I was downloading something... and suddenly desktop background became blue and in the middle, there is a text word saying that I have to get something about spy ware, otherwise someone can see my information and still the credit number etc. I also saw some motion of bugs crawling on the frame of the desktop and lead me to some sort of MS-DOS and closed immediately... I was kind of scared and changed the background the window XP.

Today, I turned off the computer and went to the school, but when I came back, the computer turned on by itself and downloaded WinIFixer and wants me to pay up to remove the hazardous viruses. It says it's recommended... The background also changed to blue screen with some text inserted again...

Apparently, I have some anti-virus program myself, but it didn't work

-AVG 7.5
-Ewido
-WindowXP

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:48:37 PM, on 5/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\cleardisk\cds.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\ctfmona.exe
C:\Program Files\WinIFixer\WinIFixer.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\DNA\btdna.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\XP Antivirus\xpa.exe
C:\PROGRA~1\Grisoft\AVGTCP~1\avgtcpsv.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Documents and Settings\Bobby Flake\Desktop\New Folder\New Folder\ZDWlan.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: {a9c03805-9c0f-357b-3564-a36c8daa3f22} - {22f3aad8-c63a-4653-b753-f0c950830c9a} - (no file)
O2 - BHO: (no name) - {2ABAAC42-84DF-4C00-89DA-BC7EB2B0E70B} - (no file)
O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: i-money - {5CE5E3F4-83D9-4F12-BF15-BC2A4373388B} - C:\PROGRA~1\i-money\i-money.dll
O2 - BHO: IBHO - {6F6B16DB-638D-4C18-BA8B-2FA1579BCC01} - C:\Program Files\ieguide_plus\niebhoplus.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {B0D121D7-D715-4D21-A153-E87C23E5787D} - C:\WINDOWS\system32\jkhfd.dll (file missing)
O2 - BHO: BaroGoExt Class - {E73566AB-CF36-4f6d-BEDF-43CFB9F72191} - C:\Program Files\BaroGo\BaroGoExt.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: (no name) - {11A69AE4-FBED-4832-A2BF-45AF82825583} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: BaroGo(&G) - {4062DB09-3D52-422c-9B6A-903963E1D84D} - C:\Program Files\BaroGo\BaroGo.dll
O3 - Toolbar: (no name) - {F98B413B-1D60-4E78-8F2A-A3E6A3327395} - (no file)
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: i-money - {AAA65B62-B0E1-418C-9FBF-28365F3603E9} - C:\PROGRA~1\i-money\i-money.dll
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [CDInit] C:\Program Files\cleardisk\CDInit.exe
O4 - HKLM\..\Run: [cds] C:\Program Files\cleardisk\cds.exe
O4 - HKLM\..\Run: [McRegWiz] C:\PROGRA~1\mcafee.com\agent\mcregwiz.exe /autorun
O4 - HKLM\..\Run: [DLBTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [f4cb9d37] rundll32.exe "C:\WINDOWS\system32\fpyvhmhn.dll",b
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ezautodesk] C:\Program Files\ezautodesk\ezautoupdate.exe
O4 - HKLM\..\Run: [ctfmona] C:\WINDOWS\system32\ctfmona.exe
O4 - HKLM\..\Run: [WinIFixer] C:\Program Files\WinIFixer\WinIFixer.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [e⁴熺혔蝶札橒袍慓饌熹證햇] C:\Program Files\XP Antivirus\xpa.exe
O4 - HKCU\..\Run: [ezsh] C:\Program Files\Ezshop\Ezshop.exe
O4 - HKCU\..\Run: [Fileguri] "C:\Program Files\Freechal\Fileguri\Fileguri.exe" PathFileguri /background
O4 - HKCU\..\Run: [BaroGo] C:\Program Files\BaroGo\BaroGoUpdate.exe
O4 - HKCU\..\Run: [ieguide_plus] C:\Program Files\ieguide_plus\ieguideupdate.exe
O4 - HKCU\..\Run: [i-money] C:\Program Files\i-money\i-money.exe
O4 - HKCU\..\Run: [ezautodesk] C:\Program Files\ezautodesk\ezautoupdate.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: ZDWLan Utility.lnk = C:\Documents and Settings\Bobby Flake\Desktop\New Folder\New Folder\ZDWlan.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: G¸¶AI - {1FCF3639-79A8-4b8d-A772-3AF5E30B4FB2} - http://event.go.co.kr/nbarcon/gm.php?bncode=ebiz (file missing)
O9 - Extra 'Tools' menuitem: Ao¸¶AI - {1FCF3639-79A8-4b8d-A772-3AF5E30B4FB2} - http://event.go.co.kr/nbarcon/gm.php?bncode=ebiz (file missing)
O9 - Extra button: ¿A¼C - {27269359-4EAA-4a25-A947-0FE3F7569A87} - http://event.go.co.kr/nbarcon/au.php?bncode=ebiz (file missing)
O9 - Extra 'Tools' menuitem: ¿A¼C - {27269359-4EAA-4a25-A947-0FE3F7569A87} - http://event.go.co.kr/nbarcon/au.php?bncode=ebiz (file missing)
O9 - Extra button: ¸Þ°¡Æнº¹≪·a¿μE* - {34657659-05A7-48dc-8883-665470D4EAB2} - http://event.go.co.kr/megapass/event.php?pid=ebiz (file missing)
O9 - Extra 'Tools' menuitem: ¸Þ°¡Æнº¹≪·a¿μE* - {34657659-05A7-48dc-8883-665470D4EAB2} - http://event.go.co.kr/megapass/event.php?pid=ebiz (file missing)
O9 - Extra button: Internet Cigar Store - {37AD4B83-9515-433A-866B-BED686C86838} - http://app.dambaeshop.com/index.html (file missing)
O9 - Extra 'Tools' menuitem: Cigar - {37AD4B83-9515-433A-866B-BED686C86838} - http://app.dambaeshop.com/index.html (file missing)
O9 - Extra button: CJmall - {42747F7B-C6D2-47ff-8660-704476BB7AB9} - http://event.go.co.kr/nbarcon/c.php?bncode=ebiz (file missing)
O9 - Extra 'Tools' menuitem: CJmall - {42747F7B-C6D2-47ff-8660-704476BB7AB9} - http://event.go.co.kr/nbarcon/c.php?bncode=ebiz (file missing)
O9 - Extra button: HP A￢¸³ºI - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: ½A¿eA≪μa/´eAa - {5D5855BD-8387-4e57-A017-847923EC8846} - http://yesmoney.co.kr/ (file missing)
O9 - Extra 'Tools' menuitem: ½A¿eA≪μa/´eAa - {5D5855BD-8387-4e57-A017-847923EC8846} - http://yesmoney.co.kr/ (file missing)
O9 - Extra button: AIAIÆAAⓒ - {6737EDAA-8BC6-4f6d-B1DC-AE9E65DDC5FC} - http://event.go.co.kr/nbarcon/i.php?bncode=ebiz (file missing)
O9 - Extra 'Tools' menuitem: AIAIÆAAⓒ - {6737EDAA-8BC6-4f6d-B1DC-AE9E65DDC5FC} - http://event.go.co.kr/nbarcon/i.php?bncode=ebiz (file missing)
O9 - Extra button: HP ½º¸¶Æ® ¼±AA - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.filenori.co.kr
O15 - Trusted Zone: http://*.filenori.com
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {9CDD57AC-CA86-464C-B920-3228A388CC78} (NaverFileControl Control) - http://file.naver.com/activex/NaverFile.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is...79/mcfscan.cab
O16 - DPF: {F0320816-41D9-49DD-B2F3-8E7B0AE32796} (AFCStarter Control) - http://live.afreeca.com:8057/AFCStarter.cab
O16 - DPF: {F2965546-AD6C-4C52-8A80-2A336FB50CA8} (FilenoriDownloadControl Control) - http://www.filenori.com/app/FilenoriDownloadControl.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.74 85.255.112.86
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.74 85.255.112.86
O18 - Protocol: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: cdl - {3DD53D40-7B8B-11D0-B013-00AA0059CE02} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL
O18 - Protocol: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll
O18 - Protocol: file - {79EAC9E7-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: ftp - {79EAC9E3-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: gopher - {79EAC9E4-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: http - {79EAC9E2-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: https - {79EAC9E5-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: ipp - (no CLSID) - (no file)
O18 - Protocol: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll
O18 - Protocol: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: local - {79EAC9E7-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: mailto - {3050F3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: mhtml - {05300401-BCBC-11D0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll
O18 - Protocol: mk - {79EAC9E6-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
O18 - Protocol: msdaipp - (no CLSID) - (no file)
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: sysimage - {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll
O18 - Protocol: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll
O20 - Winlogon Notify: gihtigbg - gihtigbg.dll (file missing)
O20 - Winlogon Notify: vtutu - C:\WINDOWS\system32\vtutu.dll (file missing)
O20 - Winlogon Notify: yayyaww - yayyaww.dll (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: AVG7 TCP Server (AVGTCPSv) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGTCP~1\avgtcpsv.exe
O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\yucvmfbp.exe (file missing)
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: npkcmsvc - Unknown owner - C:\Program Files\Nexon\¹U¶÷AC³ª¶o\npkcmsvc.exe (file missing)
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 17710 bytes

Please visit this webpage for instructions on installing recovery console and downloading/running ComboFix.

Post the log from ComboFix along with a new HijackThis log.

I knew it... this WinlFixer must have been the virus...



ComboFix 08-05-08.1 - Bobby Flake 2008-05-09 14:43:16.1 - NTFSx86
Running from: C:\Documents and Settings\Bobby Flake\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Desktop\WinIFixer.lnk
C:\Documents and Settings\All Users\Start Menu\Live Safety Center.lnk
C:\Documents and Settings\All Users\Start Menu\Online Security Guide.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\WinIFixer
C:\Documents and Settings\All Users\Start Menu\Programs\WinIFixer\License Agreement.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\WinIFixer\Register.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\WinIFixer\Uninstall.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\WinIFixer\WinIFixer.lnk
C:\Documents and Settings\Bobby Flake\Application Data\Microsoft\Internet Explorer\Quick Launch\WinIFixer.lnk
C:\Documents and Settings\Bobby Flake\Application Data\WinIFixer.com
C:\Documents and Settings\Bobby Flake\Local Settings\Temporary Internet Files\SKBGM.cfg
C:\Documents and Settings\Bobby Flake\Local Settings\Temporary Internet Files\SKBGM0.che
C:\Documents and Settings\Bobby Flake\Local Settings\Temporary Internet Files\SKBGM1.che
C:\Documents and Settings\Bobby Flake\Local Settings\Temporary Internet Files\SKBGM2.che
C:\Documents and Settings\Bobby Flake\Local Settings\Temporary Internet Files\SKBGM3.che
C:\Documents and Settings\Bobby Flake\Local Settings\Temporary Internet Files\SKBGM4.che
C:\Documents and Settings\Bobby Flake\Local Settings\Temporary Internet Files\SKBGM5.che
C:\Documents and Settings\Bobby Flake\Local Settings\Temporary Internet Files\SKBGM6.che
C:\Documents and Settings\Bobby Flake\Local Settings\Temporary Internet Files\SKBGM7.che
C:\Documents and Settings\Bobby Flake\Local Settings\Temporary Internet Files\SKBGM8.che
C:\Documents and Settings\Bobby Flake\Local Settings\Temporary Internet Files\SKBGM9.che
C:\Documents and Settings\Bobby Flake\Start Menu\XP Antivirus 2008
C:\Documents and Settings\Bobby Flake\Start Menu\XP Antivirus 2008\Uninstall XP Antivirus 2008.lnk
C:\Documents and Settings\Bobby Flake\Start Menu\XP Antivirus 2008\XP Antivirus 2008.lnk
C:\Program Files\Common Files\Yazzle1281OinUninstaller.exe
C:\Program Files\video activex access
C:\Program Files\WinIFixer
C:\Program Files\WinIFixer\database.dat
C:\Program Files\WinIFixer\license.txt
C:\Program Files\WinIFixer\MFC71.dll
C:\Program Files\WinIFixer\MFC71ENU.DLL
C:\Program Files\WinIFixer\msvcp71.dll
C:\Program Files\WinIFixer\msvcr71.dll
C:\Program Files\WinIFixer\Uninstall.exe
C:\Program Files\WinIFixer\WinIFixer.exe
C:\Program Files\WinIFixer\WinIFixer.exe.local
C:\Program Files\WinIFixer\WinIFixerSkin.dll
C:\Program Files\XP Antivirus
C:\Program Files\XP Antivirus\xpa.exe
C:\Temp\bkR11
C:\Temp\tpBe12
C:\WINDOWS\Downloaded Program Files\SZ
C:\WINDOWS\Downloaded Program Files\SZ\acaloge.dll
C:\WINDOWS\Downloaded Program Files\SZ\ahnchkpy.dll
C:\WINDOWS\Downloaded Program Files\SZ\ahnctlkd.dll
C:\WINDOWS\Downloaded Program Files\SZ\ahnflt2k.sys
C:\WINDOWS\Downloaded Program Files\SZ\ahnfltnt.sys
C:\WINDOWS\Downloaded Program Files\SZ\ahni18n2.dll
C:\WINDOWS\Downloaded Program Files\SZ\ahnrec2k.sys
C:\WINDOWS\Downloaded Program Files\SZ\ahnrghnt.sys
C:\WINDOWS\Downloaded Program Files\SZ\ahnsze.dll
C:\WINDOWS\Downloaded Program Files\SZ\ahnupctl.dll
C:\WINDOWS\Downloaded Program Files\SZ\ahnupex.dll
C:\WINDOWS\Downloaded Program Files\SZ\aszalert.dll
C:\WINDOWS\Downloaded Program Files\SZ\aszflt.dll
C:\WINDOWS\Downloaded Program Files\SZ\aszfltnt.sys
C:\WINDOWS\Downloaded Program Files\SZ\aszlog.dll
C:\WINDOWS\Downloaded Program Files\SZ\aszundo.dll
C:\WINDOWS\Downloaded Program Files\SZ\data\ahnszds.szd
C:\WINDOWS\Downloaded Program Files\SZ\data\ahnszhs.szd
C:\WINDOWS\Downloaded Program Files\SZ\data\ahnszns.szd
C:\WINDOWS\Downloaded Program Files\SZ\driver\acalogdf.drv
C:\WINDOWS\Downloaded Program Files\SZ\lang\en_us.dll
C:\WINDOWS\Downloaded Program Files\SZ\lang\jp_jp.dll
C:\WINDOWS\Downloaded Program Files\SZ\lang\ko_kr.dll
C:\WINDOWS\Downloaded Program Files\SZ\lang\zh_cn.dll
C:\WINDOWS\Downloaded Program Files\SZ\nls\aszl0411.nls
C:\WINDOWS\Downloaded Program Files\SZ\nls\aszl0412.nls
C:\WINDOWS\Downloaded Program Files\SZ\nls\aszl0804.nls
C:\WINDOWS\Downloaded Program Files\SZ\nls\rts0411.nls
C:\WINDOWS\Downloaded Program Files\SZ\nls\rts0412.nls
C:\WINDOWS\Downloaded Program Files\SZ\nls\rts0804.nls
C:\WINDOWS\Downloaded Program Files\SZ\psapi.dll
C:\WINDOWS\Downloaded Program Files\SZ\rmszrts.dll
C:\WINDOWS\Downloaded Program Files\SZ\rtsmon.exe
C:\WINDOWS\Downloaded Program Files\SZ\skin\alertbg.bmp
C:\WINDOWS\Downloaded Program Files\SZ\skin\bg_79_array.bmp
C:\WINDOWS\Downloaded Program Files\SZ\skin\bg_83_array.bmp
C:\WINDOWS\Downloaded Program Files\SZ\skin\bg_90_array.bmp
C:\WINDOWS\Downloaded Program Files\SZ\skin\bg_96_array.bmp
C:\WINDOWS\Downloaded Program Files\SZ\skin\btn_116_disable.bmp
C:\WINDOWS\Downloaded Program Files\SZ\skin\btn_116_focus.bmp
C:\WINDOWS\Downloaded Program Files\SZ\skin\btn_116_normal.bmp
C:\WINDOWS\Downloaded Program Files\SZ\skin\btn_116_pushed.bmp
C:\WINDOWS\Downloaded Program Files\SZ\skin\btn_77_disable.bmp
C:\WINDOWS\Downloaded Program Files\SZ\skin\btn_77_focus.bmp
C:\WINDOWS\Downloaded Program Files\SZ\skin\btn_77_mask.bmp
C:\WINDOWS\Downloaded Program Files\SZ\skin\btn_77_normal.bmp
C:\WINDOWS\Downloaded Program Files\SZ\skin\btn_77_pushed.bmp
C:\WINDOWS\Downloaded Program Files\SZ\skin\bullet_1.bmp
C:\WINDOWS\Downloaded Program Files\SZ\skin\button_click.bmp
C:\WINDOWS\Downloaded Program Files\SZ\skin\button_disabled.bmp
C:\WINDOWS\Downloaded Program Files\SZ\skin\button_focus.bmp
C:\WINDOWS\Downloaded Program Files\SZ\skin\button_normal.bmp
C:\WINDOWS\Downloaded Program Files\SZ\skin\button_over.bmp
C:\WINDOWS\Downloaded Program Files\SZ\skin\en_us\popup_advanced.bmp
C:\WINDOWS\Downloaded Program Files\SZ\skin\en_us\popup_default.bmp
C:\WINDOWS\Downloaded Program Files\SZ\skin\icon_off.bmp
C:\WINDOWS\Downloaded Program Files\SZ\skin\icon_on.bmp
C:\WINDOWS\Downloaded Program Files\SZ\skin\jp_jp\popup_advanced.bmp
C:\WINDOWS\Downloaded Program Files\SZ\skin\jp_jp\popup_default.bmp
C:\WINDOWS\Downloaded Program Files\SZ\skin\ko_kr\popup_advanced.bmp
C:\WINDOWS\Downloaded Program Files\SZ\skin\ko_kr\popup_default.bmp
C:\WINDOWS\Downloaded Program Files\SZ\skin\list_in.bmp
C:\WINDOWS\Downloaded Program Files\SZ\skin\more_button_disabled.bmp
C:\WINDOWS\Downloaded Program Files\SZ\skin\more_button_normal.bmp
C:\WINDOWS\Downloaded Program Files\SZ\skin\more_button_over.bmp
C:\WINDOWS\Downloaded Program Files\SZ\skin\tab_report_normal.bmp
C:\WINDOWS\Downloaded Program Files\SZ\skin\tab_report_sel.bmp
C:\WINDOWS\Downloaded Program Files\SZ\skin\trayicon_disable.ico
C:\WINDOWS\Downloaded Program Files\SZ\skin\trayicon_loading.ico
C:\WINDOWS\Downloaded Program Files\SZ\skin\trayicon_normal.ico
C:\WINDOWS\Downloaded Program Files\SZ\skin\zh_cn\popup_advanced.bmp
C:\WINDOWS\Downloaded Program Files\SZ\skin\zh_cn\popup_default.bmp
C:\WINDOWS\Downloaded Program Files\SZ\spyzero.exe
C:\WINDOWS\Downloaded Program Files\SZ\supdate.log
C:\WINDOWS\Downloaded Program Files\SZ\v3hunt.dll
C:\WINDOWS\Downloaded Program Files\SZ\v3inetex.dll
C:\WINDOWS\Downloaded Program Files\update
C:\WINDOWS\Downloaded Program Files\update\ahn.ui
C:\WINDOWS\Downloaded Program Files\update\ahnupctl.dll
C:\WINDOWS\Downloaded Program Files\update\autoup.exe
C:\WINDOWS\Downloaded Program Files\update\v3bz32.dll
C:\WINDOWS\Downloaded Program Files\update\win\e\sz\echo\ahnsze.dl-
C:\WINDOWS\Downloaded Program Files\update\win\e\sz\sign\ahnszds.sz-
C:\WINDOWS\Downloaded Program Files\update\win\e\sz\sign\ahnszhs.sz-
C:\WINDOWS\Downloaded Program Files\update\win\e\sz\sign\ahnszns.sz-
C:\WINDOWS\Downloaded Program Files\update\win\p\spyzero\driver\acalogdf.dr-
C:\WINDOWS\Downloaded Program Files\update\win\p\spyzero\lang\en_us.dl-
C:\WINDOWS\Downloaded Program Files\update\win\p\spyzero\lang\jp_jp.dl-
C:\WINDOWS\Downloaded Program Files\update\win\p\spyzero\lang\ko_kr.dl-
C:\WINDOWS\Downloaded Program Files\update\win\p\spyzero\lang\zh_cn.dl-
C:\WINDOWS\Downloaded Program Files\update\win\p\spyzero\nls\aszl0411.nl-
C:\WINDOWS\Downloaded Program Files\update\win\p\spyzero\nls\aszl0412.nl-
C:\WINDOWS\Downloaded Program Files\update\win\p\spyzero\nls\aszl0804.nl-
C:\WINDOWS\Downloaded Program Files\update\win\p\spyzero\nls\rts0411.nl-
C:\WINDOWS\Downloaded Program Files\update\win\p\spyzero\nls\rts0412.nl-
C:\WINDOWS\Downloaded Program Files\update\win\p\spyzero\nls\rts0804.nl-
C:\WINDOWS\Downloaded Program Files\update\win\p\spyzero\r\acaloge.dl-
C:\WINDOWS\Downloaded Program Files\update\win\p\spyzero\r\ahnchkpy.dl-
C:\WINDOWS\Downloaded Program Files\update\win\p\spyzero\r\ahnctlkd.dl-
C:\WINDOWS\Downloaded Program Files\update\win\p\spyzero\r\ahnflt2k.sy-
C:\WINDOWS\Downloaded Program Files\update\win\p\spyzero\r\ahnfltnt.sy-
C:\WINDOWS\Downloaded Program Files\update\win\p\spyzero\r\ahni18n2.dl-
C:\WINDOWS\Downloaded Program Files\update\win\p\spyzero\r\ahnrec2k.sy-
C:\WINDOWS\Downloaded Program Files\update\win\p\spyzero\r\ahnrghnt.sy-
C:\WINDOWS\Downloaded Program Files\update\win\p\spyzero\r\ahnupctl.dl-
C:\WINDOWS\Downloaded Program Files\update\win\p\spyzero\r\ahnupex.dl-
C:\WINDOWS\Downloaded Program Files\update\win\p\spyzero\r\aszalert.dl-
C:\WINDOWS\Downloaded Program Files\update\win\p\spyzero\r\aszflt.dl-
C:\WINDOWS\Downloaded Program Files\update\win\p\spyzero\r\aszfltnt.sy-
C:\WINDOWS\Downloaded Program Files\update\win\p\spyzero\r\aszlog.dl-
C:\WINDOWS\Downloaded Program Files\update\win\p\spyzero\r\aszundo.dl-
C:\WINDOWS\Downloaded Program Files\update\win\p\spyzero\r\psapi.dl-
C:\WINDOWS\Downloaded Program Files\update\win\p\spyzero\r\rmszrts.dl-
C:\WINDOWS\Downloaded Program Files\update\win\p\spyzero\r\rtsmon.ex-
C:\WINDOWS\Downloaded Program Files\update\win\p\spyzero\r\spyzero.ex-
C:\WINDOWS\Downloaded Program Files\update\win\p\spyzero\r\v3hunt.dl-
C:\WINDOWS\Downloaded Program Files\update\win\p\spyzero\r\v3inetex.dl-
C:\WINDOWS\Downloaded Program Files\update\win\p\spyzero\skin\en_us\popup_advanced.bm-
C:\WINDOWS\Downloaded Program Files\update\win\p\spyzero\skin\en_us\popup_default.bm-
C:\WINDOWS\Downloaded Program Files\update\win\p\spyzero\skin\jp_jp\popup_advanced.bm-
C:\WINDOWS\Downloaded Program Files\update\win\p\spyzero\skin\jp_jp\popup_default.bm-
C:\WINDOWS\Downloaded Program Files\update\win\p\spyzero\skin\ko_kr\popup_advanced.bm-
C:\WINDOWS\Downloaded Program Files\update\win\p\spyzero\skin\ko_kr\popup_default.bm-
C:\WINDOWS\Downloaded Program Files\update\win\p\spyzero\skin\r\alertbg.bm-
C:\WINDOWS\Downloaded Program Files\update\win\p\spyzero\skin\r\bg_79_array.bm-
C:\WINDOWS\Downloaded Program Files\update\win\p\spyzero\skin\r\bg_83_array.bm-
C:\WINDOWS\Downloaded Program Files\update\win\p\spyzero\skin\r\bg_90_array.bm-
C:\WINDOWS\Downloaded Program Files\update\win\p\spyzero\skin\r\bg_96_array.bm-
C:\WINDOWS\Downloaded Program Files\update\win\p\spyzero\skin\r\btn_116_disable.bm-
C:\WINDOWS\Downloaded Program Files\update\win\p\spyzero\skin\r\btn_116_focus.bm-
C:\WINDOWS\Downloaded Program Files\update\win\p\spyzero\skin\r\btn_116_normal.bm-
C:\WINDOWS\Downloaded Program Files\update\win\p\spyzero\skin\r\btn_116_pushed.bm-
C:\WINDOWS\Downloaded Program Files\update\win\p\spyzero\skin\r\btn_77_disable.bm-
C:\WINDOWS\Downloaded Program Files\update\win\p\spyzero\skin\r\btn_77_focus.bm-
C:\WINDOWS\Downloaded Program Files\update\win\p\spyzero\skin\r\btn_77_mask.bm-
C:\WINDOWS\Downloaded Program Files\update\win\p\spyzero\skin\r\btn_77_normal.bm-
C:\WINDOWS\Downloaded Program Files\update\win\p\spyzero\skin\r\btn_77_pushed.bm-
C:\WINDOWS\Downloaded Program Files\update\win\p\spyzero\skin\r\bullet_1.bm-
C:\WINDOWS\Downloaded Program Files\update\win\p\spyzero\skin\r\button_click.bm-
C:\WINDOWS\Downloaded Program Files\update\win\p\spyzero\skin\r\button_disabled.bm-
C:\WINDOWS\Downloaded Program Files\update\win\p\spyzero\skin\r\button_focus.bm-
C:\WINDOWS\Downloaded Program Files\update\win\p\spyzero\skin\r\button_normal.bm-
C:\WINDOWS\Downloaded Program Files\update\win\p\spyzero\skin\r\button_over.bm-
C:\WINDOWS\Downloaded Program Files\update\win\p\spyzero\skin\r\icon_off.bm-
C:\WINDOWS\Downloaded Program Files\update\win\p\spyzero\skin\r\icon_on.bm-
C:\WINDOWS\Downloaded Program Files\update\win\p\spyzero\skin\r\list_in.bm-
C:\WINDOWS\Downloaded Program Files\update\win\p\spyzero\skin\r\more_button_disabled.bm-
C:\WINDOWS\Downloaded Program Files\update\win\p\spyzero\skin\r\more_button_normal.bm-
C:\WINDOWS\Downloaded Program Files\update\win\p\spyzero\skin\r\more_button_over.bm-
C:\WINDOWS\Downloaded Program Files\update\win\p\spyzero\skin\r\tab_report_normal.bm-
C:\WINDOWS\Downloaded Program Files\update\win\p\spyzero\skin\r\tab_report_sel.bm-
C:\WINDOWS\Downloaded Program Files\update\win\p\spyzero\skin\r\trayicon_disable.ic-
C:\WINDOWS\Downloaded Program Files\update\win\p\spyzero\skin\r\trayicon_loading.ic-
C:\WINDOWS\Downloaded Program Files\update\win\p\spyzero\skin\r\trayicon_normal.ic-
C:\WINDOWS\Downloaded Program Files\update\win\p\spyzero\skin\zh_cn\popup_advanced.bm-
C:\WINDOWS\Downloaded Program Files\update\win\p\spyzero\skin\zh_cn\popup_default.bm-
C:\WINDOWS\system32\AutoRun.inf
C:\WINDOWS\system32\bszip.dll
C:\WINDOWS\system32\ctfmona.exe
C:\WINDOWS\system32\dfhkj.ini
C:\WINDOWS\system32\dfhkj.ini2
C:\WINDOWS\system32\gihtigbg.dllbox
C:\WINDOWS\system32\ineWc01
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\pac.txt

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_DOMAINSERVICE
-------\Service_DomainService


((((((((((((((((((((((((( Files Created from 2008-04-09 to 2008-05-09 )))))))))))))))))))))))))))))))
.

2008-05-07 15:57 . 2008-05-07 15:57 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-06 14:52 . 2008-05-09 13:29 160,256 --a------ C:\WINDOWS\system32\blackster.scr
2008-05-06 14:52 . 2008-05-06 14:52 1 --a------ C:\WINDOWS\system32\kr_done1de
2008-05-06 14:51 . 2008-05-09 13:29 269,334 --a------ C:\WINDOWS\system32\ctfmonb.bmp
2008-05-03 14:24 . 2008-05-06 01:12 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-05-03 14:24 . 2008-05-03 14:24 1,409 --a------ C:\WINDOWS\QTFont.for
2008-05-02 15:40 . 2008-05-02 15:40 <DIR> d-------- C:\Program Files\MSXML 6.0
2008-05-01 21:21 . 2008-05-09 14:55 <DIR> d-------- C:\Program Files\i-money
2008-05-01 21:21 . 2008-05-09 14:50 <DIR> d-------- C:\Program Files\ezautodesk
2008-05-01 21:20 . 2008-05-01 21:22 <DIR> d-------- C:\Program Files\s-money
2008-05-01 21:20 . 2008-05-09 14:50 <DIR> d-------- C:\Program Files\ieguide_plus
2008-05-01 21:20 . 2008-05-02 16:54 <DIR> d-------- C:\Program Files\eDonkeyP2P
2008-05-01 21:19 . 2008-05-09 14:50 <DIR> d-------- C:\Program Files\BaroGo
2008-05-01 21:09 . 2008-05-01 21:11 <DIR> d-------- C:\Program Files\Freechal
2008-05-01 21:09 . 2008-05-01 21:10 4,435,456 --a------ C:\FileguriProSetup_2.89.exe
2008-05-01 20:50 . 2008-05-01 20:50 285 --a------ C:\WINDOWS\system32\filenori.ini
2008-05-01 20:50 . 2008-05-01 20:50 38 --a------ C:\WINDOWS\system32\FileNoriFavoriteSetup.ses
2008-05-01 20:50 . 2008-05-01 20:50 23 --a------ C:\WINDOWS\system32\FilenoriDomainSetup.ses
2008-05-01 18:39 . 2008-05-02 16:48 <DIR> d-------- C:\Program Files\Ezshop
2008-05-01 18:36 . 2008-05-01 18:39 <DIR> d-------- C:\Program Files\QFile
2008-04-30 21:57 . 2008-04-30 21:57 <DIR> d-------- C:\Program Files\MSBuild
2008-04-30 21:54 . 2008-04-30 21:54 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2008-04-30 21:53 . 2008-04-30 21:53 <DIR> d-------- C:\Program Files\Reference Assemblies
2008-04-30 21:52 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2008-04-30 21:45 . 2008-04-30 21:46 <DIR> d-------- C:\instwork
2008-04-30 21:45 . 2008-04-30 21:45 9,032 --a------ C:\B2E.tmp
2008-04-30 21:27 . 2008-05-01 20:15 12,461,568 --a------ C:\veoh.msi
2008-04-30 21:27 . 2008-05-01 20:14 128,625 --a------ C:\setup.isn
2008-04-30 21:27 . 2008-05-01 20:14 6,129 --a------ C:\0x0409.ini
2008-04-30 21:27 . 2008-05-01 20:14 2,059 --a------ C:\Setup.INI
2008-04-29 20:25 . 2008-04-30 22:08 <DIR> d-------- C:\Program Files\afreeca
2008-04-23 19:13 . 2008-04-23 19:13 <DIR> d-------- C:\Documents and Settings\Bobby Flake\Application Data\Image Zone Express
2008-04-23 19:03 . 2004-09-29 12:14 69,632 --a------ C:\WINDOWS\system32\HPZipm12.exe
2008-04-23 19:03 . 2004-09-29 12:08 61,440 --a------ C:\WINDOWS\system32\HPZinw12.exe
2008-04-23 18:59 . 2008-04-23 19:10 113,143 --a------ C:\WINDOWS\hpoins07.dat
2008-04-23 18:59 . 2005-05-23 23:52 21,124 --------- C:\WINDOWS\hpomdl07.dat
2008-04-21 17:05 . 2008-04-21 17:05 754 --a------ C:\WINDOWS\WORDPAD.INI

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-09 21:49 --------- d-----w C:\Documents and Settings\Bobby Flake\Application Data\DNA
2008-05-09 15:00 --------- d-----w C:\Documents and Settings\Bobby Flake\Application Data\AVG7
2008-05-06 00:19 42,124 ----a-w C:\Documents and Settings\Bobby Flake\Application Data\wklnhst.dat
2008-05-05 22:46 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-05 08:43 --------- d-----w C:\Documents and Settings\Bobby Flake\Application Data\BitTorrent
2008-05-02 04:07 --------- d-----w C:\Documents and Settings\Bobby Flake\Application Data\MegauploadToolbar
2008-04-30 03:26 2,801,756 ----a-w C:\WINDOWS\system32\libmmd.dll
2008-04-24 02:13 --------- d-----w C:\Documents and Settings\Bobby Flake\Application Data\HP
2008-04-24 02:08 --------- d-----w C:\Program Files\HP
2008-04-24 02:08 --------- d-----w C:\Program Files\Common Files\HP
2008-04-03 16:36 12,296,458 ------w C:\avg7qt.dat
2008-03-28 22:21 --------- d-----w C:\Program Files\Dl_cats
2008-03-28 20:45 --------- d-----w C:\Program Files\DNA
2008-03-28 20:45 --------- d-----w C:\Program Files\BitTorrent
2008-03-28 14:38 --------- d-----w C:\Documents and Settings\Bobby Flake\Application Data\AdobeUM
2008-03-21 16:04 --------- d-----w C:\Program Files\XLink Kai Evolution VII
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-19 09:47 1,845,248 ------w C:\WINDOWS\system32\dllcache\win32k.sys
2008-03-02 01:36 3,591,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-02-29 08:55 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-02-29 08:55 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-02-29 01:13 32,768 ----a-w C:\WINDOWS\system32\niebgt.dll
2008-02-26 02:36 114,688 ----a-w C:\WINDOWS\system32\url2.dll
2008-02-22 10:00 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 06:51 282,624 ------w C:\WINDOWS\system32\dllcache\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-20 05:32 45,568 ------w C:\WINDOWS\system32\dllcache\dnsrslvr.dll
2008-02-20 05:32 148,992 ------w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-02-15 05:44 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
2006-01-24 04:32 78,176 ----a-w C:\Documents and Settings\Bobby Flake\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5CE5E3F4-83D9-4F12-BF15-BC2A4373388B}]
2008-04-24 20:39 299008 --a------ C:\PROGRA~1\i-money\i-money.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6F6B16DB-638D-4C18-BA8B-2FA1579BCC01}]
2008-04-28 00:44 358680 --a------ C:\Program Files\ieguide_plus\niebhoplus.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B0D121D7-D715-4D21-A153-E87C23E5787D}]
C:\WINDOWS\system32\jkhfd.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E73566AB-CF36-4f6d-BEDF-43CFB9F72191}]
2008-01-23 21:56 81920 --a------ C:\Program Files\BaroGo\BaroGoExt.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{4062DB09-3D52-422C-9B6A-903963E1D84D}"= "C:\Program Files\BaroGo\BaroGo.dll" [2008-02-14 01:11 204800]
"{AAA65B62-B0E1-418C-9FBF-28365F3603E9}"= "C:\PROGRA~1\i-money\i-money.dll" [2008-04-24 20:39 299008]

[HKEY_CLASSES_ROOT\clsid\{4062db09-3d52-422c-9b6a-903963e1d84d}]
[HKEY_CLASSES_ROOT\BaroGo.BaroGo.1]
[HKEY_CLASSES_ROOT\TypeLib\{A8FC45E7-3AEC-432e-8419-E07C204C92F8}]
[HKEY_CLASSES_ROOT\BaroGo.BaroGo]

[HKEY_CLASSES_ROOT\clsid\{aaa65b62-b0e1-418c-9fbf-28365f3603e9}]
[HKEY_CLASSES_ROOT\i-money.ToolBar.1]
[HKEY_CLASSES_ROOT\TypeLib\{6CFD3AF3-1BA5-442A-AC3E-A1C1E8CB05FD}]
[HKEY_CLASSES_ROOT\i-money.ToolBar]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{4062DB09-3D52-422C-9B6A-903963E1D84D}"= C:\Program Files\BaroGo\BaroGo.dll [2008-02-14 01:11 204800]

[HKEY_CLASSES_ROOT\clsid\{4062db09-3d52-422c-9b6a-903963e1d84d}]
[HKEY_CLASSES_ROOT\BaroGo.BaroGo.1]
[HKEY_CLASSES_ROOT\TypeLib\{A8FC45E7-3AEC-432e-8419-E07C204C92F8}]
[HKEY_CLASSES_ROOT\BaroGo.BaroGo]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 13:54 5674352]
"DellSupport"="C:\Program Files\Dell Support\DSAgnt.exe" [ ]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:00 15360]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2007-10-04 08:20 50528]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-12-09 18:48 171448]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-05-07 22:19 289088]
"e⁴熺혔蝶札橒袍慓饌熹證햇"="C:\Program Files\XP Antivirus\xpa.exe" [ ]
"ezsh"="C:\Program Files\Ezshop\Ezshop.exe" [ ]
"Fileguri"="C:\Program Files\Freechal\Fileguri\Fileguri.exe" [ ]
"BaroGo"="C:\Program Files\BaroGo\BaroGoUpdate.exe" [2008-03-27 22:40 516096]
"ieguide_plus"="C:\Program Files\ieguide_plus\ieguideupdate.exe" [2008-04-30 22:00 516096]
"i-money"="C:\Program Files\i-money\i-money.exe" [2008-04-29 05:25 32768]
"ezautodesk"="C:\Program Files\ezautodesk\ezautoupdate.exe" [2008-03-03 18:28 536576]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2008-04-01 18:35 3587120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 18:12 221184]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-07-13 22:59 98304]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-05 23:05 127035]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 14:50 221184]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 14:50 81920]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 03:00 208952]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 03:00 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 03:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 03:00 455168]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-09-20 10:35 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-09-20 10:32 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-09-20 10:36 114688]
"CDInit"="C:\Program Files\cleardisk\CDInit.exe" [ ]
"cds"="C:\Program Files\cleardisk\cds.exe" [2006-04-05 06:36 29184]
"McRegWiz"="C:\PROGRA~1\mcafee.com\agent\mcregwiz.exe" [ ]
"DLBTCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll" [2004-11-09 14:41 69632]
"AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [ ]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 18:20 866584]
"YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [ ]
"f4cb9d37"="C:\WINDOWS\system32\fpyvhmhn.dll" [ ]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 22:34 49152]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-04-15 17:26 579584]
"ezautodesk"="C:\Program Files\ezautodesk\ezautoupdate.exe" [2008-03-03 18:28 536576]
"ctfmona"="C:\WINDOWS\system32\ctfmona.exe" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 15:38 39264]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-03-02 21:57 219136]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2006-10-04 01:48 53760 C:\WINDOWS\system32\narrator.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gihtigbg]
gihtigbg.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtutu]
C:\WINDOWS\system32\vtutu.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\yayyaww]
yayyaww.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.msaudio1"= msaud32a.acm
"msacm.l3acm"= l3codecp.acm
"vidc.XVID"= xvid.dll
"vidc.H264"= hdot264.dll
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"vidc.MPG4"= mpg4c32a.dll
"vidc.MP42"= mpg4c32b.dll
"vidc.MP43"= mpg4c32c.dll
"vidc.MJPG"= m3jpeg32.dll
"vidc.MJ2C"= m3jp2k32.dll
"msacm.divxa32"= msaud32a.acm
"msacm.ivimp3en"= ivimp3en.acm

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=C:\WINDOWS\pss\QuickBooks Update Agent.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
--------- 2005-02-23 14:19 53248 C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
--a------ 2005-09-20 10:32 77824 C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
--a------ 2005-09-20 10:35 94208 C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
--a------ 2005-07-13 22:59 26112 C:\Program Files\Real\RealPlayer\RealPlay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Run]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
C:\Program Files\Analog Devices\Core\smax4pnp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2003-11-19 15:48 32881 C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\WINDOWS\\system32\\skcbgm.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"=
"C:\\Documents and Settings\\All Users\\Application Data\\Nexon\\NGM\\NGM.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\AIM6\\aim6.exe"=
"C:\\Program Files\\XLink Kai Evolution VII\\kaiLaunch.exe"=
"C:\\Program Files\\XLink Kai Evolution VII\\kaiEngine.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

.
Contents of the 'Scheduled Tasks' folder
"2008-05-09 21:54:51 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-09 14:51:15
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0
**************************************************************************

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"e⁴熺혔蝶札橒袍慓饌熹證햇"="C:\\Program Files\\XP Antivirus\\xpa.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PsSdk30]
"ImagePath"="\??\C:\WINDOWS\system32\Drivers\PsSdk30.drv"
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\conime.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\PROGRA~1\Grisoft\AVGTCP~1\avgtcpsv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Documents and Settings\Bobby Flake\Desktop\New Folder\New Folder\ZDWlan.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
.
**************************************************************************
.
Completion time: 2008-05-09 15:01:03 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-09 22:00:59

Pre-Run: 28,094,570,496 bytes free
Post-Run: 31,747,674,112 bytes free

487 --- E O F --- 2008-05-09 02:59:34

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:06:53 PM, on 5/9/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\conime.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\PROGRA~1\Grisoft\AVGTCP~1\avgtcpsv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\cleardisk\cds.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DNA\btdna.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Documents and Settings\Bobby Flake\Desktop\New Folder\New Folder\ZDWlan.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: i-money - {5CE5E3F4-83D9-4F12-BF15-BC2A4373388B} - C:\PROGRA~1\i-money\i-money.dll
O2 - BHO: IBHO - {6F6B16DB-638D-4C18-BA8B-2FA1579BCC01} - C:\Program Files\ieguide_plus\niebhoplus.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {B0D121D7-D715-4D21-A153-E87C23E5787D} - C:\WINDOWS\system32\jkhfd.dll (file missing)
O2 - BHO: BaroGoExt Class - {E73566AB-CF36-4f6d-BEDF-43CFB9F72191} - C:\Program Files\BaroGo\BaroGoExt.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: BaroGo(&G) - {4062DB09-3D52-422c-9B6A-903963E1D84D} - C:\Program Files\BaroGo\BaroGo.dll
O3 - Toolbar: (no name) - {F98B413B-1D60-4E78-8F2A-A3E6A3327395} - (no file)
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: i-money - {AAA65B62-B0E1-418C-9FBF-28365F3603E9} - C:\PROGRA~1\i-money\i-money.dll
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [CDInit] C:\Program Files\cleardisk\CDInit.exe
O4 - HKLM\..\Run: [cds] C:\Program Files\cleardisk\cds.exe
O4 - HKLM\..\Run: [McRegWiz] C:\PROGRA~1\mcafee.com\agent\mcregwiz.exe /autorun
O4 - HKLM\..\Run: [DLBTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [f4cb9d37] rundll32.exe "C:\WINDOWS\system32\fpyvhmhn.dll",b
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ezautodesk] C:\Program Files\ezautodesk\ezautoupdate.exe
O4 - HKLM\..\Run: [ctfmona] C:\WINDOWS\system32\ctfmona.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [e⁴熺혔蝶札橒袍慓饌熹證햇] C:\Program Files\XP Antivirus\xpa.exe
O4 - HKCU\..\Run: [ezsh] C:\Program Files\Ezshop\Ezshop.exe
O4 - HKCU\..\Run: [Fileguri] "C:\Program Files\Freechal\Fileguri\Fileguri.exe" PathFileguri /background
O4 - HKCU\..\Run: [BaroGo] C:\Program Files\BaroGo\BaroGoUpdate.exe
O4 - HKCU\..\Run: [ieguide_plus] C:\Program Files\ieguide_plus\ieguideupdate.exe
O4 - HKCU\..\Run: [i-money] C:\Program Files\i-money\i-money.exe
O4 - HKCU\..\Run: [ezautodesk] C:\Program Files\ezautodesk\ezautoupdate.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: ZDWLan Utility.lnk = C:\Documents and Settings\Bobby Flake\Desktop\New Folder\New Folder\ZDWlan.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: G¸¶AI - {1FCF3639-79A8-4b8d-A772-3AF5E30B4FB2} - http://event.go.co.kr/nbarcon/gm.php?bncode=ebiz (file missing)
O9 - Extra 'Tools' menuitem: Ao¸¶AI - {1FCF3639-79A8-4b8d-A772-3AF5E30B4FB2} - http://event.go.co.kr/nbarcon/gm.php?bncode=ebiz (file missing)
O9 - Extra button: ¿A¼C - {27269359-4EAA-4a25-A947-0FE3F7569A87} - http://event.go.co.kr/nbarcon/au.php?bncode=ebiz (file missing)
O9 - Extra 'Tools' menuitem: ¿A¼C - {27269359-4EAA-4a25-A947-0FE3F7569A87} - http://event.go.co.kr/nbarcon/au.php?bncode=ebiz (file missing)
O9 - Extra button: ¸Þ°¡Æнº¹≪·a¿μE* - {34657659-05A7-48dc-8883-665470D4EAB2} - http://event.go.co.kr/megapass/event.php?pid=ebiz (file missing)
O9 - Extra 'Tools' menuitem: ¸Þ°¡Æнº¹≪·a¿μE* - {34657659-05A7-48dc-8883-665470D4EAB2} - http://event.go.co.kr/megapass/event.php?pid=ebiz (file missing)
O9 - Extra button: Internet Cigar Store - {37AD4B83-9515-433A-866B-BED686C86838} - http://app.dambaeshop.com/index.html (file missing)
O9 - Extra 'Tools' menuitem: Cigar - {37AD4B83-9515-433A-866B-BED686C86838} - http://app.dambaeshop.com/index.html (file missing)
O9 - Extra button: CJmall - {42747F7B-C6D2-47ff-8660-704476BB7AB9} - http://event.go.co.kr/nbarcon/c.php?bncode=ebiz (file missing)
O9 - Extra 'Tools' menuitem: CJmall - {42747F7B-C6D2-47ff-8660-704476BB7AB9} - http://event.go.co.kr/nbarcon/c.php?bncode=ebiz (file missing)
O9 - Extra button: HP A￢¸³ºI - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: ½A¿eA≪μa/´eAa - {5D5855BD-8387-4e57-A017-847923EC8846} - http://yesmoney.co.kr/ (file missing)
O9 - Extra 'Tools' menuitem: ½A¿eA≪μa/´eAa - {5D5855BD-8387-4e57-A017-847923EC8846} - http://yesmoney.co.kr/ (file missing)
O9 - Extra button: AIAIÆAAⓒ - {6737EDAA-8BC6-4f6d-B1DC-AE9E65DDC5FC} - http://event.go.co.kr/nbarcon/i.php?bncode=ebiz (file missing)
O9 - Extra 'Tools' menuitem: AIAIÆAAⓒ - {6737EDAA-8BC6-4f6d-B1DC-AE9E65DDC5FC} - http://event.go.co.kr/nbarcon/i.php?bncode=ebiz (file missing)
O9 - Extra button: HP ½º¸¶Æ® ¼±AA - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.filenori.co.kr
O15 - Trusted Zone: http://*.filenori.com
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {9CDD57AC-CA86-464C-B920-3228A388CC78} (NaverFileControl Control) - http://file.naver.com/activex/NaverFile.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is...79/mcfscan.cab
O16 - DPF: {F0320816-41D9-49DD-B2F3-8E7B0AE32796} (AFCStarter Control) - http://live.afreeca.com:8057/AFCStarter.cab
O16 - DPF: {F2965546-AD6C-4C52-8A80-2A336FB50CA8} (FilenoriDownloadControl Control) - http://www.filenori.com/app/FilenoriDownloadControl.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.74 85.255.112.86
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.74 85.255.112.86
O20 - Winlogon Notify: gihtigbg - gihtigbg.dll (file missing)
O20 - Winlogon Notify: vtutu - C:\WINDOWS\system32\vtutu.dll (file missing)
O20 - Winlogon Notify: yayyaww - yayyaww.dll (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: AVG7 TCP Server (AVGTCPSv) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGTCP~1\avgtcpsv.exe
O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: npkcmsvc - Unknown owner - C:\Program Files\Nexon\¹U¶÷AC³ª¶o\npkcmsvc.exe (file missing)
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 14425 bytes

Please print these instructions for reference, as you will have to restart your computer during the fix.

Please download FixWareout from Here or Here.

Note: You will need to run this tool while having an Internet Connection. The tool will download other files while running.

1. Save it to your desktop and run it. Click Next, then Install, make sure "Run fixit" is checked and click Finish.
2. The fix will begin; follow the prompts.
3. If your firewall gives an alert, (because this tool will download an additional files from the internet), please don't let your firewall block it, but allow it instead.
4. You will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.
5. Once the desktop loads a text file will open (report.txt).
   Please post the C:\fixwareout\report.txt ), along with a new HijackThis log into this topic.

Username "Bobby Flake" - 9/2008 Fri 19:00:10 [Fixwareout edited 9/01/2007]

~~~~~ Prerun check

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
"nameserver"="85.255.114.74 85.255.112.86" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\inter faces\{2810EB22-763D-4D0C-9450-64BBD1758685}
"DhcpNameServer"="85.255.114.74,85.255.112.86" <Value cleared.

Successfully flushed the DNS Resolver Cache.


System was rebooted successfully.

~~~~~ Postrun check
HKLM\SOFTWARE\~\Winlogon\ "System"=""
....
....
~~~~~ Misc files.
....
~~~~~ Checking for older varients.
....


C:\Program Files\DirectAccess < Found
Additional tools are recommended.

~~~~~ Current runs (hklm hkcu "run" Keys Only)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelMeM"="C:\\Program Files\\Intel\\Modem Event Monitor\\IntelMEM.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"dla"="C:\\WINDOWS\\system32\\dla\\tfswctrl.exe"
"ISUSPM Startup"="C:\\PROGRA~1\\COMMON~1\\INSTAL~1\\UPDATE~1\\ISUSPM.exe -startup"
"ISUSScheduler"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start"
"IMJPMIG8.1"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32"
"MSPY2002"="C:\\WINDOWS\\system32\\IME\\PINTLGNT\\ImScInst.exe /SYNC"
"PHIME2002ASync"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC"
"PHIME2002A"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName"
"igfxtray"="C:\\WINDOWS\\system32\\igfxtray.exe"
"igfxhkcmd"="C:\\WINDOWS\\system32\\hkcmd.exe"
"igfxpers"="C:\\WINDOWS\\system32\\igfxpers.exe"
"CDInit"="C:\\Program Files\\cleardisk\\CDInit.exe"
"cds"="C:\\Program Files\\cleardisk\\cds.exe"
"McRegWiz"="C:\\PROGRA~1\\mcafee.com\\agent\\mcregwiz.exe /autorun"
"DLBTCATS"="rundll32 C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\DLBTtime.dll,_RunDLLEntry @16"
"AOLDialer"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"
"Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"
"YSearchProtection"="\"C:\\Program Files\\Yahoo!\\Search Protection\\SearchProtection.exe\""
"f4cb9d37"="rundll32.exe \"C:\\WINDOWS\\system32\\fpyvhmhn.dll\",b"
"HP Software Update"="C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgcc.exe /STARTUP"
"ezautodesk"="C:\\Program Files\\ezautodesk\\ezautoupdate.exe"
"ctfmona"="C:\\WINDOWS\\system32\\ctfmona.exe"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
"DellSupport"="\"C:\\Program Files\\Dell Support\\DSAgnt.exe\" /startup"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"Aim6"="\"C:\\Program Files\\AIM6\\aim6.exe\" /d locale=en-US ee://aol/imApp"
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier. exe"
"BitTorrent DNA"="\"C:\\Program Files\\DNA\\btdna.exe\""
"e⁴熺혔蝶札橒袍慓饌熹證햇"="C:\\Program Files\\XP Antivirus\\xpa.exe"
"ezsh"="C:\\Program Files\\Ezshop\\Ezshop.exe"
"Fileguri"="\"C:\\Program Files\\Freechal\\Fileguri\\Fileguri.exe\" PathFileguri /background"
"BaroGo"="C:\\Program Files\\BaroGo\\BaroGoUpdate.exe"
"ieguide_plus"="C:\\Program Files\\ieguide_plus\\ieguideupdate.exe"
"i-money"="C:\\Program Files\\i-money\\i-money.exe"
"ezautodesk"="C:\\Program Files\\ezautodesk\\ezautoupdate.exe"
"Veoh"="\"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe\" /VeohHide"
....
Hosts file was reset, If you use a custom hosts file please replace it...
~~~~~ End report ~~~~~

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:09:31 PM, on 5/9/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\conime.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\PROGRA~1\Grisoft\AVGTCP~1\avgtcpsv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\cleardisk\cds.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM6\aim6.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\DNA\btdna.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Documents and Settings\Bobby Flake\Desktop\New Folder\New Folder\ZDWlan.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Program Files\XLink Kai Evolution VII\kaiEngine.exe
C:\Program Files\XLink Kai Evolution VII\kaiUI.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll
R3 - URL