Can anyone please analyze my HJT logs

[theinvulnerable]

Help, im done scanning my pc with spybot s&d, avast home antivirus and malwarebytes. All the result was clean. But i want to asured. Because i saw password viewer.exe below. That i thougt it was removed already, but its weird i think its still reside at my registry? And i think thats because of incomplete removal because of the failure of my avast home. Because one time am infected with this password viewer.exe, my pc automatically shutting down by itself. And if i will open the avast antivirus, and while it is memory test. There is popup tells that something on my memory infected and tells me to scheduled a boot time scan. Then when  the virus has been found i tried to repair or delete it using avast. It did not work. And the avast fooling me, it just telling me it again and just repeat what procedure in the  past  i done. But when im searching on the net how to fix this and i found it. Then when i doing that procedure to remove the virus. O boy, i can't found the userinit.exe on registry, and i thought avast done that when i try to delete what avast scan results. I think avast did that already but unfortunately  i think its not completed. And as a matter of fact, its just broke the procedure of manually removal of that virus.

Here is the logs:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:22:28 AM, on 6/7/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\UPHClean\uphclean.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
F2 - REG:system.ini: UserInit=userinit.exe,password_viewer.exe
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O2 - BHO: Mega Manager IE Click Monitor - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O3 - Toolbar: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab_srl.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo...sreqlab_nvd.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1230607881500
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD44/JSCDL/jd...ows-i586-jc.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -
O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} (NPKCX Control) - https://my.levelupgames.ph/keycrypt/npkcx.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{760F05E7-5500-4A4F-B48E-FF2F511660D5}: NameServer = 202.78.97.41 210.4.2.61
O17 - HKLM\System\CS2\Services\Tcpip\..\{760F05E7-5500-4A4F-B48E-FF2F511660D5}: NameServer = 202.78.97.41 210.4.2.61
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

--
End of file - 7206 bytes

[.: L' arc :.]

-= A new servie pack [SP3] for XP is available..

-= We didn't detect any active process of a firewall on your system. Reasons maybe:
(1.) You are using the windows firewall or a hardware firewall.
(2.) You are using a firewall of an unknown vendor.
(3.) You are using a firewall, but for unknown reasons it is disabled
(4.) You don't use any firewall at all.

-= Unnecessary deactivated keys:

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
       Part of Yahoo! Companion..

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
       Link scanner, possible remnant of AVG 8..

O2 - BHO: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
       Part of AVG 8 Anti-exploit toolbar..

O3 - Toolbar: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
       Part of AVG 8 Anti-exploit toolbar..

-= So far, nothing seems wrong.. You may consider running AVG Removal Tool to clear up other remnants of AVG..

[YoKenny]

Sun Java is down level and is vulnerable to infections.

Go to Add/Remove programs and un-install all Sun Java installs.

You're using Windows SP2 that has several security vunerablilities and Windows SP3 has been available for a year that has perfomance enhancements and several Critical Security Updates so in IE go to Tools then Windows Update then download and install all updates.

Go to Control Center then Security Center then set it to Automatic Updates (Recommended) or at least Notify me about updates but do not download nor install them.

Get and install Java Runtime Environment 1.6.0.14:
http://filehippo.com/download_java_runtime

Run Secunia Online Software Inspector to see what other applications have vulnerabilities:
http://secunia.com/vulnerability_scanning/online

[theinvulnerable]

@Fenrir
I'm done using AVG removal tool before i switched and installed avast home. Can i just fix checked it using Hijackthis?

I'm only have windows firewall and it is set to ON but i did not check the don't allowed exception option. And can the virus or malware pass on me if i don't have a firewall?

And another thing is i can't update to service pack 3, because my OS is not genuine. And im honest to tell that  this OS is just patched to stop the windows activation key. Because the XP CD i use to installed is not mine, so i don't have product key. And i doubt if i can update to service pack 3, the patch on this OS will gone. And at this moment i can't buy an original OS because, i still don't have work and i'm stopped on my schooling this time. That's why i can't afford to buy this  time. Hope you understand that.
Thanks...

[.: L' arc :.]

@Fenrir
I'm done using AVG removal tool before i switched and installed avast home. Can i just fix checked it using Hijackthis?

I'm only have windows firewall and it is set to ON but i did not check the don't allowed exception option. And can the virus or malware pass on me if i don't have a firewall?

And another thing is i can't update to service pack 3, because my OS is not genuine. And im honest to tell that  this OS is just patched to stop the windows activation key. Because the XP CD i use to installed is not mine, so i don't have product key. And i doubt if i can update to service pack 3, the patch on this OS will gone. And at this moment i can't buy an original OS because, i still don't have work and i'm stopped on my schooling this time. That's why i can't afford to buy this  time. Hope you understand that.
Thanks...

-= Sorry, if I might have offended you..

-= About the unnecessary entries, you may tick them let Hijack This fix it..

-= By the way, I found a download location for SP3 in Microsoft Download though this is meant for IT Professionals.. I already tried this before and, no problems.. Still I cannot assure if it will work well.. We may wait for some response from other forum members about this..

-= About the firewall, it is probably because of lack of outbound protection on XP firewall [Vista has].. Some other free alternatives are:

(1) Agnitum Outpost
(2) Online Armor Personal Firewall

-= Hope you'll get back to school soon.. Hope it helps..

[polonus]

Hi the invulnerable:

Also check this entry:
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
I should fix it,

Furthermore download MBAM from here:
http://www.besttechie.net/mbam/mbam-setup.exe
and place it onto your desktop and after installation place a tag at:

• Update MalwareBytes' Anti-Malware
• Start MalwareBytes' Anti-Malware

No click "Complete".
When an update is found, this will be downloaded and installed.

• Whenever the program has started, go to tab "Settings".
• Tag here: "Close Internet Explorer while removing malware".
• Then go to tab "Scanner", choose  "Quick Scan".
• Press "Scan" to run scan.
• Scanning will take its time, so be patient.
• When the scan has finished, press OK, then "Show results" to see scan results.
• Make sure all is tagged, then press: "Delete selected".
• After removal a logfile will open and you will be prompted to restart your PC.

The log is saved automattically by MalwareBytes' Anti-Malware and you can find it by click the "logs" tab on the program.

Give this log together with a fresh hjt log as an aatached file to your next posting,

polonus