I posted here before, but i was too busy to get it done... :imsorry:

And because of that, I have much more...

I currently use "avast!" to get viruses but there are just some things it can't get... :furious:

So, I beg that you give me a second chance...

and help me out with this new report :rulez:

I'm pretty sure that i have vundo... D:

Hijak This log:

Logfile of HijackThis v1.99.1
Scan saved at 7:58:07 PM, on 8/6/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
D:\Avast\aswUpdSv.exe
D:\Avast\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\ehome\ehSched.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Sony\VAIO Media Integrated Server\Music\SSSvr.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Photo\appsrv\PhotoAppSrv.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
D:\Avast\ashMaiSv.exe
D:\Avast\ashWebSv.exe
C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\Program Files\SONY\sHotKey\sHotKey.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\program files\support.com\client\bin\tgcmd.exe
C:\WINDOWS\AGRSMMSG.exe
D:\qttask.exe
D:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\cidaemon.exe
D:\Winamp\winamp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Ian_man\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.sony.com/vaiopeople
R3 - URLSearchHook: (no name) - _{00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
R3 - URLSearchHook: (no name) - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Ian_man\Application Data\Mozilla\Profiles\default\drbbf93q.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: (no name) - {8A2CB3E2-F204-47DE-8BB6-A06838D28435} - C:\WINDOWS\system32\awvtu.dll
O2 - BHO: (no name) - {AFD88225-A902-45FB-A07C-3835358D4354} - C:\WINDOWS\system32\tekwdspn.dll
O2 - BHO: (no name) - {C004A8DA-623A-4409-B6ED-F3E3DA367792} - C:\WINDOWS\system32\ddcdebx.dll (file missing)
O2 - BHO: PsapiAnalyzer Object - {CB8B69CF-31AF-40D0-A119-5A8435BC1534} - c:\windows\servicepackfiles\i386\tcpdrv.dll
O2 - BHO: (no name) - {FDA309CC-CFC5-4305-94BF-38B901E62796} - C:\WINDOWS\system32\tekwdspn.dll
O3 - Toolbar: (no name) - {53E0B6E8-A51D-448B-B692-40B67B285543} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [sHotKey] "C:\Program Files\SONY\sHotKey\sHotKey.exe"
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [ZTgServerSwitch] "c:\program files\support.com\client\bin\tgcmd.exe" /server
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [gcasServ] "D:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [=NOI] C:\windows\mrjj.exe
O4 - HKLM\..\Run: [F ma] C:\windows\mrjj.exe
O4 - HKLM\..\Run: [HP Software Update] D:\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Jyityi] C:\Program Files\Fiwkc\Qnhvk.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [seekmo] "c:\program files\seekmo\seekmo.exe"
O4 - HKLM\..\Run: [QuickTime Task] "D:\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [wjt] C:\WINDOWS\system32\wjt.exe
O4 - HKLM\..\Run: [avast!] D:\Avast\ashDisp.exe
O4 - HKLM\..\Run: [j4221236] rundll32 C:\WINDOWS\system32\j4221236.dll sook
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2b.bin\mwsoemon.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent] "D:\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - Startup: Adobe Gamma.lnk = D:\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Office10\OSA.EXE
O4 - Global Startup: NETGEAR WG311v2 Smart Configuration.lnk = D:\Program Files\NETGEAR WG311v2 Adapter\wlancfg5.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZNfox000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O15 - Trusted Zone: http://www.neededware.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL (file missing)
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL (file missing)
O20 - Winlogon Notify: avgwlntf - C:\WINDOWS\SYSTEM32\avgwlntf.dll
O20 - Winlogon Notify: awvtu - C:\WINDOWS\system32\awvtu.dll
O20 - Winlogon Notify: ddcdebx - ddcdebx.dll (file missing)
O20 - Winlogon Notify: sysfrcx - sysfrcx.dll (file missing)
O20 - Winlogon Notify: tcpdrv - c:\windows\servicepackfiles\i386\tcpdrv.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: wineak32 - wineak32.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Avast\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\Avast\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - D:\Avast\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - D:\Avast\ashWebSv.exe" /service (file missing)
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\dwrudcvp.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Unknown owner - C:\Documents and Settings\Ian_man\Desktop\iPod\bin\iPodService.exe (file missing)
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NBService - Nero AG - D:\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SonicStageMonitoring - Sony Corporation - C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
O23 - Service: Sony TV Tuner Controller - Sony Corporation - C:\Program Files\Sony\Sony TV Tuner Library\halsv.exe
O23 - Service: Sony TV Tuner Manager - Sony Corporation - C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe
O23 - Service: Sony TVTA Manager - Sony Corporation - C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Music\SSSvr.exe" /Service=VAIOMediaPlatform-MusicServer-AppServer /DisplayName="VAIO Media Music Server (file missing)
O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-MusicServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\MusicServer\HTTP (file missing)
O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Photo\appsrv\PhotoAppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-PhotoServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\PhotoServer\HTTP (file missing)
O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe" /Service=VAIOMediaPlatform-VideoServer-AppServer /DisplayName="VAIO Media Video Server (file missing)
O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-VideoServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\VideoServer\HTTP (file missing)
O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe

OOPS!!!!

I just saw that the new version of hijackthis is 2.002, so here you go:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:12:29 PM, on 8/6/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
D:\Avast\aswUpdSv.exe
D:\Avast\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\ehome\ehSched.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Sony\VAIO Media Integrated Server\Music\SSSvr.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Photo\appsrv\PhotoAppSrv.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
D:\Avast\ashMaiSv.exe
D:\Avast\ashWebSv.exe
C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\Program Files\SONY\sHotKey\sHotKey.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\program files\support.com\client\bin\tgcmd.exe
C:\WINDOWS\AGRSMMSG.exe
D:\qttask.exe
D:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\cidaemon.exe
D:\Winamp\winamp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Ian_man\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.sony.com/vaiopeople
R3 - URLSearchHook: (no name) - _{00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
R3 - URLSearchHook: (no name) - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\IAN_MAN\Application Data\Mozilla\Profiles\default\drbbf93q.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: (no name) - {8A2CB3E2-F204-47DE-8BB6-A06838D28435} - C:\WINDOWS\system32\awvtu.dll
O2 - BHO: (no name) - {AFD88225-A902-45FB-A07C-3835358D4354} - C:\WINDOWS\system32\tekwdspn.dll
O2 - BHO: (no name) - {C004A8DA-623A-4409-B6ED-F3E3DA367792} - C:\WINDOWS\system32\ddcdebx.dll (file missing)
O2 - BHO: PsapiAnalyzer Object - {CB8B69CF-31AF-40D0-A119-5A8435BC1534} - c:\windows\servicepackfiles\i386\tcpdrv.dll
O2 - BHO: (no name) - {FDA309CC-CFC5-4305-94BF-38B901E62796} - C:\WINDOWS\system32\tekwdspn.dll
O3 - Toolbar: (no name) - {53E0B6E8-A51D-448B-B692-40B67B285543} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [sHotKey] "C:\Program Files\SONY\sHotKey\sHotKey.exe"
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [ZTgServerSwitch] "c:\program files\support.com\client\bin\tgcmd.exe" /server
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [gcasServ] "D:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [=NOI] C:\windows\mrjj.exe
O4 - HKLM\..\Run: [F ma] C:\windows\mrjj.exe
O4 - HKLM\..\Run: [HP Software Update] D:\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Jyityi] C:\Program Files\Fiwkc\Qnhvk.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [seekmo] "c:\program files\seekmo\seekmo.exe"
O4 - HKLM\..\Run: [QuickTime Task] "D:\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [wjt] C:\WINDOWS\system32\wjt.exe
O4 - HKLM\..\Run: [avast!] D:\Avast\ashDisp.exe
O4 - HKLM\..\Run: [j4221236] rundll32 C:\WINDOWS\system32\j4221236.dll sook
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2b.bin\mwsoemon.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent] "D:\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKLM\..\Policies\Explorer\Run: [hby] C:\WINDOWS\system32\hby.exe
O4 - HKLM\..\Policies\Explorer\Run: [oxuvl] C:\WINDOWS\system32\oxuvl.exe
O4 - HKLM\..\Policies\Explorer\Run: [wjt] C:\WINDOWS\system32\wjt.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [SetDefaultMidi] MIDIDEF.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [SetDefaultMidi] MIDIDEF.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [SetDefaultMidi] MIDIDEF.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [SetDefaultMidi] MIDIDEF.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = D:\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Office10\OSA.EXE
O4 - Global Startup: NETGEAR WG311v2 Smart Configuration.lnk = D:\Program Files\NETGEAR WG311v2 Adapter\wlancfg5.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZNfox000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O15 - Trusted Zone: http://www.neededware.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O20 - Winlogon Notify: avgwlntf - C:\WINDOWS\SYSTEM32\avgwlntf.dll
O20 - Winlogon Notify: awvtu - C:\WINDOWS\system32\awvtu.dll
O20 - Winlogon Notify: ddcdebx - ddcdebx.dll (file missing)
O20 - Winlogon Notify: sysfrcx - sysfrcx.dll (file missing)
O20 - Winlogon Notify: tcpdrv - c:\windows\servicepackfiles\i386\tcpdrv.dll
O20 - Winlogon Notify: wineak32 - wineak32.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Avast\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\Avast\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Avast\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - D:\Avast\ashWebSv.exe
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\dwrudcvp.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Unknown owner - C:\Documents and Settings\Ian_man\Desktop\iPod\bin\iPodService.exe (file missing)
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NBService - Nero AG - D:\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SonicStageMonitoring - Sony Corporation - C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
O23 - Service: Sony TV Tuner Controller - Sony Corporation - C:\Program Files\Sony\Sony TV Tuner Library\halsv.exe
O23 - Service: Sony TV Tuner Manager - Sony Corporation - C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe
O23 - Service: Sony TVTA Manager - Sony Corporation - C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Music\SSSvr.exe
O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Photo\appsrv\PhotoAppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe
O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe

--
End of file - 13497 bytes

Vundo and a whole lot more. ANd not following through earlier may end up forcing you to reformat and re-install. We can try to clean it, but from my initial glance, you are severely infected with a lot more than just Vundo. But that is a place to start so.....


First:
Please download VundoFix.exe to your Desktop

• Double-click VundoFix.exe to run it.
• Click the Scan for Vundo button.
• Once it's done scanning, click the Remove Vundo button.
• You will receive a prompt asking if you want to remove the files, click YES
• Once you click yes, your desktop will go blank as it starts removing Vundo.
• When completed, it will prompt that it will reboot your computer, click OK.
• Please post the contents of C:\vundofix.txt

Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button."
when VundoFix appears at reboot.



Second:
1. Download this file -
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

2. Double click combofix.exe & follow the prompts. A window will open with a warning. Type "1" (and Enter) to start the fix.
3. When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall


Third:
Run HiJackThis again, and post a new log in this thread.

COMBO FIX:

ComboFix 07-08-04.3 - "Jim" 2007-08-07 11:03:29.1 [GMT 1:00] - NTFS
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.True
* Created a new restore point


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Program Files\Common Files\Yazzle1162OinUninstaller.exe
C:\WINDOWS\ServicePackFiles\i386\ntp2.ini
C:\WINDOWS\system32\edpddfnv.exe
C:\WINDOWS\system32\gnkmwmke.exe
C:\WINDOWS\system32\hqgrhqvi.exe
C:\WINDOWS\system32\mnnwigik.exe
C:\WINDOWS\system32\mowtrodu.exe
C:\WINDOWS\system32\mpjmqaiw.exe
C:\WINDOWS\system32\npymtgiw.exe
C:\WINDOWS\system32\tekwdspn.dll
C:\WINDOWS\system32\vslxgnup.exe
C:\WINDOWS\system32\yoqcewrp.exe
C:\WINDOWS\wr.txt


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_DOMAINSERVICE
-------\DomainService


((((((((((((((((((((((((( Files Created from 2007-07-07 to 2007-08-07 )))))))))))))))))))))))))))))))


2007-08-07 11:03 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-07 10:37 <DIR> d-------- C:\VundoFix Backups
2007-08-06 15:56 2,068 --a------ C:\WINDOWS\system32\qmcpfbsq.exe
2007-07-11 19:28 2,068 --a------ C:\WINDOWS\system32\ftfjnakj.exe
2007-07-11 16:58 2,068 --a------ C:\WINDOWS\system32\rgsfdqps.exe
2007-07-11 08:58 2,068 --a------ C:\WINDOWS\system32\awpvyvrn.exe
2007-07-11 08:44 2,068 --a------ C:\WINDOWS\system32\ynafuixd.exe
2007-07-10 21:52 2,068 --a------ C:\WINDOWS\system32\bjiwnten.exe
2007-07-10 19:54 2,068 --a------ C:\WINDOWS\system32\jraumkpm.exe
2007-07-09 19:51 2,068 --a------ C:\WINDOWS\system32\seevlvej.exe
2007-07-09 16:10 2,068 --a------ C:\WINDOWS\system32\vhdxlbfa.exe
2007-07-09 08:12 2,068 --a------ C:\WINDOWS\system32\yxypfcwy.exe
2007-07-08 20:47 2,068 --a------ C:\WINDOWS\system32\putxgsck.exe
2007-07-08 12:43 2,068 --a------ C:\WINDOWS\system32\yruwxfxs.exe
2007-07-07 12:47 2,068 --a------ C:\WINDOWS\system32\pywjxgko.exe


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-07 11:06 288 --a------ C:\WINDOWS\system32\DVCStateBkp-{00000003-00000000-0000000A-00001102-00000004-00541102}.dat
2007-08-07 11:06 288 --a------ C:\WINDOWS\system32\DVCState-{00000003-00000000-0000000A-00001102-00000004-00541102}.dat
2007-07-06 16:31 2068 --a------ C:\WINDOWS\system32\vkwjmorx.exe
2007-07-06 09:54 2068 --a------ C:\WINDOWS\system32\rdvifbov.exe
2007-07-05 22:43 2068 --a------ C:\WINDOWS\system32\atqqptwv.exe
2007-07-05 18:16 2068 --a------ C:\WINDOWS\system32\qchdpbpl.exe
2007-07-05 15:05 2068 --a------ C:\WINDOWS\system32\ttdslyni.exe
2007-07-05 11:02 2068 --a------ C:\WINDOWS\system32\qigntcqt.exe
2007-07-04 21:31 2068 --a------ C:\WINDOWS\system32\uytamjio.exe
2007-07-04 19:38 2068 --a------ C:\WINDOWS\system32\qqyewmks.exe
2007-07-04 17:48 2068 --a------ C:\WINDOWS\system32\nkhetvce.exe
2007-07-01 22:20 --------- d-------- C:\Program Files\RK Autocutter
2007-06-30 17:58 --------- d-------- C:\Program Files\RK Autofighter 2
2007-06-30 15:41 --------- d-------- C:\DOCUME~1\Jim\APPLIC~1\Xfire
2007-06-30 10:03 --------- d-------- C:\DOCUME~1\Jim\APPLIC~1\Hamachi
2007-06-28 15:17 --------- d-------- C:\DOCUME~1\Jim\APPLIC~1\uTorrent
2007-06-17 10:40 --------- d-------- C:\DOCUME~1\Jim\APPLIC~1\tunebite
2007-06-13 05:23 249856 --------- C:\WINDOWS\Setup1.exe
2007-06-13 05:22 73216 --a------ C:\WINDOWS\ST6UNST.EXE
2007-06-12 22:25 --------- d-------- C:\DOCUME~1\Jim\APPLIC~1\Real
2007-06-12 22:23 --------- d-------- C:\Program Files\Common Files\xing shared
2007-06-12 22:22 15437 --a------ C:\WINDOWS\mozver.dat
2007-06-12 22:22 --------- d-------- C:\Program Files\Google
2007-06-12 22:22 --------- d-------- C:\Program Files\Common Files\Real
2007-06-12 22:20 --------- d-------- C:\Program Files\Real
2007-06-11 08:04 --------- d-------- C:\DOCUME~1\Jim\APPLIC~1\teamspeak2
2007-06-11 07:18 --------- d-------- C:\DOCUME~1\Jim\APPLIC~1\Recorder
2007-05-20 22:00 1510 --a------ C:\WINDOWS\Sketchpad Preferences.dat
2007-05-16 16:12 86528 --a--c--- C:\WINDOWS\system32\dllcache\directdb.dll
2007-05-16 16:12 85504 -----c--- C:\WINDOWS\system32\dllcache\wabimp.dll
2007-05-16 16:12 683520 --a------ C:\WINDOWS\system32\inetcomm.dll
2007-05-16 16:12 683520 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
2007-05-16 16:12 510976 --a--c--- C:\WINDOWS\system32\dllcache\wab32.dll
2007-05-16 16:12 1314816 -----c--- C:\WINDOWS\system32\dllcache\msoe.dll
2007-05-15 10:18 53952 --a--c--- C:\DOCUME~1\Jim\APPLIC~1\GDIPFONTCACHEV1.DAT
2007-05-12 14:32 69443 --a------ C:\WINDOWS\hpoins05.dat
2007-05-09 19:17 9216 --a------ C:\WINDOWS\system32\avgwlntf.dll
2007-05-09 17:37 4212 --ah----- C:\WINDOWS\system32\zllictbl.dat
2007-05-08 12:31 512 --a------ C:\ScanSectorLog.dat
2007-05-08 10:24 3583488 --a--c--- C:\WINDOWS\system32\dllcache\mshtml.dll
2007-04-17 14:43 138413 --a------ C:\DOCUME~1\Jim\APPLIC~1\iqdd9h8.exe
2007-04-17 14:42 138413 --a------ C:\DOCUME~1\Jim\APPLIC~1\qwxixzi.exe
2007-04-17 14:42 138413 --a------ C:\DOCUME~1\Jim\APPLIC~1\gtxli9i.exe
2007-04-17 14:42 138413 --a------ C:\DOCUME~1\Jim\APPLIC~1\a8cl3sr.exe
2006-02-24 17:24 5120 --ahs---- C:\Program Files\Thumbs.db


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C6CA9BAA-21E2-444A-A546-0EAEAFFCFC47}]
C:\WINDOWS\system32\awvtu.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-08-02 17:35]
"nwiz"="nwiz.exe" [2005-08-02 17:35 C:\WINDOWS\system32\nwiz.exe]
"CTHelper"="CTHELPER.EXE" [2003-07-03 01:51 C:\WINDOWS\system32\cthelper.exe]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2004-08-04 08:56]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-05 00:24 C:\WINDOWS\system32\Ati2mdxx.exe]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-07-06 21:01]
"sHotKey"="C:\Program Files\SONY\sHotKey\sHotKey.exe" [2003-08-22 17:22]
"ezShieldProtector for Px"="C:\WINDOWS\System32\ezSP_Px.exe" [2002-08-20 18:29]
"ZTgServerSwitch"="c:\program files\support.com\client\bin\tgcmd.exe" [2003-06-24 01:32]
"AGRSMMSG"="AGRSMMSG.exe" [2003-05-23 18:43 C:\WINDOWS\AGRSMMSG.exe]
"VAIO Recovery"="C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-20 06:08]
"gcasServ"="D:\Program Files\Microsoft AntiSpyware\gcasServ.exe" [2005-02-11 06:32]
"=NOI"="C:\windows\mrjj.exe" []
"F ma"="C:\windows\mrjj.exe" []
"HP Software Update"="D:\HP Software Update\HPWuSchd2.exe" []
"Jyityi"="C:\Program Files\Fiwkc\Qnhvk.exe" []
"Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" []
"QuickTime Task"="D:\qttask.exe" [2006-10-25 19:58]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-10-30 10:36]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe" [2006-10-12 04:10]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-08-02 17:35]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 16:40]
"wjt"="C:\WINDOWS\system32\wjt.exe" []
"avast!"="D:\Avast\ashDisp.exe" [2007-04-30 16:42]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:56]
"WinFixer2005"="C:\Program Files\WinFixer 2005\uwfx5.exe" []
"Aim6"="C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" []
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe" []
"Steam"="" []
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-10-09 11:28]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"SetDefaultMidi"=MIDIDEF.EXE
"tscuninstall"=%systemroot%\system32\tscupgrd.exe
"RunNarrator"=Narrator.exe

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - D:\Office10\OSA.EXE [2001-02-13 09:01:04]
NETGEAR WG311v2 Smart Configuration.lnk - D:\Program Files\NETGEAR WG311v2 Adapter\wlancfg5.exe [2004-05-28 02:26:12]
Quicken Scheduled Updates.lnk - C:\Program Files\Quicken\bagent.exe [2003-07-30 05:49:48]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]
"hby"=C:\WINDOWS\system32\hby.exe
"oxuvl"=C:\WINDOWS\system32\oxuvl.exe
"wjt"=C:\WINDOWS\system32\wjt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf]
avgwlntf.dll 2007-05-09 19:17 9216 C:\WINDOWS\system32\avgwlntf.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddcdebx]
ddcdebx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sysfrcx]
sysfrcx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wineak32]
wineak32.dll

R0 ntcdrdrv;ntcdrdrv;C:\WINDOWS\system32\DRIVERS\ntcdrdrv.sys
R0 SonyLSM;LED State Service;C:\WINDOWS\system32\Drivers\SonyLSM.sys
R1 DMICall;Sony DMI Call service;C:\WINDOWS\system32\DRIVERS\DMICall.sys
R1 SCDEmu;SCDEmu;C:\WINDOWS\system32\drivers\SCDEmu.sys
R2 BCMNTIO;BCMNTIO;\??\C:\PROGRA~1\CheckIt\DIAGNO~1\BCMNTIO.sys
R2 MAPMEM;MAPMEM;\??\C:\PROGRA~1\CheckIt\DIAGNO~1\MAPMEM.sys
R2 VAIOMediaPlatform-MusicServer-HTTP;VAIO Media Music Server (HTTP);"C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-MusicServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\MusicServer\HTTP"
R2 VAIOMediaPlatform-MusicServer-UPnP;VAIO Media Music Server (UPnP);C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
R2 VAIOMediaPlatform-PhotoServer-HTTP;VAIO Media Photo Server (HTTP);"C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-PhotoServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\PhotoServer\HTTP"
R2 VAIOMediaPlatform-PhotoServer-UPnP;VAIO Media Photo Server (UPnP);C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
R2 VAIOMediaPlatform-VideoServer-HTTP;VAIO Media Video Server (HTTP);"C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-VideoServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\VideoServer\HTTP"
R2 VAIOMediaPlatform-VideoServer-UPnP;VAIO Media Video Server (UPnP);C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
R3 HidIr;Microsoft Infrared HID Driver;C:\WINDOWS\system32\DRIVERS\hidir.sys
R3 IrBus;Infrared bus filter driver for eHome remote controls;C:\WINDOWS\system32\DRIVERS\IrBus.sys
R3 netwg311;NETGEAR WG311v2 802.11g Wireless PCI Adapter;C:\WINDOWS\system32\DRIVERS\netwg311.sys
R3 pcouffin;VSO Software pcouffin;C:\WINDOWS\system32\Drivers\pcouffin.sys
R3 smrt;Sony MPEG RealTime encoder board;C:\WINDOWS\system32\DRIVERS\smrt.sys
R3 tbhsd;Tunebite High-Speed Dubbing;C:\WINDOWS\system32\drivers\tbhsd.sys
S2 NvNdis;NVIDIA NDIS IO Control Driver;\??\C:\WINDOWS\system32\Drivers\NvNdis.sys
S3 Bridge;MAC Bridge;C:\WINDOWS\system32\DRIVERS\bridge.sys
S3 BridgeMP;MAC Bridge Miniport;C:\WINDOWS\system32\DRIVERS\bridge.sys
S3 MR97310_USB_DUAL_CAMERA;CIF Dual-Mode Camera;C:\WINDOWS\system32\DRIVERS\mr97310c.sys
S3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Usnsvc usnsvc


Contents of the 'Scheduled Tasks' folder
2007-07-05 15:38:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
2005-02-09 03:50:00 C:\WINDOWS\Tasks\Registration reminder 1.job
2005-02-03 23:31:14 C:\WINDOWS\Tasks\Registration reminder 2.job - C:\WINDOWS\System32\OOBE\oobebaln.exe
2005-02-24 00:35:00 C:\WINDOWS\Tasks\Registration reminder 3.job - C:\WINDOWS\System32\OOBE\oobebaln.exe
2007-08-07 10:08:00 C:\WINDOWS\Tasks\Symantec NetDetect.job - C:\Program Files\Symantec\LiveUpdate\NDetect.exe

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-07 11:08:32
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-08-07 11:10:42 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-08-07 11:10

--- E O F ---



HJT:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:13:09 AM, on 8/7/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
D:\Avast\aswUpdSv.exe
D:\Avast\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ehome\ehSched.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Music\SSSvr.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Photo\appsrv\PhotoAppSrv.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
D:\Avast\ashMaiSv.exe
D:\Avast\ashWebSv.exe
C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\Program Files\SONY\sHotKey\sHotKey.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\program files\support.com\client\bin\tgcmd.exe
C:\WINDOWS\AGRSMMSG.exe
D:\qttask.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
D:\Avast\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
D:\Program Files\NETGEAR WG311v2 Adapter\wlancfg5.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Ian_man\Desktop\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - _{00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: (no name) - {C6CA9BAA-21E2-444A-A546-0EAEAFFCFC47} - C:\WINDOWS\system32\awvtu.dll (file missing)
O3 - Toolbar: (no name) - {53E0B6E8-A51D-448B-B692-40B67B285543} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [sHotKey] "C:\Program Files\SONY\sHotKey\sHotKey.exe"
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [ZTgServerSwitch] "c:\program files\support.com\client\bin\tgcmd.exe" /server
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [gcasServ] "D:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [=NOI] C:\windows\mrjj.exe
O4 - HKLM\..\Run: [F ma] C:\windows\mrjj.exe
O4 - HKLM\..\Run: [HP Software Update] D:\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Jyityi] C:\Program Files\Fiwkc\Qnhvk.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [wjt] C:\WINDOWS\system32\wjt.exe
O4 - HKLM\..\Run: [avast!] D:\Avast\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WinFixer2005] "C:\Program Files\WinFixer 2005\uwfx5.exe" /scan
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKLM\..\Policies\Explorer\Run: [hby] C:\WINDOWS\system32\hby.exe
O4 - HKLM\..\Policies\Explorer\Run: [oxuvl] C:\WINDOWS\system32\oxuvl.exe
O4 - HKLM\..\Policies\Explorer\Run: [wjt] C:\WINDOWS\system32\wjt.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [SetDefaultMidi] MIDIDEF.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [SetDefaultMidi] MIDIDEF.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [SetDefaultMidi] MIDIDEF.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [SetDefaultMidi] MIDIDEF.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = D:\Office10\OSA.EXE
O4 - Global Startup: NETGEAR WG311v2 Smart Configuration.lnk = D:\Program Files\NETGEAR WG311v2 Adapter\wlancfg5.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZNfox000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O15 - Trusted Zone: *.media-motor.net
O15 - Trusted Zone: http://www.neededware.com
O15 - Trusted Zone: *.popuppers.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O20 - Winlogon Notify: avgwlntf - C:\WINDOWS\SYSTEM32\avgwlntf.dll
O20 - Winlogon Notify: ddcdebx - ddcdebx.dll (file missing)
O20 - Winlogon Notify: sysfrcx - sysfrcx.dll (file missing)
O20 - Winlogon Notify: wineak32 - wineak32.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Avast\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\Avast\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Avast\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - D:\Avast\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Unknown owner - C:\Documents and Settings\Ian_man\Desktop\iPod\bin\iPodService.exe (file missing)
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NBService - Nero AG - D:\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SonicStageMonitoring - Sony Corporation - C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
O23 - Service: Sony TV Tuner Controller - Sony Corporation - C:\Program Files\Sony\Sony TV Tuner Library\halsv.exe
O23 - Service: Sony TV Tuner Manager - Sony Corporation - C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe
O23 - Service: Sony TVTA Manager - Sony Corporation - C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Music\SSSvr.exe
O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Photo\appsrv\PhotoAppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe
O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe

--
End of file - 12179 bytes


Even though my computer is riddled with viruses, I feel that this time I am determined to get through this...

(its running somewhat more smoothly as well)

I'll be back in around 5-8 hrs

Note: Use more than one post if you cannot get all the requested items in one post.


First:
You did not include the Vundo log. You will find it at C:\VundoFix.txt Open the log, then copy and paste its contents into your next post.


Second:
1. Please download [url=1. Please download The Avenger by Swandog46 to your Desktop.

• Click on Avenger.zip to open the file
• Extract avenger.exe to your desktop

2. Copy all the text (including the words 'Files to delete:') contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):



Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Now, start The Avenger program by clicking on its icon on your desktop.

• Under "Script file to execute" choose "Input Script Manually".
• Now click on the Magnifying Glass icon which will open a new window titled "View/edit script"
• Paste the text copied to clipboard into this window by pressing (Ctrl+V).
• Click Done
• Now click on the Green Light to begin execution of the script
• Answer "Yes" twice when prompted.

4. The Avenger will automatically do the following:

• It will Restart your computer. ( In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)
• On reboot, it will briefly open a black command window on your desktop, this is normal.
• After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
• The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.

5. Please copy/paste the content of c:\avenger.txt into your reply


[b]Third
Reboot in Safe Mode* and run HiJackThis. <-- IMPORTANT

Press the 'Scan' button and when done check the following items in HijackThis:
O2 - BHO: (no name) - {C6CA9BAA-21E2-444A-A546-0EAEAFFCFC47} - C:\WINDOWS\system32\awvtu.dll (file missing)

O3 - Toolbar: (no name) - {53E0B6E8-A51D-448B-B692-40B67B285543} - (no file)

O4 - HKLM\..\Run: [=NOI] C:\windows\mrjj.exe
O4 - HKLM\..\Run: [F ma] C:\windows\mrjj.exe
O4 - HKLM\..\Run: [wjt] C:\WINDOWS\system32\wjt.exe
O4 - HKCU\..\Run: [WinFixer2005] "C:\Program Files\WinFixer 2005\uwfx5.exe" /scan
O4 - HKLM\..\Policies\Explorer\Run: [hby] C:\WINDOWS\system32\hby.exe
O4 - HKLM\..\Policies\Explorer\Run: [oxuvl] C:\WINDOWS\system32\oxuvl.exe
O4 - HKLM\..\Policies\Explorer\Run: [wjt] C:\WINDOWS\system32\wjt.exe

O15 - Trusted Zone: *.media-motor.net
O15 - Trusted Zone: http://www.neededware.com
O15 - Trusted Zone: *.popuppers.com

O20 - Winlogon Notify: ddcdebx - ddcdebx.dll (file missing)
O20 - Winlogon Notify: sysfrcx - sysfrcx.dll (file missing)
O20 - Winlogon Notify: wineak32 - wineak32.dll (file missing)

Close all windows except HijackThis and click Fix checked.


While still in Safe Mode*, delete the following: (you may need to show hidden files**)
(Files specified without a full path will be located in C:\Windows\ or C:\Windows\System32\)
C:\Program Files\WinFixer 2005\ <--delete entire folder,

*How to Boot into Safe mode:
http://www.computerhope.com/issues/chsafe.htm

**Show Hidden and System files and folders: http://www.xtra.co.nz/help/0,,4155-1916458,00.html

Also, uncheck the boxes for hiding known file extensions and hiding protected operating system files. We want to see it all. When we finish here, it would be a good idea to rehide the protected operating system files but leave the rest to be shown.

Reboot in normal mode

Run HiJackThis again and post a new log in this thread.