Backdoor.Trojan virus

sodastar

Date: 5/5/2006, Time: 21:15:46, Owner on BGY-11
The file
C:\WINNT\system32\lssas.exe
is infected with the Backdoor.Trojan virus.
Unable to repair this file.

Hi Guys, I got this virus that won't go away and can't be removed by Norton. Then I started in safe mode and then norton removed it. But now I noticed that a lot of files in C:\WINNT\System32\ have 12/31/1979 as the date the files are created! Is this normal? Thank you all!

Logfile of HijackThis v1.99.1
Scan saved at 10:08:20 PM, on 5/5/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\ctfmon.exe
C:\WINNT\system32\winmgnt.exe
C:\WINNT\System32\CTsvcCDA.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINNT\GWMDMMSG.exe
C:\WINNT\system32\CTHELPER.EXE
C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\wanmpsvc.exe
C:\WINNT\System32\MsPMSPSv.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Common Files\Symantec Shared\NMain.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided 

by Verizon Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 211.46.157.130:8080
F2 - REG:system.ini: UserInit=C:\WINNT\System32\Userinit.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program 

Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program 

files\google\googletoolbar2.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program 

Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton 

AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft 

Money\System\mnyviewer.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton 

AntiVirus\NavShExt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0

\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program 

files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Hot Key Kbd 9910 Daemon] SK9910DM.EXE
O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe
O4 - HKLM\..\Run: [Keyboard Preload Check] C:\OEMDRVRS\KEYB\Preload.exe /DEVID: /CLASS:Keyboard 

/RunValue:"Keyboard Preload Check"
O4 - HKLM\..\Run: [GWMDMpi] C:\WINNT\GWMDMpi.exe
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINNT\UpdReg.EXE
O4 - HKLM\..\Run: [hplampc] C:\WINNT\system32\hplampc.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [Jet Detection] C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINNT\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINNT\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINNT\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINNT\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINNT\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [MSConfig] C:\WINNT\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINNT\system32\ctfmon.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Download the file(s) in D.S.Code - C:\Documents and 

Settings\Owner\Desktop\download\application\DSLite2\DSLite2\dl_text.html
O8 - Extra context menu item: &Download the file(s) in D.S.Code-File - C:\Documents and 

Settings\Owner\Desktop\download\application\DSLite2\DSLite2\dl_url.html
O8 - Extra context menu item: &Google Search - res://C:\Program 

Files\Google\googletoolbar.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program 

Files\Google\googletoolbar.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program 

Files\Google\googletoolbar.dll/cmcache.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 

7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 

7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 

7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program 

Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0

\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 

7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0

\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0

\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10

\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O8 - Extra context menu item: Si&milar Pages - res://C:\Program 

Files\Google\googletoolbar.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program 

Files\Google\googletoolbar.dll/cmtrans.html
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1

\FlashGet\flashget.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft 

Money\System\mnyviewer.dll
O9 - Extra button: D.S.Lite - {F8475519-8412-4D40-A46E-692D9D04DF7F} - C:\Documents and 

Settings\Owner\Desktop\download\application\DSLite2\DSLite2\DSLite.exe
O9 - Extra 'Tools' menuitem: &D.S.Lite - {F8475519-8412-4D40-A46E-692D9D04DF7F} - C:\Documents and 

Settings\Owner\Desktop\download\application\DSLite2\DSLite2\DSLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program 

Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program 

Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - 

http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - 

http://a1540.g.akamai.net/7/1540/52/20020323/qtinstall.info.apple.com/qt505/us/win/QuickTimeInstaller.ex

e
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - 

http://simcity.ea.com/patch/EARTPX.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-

dl.real.com/139de3786ef7a7f8ca00/netzip/RdxIE601.cab
O16 - DPF: {6D5FCFCB-FA6C-4CFB-9918-5F0A9F7365F2} - http://www.gigex.com/tv/igor/gigexagent.dll
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - 

http://launch.gamespyarcade.com/software/launch/alaunch.cab
O16 - DPF: {739E8D90-2F4C-43AD-A1B8-66C356FCEA35} (RunExeActiveX.RunExe) - 

hcp://system/RunExeActiveX.CAB
O16 - DPF: {7BA7BCE2-D359-4407-82D9-CDF9A74C487A} (DownLoadStub Class) - 

http://www.hpphotos.com/downloads/DownloadPhotos.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - 

http://www.installengine.com/engine/isetup.cab
O16 - DPF: {99CDFD87-F97A-42E1-9C13-D18220D90AD1} (StartFirstControl.CheckFirst) - 

hcp://system/StartFirstControl.CAB
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - 

http://security2.norton.com/SSC/SharedContent/sc/bin/cabsa.cab
O16 - DPF: {C36661D7-3590-45B1-80B5-520839E94DAD} (MaxisSimCity4PatcherX Control) - 

http://simcity.ea.com/patch/MaxisSimCity4PatcherX.cab
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - 

file://D:\Bin\html\files\MotivePreQual.cab
O16 - DPF: {CD17FAAA-17B4-4736-AAEF-436EDC304C8C} (ContentAuditX Control) - 

http://a840.g.akamai.net/7/840/5805/v1000/www.contentwatch.com/audit/includes/ContentAuditControl.cab
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Service Client v.3.4) - 

http://ccon.futuremark.com/global/msc34.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems 

Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
O23 - Service: COM+ System Service - Unknown owner - C:\WINNT\system32\SSMS.EXE
O23 - Service: COM+ Component Service (COMCSVC) - Unknown owner - C:\WINNT\system32\winmgnt.exe
O23 - Service: COMSS - Unknown owner - C:\WINNT\system32\SSMS.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\System32

\CTsvcCDA.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common 

Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program 

Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program 

Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program 

Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Network DDE Connections (NETDDEC) - Unknown owner - C:\WINNT\system32\service.exe (file 

missing)
O23 - Service: PictureTaker - Unknown owner - c:\fixit\pt\PCTKRNT.SYS (file missing)
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1

\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program 

Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec 

Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINNT\system32

\ZoneLabs\vsmon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - 

C:\WINNT\wanmpsvc.exe

chiaz

Please launch HijackThis and place a checkmark by the following entries:
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/139de3786ef7a7f8ca00/netzip/RdxIE601.cab
O16 - DPF: {6D5FCFCB-FA6C-4CFB-9918-5F0A9F7365F2} - http://www.gigex.com/tv/igor/gigexagent.dll
O16 - DPF: {739E8D90-2F4C-43AD-A1B8-66C356FCEA35} (RunExeActiveX.RunExe) - hcp://system/RunExeActiveX.CAB
O16 - DPF: {99CDFD87-F97A-42E1-9C13-D18220D90AD1} (StartFirstControl.CheckFirst) - hcp://system/StartFirstControl.CAB
Close all other windows except HijackThis and press "Fix Checked". Then close HijackThis and restart the computer.


Please run a free online scan with Kaspersky AntiVirus (works only with MS Internet Explorer 5.0 or higher).
Go to http://www.kaspersky.com/virusscanner and click the "Kaspersky Online Scanner" button (NOT "Kaspersky File Scanner").

• In the new window that opens, click the "Accept" button to accept the user agreement, install the ActiveX control, and download the program.
• When you get the Windows dialog asking if you want to install this software, click the "Install" button.
• When the "Update progress" line changes to "Ready" and the "NEXT ->" button lights up with a green arrow, click it.
• Click on the "Scan Settings" button, and in the next window select the "extended" database, and click Ok.
• Under "Please select a target to scan:", click My Computer to start the scan.

When the scan is finished, click the "Save as Text" button, and save the file as kavscan.txt to your Desktop, close the Kaspersky On-line Scanner window, and post the text in kavscan.txt in your next reply.

sodastar

-------------------------------------------------------------------------------
 KASPERSKY ON-LINE SCANNER REPORT
 Saturday, May 06, 2006 10:34:46 AM
 Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
 Kaspersky On-line Scanner version: 5.0.78.0
 Kaspersky Anti-Virus database last update:  6/05/2006
 Kaspersky Anti-Virus database records: 192022
-------------------------------------------------------------------------------

Scan Settings:
	Scan using the following antivirus database: extended
	Scan Archives: true
	Scan Mail Bases: true

Scan Target - My Computer:
	A:\
	C:\
	D:\
	E:\
	G:\

Scan Statistics:
	Total number of scanned objects: 435451
	Number of viruses found: 33
	Number of infected objects: 114
	Number of suspicious objects: 0
	Duration of the scan process: 03:53:47

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\Owner\Desktop\download\application\All.To.MP3.Converter.v1.5.WinALL.Cracked.READ.NFO-DVT.zip/All.To.MP3.Converter.v1.5.WinALL.Cracked.READ.NFO-DVT/all2mp3.exe	Infected: Trojan-Dropper.Win32.Small.mt	skipped
C:\Documents and Settings\Owner\Desktop\download\application\All.To.MP3.Converter.v1.5.WinALL.Cracked.READ.NFO-DVT.zip	ZIP: infected - 1	skipped
C:\Documents and Settings\Owner\Desktop\download\application\Download Manager\getrt45d.exe/WISE0087.BIN	Infected: not-a-virus:AdWare.Win32.Gator.1050	skipped
C:\Documents and Settings\Owner\Desktop\download\application\Download Manager\getrt45d.exe	WiseSFX: infected - 1	skipped
C:\Documents and Settings\Owner\Desktop\download\application\River_Past_Video_Perspective_v5.0.3_Incl_Keygen-UCF.zip/River_Past_Video_Perspective_v5.0.3_Incl_Keygen-UCF/videoperspective_setup.exe	Infected: Trojan-Dropper.Win32.Small.mt	skipped
C:\Documents and Settings\Owner\Desktop\download\application\River_Past_Video_Perspective_v5.0.3_Incl_Keygen-UCF.zip	ZIP: infected - 1	skipped
C:\Documents and Settings\Owner\Desktop\download\application\sysreset.zip/sysreset/sysreset/mirc.exe	Infected: not-a-virus:Client-IRC.Win32.mIRC.614	skipped
C:\Documents and Settings\Owner\Desktop\download\application\sysreset.zip	ZIP: infected - 1	skipped
C:\Program Files\BitTorrent\uninstall.exe/stream/data0002	Infected: not-a-virus:RiskTool.Win32.PsKill.n	skipped
C:\Program Files\BitTorrent\uninstall.exe/stream	Infected: not-a-virus:RiskTool.Win32.PsKill.n	skipped
C:\Program Files\BitTorrent\uninstall.exe	NSIS: infected - 2	skipped
C:\Program Files\mIRC\backup\mirc.exe	Infected: not-a-virus:Client-IRC.Win32.mIRC.614	skipped
C:\Program Files\mIRC\mirc.exe	Infected: not-a-virus:Client-IRC.Win32.mIRC.616	skipped
C:\Program Files\mIRC sysreset\sysreset\mirc.exe	Infected: not-a-virus:Client-IRC.Win32.mIRC.614	skipped
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\BDEProjector13.zip/bdeinsta25.dll	Infected: not-a-virus:AdWare.Win32.Altnet.a	skipped
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\BDEProjector13.zip	ZIP: infected - 1	skipped
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\BDEProjector15.zip/BDEengine3.dll	Infected: not-a-virus:AdWare.Win32.BrilliantDigital.3563	skipped
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\BDEProjector15.zip	ZIP: infected - 1	skipped
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\BDEProjector17.zip/BDErastDX3.dll	Infected: not-a-virus:AdWare.Win32.BrilliantDigital.3567	skipped
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\BDEProjector17.zip	ZIP: infected - 1	skipped
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\BDEProjector18.zip/BDESac10.dll	Infected: not-a-virus:AdWare.Win32.BrilliantDigital.3120	skipped
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\BDEProjector18.zip	ZIP: infected - 1	skipped
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\BDEProjector19.zip/bdefdi.dll	Infected: not-a-virus:AdWare.Win32.Altnet.k	skipped
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\BDEProjector19.zip	ZIP: infected - 1	skipped
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\BDEProjector21.zip/BDESac24.dll	Infected: not-a-virus:AdWare.Win32.BrilliantDigital.3120	skipped
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\BDEProjector21.zip	ZIP: infected - 1	skipped
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\BDEProjector23.zip/BDEplayer3.dll	Infected: not-a-virus:AdWare.Win32.BrilliantDigital.3566	skipped
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\BDEProjector23.zip	ZIP: infected - 1	skipped
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\BDEProjector24.zip/bde3dref3p4.dll	Infected: not-a-virus:AdWare.Win32.BrilliantDigital.35684	skipped
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\BDEProjector24.zip	ZIP: infected - 1	skipped
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\BDEProjector25.zip/bdeload.dll	Infected: not-a-virus:AdWare.Win32.BrilliantDigital.e	skipped
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\BDEProjector25.zip	ZIP: infected - 1	skipped
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\BDEProjector26.zip/b3dsetup.exe	Infected: not-a-virus:AdWare.Win32.BrilliantDigital.1100	skipped
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\BDEProjector26.zip/bdeclean.exe	Infected: not-a-virus:AdWare.Win32.BrilliantDigital.3022	skipped
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\BDEProjector26.zip/bdedetect1.dll	Infected: not-a-virus:AdWare.Win32.BrilliantDigital.1007	skipped
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\BDEProjector26.zip/bdeviewer.exe	Infected: Trojan.Win32.Krepper.y	skipped
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\BDEProjector26.zip/BDEwrapper3.dll	Infected: not-a-virus:AdWare.Win32.BrilliantDigital.35692	skipped
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\BDEProjector26.zip/Cache/bdeclean.exe	Infected: not-a-virus:AdWare.Win32.BrilliantDigital.3022	skipped
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\BDEProjector26.zip/Cache/bdedetect1.dll	Infected: not-a-virus:AdWare.Win32.BrilliantDigital.1007	skipped
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\BDEProjector26.zip	ZIP: infected - 7	skipped
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\BDEProjector27.zip/b3d3200package.cab/bdedetect1.dll	Infected: not-a-virus:AdWare.Win32.BrilliantDigital.1007	skipped
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\BDEProjector27.zip/b3d3200package.cab/bdeclean.exe	Infected: not-a-virus:AdWare.Win32.BrilliantDigital.3022	skipped
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\BDEProjector27.zip/b3d3200package.cab	Infected: not-a-virus:AdWare.Win32.BrilliantDigital.3022	skipped
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\BDEProjector27.zip/b3dsetup.exe	Infected: not-a-virus:AdWare.Win32.BrilliantDigital.1100	skipped
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\BDEProjector27.zip/bdedownloader.dll	Infected: not-a-virus:AdWare.Win32.BrilliantDigital.3039	skipped
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\BDEProjector27.zip/bdefdi.dll	Infected: not-a-virus:AdWare.Win32.Altnet.k	skipped
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\BDEProjector27.zip/bdeinsta25.dll	Infected: not-a-virus:AdWare.Win32.Altnet.a	skipped
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\BDEProjector27.zip	ZIP: infected - 7	skipped
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\BDEProjector6.zip/bdedownloader.dll	Infected: not-a-virus:AdWare.Win32.BrilliantDigital.3039	skipped
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\BDEProjector6.zip	ZIP: infected - 1	skipped
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\CommonName29.zip/cd_install_291.exe/cd_clint.dll	Infected: not-a-virus:AdWare.Win32.Cydoor	skipped
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\CommonName29.zip/cd_install_291.exe/cd_htm.dll	Infected: not-a-virus:AdWare.Win32.Cydoor	skipped
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\CommonName29.zip/cd_install_291.exe	Infected: not-a-virus:AdWare.Win32.Cydoor	skipped
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\CommonName29.zip/DelFinMediaViewer29j.exe/PgSDK.DLL	Infected: not-a-virus:AdWare.Win32.DelphinMediaViewer.d	skipped
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\CommonName29.zip/DelFinMediaViewer29j.exe	Infected: not-a-virus:AdWare.Win32.DelphinMediaViewer.d	skipped
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\CommonName29.zip/SaveNowInst.exe/SaveNow.exe	Infected: not-a-virus:AdWare.Win32.SaveNow.ar	skipped
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\CommonName29.zip/SaveNowInst.exe	Infected: not-a-virus:AdWare.Win32.SaveNow.ar	skipped
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\CommonName29.zip	ZIP: infected - 7	skipped
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\CommonName72.zip/cd_install_291.exe/cd_clint.dll	Infected: not-a-virus:AdWare.Win32.Cydoor	skipped
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\CommonName72.zip/cd_install_291.exe/cd_htm.dll	Infected: not-a-virus:AdWare.Win32.Cydoor	skipped
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\CommonName72.zip/cd_install_291.exe	Infected: not-a-virus:AdWare.Win32.Cydoor	skipped
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\CommonName72.zip	ZIP: infected - 3	skipped
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\Cydoor10.zip/cd_clint.dll	Infected: not-a-virus:AdWare.Win32.Cydoor	skipped
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\Cydoor10.zip	ZIP: infected - 1	skipped
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\Cydoor2.zip/cd_htm.dll	Infected: not-a-virus:AdWare.Win32.Cydoor	skipped
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\Cydoor2.zip	ZIP: infected - 1	skipped
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\Cydoor3.zip/cd_clint.dll	Infected: not-a-virus:AdWare.Win32.Cydoor	skipped
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\Cydoor3.zip	ZIP: infected - 1	skipped
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\Cydoor9.zip/cd_htm.dll	Infected: not-a-virus:AdWare.Win32.Cydoor	skipped
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\Cydoor9.zip	ZIP: infected - 1	skipped
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\DownloadWare.zip/Downloads/51.dat/data0189	Infected: not-a-virus:AdWare.Win32.DownloadWare	skipped
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\DownloadWare.zip/Downloads/51.dat/data0192	Infected: not-a-virus:AdWare.Win32.DownloadWare	skipped
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\DownloadWare.zip/Downloads/51.dat	Infected: not-a-virus:AdWare.Win32.DownloadWare	skipped
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\DownloadWare.zip/Downloads/90.dat/data0002	Infected: not-a-virus:AdWare.Win32.MediaPops.b	skipped
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\DownloadWare.zip/Downloads/90.dat	Infected: not-a-virus:AdWare.Win32.MediaPops.b	skipped
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\DownloadWare.zip/dw.exe	Infected: Trojan-Downloader.Win32.Realtens.h	skipped
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\DownloadWare.zip/Temp/ml.exe/data0189	Infected: not-a-virus:AdWare.Win32.DownloadWare	skipped
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\DownloadWare.zip/Temp/ml.exe/data0192	Infected: not-a-virus:AdWare.Win32.DownloadWare	skipped
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\DownloadWare.zip/Temp/ml.exe	Infected: not-a-virus:AdWare.Win32.DownloadWare	skipped
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\DownloadWare.zip	ZIP: infected - 9	skipped
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\DownloadWare10.zip/dw.exe	Infected: Trojan-Downloader.Win32.Realtens.h	skipped
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\DownloadWare10.zip	ZIP: infected - 1	skipped
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\DownloadWare12.zip/dw.exe	Infected: Trojan-Downloader.Win32.Realtens.h	skipped
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\DownloadWare12.zip	ZIP: infected - 1	skipped
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\DownloadWare4.zip/dw.exe	Infected: Trojan-Downloader.Win32.Realtens.h	skipped
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\DownloadWare4.zip	ZIP: infected - 1	skipped
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\DownloadWare6.zip/dw.exe	Infected: Trojan-Downloader.Win32.Realtens.h	skipped
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\DownloadWare6.zip	ZIP: infected - 1	skipped
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\eZulaHotText39.zip/eZinstall.exe/WISE0001.BIN	Infected: not-a-virus:AdWare.Win32.EZula.ak	skipped
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\eZulaHotText39.zip/eZinstall.exe	Infected: not-a-virus:AdWare.Win32.EZula.ak	skipped
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\eZulaHotText39.zip	ZIP: infected - 2	skipped
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\FlashTrack12.zip/Flt.dll	Infected: not-a-virus:AdWare.Win32.FlashTrack.d	skipped
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\FlashTrack12.zip	ZIP: infected - 1	skipped
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\FlashTrack18.zip/Flt.dll	Infected: not-a-virus:AdWare.Win32.FlashTrack.d	skipped
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\FlashTrack18.zip	ZIP: infected - 1	skipped
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\FlashTrack4.zip/Flt.dll	Infected: not-a-virus:AdWare.Win32.FlashTrack.d	skipped
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\FlashTrack4.zip	ZIP: infected - 1	skipped
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\FlashTrack7.zip/Flt.dll	Infected: not-a-virus:AdWare.Win32.FlashTrack.d	skipped
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\FlashTrack7.zip	ZIP: infected - 1	skipped
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\Gator3.zip/fsg_3202.exe	Infected: not-a-virus:AdWare.Win32.Gator.3202	skipped
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\Gator3.zip	ZIP: infected - 1	skipped
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\Gator4.zip/fsg_3202.exe	Infected: not-a-virus:AdWare.Win32.Gator.3202	skipped
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\Gator4.zip	ZIP: infected - 1	skipped
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\Newnet11.zip/NDNuninstall4_50.exe	Infected: not-a-virus:AdWare.Win32.NewDotNet	skipped
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\Newnet11.zip	ZIP: infected - 1	skipped
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\Newnet6.zip/FirstLook.exe	Infected: not-a-virus:AdWare.Win32.NewDotNet	skipped
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\Newnet6.zip	ZIP: infected - 1	skipped
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\Newnet7.zip/uninstall4_50.exe	Infected: not-a-virus:AdWare.Win32.NewDotNet	skipped
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\Newnet7.zip	ZIP: infected - 1	skipped
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\UCmore5.zip/IUCmore.dll	Infected: not-a-virus:AdWare.Win32.Ucmore	skipped
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\UCmore5.zip/UCMIE.dll	Infected: not-a-virus:AdWare.Win32.Ucmore.a	skipped
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\UCmore5.zip	ZIP: infected - 2	skipped
C:\WINNT\Downloaded Program Files\gsda.dll	Infected: not-a-virus:Downloader.Win32.SpyGame	skipped
C:\WINNT\system32\runsvc.exe	Infected: not-a-virus:RiskTool.Win32.HideWindows	skipped

Scan process completed.

chiaz

Please go to Control Panel and remove:
Download Manager

Then restart the computer.

Now navigate to and delete the following files/folders if they still exist:
C:\Documents and Settings\Owner\Desktop\download\application\All.To.MP3.Converter.v1.5.WinALL.Cracked.READ.NFO-DVT.zip
C:\Documents and Settings\Owner\Desktop\download\application\Download Manager\
C:\Documents and Settings\Owner\Desktop\download\application\River_Past_Video_Perspective_v5.0.3_Incl_Keygen-UCF.zip/
C:\Program Files\BitTorrent\uninstall.exe
C:\WINNT\system32\runsvc.exe

Get Spybot Search and Destroy updated, the current version is 1.4 now. After you get it updated, remove all the quarantined and "Recovery" files.

Rescan with Kaspersky ActiveScan and post the fresh log in your next reply.

sodastar

I can't find "download manager" in the control panel so I just deleted C:\Documents and Settings\Owner\Desktop\download\application\Download Manager\

-------------------------------------------------------------------------------
 KASPERSKY ON-LINE SCANNER REPORT
 Sunday, May 07, 2006 7:01:34 AM
 Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
 Kaspersky On-line Scanner version: 5.0.78.0
 Kaspersky Anti-Virus database last update:  7/05/2006
 Kaspersky Anti-Virus database records: 192222
-------------------------------------------------------------------------------

Scan Settings:
	Scan using the following antivirus database: extended
	Scan Archives: true
	Scan Mail Bases: true

Scan Target - My Computer:
	A:\
	C:\
	D:\
	E:\
	G:\

Scan Statistics:
	Total number of scanned objects: 437220
	Number of viruses found: 3
	Number of infected objects: 4
	Number of suspicious objects: 0
	Duration of the scan process: 04:57:39

Infected Object Name / Virus Name / Last Action
C:\Program Files\mIRC\backup\mirc.exe	Infected: not-a-virus:Client-IRC.Win32.mIRC.614	skipped
C:\Program Files\mIRC\mirc.exe	Infected: not-a-virus:Client-IRC.Win32.mIRC.616	skipped
C:\Program Files\mIRC sysreset\sysreset\mirc.exe	Infected: not-a-virus:Client-IRC.Win32.mIRC.614	skipped
C:\WINNT\Downloaded Program Files\gsda.dll	Infected: not-a-virus:Downloader.Win32.SpyGame	skipped

Scan process completed.

chiaz

Ok, Kaspersky scan shows you are pretty much cleaned up.

Please rescan with HijackThis and post the new log. (Also there's no need to put it between [code] [/ code])

sodastar

Logfile of HijackThis v1.99.1
Scan saved at 7:34:35 AM, on 5/7/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\ctfmon.exe
C:\WINNT\GWMDMMSG.exe
C:\WINNT\system32\CTHELPER.EXE
C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\WINNT\System32\CTsvcCDA.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\wanmpsvc.exe
C:\WINNT\System32\MsPMSPSv.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\NetLimiter\NetLimiter.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\BitComet\BitComet.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 211.46.157.130:8080
F2 - REG:system.ini: UserInit=C:\WINNT\System32\Userinit.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Hot Key Kbd 9910 Daemon] SK9910DM.EXE
O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe
O4 - HKLM\..\Run: [Keyboard Preload Check] C:\OEMDRVRS\KEYB\Preload.exe /DEVID: /CLASS:Keyboard /RunValue:"Keyboard Preload Check"
O4 - HKLM\..\Run: [GWMDMpi] C:\WINNT\GWMDMpi.exe
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINNT\UpdReg.EXE
O4 - HKLM\..\Run: [hplampc] C:\WINNT\system32\hplampc.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [Jet Detection] C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINNT\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINNT\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINNT\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINNT\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINNT\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINNT\system32\ctfmon.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Download the file(s) in D.S.Code - C:\Documents and Settings\Owner\Desktop\download\application\DSLite2\DSLite2\dl_text.html
O8 - Extra context menu item: &Download the file(s) in D.S.Code-File - C:\Documents and Settings\Owner\Desktop\download\application\DSLite2\DSLite2\dl_url.html
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\googletoolbar.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\googletoolbar.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\googletoolbar.dll/cmcache.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\googletoolbar.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\googletoolbar.dll/cmtrans.html
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: D.S.Lite - {F8475519-8412-4D40-A46E-692D9D04DF7F} - C:\Documents and Settings\Owner\Desktop\download\application\DSLite2\DSLite2\DSLite.exe
O9 - Extra 'Tools' menuitem: &D.S.Lite - {F8475519-8412-4D40-A46E-692D9D04DF7F} - C:\Documents and Settings\Owner\Desktop\download\application\DSLite2\DSLite2\DSLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20020323/qtinstall.info.apple.com/qt505/us/win/QuickTimeInstaller.exe
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://simcity.ea.com/patch/EARTPX.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab
O16 - DPF: {7BA7BCE2-D359-4407-82D9-CDF9A74C487A} (DownLoadStub Class) - http://www.hpphotos.com/downloads/DownloadPhotos.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security2.norton.com/SSC/SharedContent/sc/bin/cabsa.cab
O16 - DPF: {C36661D7-3590-45B1-80B5-520839E94DAD} (MaxisSimCity4PatcherX Control) - http://simcity.ea.com/patch/MaxisSimCity4PatcherX.cab
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - file://D:\Bin\html\files\MotivePreQual.cab
O16 - DPF: {CD17FAAA-17B4-4736-AAEF-436EDC304C8C} (ContentAuditX Control) - http://a840.g.akamai.net/7/840/5805/v1000/www.contentwatch.com/audit/includes/ContentAuditControl.cab
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Service Client v.3.4) - http://ccon.futuremark.com/global/msc34.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
O23 - Service: COM+ System Service - Unknown owner - C:\WINNT\system32\SSMS.EXE
O23 - Service: COM+ Component Service (COMCSVC) - Unknown owner - C:\WINNT\system32\winmgnt.exe (file missing)
O23 - Service: COMSS - Unknown owner - C:\WINNT\system32\SSMS.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\System32\CTsvcCDA.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Network DDE Connections (NETDDEC) - Unknown owner - C:\WINNT\system32\service.exe (file missing)
O23 - Service: PictureTaker - Unknown owner - c:\fixit\pt\PCTKRNT.SYS (file missing)
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINNT\system32\ZoneLabs\vsmon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINNT\wanmpsvc.exe

chiaz

May I know what is this:
DSLite 2
Did you download this from somewhere?

Otherwise, your system appears clean.
Please run one last scan with BitDefender Online Scanner so that we can be really sure you are free of malware (works only with MS Internet Explorer 5.0 or higher).

• In the new window that opens, click the "I agree" button to accept the user agreement before allowing the installation of the ActiveX control.
• By default, BitDefender Online Scanner will scan your entire computer.
• CLick "Click here to scan".
• Please wait patiently while BitDefender updates its virus signatures.
• Scan will commence.
• When the scan is finished, click on the tab "Detected Problems".
• Then click on "Click here to export the scan report".
• Save the scan report to your desktop or somewhere convenient.
• Close the BitDefender Online Scanner window, and post the contents of the BitDefender scan report in your next reply.