vivec

okay, well i just wanted to thank you so much! and also my computer is deffinetly better, and im sure no virus or w/e but it does seem a tad slow. any recommendations. disk clean up or whatever?

hey, im just wondering what do you think of limewire?

3) Highjackthis Log Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 9:46:50 PM, on 3/23/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\WINDOWS\system32\CTsvcCDA.EXE C:\WINDOWS\system32\crypserv.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe C:\WINDOWS\system32\LxrJD31s.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\HPZipm12.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\UPHClean\uphclean.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe C:\Program Files\Canon\CAL\CALMAIN.exe C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\explorer.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll O2 - BHO: (no name) - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - (no file) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [blackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Documents and Settings\Michael Optis\ICQ6.5\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Documents and Settings\Michael Optis\ICQ6.5\ICQ.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase5483.cab O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1207791331984 O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...369/mcfscan.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\480\G2AWinLogon.dll O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrJD31s.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\Pacsptisvr.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe O24 - Desktop Component 0: (no name) - http://www.foci.buj.hu/oldalak/csapatok/an...d_arsenal01.jpg O24 - Desktop Component 1: (no name) - http://thumbp1.mail.mud.yahoo.com/tn?sid=1...9&fid=Inbox -- End of file - 11498 bytes

1) ComboFix Log. 2) My computer is running kinda slow. ComboFix 09-03-22.01 - Michael Optis 2009-03-23 21:38:33.4 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1504 [GMT -4:00] Running from: c:\documents and settings\Michael Optis\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Michael Optis\Desktop\CFScript.txt AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) FW: McAfee Personal Firewall *enabled* * Created a new restore point . ((((((((((((((((((((((((( Files Created from 2009-02-24 to 2009-03-24 ))))))))))))))))))))))))))))))) . 2009-03-21 16:10 . 2009-03-22 12:29 <DIR> d-------- c:\windows\LastGood 2009-03-21 16:06 . 2009-03-21 16:09 <DIR> d-------- c:\program files\EsetOnlineScanner 2009-03-21 14:58 . 2009-03-23 01:33 <DIR> d--h----- C:\$AVG8.VAULT$ 2009-03-21 14:06 . 2009-03-23 18:31 <DIR> d-------- c:\windows\system32\drivers\Avg 2009-03-21 14:06 . 2009-03-21 14:06 <DIR> d-------- c:\program files\AVG 2009-03-21 14:06 . 2009-03-21 14:06 <DIR> d-------- c:\documents and settings\Nick Optis\Application Data\AVG7 2009-03-21 14:06 . 2009-03-21 14:06 <DIR> d-------- c:\documents and settings\All Users\Application Data\avg8 2009-03-21 14:06 . 2009-03-21 14:06 <DIR> d-------- c:\documents and settings\All Users\Application Data\AVG7 2009-03-21 14:06 . 2009-03-21 14:06 325,640 --a------ c:\windows\system32\drivers\avgldx86.sys 2009-03-21 14:06 . 2009-03-21 14:06 107,912 --a------ c:\windows\system32\drivers\avgtdix.sys 2009-03-21 14:06 . 2009-03-21 14:06 10,520 --a------ c:\windows\system32\avgrsstx.dll 2009-03-21 13:04 . 2009-03-21 13:04 <DIR> d-------- c:\program files\Trend Micro 2009-03-21 11:04 . 2009-03-21 11:04 <DIR> d--hs---- c:\documents and settings\Nick Optis\PrivacIE 2009-03-20 22:34 . 2009-03-22 12:29 <DIR> d-------- c:\program files\Windows Live Safety CenterRebootActions 2009-03-20 21:55 . 2009-03-22 19:04 <DIR> d-------- c:\program files\Windows Live Safety Center 2009-03-20 19:01 . 2009-03-20 19:01 <DIR> d--hs---- c:\documents and settings\Nick Optis\IETldCache 2009-03-20 18:16 . 2009-03-20 18:16 <DIR> d--hs---- c:\documents and settings\LocalService\IETldCache 2009-03-20 17:32 . 2009-03-20 17:32 <DIR> d--hs---- c:\documents and settings\Michael Optis\IECompatCache 2009-03-20 17:31 . 2009-03-20 17:31 <DIR> d--hs---- c:\documents and settings\Michael Optis\PrivacIE 2009-03-20 17:15 . 2009-03-20 17:15 <DIR> d--hs---- c:\documents and settings\Michael Optis\IETldCache 2009-03-20 17:12 . 2009-03-20 17:12 <DIR> d-------- c:\documents and settings\All Users\Application Data\Yahoo! 2009-03-20 17:11 . 2009-03-20 17:13 <DIR> d--h----- c:\windows\msdownld.tmp 2009-03-20 17:11 . 2009-03-20 17:12 <DIR> d--h-c--- c:\windows\ie8 2009-03-19 18:18 . 2009-03-19 18:18 4,096 --a------ C:\lvsen.exe 2009-03-19 18:18 . 2009-03-19 18:18 2 --a------ C:\-529988271 2009-03-18 17:30 . 2009-03-18 17:30 2,560 --a------ c:\windows\_MSRSTRT.EXE 2009-03-18 16:44 . 2009-03-18 16:44 <DIR> d-------- C:\a831996612730073e8 2009-03-18 16:41 . 2009-03-18 16:50 <DIR> d-------- C:\5993f0bc86c0bb3b1fb6 2009-03-08 14:22 . 2009-03-08 14:22 49,152 --------- c:\windows\system32\msrating.dll.mui 2009-03-08 14:22 . 2009-03-08 14:22 2,560 --------- c:\windows\system32\mshta.exe.mui 2009-03-08 14:21 . 2009-03-08 14:21 4,096 --------- c:\windows\system32\ie4uinit.exe.mui 2009-03-08 14:20 . 2009-03-08 14:20 81,920 --------- c:\windows\system32\iedkcs32.dll.mui 2009-03-08 04:33 . 2009-03-08 04:33 18,944 --------- c:\windows\system32\dllcache\corpol.dll 2009-03-05 23:09 . 2009-03-06 20:45 <DIR> d-------- c:\program files\Guild Warz 2009-03-04 16:07 . 2009-03-04 16:07 <DIR> d-------- c:\program files\QIP 2009-02-28 16:18 . 2009-03-04 16:33 <DIR> d-------- c:\documents and settings\Michael Optis\Application Data\ICQ 2009-02-28 16:17 . 2009-03-11 14:43 <DIR> d-------- c:\documents and settings\Michael Optis\ICQ6.5 2009-02-25 17:12 . 2009-02-25 17:12 <DIR> d-------- c:\program files\Common Files\DVDVideoSoft 2009-02-25 17:12 . 2009-02-25 17:13 <DIR> d-------- c:\documents and settings\Michael Optis\Free YouTube to iPod Converter . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-03-21 18:58 --------- d-----w c:\program files\DIGStream 2009-03-20 23:09 --------- d-----w c:\program files\Plaxo 2009-03-20 21:12 --------- d-----w c:\program files\Yahoo! 2009-03-20 21:12 --------- d-----w c:\documents and settings\All Users\Application Data\Yahoo! Companion 2009-03-18 22:27 --------- d-----w c:\program files\Malwarebytes' Anti-Malware 2009-03-18 21:45 --------- d-----w c:\program files\MUSICMATCH 2009-03-08 18:09 638,816 ----a-w c:\windows\system32\dllcache\iexplore.exe 2009-03-08 18:09 391,536 ----a-w c:\windows\system32\dllcache\iedkcs32.dll 2009-03-08 08:41 5,937,152 ----a-w c:\windows\system32\dllcache\mshtml.dll 2009-03-08 08:39 11,063,808 ----a-w c:\windows\system32\dllcache\ieframe.dll 2009-03-08 08:34 914,944 ----a-w c:\windows\system32\wininet.dll 2009-03-08 08:34 914,944 ----a-w c:\windows\system32\dllcache\wininet.dll 2009-03-08 08:34 43,008 ----a-w c:\windows\system32\licmgr10.dll 2009-03-08 08:34 43,008 ----a-w c:\windows\system32\dllcache\licmgr10.dll 2009-03-08 08:34 236,544 ----a-w c:\windows\system32\dllcache\webcheck.dll 2009-03-08 08:34 193,536 ----a-w c:\windows\system32\dllcache\msrating.dll 2009-03-08 08:34 109,568 ----a-w c:\windows\system32\dllcache\occache.dll 2009-03-08 08:34 105,984 ----a-w c:\windows\system32\dllcache\url.dll 2009-03-08 08:34 1,206,784 ----a-w c:\windows\system32\dllcache\urlmon.dll 2009-03-08 08:33 759,296 ----a-w c:\windows\system32\dllcache\VGX.dll 2009-03-08 08:33 726,528 ----a-w c:\windows\system32\dllcache\jscript.dll 2009-03-08 08:33 420,352 ----a-w c:\windows\system32\vbscript.dll 2009-03-08 08:33 420,352 ----a-w c:\windows\system32\dllcache\vbscript.dll 2009-03-08 08:33 25,600 ----a-w c:\windows\system32\dllcache\jsproxy.dll 2009-03-08 08:33 229,376 ----a-w c:\windows\system32\dllcache\ieaksie.dll 2009-03-08 08:33 18,944 ----a-w c:\windows\system32\corpol.dll 2009-03-08 08:33 125,952 ----a-w c:\windows\system32\dllcache\ieakeng.dll 2009-03-08 08:32 94,720 ----a-w c:\windows\system32\dllcache\inseng.dll 2009-03-08 08:32 72,704 ----a-w c:\windows\system32\dllcache\admparse.dll 2009-03-08 08:32 72,704 ----a-w c:\windows\system32\admparse.dll 2009-03-08 08:32 71,680 ----a-w c:\windows\system32\iesetup.dll 2009-03-08 08:32 71,680 ----a-w c:\windows\system32\dllcache\iesetup.dll 2009-03-08 08:32 611,840 ----a-w c:\windows\system32\dllcache\mstime.dll 2009-03-08 08:32 594,432 ----a-w c:\windows\system32\dllcache\msfeeds.dll 2009-03-08 08:32 55,808 ----a-w c:\windows\system32\dllcache\iernonce.dll 2009-03-08 08:32 173,056 ----a-w c:\windows\system32\dllcache\ie4uinit.exe 2009-03-08 08:32 163,840 ----a-w c:\windows\system32\dllcache\ieakui.dll 2009-03-08 08:32 128,512 ----a-w c:\windows\system32\dllcache\advpack.dll 2009-03-08 08:32 1,985,024 ----a-w c:\windows\system32\dllcache\iertutil.dll 2009-03-08 08:24 68,608 ----a-w c:\windows\system32\dllcache\hmmapi.dll 2009-03-08 08:22 156,160 ----a-w c:\windows\system32\msls31.dll 2009-03-08 08:22 156,160 ----a-w c:\windows\system32\dllcache\msls31.dll 2009-03-08 08:11 445,952 ----a-w c:\windows\system32\dllcache\ieapfltr.dll 2009-03-06 03:08 --------- d-----w c:\program files\Guild Wars 2009-02-28 20:18 --------- d--h--w c:\program files\InstallShield Installation Information 2009-02-26 08:07 --------- d-----w c:\program files\Microsoft Silverlight 2009-02-11 14:19 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys 2009-02-11 14:19 15,504 ----a-w c:\windows\system32\drivers\mbam.sys 2009-02-09 11:13 1,846,784 ----a-w c:\windows\system32\win32k.sys 2009-02-09 11:13 1,846,784 ------w c:\windows\system32\dllcache\win32k.sys 2009-02-07 16:11 --------- d-----w c:\documents and settings\Michael Optis\Application Data\Research In Motion 2009-02-03 12:17 --------- d-----w c:\documents and settings\Christine MacDonald\Application Data\Research In Motion 2009-01-30 22:47 --------- d-----w c:\documents and settings\Nick Optis\Application Data\Research In Motion 2009-01-30 22:11 --------- d-----w c:\documents and settings\Nick Optis\Application Data\InstallShield 2009-01-30 22:11 --------- d-----w c:\documents and settings\All Users\Application Data\Sonic 2009-01-30 22:11 --------- d-----w c:\documents and settings\All Users\Application Data\Roxio 2009-01-30 22:09 --------- d-----w c:\program files\Roxio 2009-01-30 22:09 --------- d-----w c:\program files\Common Files\Roxio Shared 2009-01-30 22:08 --------- d-----w c:\program files\Common Files\Sonic Shared 2009-01-30 22:02 --------- d-----w c:\program files\Research In Motion 2009-01-30 22:02 --------- d-----w c:\program files\Common Files\Research In Motion 2009-01-30 21:09 --------- d-----w c:\program files\Viewpoint 2009-01-30 21:09 --------- d-----w c:\program files\Common Files\Software Update Utility 2009-01-30 21:09 --------- d-----w c:\program files\AIM6 2009-01-30 21:09 --------- d-----w c:\documents and settings\All Users\Application Data\Viewpoint 2009-01-30 21:09 --------- d-----w c:\documents and settings\All Users\Application Data\AOL 2009-01-30 21:09 --------- d-----w c:\documents and settings\All Users\Application Data\acccore 2009-01-30 21:07 --------- d-----w c:\program files\AIM 2009-01-07 22:21 26,144 ----a-w c:\windows\system32\spupdsvc.exe 2009-01-07 22:20 474,112 ------w c:\windows\system32\dllcache\shlwapi.dll 2009-01-07 22:20 265,720 ----a-w c:\windows\system32\msdbg2.dll 2009-01-07 22:20 26,112 ----a-w c:\windows\system32\idndl.dll 2009-01-07 22:20 24,576 ----a-w c:\windows\system32\nlsdl.dll 2009-01-07 22:20 23,552 ----a-w c:\windows\system32\normaliz.dll 2009-01-07 22:20 134,144 ------w c:\windows\system32\dllcache\sqmapi.dll 2009-01-07 22:20 1,497,088 ------w c:\windows\system32\dllcache\shdocvw.dll 2009-01-07 22:20 1,022,976 ------w c:\windows\system32\dllcache\browseui.dll 2008-04-05 20:45 61,224 ----a-w c:\documents and settings\Michael Optis\GoToAssistDownloadHelper.exe 2006-06-02 17:25 104 -csh--r c:\windows\system32\68DD96E23A.sys 2006-06-02 17:25 4,184 -csha-w c:\windows\system32\KGyGaAvL.sys . ((((((((((((((((((((((((((((( SnapShot@2009-03-21_ 4.08.44.48 ))))))))))))))))))))))))))))))))))))))))) . + 2009-03-24 01:38:20 8,192 ----a-w c:\windows\ERDNT\Hiv-backup\DEFAUL~1.DAT + 2007-07-27 18:49:02 196,683 ----a-w c:\windows\LastGood\system32\lnod32apiA.dll + 2007-07-27 18:49:02 225,355 ----a-w c:\windows\LastGood\system32\lnod32apiW.dll + 2005-12-05 23:25:22 139,264 ----a-w c:\windows\LastGood\system32\lnod32umc.dll + 2005-12-05 16:37:10 106,496 ----a-w c:\windows\LastGood\system32\lnod32upd.dll + 2008-02-11 13:39:26 253,952 ----a-w c:\windows\LastGood\system32\OnlineScannerDLLA.dll + 2008-02-11 13:39:18 237,568 ----a-w c:\windows\LastGood\system32\OnlineScannerDLLW.dll + 2008-02-08 17:53:46 110,592 ----a-w c:\windows\LastGood\system32\OnlineScannerLang.dll + 2008-02-05 12:48:04 77,824 ----a-w c:\windows\LastGood\system32\OnlineScannerUninstaller.exe - 2008-03-18 14:16:35 26,952 ----a-w c:\windows\system32\drivers\avgmfx86.sys + 2009-03-21 18:06:34 27,656 ----a-w c:\windows\system32\drivers\avgmfx86.sys + 2007-07-27 18:49:02 196,683 ----a-w c:\windows\system32\lnod32apiA.dll + 2007-07-27 18:49:02 225,355 ----a-w c:\windows\system32\lnod32apiW.dll + 2005-12-05 23:25:22 139,264 ----a-w c:\windows\system32\lnod32umc.dll + 2005-12-05 16:37:10 106,496 ----a-w c:\windows\system32\lnod32upd.dll + 2009-02-25 16:55:00 24,768,960 ----a-w c:\windows\system32\MRT.exe + 2008-02-11 13:39:26 253,952 ----a-w c:\windows\system32\OnlineScannerDLLA.dll + 2008-02-11 13:39:18 237,568 ----a-w c:\windows\system32\OnlineScannerDLLW.dll + 2008-02-08 17:53:46 110,592 ----a-w c:\windows\system32\OnlineScannerLang.dll + 2008-02-05 12:48:04 77,824 ----a-w c:\windows\system32\OnlineScannerUninstaller.exe + 2006-12-02 04:46:44 65,536 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6c18549a\vcomp.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTSysVol"="c:\program files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" [2003-09-17 57344] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-05 8523776] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-05 81920] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-12-11 286720] "BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2008-11-04 615696] "RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2008-09-19 236016] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-03-21 1932568] "CTHelper"="CTHELPER.EXE" [2004-03-11 c:\windows\system32\CTHELPER.EXE] "nwiz"="nwiz.exe" [2007-12-05 c:\windows\system32\nwiz.exe] c:\documents and settings\Michael Optis\Start Menu\Programs\Startup\ LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2008-04-18 147456] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist] 2008-04-16 14:14 10792 c:\program files\Citrix\GoToAssist\480\g2awinlogon.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2009-03-21 14:06 10520 c:\windows\system32\avgrsstx.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Button Manager v1.836.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Button Manager v1.836.lnk backup=c:\windows\pss\Button Manager v1.836.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk backup=c:\windows\pss\HP Photosmart Premier Fast Start.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak software updater.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\KODAK Software Updater.lnk backup=c:\windows\pss\KODAK Software Updater.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk backup=c:\windows\pss\Microsoft Office.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^TotalMedia Backup Monitor.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\TotalMedia Backup Monitor.lnk backup=c:\windows\pss\TotalMedia Backup Monitor.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^Nick Optis sr^Start Menu^Programs^Startup^Adobe Gamma.lnk] path=c:\documents and settings\Nick Optis sr\Start Menu\Programs\Startup\Adobe Gamma.lnk backup=c:\windows\pss\Adobe Gamma.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader] --a------ 2006-09-14 07:55 61440 c:\program files\Adobe\Photoshop Elements 5.0\apdproxy.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer] -ra------ 2006-10-23 08:50 71216 c:\program files\Common Files\AOL\ACS\AOLDial.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTDVDDET] --a------ 2003-06-18 03:00 45056 c:\program files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] --a------ 2008-04-13 20:12 15360 c:\windows\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport] --a------ 2007-03-15 11:09 460784 c:\program files\DellSupport\DSAgnt.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter] --a------ 2007-11-15 09:23 202544 c:\program files\Dell Support Center\bin\sprtcmd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA] --a------ 2005-11-07 05:20 122940 c:\windows\system32\dla\DLACTRLW.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate] --a------ 2007-11-15 09:24 16384 c:\program files\Dell Support Center\gs_agent\custom\dsca.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher] --------- 2005-02-23 18:19 53248 c:\program files\CyberLink\PowerDVD\DVDLauncher.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray] --a------ 2005-09-29 16:01 67584 c:\windows\ehome\ehtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager] --a------ 2006-09-25 20:52 50736 c:\program files\Common Files\AOL\1141078386\EE\aolsoftware.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] --a------ 2006-02-19 02:41 49152 c:\program files\HP\HP Software Update\hpwuSchd2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif] --a------ 2005-06-17 09:56 139264 c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup] --a------ 2007-08-30 11:50 205480 c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler] --a------ 2006-09-11 05:40 86960 c:\program files\Common Files\InstallShield\UpdateService\issch.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] --a------ 2007-12-11 12:10 267048 c:\program files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] --a------ 2008-04-13 20:12 1695232 c:\program files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] --a------ 2007-12-05 01:41 8523776 c:\windows\system32\nvcpl.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlaxoUpdate] --a------ 2007-12-11 18:21 227914 c:\program files\Plaxo\2.13.1.3\PlaxoHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2007-12-11 11:56 286720 c:\program files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray] --a------ 2005-12-17 05:22 26112 c:\program files\Real\RealPlayer\realplay.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2006-07-26 03:03 49263 c:\program files\Java\jre1.5.0_08\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] --a------ 2007-08-18 15:23 68856 c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg] --------- 2000-05-11 03:00 90112 c:\windows\Updreg.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] --a------ 2007-12-05 01:41 1626112 c:\windows\system32\nwiz.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "KodakCCS"=2 (0x2) "AOL TopSpeedMonitor"=2 (0x2) "WMPNetworkSvc"=3 (0x3) "Viewpoint Manager Service"=2 (0x2) "ose"=3 (0x3) "odserv"=3 (0x3) "gusvc"=3 (0x3) "sprtsvc_dellsupportcenter"=2 (0x2) "IDriverT"=3 (0x3) "GoToAssist"=3 (0x3) "DSBrokerService"=3 (0x3) [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"= "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"= "c:\\Program Files\\Common Files\\AOL\\1141078386\\ee\\aolservicehost.exe"= "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "c:\\Program Files\\Common Files\\AOL\\1141078386\\EE\\aolsoftware.exe"= "c:\\Program Files\\Adobe\\Photoshop Elements 5.0\\AdobePhotoshopElementsMediaServer.exe"= "c:\\Documents and Settings\\Michael Optis\\My Documents\\iTunes.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\AOL 9.0\\waol.exe"= "c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"= "c:\\Program Files\\AIM6\\aim6.exe"= "c:\\Documents and Settings\\Michael Optis\\ICQ6.5\\ICQ.exe"= "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"= "c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"= R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-03-21 325640] R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-03-21 107912] R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-03-21 298264] R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2009-01-30 24652] R2 YahooAUService;Yahoo! Updater;c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe [2008-11-09 602392] S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys --> c:\windows\system32\drivers\ScreamingBAudio.sys [?] S3 USBREC;Canon USB Video Record;c:\windows\system32\drivers\USBREC.sys [2004-10-05 4992] S3 USBVCD;Canon USB Video;c:\windows\system32\drivers\USBVCD.sys [2004-10-05 57856] S3 VCIDRV;Canon USB Video Control;c:\windows\system32\drivers\VCIDRV.sys [2004-10-05 6528] --- Other Services/Drivers In Memory --- *Deregistered* - uphcleanhlp [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{398e2f37-c81c-11dc-99e4-00038a000015}] \Shell\AutoRun\command - J:\LaunchU3.exe -a [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}] c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,LaunchINFSectionEx c:\program files\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12 . Contents of the 'Scheduled Tasks' folder 2009-03-21 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 14:57] . . ------- Supplementary Scan ------- . uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uStart Page = hxxp://www.google.com/ uSearchURL,(Default) = hxxp://www.google.com/search?q=%s . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-03-23 21:41:50 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(740) c:\program files\Citrix\GoToAssist\480\G2AWinLogon.dll . Completion time: 2009-03-23 21:44:10 ComboFix-quarantined-files.txt 2009-03-24 01:43:22 ComboFix2.txt 2009-03-22 22:58:03 ComboFix3.txt 2009-03-21 17:45:18 ComboFix4.txt 2009-03-21 08:09:35 Pre-Run: 84,160,770,048 bytes free Post-Run: 84,160,221,184 bytes free 336 --- E O F --- 2009-03-22 07:02:24

2) My Computer seem to be running better. 3) HighjackThis Log Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 7:00:32 PM, on 3/22/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\WINDOWS\system32\CTsvcCDA.EXE C:\WINDOWS\system32\crypserv.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe C:\WINDOWS\system32\LxrJD31s.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\HPZipm12.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\UPHClean\uphclean.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe C:\Program Files\Canon\CAL\CALMAIN.exe C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\explorer.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll (file missing) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [blackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Documents and Settings\Michael Optis\ICQ6.5\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Documents and Settings\Michael Optis\ICQ6.5\ICQ.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase5483.cab O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1207791331984 O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...369/mcfscan.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\480\G2AWinLogon.dll O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrJD31s.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\Pacsptisvr.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe O24 - Desktop Component 0: (no name) - http://www.foci.buj.hu/oldalak/csapatok/an...d_arsenal01.jpg O24 - Desktop Component 1: (no name) - http://thumbp1.mail.mud.yahoo.com/tn?sid=1...9&fid=Inbox -- End of file - 11728 bytes

1) ComboFix Log ComboFix 09-03-22.01 - Michael Optis 2009-03-22 18:55:13.3 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1481 [GMT -4:00] Running from: c:\documents and settings\Michael Optis\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Michael Optis\Desktop\CFScript.txt AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) FW: McAfee Personal Firewall *enabled* * Created a new restore point FILE :: c:\documents and settings\Michael Optis\My Documents\LimeWire\Incomplete\Preview-T-3545425-common - the people.mp3 c:\documents and settings\Michael Optis\My Documents\LimeWire\Saved\Common - The Corner.mp3 c:\documents and settings\Michael Optis\Shared\cartman gets an anal probe - greatest hits.mp3 c:\documents and settings\Michael Optis\Shared\fligh high dj starskream.mp3 c:\documents and settings\Michael Optis\Shared\flobots - handlebars.mp3 c:\documents and settings\Michael Optis\Shared\mercenaries oh no you didnt 192kb.mp3 c:\documents and settings\Michael Optis\Shared\ratatat - falcon jab.mp3 c:\documents and settings\Michael Optis\Shared\Red Hot Chili Peppers - Breaking the girl.mp3 c:\documents and settings\Michael Optis\Shared\Willa Ford - I Wanna Be Bad (Remix).mp3 . ((((((((((((((((((((((((( Files Created from 2009-02-22 to 2009-03-22 ))))))))))))))))))))))))))))))) . 2009-03-21 16:10 . 2009-03-22 12:29 <DIR> d-------- c:\windows\LastGood 2009-03-21 16:06 . 2009-03-21 16:09 <DIR> d-------- c:\program files\EsetOnlineScanner 2009-03-21 14:58 . 2009-03-22 00:29 <DIR> d--h----- C:\$AVG8.VAULT$ 2009-03-21 14:06 . 2009-03-22 18:31 <DIR> d-------- c:\windows\system32\drivers\Avg 2009-03-21 14:06 . 2009-03-21 14:06 <DIR> d-------- c:\program files\AVG 2009-03-21 14:06 . 2009-03-21 14:06 <DIR> d-------- c:\documents and settings\Nick Optis\Application Data\AVG7 2009-03-21 14:06 . 2009-03-21 14:06 <DIR> d-------- c:\documents and settings\All Users\Application Data\avg8 2009-03-21 14:06 . 2009-03-21 14:06 <DIR> d-------- c:\documents and settings\All Users\Application Data\AVG7 2009-03-21 14:06 . 2009-03-21 14:06 325,640 --a------ c:\windows\system32\drivers\avgldx86.sys 2009-03-21 14:06 . 2009-03-21 14:06 107,912 --a------ c:\windows\system32\drivers\avgtdix.sys 2009-03-21 14:06 . 2009-03-21 14:06 10,520 --a------ c:\windows\system32\avgrsstx.dll 2009-03-21 13:04 . 2009-03-21 13:04 <DIR> d-------- c:\program files\Trend Micro 2009-03-21 11:04 . 2009-03-21 11:04 <DIR> d--hs---- c:\documents and settings\Nick Optis\PrivacIE 2009-03-20 22:34 . 2009-03-22 12:29 <DIR> d-------- c:\program files\Windows Live Safety CenterRebootActions 2009-03-20 21:55 . 2009-03-22 12:29 <DIR> d-------- c:\program files\Windows Live Safety Center 2009-03-20 19:01 . 2009-03-20 19:01 <DIR> d--hs---- c:\documents and settings\Nick Optis\IETldCache 2009-03-20 18:16 . 2009-03-20 18:16 <DIR> d--hs---- c:\documents and settings\LocalService\IETldCache 2009-03-20 17:32 . 2009-03-20 17:32 <DIR> d--hs---- c:\documents and settings\Michael Optis\IECompatCache 2009-03-20 17:31 . 2009-03-20 17:31 <DIR> d--hs---- c:\documents and settings\Michael Optis\PrivacIE 2009-03-20 17:15 . 2009-03-20 17:15 <DIR> d--hs---- c:\documents and settings\Michael Optis\IETldCache 2009-03-20 17:12 . 2009-03-20 17:12 <DIR> d-------- c:\documents and settings\All Users\Application Data\Yahoo! 2009-03-20 17:11 . 2009-03-20 17:13 <DIR> d--h----- c:\windows\msdownld.tmp 2009-03-20 17:11 . 2009-03-20 17:12 <DIR> d--h-c--- c:\windows\ie8 2009-03-19 18:18 . 2009-03-19 18:18 4,096 --a------ C:\lvsen.exe 2009-03-19 18:18 . 2009-03-19 18:18 2 --a------ C:\-529988271 2009-03-18 17:30 . 2009-03-18 17:30 2,560 --a------ c:\windows\_MSRSTRT.EXE 2009-03-18 16:44 . 2009-03-18 16:44 <DIR> d-------- C:\a831996612730073e8 2009-03-18 16:41 . 2009-03-18 16:50 <DIR> d-------- C:\5993f0bc86c0bb3b1fb6 2009-03-08 14:22 . 2009-03-08 14:22 49,152 --------- c:\windows\system32\msrating.dll.mui 2009-03-08 14:22 . 2009-03-08 14:22 2,560 --------- c:\windows\system32\mshta.exe.mui 2009-03-08 14:21 . 2009-03-08 14:21 4,096 --------- c:\windows\system32\ie4uinit.exe.mui 2009-03-08 14:20 . 2009-03-08 14:20 81,920 --------- c:\windows\system32\iedkcs32.dll.mui 2009-03-08 04:33 . 2009-03-08 04:33 18,944 --------- c:\windows\system32\dllcache\corpol.dll 2009-03-05 23:09 . 2009-03-06 20:45 <DIR> d-------- c:\program files\Guild Warz 2009-03-04 16:07 . 2009-03-04 16:07 <DIR> d-------- c:\program files\QIP 2009-02-28 16:18 . 2009-03-04 16:33 <DIR> d-------- c:\documents and settings\Michael Optis\Application Data\ICQ 2009-02-28 16:17 . 2009-03-11 14:43 <DIR> d-------- c:\documents and settings\Michael Optis\ICQ6.5 2009-02-25 17:12 . 2009-02-25 17:12 <DIR> d-------- c:\program files\Common Files\DVDVideoSoft 2009-02-25 17:12 . 2009-02-25 17:13 <DIR> d-------- c:\documents and settings\Michael Optis\Free YouTube to iPod Converter . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-03-21 18:58 --------- d-----w c:\program files\DIGStream 2009-03-20 23:09 --------- d-----w c:\program files\Plaxo 2009-03-20 21:12 --------- d-----w c:\program files\Yahoo! 2009-03-20 21:12 --------- d-----w c:\documents and settings\All Users\Application Data\Yahoo! Companion 2009-03-19 22:18 80,896 --sha-w c:\windows\system32\lezowafu.dll 2009-03-18 22:27 --------- d-----w c:\program files\Malwarebytes' Anti-Malware 2009-03-18 21:45 --------- d-----w c:\program files\MUSICMATCH 2009-03-08 18:09 638,816 ----a-w c:\windows\system32\dllcache\iexplore.exe 2009-03-08 18:09 391,536 ----a-w c:\windows\system32\dllcache\iedkcs32.dll 2009-03-08 08:41 5,937,152 ----a-w c:\windows\system32\dllcache\mshtml.dll 2009-03-08 08:39 11,063,808 ----a-w c:\windows\system32\dllcache\ieframe.dll 2009-03-08 08:34 914,944 ----a-w c:\windows\system32\wininet.dll 2009-03-08 08:34 914,944 ----a-w c:\windows\system32\dllcache\wininet.dll 2009-03-08 08:34 43,008 ----a-w c:\windows\system32\licmgr10.dll 2009-03-08 08:34 43,008 ----a-w c:\windows\system32\dllcache\licmgr10.dll 2009-03-08 08:34 236,544 ----a-w c:\windows\system32\dllcache\webcheck.dll 2009-03-08 08:34 193,536 ----a-w c:\windows\system32\dllcache\msrating.dll 2009-03-08 08:34 109,568 ----a-w c:\windows\system32\dllcache\occache.dll 2009-03-08 08:34 105,984 ----a-w c:\windows\system32\dllcache\url.dll 2009-03-08 08:34 1,206,784 ----a-w c:\windows\system32\dllcache\urlmon.dll 2009-03-08 08:33 759,296 ----a-w c:\windows\system32\dllcache\VGX.dll 2009-03-08 08:33 726,528 ----a-w c:\windows\system32\dllcache\jscript.dll 2009-03-08 08:33 420,352 ----a-w c:\windows\system32\vbscript.dll 2009-03-08 08:33 420,352 ----a-w c:\windows\system32\dllcache\vbscript.dll 2009-03-08 08:33 25,600 ----a-w c:\windows\system32\dllcache\jsproxy.dll 2009-03-08 08:33 229,376 ----a-w c:\windows\system32\dllcache\ieaksie.dll 2009-03-08 08:33 18,944 ----a-w c:\windows\system32\corpol.dll 2009-03-08 08:33 125,952 ----a-w c:\windows\system32\dllcache\ieakeng.dll 2009-03-08 08:32 94,720 ----a-w c:\windows\system32\dllcache\inseng.dll 2009-03-08 08:32 72,704 ----a-w c:\windows\system32\dllcache\admparse.dll 2009-03-08 08:32 72,704 ----a-w c:\windows\system32\admparse.dll 2009-03-08 08:32 71,680 ----a-w c:\windows\system32\iesetup.dll 2009-03-08 08:32 71,680 ----a-w c:\windows\system32\dllcache\iesetup.dll 2009-03-08 08:32 611,840 ----a-w c:\windows\system32\dllcache\mstime.dll 2009-03-08 08:32 594,432 ----a-w c:\windows\system32\dllcache\msfeeds.dll 2009-03-08 08:32 55,808 ----a-w c:\windows\system32\dllcache\iernonce.dll 2009-03-08 08:32 173,056 ----a-w c:\windows\system32\dllcache\ie4uinit.exe 2009-03-08 08:32 163,840 ----a-w c:\windows\system32\dllcache\ieakui.dll 2009-03-08 08:32 128,512 ----a-w c:\windows\system32\dllcache\advpack.dll 2009-03-08 08:32 1,985,024 ----a-w c:\windows\system32\dllcache\iertutil.dll 2009-03-08 08:24 68,608 ----a-w c:\windows\system32\dllcache\hmmapi.dll 2009-03-08 08:22 156,160 ----a-w c:\windows\system32\msls31.dll 2009-03-08 08:22 156,160 ----a-w c:\windows\system32\dllcache\msls31.dll 2009-03-08 08:11 445,952 ----a-w c:\windows\system32\dllcache\ieapfltr.dll 2009-03-06 03:08 --------- d-----w c:\program files\Guild Wars 2009-02-28 20:18 --------- d--h--w c:\program files\InstallShield Installation Information 2009-02-26 08:07 --------- d-----w c:\program files\Microsoft Silverlight 2009-02-11 14:19 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys 2009-02-11 14:19 15,504 ----a-w c:\windows\system32\drivers\mbam.sys 2009-02-09 11:13 1,846,784 ----a-w c:\windows\system32\win32k.sys 2009-02-09 11:13 1,846,784 ------w c:\windows\system32\dllcache\win32k.sys 2009-02-07 16:11 --------- d-----w c:\documents and settings\Michael Optis\Application Data\Research In Motion 2009-02-03 12:17 --------- d-----w c:\documents and settings\Christine MacDonald\Application Data\Research In Motion 2009-01-30 22:47 --------- d-----w c:\documents and settings\Nick Optis\Application Data\Research In Motion 2009-01-30 22:11 --------- d-----w c:\documents and settings\Nick Optis\Application Data\InstallShield 2009-01-30 22:11 --------- d-----w c:\documents and settings\All Users\Application Data\Sonic 2009-01-30 22:11 --------- d-----w c:\documents and settings\All Users\Application Data\Roxio 2009-01-30 22:09 --------- d-----w c:\program files\Roxio 2009-01-30 22:09 --------- d-----w c:\program files\Common Files\Roxio Shared 2009-01-30 22:08 --------- d-----w c:\program files\Common Files\Sonic Shared 2009-01-30 22:02 --------- d-----w c:\program files\Research In Motion 2009-01-30 22:02 --------- d-----w c:\program files\Common Files\Research In Motion 2009-01-30 21:09 --------- d-----w c:\program files\Viewpoint 2009-01-30 21:09 --------- d-----w c:\program files\Common Files\Software Update Utility 2009-01-30 21:09 --------- d-----w c:\program files\AIM6 2009-01-30 21:09 --------- d-----w c:\documents and settings\All Users\Application Data\Viewpoint 2009-01-30 21:09 --------- d-----w c:\documents and settings\All Users\Application Data\AOL 2009-01-30 21:09 --------- d-----w c:\documents and settings\All Users\Application Data\acccore 2009-01-30 21:07 --------- d-----w c:\program files\AIM 2009-01-07 22:21 26,144 ----a-w c:\windows\system32\spupdsvc.exe 2009-01-07 22:20 474,112 ------w c:\windows\system32\dllcache\shlwapi.dll 2009-01-07 22:20 265,720 ----a-w c:\windows\system32\msdbg2.dll 2009-01-07 22:20 26,112 ----a-w c:\windows\system32\idndl.dll 2009-01-07 22:20 24,576 ----a-w c:\windows\system32\nlsdl.dll 2009-01-07 22:20 23,552 ----a-w c:\windows\system32\normaliz.dll 2009-01-07 22:20 134,144 ------w c:\windows\system32\dllcache\sqmapi.dll 2009-01-07 22:20 1,497,088 ------w c:\windows\system32\dllcache\shdocvw.dll 2009-01-07 22:20 1,022,976 ------w c:\windows\system32\dllcache\browseui.dll 2008-04-05 20:45 61,224 ----a-w c:\documents and settings\Michael Optis\GoToAssistDownloadHelper.exe 2006-06-02 17:25 104 -csh--r c:\windows\system32\68DD96E23A.sys 2006-06-02 17:25 4,184 -csha-w c:\windows\system32\KGyGaAvL.sys . ((((((((((((((((((((((((((((( SnapShot@2009-03-21_ 4.08.44.48 ))))))))))))))))))))))))))))))))))))))))) . + 2009-03-22 22:54:57 8,192 ----a-w c:\windows\ERDNT\Hiv-backup\DEFAUL~1.DAT + 2007-07-27 18:49:02 196,683 ----a-w c:\windows\LastGood\system32\lnod32apiA.dll + 2007-07-27 18:49:02 225,355 ----a-w c:\windows\LastGood\system32\lnod32apiW.dll + 2005-12-05 23:25:22 139,264 ----a-w c:\windows\LastGood\system32\lnod32umc.dll + 2005-12-05 16:37:10 106,496 ----a-w c:\windows\LastGood\system32\lnod32upd.dll + 2008-02-11 13:39:26 253,952 ----a-w c:\windows\LastGood\system32\OnlineScannerDLLA.dll + 2008-02-11 13:39:18 237,568 ----a-w c:\windows\LastGood\system32\OnlineScannerDLLW.dll + 2008-02-08 17:53:46 110,592 ----a-w c:\windows\LastGood\system32\OnlineScannerLang.dll + 2008-02-05 12:48:04 77,824 ----a-w c:\windows\LastGood\system32\OnlineScannerUninstaller.exe - 2008-03-18 14:16:35 26,952 ----a-w c:\windows\system32\drivers\avgmfx86.sys + 2009-03-21 18:06:34 27,656 ----a-w c:\windows\system32\drivers\avgmfx86.sys + 2007-07-27 18:49:02 196,683 ----a-w c:\windows\system32\lnod32apiA.dll + 2007-07-27 18:49:02 225,355 ----a-w c:\windows\system32\lnod32apiW.dll + 2005-12-05 23:25:22 139,264 ----a-w c:\windows\system32\lnod32umc.dll + 2005-12-05 16:37:10 106,496 ----a-w c:\windows\system32\lnod32upd.dll + 2009-02-25 16:55:00 24,768,960 ----a-w c:\windows\system32\MRT.exe + 2008-02-11 13:39:26 253,952 ----a-w c:\windows\system32\OnlineScannerDLLA.dll + 2008-02-11 13:39:18 237,568 ----a-w c:\windows\system32\OnlineScannerDLLW.dll + 2008-02-08 17:53:46 110,592 ----a-w c:\windows\system32\OnlineScannerLang.dll + 2008-02-05 12:48:04 77,824 ----a-w c:\windows\system32\OnlineScannerUninstaller.exe + 2006-12-02 04:46:44 65,536 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6c18549a\vcomp.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTSysVol"="c:\program files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" [2003-09-17 57344] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-05 8523776] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-05 81920] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-12-11 286720] "BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2008-11-04 615696] "RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2008-09-19 236016] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-03-21 1932568] "CTHelper"="CTHELPER.EXE" [2004-03-11 c:\windows\system32\CTHELPER.EXE] "nwiz"="nwiz.exe" [2007-12-05 c:\windows\system32\nwiz.exe] c:\documents and settings\Michael Optis\Start Menu\Programs\Startup\ LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2008-04-18 147456] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist] 2008-04-16 14:14 10792 c:\program files\Citrix\GoToAssist\480\g2awinlogon.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2009-03-21 14:06 10520 c:\windows\system32\avgrsstx.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Button Manager v1.836.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Button Manager v1.836.lnk backup=c:\windows\pss\Button Manager v1.836.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk backup=c:\windows\pss\HP Photosmart Premier Fast Start.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak software updater.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\KODAK Software Updater.lnk backup=c:\windows\pss\KODAK Software Updater.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk backup=c:\windows\pss\Microsoft Office.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^TotalMedia Backup Monitor.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\TotalMedia Backup Monitor.lnk backup=c:\windows\pss\TotalMedia Backup Monitor.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^Nick Optis sr^Start Menu^Programs^Startup^Adobe Gamma.lnk] path=c:\documents and settings\Nick Optis sr\Start Menu\Programs\Startup\Adobe Gamma.lnk backup=c:\windows\pss\Adobe Gamma.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader] --a------ 2006-09-14 07:55 61440 c:\program files\Adobe\Photoshop Elements 5.0\apdproxy.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer] -ra------ 2006-10-23 08:50 71216 c:\program files\Common Files\AOL\ACS\AOLDial.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTDVDDET] --a------ 2003-06-18 03:00 45056 c:\program files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] --a------ 2008-04-13 20:12 15360 c:\windows\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport] --a------ 2007-03-15 11:09 460784 c:\program files\DellSupport\DSAgnt.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter] --a------ 2007-11-15 09:23 202544 c:\program files\Dell Support Center\bin\sprtcmd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA] --a------ 2005-11-07 05:20 122940 c:\windows\system32\dla\DLACTRLW.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate] --a------ 2007-11-15 09:24 16384 c:\program files\Dell Support Center\gs_agent\custom\dsca.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher] --------- 2005-02-23 18:19 53248 c:\program files\CyberLink\PowerDVD\DVDLauncher.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray] --a------ 2005-09-29 16:01 67584 c:\windows\ehome\ehtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager] --a------ 2006-09-25 20:52 50736 c:\program files\Common Files\AOL\1141078386\EE\aolsoftware.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] --a------ 2006-02-19 02:41 49152 c:\program files\HP\HP Software Update\hpwuSchd2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif] --a------ 2005-06-17 09:56 139264 c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup] --a------ 2007-08-30 11:50 205480 c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler] --a------ 2006-09-11 05:40 86960 c:\program files\Common Files\InstallShield\UpdateService\issch.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] --a------ 2007-12-11 12:10 267048 c:\program files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] --a------ 2008-04-13 20:12 1695232 c:\program files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] --a------ 2007-12-05 01:41 8523776 c:\windows\system32\nvcpl.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlaxoUpdate] --a------ 2007-12-11 18:21 227914 c:\program files\Plaxo\2.13.1.3\PlaxoHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2007-12-11 11:56 286720 c:\program files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray] --a------ 2005-12-17 05:22 26112 c:\program files\Real\RealPlayer\realplay.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2006-07-26 03:03 49263 c:\program files\Java\jre1.5.0_08\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] --a------ 2007-08-18 15:23 68856 c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg] --------- 2000-05-11 03:00 90112 c:\windows\Updreg.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] --a------ 2007-12-05 01:41 1626112 c:\windows\system32\nwiz.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "KodakCCS"=2 (0x2) "AOL TopSpeedMonitor"=2 (0x2) "WMPNetworkSvc"=3 (0x3) "Viewpoint Manager Service"=2 (0x2) "ose"=3 (0x3) "odserv"=3 (0x3) "gusvc"=3 (0x3) "sprtsvc_dellsupportcenter"=2 (0x2) "IDriverT"=3 (0x3) "GoToAssist"=3 (0x3) "DSBrokerService"=3 (0x3) [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"= "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"= "c:\\Program Files\\Common Files\\AOL\\1141078386\\ee\\aolservicehost.exe"= "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\Program Files\\Common Files\\AOL\\1141078386\\EE\\aolsoftware.exe"= "c:\\Program Files\\Adobe\\Photoshop Elements 5.0\\AdobePhotoshopElementsMediaServer.exe"= "c:\\Documents and Settings\\Michael Optis\\My Documents\\iTunes.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\AOL 9.0\\waol.exe"= "c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"= "c:\\Program Files\\AIM6\\aim6.exe"= "c:\\Documents and Settings\\Michael Optis\\ICQ6.5\\ICQ.exe"= "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"= "c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"= R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-03-21 325640] R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-03-21 107912] R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-03-21 298264] R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2009-01-30 24652] R2 YahooAUService;Yahoo! Updater;c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe [2008-11-09 602392] S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys --> c:\windows\system32\drivers\ScreamingBAudio.sys [?] S3 USBREC;Canon USB Video Record;c:\windows\system32\drivers\USBREC.sys [2004-10-05 4992] S3 USBVCD;Canon USB Video;c:\windows\system32\drivers\USBVCD.sys [2004-10-05 57856] S3 VCIDRV;Canon USB Video Control;c:\windows\system32\drivers\VCIDRV.sys [2004-10-05 6528] --- Other Services/Drivers In Memory --- *Deregistered* - uphcleanhlp [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}] c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,LaunchINFSectionEx c:\program files\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12 . Contents of the 'Scheduled Tasks' folder 2009-03-21 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 14:57] . . ------- Supplementary Scan ------- . uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uStart Page = hxxp://www.google.com/ uSearchURL,(Default) = hxxp://www.google.com/search?q=%s . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-03-22 18:56:37 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(740) c:\program files\Citrix\GoToAssist\480\G2AWinLogon.dll . Completion time: 2009-03-22 18:58:02 ComboFix-quarantined-files.txt 2009-03-22 22:57:56 ComboFix2.txt 2009-03-21 17:45:18 ComboFix3.txt 2009-03-21 08:09:35 Pre-Run: 85,276,266,496 bytes free Post-Run: 85,434,081,280 bytes free 345 --- E O F --- 2009-03-22 07:02:24

3) ESET Online Scanner # version=4 # OnlineScanner.ocx=1.0.0.635 # OnlineScannerDLLA.dll=1, 0, 0, 79 # OnlineScannerDLLW.dll=1, 0, 0, 78 # OnlineScannerUninstaller.exe=1, 0, 0, 49 # vers_standard_module=3953 (20090321) # vers_arch_module=1.064 (20080214) # vers_adv_heur_module=1.066 (20070917) # EOSSerial=89853d605540d247bf7e4e4227992e8f # end=finished # remove_checked=false # unwanted_checked=true # utc_time=2009-03-21 09:34:52 # local_time=2009-03-21 05:34:52 (-0500, Eastern Daylight Time) # country="United States" # osver=5.1.2600 NT Service Pack 3 # scanned=452313 # found=9 # scan_time=5045 C:\Documents and Settings\Michael Optis\My Documents\LimeWire\Incomplete\Preview-T-3545425-common - the people.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 2FC8D01B828AA9A621674D6A57443414 C:\Documents and Settings\Michael Optis\My Documents\LimeWire\Saved\Common - The Corner.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 54091CA497F4D3C4D4CB3E3953E9C1C5 C:\Documents and Settings\Michael Optis\Shared\cartman gets an anal probe - greatest hits.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan EA1B34FC5085EDB362AE423E2D6939FE C:\Documents and Settings\Michael Optis\Shared\fligh high dj starskream.mp3 WMA/TrojanDownloader.GetCodec.C trojan AFA3AE52FDE53166F217E95C0A92CFAF C:\Documents and Settings\Michael Optis\Shared\flobots - handlebars.mp3 WMA/TrojanDownloader.GetCodec.C trojan 1A31AF52C42A4B385BFD1DC08CCDF7F2 C:\Documents and Settings\Michael Optis\Shared\mercenaries oh no you didnt 192kb.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan E1548CEF050BF97E8A6AD5DA90849865 C:\Documents and Settings\Michael Optis\Shared\ratatat - falcon jab.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan C878135B225BD516E15564520FC0F816 C:\Documents and Settings\Michael Optis\Shared\Red Hot Chili Peppers - Breaking the girl.mp3 WMA/TrojanDownloader.GetCodec.C trojan 1A31AF52C42A4B385BFD1DC08CCDF7F2 C:\Documents and Settings\Michael Optis\Shared\Willa Ford - I Wanna Be Bad (Remix).mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 54091CA497F4D3C4D4CB3E3953E9C1C5

i will post the ESET log soon

3) HighJackThis Log Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 4:01:31 PM, on 3/21/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\WINDOWS\system32\CTsvcCDA.EXE C:\WINDOWS\system32\crypserv.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe C:\WINDOWS\system32\LxrJD31s.exe C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\CTHELPER.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe C:\WINDOWS\system32\HPZipm12.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\WINDOWS\system32\ctfmon.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\UPHClean\uphclean.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe C:\Program Files\Canon\CAL\CALMAIN.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\Microsoft Office\Office\POWERPNT.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll (file missing) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [blackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Documents and Settings\Michael Optis\ICQ6.5\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Documents and Settings\Michael Optis\ICQ6.5\ICQ.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase5483.cab O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1207791331984 O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...369/mcfscan.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\480\G2AWinLogon.dll O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrJD31s.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\Pacsptisvr.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe O24 - Desktop Component 0: (no name) - http://www.foci.buj.hu/oldalak/csapatok/an...d_arsenal01.jpg O24 - Desktop Component 1: (no name) - http://thumbp1.mail.mud.yahoo.com/tn?sid=1...9&fid=Inbox -- End of file - 11535 bytes

2)MBAM Log Malwarebytes' Anti-Malware 1.34 Database version: 1879 Windows 5.1.2600 Service Pack 3 3/21/2009 3:54:21 PM mbam-log-2009-03-21 (15-54-21).txt Scan type: Full Scan (C:\|D:\|E:\|F:\|G:\|H:\|I:\|) Objects scanned: 238216 Time elapsed: 1 hour(s), 22 minute(s), 29 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 1 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)

im about to do both scans, and i am getting rid of avg7 and downloading the new free avg8 =)

i will post the MBAM log soon, and the http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html never opens. i dont know the link doesnt work. And i will do a highjackthis log soon too

1.) ComboFix Log ComboFix 09-03-19.02 - Michael Optis 2009-03-21 13:40:28.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1462 [GMT -4:00] Running from: c:\documents and settings\Michael Optis\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Michael Optis\Desktop\CFScript.txt AV: AVG 7.5.557 *On-access scanning disabled* (Updated) FW: McAfee Personal Firewall *enabled* * Created a new restore point FILE :: c:\windows\system32\drivers\ggemrk.sys . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\drivers\ggemrk.sys . ((((((((((((((((((((((((( Files Created from 2009-02-21 to 2009-03-21 ))))))))))))))))))))))))))))))) . 2009-03-21 13:04 . 2009-03-21 13:04 <DIR> d-------- c:\program files\Trend Micro 2009-03-21 11:04 . 2009-03-21 11:04 <DIR> d--hs---- c:\documents and settings\Nick Optis\PrivacIE 2009-03-20 22:34 . 2009-03-20 23:00 <DIR> d-------- c:\program files\Windows Live Safety CenterRebootActions 2009-03-20 21:55 . 2009-03-20 22:36 <DIR> d-------- c:\program files\Windows Live Safety Center 2009-03-20 19:01 . 2009-03-20 19:01 <DIR> d--hs---- c:\documents and settings\Nick Optis\IETldCache 2009-03-20 18:16 . 2009-03-20 18:16 <DIR> d--hs---- c:\documents and settings\LocalService\IETldCache 2009-03-20 17:32 . 2009-03-20 17:32 <DIR> d--hs---- c:\documents and settings\Michael Optis\IECompatCache 2009-03-20 17:31 . 2009-03-20 17:31 <DIR> d--hs---- c:\documents and settings\Michael Optis\PrivacIE 2009-03-20 17:15 . 2009-03-20 17:15 <DIR> d--hs---- c:\documents and settings\Michael Optis\IETldCache 2009-03-20 17:12 . 2009-03-20 17:12 <DIR> d-------- c:\documents and settings\All Users\Application Data\Yahoo! 2009-03-20 17:11 . 2009-03-20 17:13 <DIR> d--h----- c:\windows\msdownld.tmp 2009-03-20 17:11 . 2009-03-20 17:12 <DIR> d--h-c--- c:\windows\ie8 2009-03-19 18:18 . 2009-03-19 18:18 4,096 --a------ C:\lvsen.exe 2009-03-19 18:18 . 2009-03-19 18:18 2 --a------ C:\-529988271 2009-03-18 17:30 . 2009-03-18 17:30 2,560 --a------ c:\windows\_MSRSTRT.EXE 2009-03-18 16:44 . 2009-03-18 16:44 <DIR> d-------- C:\a831996612730073e8 2009-03-18 16:41 . 2009-03-18 16:50 <DIR> d-------- C:\5993f0bc86c0bb3b1fb6 2009-03-15 16:38 . 2009-03-20 16:54 <DIR> dr-h----- C:\$VAULT$.AVG 2009-03-08 14:22 . 2009-03-08 14:22 49,152 --------- c:\windows\system32\msrating.dll.mui 2009-03-08 14:22 . 2009-03-08 14:22 2,560 --------- c:\windows\system32\mshta.exe.mui 2009-03-08 14:21 . 2009-03-08 14:21 4,096 --------- c:\windows\system32\ie4uinit.exe.mui 2009-03-08 14:20 . 2009-03-08 14:20 81,920 --------- c:\windows\system32\iedkcs32.dll.mui 2009-03-08 04:33 . 2009-03-08 04:33 18,944 --------- c:\windows\system32\dllcache\corpol.dll 2009-03-05 23:09 . 2009-03-06 20:45 <DIR> d-------- c:\program files\Guild Warz 2009-03-04 16:07 . 2009-03-04 16:07 <DIR> d-------- c:\program files\QIP 2009-02-28 16:18 . 2009-03-04 16:33 <DIR> d-------- c:\documents and settings\Michael Optis\Application Data\ICQ 2009-02-28 16:17 . 2009-03-11 14:43 <DIR> d-------- c:\documents and settings\Michael Optis\ICQ6.5 2009-02-25 17:12 . 2009-02-25 17:12 <DIR> d-------- c:\program files\Common Files\DVDVideoSoft 2009-02-25 17:12 . 2009-02-25 17:13 <DIR> d-------- c:\documents and settings\Michael Optis\Free YouTube to iPod Converter . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-03-21 16:51 --------- d-----w c:\documents and settings\Michael Optis\Application Data\AVG7 2009-03-21 12:00 --------- d-----w c:\documents and settings\Nick Optis\Application Data\AVG7 2009-03-20 23:09 --------- d-----w c:\program files\Plaxo 2009-03-20 21:12 --------- d-----w c:\program files\Yahoo! 2009-03-20 21:12 --------- d-----w c:\documents and settings\All Users\Application Data\Yahoo! Companion 2009-03-20 11:35 --------- d-----w c:\documents and settings\Christine MacDonald\Application Data\AVG7 2009-03-19 22:18 80,896 --sha-w c:\windows\system32\lezowafu.dll 2009-03-18 22:27 --------- d-----w c:\program files\Malwarebytes' Anti-Malware 2009-03-18 21:45 --------- d-----w c:\program files\MUSICMATCH 2009-03-08 18:09 638,816 ----a-w c:\windows\system32\dllcache\iexplore.exe 2009-03-08 18:09 391,536 ----a-w c:\windows\system32\dllcache\iedkcs32.dll 2009-03-08 08:41 5,937,152 ----a-w c:\windows\system32\dllcache\mshtml.dll 2009-03-08 08:39 11,063,808 ----a-w c:\windows\system32\dllcache\ieframe.dll 2009-03-08 08:34 914,944 ----a-w c:\windows\system32\wininet.dll 2009-03-08 08:34 914,944 ----a-w c:\windows\system32\dllcache\wininet.dll 2009-03-08 08:34 43,008 ----a-w c:\windows\system32\licmgr10.dll 2009-03-08 08:34 43,008 ----a-w c:\windows\system32\dllcache\licmgr10.dll 2009-03-08 08:34 236,544 ----a-w c:\windows\system32\dllcache\webcheck.dll 2009-03-08 08:34 193,536 ----a-w c:\windows\system32\dllcache\msrating.dll 2009-03-08 08:34 109,568 ----a-w c:\windows\system32\dllcache\occache.dll 2009-03-08 08:34 105,984 ----a-w c:\windows\system32\dllcache\url.dll 2009-03-08 08:34 1,206,784 ----a-w c:\windows\system32\dllcache\urlmon.dll 2009-03-08 08:33 759,296 ----a-w c:\windows\system32\dllcache\VGX.dll 2009-03-08 08:33 726,528 ----a-w c:\windows\system32\dllcache\jscript.dll 2009-03-08 08:33 420,352 ----a-w c:\windows\system32\vbscript.dll 2009-03-08 08:33 420,352 ----a-w c:\windows\system32\dllcache\vbscript.dll 2009-03-08 08:33 25,600 ----a-w c:\windows\system32\dllcache\jsproxy.dll 2009-03-08 08:33 229,376 ----a-w c:\windows\system32\dllcache\ieaksie.dll 2009-03-08 08:33 18,944 ----a-w c:\windows\system32\corpol.dll 2009-03-08 08:33 125,952 ----a-w c:\windows\system32\dllcache\ieakeng.dll 2009-03-08 08:32 94,720 ----a-w c:\windows\system32\dllcache\inseng.dll 2009-03-08 08:32 72,704 ----a-w c:\windows\system32\dllcache\admparse.dll 2009-03-08 08:32 72,704 ----a-w c:\windows\system32\admparse.dll 2009-03-08 08:32 71,680 ----a-w c:\windows\system32\iesetup.dll 2009-03-08 08:32 71,680 ----a-w c:\windows\system32\dllcache\iesetup.dll 2009-03-08 08:32 611,840 ----a-w c:\windows\system32\dllcache\mstime.dll 2009-03-08 08:32 594,432 ----a-w c:\windows\system32\dllcache\msfeeds.dll 2009-03-08 08:32 55,808 ----a-w c:\windows\system32\dllcache\iernonce.dll 2009-03-08 08:32 173,056 ----a-w c:\windows\system32\dllcache\ie4uinit.exe 2009-03-08 08:32 163,840 ----a-w c:\windows\system32\dllcache\ieakui.dll 2009-03-08 08:32 128,512 ----a-w c:\windows\system32\dllcache\advpack.dll 2009-03-08 08:32 1,985,024 ----a-w c:\windows\system32\dllcache\iertutil.dll 2009-03-08 08:24 68,608 ----a-w c:\windows\system32\dllcache\hmmapi.dll 2009-03-08 08:22 156,160 ----a-w c:\windows\system32\msls31.dll 2009-03-08 08:22 156,160 ----a-w c:\windows\system32\dllcache\msls31.dll 2009-03-08 08:11 445,952 ----a-w c:\windows\system32\dllcache\ieapfltr.dll 2009-03-06 03:08 --------- d-----w c:\program files\Guild Wars 2009-02-28 20:18 --------- d--h--w c:\program files\InstallShield Installation Information 2009-02-26 08:07 --------- d-----w c:\program files\Microsoft Silverlight 2009-02-19 00:37 --------- d-----w c:\documents and settings\Nick Optis sr\Application Data\AVG7 2009-02-11 14:19 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys 2009-02-11 14:19 15,504 ----a-w c:\windows\system32\drivers\mbam.sys 2009-02-09 11:13 1,846,784 ----a-w c:\windows\system32\win32k.sys 2009-02-09 11:13 1,846,784 ------w c:\windows\system32\dllcache\win32k.sys 2009-02-07 16:11 --------- d-----w c:\documents and settings\Michael Optis\Application Data\Research In Motion 2009-02-03 12:17 --------- d-----w c:\documents and settings\Christine MacDonald\Application Data\Research In Motion 2009-01-30 22:47 --------- d-----w c:\documents and settings\Nick Optis\Application Data\Research In Motion 2009-01-30 22:11 --------- d-----w c:\documents and settings\Nick Optis\Application Data\InstallShield 2009-01-30 22:11 --------- d-----w c:\documents and settings\All Users\Application Data\Sonic 2009-01-30 22:11 --------- d-----w c:\documents and settings\All Users\Application Data\Roxio 2009-01-30 22:09 --------- d-----w c:\program files\Roxio 2009-01-30 22:09 --------- d-----w c:\program files\Common Files\Roxio Shared 2009-01-30 22:08 --------- d-----w c:\program files\Common Files\Sonic Shared 2009-01-30 22:02 --------- d-----w c:\program files\Research In Motion 2009-01-30 22:02 --------- d-----w c:\program files\Common Files\Research In Motion 2009-01-30 21:09 --------- d-----w c:\program files\Viewpoint 2009-01-30 21:09 --------- d-----w c:\program files\Common Files\Software Update Utility 2009-01-30 21:09 --------- d-----w c:\program files\AIM6 2009-01-30 21:09 --------- d-----w c:\documents and settings\All Users\Application Data\Viewpoint 2009-01-30 21:09 --------- d-----w c:\documents and settings\All Users\Application Data\AOL 2009-01-30 21:09 --------- d-----w c:\documents and settings\All Users\Application Data\acccore 2009-01-30 21:07 --------- d-----w c:\program files\AIM 2009-01-07 22:21 26,144 ----a-w c:\windows\system32\spupdsvc.exe 2009-01-07 22:20 474,112 ------w c:\windows\system32\dllcache\shlwapi.dll 2009-01-07 22:20 265,720 ----a-w c:\windows\system32\msdbg2.dll 2009-01-07 22:20 26,112 ----a-w c:\windows\system32\idndl.dll 2009-01-07 22:20 24,576 ----a-w c:\windows\system32\nlsdl.dll 2009-01-07 22:20 23,552 ----a-w c:\windows\system32\normaliz.dll 2009-01-07 22:20 134,144 ------w c:\windows\system32\dllcache\sqmapi.dll 2009-01-07 22:20 1,497,088 ------w c:\windows\system32\dllcache\shdocvw.dll 2009-01-07 22:20 1,022,976 ------w c:\windows\system32\dllcache\browseui.dll 2008-04-05 20:45 61,224 ----a-w c:\documents and settings\Michael Optis\GoToAssistDownloadHelper.exe 2006-06-02 17:25 104 -csh--r c:\windows\system32\68DD96E23A.sys 2006-06-02 17:25 4,184 -csha-w c:\windows\system32\KGyGaAvL.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTSysVol"="c:\program files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" [2003-09-17 57344] "AVG7_CC"="c:\progra~1\Grisoft\AVG7\avgcc.exe" [2009-02-24 590848] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-05 8523776] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-05 81920] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-12-11 286720] "BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2008-11-04 615696] "RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2008-09-19 236016] "CTHelper"="CTHELPER.EXE" [2004-03-11 c:\windows\system32\CTHELPER.EXE] "nwiz"="nwiz.exe" [2007-12-05 c:\windows\system32\nwiz.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "AVG7_Run"="c:\progra~1\Grisoft\AVG7\avgw.exe" [2008-03-18 219136] c:\documents and settings\Michael Optis\Start Menu\Programs\Startup\ LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2008-04-18 147456] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist] 2008-04-16 14:14 10792 c:\program files\Citrix\GoToAssist\480\g2awinlogon.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Button Manager v1.836.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Button Manager v1.836.lnk backup=c:\windows\pss\Button Manager v1.836.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk backup=c:\windows\pss\HP Photosmart Premier Fast Start.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak software updater.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\KODAK Software Updater.lnk backup=c:\windows\pss\KODAK Software Updater.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk backup=c:\windows\pss\Microsoft Office.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^TotalMedia Backup Monitor.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\TotalMedia Backup Monitor.lnk backup=c:\windows\pss\TotalMedia Backup Monitor.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^Nick Optis sr^Start Menu^Programs^Startup^Adobe Gamma.lnk] path=c:\documents and settings\Nick Optis sr\Start Menu\Programs\Startup\Adobe Gamma.lnk backup=c:\windows\pss\Adobe Gamma.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader] --a------ 2006-09-14 07:55 61440 c:\program files\Adobe\Photoshop Elements 5.0\apdproxy.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer] -ra------ 2006-10-23 08:50 71216 c:\program files\Common Files\AOL\ACS\AOLDial.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTDVDDET] --a------ 2003-06-18 03:00 45056 c:\program files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] --a------ 2008-04-13 20:12 15360 c:\windows\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport] --a------ 2007-03-15 11:09 460784 c:\program files\DellSupport\DSAgnt.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter] --a------ 2007-11-15 09:23 202544 c:\program files\Dell Support Center\bin\sprtcmd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA] --a------ 2005-11-07 05:20 122940 c:\windows\system32\dla\DLACTRLW.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate] --a------ 2007-11-15 09:24 16384 c:\program files\Dell Support Center\gs_agent\custom\dsca.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher] --------- 2005-02-23 18:19 53248 c:\program files\CyberLink\PowerDVD\DVDLauncher.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray] --a------ 2005-09-29 16:01 67584 c:\windows\ehome\ehtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager] --a------ 2006-09-25 20:52 50736 c:\program files\Common Files\AOL\1141078386\EE\aolsoftware.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] --a------ 2006-02-19 02:41 49152 c:\program files\HP\HP Software Update\hpwuSchd2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif] --a------ 2005-06-17 09:56 139264 c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup] --a------ 2007-08-30 11:50 205480 c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler] --a------ 2006-09-11 05:40 86960 c:\program files\Common Files\InstallShield\UpdateService\issch.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] --a------ 2007-12-11 12:10 267048 c:\program files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] --a------ 2008-04-13 20:12 1695232 c:\program files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] --a------ 2007-12-05 01:41 8523776 c:\windows\system32\nvcpl.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlaxoUpdate] --a------ 2007-12-11 18:21 227914 c:\program files\Plaxo\2.13.1.3\PlaxoHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2007-12-11 11:56 286720 c:\program files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray] --a------ 2005-12-17 05:22 26112 c:\program files\Real\RealPlayer\realplay.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2006-07-26 03:03 49263 c:\program files\Java\jre1.5.0_08\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] --a------ 2007-08-18 15:23 68856 c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg] --------- 2000-05-11 03:00 90112 c:\windows\Updreg.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] --a------ 2007-12-05 01:41 1626112 c:\windows\system32\nwiz.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "KodakCCS"=2 (0x2) "AOL TopSpeedMonitor"=2 (0x2) "WMPNetworkSvc"=3 (0x3) "Viewpoint Manager Service"=2 (0x2) "ose"=3 (0x3) "odserv"=3 (0x3) "gusvc"=3 (0x3) "sprtsvc_dellsupportcenter"=2 (0x2) "IDriverT"=3 (0x3) "GoToAssist"=3 (0x3) "DSBrokerService"=3 (0x3) [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UpdatesDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"= "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"= "c:\\Program Files\\Common Files\\AOL\\1141078386\\ee\\aolservicehost.exe"= "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\Program Files\\Common Files\\AOL\\1141078386\\EE\\aolsoftware.exe"= "c:\\Program Files\\Adobe\\Photoshop Elements 5.0\\AdobePhotoshopElementsMediaServer.exe"= "c:\\Documents and Settings\\Michael Optis\\My Documents\\iTunes.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Grisoft\\AVG7\\avginet.exe"= "c:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"= "c:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\AOL 9.0\\waol.exe"= "c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"= "c:\\Program Files\\AIM6\\aim6.exe"= "c:\\Documents and Settings\\Michael Optis\\ICQ6.5\\ICQ.exe"= R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2009-01-30 24652] R2 YahooAUService;Yahoo! Updater;c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe [2008-11-09 602392] S1 cvkpbwed;cvkpbwed;\??\c:\windows\system32\drivers\cvkpbwed.sys --> c:\windows\system32\drivers\cvkpbwed.sys [?] S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys --> c:\windows\system32\drivers\ScreamingBAudio.sys [?] S3 USBREC;Canon USB Video Record;c:\windows\system32\drivers\USBREC.sys [2004-10-05 4992] S3 USBVCD;Canon USB Video;c:\windows\system32\drivers\USBVCD.sys [2004-10-05 57856] S3 VCIDRV;Canon USB Video Control;c:\windows\system32\drivers\VCIDRV.sys [2004-10-05 6528] --- Other Services/Drivers In Memory --- *Deregistered* - uphcleanhlp [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}] c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,LaunchINFSectionEx c:\program files\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12 . Contents of the 'Scheduled Tasks' folder 2009-03-21 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 14:57] . . ------- Supplementary Scan ------- . uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uStart Page = hxxp://www.google.com/ uSearchURL,(Default) = hxxp://www.google.com/search?q=%s . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-03-21 13:42:57 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(736) c:\program files\Citrix\GoToAssist\480\G2AWinLogon.dll - - - - - - - > 'winlogon.exe'(2520) c:\program files\Citrix\GoToAssist\480\G2AWinLogon.dll . Completion time: 2009-03-21 13:45:17 ComboFix-quarantined-files.txt 2009-03-21 17:44:29 ComboFix2.txt 2009-03-21 08:09:35 Pre-Run: 85,690,056,704 bytes free Post-Run: 85,702,422,528 bytes free 312 --- E O F --- 2009-03-11 07:00:53

2) HijackThis Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 1:05:09 PM, on 3/21/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\WINDOWS\system32\CTsvcCDA.EXE C:\WINDOWS\system32\crypserv.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe C:\WINDOWS\system32\LxrJD31s.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\UPHClean\uphclean.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe C:\Program Files\Canon\CAL\CALMAIN.exe C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\system32\winlogon.exe C:\Program Files\Citrix\GoToAssist\480\G2AProcessFactory.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe C:\WINDOWS\system32\CTHELPER.EXE C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [blackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-21-4185367025-3630409506-3676208232-1007\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Nick Optis') O4 - HKUS\S-1-5-21-4185367025-3630409506-3676208232-1007\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (User 'Nick Optis') O4 - HKUS\S-1-5-21-4185367025-3630409506-3676208232-1007\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup (User 'Nick Optis') O4 - HKUS\S-1-5-21-4185367025-3630409506-3676208232-1007\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp (User 'Nick Optis') O4 - HKUS\S-1-5-21-4185367025-3630409506-3676208232-1007\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Nick Optis') O4 - HKUS\S-1-5-21-4185367025-3630409506-3676208232-1007\..\Run: [iSUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler (User 'Nick Optis') O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user') O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Documents and Settings\Michael Optis\ICQ6.5\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Documents and Settings\Michael Optis\ICQ6.5\ICQ.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase5483.cab O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1207791331984 O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...369/mcfscan.cab O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\480\G2AWinLogon.dll O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrJD31s.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\Pacsptisvr.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe O24 - Desktop Component 0: (no name) - http://www.foci.buj.hu/oldalak/csapatok/an...d_arsenal01.jpg O24 - Desktop Component 1: (no name) - http://thumbp1.mail.mud.yahoo.com/tn?sid=1...9&fid=Inbox -- End of file - 12629 bytes

1) Virustotal results c:\windows\system32\drivers\ggemrk.sys Antivirus Version Last Update Result a-squared - - - AhnLab-V3 - - Win-Trojan/Avenger.61440 AntiVir - - - Authentium - - - Avast - - - AVG - - - BitDefender - - - CAT-QuickHeal - - - ClamAV - - - Comodo - - - DrWeb - - - eSafe - - Win32.Banker eTrust-Vet - - - F-Prot - - - F-Secure - - - Fortinet - - PossibleThreat GData - - - Ikarus - - - K7AntiVirus - - - Kaspersky - - - McAfee - - - McAfee+Artemis - - - McAfee-GW-Edition - - - Microsoft - - - NOD32 - - - Norman - - W32/Agent.HHSF nProtect - - - Panda - - Trj/Downloader.MDW PCTools - - Trojan-PWS.Bancos.PWN Prevx1 - - Medium Risk Malware Rising - - - Sophos - - - Sunbelt - - - Symantec - - - TheHacker - - - TrendMicro - - - VBA32 - - - ViRobot - - Hoax..Agent.61440 VirusBuster - - - Additional information MD5: 589312a3b46721c5a751e4d5222a89be SHA1: 3a497d3968a4f6e3c648d196da38e5f98e75ec30 SHA256: 03cbe6df7f5605a3659ffe27a1184a8d9066436a17d7bac9cceb122de74f69ae SHA512: c8abe050c97efe34541c3ef293a750e34b82117ae41f41d83db1f1489eb5d776a1d59d0b4a1e1353 6e5bebda630693daf4be66cc386f587a69288c76df98cf7b C:\lvsen.exe Antivirus Version Last Update Result AhnLab-V3 - - - AntiVir - - - Authentium - - - Avast - - - AVG - - - BitDefender - - - CAT-QuickHeal - - - ClamAV - - - DrWeb - - - eSafe - - - eTrust-Vet - - - Ewido - - - F-Prot - - - F-Secure - - - FileAdvisor - - - Fortinet - - - Ikarus - - - Kaspersky - - - McAfee - - - Microsoft - - - NOD32v2 - - - Norman - - - Panda - - - Prevx1 - - - Rising - - - Sophos - - - Sunbelt - - - Symantec - - - TheHacker - - - VBA32 - - - VirusBuster - - - Webwasher-Gateway - - BlockReason.0 Additional information MD5: 620f0b67a91f7f74151bc5be745b7110 SHA1: 1ceaf73df40e531df3bfb26b4fb7cd95fb7bff1d SHA256: ad7facb2586fc6e966c004d7d1d16b024f5805ff7cb47c7a85dabd8b48892ca7 SHA512: 2d23913d3759ef01704a86b4bee3ac8a29002313ecc98a7424425a78170f219577822fd77e4ae963 13547696ad7d5949b58e12d5063ef2ee063b595740a3a12d

okay here it is, and thank you ComboFix 09-03-19.02 - Michael Optis 2009-03-21 3:58:27.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1549 [GMT -4:00] Running from: c:\documents and settings\Michael Optis\Desktop\ComboFix.exe AV: AVG 7.5.557 *On-access scanning disabled* (Updated) FW: McAfee Personal Firewall *enabled* . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\docume~1\MICHAE~1\LOCALS~1\Temp\tmp2.tmp c:\windows\system32\afyhfv.dll c:\windows\system32\bszip.dll c:\windows\system32\bwfvhb.dll c:\windows\system32\czhffn.dll c:\windows\system32\deyorosi.dll c:\windows\system32\fugafizu.dll c:\windows\system32\kidodize.dll c:\windows\system32\kolohage.dll c:\windows\system32\lekozeko.dll c:\windows\system32\nidegeri.dll c:\windows\system32\nijetiyi.dll c:\windows\system32\njnebj.dll c:\windows\system32\onvsiu.dll c:\windows\system32\pegapuva.dll c:\windows\system32\sirewaya.dll c:\windows\system32\urokapab.ini c:\windows\system32\vayfsl.dll c:\windows\system32\wirqgv.dll c:\windows\system32\wokibezo.dll c:\windows\system32\wusonaha.dll c:\windows\system32\zelewehe.dll c:\windows\system32\zuyahoba.dll . ((((((((((((((((((((((((( Files Created from 2009-02-21 to 2009-03-21 ))))))))))))))))))))))))))))))) . 2009-03-20 22:34 . 2009-03-20 23:00 <DIR> d-------- c:\program files\Windows Live Safety CenterRebootActions 2009-03-20 21:55 . 2009-03-20 22:36 <DIR> d-------- c:\program files\Windows Live Safety Center 2009-03-20 19:01 . 2009-03-20 19:01 <DIR> d--hs---- c:\documents and settings\Nick Optis\IETldCache 2009-03-20 18:16 . 2009-03-20 18:16 <DIR> d--hs---- c:\documents and settings\LocalService\IETldCache 2009-03-20 17:32 . 2009-03-20 17:32 <DIR> d--hs---- c:\documents and settings\Michael Optis\IECompatCache 2009-03-20 17:31 . 2009-03-20 17:31 <DIR> d--hs---- c:\documents and settings\Michael Optis\PrivacIE 2009-03-20 17:15 . 2009-03-20 17:15 <DIR> d--hs---- c:\documents and settings\Michael Optis\IETldCache 2009-03-20 17:12 . 2009-03-20 17:12 <DIR> d-------- c:\documents and settings\All Users\Application Data\Yahoo! 2009-03-20 17:11 . 2009-03-20 17:13 <DIR> d--h----- c:\windows\msdownld.tmp 2009-03-20 17:11 . 2009-03-20 17:12 <DIR> d--h-c--- c:\windows\ie8 2009-03-19 20:24 . 2009-03-19 20:24 61,440 --a------ c:\windows\system32\drivers\ggemrk.sys 2009-03-19 18:18 . 2009-03-19 18:18 4,096 --a------ C:\lvsen.exe 2009-03-19 18:18 . 2009-03-19 18:18 2 --a------ C:\-529988271 2009-03-18 17:30 . 2009-03-18 17:30 2,560 --a------ c:\windows\_MSRSTRT.EXE 2009-03-18 16:44 . 2009-03-18 16:44 <DIR> d-------- C:\a831996612730073e8 2009-03-18 16:41 . 2009-03-18 16:50 <DIR> d-------- C:\5993f0bc86c0bb3b1fb6 2009-03-15 16:38 . 2009-03-20 16:54 <DIR> dr-h----- C:\$VAULT$.AVG 2009-03-08 14:22 . 2009-03-08 14:22 49,152 --------- c:\windows\system32\msrating.dll.mui 2009-03-08 14:22 . 2009-03-08 14:22 2,560 --------- c:\windows\system32\mshta.exe.mui 2009-03-08 14:21 . 2009-03-08 14:21 4,096 --------- c:\windows\system32\ie4uinit.exe.mui 2009-03-08 14:20 . 2009-03-08 14:20 81,920 --------- c:\windows\system32\iedkcs32.dll.mui 2009-03-08 04:33 . 2009-03-08 04:33 18,944 --------- c:\windows\system32\dllcache\corpol.dll 2009-03-05 23:09 . 2009-03-06 20:45 <DIR> d-------- c:\program files\Guild Warz 2009-03-04 16:07 . 2009-03-04 16:07 <DIR> d-------- c:\program files\QIP 2009-02-28 16:18 . 2009-03-04 16:33 <DIR> d-------- c:\documents and settings\Michael Optis\Application Data\ICQ 2009-02-28 16:17 . 2009-03-11 14:43 <DIR> d-------- c:\documents and settings\Michael Optis\ICQ6.5 2009-02-25 17:12 . 2009-02-25 17:12 <DIR> d-------- c:\program files\Common Files\DVDVideoSoft 2009-02-25 17:12 . 2009-02-25 17:13 <DIR> d-------- c:\documents and settings\Michael Optis\Free YouTube to iPod Converter . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-03-21 01:36 --------- d-----w c:\documents and settings\Michael Optis\Application Data\AVG7 2009-03-20 23:09 --------- d-----w c:\program files\Plaxo 2009-03-20 21:12 --------- d-----w c:\program files\Yahoo! 2009-03-20 21:12 --------- d-----w c:\documents and settings\All Users\Application Data\Yahoo! Companion 2009-03-20 20:09 --------- d-----w c:\documents and settings\Nick Optis\Application Data\AVG7 2009-03-20 11:35 --------- d-----w c:\documents and settings\Christine MacDonald\Application Data\AVG7 2009-03-18 22:27 --------- d-----w c:\program files\Malwarebytes' Anti-Malware 2009-03-18 21:45 --------- d-----w c:\program files\MUSICMATCH 2009-03-06 03:08 --------- d-----w c:\program files\Guild Wars 2009-02-28 20:18 --------- d--h--w c:\program files\InstallShield Installation Information 2009-02-26 08:07 --------- d-----w c:\program files\Microsoft Silverlight 2009-02-19 00:37 --------- d-----w c:\documents and settings\Nick Optis sr\Application Data\AVG7 2009-02-11 14:19 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys 2009-02-11 14:19 15,504 ----a-w c:\windows\system32\drivers\mbam.sys 2009-02-07 16:11 --------- d-----w c:\documents and settings\Michael Optis\Application Data\Research In Motion 2009-02-03 12:17 --------- d-----w c:\documents and settings\Christine MacDonald\Application Data\Research In Motion 2009-01-30 22:47 --------- d-----w c:\documents and settings\Nick Optis\Application Data\Research In Motion 2009-01-30 22:11 --------- d-----w c:\documents and settings\Nick Optis\Application Data\InstallShield 2009-01-30 22:11 --------- d-----w c:\documents and settings\All Users\Application Data\Sonic 2009-01-30 22:11 --------- d-----w c:\documents and settings\All Users\Application Data\Roxio 2009-01-30 22:09 --------- d-----w c:\program files\Roxio 2009-01-30 22:09 --------- d-----w c:\program files\Common Files\Roxio Shared 2009-01-30 22:08 --------- d-----w c:\program files\Common Files\Sonic Shared 2009-01-30 22:02 --------- d-----w c:\program files\Research In Motion 2009-01-30 22:02 --------- d-----w c:\program files\Common Files\Research In Motion 2009-01-30 21:09 --------- d-----w c:\program files\Viewpoint 2009-01-30 21:09 --------- d-----w c:\program files\Common Files\Software Update Utility 2009-01-30 21:09 --------- d-----w c:\program files\AIM6 2009-01-30 21:09 --------- d-----w c:\documents and settings\All Users\Application Data\Viewpoint 2009-01-30 21:09 --------- d-----w c:\documents and settings\All Users\Application Data\AOL 2009-01-30 21:09 --------- d-----w c:\documents and settings\All Users\Application Data\acccore 2009-01-30 21:07 --------- d-----w c:\program files\AIM 2008-04-05 20:45 61,224 ----a-w c:\documents and settings\Michael Optis\GoToAssistDownloadHelper.exe 2006-06-02 17:25 104 -csh--r c:\windows\system32\68DD96E23A.sys 2006-06-02 17:25 4,184 -csha-w c:\windows\system32\KGyGaAvL.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTSysVol"="c:\program files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" [2003-09-17 57344] "AVG7_CC"="c:\progra~1\Grisoft\AVG7\avgcc.exe" [2009-02-24 590848] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-05 8523776] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-05 81920] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-12-11 286720] "BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2008-11-04 615696] "RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2008-09-19 236016] "CTHelper"="CTHELPER.EXE" [2004-03-11 c:\windows\system32\CTHELPER.EXE] "nwiz"="nwiz.exe" [2007-12-05 c:\windows\system32\nwiz.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "AVG7_Run"="c:\progra~1\Grisoft\AVG7\avgw.exe" [2008-03-18 219136] c:\documents and settings\Michael Optis\Start Menu\Programs\Startup\ LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2008-04-18 147456] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist] 2008-04-16 14:14 10792 c:\program files\Citrix\GoToAssist\480\g2awinlogon.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Button Manager v1.836.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Button Manager v1.836.lnk backup=c:\windows\pss\Button Manager v1.836.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk backup=c:\windows\pss\HP Photosmart Premier Fast Start.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak software updater.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\KODAK Software Updater.lnk backup=c:\windows\pss\KODAK Software Updater.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk backup=c:\windows\pss\Microsoft Office.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^TotalMedia Backup Monitor.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\TotalMedia Backup Monitor.lnk backup=c:\windows\pss\TotalMedia Backup Monitor.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^Nick Optis sr^Start Menu^Programs^Startup^Adobe Gamma.lnk] path=c:\documents and settings\Nick Optis sr\Start Menu\Programs\Startup\Adobe Gamma.lnk backup=c:\windows\pss\Adobe Gamma.lnkStartup HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lphc1m3j0ej7g HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\My Web Search Community Tools HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pure Networks Port Magic HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMrhc5m3j0ej7g [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader] --a------ 2006-09-14 07:55 61440 c:\program files\Adobe\Photoshop Elements 5.0\apdproxy.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer] -ra------ 2006-10-23 08:50 71216 c:\program files\Common Files\AOL\ACS\AOLDial.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTDVDDET] --a------ 2003-06-18 03:00 45056 c:\program files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] --a------ 2008-04-13 20:12 15360 c:\windows\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport] --a------ 2007-03-15 11:09 460784 c:\program files\DellSupport\DSAgnt.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter] --a------ 2007-11-15 09:23 202544 c:\program files\Dell Support Center\bin\sprtcmd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA] --a------ 2005-11-07 05:20 122940 c:\windows\system32\dla\DLACTRLW.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate] --a------ 2007-11-15 09:24 16384 c:\program files\Dell Support Center\gs_agent\custom\dsca.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher] --------- 2005-02-23 18:19 53248 c:\program files\CyberLink\PowerDVD\DVDLauncher.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray] --a------ 2005-09-29 16:01 67584 c:\windows\ehome\ehtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager] --a------ 2006-09-25 20:52 50736 c:\program files\Common Files\AOL\1141078386\EE\aolsoftware.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] --a------ 2006-02-19 02:41 49152 c:\program files\HP\HP Software Update\hpwuSchd2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif] --a------ 2005-06-17 09:56 139264 c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup] --a------ 2007-08-30 11:50 205480 c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler] --a------ 2006-09-11 05:40 86960 c:\program files\Common Files\InstallShield\UpdateService\issch.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] --a------ 2007-12-11 12:10 267048 c:\program files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] --a------ 2008-04-13 20:12 1695232 c:\program files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] --a------ 2007-12-05 01:41 8523776 c:\windows\system32\nvcpl.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlaxoUpdate] --a------ 2007-12-11 18:21 227914 c:\program files\Plaxo\2.13.1.3\PlaxoHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2007-12-11 11:56 286720 c:\program files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray] --a------ 2005-12-17 05:22 26112 c:\program files\Real\RealPlayer\realplay.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2006-07-26 03:03 49263 c:\program files\Java\jre1.5.0_08\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] --a------ 2007-08-18 15:23 68856 c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg] --------- 2000-05-11 03:00 90112 c:\windows\Updreg.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] --a------ 2007-12-05 01:41 1626112 c:\windows\system32\nwiz.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "KodakCCS"=2 (0x2) "AOL TopSpeedMonitor"=2 (0x2) "WMPNetworkSvc"=3 (0x3) "Viewpoint Manager Service"=2 (0x2) "ose"=3 (0x3) "odserv"=3 (0x3) "gusvc"=3 (0x3) "sprtsvc_dellsupportcenter"=2 (0x2) "IDriverT"=3 (0x3) "GoToAssist"=3 (0x3) "DSBrokerService"=3 (0x3) [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UpdatesDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"= "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"= "c:\\Program Files\\Common Files\\AOL\\1141078386\\ee\\aolservicehost.exe"= "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\Program Files\\Common Files\\AOL\\1141078386\\EE\\aolsoftware.exe"= "c:\\Program Files\\Adobe\\Photoshop Elements 5.0\\AdobePhotoshopElementsMediaServer.exe"= "c:\\Documents and Settings\\Michael Optis\\My Documents\\iTunes.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Grisoft\\AVG7\\avginet.exe"= "c:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"= "c:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\AOL 9.0\\waol.exe"= "c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"= "c:\\Program Files\\AIM6\\aim6.exe"= "c:\\Documents and Settings\\Michael Optis\\ICQ6.5\\ICQ.exe"= R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2009-01-30 24652] R2 YahooAUService;Yahoo! Updater;c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe [2008-11-09 602392] S1 cvkpbwed;cvkpbwed;\??\c:\windows\system32\drivers\cvkpbwed.sys --> c:\windows\system32\drivers\cvkpbwed.sys [?] S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys --> c:\windows\system32\drivers\ScreamingBAudio.sys [?] S3 USBREC;Canon USB Video Record;c:\windows\system32\drivers\USBREC.sys [2004-10-05 4992] S3 USBVCD;Canon USB Video;c:\windows\system32\drivers\USBVCD.sys [2004-10-05 57856] S3 VCIDRV;Canon USB Video Control;c:\windows\system32\drivers\VCIDRV.sys [2004-10-05 6528] --- Other Services/Drivers In Memory --- *Deregistered* - uphcleanhlp [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}] c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,LaunchINFSectionEx c:\program files\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12 . Contents of the 'Scheduled Tasks' folder 2009-03-21 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 14:57] . - - - - ORPHANS REMOVED - - - - BHO-{0d10e173-4b6a-452f-9d89-c44a5a04c42b} - c:\windows\system32\figadufo.dll HKLM-Run-josazidadi - c:\windows\system32\genebove.dll HKU-Default-Run-swg - c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe . ------- Supplementary Scan ------- . uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uStart Page = hxxp://www.google.com/ uSearchURL,(Default) = hxxp://www.google.com/search?q=%s . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-03-21 04:06:14 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(736) c:\program files\Citrix\GoToAssist\480\G2AWinLogon.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe c:\program files\Common Files\AOL\ACS\AOLacsd.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\progra~1\Grisoft\AVG7\avgamsvr.exe c:\progra~1\Grisoft\AVG7\avgupsvc.exe c:\windows\system32\CTSVCCDA.EXE c:\windows\system32\Crypserv.exe c:\windows\ehome\ehrecvr.exe c:\windows\ehome\ehSched.exe c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe c:\windows\system32\LxrJD31s.exe c:\windows\system32\nvsvc32.exe c:\windows\system32\HPZipm12.exe c:\windows\system32\rundll32.exe c:\program files\UPHClean\uphclean.exe c:\windows\ehome\mcrdsvc.exe c:\program files\Canon\CAL\CALMAIN.exe c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe c:\windows\system32\dllhost.exe c:\windows\system32\wscntfy.exe . ************************************************************************** . Completion time: 2009-03-21 4:09:34 - machine was rebooted [Michael Optis] ComboFix-quarantined-files.txt 2009-03-21 08:09:31 Pre-Run: 84,407,513,088 bytes free Post-Run: 85,717,762,048 bytes free 312 --- E O F --- 2009-03-11 07:00:53

hello, i will give you my log. but this is about whats going on, i got a virus/trojan and i ran malewarebytes and it got rid of everything then when i ran it again it still had 3 trojans or whatever. and i left for a day and came back and when i came back it kind of spread and made more, but those arent the problem, i can just clean those off. the problem is the main 3 that just wont seem to go away. _____________________________________________________________________________ Malwarebytes' Anti-Malware 1.34 Database version: 1875 Windows 5.1.2600 Service Pack 3 3/20/2009 5:07:33 PM mbam-log-2009-03-20 (17-07-31).txt Scan type: Quick Scan Objects scanned: 23153 Time elapsed: 2 minute(s), 6 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 2 Registry Values Infected: 1 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0d10e173-4b6a-452f-9d89-c44a5a04c42b} (Trojan.Vundo.H) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{0d10e173-4b6a-452f-9d89-c44a5a04c42b} (Trojan.Vundo.H) -> No action taken. Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\josazidadi (Trojan.Vundo.H) -> No action taken. Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) _______________________________________________________________________ thank you, i even went into my registry and tryed manually deleting them and they just came back when i went back to my registry. please help i do not know what to do =(