINDOWS\system32\packet.dll
C:\WINDOWS\system32\pthreadVC.dll
C:\WINDOWS\system32\wanpacket.dll


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_NPF
-------\LEGACY_ROSA
-------\NPF


((((((((((((((((((((((((( Files Created from 2007-06-28 to 2007-07-28 )))))))))))))))))))))))))))))))


2007-07-28 14:11 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-27 12:33 991,232 --a------ C:\WINDOWS\system32\esent.dll
2007-07-27 12:02 260,096 --a------ C:\WINDOWS\system32\mstask.dll
2007-07-27 12:02 172,544 --a------ C:\WINDOWS\system32\schedsvc.dll
2007-07-27 12:02 10,752 --a------ C:\WINDOWS\system32\mstinit.exe
2007-07-27 11:55 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2007-07-27 11:55 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2007-07-27 11:55 <DIR> d-------- C:\WINDOWS\system32\PreInstall
2007-07-27 10:59 <DIR> d-------- C:\WINDOWS\system32\CatRoot2
2007-07-27 10:58 <DIR> d--h----- C:\Program Files\WindowsUpdate
2007-07-24 15:22 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-07-20 11:49 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-07-20 11:49 <DIR> d-------- C:\DOCUME~1\HUiYUe\APPLIC~1\SUPERAntiSpyware.com
2007-07-20 11:49 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
2007-07-19 20:15 <DIR> d-------- C:\VundoFix Backups
2007-07-19 16:34 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-07-19 15:30 10,949 --a------ C:\cc_20070719_1530.reg
2007-07-19 15:29 3,592 --a------ C:\cc_20070719_1529.reg
2007-07-19 15:28 252,310 --a------ C:\cc_20070719_1528.reg
2007-07-18 22:32 <DIR> d-------- C:\Program Files\SpywareBlaster
2007-07-18 21:34 393,630 --a------ C:\cc_20070718_2134.reg
2007-07-18 21:16 <DIR> d-------- C:\Program Files\CCleaner
2007-07-18 19:49 <DIR> d-------- C:\Program Files\Trend Micro
2007-07-18 19:15 <DIR> d-------- C:\!KillBox
2007-07-18 17:44 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2007-07-16 11:47 <DIR> d-------- C:\DOCUME~1\HUiYUe\APPLIC~1\Bitdefender
2007-07-16 11:44 368,912 --a------ C:\WINDOWS\system32\vbar332.dll
2007-07-16 11:44 252,176 --a------ C:\WINDOWS\system32\msrd2x35.dll
2007-07-16 11:44 24,848 --a------ C:\WINDOWS\system32\msjter35.dll
2007-07-16 11:44 123,664 --a------ C:\WINDOWS\system32\Msjint35.dll
2007-07-16 11:44 1,046,288 --a------ C:\WINDOWS\system32\msjet35.dll
2007-07-16 11:42 91,856 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2007-07-16 11:42 14 --a------ C:\WINDOWS\system32\SR2.dat
2007-07-15 23:38 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\BitDefender
2007-07-13 12:58 <DIR> d-------- C:\Program Files\eREAD6.0
2007-07-06 00:51 <DIR> d-------- C:\Program Files\SopCast
2007-07-06 00:50 <DIR> d-------- C:\Program Files\Universal
2007-07-06 00:16 <DIR> d-------- C:\DOCUME~1\HUiYUe\APPLIC~1\SopCast


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-24 06:48:50 -------- d-----w C:\DOCUME~1\HUiYUe\APPLIC~1\ppstream
2007-07-24 06:29:02 -------- d-----w C:\Program Files\MSN Messenger
2007-07-18 02:50:54 -------- d-----w C:\Program Files\eMule
2007-07-17 03:58:25 81,984 ----a-w C:\WINDOWS\system32\bdod.bin
2007-07-15 15:01:18 68 ----a-w C:\WINDOWS\system32\getfile.dat
2007-06-02 06:49:06 -------- d-----w C:\Program Files\DFX
2007-02-26 01:10:10 58,368 ----a-w C:\DOCUME~1\HUiYUe\APPLIC~1\GDIPFONTCACHEV1.DAT
2006-06-11 08:24:34 460 ----a-w C:\Program Files\INSTALL.LOG
2006-06-06 23:56:28 79 ----a-w C:\Program Files\Show Desktop.scf
2004-11-20 13:28:19 56 --sh--r C:\WINDOWS\system32\FC1D7A7178.sys


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{24F06550-65E3-4D1C-8CFE-839C296B5530}]
2007-06-28 17:24 57344 --a------ C:\Program Files\eREAD6.0\eREAD6.0\IEeREAD.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6A19C29D-ED45-4483-8999-9F939C8161F2}]
2007-06-29 14:03 77824 --a------ C:\Program Files\eREAD6.0\eREAD6.0\WebHook.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2004-02-05 20:01]
"NECMFK"="C:\Program Files\necmfk\necmfk.exe" [2004-01-23 22:41]
"AGRSMMSG"="AGRSMMSG.exe" [2003-04-17 10:30 C:\WINDOWS\AGRSMMSG.exe]
"LtMoh"="C:\Program Files\ltmoh\Ltmoh.exe" [2003-04-17 10:30]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-09-22 17:14]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 17:25]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\System32\ctfmon.exe" [2002-08-29 20:00]
"NCLaunch"="C:\WINDOWS\NCLAUNCH.EXe" [2005-05-19 21:58]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoBandCustomize"=0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages scecli

SafeBoot registry key needs repairs. This machine cannot enter Safe Mode.
~~\SafeBoot\Minimal\Base
~~\SafeBoot\Minimal\Boot Bus Extender
~~\SafeBoot\Minimal\Boot file system
~~\SafeBoot\Minimal\dmboot.sys
~~\SafeBoot\Minimal\dmio.sys
~~\SafeBoot\Minimal\dmload.sys
~~\SafeBoot\Minimal\dmserver
~~\SafeBoot\Minimal\File system
~~\SafeBoot\Minimal\Filter
~~\SafeBoot\Minimal\PCI Configuration
~~\SafeBoot\Minimal\Primary disk
~~\SafeBoot\Minimal\RpcSs
~~\SafeBoot\Minimal\SCSI Class
~~\SafeBoot\Minimal\sermouse.sys
~~\SafeBoot\Minimal\System Bus Extender
~~\SafeBoot\Minimal\vga.sys
~~\SafeBoot\Minimal\vgasave.sys
~~\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}
~~\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}
~~\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}
~~\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}
~~\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}
~~\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Guard]

R0 agpCPQ;Compaq AGP Bus Filter;C:\WINDOWS\System32\DRIVERS\agpCPQ.sys
R0 prohlp02;StarForce Protection Helper Driver v2;C:\WINDOWS\System32\drivers\prohlp02.sys
R0 prosync1;StarForce Protection Synchronization Driver v1;C:\WINDOWS\System32\drivers\prosync1.sys
R0 sfhlp01;StarForce Protection Helper Driver;C:\WINDOWS\System32\drivers\sfhlp01.sys
R1 bdpredir;bdpredir;\??\C:\Program Files\Softwin\BitDefender10\bdpredir.sys
R1 MFKGTKEY;MFKGTKEY;C:\WINDOWS\System32\drivers\mfkgtkey.sys
R1 mnmdd;mnmdd;C:\WINDOWS\System32\drivers\mnmdd.sys
R1 NPPTNT2;NPPTNT2;\??\C:\WINDOWS\System32\npptNT2.sys
R1 prodrv06;StarForce Protection Environment Driver v6;C:\WINDOWS\System32\drivers\prodrv06.sys
R1 Ps2LedIF;Ps2LedIF;C:\WINDOWS\System32\drivers\ps2ledif.sys
R2 AFD;AFD Networking Support Environment;C:\WINDOWS\System32\drivers\afd.sys
R2 lanmanserver;Server;C:\WINDOWS\System32\svchost.exe -k netsvcs
R2 lanmanworkstation;Workstation;C:\WINDOWS\System32\svchost.exe -k netsvcs
R2 SoundMAX Agent Service (default);SoundMAX Agent Service;C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
R2 winmgmt;Windows Management Instrumentation;C:\WINDOWS\system32\svchost.exe -k netsvcs
R3 gv3;Intel GV3 Processor Driver;C:\WINDOWS\System32\DRIVERS\gv3.sys
R3 Ps2Led;NEC Note Keyboard with One-touch start buttons;C:\WINDOWS\System32\DRIVERS\Ps2Led.sys
R3 w70n51;Intel® PRO/Wireless 7100 Adapter Driver;C:\WINDOWS\System32\DRIVERS\w70n51.sys
R3 wdmaud;Microsoft WINMM WDM Audio Compatibility Driver;C:\WINDOWS\System32\drivers\wdmaud.sys
S2 DgivEcp;Team MFP Comm Driver;C:\WINDOWS\System32\Drivers\DgivEcp.Sys
S3 Bridge;MAC Bridge;C:\WINDOWS\System32\DRIVERS\bridge.sys
S3 BridgeMP;MAC Bridge Miniport;C:\WINDOWS\System32\DRIVERS\bridge.sys
S3 CSDriver;CSDriver;\??\C:\WINDOWS\System32\drivers\CSDriver.sys
S3 mnmsrvc;NetMeeting Remote Desktop Sharing;C:\WINDOWS\System32\mnmsrvc.exe
S3 nm;Network Monitor Driver;C:\WINDOWS\System32\DRIVERS\NMnt.sys
S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment;C:\WINDOWS\System32\drivers\ws2ifsl.sys


**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-28 14:23:52
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\eMule VeryCD\x7248]
"DisplayIcon"="C:\Program Files\eMule\eMule.exe"
"DisplayName"="eMule VeryCD\x7248"
"UninstallString"="C:\Program Files\eMule\uninstall.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\16f\37f\tN:]
"DisplayName"="\x660e\x661f\x4e09\x7f3a\x4e00 2002"
"UninstallString"="C:\IGSMJ2~1\UNWISE.EXE C:\IGSMJ2~1\INSTALL.LOG"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\16f\37f\tN:]
"DisplayName"="\x660e\x661f\x4e09\x7f3a\x4e00 1.2"
"UninstallString"="C:\WINDOWS\iun503.exe C:\Program Files\\x660e\x661f\x4e09\x7f3a\x4e00\irunin.ini"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\xc9m{\x160\x201c\xb7\xf5G\xf8\xfb\xf7\xe8s2]
"DisplayName"="\x6dc9\x7b25\x938a\xf5b7\xf847\xf7fb\x73e82004"
"UninstallString"="C:\FEFC~1\UNWISE.EXE C:\FEFC~1\INSTALL.LOG"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\\nNQ\xa9RKb]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\\16f\37f\tN:]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\\16f\37f\tN:]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\\xc9m{\x160\x201c\xb7\xf5G\xf8\xfb\xf7\xe8s]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\o\x8f\37f\xd1y\x20acb\b\xff\27S\xacN\t\xff]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\o\x8f\37f\xd1y\x20acb\b\xff\27S\xacN\t\xff\'Y\xcc[\xc1\3N]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{325DC185-F117-F370-3BD7-045C5D5799A5}]
"dbcnnbmfdbpbhggkmkncldegaocnnokhjcklchfo"=hex:6b,61,69,64,66,6e,6e,69,65,69,63,6f,64,70,68,68,6a,6d,69,6d,61,..

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-07-28 14:27:13 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-07-28 14:26

--- E O F ---

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:31:58 PM, on 7/28/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\necmfk\necmfk.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Apoint2K\HidFind.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\NCLAUNCH.EXe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aiadirect.com.my
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: AddTask Class - {24F06550-65E3-4D1C-8CFE-839C296B5530} - C:\Program Files\eREAD6.0\eREAD6.0\IEeREAD.dll
O2 - BHO: AddTask Class - {6A19C29D-ED45-4483-8999-9F939C8161F2} - C:\Program Files\eREAD6.0\eREAD6.0\WebHook.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [NECMFK] C:\Program Files\necmfk\necmfk.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Add to &Windows Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://huiyek.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9F356F9F-2747-4F2E-93B1-4B23B9F9BA91}: NameServer = 69.50.176.198,195.225.176.153
O17 - HKLM\System\CCS\Services\Tcpip\..\{E703F5ED-56BC-496C-B9F2-6342C2757A14}: NameServer = 202.188.0.133 202.188.1.5
O17 - HKLM\System\CS1\Services\Tcpip\..\{9F356F9F-2747-4F2E-93B1-4B23B9F9BA91}: NameServer = 69.50.176.198,195.225.176.153
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe (file missing)
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SymWMI Service (SymWSC) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe (file missing)

--
End of file - 6309 bytes

Download and run this file:
http://download.bleepingcomputer.com/sUBs/...otKeyRepair.exe

------------

Download SmitfraudFix and save it to your system,

Please then reboot your computer in Safe Mode by doing the following :

• Restart your computer
• After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
• Instead of Windows loading as normal, a menu with options should appear;
• Select the first option, to run Windows in Safe Mode, then press "Enter".
• Choose your usual account.

Once in Safe Mode, double-click SmitfraudFix.exe
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart anyway into normal Windows. A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply.
The report can also be found at the root of the system drive, usually at C:\rapport.txt

Post the smitfraud log with a new hijackthis log.

hi rridgely,
i can not restart in safemode, it keep coming back to the page for selection of start win in normal or safemode.

Find this file:
C:\SafeBootRepair.log

Open it up and post the contents for me to see.

When i choose boot in safemode, this message comes out:
could not start, a file is missing or corupted: <window rot>\system32\notoskrnl.exe

here is the report from safeboot:


Reg export of SafeBoot key after repair:
========================

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\AVG Anti-Spyware Driver]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\AVG Anti-Spyware Guard]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\AVG Anti-Spyware Driver]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\AVG Anti-Spyware Guard]
@="Service"

========================


SafeBoot registry key needs repairs. This machine cannot enter Safe Mode.
~~\SafeBoot\Minimal\Base
~~\SafeBoot\Minimal\Boot Bus Extender
~~\SafeBoot\Minimal\Boot file system
~~\SafeBoot\Minimal\dmboot.sys
~~\SafeBoot\Minimal\dmio.sys
~~\SafeBoot\Minimal\dmload.sys
~~\SafeBoot\Minimal\dmserver
~~\SafeBoot\Minimal\File system
~~\SafeBoot\Minimal\Filter
~~\SafeBoot\Minimal\PCI Configuration
~~\SafeBoot\Minimal\Primary disk
~~\SafeBoot\Minimal\RpcSs
~~\SafeBoot\Minimal\SCSI Class
~~\SafeBoot\Minimal\sermouse.sys
~~\SafeBoot\Minimal\System Bus Extender
~~\SafeBoot\Minimal\vga.sys
~~\SafeBoot\Minimal\vgasave.sys
~~\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}
~~\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}
~~\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}
~~\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}
~~\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}
~~\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}

========================

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Driver
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Guard

Please download SmitfraudFix (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.
[code][/code]

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart anyway into normal Windows. A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply along with a new HijackThis log.

Hi rridgely,
here's the reports.


SmitFraudFix v2.209

Scan done at 23:03:34.88, Tue 08/07/2007
Run from C:\Documents and Settings\HUiYUe\Desktop\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\WINDOWS\system32\stdole3.tlb Deleted

»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Realtek RTL8139/810x Family Fast Ethernet NIC - Packet Scheduler Miniport
DNS Server Search Order: 202.188.0.133
DNS Server Search Order: 202.188.1.5

HKLM\SYSTEM\CCS\Services\Tcpip\..\{9F356F9F-2747-4F2E-93B1-4B23B9F9BA91}: NameServer=69.50.176.198,195.225.176.153
HKLM\SYSTEM\CCS\Services\Tcpip\..\{D309B663-DD53-462C-B2ED-B58D40C38174}: DhcpNameServer=202.188.0.133 202.188.1.5
HKLM\SYSTEM\CS1\Services\Tcpip\..\{9F356F9F-2747-4F2E-93B1-4B23B9F9BA91}: NameServer=69.50.176.198,195.225.176.153
HKLM\SYSTEM\CS1\Services\Tcpip\..\{D309B663-DD53-462C-B2ED-B58D40C38174}: DhcpNameServer=202.188.0.133 202.188.1.5
HKLM\SYSTEM\CS3\Services\Tcpip\..\{9F356F9F-2747-4F2E-93B1-4B23B9F9BA91}: NameServer=69.50.176.198,195.225.176.153
HKLM\SYSTEM\CS3\Services\Tcpip\..\{F4AE8D05-4466-474C-AE31-C3B5C9231380}: DhcpNameServer=202.188.0.133 202.188.1.5
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=202.188.0.133 202.188.1.5
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=202.188.0.133 202.188.1.5
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=202.188.0.133 202.188.1.5


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:15:34 PM, on 8/7/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\necmfk\necmfk.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Apoint2K\HidFind.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\NCLAUNCH.EXe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wuauclt.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: AddTask Class - {24F06550-65E3-4D1C-8CFE-839C296B5530} - C:\Program Files\eREAD6.0\eREAD6.0\IEeREAD.dll
O2 - BHO: AddTask Class - {6A19C29D-ED45-4483-8999-9F939C8161F2} - C:\Program Files\eREAD6.0\eREAD6.0\WebHook.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [NECMFK] C:\Program Files\necmfk\necmfk.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Add to &Windows Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://huiyek.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://huiyek.spaces.live.com/PhotoUpload/MsnPUpld.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9F356F9F-2747-4F2E-93B1-4B23B9F9BA91}: NameServer = 69.50.176.198,195.225.176.153
O17 - HKLM\System\CS1\Services\Tcpip\..\{9F356F9F-2747-4F2E-93B1-4B23B9F9BA91}: NameServer = 69.50.176.198,195.225.176.153
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe (file missing)
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SymWMI Service (SymWSC) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe (file missing)

--
End of file - 5355 bytes

http://download.bleepingcomputer.com/sUBs/...afeBoot-reg.zip

Right click the SafeBoot-reg.zip and choose Extract All, then open the extracted folder and double click SafeBoot.reg (or right click and choose Merge) and allow it to be merged into the registry to rebuild the SafeBoot keys.

Now try booting into safe mode.

sorry i cant open the web site

Sorry about that. Lets try again:
http://download.bleepingcomputer.com/sUBs/...afeBoot-reg.zip

there's an error during extracting, it says "file skipped unknown compression method".

You may need to get a seperate archive program then(I just tested the file and it worked fine)
Try using this to extract the file:
http://www.7-zip.org/

Yes! i can boot in safemode
so now left the win taskbar not yet solve. thank you very much.

You may want to print out these instructions for reference, since you will have to restart your computer during the fix.

Please download FixWareout from one of these sites:
http://downloads.subratam.org/Fixwareout.exe
http://www.bleepingcomputer.com/files/lonny/Fixwareout.exe

Save it to your desktop and run it. Click Next, then Install, make sure "Run fixit" is checked and click Finish.
The fix will begin; follow the prompts. You will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.

Once the desktop loads please post the text that will open (report.txt) back into this thread.
Post a hijackthis log as well.

---------

I want you to run this as well:

Run Kaspersky WebScanner

• Please go HERE and click Kaspersky Online Scanner
• Read and Accept the Agreement
• You will be promted to install an ActiveX component from Kaspersky, Click Yes.
• If you see a Windows dialog asking if you want to install this software, click the Install button.
• The program will launch and then begin downloading the latest definition files,
• When the "Update progress" line changes to "Ready" and the "NEXT ->" button becomes available, please click on it.
• Click on the Scan Settings button, and in the next window select the Extended database, and click Ok.
• Under "Please select a target to scan:", click My Computer to start the scan.
• When the scan is finished, click the "Save as Text" button, and save the file as kavscan.txt to your Desktop, close the Kaspersky On-line Scanner window.
• Paste kaspersky log onto forum.

FixWareout report:


Username "HUiYUe" - 2007-08-11 18:30:19 [Fixwareout edited 2007/07/05]

»»»»»Prerun check

HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{9F356F9F-2747-4F2E-93B1-4B23B9F9BA91}
"nameserver"="69.50.176.198,195.225.176.153" <Value cleared.

Successfully flushed the DNS Resolver Cache.


System was rebooted successfully.

»»»»» Postrun check
HKLM\SOFTWARE\~\Winlogon\ "System"=""
....
....
»»»»» Misc files.
....
»»»»» Checking for older varients.
....

»»»»» Current runs (hklm hkcu "run" Keys Only)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
"Apoint"="C:\\Program Files\\Apoint2K\\Apoint.exe"
"NECMFK"="C:\\Program Files\\necmfk\\necmfk.exe"
"AGRSMMSG"="AGRSMMSG.exe"
"LtMoh"="C:\\Program Files\\ltmoh\\Ltmoh.exe"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\\WINDOWS\\System32\\ctfmon.exe"
"NCLaunch"="C:\\WINDOWS\\NCLAUNCH.EXe"
....
Hosts file was reset, If you use a custom hosts file please replace it
C:\WINDOWS\repair\autoexec.nt missing
C:\WINDOWS\repair\Config.nt missing
»»»»» End report »»»»»


hijackthis report:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:48:59 PM, on 8/11/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\necmfk\necmfk.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\NCLAUNCH.EXe
C:\Program Files\Apoint2K\HidFind.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: AddTask Class - {24F06550-65E3-4D1C-8CFE-839C296B5530} - C:\Program Files\eREAD6.0\eREAD6.0\IEeREAD.dll
O2 - BHO: AddTask Class - {6A19C29D-ED45-4483-8999-9F939C8161F2} - C:\Program Files\eREAD6.0\eREAD6.0\WebHook.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [NECMFK] C:\Program Files\necmfk\necmfk.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Add to &Windows Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://huiyek.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://huiyek.spaces.live.com/PhotoUpload/MsnPUpld.cab
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe (file missing)
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SymWMI Service (SymWSC) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe (file missing)

--
End of file - 5120 bytes

as for the Kaspersky Online Scanner,
it doesn't respond when i click accept for the terms and condition, i had scan it before but i make sure i uninstall it.

hi rridgely, long time did not hear from u, still no solution for my laptop?

Sorry for the wait.
Can you describe your problem with the taskbar a little better? Exactly what isn't working the way it should?

Lets try to get bit defender installed if thats what your going to use.(did you pay for it already?)
The following tools are to remove symantec and bitdefender products.

Norton Remover

http://service1.symantec.com/SUPPORT/tsgen...mp;osv_lvl=>


Bitdefender remover

http://www.bitdefender.com/uninstall


Run them both. Then I want you to run CCleaner.
CCleaner can be found here:
http://www.CCleaner.com/download/builds (download any of the builds, it doesn't matter)

Install CCleaner and then open it up and press "run cleaner".
Reboot your computer and try to install bitdefender it you have a license for it. If you do not then please let me know and we can find you a good free solution.

Also I would like you to run this:

Download Blacklight beta HERE and save it to your desktop.
Run the program, accept statement > click next then scan
When its finished scanning exit the program and post back the log if it detects hidden files, The log is called 'fsbl-<date/time>.log' which will save to the same location as the blbeta.exe file.

Hi rridgely,

Normal taskbar has quick launch on your right, small items on your left (eg. volume control), the centre blank will only shows program that we currently using (e.g words, internet explorer etc)

My taskbar can show quick launch, small items but couldn't show the programs that are currently running. So, this is the problem.

As for the bitdefender, i dont have the license, i just downloaded from the net.

The scan result of blacklight beter is ok, no hidden file.

Here is my hijackthisfile


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:55:20 PM, on 8/23/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\necmfk\necmfk.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\NCLAUNCH.EXe
C:\Program Files\Apoint2K\HidFind.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: AddTask Class - {24F06550-65E3-4D1C-8CFE-839C296B5530} - C:\Program Files\eREAD6.0\eREAD6.0\IEeREAD.dll
O2 - BHO: AddTask Class - {6A19C29D-ED45-4483-8999-9F939C8161F2} - C:\Program Files\eREAD6.0\eREAD6.0\WebHook.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [NECMFK] C:\Program Files\necmfk\necmfk.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Add to &Windows Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://huiyek.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://huiyek.spaces.live.com/PhotoUpload/MsnPUpld.cab
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe (file missing)
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 4778 bytes

I want you to download the trial version of kaspersky here:
http://www.kaspersky.com/anti-virus_trial

Install it, update it, and then run a full system scan with it.
I dont have step by step instructions for it but please try to come back with a log from kaspersky and a new hijackthis log.

hi rridgely, it's been a while, i run the kaspersky scan, but i could not find the log file, so i just copy paste part of the report where it detected virus, there's only 1 virus.

8/30/2007 3:21:44 AM File: c:\qoobox\quarantine\c\documents and settings\huiyue\applic~1\hidires\rosa.sys.vir detected virus 'Email-Worm.Win32.Bagle.ir'
8/30/2007 7:50:36 AM File: c:\qoobox\quarantine\c\documents and settings\huiyue\applic~1\hidires\rosa.sys.vir backed up
8/30/2007 7:50:41 AM File: c:\qoobox\quarantine\c\documents and settings\huiyue\applic~1\hidires\rosa.sys.vir deleted

------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:07:02 AM, on 8/30/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\necmfk\necmfk.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Apoint2K\HidFind.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINDOWS\NCLAUNCH.EXe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: AddTask Class - {24F06550-65E3-4D1C-8CFE-839C296B5530} - C:\Program Files\eREAD6.0\eREAD6.0\IEeREAD.dll
O2 - BHO: AddTask Class - {6A19C29D-ED45-4483-8999-9F939C8161F2} - C:\Program Files\eREAD6.0\eREAD6.0\WebHook.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [NECMFK] C:\Program Files\necmfk\necmfk.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Add to &Windows Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://huiyek.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://huiyek.spaces.live.com/PhotoUpload/MsnPUpld.cab
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe (file missing)
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 5208 bytes

You can delete this folder:

c:\qoobox

--------------

Lets try this. Download this file:
http://www.kellys-korner-xp.com/TaskbarRep...olPlus!.zip (right click this link>save as)

Unzip the program and then run it. Where it says "taskbar problems" scroll down in the menu below and choose minimized programs missing. Then press repair and see what happens. This is a new tool to me too so I dont know if this is going to work or not.

If that doesn't work I would try the same tool but choose "task bar missing". Let me know if this works.

thank rridgely, the taskbar problem is solved
I post the latest hijackthis log, do i need to uninstall AVG Anti-Spyware Guard? As the trial period already over, same with kaspersky when the trial over?


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:12:12 AM, on 9/7/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\necmfk\necmfk.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Apoint2K\HidFind.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\NCLAUNCH.EXe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: AddTask Class - {24F06550-65E3-4D1C-8CFE-839C296B5530} - C:\Program Files\eREAD6.0\eREAD6.0\IEeREAD.dll
O2 - BHO: AddTask Class - {6A19C29D-ED45-4483-8999-9F939C8161F2} - C:\Program Files\eREAD6.0\eREAD6.0\WebHook.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [NECMFK] C:\Program Files\necmfk\necmfk.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Add to &Windows Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://huiyek.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://huiyek.spaces.live.com/PhotoUpload/MsnPUpld.cab
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe (file missing)
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 5175 bytes

So that tool fixed it? Awesome.
I would go ahead and uninstall kaspersky and install a free antivirus. AVG, avast, or Antivir are all good.
AVG Antispyware you can still update and scan with after the trial. You just wont get the real time protection. (so keep it. )

You really, really, really need to update windows, java, and flash.
By doing that you will greatly reduce your risk of getting infected again.

Take a look through my guide here for more tips:
http://internetrotsyourbrain.com/rridgely/...eprevention.htm