DaniWeb IT Discussion Community

Ok guys and gals I been working on my system for 2 days now and have determend the following
A. I know I got at least 2 trojans on it
B.xoftspyse is great at finding the problems but won't let ya remove unless ya regester it
c. dialup sucks
d.when playing online game I get super high pings in game due to something dirty running

so I read around on here and threw what I have read I went and downloaded hijack this
I ran it. if anyone can please help me get my system totaly safe again I would appreciate it.
I can be contacted at unbound007@aol.com ya can shoot me a instant message, or post on here. I know alot of it's in the reg my os is windows xp sp1 .
I even tryed going into safe mode to manualely delete some of bad files but system won't let me into safe mode atm . I hold down F8 during startup and it just beeps but never goes into menu to pick safemode.. I super fustrated at this point I was running avg free but as we all know it sucks . and didn't help at all I'm afraid to login to the online game I play.

as well as I'm afraid to use regedit and to try and delete entry's that xoftspyse showed me.
below is my hijackthis log..
Thank you in advance . also when I start up system I get bombared with rundll error about everything that trys to load at startup haveing a bad image or something like that it stops if I kill the runddll then it reloads rundll and problem stops.. please oh please help.
log from hijack this

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:41:00 AM, on 11/14/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\PC Tools Firewall Plus\FWService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Common Files\AOL\1191362209\ee\AOLSoftware.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
c:\program files\common files\aol\1191362209\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
c:\program files\common files\aol\1191362209\ee\aolsoftware.exe
C:\Program Files\America Online 9.0\waol.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\Program Files\Common Files\Aol\aoltpspd.exe
C:\Program Files\BitComet\tools\UPNP.exe
C:\Program Files\XoftSpySEoldversion\xoftspy.exe
C:\Documents and Settings\Bardwell\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: (no name) - {034BCF48-D4E7-4335-8F56-CE9AB44F6961} - C:\WINDOWS\System32\nnnljge.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {3644117A-821A-4cc4-ADD5-226A6694F722} - (no file)
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.5.19.dll
O2 - BHO: (no name) - {64F089AB-FFF9-422A-A53F-DFB9EB7A248B} - C:\WINDOWS\System32\cscdl.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8A61098D-612B-4EF2-943D-64E920684061} - C:\WINDOWS\System32\wvusstq.dll (file missing)
O2 - BHO: (no name) - {A04B2EC1-8CC7-4443-8D07-AE0398D7571F} - C:\WINDOWS\System32\awtqn.dll (file missing)
O2 - BHO: Internet Security Class - {A75E294E-C047-4D29-B07E-37B792881BEF} - (no file)
O2 - BHO: (no name) - {D9BEBBC8-6E6E-43E9-90DB-E7BC5B7AD956} - C:\WINDOWS\System32\ssqrr.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [w06cfa50.dll] RUNDLL32.EXE w06cfa50.dll,I2 000328c9006cfa50
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [trioService] "C:\Program Files\3D-Relax\3D Fireplace 2 Trial\trioService.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] PELMICED.EXE
O4 - HKLM\..\Run: [j1241636] rundll32 C:\WINDOWS\System32\j1241636.dll sook
O4 - HKLM\..\Run: [YMYS Agent] C:\WINDOWS\System32\Sys32\YMYS.exe
O4 - HKLM\..\Run: [cfmpgzwd.exe] C:\Documents and Settings\All Users\Application Data\cfmpgzwd.exe
O4 - HKLM\..\Run: [ipmon] ipmon.exe
O4 - HKLM\..\Run: [00PCTFW] "C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" -s
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1191362209\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Aror] "C:\DOCUME~1\Bardwell\APPLIC~1\SSTEM3~1\services.exe" -vt yazb
O4 - Startup: ePrompter.lnk = C:\Program Files\ePrompter\ePrompter.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Download with SupersonicDownloadAccelerator! - C:\Program Files\Supersonic Download Accelerator\supersonicdownloadaccelerator.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {02ECD07A-22D0-4AF0-BA0A-3F6B06086D08} (GamesCampus Control) - http://www.gamescampus.com/xiah/luncher/GamesCampus.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1145077550405
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab
O16 - DPF: {6CCE3920-3183-4B3D-808A-B12EB769DE12} (CSS Web Installer Class) - http://www.commandondemand.com/eval/cod/cabs/cssweb.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1145077653670
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor...fo/webscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{715AC9EA-1826-4B18-9D13-981A1001E088}: NameServer = 205.188.146.145
O20 - Winlogon Notify: awtqn - C:\WINDOWS\
O20 - Winlogon Notify: nnnljge - nnnljge.dll (file missing)
O20 - Winlogon Notify: winkxt32 - C:\WINDOWS\
O20 - Winlogon Notify: wvusstq - C:\WINDOWS\
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: BlackICE - Internet Security Systems, Inc. - (no file)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Unknown owner - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing)
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - (no file)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMSAccess - Unknown owner - C:\Program Files\Cheetah Burner\Cheetah CD Burner\NMSAccess.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - PC Tools - C:\Program Files\PC Tools Firewall Plus\FWService.exe
O24 - Desktop Component 0: (no name) - (no file)

--
End of file - 10333 bytes

please someone istand message me at unbound007@aol.com thank you,,,

ok first off thank you for taking time to help without further delay here's logs

combofix log

ComboFix 07-11-08.3 - Bardwell 2007-11-15 9:12:30.1 - NTFSx86
Running from: C:\Documents and Settings\Bardwell\desktop\ComboFix.exe
Command switches used :: /KillAll
* Created a new restore point
.

Unable to gain System Privileges

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Bardwell\Application Data\PPATCH~1
C:\Documents and Settings\Bardwell\Application Data\PPATCH~1\??pPatch\
C:\Documents and Settings\Bardwell\Application Data\SSTEM3~1
C:\Documents and Settings\Bardwell\Application Data\SSTEM3~1\s?stem32\
C:\Documents and Settings\Bardwell\My Documents\SCURIT~1
C:\WINDOWS\keyboard101.dat
C:\WINDOWS\qmdispatch.dll
C:\WINDOWS\system32\cimm.dll
C:\WINDOWS\system32\LiveProtectSetup.exe
C:\WINDOWS\system32\cscdl.dll . . . . failed to delete

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_COM+_MESSAGES
-------\LEGACY_JKFSBUPX
-------\LEGACY_NPF
-------\COM+ Messages
-------\jkfsbupx

((((((((((((((((((((((((( Files Created from 2007-10-15 to 2007-11-15 )))))))))))))))))))))))))))))))
.

2007-11-15 09:11 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-15 00:19 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-11-14 14:04 <DIR> d-------- C:\Program Files\PCPitstop
2007-11-14 11:53 <DIR> d-------- C:\Program Files\Trojan Remover
2007-11-14 11:53 <DIR> d-------- C:\Documents and Settings\Bardwell\Application Data\Simply Super Software
2007-11-14 11:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Simply Super Software
2007-11-14 11:53 162,304 --a------ C:\WINDOWS\system32\ztvunrar36.dll
2007-11-14 11:53 153,088 --a------ C:\WINDOWS\system32\UNRAR3.dll
2007-11-14 11:53 77,312 --a------ C:\WINDOWS\system32\ztvunace26.dll
2007-11-14 11:53 75,264 --a------ C:\WINDOWS\system32\unacev2.dll
2007-11-14 11:53 69,632 --a------ C:\WINDOWS\system32\ztvcabinet.dll
2007-11-14 08:49 <DIR> d-------- C:\Program Files\PC Registry Cleaner
2007-11-14 08:49 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-11-14 07:28 <DIR> d-------- C:\Program Files\Microsoft Windows OneCare Live
2007-11-14 06:33 <DIR> d-------- C:\Program Files\xoftspyse2
2007-11-14 03:13 93,184 --a------ C:\WINDOWS\system32\cscdl.dll
2007-11-14 03:13 18,688 C:\WINDOWS\system32\drivers\gfqdyguf.dat
2007-11-13 23:54 <DIR> d-------- C:\Program Files\XoftSpySE
2007-11-13 22:04 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-11-13 21:56 <DIR> d-------- C:\KAV
2007-11-13 09:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2007-11-10 07:33 <DIR> d-------- C:\Program Files\Connection Keeper
2007-11-10 07:28 <DIR> d-------- C:\Program Files\Common Files\System-G
2007-11-07 00:03 <DIR> d-------- C:\Documents and Settings\Bardwell\Application Data\teamspeak2
2007-11-07 00:02 <DIR> d-------- C:\Program Files\Teamspeak2_RC2
2007-11-01 04:33 <DIR> d-------- C:\Program Files\Launch-n-Go
2007-10-30 06:19 <DIR> d-------- C:\Program Files\Viewpoint

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-15 10:28 --------- d-----w C:\Program Files\PC Tools Firewall Plus
2007-11-15 10:20 --------- d-----w C:\Program Files\Common Files\Scanner
2007-11-15 10:20 --------- d-----w C:\Program Files\Common Files\AOL
2007-11-15 10:19 --------- d-----w C:\Program Files\America Online 9.0
2007-11-15 05:15 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-11-14 03:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-11-13 09:28 102,664 ----a-w C:\WINDOWS\system32\drivers\tmcomm.sys
2007-11-13 08:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2007-11-08 09:35 --------- d-----w C:\Program Files\Automation Anywhere 3.0
2007-11-03 03:02 --------- d-----w C:\Program Files\Conquer 2.0
2007-10-30 10:31 --------- d-----w C:\Program Files\Registry Clean Expert
2007-10-30 10:10 --------- d-----w C:\Documents and Settings\Bardwell\Application Data\Technology Lighthouse
2007-10-27 11:57 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-04 23:28 --------- d-----w C:\Program Files\Common Files\Adobe
2007-10-04 23:28 --------- d-----w C:\Documents and Settings\Bardwell\Application Data\AdobeUM
2007-10-03 20:18 --------- d-----w C:\Documents and Settings\Bardwell\Application Data\AOL
2007-10-02 21:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2007-09-14 16:57 10,920 ----a-w C:\aolconnfix.exe
2007-06-08 12:15 92,219 ----a-w C:\Program Files\LimeWire.torrent
2006-04-12 09:07:41 80 --sha-r C:\WINDOWS\system32\A0A77291C2.dll
2007-05-08 11:33:57 1,479,706 --sha-w C:\WINDOWS\system32\rrqss.bak1
2007-05-07 11:33:42 1,470,307 --sha-w C:\WINDOWS\system32\rrqss.bak2
2007-05-06 11:32:09 1,471,679 --sha-w C:\WINDOWS\system32\rrqss.ini2
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3644117A-821A-4cc4-ADD5-226A6694F722}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{64F089AB-FFF9-422A-A53F-DFB9EB7A248B}]
2001-08-23 00:00 93184 --a------ C:\WINDOWS\System32\cscdl.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A75E294E-C047-4D29-B07E-37B792881BEF}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 02:43]
"w06cfa50.dll"="w06cfa50.dll" []
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2003-07-28 14:19]
"nwiz"="nwiz.exe" [2003-07-28 14:19 C:\WINDOWS\system32\nwiz.exe]
"BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 03:59 C:\WINDOWS\BCMSMMSG.exe]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40]
"trioService"="C:\Program Files\3D-Relax\3D Fireplace 2 Trial\trioService.exe" []
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 18:30]
"EtherDetect"="" []
"Mouse Suite 98 Daemon"="PELMICED.EXE" [2001-08-21 10:08 C:\WINDOWS\system32\PELMICED.EXE]
"YMYS Agent"="C:\WINDOWS\System32\Sys32\YMYS.exe" []
"00PCTFW"="C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" [2007-04-28 07:13]
"WabKey"="" []
"AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [2004-04-07 11:07]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2007-09-14 09:12]
"Pure Networks Port Magic"="C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" []
"HostManager"="C:\Program Files\Common Files\AOL\1191362209\ee\AOLSoftware.exe" [2006-03-10 17:22]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 18:58]
"TrojanScanner"="C:\Program Files\Trojan Remover\Trjscan.exe" [2007-11-11 13:42]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIEW"="nview.dll" [2003-07-28 14:19 C:\WINDOWS\system32\nview.dll]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-06-01 12:32]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" []
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54]
"Aror"="C:\DOCUME~1\Bardwell\APPLIC~1\SSTEM3~1\services.exe" []

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awtqn]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winkxt32]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wvusstq]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 nwprovau
path=
backup=

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Bardwell^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegClean Expert Scheduler]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

R0 jkfsbupx;jkfsbupx;C:\WINDOWS\System32\drivers\gfqdyguf.dat
R1 pelmouse;Mouse Suite Driver;C:\WINDOWS\System32\DRIVERS\pelmouse.sys
R3 pelps2m;PS/2 Mouse Filter Driver;C:\WINDOWS\System32\DRIVERS\pelps2m.sys
S3 RapDrv;RapDrv;\??\C:\WINDOWS\System32\drivers\RapDrv.sys
S3 RapFile;RapFile;\??\C:\WINDOWS\System32\drivers\RapFile.sys
S3 RapNet;RapNet;\??\C:\WINDOWS\System32\drivers\RapNet.sys
S3 SUSTUCAM;Susteen USB Cable Modem Driver;C:\WINDOWS\System32\DRIVERS\sustucam.sys
S3 SUSTUCAP;Susteen USB Cable Port Driver;C:\WINDOWS\System32\DRIVERS\sustucap.sys
S4 black;black;C:\WINDOWS\System32\drivers\BlackDrv.sys

*Newly Created Service* - JKFSBUPX
.
Contents of the 'Scheduled Tasks' folder
"2007-11-11 17:09:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
"2007-11-15 12:57:01 C:\WINDOWS\Tasks\Disk Cleanup.job"
- C:\WINDOWS\system32\cleanmgr.exe
"2007-11-14 22:00:08 C:\WINDOWS\Tasks\XoftSpySE 2.job"
- C:\Program Files\XoftSpySE\XoftSpy.exe
"2007-11-14 04:54:39 C:\WINDOWS\Tasks\XoftSpySE.job"
- C:\Program Files\XoftSpySE\XoftSpy.exe
.
**************************************************************************

catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-15 09:17:54
Windows 5.1.2600 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ATWPKT2]
"ImagePath"="\??\C:\PROGRA~1\COMMON~1\AOL\ACS\ATWPKT2.SYS"
.
Completion time: 2007-11-15 9:19:42 - machine was rebooted
.
--- E O F ---

NEW HIJACKTHIS LOGFILE

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:27:36 AM, on 11/15/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\PC Tools Firewall Plus\FWService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\WINDOWS\System32\PELMICED.EXE
C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Common Files\AOL\1191362209\ee\AOLSoftware.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
c:\program files\common files\aol\1191362209\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
c:\program files\common files\aol\1191362209\ee\aolsoftware.exe
C:\WINDOWS\System32\rundll32.exe
C:\Documents and Settings\Bardwell\Desktop\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {3644117A-821A-4cc4-ADD5-226A6694F722} - (no file)
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.5.19.dll
O2 - BHO: (no name) - {64F089AB-FFF9-422A-A53F-DFB9EB7A248B} - C:\WINDOWS\System32\cscdl.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Internet Security Class - {A75E294E-C047-4D29-B07E-37B792881BEF} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [w06cfa50.dll] RUNDLL32.EXE w06cfa50.dll,I2 000328c9006cfa50
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [trioService] "C:\Program Files\3D-Relax\3D Fireplace 2 Trial\trioService.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] PELMICED.EXE
O4 - HKLM\..\Run: [YMYS Agent] C:\WINDOWS\System32\Sys32\YMYS.exe
O4 - HKLM\..\Run: [00PCTFW] "C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" -s
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1191362209\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Aror] "C:\DOCUME~1\Bardwell\APPLIC~1\SSTEM3~1\services.exe" -vt yazb
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Download with SupersonicDownloadAccelerator! - C:\Program Files\Supersonic Download Accelerator\supersonicdownloadaccelerator.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {02ECD07A-22D0-4AF0-BA0A-3F6B06086D08} (GamesCampus Control) - http://www.gamescampus.com/xiah/luncher/GamesCampus.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1145077550405
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab
O16 - DPF: {6CCE3920-3183-4B3D-808A-B12EB769DE12} (CSS Web Installer Class) - http://www.commandondemand.com/eval/cod/cabs/cssweb.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1145077653670
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor...fo/webscan.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O20 - Winlogon Notify: awtqn - C:\WINDOWS\
O20 - Winlogon Notify: winkxt32 - C:\WINDOWS\
O20 - Winlogon Notify: wvusstq - C:\WINDOWS\
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: BlackICE - Internet Security Systems, Inc. - (no file)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - PC Tools - C:\Program Files\PC Tools Firewall Plus\FWService.exe
O24 - Desktop Component 0: (no name) - (no file)

--
End of file - 9172 bytes

thanks .