here is my hijackthis logs, I am not sure what to fix, any help would be appreciated.

Don't put the logs in code

Download Rooter.exe to your desktop

• Then doubleclick it to start the tool
• A Notepad file containing the report will open, also found at %systemdrive%\Rooter.txt. Post that here

Click to view attachmentHi, I ran rooter and here is the txt file.

Thanks

please post the logs normally

Please download the OTMoveIt3 by OldTimer

• Save it to your desktop.
• Please double-click OTMoveIt3.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
• Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  
  CODE
  :Processes
  explorer.exe
  
  :Services
  
  :Reg
  
  :Files
  C:\WINDOWS\system32\nUvDNXbc.ini
  C:\WINDOWS\system32\nUvDNXbc.ini2
  C:\WINDOWS\system32\cbXNDvUn.dll
  C:\DOCUME~1\ALLUSE~1\APPLIC~1\CrucialSoft Ltd
  
  
  :Commands
  [purity]
  [emptytemp]
  [start explorer]
  [Reboot]
  
  
• Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  
• Click the red Moveit! button.
• Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
• Close OTMoveIt3

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.




Please download DDS and save it to your desktop.

• Disable any script blocking protection
• Double click dds.scr to run the tool.
• When done, DDS.txt will open.
• Click Yes at the next prompt for Optional Scan.
• Save both reports to your desktop.

---------------------------------------------------

Please include the contents of the following in your next reply:

DDS.txt
Attach.txt.

Here is the log for OTmoveit

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
C:\WINDOWS\system32\nUvDNXbc.ini moved successfully.
C:\WINDOWS\system32\nUvDNXbc.ini2 moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\cbXNDvUn.dll
C:\WINDOWS\system32\cbXNDvUn.dll NOT unregistered.
C:\WINDOWS\system32\cbXNDvUn.dll moved successfully.
C:\DOCUME~1\ALLUSE~1\APPLIC~1\CrucialSoft Ltd\MS AntiSpyware 2009\SAVED moved successfully.
C:\DOCUME~1\ALLUSE~1\APPLIC~1\CrucialSoft Ltd\MS AntiSpyware 2009\LOG moved successfully.
C:\DOCUME~1\ALLUSE~1\APPLIC~1\CrucialSoft Ltd\MS AntiSpyware 2009\DELETED moved successfully.
C:\DOCUME~1\ALLUSE~1\APPLIC~1\CrucialSoft Ltd\MS AntiSpyware 2009\BASE moved successfully.
C:\DOCUME~1\ALLUSE~1\APPLIC~1\CrucialSoft Ltd\MS AntiSpyware 2009 moved successfully.
C:\DOCUME~1\ALLUSE~1\APPLIC~1\CrucialSoft Ltd moved successfully.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\OWNER~1.PRI\LOCALS~1\Temp\etilqs_5bgx5CdM7tYZf9e scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\OWNER~1.PRI\LOCALS~1\Temp\etilqs_EpEhSwBKLCj9mot scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\OWNER~1.PRI\LOCALS~1\Temp\etilqs_hmYdQ5OoGzgZdcP scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\OWNER~1.PRI\LOCALS~1\Temp\nsrbgxod.bak scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat scheduled to be deleted on reboot.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
Java cache emptied.
FireFox cache emptied.
File delete failed. C:\Documents and Settings\Owner.Priyom\Local Settings\Application Data\Opera\Opera\Profile\vps\0009\adoc.bx scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Owner.Priyom\Local Settings\Application Data\Opera\Opera\Profile\vps\0009\md.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Owner.Priyom\Local Settings\Application Data\Opera\Opera\Profile\vps\0009\url.ax scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Owner.Priyom\Local Settings\Application Data\Opera\Opera\Profile\vps\0009\w.ax scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Owner.Priyom\Local Settings\Application Data\Opera\Opera\Profile\vps\0009\wb.vx scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Owner.Priyom\Local Settings\Application Data\Opera\Opera\Profile\vps\0008\adoc.bx scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Owner.Priyom\Local Settings\Application Data\Opera\Opera\Profile\vps\0008\md.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Owner.Priyom\Local Settings\Application Data\Opera\Opera\Profile\vps\0008\url.ax scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Owner.Priyom\Local Settings\Application Data\Opera\Opera\Profile\vps\0008\w.ax scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Owner.Priyom\Local Settings\Application Data\Opera\Opera\Profile\vps\0008\wb.vx scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Owner.Priyom\Local Settings\Application Data\Opera\Opera\Profile\vps\0005\adoc.bx scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Owner.Priyom\Local Settings\Application Data\Opera\Opera\Profile\vps\0005\md.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Owner.Priyom\Local Settings\Application Data\Opera\Opera\Profile\vps\0005\url.ax scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Owner.Priyom\Local Settings\Application Data\Opera\Opera\Profile\vps\0005\w.ax scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Owner.Priyom\Local Settings\Application Data\Opera\Opera\Profile\vps\0005\wb.vx scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Owner.Priyom\Local Settings\Application Data\Opera\Opera\Profile\vps\0004\adoc.bx scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Owner.Priyom\Local Settings\Application Data\Opera\Opera\Profile\vps\0004\md.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Owner.Priyom\Local Settings\Application Data\Opera\Opera\Profile\vps\0004\url.ax scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Owner.Priyom\Local Settings\Application Data\Opera\Opera\Profile\vps\0004\w.ax scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Owner.Priyom\Local Settings\Application Data\Opera\Opera\Profile\vps\0004\wb.vx scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Owner.Priyom\Local Settings\Application Data\Opera\Opera\Profile\vps\0003\adoc.bx scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Owner.Priyom\Local Settings\Application Data\Opera\Opera\Profile\vps\0003\md.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Owner.Priyom\Local Settings\Application Data\Opera\Opera\Profile\vps\0003\url.ax scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Owner.Priyom\Local Settings\Application Data\Opera\Opera\Profile\vps\0003\w.ax scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Owner.Priyom\Local Settings\Application Data\Opera\Opera\Profile\vps\0003\wb.vx scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Owner.Priyom\Local Settings\Application Data\Opera\Opera\Profile\vps\0002\adoc.bx scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Owner.Priyom\Local Settings\Application Data\Opera\Opera\Profile\vps\0002\md.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Owner.Priyom\Local Settings\Application Data\Opera\Opera\Profile\vps\0002\url.ax scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Owner.Priyom\Local Settings\Application Data\Opera\Opera\Profile\vps\0002\w.ax scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Owner.Priyom\Local Settings\Application Data\Opera\Opera\Profile\vps\0002\wb.vx scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Owner.Priyom\Local Settings\Application Data\Opera\Opera\Profile\vps\0001\adoc.bx scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Owner.Priyom\Local Settings\Application Data\Opera\Opera\Profile\vps\0001\md.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Owner.Priyom\Local Settings\Application Data\Opera\Opera\Profile\vps\0001\url.ax scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Owner.Priyom\Local Settings\Application Data\Opera\Opera\Profile\vps\0001\w.ax scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Owner.Priyom\Local Settings\Application Data\Opera\Opera\Profile\vps\0001\wb.vx scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Owner.Priyom\Local Settings\Application Data\Opera\Opera\Profile\vps\0000\adoc.bx scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Owner.Priyom\Local Settings\Application Data\Opera\Opera\Profile\vps\0000\md.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Owner.Priyom\Local Settings\Application Data\Opera\Opera\Profile\vps\0000\url.ax scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Owner.Priyom\Local Settings\Application Data\Opera\Opera\Profile\vps\0000\w.ax scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Owner.Priyom\Local Settings\Application Data\Opera\Opera\Profile\vps\0000\wb.vx scheduled to be deleted on reboot.
Opera cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 01272009_195714

DOS.txt log


DDS (Ver_09-01-19.01) - NTFSx86
Run by Owner at 20:30:49.76 on Tue 01/27/2009
Internet Explorer: 8.0.6001.18241
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1498 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\eHome\ehSched.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Owner.Priyom\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Owner.Priyom\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\Owner.Priyom\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Documents and Settings\Owner.Priyom\Desktop\dds.pif

============== Pseudo HJT Report ===============

uSearch Bar = hxxp://www.google.com/ie
uStart Page = hxxp://www.gateway.com/
uInternet Settings,ProxyOverride = *.local
mSearchAssistant = hxxp://www.google.com/ie
BHO: {01694dee-87ea-4a63-9b23-3535b28f838c} - c:\windows\system32\cbXNDvUn.dll
BHO: {037040d8-1ec9-4234-8830-e4951044e655} - c:\windows\system32\fccyxyXP.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: {6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} - c:\windows\system32\xxyayVLb.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: {58f97ba8-edaf-ff9a-19b4-0ae725ad3699}: {9963da52-7ea0-4b91-a9ff-fade8ab79f85} - c:\windows\system32\jsvusm.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [autochk] rundll32.exe c:\docume~1\networ~1\protect.dll,_IWMPEvents@16
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [SunKistEM] c:\program files\digital media reader\shwiconem.exe
mRun: [nwiz] nwiz.exe /install
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [IntelAudioStudio] "c:\program files\intel audio studio\IntelAudioStudio.exe" BOOT
mRun: [MCUpdateExe] c:\progra~1\mcafee.com\agent\mcupdate.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [autochk] rundll32.exe c:\windows\system32\autochk.dll,_IWMPEvents@16
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRun: [a82dea66] rundll32.exe "c:\windows\system32\vvabagbu.dll",b
StartupFolder: c:\documents and settings\owner.priyom\start menu\programs\startup\ChkDisk.dll
StartupFolder: c:\docume~1\owner~1.pri\startm~1\programs\startup\chkdisk.lnk - c:\windows\system32\rundll32.exe
IE: &AOL Toolbar search - c:\program files\aol toolbar\toolbar.dll/SEARCH.HTML
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: avgrsstarter - avgrsstx.dll
Notify: xxyayVLb - xxyayVLb.dll
AppInit_DLLs: avgrsstx.dll jsvusm.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: {6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} - c:\windows\system32\xxyayVLb.dll
LSA: Authentication Packages = msv1_0 c:\windows\system32\fccyxyXP

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\owner~1.pri\applic~1\mozilla\firefox\profiles\rpbv9rbw.default\
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\owner.priyom\local settings\application data\google\update\1.2.133.33\npGoogleOneClick7.dll
FF - plugin: c:\program files\java\jre1.5.0_02\bin\NPJava11.dll
FF - plugin: c:\program files\java\jre1.5.0_02\bin\NPJava12.dll
FF - plugin: c:\program files\java\jre1.5.0_02\bin\NPJava13.dll
FF - plugin: c:\program files\java\jre1.5.0_02\bin\NPJava14.dll
FF - plugin: c:\program files\java\jre1.5.0_02\bin\NPJava32.dll
FF - plugin: c:\program files\java\jre1.5.0_02\bin\NPJPI150_02.dll
FF - plugin: c:\program files\java\jre1.5.0_02\bin\NPOJI610.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-1-27 64160]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-9-19 325128]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-9-19 27656]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-9-19 107272]
R4 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2008-9-19 875288]
R4 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-9-19 231704]
R4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-1-18 942416]
R4 McDetect.exe;McAfee WSC Integration;c:\program files\mcafee.com\agent\Mcdetect.exe [2008-9-2 126976]
R4 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R4 McTskshd.exe;McAfee Task Scheduler;c:\progra~1\mcafee.com\agent\mctskshd.exe [2008-9-2 122368]
S3 mcupdmgr.exe;McAfee SecurityCenter Update Manager;c:\progra~1\mcafee.com\agent\mcupdmgr.exe [2008-8-26 245760]

=============== Created Last 30 ================

2009-01-27 20:29 <DIR> --d-h--- c:\windows\PIF
2009-01-27 20:09 129,024 a------- c:\windows\system32\jsvusm.dll
2009-01-27 20:09 129,024 a------- c:\windows\system32\mjkbldui.dll
2009-01-27 20:07 1,516,535 ---sh--- c:\windows\system32\ubgabavv.ini
2009-01-27 20:07 72,704 a------- c:\windows\system32\vvabagbu.dll
2009-01-27 20:06 368,209 a--sh--- c:\windows\system32\PXyxyccf.ini2
2009-01-27 20:06 368,209 a--sh--- c:\windows\system32\PXyxyccf.ini
2009-01-27 20:06 315,904 a------- c:\windows\system32\fccyxyXP.dll
2009-01-27 19:57 <DIR> --d----- C:\_OTMoveIt
2009-01-27 13:36 1,516,535 a--sh--- c:\windows\system32\jnurcdgn.ini
2009-01-27 13:36 72,704 -------- c:\windows\system32\ngdcrunj.dll
2009-01-27 13:36 129,024 a------- c:\windows\system32\tjumdwqe.dll
2009-01-27 13:36 129,024 a------- c:\windows\system32\exdwxt.dll
2009-01-27 13:31 <DIR> --d----- C:\Rooter$
2009-01-27 13:30 48,128 a------- c:\windows\system32\hgGaaWQI.dll
2009-01-27 01:08 15,688 a------- c:\windows\system32\lsdelete.exe
2009-01-27 00:01 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-01-27 00:00 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-01-27 00:00 <DIR> --d----- c:\program files\Lavasoft
2009-01-26 01:37 21,504 a--sh--- c:\windows\system32\autochk.dll
2009-01-26 01:37 21,504 a--sh--- c:\documents and settings\owner.priyom\protect.dll
2009-01-26 01:37 36,352 a------- c:\windows\system32\xxyayVLb.dll
2009-01-26 01:37 20,480 a------- c:\windows\system32\~.exe
2009-01-17 16:55 <DIR> --d----- c:\program files\Uplink Demo
2009-01-16 21:45 <DIR> --d----- c:\program files\Saints Row 2
2009-01-05 16:29 <DIR> --d----- c:\docume~1\owner~1.pri\applic~1\GlarySoft

==================== Find3M ====================

2009-01-27 20:04 325,128 a------- c:\windows\system32\drivers\avgldx86.sys
2009-01-27 20:04 10,520 a------- c:\windows\system32\avgrsstx.dll
2009-01-27 20:04 107,272 a------- c:\windows\system32\drivers\avgtdix.sys
2008-12-25 15:30 413,696 a------- c:\windows\system32\wrap_oal.dll
2008-12-25 15:30 110,592 a------- c:\windows\system32\OpenAL32.dll
2008-12-11 05:57 333,952 a------- c:\windows\system32\drivers\srv.sys
2008-12-02 22:37 49,480 a------- c:\windows\system32\sirenacm.dll
2008-09-28 06:19 1,066 a------- c:\program files\INSTALL.LOG
2008-09-03 15:13 22,328 a------- c:\docume~1\owner~1.pri\applic~1\PnkBstrK.sys
2003-12-18 10:33 20,102 a------- c:\program files\Readme.txt
2003-09-03 06:46 10,960 a------- c:\program files\EULA.txt
2008-08-28 18:37 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008082820080829\index.dat

============= FINISH: 20:32:01.53 ===============

Attach.txt log


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-01-19.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 8/26/2008 4:08:54 PM
System Uptime: 1/27/2009 8:01:04 PM (0 hours ago)

Motherboard: Intel Corporation | | D945GBI
Processor: Intel® Pentium® D CPU 3.00GHz | | 2999/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 293 GiB total, 216.125 GiB free.
D: is FIXED (FAT32) - 5 GiB total, 1.465 GiB free.
E: is CDROM ()
F: is CDROM ()
G: is Removable
H: is Removable
I: is Removable
J: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP123: 1/27/2009 1:35:06 PM - System Checkpoint
RP124: 1/27/2009 1:35:06 PM - Removed iTunes
RP125: 1/27/2009 1:35:06 PM - System Checkpoint
RP126: 1/27/2009 1:35:07 PM - System Checkpoint
RP127: 1/27/2009 1:35:07 PM - Installed Command & Conquer™ Red Alert™ 3
RP128: 1/27/2009 1:35:07 PM - System Checkpoint
RP129: 1/27/2009 1:35:08 PM - Removed Command & Conquer™ Red Alert™ 3
RP130: 1/27/2009 1:35:08 PM - Installed Command & Conquer™ Red Alert™ 3
RP131: 1/27/2009 1:35:08 PM - System Checkpoint
RP132: 1/27/2009 1:35:08 PM - Installed Call of Duty® - World at War™ Beta
RP133: 1/27/2009 1:35:09 PM - Removed Call of Duty® - World at War™ Beta
RP134: 1/27/2009 1:35:09 PM - System Checkpoint
RP135: 1/27/2009 1:35:10 PM - Installed Call of Duty® - World at War™
RP136: 1/27/2009 1:35:10 PM - Installed Call of Duty® - World at War™
RP137: 1/27/2009 1:35:11 PM - Avg8 Update
RP138: 1/27/2009 1:35:11 PM - System Checkpoint
RP139: 1/27/2009 1:35:12 PM - Software Distribution Service 3.0
RP140: 1/27/2009 1:35:12 PM - Installed Steam
RP141: 1/27/2009 1:35:13 PM - Configured DW6 Demo
RP142: 1/27/2009 1:35:14 PM - Removed Far Cry 2
RP143: 1/27/2009 1:35:14 PM - System Checkpoint
RP144: 1/27/2009 1:35:14 PM - Installed Dynasty Warriors 6
RP145: 1/27/2009 1:35:15 PM - Removed Call of Duty® - World at War™
RP146: 1/27/2009 1:35:16 PM - System Checkpoint
RP147: 1/27/2009 1:35:16 PM - Restore Operation
RP148: 1/27/2009 1:35:17 PM - System Checkpoint
RP149: 1/27/2009 1:35:18 PM - Installed Star Wars®: Knights of the Old Republic ™
RP150: 1/27/2009 1:35:19 PM - Removed Star Wars®: Knights of the Old Republic ™
RP151: 1/27/2009 1:35:19 PM - Removed Command & Conquer™ Red Alert™ 3
RP152: 1/27/2009 1:35:20 PM - Configured Dynasty Warriors 6
RP153: 1/27/2009 1:35:21 PM - System Checkpoint
RP154: 1/27/2009 1:35:22 PM - Installed DirectX
RP155: 1/27/2009 1:35:22 PM - Avg8 Update
RP156: 1/27/2009 1:35:23 PM - System Checkpoint
RP157: 1/27/2009 1:35:24 PM - System Checkpoint
RP158: 1/27/2009 1:35:24 PM - System Checkpoint
RP159: 1/27/2009 1:35:25 PM - System Checkpoint
RP160: 1/27/2009 1:35:26 PM - Installed DirectX
RP161: 1/27/2009 1:35:27 PM - Installed Microsoft Games for Windows - LIVE Redistributable
RP162: 1/27/2009 1:35:27 PM - Installed %1 %2.
RP163: 1/27/2009 1:35:28 PM - Printer Driver Microsoft XPS Document Writer Installed
RP164: 1/27/2009 1:35:29 PM - System Checkpoint
RP165: 1/27/2009 1:35:30 PM - System Checkpoint
RP166: 1/27/2009 1:35:30 PM - System Checkpoint
RP167: 1/27/2009 1:35:31 PM - System Checkpoint
RP168: 1/27/2009 1:35:32 PM - System Checkpoint
RP169: 1/27/2009 1:35:32 PM - Software Distribution Service 3.0
RP170: 1/27/2009 1:35:32 PM - Software Distribution Service 3.0
RP171: 1/27/2009 1:35:33 PM - Avg8 Update
RP172: 1/27/2009 1:35:33 PM - System Checkpoint
RP173: 1/27/2009 1:35:33 PM - System Checkpoint
RP174: 1/27/2009 1:35:34 PM - System Checkpoint
RP175: 1/27/2009 1:35:34 PM - Software Distribution Service 3.0
RP176: 1/27/2009 1:35:34 PM - System Checkpoint
RP177: 1/27/2009 1:35:35 PM - Installed DirectX
RP178: 1/27/2009 1:35:35 PM - Installed Rise of the Argonauts
RP179: 1/27/2009 1:35:36 PM - Installed iTunes
RP180: 1/27/2009 1:35:37 PM - Removed Rise of the Argonauts
RP181: 1/27/2009 1:35:38 PM - System Checkpoint
RP182: 1/27/2009 1:35:39 PM - System Checkpoint
RP183: 1/27/2009 1:35:39 PM - Installed SPORE™
RP184: 1/27/2009 1:35:40 PM - System Checkpoint
RP185: 1/27/2009 1:35:40 PM - System Checkpoint
RP186: 1/27/2009 1:35:40 PM - Removed SPORE™
RP187: 1/27/2009 1:35:40 PM - System Checkpoint
RP188: 1/27/2009 1:35:41 PM - System Checkpoint
RP189: 1/27/2009 1:35:41 PM - Installed Ventrilo Client
RP190: 1/27/2009 1:35:41 PM - System Checkpoint
RP191: 1/27/2009 1:35:42 PM - System Checkpoint
RP192: 1/27/2009 1:35:42 PM - System Checkpoint
RP193: 1/27/2009 1:35:42 PM - System Checkpoint
RP194: 1/27/2009 1:35:43 PM - System Checkpoint
RP195: 1/27/2009 1:35:43 PM - Installed DirectX
RP196: 1/27/2009 1:35:45 PM - System Checkpoint
RP197: 1/27/2009 1:35:45 PM - Software Distribution Service 3.0
RP198: 1/27/2009 1:35:47 PM - Software Distribution Service 3.0
RP199: 1/27/2009 1:35:48 PM - System Checkpoint
RP200: 1/27/2009 1:35:48 PM - Installed The Lord of the Rings - Conquest™
RP201: 1/27/2009 1:35:49 PM - Removed The Lord of the Rings - Conquest™
RP202: 1/27/2009 1:35:50 PM - System Checkpoint
RP203: 1/27/2009 1:35:51 PM - System Checkpoint
RP204: 1/27/2009 1:35:52 PM - System Checkpoint
RP205: 1/27/2009 1:35:53 PM - System Checkpoint
RP206: 1/27/2009 1:35:53 PM - System Checkpoint
RP207: 1/27/2009 1:35:53 PM - Removed Ventrilo Client
RP208: 1/27/2009 1:36:08 PM - Last known good configuration
RP209: 1/27/2009 8:03:12 PM - Avg8 Update
RP210: 1/27/2009 8:04:45 PM - Avg8 Update

==== Installed Programs ======================

µTorrent
2007 Microsoft Office Suite Service Pack 1 (SP1)
Ad-Aware
Add or Remove Adobe Creative Suite 3 Design Premium
Add or Remove Adobe Creative Suite 3 Web Premium
Adobe Acrobat 8 Professional
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe BridgeTalk Plugin CS3
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Creative Suite 3 Design Premium
Adobe Creative Suite 3 Web Premium
Adobe Default Language CS3
Adobe Device Central CS3
Adobe Dreamweaver CS3
Adobe ExtendScript Toolkit 2
Adobe Extension Manager CS3
Adobe Flash CS3
Adobe Flash Player 10 Plugin
Adobe Flash Player 9 ActiveX
Adobe Flash Video Encoder
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Illustrator CS3
Adobe InDesign CS3
Adobe InDesign CS3 Icon Handler
Adobe Linguistics CS3
Adobe MotionPicture Color Files
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Setup
Adobe SING CS3
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WAS CS3
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
AHV content for Acrobat and Flash
AIM 6
Apple Mobile Device Support
Apple Software Update
AVG Free 8.0
Bonjour
Call of Duty® 4 - Modern Warfare™ 1.6 Patch
Call of Duty® 4 - Modern Warfare™ 1.7 Patch
CCleaner (remove only)
Choice Guard
Digital Media Reader
Extensis Suitcase 9.2
FileZilla Client 3.2.0
Google Chrome
High Definition Audio Driver Package - KB835221
HijackThis 1.99.1
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
I-Fluid
Intel Audio Studio
iTunes
J2SE Runtime Environment 5.0 Update 2
Left 4 Dead
McAfee SecurityCenter
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0
Microsoft .NET Framework 3.0
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Games for Windows - LIVE Redistributable
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual J# .NET Redistributable Package 1.1
MobileMe Control Panel
Mozilla Firefox (3.0.5)
MS AntiSpyware 2009
MSVCRT
MSXML 6.0 Parser (KB925673)
Napster Burn Engine
NVIDIA Drivers
NVIDIA Photoshop Plug-ins
NVIDIA PhysX v8.09.04
Octoshape add-in for Adobe Flash Player
OpenAL
Opera 9.60
PDF Settings
PowerISO
QuickTime
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB958439)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 2.0 (KB928365)
Security Update for Microsoft Office Excel 2007 (KB958437)
Security Update for Microsoft Office OneNote 2007 (KB950130)
Security Update for Microsoft Office PowerPoint 2007 (KB951338)
Security Update for Microsoft Office Publisher 2007 (KB950114)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office system 2007 (KB956828)
Security Update for Microsoft Office Word 2007 (KB956358)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 8 (KB960714)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Segoe UI
SigmaTel Audio
Skype™ 3.8
Steam
Team Fortress 2
TortoiseSVN 1.5.3.13783 (32 bit)
Update for Microsoft Office Outlook 2007 (KB952142)
Update for Office 2007 (KB946691)
Update for Outlook 2007 Junk Email Filter (kb959141)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update Rollup 2 for Windows XP Media Center Edition 2005
WebFldrs XP
Windows Communication Foundation
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8 Beta 2
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows Presentation Foundation
Windows Workflow Foundation
Windows XP Media Center Edition 2005 KB890629
Windows XP Media Center Edition 2005 KB890760
Windows XP Media Center Edition 2005 KB895198
Windows XP Media Center Edition 2005 KB895678
Windows XP Media Center Edition 2005 KB925766
Windows XP Service Pack 3
WinRAR archiver
XML Paper Specification Shared Components Pack 1.0
XP Codec Pack

==== Event Viewer Messages From Past Week ========

1/26/2009 2:55:08 PM, error: Service Control Manager [7034] - The PnkBstrA service terminated unexpectedly. It has done this 1 time(s).
1/26/2009 2:55:22 PM, error: Service Control Manager [7034] - The McAfee Task Scheduler service terminated unexpectedly. It has done this 1 time(s).
1/26/2009 6:34:57 PM, error: Cdrom [11] - The driver detected a controller error on \Device\CdRom0.
1/27/2009 12:02:02 AM, error: SideBySide [32] - Dependent Assembly Microsoft.VC90.ATL could not be found and Last Error was The referenced assembly is not installed on your system.
1/27/2009 12:02:02 AM, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC90.ATL. Reference error message: The referenced assembly is not installed on your system. .
1/27/2009 12:02:02 AM, error: SideBySide [59] - Generate Activation Context failed for C:\Program Files\Lavasoft\Ad-Aware\ShellExt.dll. Reference error message: The operation completed successfully. .

==== End Of File ===========================

hello

Please download the OTMoveIt3 by OldTimer

• Save it to your desktop.
• Please double-click OTMoveIt3.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
• Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  
  CODE
  :Processes
  explorer.exe
  
  :Services
  
  :Reg
  
  :files
  c:\windows\system32\jsvusm.dll
  c:\windows\system32\mjkbldui.dll
  c:\windows\system32\ubgabavv.ini
  c:\windows\system32\vvabagbu.dll
  c:\windows\system32\PXyxyccf.ini2
  c:\windows\system32\PXyxyccf.ini
  c:\windows\system32\fccyxyXP.dll
  c:\windows\system32\jnurcdgn.ini
  c:\windows\system32\ngdcrunj.dll
  c:\windows\system32\tjumdwqe.dll
  c:\windows\system32\exdwxt.dll
  c:\windows\system32\hgGaaWQI.dll
  c:\windows\system32\autochk.dll
  c:\documents and settings\owner.priyom\protect.dll
  c:\windows\system32\xxyayVLb.dll
  c:\windows\system32\~.exe
  
  
  :Commands
  [purity]
  [emptytemp]
  [start explorer]
  [Reboot]
  
  
• Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  
• Click the red Moveit! button.
• Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
• Close OTMoveIt3

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.



Also post a new DDS log

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
DllUnregisterServer procedure not found in c:\windows\system32\jsvusm.dll
c:\windows\system32\jsvusm.dll NOT unregistered.
c:\windows\system32\jsvusm.dll moved successfully.
DllUnregisterServer procedure not found in c:\windows\system32\mjkbldui.dll
c:\windows\system32\mjkbldui.dll NOT unregistered.
c:\windows\system32\mjkbldui.dll moved successfully.
c:\windows\system32\ubgabavv.ini moved successfully.
DllUnregisterServer procedure not found in c:\windows\system32\vvabagbu.dll
c:\windows\system32\vvabagbu.dll NOT unregistered.
c:\windows\system32\vvabagbu.dll moved successfully.
c:\windows\system32\PXyxyccf.ini2 moved successfully.
c:\windows\system32\PXyxyccf.ini moved successfully.
DllUnregisterServer procedure not found in c:\windows\system32\fccyxyXP.dll
c:\windows\system32\fccyxyXP.dll NOT unregistered.
c:\windows\system32\fccyxyXP.dll moved successfully.
c:\windows\system32\jnurcdgn.ini moved successfully.
File/Folder c:\windows\system32\ngdcrunj.dll not found.
DllUnregisterServer procedure not found in c:\windows\system32\tjumdwqe.dll
c:\windows\system32\tjumdwqe.dll NOT unregistered.
c:\windows\system32\tjumdwqe.dll moved successfully.
DllUnregisterServer procedure not found in c:\windows\system32\exdwxt.dll
c:\windows\system32\exdwxt.dll NOT unregistered.
c:\windows\system32\exdwxt.dll moved successfully.
DllUnregisterServer procedure not found in c:\windows\system32\hgGaaWQI.dll
c:\windows\system32\hgGaaWQI.dll NOT unregistered.
c:\windows\system32\hgGaaWQI.dll moved successfully.
DllUnregisterServer procedure not found in c:\windows\system32\autochk.dll
c:\windows\system32\autochk.dll NOT unregistered.
c:\windows\system32\autochk.dll moved successfully.
DllUnregisterServer procedure not found in c:\documents and settings\owner.priyom\protect.dll
c:\documents and settings\owner.priyom\protect.dll NOT unregistered.
c:\documents and settings\owner.priyom\protect.dll moved successfully.
File/Folder c:\windows\system32\xxyayVLb.dll not found.
c:\windows\system32\~.exe moved successfully.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\OWNER~1.PRI\LOCALS~1\Temp\etilqs_MnXxckMddNKgTGJ scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\OWNER~1.PRI\LOCALS~1\Temp\nsrbgxod.bak scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat scheduled to be deleted on reboot.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
Java cache emptied.
FireFox cache emptied.
Opera cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 01282009_113833



--------------------New DDS Log------------------------------------------------------------------


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-01-19.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 8/26/2008 4:08:54 PM
System Uptime: 1/28/2009 11:40:00 AM (0 hours ago)

Motherboard: Intel Corporation | | D945GBI
Processor: Intel® Pentium® D CPU 3.00GHz | |

2999/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 293 GiB total, 216.046 GiB free.
D: is FIXED (FAT32) - 5 GiB total, 1.465 GiB free.
E: is CDROM ()
F: is CDROM ()
G: is Removable
H: is Removable
I: is Removable
J: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP123: 1/27/2009 1:35:06 PM - System Checkpoint
RP124: 1/27/2009 1:35:06 PM - Removed iTunes
RP125: 1/27/2009 1:35:06 PM - System Checkpoint
RP126: 1/27/2009 1:35:07 PM - System Checkpoint
RP127: 1/27/2009 1:35:07 PM - Installed Command & Conquer™ Red Alert™ 3
RP128: 1/27/2009 1:35:07 PM - System Checkpoint
RP129: 1/27/2009 1:35:08 PM - Removed Command & Conquer™ Red Alert™ 3
RP130: 1/27/2009 1:35:08 PM - Installed Command & Conquer™ Red Alert™ 3
RP131: 1/27/2009 1:35:08 PM - System Checkpoint
RP132: 1/27/2009 1:35:08 PM - Installed Call of Duty® - World at

War™ Beta
RP133: 1/27/2009 1:35:09 PM - Removed Call of Duty® - World at

War™ Beta
RP134: 1/27/2009 1:35:09 PM - System Checkpoint
RP135: 1/27/2009 1:35:10 PM - Installed Call of Duty® - World at

War™
RP136: 1/27/2009 1:35:10 PM - Installed Call of Duty® - World at

War™
RP137: 1/27/2009 1:35:11 PM - Avg8 Update
RP138: 1/27/2009 1:35:11 PM - System Checkpoint
RP139: 1/27/2009 1:35:12 PM - Software Distribution Service 3.0
RP140: 1/27/2009 1:35:12 PM - Installed Steam
RP141: 1/27/2009 1:35:13 PM - Configured DW6 Demo
RP142: 1/27/2009 1:35:14 PM - Removed Far Cry 2
RP143: 1/27/2009 1:35:14 PM - System Checkpoint
RP144: 1/27/2009 1:35:14 PM - Installed Dynasty Warriors 6
RP145: 1/27/2009 1:35:15 PM - Removed Call of Duty® - World at

War™
RP146: 1/27/2009 1:35:16 PM - System Checkpoint
RP147: 1/27/2009 1:35:16 PM - Restore Operation
RP148: 1/27/2009 1:35:17 PM - System Checkpoint
RP149: 1/27/2009 1:35:18 PM - Installed Star Wars®: Knights of the Old

Republic ™
RP150: 1/27/2009 1:35:19 PM - Removed Star Wars®: Knights of the Old

Republic ™
RP151: 1/27/2009 1:35:19 PM - Removed Command & Conquer™ Red Alert™ 3
RP152: 1/27/2009 1:35:20 PM - Configured Dynasty Warriors 6
RP153: 1/27/2009 1:35:21 PM - System Checkpoint
RP154: 1/27/2009 1:35:22 PM - Installed DirectX
RP155: 1/27/2009 1:35:22 PM - Avg8 Update
RP156: 1/27/2009 1:35:23 PM - System Checkpoint
RP157: 1/27/2009 1:35:24 PM - System Checkpoint
RP158: 1/27/2009 1:35:24 PM - System Checkpoint
RP159: 1/27/2009 1:35:25 PM - System Checkpoint
RP160: 1/27/2009 1:35:26 PM - Installed DirectX
RP161: 1/27/2009 1:35:27 PM - Installed Microsoft Games for Windows -

LIVE Redistributable
RP162: 1/27/2009 1:35:27 PM - Installed %1 %2.
RP163: 1/27/2009 1:35:28 PM - Printer Driver Microsoft XPS Document

Writer Installed
RP164: 1/27/2009 1:35:29 PM - System Checkpoint
RP165: 1/27/2009 1:35:30 PM - System Checkpoint
RP166: 1/27/2009 1:35:30 PM - System Checkpoint
RP167: 1/27/2009 1:35:31 PM - System Checkpoint
RP168: 1/27/2009 1:35:32 PM - System Checkpoint
RP169: 1/27/2009 1:35:32 PM - Software Distribution Service 3.0
RP170: 1/27/2009 1:35:32 PM - Software Distribution Service 3.0
RP171: 1/27/2009 1:35:33 PM - Avg8 Update
RP172: 1/27/2009 1:35:33 PM - System Checkpoint
RP173: 1/27/2009 1:35:33 PM - System Checkpoint
RP174: 1/27/2009 1:35:34 PM - System Checkpoint
RP175: 1/27/2009 1:35:34 PM - Software Distribution Service 3.0
RP176: 1/27/2009 1:35:34 PM - System Checkpoint
RP177: 1/27/2009 1:35:35 PM - Installed DirectX
RP178: 1/27/2009 1:35:35 PM - Installed Rise of the Argonauts
RP179: 1/27/2009 1:35:36 PM - Installed iTunes
RP180: 1/27/2009 1:35:37 PM - Removed Rise of the Argonauts
RP181: 1/27/2009 1:35:38 PM - System Checkpoint
RP182: 1/27/2009 1:35:39 PM - System Checkpoint
RP183: 1/27/2009 1:35:39 PM - Installed SPORE™
RP184: 1/27/2009 1:35:40 PM - System Checkpoint
RP185: 1/27/2009 1:35:40 PM - System Checkpoint
RP186: 1/27/2009 1:35:40 PM - Removed SPORE™
RP187: 1/27/2009 1:35:40 PM - System Checkpoint
RP188: 1/27/2009 1:35:41 PM - System Checkpoint
RP189: 1/27/2009 1:35:41 PM - Installed Ventrilo Client
RP190: 1/27/2009 1:35:41 PM - System Checkpoint
RP191: 1/27/2009 1:35:42 PM - System Checkpoint
RP192: 1/27/2009 1:35:42 PM - System Checkpoint
RP193: 1/27/2009 1:35:42 PM - System Checkpoint
RP194: 1/27/2009 1:35:43 PM - System Checkpoint
RP195: 1/27/2009 1:35:43 PM - Installed DirectX
RP196: 1/27/2009 1:35:45 PM - System Checkpoint
RP197: 1/27/2009 1:35:45 PM - Software Distribution Service 3.0
RP198: 1/27/2009 1:35:47 PM - Software Distribution Service 3.0
RP199: 1/27/2009 1:35:48 PM - System Checkpoint
RP200: 1/27/2009 1:35:48 PM - Installed The Lord of the Rings -

Conquest™
RP201: 1/27/2009 1:35:49 PM - Removed The Lord of the Rings - Conquest™
RP202: 1/27/2009 1:35:50 PM - System Checkpoint
RP203: 1/27/2009 1:35:51 PM - System Checkpoint
RP204: 1/27/2009 1:35:52 PM - System Checkpoint
RP205: 1/27/2009 1:35:53 PM - System Checkpoint
RP206: 1/27/2009 1:35:53 PM - System Checkpoint
RP207: 1/27/2009 1:35:53 PM - Removed Ventrilo Client
RP208: 1/27/2009 1:36:08 PM - Last known good configuration
RP209: 1/27/2009 8:03:12 PM - Avg8 Update
RP210: 1/27/2009 8:04:45 PM - Avg8 Update

==== Installed Programs ======================

µTorrent
2007 Microsoft Office Suite Service Pack 1 (SP1)
Ad-Aware
Add or Remove Adobe Creative Suite 3 Design Premium
Add or Remove Adobe Creative Suite 3 Web Premium
Adobe Acrobat 8 Professional
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe BridgeTalk Plugin CS3
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Creative Suite 3 Design Premium
Adobe Creative Suite 3 Web Premium
Adobe Default Language CS3
Adobe Device Central CS3
Adobe Dreamweaver CS3
Adobe ExtendScript Toolkit 2
Adobe Extension Manager CS3
Adobe Flash CS3
Adobe Flash Player 10 Plugin
Adobe Flash Player 9 ActiveX
Adobe Flash Video Encoder
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Illustrator CS3
Adobe InDesign CS3
Adobe InDesign CS3 Icon Handler
Adobe Linguistics CS3
Adobe MotionPicture Color Files
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Setup
Adobe SING CS3
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WAS CS3
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
AHV content for Acrobat and Flash
AIM 6
Apple Mobile Device Support
Apple Software Update
AVG Free 8.0
Bonjour
Call of Duty® 4 - Modern Warfare™ 1.6 Patch
Call of Duty® 4 - Modern Warfare™ 1.7 Patch
CCleaner (remove only)
Choice Guard
Digital Media Reader
Extensis Suitcase 9.2
FileZilla Client 3.2.0
Google Chrome
High Definition Audio Driver Package - KB835221
HijackThis 1.99.1
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
I-Fluid
Intel Audio Studio
iTunes
J2SE Runtime Environment 5.0 Update 2
Left 4 Dead
McAfee SecurityCenter
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0
Microsoft .NET Framework 3.0
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Games for Windows - LIVE Redistributable
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual J# .NET Redistributable Package 1.1
MobileMe Control Panel
Mozilla Firefox (3.0.5)
MS AntiSpyware 2009
MSVCRT
MSXML 6.0 Parser (KB925673)
Napster Burn Engine
NVIDIA Drivers
NVIDIA Photoshop Plug-ins
NVIDIA PhysX v8.09.04
Octoshape add-in for Adobe Flash Player
OpenAL
Opera 9.60
PDF Settings
PowerISO
QuickTime
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB958439)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 2.0 (KB928365)
Security Update for Microsoft Office Excel 2007 (KB958437)
Security Update for Microsoft Office OneNote 2007 (KB950130)
Security Update for Microsoft Office PowerPoint 2007 (KB951338)
Security Update for Microsoft Office Publisher 2007 (KB950114)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office system 2007 (KB956828)
Security Update for Microsoft Office Word 2007 (KB956358)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 8 (KB960714)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Segoe UI
SigmaTel Audio
Skype™ 3.8
Steam
Team Fortress 2
TortoiseSVN 1.5.3.13783 (32 bit)
Update for Microsoft Office Outlook 2007 (KB952142)
Update for Office 2007 (KB946691)
Update for Outlook 2007 Junk Email Filter (kb959141)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update Rollup 2 for Windows XP Media Center Edition 2005
WebFldrs XP
Windows Communication Foundation
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8 Beta 2
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows Presentation Foundation
Windows Workflow Foundation
Windows XP Media Center Edition 2005 KB890629
Windows XP Media Center Edition 2005 KB890760
Windows XP Media Center Edition 2005 KB895198
Windows XP Media Center Edition 2005 KB895678
Windows XP Media Center Edition 2005 KB925766
Windows XP Service Pack 3
WinRAR archiver
XML Paper Specification Shared Components Pack 1.0
XP Codec Pack

==== Event Viewer Messages From Past Week ========

1/26/2009 2:55:08 PM, error: Service Control Manager [7034] - The

PnkBstrA service terminated unexpectedly. It has done this 1 time(s).
1/26/2009 2:55:22 PM, error: Service Control Manager [7034] - The

McAfee Task Scheduler service terminated unexpectedly. It has done

this 1 time(s).
1/26/2009 6:34:57 PM, error: Cdrom [11] - The driver detected a

controller error on \Device\CdRom0.
1/27/2009 12:02:02 AM, error: SideBySide [32] - Dependent Assembly

Microsoft.VC90.ATL could not be found and Last Error was The referenced

assembly is not installed on your system.
1/27/2009 12:02:02 AM, error: SideBySide [59] - Resolve Partial

Assembly failed for Microsoft.VC90.ATL. Reference error message: The

referenced assembly is not installed on your system. .
1/27/2009 12:02:02 AM, error: SideBySide [59] - Generate Activation

Context failed for C:\Program Files\Lavasoft\Ad-Aware\ShellExt.dll.

Reference error message: The operation completed successfully. .
1/27/2009 10:17:00 PM, error: DCOM [10005] - DCOM got error "%1058"

attempting to start the service wuauserv with arguments "" in order to

run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

==== End Of File ===========================

can you post the other DDS log

Sure

-------------DDS LOG-----------------



DDS (Ver_09-01-19.01) - NTFSx86
Run by Owner at 20:30:49.76 on Tue 01/27/2009
Internet Explorer: 8.0.6001.18241
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1498 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\eHome\ehSched.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Owner.Priyom\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Owner.Priyom\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\Owner.Priyom\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Documents and Settings\Owner.Priyom\Desktop\dds.pif

============== Pseudo HJT Report ===============

uSearch Bar = hxxp://www.google.com/ie
uStart Page = hxxp://www.gateway.com/
uInternet Settings,ProxyOverride = *.local
mSearchAssistant = hxxp://www.google.com/ie
BHO: {01694dee-87ea-4a63-9b23-3535b28f838c} - c:\windows\system32\cbXNDvUn.dll
BHO: {037040d8-1ec9-4234-8830-e4951044e655} - c:\windows\system32\fccyxyXP.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: {6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} - c:\windows\system32\xxyayVLb.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: {58f97ba8-edaf-ff9a-19b4-0ae725ad3699}: {9963da52-7ea0-4b91-a9ff-fade8ab79f85} - c:\windows\system32\jsvusm.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [autochk] rundll32.exe c:\docume~1\networ~1\protect.dll,_IWMPEvents@16
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [SunKistEM] c:\program files\digital media reader\shwiconem.exe
mRun: [nwiz] nwiz.exe /install
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [IntelAudioStudio] "c:\program files\intel audio studio\IntelAudioStudio.exe" BOOT
mRun: [MCUpdateExe] c:\progra~1\mcafee.com\agent\mcupdate.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [autochk] rundll32.exe c:\windows\system32\autochk.dll,_IWMPEvents@16
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRun: [a82dea66] rundll32.exe "c:\windows\system32\vvabagbu.dll",b
StartupFolder: c:\documents and settings\owner.priyom\start menu\programs\startup\ChkDisk.dll
StartupFolder: c:\docume~1\owner~1.pri\startm~1\programs\startup\chkdisk.lnk - c:\windows\system32\rundll32.exe
IE: &AOL Toolbar search - c:\program files\aol toolbar\toolbar.dll/SEARCH.HTML
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: avgrsstarter - avgrsstx.dll
Notify: xxyayVLb - xxyayVLb.dll
AppInit_DLLs: avgrsstx.dll jsvusm.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: {6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} - c:\windows\system32\xxyayVLb.dll
LSA: Authentication Packages = msv1_0 c:\windows\system32\fccyxyXP

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\owner~1.pri\applic~1\mozilla\firefox\profiles\rpbv9rbw.default\
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\owner.priyom\local settings\application data\google\update\1.2.133.33\npGoogleOneClick7.dll
FF - plugin: c:\program files\java\jre1.5.0_02\bin\NPJava11.dll
FF - plugin: c:\program files\java\jre1.5.0_02\bin\NPJava12.dll
FF - plugin: c:\program files\java\jre1.5.0_02\bin\NPJava13.dll
FF - plugin: c:\program files\java\jre1.5.0_02\bin\NPJava14.dll
FF - plugin: c:\program files\java\jre1.5.0_02\bin\NPJava32.dll
FF - plugin: c:\program files\java\jre1.5.0_02\bin\NPJPI150_02.dll
FF - plugin: c:\program files\java\jre1.5.0_02\bin\NPOJI610.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-1-27 64160]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-9-19 325128]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-9-19 27656]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-9-19 107272]
R4 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2008-9-19 875288]
R4 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-9-19 231704]
R4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-1-18 942416]
R4 McDetect.exe;McAfee WSC Integration;c:\program files\mcafee.com\agent\Mcdetect.exe [2008-9-2 126976]
R4 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R4 McTskshd.exe;McAfee Task Scheduler;c:\progra~1\mcafee.com\agent\mctskshd.exe [2008-9-2 122368]
S3 mcupdmgr.exe;McAfee SecurityCenter Update Manager;c:\progra~1\mcafee.com\agent\mcupdmgr.exe [2008-8-26 245760]

=============== Created Last 30 ================

2009-01-27 20:29 <DIR> --d-h--- c:\windows\PIF
2009-01-27 20:09 129,024 a------- c:\windows\system32\jsvusm.dll
2009-01-27 20:09 129,024 a------- c:\windows\system32\mjkbldui.dll
2009-01-27 20:07 1,516,535 ---sh--- c:\windows\system32\ubgabavv.ini
2009-01-27 20:07 72,704 a------- c:\windows\system32\vvabagbu.dll
2009-01-27 20:06 368,209 a--sh--- c:\windows\system32\PXyxyccf.ini2
2009-01-27 20:06 368,209 a--sh--- c:\windows\system32\PXyxyccf.ini
2009-01-27 20:06 315,904 a------- c:\windows\system32\fccyxyXP.dll
2009-01-27 19:57 <DIR> --d----- C:\_OTMoveIt
2009-01-27 13:36 1,516,535 a--sh--- c:\windows\system32\jnurcdgn.ini
2009-01-27 13:36 72,704 -------- c:\windows\system32\ngdcrunj.dll
2009-01-27 13:36 129,024 a------- c:\windows\system32\tjumdwqe.dll
2009-01-27 13:36 129,024 a------- c:\windows\system32\exdwxt.dll
2009-01-27 13:31 <DIR> --d----- C:\Rooter$
2009-01-27 13:30 48,128 a------- c:\windows\system32\hgGaaWQI.dll
2009-01-27 01:08 15,688 a------- c:\windows\system32\lsdelete.exe
2009-01-27 00:01 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-01-27 00:00 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-01-27 00:00 <DIR> --d----- c:\program files\Lavasoft
2009-01-26 01:37 21,504 a--sh--- c:\windows\system32\autochk.dll
2009-01-26 01:37 21,504 a--sh--- c:\documents and settings\owner.priyom\protect.dll
2009-01-26 01:37 36,352 a------- c:\windows\system32\xxyayVLb.dll
2009-01-26 01:37 20,480 a------- c:\windows\system32\~.exe
2009-01-17 16:55 <DIR> --d----- c:\program files\Uplink Demo
2009-01-16 21:45 <DIR> --d----- c:\program files\Saints Row 2
2009-01-05 16:29 <DIR> --d----- c:\docume~1\owner~1.pri\applic~1\GlarySoft

==================== Find3M ====================

2009-01-27 20:04 325,128 a------- c:\windows\system32\drivers\avgldx86.sys
2009-01-27 20:04 10,520 a------- c:\windows\system32\avgrsstx.dll
2009-01-27 20:04 107,272 a------- c:\windows\system32\drivers\avgtdix.sys
2008-12-25 15:30 413,696 a------- c:\windows\system32\wrap_oal.dll
2008-12-25 15:30 110,592 a------- c:\windows\system32\OpenAL32.dll
2008-12-11 05:57 333,952 a------- c:\windows\system32\drivers\srv.sys
2008-12-02 22:37 49,480 a------- c:\windows\system32\sirenacm.dll
2008-09-28 06:19 1,066 a------- c:\program files\INSTALL.LOG
2008-09-03 15:13 22,328 a------- c:\docume~1\owner~1.pri\applic~1\PnkBstrK.sys
2003-12-18 10:33 20,102 a------- c:\program files\Readme.txt
2003-09-03 06:46 10,960 a------- c:\program files\EULA.txt
2008-08-28 18:37 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008082820080829\index.dat

============= FINISH: 20:32:01.53 ===============

hello

Please download ATF Cleaner by Atribune.

Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

If you use Firefox browser

Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.




Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.






Go to Kaspersky website and perform an online antivirus scan.

1. Read through the requirements and privacy statement and click on Accept button.
2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
3. When the downloads have finished, click on Settings.
4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
   Spyware, Adware, Dialers, and other potentially dangerous programs
   Archives
   Mail databases
5. Click on My Computer under Scan.
6. Once the scan is complete, it will display the results. Click on View Scan Report.
7. You will see a list of infected items there. Click on Save Report As....
8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.

MBAM Logs

Malwarebytes' Anti-Malware 1.33
Database version: 1708
Windows 5.1.2600 Service Pack 3

1/30/2009 8:46:27 AM
mbam-log-2009-01-30 (08-46-27).txt

Scan type: Quick Scan
Objects scanned: 59258
Time elapsed: 3 minute(s), 48 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 14
Registry Values Infected: 4
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\xxyayvlb (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9963da52-7ea0-4b91-a9ff-fade8ab79f85} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9963da52-7ea0-4b91-a9ff-fade8ab79f85} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ms antispyware 2009 5.7 (Rogue.MSAntiSpyware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\a82dea66 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\autochk (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\autochk (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\xxyayVLb.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jsvusm.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\autochk.dll (Trojan.Agent) -> Delete on reboot.
C:\Documents and Settings\Owner.Priyom\protect.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner.Priyom\Start Menu\Programs\Startup\ChkDisk.lnk (Trojan.FakeAlert) -> Quarantined and deleted successfully.




-------------------------------------kaspersky scan result-----------------------------------------

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Friday, January 30, 2009
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Friday, January 30, 2009 13:16:40
Records in database: 1728476
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\

Scan statistics:
Files scanned: 172957
Threat name: 2
Infected objects: 2
Suspicious objects: 0
Duration of the scan: 02:47:52


File name / Threat name / Threats count
C:\_OTMoveIt\MovedFiles\01272009_195714\DOCUME~1\ALLUSE~1\APPLIC~1\CrucialSoft Ltd\MS AntiSpyware 2009\msas2009.exe.vir Infected: not-a-virus:FraudTool.Win32.MSAntispyware2009.j 1
D:\i386\Apps\App13914\comps\toolbar\toolbr.exe Infected: not-a-virus:AdWare.Win32.SearchIt.t 1

The selected area was scanned.

btw the last step solved the google redirect problem, so many many thanks!

However I see kaspersky detected 2 problems. Please help me remove them permanently.

Thanks for all your patient.

hello

Please download the OTMoveIt3 by OldTimer

• Save it to your desktop.
• Please double-click OTMoveIt3.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
• Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  
  CODE
  :Processes
  explorer.exe
  
  :Services
  
  :Reg
  
  :Files
  D:\i386\Apps\App13914\comps\toolbar\toolbr.exe
  
  
  :Commands
  [purity]
  [emptytemp]
  [start explorer]
  [Reboot]
  
  
• Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  
• Click the red Moveit! button.
• Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
• Close OTMoveIt3

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.



Also post a new DDS log

---------MoveIT log------------
========== PROCESSES ==========
Process explorer.exe killed successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
D:\i386\Apps\App13914\comps\toolbar\toolbr.exe moved successfully.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\OWNER~1.PRI\LOCALS~1\Temp\etilqs_buE7eBBXfa2EDol scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\OWNER~1.PRI\LOCALS~1\Temp\etilqs_g9cGiZk2ogv4TA2 scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat scheduled to be deleted on reboot.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
Java cache emptied.
FireFox cache emptied.
Opera cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 02012009_171845

Files moved on Reboot...
File C:\DOCUME~1\OWNER~1.PRI\LOCALS~1\Temp\etilqs_buE7eBBXfa2EDol not found!
File C:\DOCUME~1\OWNER~1.PRI\LOCALS~1\Temp\etilqs_g9cGiZk2ogv4TA2 not found!
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat scheduled to be moved on reboot.


------------DDS LOG------------------


DDS (Ver_09-01-19.01) - NTFSx86
Run by Owner at 17:23:24.14 on Sun 02/01/2009
Internet Explorer: 8.0.6001.18241
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1538 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\ctfmon.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Documents and Settings\Owner.Priyom\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Owner.Priyom\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Owner.Priyom\Desktop\dds.pif

============== Pseudo HJT Report ===============

uSearch Bar = hxxp://www.google.com/ie
uStart Page = hxxp://www.gateway.com/
uInternet Settings,ProxyOverride = *.local
mSearchAssistant = hxxp://www.google.com/ie
BHO: {01694dee-87ea-4a63-9b23-3535b28f838c} - c:\windows\system32\cbXNDvUn.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {1811d9ab-5cb6-4dff-8476-1ee6d1108341} - c:\windows\system32\fccyxyXP.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [SunKistEM] c:\program files\digital media reader\shwiconem.exe
mRun: [nwiz] nwiz.exe /install
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [IntelAudioStudio] "c:\program files\intel audio studio\IntelAudioStudio.exe" BOOT
mRun: [MCUpdateExe] c:\progra~1\mcafee.com\agent\mcupdate.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
StartupFolder: c:\documents and settings\owner.priyom\start menu\programs\startup\ChkDisk.dll
IE: &AOL Toolbar search - c:\program files\aol toolbar\toolbar.dll/SEARCH.HTML
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: avgrsstarter - avgrsstx.dll
AppInit_DLLs: avgrsstx.dll jsvusm.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Authentication Packages = msv1_0 c:\windows\system32\fccyxyXP

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\owner~1.pri\applic~1\mozilla\firefox\profiles\rpbv9rbw.default\
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\owner.priyom\local settings\application data\google\update\1.2.133.33\npGoogleOneClick7.dll
FF - plugin: c:\program files\java\jre1.5.0_02\bin\NPJava11.dll
FF - plugin: c:\program files\java\jre1.5.0_02\bin\NPJava12.dll
FF - plugin: c:\program files\java\jre1.5.0_02\bin\NPJava13.dll
FF - plugin: c:\program files\java\jre1.5.0_02\bin\NPJava14.dll
FF - plugin: c:\program files\java\jre1.5.0_02\bin\NPJava32.dll
FF - plugin: c:\program files\java\jre1.5.0_02\bin\NPJPI150_02.dll
FF - plugin: c:\program files\java\jre1.5.0_02\bin\NPOJI610.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-1-27 64160]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-9-19 325128]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-9-19 27656]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-9-19 107272]
R4 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2008-9-19 903960]
R4 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-9-19 298264]
R4 McDetect.exe;McAfee WSC Integration;c:\program files\mcafee.com\agent\Mcdetect.exe [2008-9-2 126976]
R4 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R4 McTskshd.exe;McAfee Task Scheduler;c:\progra~1\mcafee.com\agent\mctskshd.exe [2008-9-2 122368]
S3 mcupdmgr.exe;McAfee SecurityCenter Update Manager;c:\progra~1\mcafee.com\agent\mcupdmgr.exe [2008-8-26 245760]
S4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-1-18 942416]

=============== Created Last 30 ================

2009-01-30 08:42 <DIR> --d----- c:\docume~1\owner~1.pri\applic~1\Malwarebytes
2009-01-30 08:42 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-01-30 08:42 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-30 08:41 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-01-30 08:41 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-01-27 20:29 <DIR> --d-h--- c:\windows\PIF
2009-01-27 19:57 <DIR> --d----- C:\_OTMoveIt
2009-01-27 13:31 <DIR> --d----- C:\Rooter$
2009-01-27 01:08 15,688 a------- c:\windows\system32\lsdelete.exe
2009-01-27 00:01 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-01-27 00:00 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-01-27 00:00 <DIR> --d----- c:\program files\Lavasoft
2009-01-17 16:55 <DIR> --d----- c:\program files\Uplink Demo
2009-01-16 21:45 <DIR> --d----- c:\program files\Saints Row 2
2009-01-05 16:29 <DIR> --d----- c:\docume~1\owner~1.pri\applic~1\GlarySoft

==================== Find3M ====================

2009-01-27 20:04 325,128 a------- c:\windows\system32\drivers\avgldx86.sys
2009-01-27 20:04 10,520 a------- c:\windows\system32\avgrsstx.dll
2009-01-27 20:04 107,272 a------- c:\windows\system32\drivers\avgtdix.sys
2008-12-25 15:30 413,696 a------- c:\windows\system32\wrap_oal.dll
2008-12-25 15:30 110,592 a------- c:\windows\system32\OpenAL32.dll
2008-12-11 05:57 333,952 a------- c:\windows\system32\drivers\srv.sys
2008-12-02 22:37 49,480 a------- c:\windows\system32\sirenacm.dll
2008-09-28 06:19 1,066 a------- c:\program files\INSTALL.LOG
2008-09-03 15:13 22,328 a------- c:\docume~1\owner~1.pri\applic~1\PnkBstrK.sys
2003-12-18 10:33 20,102 a------- c:\program files\Readme.txt
2003-09-03 06:46 10,960 a------- c:\program files\EULA.txt
2008-08-28 18:37 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008082820080829\index.dat

============= FINISH: 17:24:00.75 ===============

hello

Please download the OTMoveIt3 by OldTimer

• Save it to your desktop.
• Please double-click OTMoveIt3.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
• Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  
  CODE
  :Processes
  explorer.exe
  
  :Services
  
  :Reg
  [HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa]
  "Authentication Packages"=hex(7):6d,00,73,00,76,00,31,00,5f,00,30,00,00,00,00,\
  00
  :Files
  
  :Commands
  [purity]
  [emptytemp]
  [start explorer]
  [Reboot]
  
  
• Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  
• Click the red Moveit! button.
• Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
• Close OTMoveIt3

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.



Also post a new HJT log

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\\"Authentication Packages"|hex(7):6d,00,73,00,76,00,31,00,5f,00,30,00,00,00,00,00 /E : value set successfully!
========== FILES ==========
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\OWNER~1.PRI\LOCALS~1\Temp\etilqs_ZY1BVxWE9P2BAkq scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat scheduled to be deleted on reboot.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
Java cache emptied.
FireFox cache emptied.
Opera cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 02032009_071330

Files moved on Reboot...
File C:\DOCUME~1\OWNER~1.PRI\LOCALS~1\Temp\etilqs_ZY1BVxWE9P2BAkq not found!
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat scheduled to be moved on reboot.

post a new HJT Log

Logfile of HijackThis v1.99.1
Scan saved at 11:37:47 AM, on 2/3/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18241)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Documents and Settings\Owner.Priyom\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Documents and Settings\Owner.Priyom\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Owner.Priyom\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
c:\Program Files\Microsoft Games for Windows - LIVE\Client\GFWLClient.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Owner.Priyom\Desktop\hijackthis_sfx.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {01694DEE-87EA-4A63-9B23-3535B28F838C} - C:\WINDOWS\system32\cbXNDvUn.dll (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1811D9AB-5CB6-4DFF-8476-1EE6D1108341} - C:\WINDOWS\system32\fccyxyXP.dll (file missing)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [IntelAudioStudio] "C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" BOOT
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: ChkDisk.dll
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: jsvusm.dll
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

fix these with HJT

O2 - BHO: (no name) - {1811D9AB-5CB6-4DFF-8476-1EE6D1108341} - C:\WINDOWS\system32\fccyxyXP.dll (file missing)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O20 - AppInit_DLLs: jsvusm.dll


Reboot and post a new HJT Log

Logfile of HijackThis v1.99.1
Scan saved at 3:05:25 PM, on 2/4/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18241)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\eHome\ehSched.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {01694DEE-87EA-4A63-9B23-3535B28F838C} - C:\WINDOWS\system32\cbXNDvUn.dll (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [IntelAudioStudio] "C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" BOOT
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: ChkDisk.dll
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

hello

hello

• Download OTListIt2 to your desktop.
• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• When the window appears, underneath Output at the top change it to Minimal Output.
• Under the Standard Registry box change it to All.
• Check the boxes beside LOP Check and Purity Check.
• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
  • When the scan completes, it will open two notepad windows. OTListIt.Txt and Extras.Txt. These are saved in the same location as OTListIt2.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.