Hi there, I have a problem with my laptop. It seems to have numerous pos*.tmp files in my C:. Aside from that there are also some suspicious "system" popups that asks me to do something about my pc to make it less buggy or whatnot. It would prompt me to a webpage to download stuff (obviously, i did not download any of them, i have enough problems as it is)

i read the other post of similar nature and i have disabled all real time protection, and I have ran Vundo and deleted some of the issues.

I have ran hi jack and combo fix, but as per forum rules, i'll post them if needed. Thanks in advance.

Go to the this link:

Disable Realtime Protection

Follow their directions to disable any realtime protection that you have as it will interfere with the fix by reinstalling the corrupt files.

Please download Atribune's VundoFix.exe from the following site to your desktop:

Vundofix.exe

Double-click VundoFix.exe to run it.

Click the Scan for Vundo button.

Once it's done scanning, click the Remove Vundo button.

You will receive a prompt asking if you want to remove the files,
click "yes".

Once you click yes, your desktop will go blank as it starts removing
Vundo.

When completed, it will prompt that it will reboot your computer,
click "ok".

Please download and install the latest version of HijackThis v2.0.2:

Download the "HijackThis" Installer from this link:
Hijack This

1. Save " HJTInstall.exe" to your desktop.
2. Double click on HJTInstall.exe to run the program.
3. By default it will install to C:\Program Files\Trend Micro\HijackThis.
4. Accept the license agreement by clicking the "I Accept" button.
5.Click on the "Do a system scan and save a log file" button. It will scan and then ask you to save the log.
6. Click "Save log" to save the log file and then the log will open in Notepad.
7. Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
8. Paste the log in your next reply.
9. Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.

Please download ComboFix to the desktop from one of the following links:

Link1

Link 2

Link 3

Double-click combofix.exe
Follow the prompts.
(Don't click on the window while the program is running, it may cause your system to hang.)
Please post the log it produces.

Thanks for the quick response. I have completed the tasks as suggested and the system seems to be running more smoothly.

The popups has ceased and the tmps are gone now. However to be on the safeside i will post the the logs:

HiJackThis Log
---------------->
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:55:11 PM, on 2/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe
C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
C:\Program Files\Palm\Hotsync.exe
C:\Program Files\SPACE INTERNATIONAL\CDSpace 5\LCDPlyer.exe
C:\Program Files\SPACE INTERNATIONAL\CDSpace 5\CDSLicenseMng.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Jabberock\Desktop\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {161B206C-1B50-40CF-8C0F-F48F042AFCAF} - C:\Program Files\Messenger\moxegur89104.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {945203D2-249C-4576-BD86-9EC8EE4414B4} - C:\WINDOWS\system32\efedc.dll (file missing)
O2 - BHO: {3967dc9d-ffd7-1329-4754-ea1974dfb3dd} - {dd3bfd47-91ae-4574-9231-7dffd9cd7693} - C:\WINDOWS\system32\ogigffbw.dll (file missing)
O2 - BHO: (no name) - {E180F496-8A4B-44E2-9FE0-0364E345DB7F} - C:\WINDOWS\system32\opnolif.dll
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Warn logo] C:\DOCUME~1\JABBER~1\APPLIC~1\ABOUTI~1\Grimokay.exe
O4 - HKCU\..\Policies\Explorer\Run: [{CCCCBF19-05D7-1041-0928-040408030002}] "C:\Program Files\Common Files\{CCCCBF19-05D7-1041-0928-040408030002}\Update.exe" mc-110-12-0002239
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [{CCCCBF19-05D7-1041-0928-040408030001}] "C:\Program Files\Common Files\{CCCCBF19-05D7-1041-0928-040408030001}\Update.exe" mc-110-12-0002239 (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [{CCCCBF19-0256-1041-0928-040408030001}] "C:\Program Files\Common Files\{CCCCBF19-0256-1041-0928-040408030001}\Update.exe" mc-110-12-0002239 (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [{CCCCBF19-05D7-1033-0928-040408030001}] "C:\Program Files\Common Files\{CCCCBF19-05D7-1033-0928-040408030001}\Update.exe" mc-110-12-0002239 (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [{CCCCBF19-0256-1033-0928-040408030001}] "C:\Program Files\Common Files\{CCCCBF19-0256-1033-0928-040408030001}\Update.exe" mc-110-12-0002239 (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [{CCCCBF19-05D6-1033-0928-040408030001}] "C:\Program Files\Common Files\{CCCCBF19-05D6-1033-0928-040408030001}\Update.exe" mc-110-12-0002239 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [{CCCCBF19-05D7-1041-0928-040408030001}] "C:\Program Files\Common Files\{CCCCBF19-05D7-1041-0928-040408030001}\Update.exe" mc-110-12-0002239 (User 'Default user')
O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\Palm\Hotsync.exe
O4 - Global Startup: LCDPlayer.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binar...
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-CA...
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binar...
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.c...
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gam...
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binar...
O17 - HKLM\System\CCS\Services\Tcpip\..\{30C7FABA-ABB7-4845-A6C3-66F5617CDF99}: NameServer = 208.67.222.222,208.67.220.220
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Client IP-IPX - Unknown owner - C:\WINDOWS\system32\svchosts.exe (file missing)
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iolo DMV Service (ioloDMV) - Unknown owner - C:\Program Files\iolo\Common\Lib\ioloDMVSvc.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

--
End of file - 8736 bytes

ComboFix Log
------------------>
ComboFix 08-02-13.2 - Jabberock 2008-02-12 19:15:02.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.753 [GMT -5:00]
Running from: C:\Documents and Settings\Jabberock\Desktop\ComboFix.exe
* Created a new restore point

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\dhearkbf.dll
C:\Documents and Settings\Jabberock\Application Data\macromedia\Flash Player\#SharedObjects\JK227U82\www.broadcaster.com
C:\Documents and Settings\Jabberock\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\Documents and Settings\Jabberock\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
C:\Documents and Settings\LocalService\Application Data\NetMon
C:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt
C:\Documents and Settings\LocalService\Application Data\NetMon\log.txt
C:\Program Files\Common Files\{3CCCB~1
C:\Program Files\Common Files\{C0DFC~1
C:\Program Files\Common Files\{C9BFF~1
C:\Program Files\Common Files\{CCCCB~1
C:\Program Files\Common Files\{CCCCB~2
C:\Program Files\Common Files\{CCCCB~3
C:\Program Files\Common Files\{CCCCB~4
C:\Program Files\Common Files\sstem3~1
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\Temp\isgTi19
C:\Temp\isgTi19\lPig.log
C:\WINDOWS\mrofinu1000106.exe
C:\WINDOWS\mrofinu572.exe
C:\WINDOWS\NDNuninstall7_48.exe
C:\WINDOWS\system32\bjkwhnbl.ini
C:\WINDOWS\system32\dhearkbf.dll
C:\WINDOWS\system32\dhearkbf.dllbox
C:\WINDOWS\system32\dsikouwd.dll
C:\WINDOWS\system32\dwuokisd.ini
C:\WINDOWS\system32\fikkj.ini
C:\WINDOWS\system32\fikkj.ini2
C:\WINDOWS\system32\jkkif.dll
C:\WINDOWS\system32\mdvkyerm.dll
C:\WINDOWS\system32\nGpxx01
C:\WINDOWS\system32\nGpxx01\nGpxx011065.exe
C:\WINDOWS\system32\opnolif.dll
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\ssqaoyls.dll
C:\WINDOWS\system32\windows
C:\WINDOWS\uninstall_nmon.vbs

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_CLIENT_IP-IPX
-------\LEGACY_CMDSERVICE
-------\LEGACY_NETWORK_MONITOR
-------\Client IP-IPX

((((((((((((((((((((((((( Files Created from 2008-01-13 to 2008-02-13 )))))))))))))))))))))))))))))))
.

2008-02-12 18:11 . 2008-02-12 18:48 <DIR> d-------- C:\VundoFix Backups
2008-02-12 16:25 . 2008-02-12 16:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-12 16:23 . 2008-02-12 16:23 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-12 14:27 . 2008-02-12 16:37 <DIR> d-------- C:\WINDOWS\system32\ver2
2008-02-12 14:27 . 2008-02-12 14:27 <DIR> d-------- C:\WINDOWS\system32\jap8
2008-02-12 14:27 . 2008-02-12 14:27 <DIR> d-------- C:\WINDOWS\system32\hlp6
2008-02-09 03:36 . 2008-02-09 03:36 <DIR> d-------- C:\Program Files\uTorrent
2008-02-09 03:35 . 2008-02-12 16:19 <DIR> d-------- C:\Documents and Settings\Jabberock\Application Data\uTorrent
2008-02-08 09:43 . 2008-02-12 14:39 <DIR> d-------- C:\Program Files\Azureus

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-12 21:25 --------- d-----w C:\Program Files\Lavasoft
2008-02-12 19:39 --------- d-----w C:\Program Files\BitComet
2008-02-09 09:19 --------- d-----w C:\Documents and Settings\Jabberock\Application Data\Azureus
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{161B206C-1B50-40CF-8C0F-F48F042AFCAF}]
2008-02-07 20:07 217088 --a------ C:\Program Files\Messenger\moxegur89104.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{945203D2-249C-4576-BD86-9EC8EE4414B4}]
C:\WINDOWS\system32\efedc.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24 1694208]
"PopUpStopperFreeEdition"="C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe" [2005-03-17 11:10 536576]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54 5674352]
"Warn logo"="C:\DOCUME~1\JABBER~1\APPLIC~1\ABOUTI~1\Grimokay.exe" [ ]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
DataViz Inc Messenger.lnk - C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe [2006-10-16 07:04:59 28672]
HOTSYNCSHORTCUTNAME.lnk - C:\Program Files\Palm\Hotsync.exe [2004-06-09 13:27:34 471040]
LCDPlayer.lnk - C:\Program Files\SPACE INTERNATIONAL\CDSpace 5\LCDPlyer.exe [2006-05-04 01:25:40 323584]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2006-03-15 22:25:07 450560]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]
"{CCCCBF19-05D7-1041-0928-040408030002}"= "C:\Program Files\Common Files\{CCCCBF19-05D7-1041-0928-040408030002}\Update.exe" mc-110-12-0002239

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer\run]
"{CCCCBF19-05D7-1041-0928-040408030001}"= "C:\Program Files\Common Files\{CCCCBF19-05D7-1041-0928-040408030001}\Update.exe" mc-110-12-0002239
"{CCCCBF19-0256-1041-0928-040408030001}"= "C:\Program Files\Common Files\{CCCCBF19-0256-1041-0928-040408030001}\Update.exe" mc-110-12-0002239
"{CCCCBF19-05D7-1033-0928-040408030001}"= "C:\Program Files\Common Files\{CCCCBF19-05D7-1033-0928-040408030001}\Update.exe" mc-110-12-0002239
"{CCCCBF19-0256-1033-0928-040408030001}"= "C:\Program Files\Common Files\{CCCCBF19-0256-1033-0928-040408030001}\Update.exe" mc-110-12-0002239
"{CCCCBF19-05D6-1033-0928-040408030001}"= "C:\Program Files\Common Files\{CCCCBF19-05D6-1033-0928-040408030001}\Update.exe" mc-110-12-0002239

R1 XSPACEWG;XSPACEWG;C:\WINDOWS\system32\drivers\XSpaceWg.sys [2003-05-20 16:26]
R3 cdspacex;cdspacex;C:\WINDOWS\system32\DRIVERS\CDSPACEX.sys [2003-07-31 13:13]
R3 SPI;Sony Programmable I/O Control Device;C:\WINDOWS\system32\DRIVERS\SonyPI.sys [2001-08-17 07:51]
R3 TwoRabts;Two Rabbits Live Bus;C:\WINDOWS\system32\DRIVERS\TwoRabts.sys [2003-04-23 14:39]
S3 npkycryp;npkycryp;d:\Program Files\Gravity\RO\npkycryp.sys []
S3 PhilCam8116;Logitech QuickCam Pro 3000(PID_08B0);C:\WINDOWS\system32\DRIVERS\CamDrL21.sys [2004-02-14 06:09]

*Newly Created Service* - ENTDRV51
.
Contents of the 'Scheduled Tasks' folder
"2008-02-13 00:00:00 C:\WINDOWS\Tasks\AED68F0B918101BF.job"
- c:\docume~1\jabber~1\applic~1\abouti~1\Body that junk.exe
"2008-02-08 13:31:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-12 19:32:18
Windows 5.1.2600 Service Pack 2 NTFS

detected NTDLL code modification:
ZwQuerySystemInformation

scanning hidden processes ...

C:\Program Files\iolo\Common\Lib\ioloDMVSvc.exe [368]

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
r Running Proce
.
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe
C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\SPACE INTERNATIONAL\CDSpace 5\CDSLicenseMng.exe
.
**************************************************************************
.
Completion time: 2008-02-12 19:35:47 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-13 00:35:42
.
2008-01-24 08:05:53 --- E O F ---

Go to start> control panel> administrative tools> services> scroll down to "Client IP-IPX " and double click it> click the blue drop down arrow on the far right of "startup type"> select "disable"> click apply> ok.

Download Deljob.exe from the following link and save it on your desktop.

http://home.hetnet.nl/~stefsmeenk/deljob.exe

Doubleclick Deljob.exe.
A log, (logit.txt) should open afterwards. This log will be present on your desktop. Post the that log in your next post please.

Open Notepad and copy/paste everything between the X"s into it and make sure "File::" is at the very top of the page.
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
File::
C:\WINDOWS\system32\opnolif.dll
C:\Program Files\Messenger\moxegur89104.dll
C:\WINDOWS\system32\efedc.dll

Driver::
Folder::
C:\WINDOWS\system32\ver2
C:\WINDOWS\system32\jap8
C:\WINDOWS\system32\hlp6

Registry::
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]
"{CCCCBF19-05D7-1041-0928-040408030002}"=-
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer\run]
"{CCCCBF19-05D7-1041-0928-040408030001}"=-
"{CCCCBF19-0256-1041-0928-040408030001}"=- "{CCCCBF19-05D7-1033-0928-040408030001}"=- "{CCCCBF19-0256-1033-0928-040408030001}"=- "{CCCCBF19-05D6-1033-0928-040408030001}"=-
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{161B206C-1B50-40CF-8C0F-F48F042AFCAF}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{945203D2-249C-4576-BD86-9EC8EE4414B4}]

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Go to File on the top bar and choose" Save As", Change the "Save As Type" to All Files, Name it CFScript.txt then save it to your desktop.
Then drag/drop the CFScript.txt onto ComboFix.exe (the red X on your desktop) if combofix does not auto start click "run".

Post a new Combofix log and a new Hijack This log.

Did you install this and do you know what it is Warn logo.

Thanks alot for yet another quick response!!

First of all, I cannot locate "Client-IP-IPX" in my service section.

However I continued to the other steps and here are the logs:

Deljob log
------->

Backups created in C:\deljob

AED68F0B918101BF.job

Files in Windows Tasks folder

AppleSoftwareUpdate.job

Export App Data folders

Volume in drive C has no label.
Volume Serial Number is CCCC-BF19

Directory of C:\Documents and Settings\Jabberock\Application Data

02/12/2008 03:49 PM <DIR> .
02/12/2008 03:49 PM <DIR> ..
08/09/2006 12:37 AM <DIR> 3M
08/03/2007 10:10 PM <DIR> ABOUTI~1 about itch
10/15/2006 09:18 PM <DIR> Adobe
04/06/2006 12:26 AM <DIR> AdobeUM
06/13/2006 09:15 PM <DIR> Ahead
12/26/2006 02:00 AM <DIR> APPLEC~1 Apple Computer
02/09/2008 04:19 AM <DIR> Azureus
07/19/2007 03:17 AM <DIR> Creative
06/11/2007 01:06 AM <DIR> DivX
03/15/2006 10:27 PM <DIR> FotoWire
04/19/2006 12:08 AM <DIR> Help
10/16/2006 07:00 AM <DIR> HotSync
03/10/2006 09:58 AM <DIR> IDENTI~1 Identities
12/31/2006 04:36 AM <DIR> iolo
03/13/2006 09:36 PM <DIR> Lavasoft
10/16/2006 07:08 AM <DIR> LEADER~1 Leadertech
03/10/2006 10:16 AM <DIR> MACROM~1 Macromedia
03/10/2006 10:15 AM <DIR> MEDIAP~1 Media Player Classic
04/23/2007 07:52 AM <DIR> MICROS~1 Microsoft
03/10/2006 10:08 AM <DIR> Mozilla
04/09/2007 08:20 AM <DIR> MySQL
03/12/2006 09:14 PM <DIR> NJStar
04/08/2007 05:32 PM <DIR> Real
02/17/2007 05:26 AM <DIR> SECOND~1 SecondLife
01/30/2007 12:21 PM <DIR> SMARTD~1 SmartDraw
08/13/2006 10:35 PM <DIR> SONYCO~1 Sony Corporation
04/11/2006 08:23 AM <DIR> SSH
03/18/2006 12:34 PM <DIR> Sun
03/10/2006 10:08 AM <DIR> Talkback
08/04/2006 02:05 AM <DIR> Tenebril
02/12/2008 10:16 PM <DIR> uTorrent
0 File(s) 0 bytes
33 Dir(s) 753,139,712 bytes free
Volume in drive C has no label.
Volume Serial Number is CCCC-BF19

Directory of C:\Documents and Settings\All Users\Application Data

02/12/2008 04:25 PM <DIR> .
02/12/2008 04:25 PM <DIR> ..
06/04/2006 03:23 AM <DIR> Adobe
02/06/2007 11:34 PM <DIR> APPLEC~1 Apple Computer
08/05/2007 01:02 AM <DIR> Azureus
10/16/2006 07:04 AM <DIR> DataViz
11/25/2007 08:38 PM <DIR> DVDSHR~1 DVD Shrink
06/14/2007 02:33 AM <DIR> HAGELT~1 Hagel Technologies
10/16/2006 07:03 AM <DIR> HotSync
12/30/2006 06:15 AM <DIR> iolo
02/12/2008 04:27 PM <DIR> Lavasoft
03/30/2007 12:24 PM <DIR> MICROS~1 Microsoft
03/30/2007 12:40 PM <DIR> MICROS~2 Microsoft Help
03/17/2006 08:01 PM <DIR> NETWOR~1 Network Associates
09/27/2007 08:00 PM <DIR> OFFICE~1 Office Genuine Advantage
05/25/2007 10:45 PM <DIR> PCDRIV~1 PC Drivers Headquarters
03/13/2006 01:39 AM <DIR> Real
08/13/2006 10:23 PM <DIR> SONYCO~1 Sony Corporation
06/13/2007 10:11 PM <DIR> THISEX~1 this exit online dumb
09/27/2007 08:00 PM <DIR> WINDOW~1 Windows Genuine Advantage
0 File(s) 0 bytes
20 Dir(s) 753,135,616 bytes free

All User Accounts

Administrator
All Users
Jabberock

ComboFix Log
------------->
ComboFix 08-02-13.2 - Jabberock 2008-02-12 22:29:15.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.734 [GMT -5:00]
Running from: C:\Documents and Settings\Jabberock\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Jabberock\Desktop\CFScript.txt
* Created a new restore point

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]

FILE
C:\Program Files\Messenger\moxegur89104.dll
C:\WINDOWS\system32\efedc.dll
C:\WINDOWS\system32\opnolif.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\Messenger\moxegur89104.dll
C:\WINDOWS\system32\hlp6
C:\WINDOWS\system32\hlp6\liopud89104.exe
C:\WINDOWS\system32\jap8
C:\WINDOWS\system32\jap8\hiba3133.exe
C:\WINDOWS\system32\ver2

.
((((((((((((((((((((((((( Files Created from 2008-01-13 to 2008-02-13 )))))))))))))))))))))))))))))))
.

2008-02-12 22:16 . 2008-02-12 22:16 <DIR> d-------- C:\deljob
2008-02-12 21:52 . 2008-02-12 21:52 <DIR> d-------- C:\WINDOWS\LastGood
2008-02-12 18:11 . 2008-02-12 18:48 <DIR> d-------- C:\VundoFix Backups
2008-02-12 16:25 . 2008-02-12 16:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-12 16:23 . 2008-02-12 16:23 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-09 03:36 . 2008-02-09 03:36 <DIR> d-------- C:\Program Files\uTorrent
2008-02-09 03:35 . 2008-02-12 22:33 <DIR> d-------- C:\Documents and Settings\Jabberock\Application Data\uTorrent

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-12 21:25 --------- d-----w C:\Program Files\Lavasoft
2008-02-09 09:19 --------- d-----w C:\Documents and Settings\Jabberock\Application Data\Azureus
2007-12-14 16:32 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24 1694208]
"PopUpStopperFreeEdition"="C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe" [2005-03-17 11:10 536576]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54 5674352]
"Warn logo"="C:\DOCUME~1\JABBER~1\APPLIC~1\ABOUTI~1\Grimokay.exe" [ ]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
DataViz Inc Messenger.lnk - C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe [2006-10-16 07:04:59 28672]
HOTSYNCSHORTCUTNAME.lnk - C:\Program Files\Palm\Hotsync.exe [2004-06-09 13:27:34 471040]
LCDPlayer.lnk - C:\Program Files\SPACE INTERNATIONAL\CDSpace 5\LCDPlyer.exe [2006-05-04 01:25:40 323584]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2006-03-15 22:25:07 450560]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer\run]
"{CCCCBF19-0256-1041-0928-040408030001}"= "C:\Program Files\Common Files\{CCCCBF19-0256-1041-0928-040408030001}\Update.exe" mc-110-12-0002239
"{CCCCBF19-05D7-1033-0928-040408030001}"= "C:\Program Files\Common Files\{CCCCBF19-05D7-1033-0928-040408030001}\Update.exe" mc-110-12-0002239
"{CCCCBF19-0256-1033-0928-040408030001}"= "C:\Program Files\Common Files\{CCCCBF19-0256-1033-0928-040408030001}\Update.exe" mc-110-12-0002239
"{CCCCBF19-05D6-1033-0928-040408030001}"= "C:\Program Files\Common Files\{CCCCBF19-05D6-1033-0928-040408030001}\Update.exe" mc-110-12-0002239

R1 XSPACEWG;XSPACEWG;C:\WINDOWS\system32\drivers\XSpaceWg.sys [2003-05-20 16:26]
R3 cdspacex;cdspacex;C:\WINDOWS\system32\DRIVERS\CDSPACEX.sys [2003-07-31 13:13]
R3 SPI;Sony Programmable I/O Control Device;C:\WINDOWS\system32\DRIVERS\SonyPI.sys [2001-08-17 07:51]
R3 TwoRabts;Two Rabbits Live Bus;C:\WINDOWS\system32\DRIVERS\TwoRabts.sys [2003-04-23 14:39]
S3 npkycryp;npkycryp;d:\Program Files\Gravity\RO\npkycryp.sys []
S3 PhilCam8116;Logitech QuickCam Pro 3000(PID_08B0);C:\WINDOWS\system32\DRIVERS\CamDrL21.sys [2004-02-14 06:09]

*Newly Created Service* - ENTDRV51
.
Contents of the 'Scheduled Tasks' folder
"2008-02-08 13:31:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-12 22:33:20
Windows 5.1.2600 Service Pack 2 NTFS

detected NTDLL code modification:
ZwQuerySystemInformation

scanning hidden processes ...

C:\Program Files\iolo\Common\Lib\ioloDMVSvc.exe [368]

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-02-12 22:35:16
ComboFix-quarantined-files.txt 2008-02-13 03:34:51
ComboFix2.txt 2008-02-13 00:35:47
.
2008-01-24 08:05:53 --- E O F ---

HiJack Log
-------------->
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:36:43 PM, on 2/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
C:\Program Files\Palm\Hotsync.exe
C:\Program Files\SPACE INTERNATIONAL\CDSpace 5\LCDPlyer.exe
C:\Program Files\SPACE INTERNATIONAL\CDSpace 5\CDSLicenseMng.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\WINDOWS\system32\LVComsX.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Jabberock\Desktop\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Warn logo] C:\DOCUME~1\JABBER~1\APPLIC~1\ABOUTI~1\Grimokay.exe
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [{CCCCBF19-0256-1041-0928-040408030001}] "C:\Program Files\Common Files\{CCCCBF19-0256-1041-0928-040408030001}\Update.exe" mc-110-12-0002239 (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [{CCCCBF19-05D7-1033-0928-040408030001}] "C:\Program Files\Common Files\{CCCCBF19-05D7-1033-0928-040408030001}\Update.exe" mc-110-12-0002239 (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [{CCCCBF19-0256-1033-0928-040408030001}] "C:\Program Files\Common Files\{CCCCBF19-0256-1033-0928-040408030001}\Update.exe" mc-110-12-0002239 (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [{CCCCBF19-05D6-1033-0928-040408030001}] "C:\Program Files\Common Files\{CCCCBF19-05D6-1033-0928-040408030001}\Update.exe" mc-110-12-0002239 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [{CCCCBF19-0256-1041-0928-040408030001}] "C:\Program Files\Common Files\{CCCCBF19-0256-1041-0928-040408030001}\Update.exe" mc-110-12-0002239 (User 'Default user')
O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\Palm\Hotsync.exe
O4 - Global Startup: LCDPlayer.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binar...
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-CA...
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binar...
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.c...
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gam...
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binar...
O17 - HKLM\System\CCS\Services\Tcpip\..\{30C7FABA-ABB7-4845-A6C3-66F5617CDF99}: NameServer = 208.67.222.222,208.67.220.220
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iolo DMV Service (ioloDMV) - Unknown owner - C:\Program Files\iolo\Common\Lib\ioloDMVSvc.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

--
End of file - 7593 bytes

Also what did you mean by: "Did you install this and do you know what it is Warn logo."

Thank you very much

Please go to Virus Total and upload the following file for analysis:

C:\DOCUME~1\JABBER~1\APPLIC~1\ABOUTI~1\Grimokay.exe

Post the results in your reply.

I went to that folder and nothing is there.

Thanks again

Run Hijack This, close all windows and browsers except Hijack This, place a check to the left of the following items and press "fix checked":

O4 - HKCU\..\Run: [Warn logo] C:\DOCUME~1\JABBER~1\APPLIC~1\ABOUTI~1\Grimokay.exe

O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [{CCCCBF19-0256-1041-0928-040408030001}] "C:\Program Files\Common Files\{CCCCBF19-0256-1041-0928-040408030001}\Update.exe" mc-110-12-0002239 (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [{CCCCBF19-05D7-1033-0928-040408030001}] "C:\Program Files\Common Files\{CCCCBF19-05D7-1033-0928-040408030001}\Update.exe" mc-110-12-0002239 (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [{CCCCBF19-0256-1033-0928-040408030001}] "C:\Program Files\Common Files\{CCCCBF19-0256-1033-0928-040408030001}\Update.exe" mc-110-12-0002239 (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [{CCCCBF19-05D6-1033-0928-040408030001}] "C:\Program Files\Common Files\{CCCCBF19-05D6-1033-0928-040408030001}\Update.exe" mc-110-12-0002239 (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [{CCCCBF19-0256-1041-0928-040408030001}] "C:\Program Files\Common Files\{CCCCBF19-0256-1041-0928-040408030001}\Update.exe" mc-110-12-0002239

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)

O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)

Exit Hijack This .

Open Notepad and copy/paste everything between the X"s into it and make sure "File::" is at the very top of the page.
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
File::
C:\DOCUME~1\JABBER~1\APPLIC~1\ABOUTI~1\Grimokay.exe

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Warn logo"=-
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer\run]
"{CCCCBF19-0256-1041-0928-040408030001}"=- "{CCCCBF19-05D7-1033-0928-040408030001}"=- "{CCCCBF19-0256-1033-0928-040408030001}"=-
"{CCCCBF19-05D6-1033-0928-040408030001}"=-

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Go to File on the top bar and choose" Save As", Change the "Save As Type" to All Files, Name it CFScript.txt then save it to your desktop.
Then drag/drop the CFScript.txt onto ComboFix.exe (the red X on your desktop) if combofix does not auto start click "run".

Post a new Combofix log.

Your java is out of date and can be exploited.
Download the latest version of java from this link Java
Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
Click the "Download" button to the right.
Check the box that says: "Accept License Agreement". The page will refresh.
Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java. Check any item with Java Runtime Environment (JRE or J2SE) in the name. It should have the "coffee cup" icon next to it.
Click the Remove or Change/Remove button. Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed
Then from your desktop double-click on jre-1_6_3-windowsi586-p.exe to install the newest version.

Empty the restore folder. Go to start>control panel>system>system restore tab>check the box beside "turn off system restore>apply (takes a minute)>ok. Go back and uncheck the box to turn system restore back on>apply>ok.

Download ATF Cleaner from this link:
ATF Cleaner

Run ATF-Cleaner
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

Run an online scan with Kaspersky from the following link:
Kaspersky Online Scanner

Note: If you have used this particular scanner before, you MAY HAVE YO UNINSTALL the program through Add/Remove Programs before downloading the new ActiveX component

Click Yes, when prompted to install its ActiveX component.
(Note.. for Internet Explorer 7 users: If at any time you have trouble with the "Accept" button of the license, click on the "Zoom" tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license has been accepted, reset to 100%.)
The program launches and downloads the latest definition files.
Once the files are downloaded click on Next
Click on Scan Settings and configure as follows:
Scan using the following Anti-Virus database:
Extended
Scan Options:
Scan Archives
Scan Mail Base
Click OK and, under select a target to scan, select My Computer
When the scan is done, in the Scan is completed window (below), any infection is displayed.
There is no option to clean/disinfect, however, we need to analyze the information on the report.
To obtain the report:
Click on: Save Report As (above - red blinking arrow)
Next, in the Save as prompt, Save in area, select: Desktop
In the File name area, use KScan, or something similar
In Save as type, click the drop arrow and select: Text file [*.txt]
Then, click: Save
Please post the Kaspersky Online Scanner Report in your reply.

Thanks again for the superb follow up. Here are the logs and reports:

HiJack This Log
---------------->
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:05:06 PM, on 2/13/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\SPACE INTERNATIONAL\CDSpace 5\CDSLicenseMng.exe
C:\Documents and Settings\Jabberock\Desktop\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O4 - HKLM\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Warn logo] C:\DOCUME~1\JABBER~1\APPLIC~1\ABOUTI~1\Grimokay.exe
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [{CCCCBF19-0256-1041-0928-040408030001}] "C:\Program Files\Common Files\{CCCCBF19-0256-1041-0928-040408030001}\Update.exe" mc-110-12-0002239 (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [{CCCCBF19-05D7-1033-0928-040408030001}] "C:\Program Files\Common Files\{CCCCBF19-05D7-1033-0928-040408030001}\Update.exe" mc-110-12-0002239 (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [{CCCCBF19-0256-1033-0928-040408030001}] "C:\Program Files\Common Files\{CCCCBF19-0256-1033-0928-040408030001}\Update.exe" mc-110-12-0002239 (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [{CCCCBF19-05D6-1033-0928-040408030001}] "C:\Program Files\Common Files\{CCCCBF19-05D6-1033-0928-040408030001}\Update.exe" mc-110-12-0002239 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [{CCCCBF19-0256-1041-0928-040408030001}] "C:\Program Files\Common Files\{CCCCBF19-0256-1041-0928-040408030001}\Update.exe" mc-110-12-0002239 (User 'Default user')
O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\Palm\Hotsync.exe
O4 - Global Startup: LCDPlayer.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binar...
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-CA...
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binar...
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.c...
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gam...
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binar...
O17 - HKLM\System\CCS\Services\Tcpip\..\{30C7FABA-ABB7-4845-A6C3-66F5617CDF99}: NameServer = 208.67.222.222,208.67.220.220
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iolo DMV Service (ioloDMV) - Unknown owner - C:\Program Files\iolo\Common\Lib\ioloDMVSvc.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

--
End of file - 7453 bytes

ComboFix Log
---------->
ComboFix 08-02-14.1 - Jabberock 2008-02-13 22:21:34.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.743 [GMT -5:00]
Running from: C:\Documents and Settings\Jabberock\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Jabberock\Desktop\CFScript.txt
* Created a new restore point

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]

FILE
C:\DOCUME~1\JABBER~1\APPLIC~1\ABOUTI~1\Grimokay.exe
.

((((((((((((((((((((((((( Files Created from 2008-01-14 to 2008-02-14 )))))))))))))))))))))))))))))))
.

2008-02-12 22:16 . 2008-02-12 22:16 <DIR> d-------- C:\deljob
2008-02-12 18:11 . 2008-02-12 18:48 <DIR> d-------- C:\VundoFix Backups
2008-02-12 16:25 . 2008-02-12 16:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-12 16:23 . 2008-02-12 16:23 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-09 03:36 . 2008-02-09 03:36 <DIR> d-------- C:\Program Files\uTorrent
2008-02-09 03:35 . 2008-02-13 22:02 <DIR> d-------- C:\Documents and Settings\Jabberock\Application Data\uTorrent

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-14 03:17 --------- d-----w C:\Program Files\Common Files\Network Associates
2008-02-12 21:25 --------- d-----w C:\Program Files\Lavasoft
2008-02-09 09:19 --------- d-----w C:\Documents and Settings\Jabberock\Application Data\Azureus
2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys
2007-12-14 16:32 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2007-12-07 01:07 659,456 ----a-w C:\WINDOWS\system32\wininet.dll
2007-12-04 18:38 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24 1694208]
"PopUpStopperFreeEdition"="C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe" [2005-03-17 11:10 536576]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54 5674352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DU Meter"="C:\Program Files\DU Meter\DUMeter.exe" [2006-11-27 14:18 1582616]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
DataViz Inc Messenger.lnk - C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe [2006-10-16 07:04:59 28672]
HOTSYNCSHORTCUTNAME.lnk - C:\Program Files\Palm\Hotsync.exe [2004-06-09 13:27:34 471040]
LCDPlayer.lnk - C:\Program Files\SPACE INTERNATIONAL\CDSpace 5\LCDPlyer.exe [2006-05-04 01:25:40 323584]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2006-03-15 22:25:07 450560]

R1 XSPACEWG;XSPACEWG;C:\WINDOWS\system32\drivers\XSpaceWg.sys [2003-05-20 16:26]
R3 cdspacex;cdspacex;C:\WINDOWS\system32\DRIVERS\CDSPACEX.sys [2003-07-31 13:13]
R3 SPI;Sony Programmable I/O Control Device;C:\WINDOWS\system32\DRIVERS\SonyPI.sys [2001-08-17 07:51]
R3 TwoRabts;Two Rabbits Live Bus;C:\WINDOWS\system32\DRIVERS\TwoRabts.sys [2003-04-23 14:39]
S3 npkycryp;npkycryp;d:\Program Files\Gravity\RO\npkycryp.sys []
S3 PhilCam8116;Logitech QuickCam Pro 3000(PID_08B0);C:\WINDOWS\system32\DRIVERS\CamDrL21.sys [2004-02-14 06:09]

*Newly Created Service* - ENTDRV51
.
Contents of the 'Scheduled Tasks' folder
"2008-02-08 13:31:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-13 22:24:14
Windows 5.1.2600 Service Pack 2 NTFS

detected NTDLL code modification:
ZwQuerySystemInformation

scanning hidden processes ...

C:\Program Files\iolo\Common\Lib\ioloDMVSvc.exe [372]

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.2180]
-> C:\WINDOWS\system32\EntApi.dll
.
Completion time: 2008-02-13 22:25:34
ComboFix-quarantined-files.txt 2008-02-14 03:25:18
ComboFix2.txt 2008-02-13 03:35:19
ComboFix3.txt 2008-02-13 00:35:47
.
2008-02-13 08:03:33 --- E O F ---

Kaspersky Online Report
---------->
---------------------
KASPERSKY ONLINE SCANNER REPORT
Thursday, February 14, 2008 8:55:41 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 14/02/2008
Kaspersky Anti-Virus database records: 564969
---------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\
F:\
G:\
J:\
K:\

Scan Statistics:
Total number of scanned objects: 87737
Number of viruses found: 9
Number of infected objects: 33
Number of suspicious objects: 0
Duration of the scan process: 00:59:57

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped
C:\Documents and Settings\Jabberock\Application Data\Mozilla\Firefox\Profiles\wlds1yc8.default\cert8.db Object is locked skipped
C:\Documents and Settings\Jabberock\Application Data\Mozilla\Firefox\Profiles\wlds1yc8.default\history.dat Object is locked skipped
C:\Documents and Settings\Jabberock\Application Data\Mozilla\Firefox\Profiles\wlds1yc8.default\key3.db Object is locked skipped
C:\Documents and Settings\Jabberock\Application Data\Mozilla\Firefox\Profiles\wlds1yc8.default\parent.lock Object is locked skipped
C:\Documents and Settings\Jabberock\Application Data\Mozilla\Firefox\Profiles\wlds1yc8.default\search.sqlite Object is locked skipped
C:\Documents and Settings\Jabberock\Application Data\Mozilla\Firefox\Profiles\wlds1yc8.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\Jabberock\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Jabberock\Desktop\WGACrack\WGA Crack\WGA Crack\Keyfinder.exe/data.rar/officekey.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
C:\Documents and Settings\Jabberock\Desktop\WGACrack\WGA Crack\WGA Crack\Keyfinder.exe/data.rar Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
C:\Documents and Settings\Jabberock\Desktop\WGACrack\WGA Crack\WGA Crack\Keyfinder.exe RarSFX: infected - 2 skipped
C:\Documents and Settings\Jabberock\Desktop\WGACrack.rar/WGA Crack/WGA Crack/Keyfinder.exe/data.rar/officekey.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
C:\Documents and Settings\Jabberock\Desktop\WGACrack.rar/WGA Crack/WGA Crack/Keyfinder.exe/data.rar Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
C:\Documents and Settings\Jabberock\Desktop\WGACrack.rar/WGA Crack/WGA Crack/Keyfinder.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
C:\Documents and Settings\Jabberock\Desktop\WGACrack.rar RAR: infected - 3 skipped
C:\Documents and Settings\Jabberock\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Jabberock\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Jabberock\Local Settings\Application Data\Mozilla\Firefox\Profiles\wlds1yc8.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Jabberock\Local Settings\Application Data\Mozilla\Firefox\Profiles\wlds1yc8.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Jabberock\Local Settings\Application Data\Mozilla\Firefox\Profiles\wlds1yc8.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Jabberock\Local Settings\Application Data\Mozilla\Firefox\Profiles\wlds1yc8.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Jabberock\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Jabberock\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Jabberock\ntuser.dat Object is locked skipped
C:\Documents and Settings\Jabberock\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\MySQL\MySQL Server 5.0\data\ibdata1 Object is locked skipped
C:\Program Files\MySQL\MySQL Server 5.0\data\ib_logfile0 Object is locked skipped
C:\Program Files\MySQL\MySQL Server 5.0\data\ib_logfile1 Object is locked skipped
C:\Program Files\MySQL\MySQL Server 5.0\data\JABBERWOCK.err Object is locked skipped
C:\QooBox\Quarantine\C\Program Files\Messenger\moxegur89104.dll.vir Infected: not-a-virus:AdWare.Win32.TTC.d skipped
C:\QooBox\Quarantine\C\WINDOWS\mrofinu1000106.exe.vir Infected: Trojan-Downloader.Win32.Agent.iug skipped
C:\QooBox\Quarantine\C\WINDOWS\mrofinu572.exe.vir Infected: Trojan-Downloader.Win32.Agent.iug skipped
C:\QooBox\Quarantine\C\WINDOWS\NDNuninstall7_48.exe.vir Infected: not-a-virus:AdWare.Win32.NewDotNet.e skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\dhearkbf.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\dsikouwd.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\hlp6\liopud89104.exe.vir/data0002 Infected: not-a-virus:AdWare.Win32.TTC.d skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\hlp6\liopud89104.exe.vir NSIS: infected - 1 skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\jkkif.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.imh skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\mdvkyerm.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\nGpxx01\nGpxx011065.exe.vir Infected: Trojan-Downloader.Win32.VB.cgu skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\opnolif.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\ssqaoyls.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\windows.vir Infected: Trojan.Win32.Zapchast.dt skipped
C:\QooBox\Quarantine\catchme2008-02-12_193126.23.zip/dhearkbf.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\catchme2008-02-12_193126.23.zip ZIP: infected - 1 skipped
C:\QUARANTINE\A0082527.exe.Vir.vir Infected: Trojan.Win32.Obfuscated.en skipped
C:\QUARANTINE\A0082528.exe.Vir.vir Infected: Trojan.Win32.Obfuscated.en skipped
C:\QUARANTINE\Body that junk.exe.Vir.vir Infected: Trojan.Win32.Obfuscated.en skipped
C:\QUARANTINE\Grimokay.exe.Vir.vir Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{154F31AC-0C7E-4C68-965D-2BC6A329D026}\RP490\change.log Object is locked skipped
C:\VundoFix Backups\avhhxmxh.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\dcrmqoum.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\efedc.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.imh skipped
C:\VundoFix Backups\lbnhwkjb.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\ogigffbw.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\VundoFix Backups\opnolif.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{1CBF13C5-C072-4B19-AB4A-89DC3D8825DA}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\dtscsi.sys Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\drivers\sptd5741.sys Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
D:\System Volume Information\_restore{154F31AC-0C7E-4C68-965D-2BC6A329D026}\RP490\change.log Object is locked skipped

Scan process completed.

Looks better.

Please copy and paste the text between the X's into Notepad (Go to Start > Run, type Notepad and hit Enter)making sure @echo off is at the very top of the page.
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

@echo off

sc stop npkycryp
sc delete npkycryp

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

Go to File > Save As:. Save the file as "Fix.bat" (Including the quotes)

Double-click on Fix.bat on your desktop to run the file.

Run Hijack This, close all windows and browsers except Hijack This, place a check to the left of the following items and press "fix checked":

O4 - HKCU\..\Run: [Warn logo] C:\DOCUME~1\JABBER~1\APPLIC~1\ABOUTI~1\Grimokay.exe

O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [{CCCCBF19-0256-1041-0928-040408030001}] "C:\Program Files\Common Files\{CCCCBF19-0256-1041-0928-040408030001}\Update.exe" mc-110-12-0002239 (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [{CCCCBF19-05D7-1033-0928-040408030001}] "C:\Program Files\Common Files\{CCCCBF19-05D7-1033-0928-040408030001}\Update.exe" mc-110-12-0002239 (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [{CCCCBF19-0256-1033-0928-040408030001}] "C:\Program Files\Common Files\{CCCCBF19-0256-1033-0928-040408030001}\Update.exe" mc-110-12-0002239 (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [{CCCCBF19-05D6-1033-0928-040408030001}] "C:\Program Files\Common Files\{CCCCBF19-05D6-1033-0928-040408030001}\Update.exe" mc-110-12-0002239 (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [{CCCCBF19-0256-1041-0928-040408030001}] "C:\Program Files\Common Files\{CCCCBF19-0256-1041-0928-040408030001}\Update.exe" mc-110-12-0002239 (User 'Default user')

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)

O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)

Exit Hiajck This.

Please post a new Combofix log and a new Hijack This log.

Let us know how your computer is operating.

Thank you very much for your replies, they have been quite helpful. Not only am I making my system faster (well restoring it like before), i m also learning a bit on the way :D awesome!!

here is my HiJack Log

------------->
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:28:23 PM, on 2/15/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
C:\Program Files\SPACE INTERNATIONAL\CDSpace 5\CDSLicenseMng.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Jabberock\Desktop\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O4 - HKLM\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\Palm\Hotsync.exe
O4 - Global Startup: LCDPlayer.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/pa...
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binar...
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-CA...
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binar...
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.c...
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gam...
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binar...
O17 - HKLM\System\CCS\Services\Tcpip\..\{30C7FABA-ABB7-4845-A6C3-66F5617CDF99}: NameServer = 208.67.222.222,208.67.220.220
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iolo DMV Service (ioloDMV) - Unknown owner - C:\Program Files\iolo\Common\Lib\ioloDMVSvc.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

--
End of file - 5706 bytes

and heres my ComboFix log
->
ComboFix 08-02-14.1 - Jabberock 2008-02-15 14:30:49.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.895 [GMT -5:00]
Running from: C:\Documents and Settings\Jabberock\Desktop\ComboFix.exe

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.

((((((((((((((((((((((((( Files Created from 2008-01-15 to 2008-02-15 )))))))))))))))))))))))))))))))
.

2008-02-13 23:37 . 2008-02-13 23:37 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-02-13 23:37 . 2008-02-13 23:37 <DIR> d-------- C:\WINDOWS\LastGood
2008-02-13 23:37 . 2008-02-13 23:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-02-13 23:30 . 2008-02-13 23:30 <DIR> d-------- C:\Program Files\Common Files\Java
2008-02-13 23:30 . 2007-12-14 01:59 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-02-12 22:16 . 2008-02-12 22:16 <DIR> d-------- C:\deljob
2008-02-12 18:11 . 2008-02-12 18:48 <DIR> d-------- C:\VundoFix Backups
2008-02-12 16:25 . 2008-02-12 16:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-12 16:23 . 2008-02-12 16:23 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-09 03:36 . 2008-02-09 03:36 <DIR> d-------- C:\Program Files\uTorrent
2008-02-09 03:35 . 2008-02-15 14:25 <DIR> d-------- C:\Documents and Settings\Jabberock\Application Data\uTorrent

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-14 04:30 --------- d-----w C:\Program Files\Java
2008-02-14 04:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-02-14 03:17 --------- d-----w C:\Program Files\Common Files\Network Associates
2008-02-12 21:25 --------- d-----w C:\Program Files\Lavasoft
2008-02-09 09:19 --------- d-----w C:\Documents and Settings\Jabberock\Application Data\Azureus
2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys
2007-12-14 16:32 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2007-12-07 01:07 659,456 ----a-w C:\WINDOWS\system32\wininet.dll
2007-12-04 18:38 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24 1694208]
"PopUpStopperFreeEdition"="C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe" [2005-03-17 11:10 536576]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54 5674352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DU Meter"="C:\Program Files\DU Meter\DUMeter.exe" [2006-11-27 14:18 1582616]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" [2007-12-14 03:42 144784]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
DataViz Inc Messenger.lnk - C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe [2006-10-16 07:04:59 28672]
HOTSYNCSHORTCUTNAME.lnk - C:\Program Files\Palm\Hotsync.exe [2004-06-09 13:27:34 471040]
LCDPlayer.lnk - C:\Program Files\SPACE INTERNATIONAL\CDSpace 5\LCDPlyer.exe [2006-05-04 01:25:40 323584]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2006-03-15 22:25:07 450560]

R1 XSPACEWG;XSPACEWG;C:\WINDOWS\system32\drivers\XSpaceWg.sys [2003-05-20 16:26]
R3 cdspacex;cdspacex;C:\WINDOWS\system32\DRIVERS\CDSPACEX.sys [2003-07-31 13:13]
R3 SPI;Sony Programmable I/O Control Device;C:\WINDOWS\system32\DRIVERS\SonyPI.sys [2001-08-17 07:51]
R3 TwoRabts;Two Rabbits Live Bus;C:\WINDOWS\system32\DRIVERS\TwoRabts.sys [2003-04-23 14:39]
S3 PhilCam8116;Logitech QuickCam Pro 3000(PID_08B0);C:\WINDOWS\system32\DRIVERS\CamDrL21.sys [2004-02-14 06:09]

.
Contents of the 'Scheduled Tasks' folder
"2008-02-15 13:31:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-15 14:33:52
Windows 5.1.2600 Service Pack 2 NTFS

detected NTDLL code modification:
ZwQuerySystemInformation

scanning hidden processes ...

C:\Program Files\iolo\Common\Lib\ioloDMVSvc.exe [376]

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-02-15 14:35:18
ComboFix-quarantined-files.txt 2008-02-15 19:35:01
ComboFix2.txt 2008-02-14 03:25:35
ComboFix3.txt 2008-02-13 03:35:19
ComboFix4.txt 2008-02-13 00:35:47
.
2008-02-13 08:03:33 --- E O F ---

The system is running quite smoothly, thank you very much! :D

aside from that, i was wondering if there are any free house keeping programs that you would recommend so i won't be in this pickle again. I scan my computer with ad-aware by lavasoft one a week or so to purge out the adwares. Can you recommend other prevention procedures? Thank you very much.

Your logs are clean.

You should consider adding "Spywareblaster" to your arsenol of antispyware tools, you can download it from this link Spywareblaster

Just download it,install it, and update it. Its free and runs in the background, so you don't actually run it, and re-writes malicious script before it can install on your computer. Look for updates weekly as there is no auto-update on the free version.

Glad we could help.

awesome thanks alot this has been extremely helpful
One more question is there any place (web sites) where you would recommend that i can read about such issues so i can educate myself better so if it happens next time i might be able to diagnose it myself