I have a very serious prob vth my sys

This is the Combofix log

ComboFix 08-10-04.07 - Administrator 2008-10-05 12:34:40.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.129 [GMT 5.5:30]
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Administrator\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\SuggestedSites.dat
C:\WINDOWS\BM8789db61.txt
C:\WINDOWS\BM8789db61.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\apsvoclo.ini
C:\WINDOWS\system32\inlojxyq.ini
C:\WINDOWS\system32\lhilrrpw.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mtiekfrb.ini
C:\WINDOWS\system32\pfjifxko.ini
C:\WINDOWS\system32\PqtDMTAy.ini
C:\WINDOWS\system32\prjdvcyh.ini
.
((((((((((((((((((((((((( Files Created from 2008-09-05 to 2008-10-05 )))))))))))))))))))))))))))))))
.
2008-10-02 13:00 . 2008-10-02 13:00 d-------- C:\Program Files\CleanMyPC
2008-10-02 12:34 . 2008-10-02 12:34 d-------- C:\Program Files\Trend Micro
2008-10-01 21:25 . 2008-10-01 21:26 71,168 --a------ C:\WINDOWS\system32\okxfijfp.dll
2008-10-01 21:22 . 2008-10-01 21:23 123,904 --a------ C:\WINDOWS\system32\atlelgow.dll
2008-10-01 14:17 . 2008-10-01 14:17 d-------- C:\Program Files\Common Files\xing shared
2008-10-01 14:10 . 2008-10-01 14:10 d----c--- C:\Documents and Settings\Administrator\Application Data\Media Player Classic
2008-10-01 13:23 . 2007-02-28 14:40 2,192,128 --a------ C:\WINDOWS\system32\ntoskrnl.exe.zottel
2008-10-01 13:23 . 2007-02-28 14:08 2,069,376 --a------ C:\WINDOWS\system32\ntkrnlpa.exe.zottel
2008-10-01 13:11 . 2008-10-01 13:11 d-------- C:\WINDOWS\system32\VIRepair
2008-10-01 12:44 . 2008-10-01 12:45 d----c--- C:\Documents and Settings\Administrator\Application Data\ViStart
2008-10-01 12:41 . 2008-10-01 12:41 d----c--- C:\Documents and Settings\Administrator\Application Data\Styler
2008-10-01 12:35 . 2008-10-01 13:28 d-------- C:\WINDOWS\system32\VITrans
2008-10-01 12:35 . 2008-10-01 12:43 d----c--- C:\VTPFiles
2008-10-01 12:35 . 2008-10-01 12:35 135,638 --a------ C:\WINDOWS\Icon_1.ico
2008-10-01 12:35 . 2004-11-27 19:00 94,208 --a------ C:\WINDOWS\system32\pskill.exe
2008-10-01 12:35 . 2006-12-03 17:15 69,632 --a------ C:\WINDOWS\system32\moveex.exe
2008-10-01 12:35 . 2006-12-03 17:14 8,636 --a------ C:\WINDOWS\system32\modifype.exe
2008-10-01 11:23 . 2008-10-01 11:23 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-10-01 10:54 . 2008-10-01 10:54 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-10-01 10:54 . 2008-10-01 10:54 1,409 --a------ C:\WINDOWS\QTFont.for
2008-09-30 18:43 . 2008-09-30 18:43 123,904 --a------ C:\WINDOWS\system32\kiubunrh.dll
2008-09-30 18:40 . 2008-09-30 18:40 101,888 --a------ C:\WINDOWS\system32\qhfydqyu.dll
2008-09-29 18:14 . 2008-09-29 18:14 d-------- C:\Program Files\SystemRequirementsLab
2008-09-28 18:35 . 2008-09-28 18:35 128,000 --a------ C:\WINDOWS\system32\daryte.dll
2008-09-28 18:35 . 2008-09-28 18:35 128,000 --a------ C:\WINDOWS\system32\bsxkhfbj.dll
2008-09-28 09:48 . 2008-09-28 09:48 d-------- C:\Program Files\PC Wizard 2008
2008-09-28 09:48 . 2007-09-15 16:11 27,136 --a------ C:\WINDOWS\system32\PCWizard.cpl
2008-09-28 09:01 . 2008-09-28 09:01 98,304 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2008-09-28 08:51 . 2008-09-28 08:51 d--h----- C:\WINDOWS\system32\GroupPolicy
2008-09-27 18:53 . 2008-09-27 18:53 63 --a------ C:\WINDOWS\WININIT.INI
2008-09-26 18:36 . 2008-09-26 18:36 71,168 --a------ C:\WINDOWS\system32\vucuqacf.dll
2008-09-26 18:36 . 2008-09-26 18:36 121 --ahs---- C:\WINDOWS\system32\fcaqucuv.ini
2008-09-25 02:54 . 2008-09-25 02:54 128,000 --a------ C:\WINDOWS\system32\rzvllx.dll
2008-09-25 02:54 . 2008-09-25 02:54 128,000 --a------ C:\WINDOWS\system32\eaieejun.dll
2008-09-25 02:52 . 2008-09-25 02:52 95,232 --a------ C:\WINDOWS\system32\tvppygut.dll
2008-09-24 20:41 . 2008-09-24 20:41 128,000 --a------ C:\WINDOWS\system32\ojvihldh.dll
2008-09-24 20:41 . 2008-09-24 20:41 128,000 --a------ C:\WINDOWS\system32\nmihoe.dll
2008-09-24 20:35 . 2008-10-02 12:23 471,475 --ahs---- C:\WINDOWS\system32\PqtDMTAy.ini2
2008-09-23 20:48 . 2008-09-23 20:48 d----c--- C:\Documents and Settings\Administrator\Application Data\Nero
2008-09-23 20:45 . 2008-09-23 20:47 d-------- C:\Program Files\Common Files\Nero
2008-09-23 20:45 . 2008-09-23 20:45 d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-09-23 20:09 . 2008-09-23 20:09 d--h----- C:\WINDOWS\PIF
2008-09-23 18:52 . 2008-09-23 18:52 639,224 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-09-20 19:42 . 2008-09-20 19:44 d----c--- C:\New Folder
2008-09-20 19:39 . 2008-09-20 19:42 d----c--- C:\TC
2008-09-17 20:51 . 2008-09-17 20:53 d-------- C:\Program Files\DAP
2008-09-17 20:51 . 2008-10-05 12:41 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-09-17 20:51 . 2008-09-17 20:51 d-------- C:\Documents and Settings\All Users\Application Data\SpeedBit
2008-09-17 20:51 . 2008-09-17 20:51 479,298 --a------ C:\WINDOWS\system32\wbocx.ocx
2008-09-17 20:51 . 2008-09-17 20:51 172,032 --a------ C:\WINDOWS\system32\AniGIF.ocx
2008-09-17 20:51 . 2008-09-17 20:51 50,688 --a------ C:\WINDOWS\system32\wbhelp2.dll
2008-09-17 20:26 . 2008-09-20 19:20 4,212 --ah----- C:\WINDOWS\system32\zllictbl.dat
2008-09-17 20:24 . 2008-09-20 20:15 d-------- C:\WINDOWS\Internet Logs
2008-09-11 18:33 . 2008-09-11 18:33 d-------- C:\Documents and Settings\All Users\Application Data\TVU networks
2008-09-11 18:33 . 2008-09-11 18:35 d----c--- C:\Documents and Settings\Administrator\Application Data\TVU networks
2008-09-11 15:15 . 2008-09-11 15:15 d--hsc--- C:\Documents and Settings\Administrator\PrivacIE
2008-09-11 15:09 . 2008-09-11 15:10 d--h-c--- C:\WINDOWS\ie8
2008-09-11 14:00 . 2008-09-11 14:00 d-------- C:\Program Files\New Folder
2008-09-07 15:23 . 2008-09-07 15:26 2,646 --a------ C:\WINDOWS\BricoPackFoldersDelete.cmd
2008-09-07 15:20 . 2008-10-01 12:10 d-------- C:\Program Files\Avira
2008-09-07 15:20 . 2008-10-01 12:10 d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-09-06 19:44 . 2008-05-01 20:00 331,776 -----c--- C:\WINDOWS\system32\dllcache\msadce.dll
2008-09-06 16:32 . 2008-09-06 19:42 d-------- C:\Program Files\McAfee
2008-09-06 16:32 . 2008-09-06 16:51 d-------- C:\Documents and Settings\All Users\Application Data\McAfee.com
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-03 16:22 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-10-03 16:18 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-10-03 16:18 --------- d-----w C:\Program Files\Google
2008-10-01 08:46 --------- d-----w C:\Program Files\Common Files\Real
2008-10-01 08:45 --------- d-----w C:\Program Files\Real
2008-10-01 05:24 --------- d-----w C:\Program Files\QuickTime
2008-09-23 15:15 --------- d-----w C:\Program Files\Nero
2008-09-07 09:56 52,028 ----a-w C:\WINDOWS\BricoPackUninst.cmd
2008-09-07 09:33 --------- d-----w C:\Program Files\DivX
2008-09-07 09:31 --------- dc----w C:\Documents and Settings\Administrator\Application Data\Free Upload Manager
2008-08-21 21:38 878,592 ----a-w C:\WINDOWS\system32\wininet.dll
2008-08-21 21:38 43,008 ----a-w C:\WINDOWS\system32\licmgr10.dll
2008-08-21 21:37 18,944 ----a-w C:\WINDOWS\system32\corpol.dll
2008-08-21 21:36 72,704 ----a-w C:\WINDOWS\system32\admparse.dll
2008-08-21 21:36 71,680 ----a-w C:\WINDOWS\system32\iesetup.dll
2008-08-21 21:36 434,176 ----a-w C:\WINDOWS\system32\vbscript.dll
2008-08-21 21:35 48,640 ----a-w C:\WINDOWS\system32\PrivacIE.dll
2008-08-21 21:35 48,128 ----a-w C:\WINDOWS\system32\mshtmler.dll
2008-08-21 21:35 35,840 ----a-w C:\WINDOWS\system32\imgutil.dll
2008-08-21 21:34 45,568 ----a-w C:\WINDOWS\system32\mshta.exe
2008-08-21 21:27 156,160 ----a-w C:\WINDOWS\system32\msls31.dll
2008-08-16 13:38 86,792 ----a-w C:\WINDOWS\system32\drivers\bdfndisf.sys
2008-08-16 09:07 --------- d-----w C:\Program Files\Yahoo!
2008-08-16 08:47 81,984 ----a-w C:\WINDOWS\system32\bdod.bin
2008-08-15 08:55 --------- d-----w C:\Program Files\Common Files\BitDefender
2008-08-11 10:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\NortonInstaller
2008-08-11 10:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\Norton
2008-08-10 10:23 --------- dc----w C:\Documents and Settings\Administrator\Application Data\Ahead
2008-08-05 12:25 265,720 ----a-w C:\WINDOWS\system32\msdbg2.dll
2008-07-18 16:40 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 16:40 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 16:40 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 16:40 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 16:39 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 16:39 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 16:39 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 16:39 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-18 16:37 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-18 16:37 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2008-07-07 20:32 253,952 ----a-w C:\WINDOWS\system32\es.dll
.
------- Sigcheck -------
2007-06-13 15:53 1430528 8a7b61415560835f3b71656e92b1a50e C:\WINDOWS\explorer.exe
2007-06-13 16:56 1033216 7712df0cdde3a5ac89843e61cd5b3658 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2004-08-04 00:56 1880576 a060c835391f626bd37679d6fa701261 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
2008-04-14 05:42 1033728 12896823fb95bfb3dc9b46bcaedc9923 C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\explorer.exe
2007-06-13 15:53 1430528 8a7b61415560835f3b71656e92b1a50e C:\WINDOWS\system32\dllcache\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]
"DownloadAccelerator"="C:\Program Files\DAP\DAP.EXE" [2008-09-17 3061248]
"Registry Cleaner Scheduler"="C:\Program Files\CleanMyPC\Registry Cleaner\RCHelper.exe" [2008-05-22 471650]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" [2006-06-20 4538368]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"RTHDCPL"="RTHDCPL.EXE" [2005-09-23 C:\WINDOWS\RTHDCPL.EXE]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=yksdps.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
--a------ 2006-12-05 22:55 54832 C:\Program Files\CyberLink\PowerDVD\Language\Language.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
--a------ 2007-09-20 08:51 1836328 C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-01 14:57 153136 C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--------- 2006-11-23 15:10 56928 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\DAP\\DAP.exe"=
"C:\\Program Files\\Nero\\Nero8\\Nero Home\\NeroHome.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"7351:TCP"= 7351:TCP:BitComet 7351 TCP
"7351:UDP"= 7351:UDP:BitComet 7351 UDP
R2 trysftnt;trysftnt;C:\WINDOWS\system32\drivers\trysftnt.sys [2000-02-29 39136]
R2 wntpport;wntpport;C:\WINDOWS\system32\drivers\wntpport.sys [2000-11-28 28416]
R3 SydexFDD;Sydex Diskette Driver;C:\WINDOWS\system32\drivers\sydexfdd.sys [2000-09-21 13037]
S1 ethxkapz;ethxkapz;C:\WINDOWS\system32\drivers\ethxkapz.sys [ ]
S3 cpuz129;cpuz129;C:\Program Files\PC Wizard 2008\pcwiz32.sys [2008-01-25 9600]
S3 PAC207;USB PC Cam Plus;C:\WINDOWS\system32\DRIVERS\pfc027.sys [ ]
.
Contents of the 'Scheduled Tasks' folder
2008-10-05 C:\WINDOWS\Tasks\User_Feed_Synchronization-{6379DBE7-2E75-4717-9039-D9E230CB10D5}.job
- C:\WINDOWS\system32\msfeedssync.exe [2008-08-22 03:05]
.
- - - - ORPHANS REMOVED - - - -
BHO-{1ABA40DD-18D2-4B4E-A8B1-9E9322D942E1} - (no file)
BHO-{59bc5725-f04c-4de7-a165-6c6e9958b9c8} - (no file)
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
Notify-tuvSkHwX - tuvSkHwX.dll
Notify-WgaLogon - (no file)
Notify-winhdn32 - (no file)

.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
R0 -: HKCU-Main,Start Page = about:blank
R0 -: HKLM-Main,Start Page = hxxp://home.sweetim.com
R0 -: HKLM-Main,Search Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 -: HKCU-SearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
O8 -: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 -: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 -: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O18 -: Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - C:\PROGRA~1\DAP\dapie.dll
O18 -: Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - C:\PROGRA~1\DAP\dapie.dll
O16 -: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.srtest.com/srl_bin/sysreqlab3.cab
C:\WINDOWS\Downloaded Program Files\SysReqLab3.osd
C:\WINDOWS\Downloaded Program Files\sysreqlab3.dll
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-05 12:41:21
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...

C:\WINDOWS\system32\drivers\str.sys 0 bytes
scan completed successfully
hidden files: 1
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ovqujkqk]
"ImagePath"="\??\C:\WINDOWS\system32\drivers\wbjcpmxxxjkujf.sys"
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\PAStiSvc.exe
C:\WINDOWS\system32\wdfmgr.exe
.
**************************************************************************
.
Completion time: 2008-10-05 12:45:14 - machine was rebooted
ComboFix-quarantined-files.txt 2008-10-05 07:15:05
Pre-Run: 11,552,305,152 bytes free
Post-Run: 13,187,223,552 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional (bootscreen)" /noexecute=optin /fastdetect /KERNEL=kernel1.exe
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
254 --- E O F --- 2008-09-11 05:56:01

This is the Hijack This log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:49:27 PM, on 10/5/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18241)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAP\DAP.EXE
C:\Program Files\CleanMyPC\Registry Cleaner\RCHelper.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKCU\..\Run: [Registry Cleaner Scheduler] "C:\Program Files\CleanMyPC\Registry Cleaner\RCHelper.exe" /startup
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - Startup: Thoosje Vista Sidebar.lnk = C:\Program Files\Thoosje Sidebar V2.3\Thoosje Vista Sidebar.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab3.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O20 - AppInit_DLLs: yksdps.dll
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
--
End of file - 5059 bytes

Open Notepad and copy and paste the text in the quote box below into it:

KILLALL::
File::
C:\WINDOWS\system32\okxfijfp.dll
C:\WINDOWS\system32\atlelgow.dll
C:\WINDOWS\system32\kiubunrh.dll
C:\WINDOWS\system32\qhfydqyu.dll
C:\WINDOWS\system32\daryte.dll
C:\WINDOWS\system32\bsxkhfbj.dll
C:\WINDOWS\system32\fcaqucuv.ini
C:\WINDOWS\system32\rzvllx.dll
C:\WINDOWS\system32\eaieejun.dll
C:\WINDOWS\system32\tvppygut.dll
C:\WINDOWS\system32\ojvihldh.dll
C:\WINDOWS\system32\nmihoe.dll
C:\WINDOWS\system32\PqtDMTAy.ini2
C:\WINDOWS\system32\yksdps.dll
C:\WINDOWS\system32\drivers\wbjcpmxxxjkujf.sys
Driver::
ethxkapz
ovqujkqk
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=""
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ovqujkqk]

Click to expand...

Save the file to you desktop and name it CFScript.txt

Then drag the CFScript.txt into the ComboFix.exe as shown in the screenshot below.



This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply.

Please download ATF Cleaner by Atribune.

• Double-click ATF-Cleaner.exe to run the program.
• Under Main choose: Select All
• Click the Empty Selected button.

Click Exit on the Main menu to close the program.

Please download Malwarebytes Anti-Malware and save it to your desktop. alternate download link 1 alternate download link 2

• Make sure you are connected to the Internet.
• Double-click on Download_mbam-setup.exe to install the application.
• When the installation begins, follow the prompts and do not make any changes to default settings.
• When installation has finished, make sure you leave both of these checked:
  • Update Malwarebytes' Anti-Malware
  • Launch Malwarebytes' Anti-Malware
• Then click Finish.
• MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
• On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
• If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
• The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
• When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
• Click OK to close the message box and continue with the removal process.
• Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
• Make sure that everything is checked, and click Remove Selected.
• When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
• The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
• Copy and paste the contents of that report in your next reply with a new hijackthis log.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

Please do an online scan with Kaspersky WebScanner

Kaspersky online scanner uses JAVA tecnology to perform the scan. If you do not have the latest JAVA version, follow the instrutions below under Upgrading Java, to download and install the latest vesion.

• Read through the requirements and privacy statement and click on Accept button.
• It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
• When the downloads have finished, click on Settings.
• Make sure the following is checked.
  • Spyware, Adware, Dialers, and other potentially dangerous programs
    [*]Archives
    [*]Mail databases
• Click on My Computer under Scan.
• Once the scan is complete, it will display the results. Click on View Scan Report.
• You will see a list of infected items there. Click on Save Report As....
• Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
• Please post this log in your next reply.

Upgrading Java:

• Download the latest version of Java Runtime Environment (JRE) 6 Update 7.
• Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
• Click the "Download" button to the right.
• Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.".
• Click on Continue.
• Click on the link to download Windows Offline Installation (jre-6u7-windows-i586-p.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
• Close any programs you may have running - especially your web browser.
• Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
• Check any item with Java Runtime Environment (JRE or J2SE) in the name.
• Click the Remove or Change/Remove button.
• Repeat as many times as necessary to remove each Java version.
• Reboot your computer once all Java components are removed.
• Then from your desktop double-click on the download to install the newest version.(Vista users, right click on the jre-6u7-windows-i586-p.exe and select "Run as an Administrator.")

Heres the log file........................

ComboFix 08-10-05.05 - Administrator 2008-10-06 9:52:15.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.120 [GMT 5.5:30]
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Administrator\Desktop\CFScript.txt.txt
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\SuggestedSites.dat
C:\WINDOWS\system32\atlelgow.dll
C:\WINDOWS\system32\bsxkhfbj.dll
C:\WINDOWS\system32\eaieejun.dll
C:\WINDOWS\system32\kiubunrh.dll
C:\WINDOWS\system32\nmihoe.dll
C:\WINDOWS\system32\ojvihldh.dll
C:\WINDOWS\system32\okxfijfp.dll
C:\WINDOWS\system32\PqtDMTAy.ini2
C:\WINDOWS\system32\qhfydqyu.dll
C:\WINDOWS\system32\rzvllx.dll
C:\WINDOWS\system32\tvppygut.dll
C:\WINDOWS\system32\vucuqacf.dll
.
((((((((((((((((((((((((( Files Created from 2008-09-06 to 2008-10-06 )))))))))))))))))))))))))))))))
.
2008-10-02 13:00 . 2008-10-02 13:00 d-------- C:\Program Files\CleanMyPC
2008-10-02 12:34 . 2008-10-02 12:34 d-------- C:\Program Files\Trend Micro
2008-10-01 14:17 . 2008-10-01 14:17 d-------- C:\Program Files\Common Files\xing shared
2008-10-01 14:10 . 2008-10-01 14:10 d----c--- C:\Documents and Settings\Administrator\Application Data\Media Player Classic
2008-10-01 13:23 . 2007-02-28 14:40 2,192,128 --a------ C:\WINDOWS\system32\ntoskrnl.exe.zottel
2008-10-01 13:23 . 2007-02-28 14:08 2,069,376 --a------ C:\WINDOWS\system32\ntkrnlpa.exe.zottel
2008-10-01 13:11 . 2008-10-01 13:11 d-------- C:\WINDOWS\system32\VIRepair
2008-10-01 12:44 . 2008-10-01 12:45 d----c--- C:\Documents and Settings\Administrator\Application Data\ViStart
2008-10-01 12:41 . 2008-10-01 12:41 d----c--- C:\Documents and Settings\Administrator\Application Data\Styler
2008-10-01 12:35 . 2008-10-01 13:28 d-------- C:\WINDOWS\system32\VITrans
2008-10-01 12:35 . 2008-10-01 12:43 d----c--- C:\VTPFiles
2008-10-01 12:35 . 2008-10-01 12:35 135,638 --a------ C:\WINDOWS\Icon_1.ico
2008-10-01 12:35 . 2004-11-27 19:00 94,208 --a------ C:\WINDOWS\system32\pskill.exe
2008-10-01 12:35 . 2006-12-03 17:15 69,632 --a------ C:\WINDOWS\system32\moveex.exe
2008-10-01 12:35 . 2006-12-03 17:14 8,636 --a------ C:\WINDOWS\system32\modifype.exe
2008-10-01 11:23 . 2008-10-01 11:23 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-10-01 10:54 . 2008-10-01 10:54 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-10-01 10:54 . 2008-10-01 10:54 1,409 --a------ C:\WINDOWS\QTFont.for
2008-09-29 18:14 . 2008-09-29 18:14 d-------- C:\Program Files\SystemRequirementsLab
2008-09-28 18:35 . 2008-09-28 18:35 128,000 --a------ C:\WINDOWS\system32\daryte.dll
2008-09-28 09:48 . 2008-09-28 09:48 d-------- C:\Program Files\PC Wizard 2008
2008-09-28 09:48 . 2007-09-15 16:11 27,136 --a------ C:\WINDOWS\system32\PCWizard.cpl
2008-09-28 09:01 . 2008-09-28 09:01 98,304 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2008-09-28 08:51 . 2008-09-28 08:51 d--h----- C:\WINDOWS\system32\GroupPolicy
2008-09-27 18:53 . 2008-09-27 18:53 63 --a------ C:\WINDOWS\WININIT.INI
2008-09-26 18:36 . 2008-09-26 18:36 121 --ahs---- C:\WINDOWS\system32\fcaqucuv.ini
2008-09-23 20:48 . 2008-09-23 20:48 d----c--- C:\Documents and Settings\Administrator\Application Data\Nero
2008-09-23 20:45 . 2008-09-23 20:47 d-------- C:\Program Files\Common Files\Nero
2008-09-23 20:45 . 2008-09-23 20:45 d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-09-23 20:09 . 2008-09-23 20:09 d--h----- C:\WINDOWS\PIF
2008-09-23 18:52 . 2008-09-23 18:52 639,224 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-09-20 19:42 . 2008-09-20 19:44 d----c--- C:\New Folder
2008-09-20 19:39 . 2008-09-20 19:42 d----c--- C:\TC
2008-09-17 20:51 . 2008-09-17 20:53 d-------- C:\Program Files\DAP
2008-09-17 20:51 . 2008-10-06 10:00 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-09-17 20:51 . 2008-09-17 20:51 d-------- C:\Documents and Settings\All Users\Application Data\SpeedBit
2008-09-17 20:51 . 2008-09-17 20:51 479,298 --a------ C:\WINDOWS\system32\wbocx.ocx
2008-09-17 20:51 . 2008-09-17 20:51 172,032 --a------ C:\WINDOWS\system32\AniGIF.ocx
2008-09-17 20:51 . 2008-09-17 20:51 50,688 --a------ C:\WINDOWS\system32\wbhelp2.dll
2008-09-17 20:26 . 2008-09-20 19:20 4,212 --ah----- C:\WINDOWS\system32\zllictbl.dat
2008-09-17 20:24 . 2008-09-20 20:15 d-------- C:\WINDOWS\Internet Logs
2008-09-11 18:33 . 2008-09-11 18:33 d-------- C:\Documents and Settings\All Users\Application Data\TVU networks
2008-09-11 18:33 . 2008-09-11 18:35 d----c--- C:\Documents and Settings\Administrator\Application Data\TVU networks
2008-09-11 15:15 . 2008-09-11 15:15 d--hsc--- C:\Documents and Settings\Administrator\PrivacIE
2008-09-11 15:09 . 2008-09-11 15:10 d--h-c--- C:\WINDOWS\ie8
2008-09-11 14:00 . 2008-09-11 14:00 d-------- C:\Program Files\New Folder
2008-09-07 15:23 . 2008-09-07 15:26 2,646 --a------ C:\WINDOWS\BricoPackFoldersDelete.cmd
2008-09-07 15:20 . 2008-10-01 12:10 d-------- C:\Program Files\Avira
2008-09-07 15:20 . 2008-10-01 12:10 d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-09-06 19:44 . 2008-05-01 20:00 331,776 -----c--- C:\WINDOWS\system32\dllcache\msadce.dll
2008-09-06 16:32 . 2008-09-06 19:42 d-------- C:\Program Files\McAfee
2008-09-06 16:32 . 2008-09-06 16:51 d-------- C:\Documents and Settings\All Users\Application Data\McAfee.com
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-03 16:22 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-10-03 16:18 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-10-03 16:18 --------- d-----w C:\Program Files\Google
2008-10-01 08:46 --------- d-----w C:\Program Files\Common Files\Real
2008-10-01 08:45 --------- d-----w C:\Program Files\Real
2008-10-01 05:24 --------- d-----w C:\Program Files\QuickTime
2008-09-23 15:15 --------- d-----w C:\Program Files\Nero
2008-09-07 09:56 52,028 ----a-w C:\WINDOWS\BricoPackUninst.cmd
2008-09-07 09:33 --------- d-----w C:\Program Files\DivX
2008-09-07 09:31 --------- dc----w C:\Documents and Settings\Administrator\Application Data\Free Upload Manager
2008-08-21 21:38 878,592 ----a-w C:\WINDOWS\system32\wininet.dll
2008-08-21 21:38 43,008 ----a-w C:\WINDOWS\system32\licmgr10.dll
2008-08-21 21:37 18,944 ----a-w C:\WINDOWS\system32\corpol.dll
2008-08-21 21:36 72,704 ----a-w C:\WINDOWS\system32\admparse.dll
2008-08-21 21:36 71,680 ----a-w C:\WINDOWS\system32\iesetup.dll
2008-08-21 21:36 434,176 ----a-w C:\WINDOWS\system32\vbscript.dll
2008-08-21 21:35 48,640 ----a-w C:\WINDOWS\system32\PrivacIE.dll
2008-08-21 21:35 48,128 ----a-w C:\WINDOWS\system32\mshtmler.dll
2008-08-21 21:35 35,840 ----a-w C:\WINDOWS\system32\imgutil.dll
2008-08-21 21:34 45,568 ----a-w C:\WINDOWS\system32\mshta.exe
2008-08-21 21:27 156,160 ----a-w C:\WINDOWS\system32\msls31.dll
2008-08-16 13:38 86,792 ----a-w C:\WINDOWS\system32\drivers\bdfndisf.sys
2008-08-16 09:07 --------- d-----w C:\Program Files\Yahoo!
2008-08-16 08:47 81,984 ----a-w C:\WINDOWS\system32\bdod.bin
2008-08-15 08:55 --------- d-----w C:\Program Files\Common Files\BitDefender
2008-08-11 10:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\NortonInstaller
2008-08-11 10:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\Norton
2008-08-10 10:23 --------- dc----w C:\Documents and Settings\Administrator\Application Data\Ahead
2008-08-05 12:25 265,720 ----a-w C:\WINDOWS\system32\msdbg2.dll
2008-07-18 16:40 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 16:40 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 16:40 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 16:40 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 16:39 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 16:39 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 16:39 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 16:39 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-18 16:37 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-18 16:37 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2008-07-07 20:32 253,952 ----a-w C:\WINDOWS\system32\es.dll
.
------- Sigcheck -------
2007-06-13 15:53 1430528 8a7b61415560835f3b71656e92b1a50e C:\WINDOWS\explorer.exe
2007-06-13 16:56 1033216 7712df0cdde3a5ac89843e61cd5b3658 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2004-08-04 00:56 1880576 a060c835391f626bd37679d6fa701261 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
2008-04-14 05:42 1033728 12896823fb95bfb3dc9b46bcaedc9923 C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\explorer.exe
2007-06-13 15:53 1430528 8a7b61415560835f3b71656e92b1a50e C:\WINDOWS\system32\dllcache\explorer.exe
.
((((((((((((((((((((((((((((( [email protected]_12.44.38.89 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-10-05 07:11:24 16,384 --sha-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-10-06 04:29:03 16,384 --sha-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-10-05 07:11:24 16,384 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-10-06 04:29:03 16,384 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2008-10-05 07:11:24 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-10-06 04:29:03 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]
"DownloadAccelerator"="C:\Program Files\DAP\DAP.EXE" [2008-09-17 3061248]
"Registry Cleaner Scheduler"="C:\Program Files\CleanMyPC\Registry Cleaner\RCHelper.exe" [2008-05-22 471650]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" [2006-06-20 4538368]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"RTHDCPL"="RTHDCPL.EXE" [2005-09-23 C:\WINDOWS\RTHDCPL.EXE]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=yksdps.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
--a------ 2006-12-05 22:55 54832 C:\Program Files\CyberLink\PowerDVD\Language\Language.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
--a------ 2007-09-20 08:51 1836328 C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-01 14:57 153136 C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--------- 2006-11-23 15:10 56928 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\DAP\\DAP.exe"=
"C:\\Program Files\\Nero\\Nero8\\Nero Home\\NeroHome.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"7351:TCP"= 7351:TCP:BitComet 7351 TCP
"7351:UDP"= 7351:UDP:BitComet 7351 UDP
R2 trysftnt;trysftnt;C:\WINDOWS\system32\drivers\trysftnt.sys [2000-02-29 39136]
R2 wntpport;wntpport;C:\WINDOWS\system32\drivers\wntpport.sys [2000-11-28 28416]
R3 SydexFDD;Sydex Diskette Driver;C:\WINDOWS\system32\drivers\sydexfdd.sys [2000-09-21 13037]
S1 ethxkapz;ethxkapz;C:\WINDOWS\system32\drivers\ethxkapz.sys [ ]
S3 cpuz129;cpuz129;C:\Program Files\PC Wizard 2008\pcwiz32.sys [2008-01-25 9600]
S3 PAC207;USB PC Cam Plus;C:\WINDOWS\system32\DRIVERS\pfc027.sys [ ]
.
Contents of the 'Scheduled Tasks' folder
2008-10-06 C:\WINDOWS\Tasks\User_Feed_Synchronization-{6379DBE7-2E75-4717-9039-D9E230CB10D5}.job
- C:\WINDOWS\system32\msfeedssync.exe [2008-08-22 03:05]
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-06 09:59:00
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...

C:\WINDOWS\system32\drivers\str.sys 0 bytes
scan completed successfully
hidden files: 1
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ovqujkqk]
"ImagePath"="\??\C:\WINDOWS\system32\drivers\wbjcpmxxxjkujf.sys"
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\PAStiSvc.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\Ymsgr_tray.exe
C:\ComboFix\pv.cfexe
.
**************************************************************************
.
Completion time: 2008-10-06 10:04:15 - machine was rebooted
ComboFix-quarantined-files.txt 2008-10-06 04:34:08
ComboFix2.txt 2008-10-05 07:15:16
Pre-Run: 13,117,808,640 bytes free
Post-Run: 13,141,602,304 bytes free
223 --- E O F --- 2008-09-11 05:56:01