goodfellow

I was afraid you would say something llike that. Everytime my computer gets infected, the problems get worse and more complicated. I have notified all my financial institutions of this situation. I've decided I am no longer going to websites I am not familiar with. I have a few questions: Is the reformat/ reinstall process difficult and time consuming? Would you be able to provide assistance with that? Is there a way I could go back to a System Restore point and thus alleviate the need to re-install? Might my computer have some kind of 'original factory point'? I am unable to remove the Stolen.data files from Quarantine to examine them. Do you need a special version of Malwarebytes to do this?

Hi, My computer was acting a bit slow and funny for a few days. The MSN homepage looked different and still does. Sometimes windows would open up all on their own, sometimes I'd be warned (deceptively?) of viruses. Ran malwarebytes and it picked up a bunch of stuff. But one of the things that bothers me is a Stolen.data file progran. I'm wondering if my system has been compromised and if I need to take any drastic actions. See logs below. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:43:17 AM, on 3/20/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Creative\MediaSource5\MtdAcqu.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe C:\Program Files\palmOne\Hotsync.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKCU\..\Run: [MtdAcqu] "C:\Program Files\Creative\MediaSource5\MtdAcqu.exe" /s O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user') O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/betapit/PCPitStop.CAB O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab O16 - DPF: {2EDF75C0-5ABD-49f9-BAB6-220476A32034} (System Requirements Lab) - http://intel-drv-cdn.systemrequirementslab...reqlab_srlx.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1188535179253 O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1188535170821 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe -- End of file - 5511 bytes Malwarebytes' Anti-Malware 1.44 Database version: 3579 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 3/19/2010 11:13:07 PM mbam-log-2010-03-19 (23-13-07).txt Scan type: Quick Scan Objects scanned: 112468 Time elapsed: 27 minute(s), 11 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 5 Registry Values Infected: 1 Registry Data Items Infected: 4 Folders Infected: 1 Files Infected: 4 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\idid (Trojan.Sasfix) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\uid (Malware.Trace) -> Quarantined and deleted successfully. Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Spyware.Zbot) -> Data: c:\windows\system32\sdra64.exe -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Spyware.Zbot) -> Data: system32\sdra64.exe -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (Explorer.exe rundll32.exe hdpy.eio hvkwfto) Good: (Explorer.exe) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.Userinit) -> Bad: (C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe,) Good: (Userinit.exe) -> Quarantined and deleted successfully. Folders Infected: C:\WINDOWS\system32\lowsec (Stolen.data) -> Delete on reboot. Files Infected: C:\WINDOWS\system32\lowsec\local.ds (Stolen.data) -> Delete on reboot. C:\WINDOWS\system32\lowsec\user.ds (Stolen.data) -> Delete on reboot. C:\WINDOWS\system32\lowsec\user.ds.lll (Stolen.data) -> Delete on reboot. C:\WINDOWS\system32\sdra64.exe (Spyware.Zbot) -> Delete on reboot. ***I rebooted and all infected files have been deleted. Malwarebytes detects no malicious files now.

Everything seems to be in order. Thanks for your assistance. The only problem I encounter now and then is the taskbar of my window will turn black, making it impossible to see the words on the bar. But I can still use the taskbar. I'm not sure this is a virus problem. The black color comes and goes. Let me know if you have a remedy for this.

Okay. Here are the Hijackthis and combofix files you requested. I really appreciate your help. ComboFix 09-11-07.02 - user1 11/07/2009 19:50.3.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.255.143 [GMT -5:00] Running from: c:\documents and settings\user1\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\user1\Desktop\CFScript.txt AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} FILE :: "c:\windows\Installer\1aafe01.msi" "c:\windows\Installer\d5d61.msi" . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\Installer\1aafe01.msi c:\windows\Installer\d5d61.msi . ((((((((((((((((((((((((( Files Created from 2009-10-08 to 2009-11-08 ))))))))))))))))))))))))))))))) . 2009-11-05 23:51 . 2009-09-10 19:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-11-05 23:50 . 2009-09-10 19:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-11-05 23:50 . 2009-11-05 23:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-11-05 23:10 . 2009-07-28 21:33 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2009-11-05 23:10 . 2009-03-30 15:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys 2009-11-05 23:10 . 2009-02-13 17:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys 2009-11-05 23:10 . 2009-02-13 17:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys 2009-11-05 23:09 . 2009-11-05 23:09 -------- d-----w- c:\program files\Avira 2009-11-05 23:09 . 2009-11-05 23:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira 2009-11-02 17:58 . 2009-11-02 17:58 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes 2009-11-02 17:57 . 2009-11-02 17:57 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache 2009-10-31 21:03 . 2009-10-31 21:03 -------- d-----w- c:\documents and settings\user1\Local Settings\Application Data\WMTools Downloaded Files . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-11-08 00:36 . 2006-10-16 00:06 -------- d-----w- c:\documents and settings\user1\Application Data\OpenOffice.org2 2009-11-06 21:35 . 2009-11-06 21:35 5658 ----a-w- c:\program files\hijackthis.log 2009-11-05 23:51 . 2009-05-13 17:48 -------- d-----w- c:\documents and settings\user1\Application Data\Malwarebytes 2009-11-05 23:50 . 2009-05-13 17:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-11-05 08:24 . 2007-09-13 02:05 2296 ----a-w- c:\windows\system32\d3d9caps.dat 2009-11-03 19:35 . 2006-10-08 22:12 23512 ----a-w- c:\documents and settings\user1\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-10-07 20:30 . 2007-05-13 02:20 -------- d-----w- c:\documents and settings\user1\Application Data\U3 2009-10-01 20:18 . 2009-10-01 20:17 -------- d-----w- c:\program files\Intel 2009-10-01 20:10 . 2009-10-01 20:10 -------- d-----w- c:\program files\SystemRequirementsLab 2009-09-27 02:21 . 2009-09-27 02:21 1244648 ----a-w- c:\documents and settings\user1\Application Data\MSNInstaller\msnauins.exe 2009-09-27 02:21 . 2009-09-27 02:21 -------- d-----w- c:\documents and settings\user1\Application Data\MSNInstaller 2009-09-27 01:36 . 2006-10-19 18:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint 2009-09-27 01:34 . 2008-07-04 21:31 -------- d-----w- c:\program files\Common Files\Real 2009-09-27 01:32 . 2009-05-13 17:38 -------- d-----w- c:\program files\Panda Security 2009-09-26 20:34 . 2009-09-26 20:34 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters 2009-09-22 18:07 . 2009-09-22 18:05 17204720 ----a-w- c:\documents and settings\user1\Application Data\Real\Update\setup\rp\.exe 2009-09-22 18:05 . 2009-09-22 18:05 8406648 ----a-w- c:\documents and settings\user1\Application Data\Real\Update\setup\gtb_us\GOOGLE_TOOLBAR\GoogleToolbarInstaller.exe 2009-09-22 18:04 . 2009-09-22 18:04 10309448 ----a-w- c:\documents and settings\user1\Application Data\Real\Update\setup\chr\ChromeInstaller.exe 2009-09-22 18:02 . 2009-09-22 18:02 64000 ----a-w- c:\documents and settings\user1\Application Data\Real\Update\setup\RUP\inst_config\gcapi_dll.dll 2009-09-22 18:02 . 2009-09-22 18:02 52288 ----a-w- c:\documents and settings\user1\Application Data\Real\Update\setup\RUP\inst_config\gtapi.dll 2009-09-22 18:02 . 2009-09-22 18:02 50688 ----a-w- c:\documents and settings\user1\Application Data\Real\Update\setup\RUP\inst_config\fftbapi.dll 2009-09-22 18:02 . 2009-09-22 18:02 81920 ----a-w- c:\documents and settings\user1\Application Data\Real\Update\setup\RUP\inst_config\compat.dll 2009-09-11 14:18 . 2004-08-04 04:56 136192 ----a-w- c:\windows\system32\msv1_0.dll 2009-09-04 21:03 . 2004-08-04 04:56 58880 ----a-w- c:\windows\system32\msasn1.dll 2009-08-29 08:08 . 2004-08-04 04:56 916480 ----a-w- c:\windows\system32\wininet.dll 2009-08-26 08:00 . 2004-08-04 04:56 247326 ----a-w- c:\windows\system32\strmdll.dll 2009-05-13 20:53 . 2009-05-13 20:53 396288 ----a-w- c:\program files\HijackThis.exe . ((((((((((((((((((((((((((((( SnapShot@2009-11-03_20.11.16 ))))))))))))))))))))))))))))))))))))))))) . + 2007-11-07 07:19 . 2007-11-07 07:19 54272 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_ecc42bd1\vcomp90.dll + 2008-07-29 13:05 . 2008-07-29 13:05 62976 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90rus.dll + 2008-07-29 13:05 . 2008-07-29 13:05 46080 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90kor.dll + 2008-07-29 13:05 . 2008-07-29 13:05 46592 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90jpn.dll + 2008-07-29 13:05 . 2008-07-29 13:05 64512 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90ita.dll + 2008-07-29 13:05 . 2008-07-29 13:05 66048 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90fra.dll + 2008-07-29 13:05 . 2008-07-29 13:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esp.dll + 2008-07-29 13:05 . 2008-07-29 13:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esn.dll + 2008-07-29 13:05 . 2008-07-29 13:05 56832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90enu.dll + 2008-07-29 13:05 . 2008-07-29 13:05 66560 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90deu.dll + 2008-07-29 13:05 . 2008-07-29 13:05 39936 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90cht.dll + 2008-07-29 13:05 . 2008-07-29 13:05 38912 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90chs.dll + 2008-07-29 11:07 . 2008-07-29 11:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90u.dll + 2008-07-29 11:07 . 2008-07-29 11:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90.dll + 2009-11-07 19:07 . 2009-11-07 19:07 16384 c:\windows\temp\Perflib_Perfdata_1c8.dat - 2001-08-23 15:00 . 2009-11-03 20:16 67312 c:\windows\system32\perfc009.dat + 2001-08-23 15:00 . 2009-11-07 19:41 67312 c:\windows\system32\perfc009.dat + 2007-11-19 02:22 . 2009-05-11 15:12 28520 c:\windows\system32\drivers\ssmdrv.sys + 2008-07-29 13:05 . 2008-07-29 13:05 655872 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcr90.dll + 2008-07-29 13:05 . 2008-07-29 13:05 572928 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcp90.dll + 2008-07-29 08:54 . 2008-07-29 08:54 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcm90.dll + 2009-07-12 05:02 . 2009-07-12 05:02 159032 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_353599c2\atl90.dll + 2008-07-29 13:05 . 2008-07-29 13:05 161784 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_d01483b2\atl90.dll - 2001-08-23 15:00 . 2009-11-03 20:16 432356 c:\windows\system32\perfh009.dat + 2001-08-23 15:00 . 2009-11-07 19:41 432356 c:\windows\system32\perfh009.dat + 2009-11-05 02:00 . 2008-07-08 13:02 382840 c:\windows\ie8updates\KB976749-IE8\spuninst\updspapi.dll + 2009-11-05 02:00 . 2008-07-08 13:02 231288 c:\windows\ie8updates\KB976749-IE8\spuninst\spuninst.exe + 2008-07-29 13:05 . 2008-07-29 13:05 3783672 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90u.dll + 2008-07-29 13:05 . 2008-07-29 13:05 3768312 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90.dll + 2004-08-04 04:56 . 2009-10-22 09:19 5939712 c:\windows\system32\mshtml.dll + 2004-08-04 04:56 . 2009-10-22 09:19 5939712 c:\windows\system32\dllcache\mshtml.dll + 2009-11-05 02:00 . 2009-08-29 08:08 5940224 c:\windows\ie8updates\KB976749-IE8\mshtml.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MtdAcqu"="c:\program files\Creative\MediaSource5\MtdAcqu.exe" [2006-03-08 278528] "updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X] "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952] "MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392] "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168] "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-03-29 413696] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080] "AtiPTA"="Atiptaxx.exe" - c:\windows\system32\atiptaxx.exe [2001-10-10 270336] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "RunNarrator"="Narrator.exe" - c:\windows\system32\narrator.exe [2008-04-14 53760] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696] DataViz Inc Messenger.lnk - c:\program files\Common Files\DataViz\DvzIncMsgr.exe [2008-4-2 28672] HotSync Manager.lnk - c:\program files\palmOne\Hotsync.exe [2004-6-9 471040] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Windows Media Player\\wmplayer.exe"= R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [11/5/2009 6:10 PM 108289] R3 cwbwdm_device;Crystal WDM Audio Codec Driver;c:\windows\system32\drivers\cwbwdm.sys [10/8/2006 12:28 PM 72832] S3 ati2mpad;ati2mpad;c:\windows\system32\drivers\ati2mpad.sys [2/18/2002 1:19 PM 303360] --- Other Services/Drivers In Memory --- *Deregistered* - mbr *Deregistered* - PROCEXP113 . Contents of the 'Scheduled Tasks' folder 2009-11-05 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 19:57] 2009-11-08 c:\windows\Tasks\User_Feed_Synchronization-{0BAEA8CC-473C-4E20-92A9-FF0C786FB0BB}.job - c:\windows\system32\msfeedssync.exe [2007-08-13 08:31] . . ------- Supplementary Scan ------- . DPF: {2EDF75C0-5ABD-49f9-BAB6-220476A32034} - hxxp://intel-drv-cdn.systemrequirementslab.com/multi/bin/sysreqlab_srlx.cab . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-11-07 20:09 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2009-11-08 20:19 ComboFix-quarantined-files.txt 2009-11-08 01:18 ComboFix2.txt 2009-11-06 21:27 ComboFix3.txt 2009-11-03 20:27 Pre-Run: 2,024,112,128 bytes free Post-Run: 2,045,112,320 bytes free - - End Of File - - 9C1A199B9B9033CF6C1536820B1EC5C3 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 8:25:33 PM, on 11/7/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Creative\MediaSource5\MtdAcqu.exe C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe C:\Program Files\palmOne\Hotsync.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Java\jre6\bin\jucheck.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\explorer.exe C:\Program Files\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKCU\..\Run: [MtdAcqu] "C:\Program Files\Creative\MediaSource5\MtdAcqu.exe" /s O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user') O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/betapit/PCPitStop.CAB O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab O16 - DPF: {2EDF75C0-5ABD-49f9-BAB6-220476A32034} (System Requirements Lab) - http://intel-drv-cdn.systemrequirementslab...reqlab_srlx.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1188535179253 O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1188535170821 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe -- End of file - 5466 bytes

Thanks. Below are the new Combofix and Hijackthis log files that you requested. ComboFix 09-11-05.05 - user1 11/06/2009 15:56.2.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.255.107 [GMT -5:00] Running from: c:\documents and settings\user1\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\user1\Desktop\CFScript.txt AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} FILE :: "c:\documents and settings\user1\restorer32_a.exe" "c:\windows\sa23sl.exe" "c:\windows\Wfawevozuji.dat" "c:\windows\Xbahi.bin" . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Administrator\Local Settings\Application Data\{C3052C9C-5887-4B65-819A-50A5ABEADD56} c:\documents and settings\Administrator\Local Settings\Application Data\{C3052C9C-5887-4B65-819A-50A5ABEADD56}\chrome.manifest c:\documents and settings\Administrator\Local Settings\Application Data\{C3052C9C-5887-4B65-819A-50A5ABEADD56}\chrome\content\_cfg.js c:\documents and settings\Administrator\Local Settings\Application Data\{C3052C9C-5887-4B65-819A-50A5ABEADD56}\chrome\content\overlay.xul c:\documents and settings\Administrator\Local Settings\Application Data\{C3052C9C-5887-4B65-819A-50A5ABEADD56}\install.rdf c:\documents and settings\user1\Local Settings\Application Data\{8DF5B707-E645-4D92-83EA-10ABB965D1F2} c:\documents and settings\user1\Local Settings\Application Data\{8DF5B707-E645-4D92-83EA-10ABB965D1F2}\chrome.manifest c:\documents and settings\user1\Local Settings\Application Data\{8DF5B707-E645-4D92-83EA-10ABB965D1F2}\chrome\content\_cfg.js c:\documents and settings\user1\Local Settings\Application Data\{8DF5B707-E645-4D92-83EA-10ABB965D1F2}\chrome\content\overlay.xul c:\documents and settings\user1\Local Settings\Application Data\{8DF5B707-E645-4D92-83EA-10ABB965D1F2}\install.rdf c:\windows\Wfawevozuji.dat c:\windows\Xbahi.bin . ((((((((((((((((((((((((( Files Created from 2009-10-06 to 2009-11-06 ))))))))))))))))))))))))))))))) . 2009-11-05 23:51 . 2009-09-10 19:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-11-05 23:50 . 2009-09-10 19:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-11-05 23:50 . 2009-11-05 23:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-11-05 23:10 . 2009-07-28 21:33 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2009-11-05 23:10 . 2009-03-30 15:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys 2009-11-05 23:10 . 2009-02-13 17:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys 2009-11-05 23:10 . 2009-02-13 17:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys 2009-11-05 23:09 . 2009-11-05 23:09 -------- d-----w- c:\program files\Avira 2009-11-05 23:09 . 2009-11-05 23:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira 2009-11-02 17:58 . 2009-11-02 17:58 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes 2009-11-02 17:57 . 2009-11-02 17:57 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache 2009-10-31 21:03 . 2009-10-31 21:03 -------- d-----w- c:\documents and settings\user1\Local Settings\Application Data\WMTools Downloaded Files . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-11-05 23:51 . 2009-05-13 17:48 -------- d-----w- c:\documents and settings\user1\Application Data\Malwarebytes 2009-11-05 23:50 . 2009-05-13 17:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-11-05 19:45 . 2006-10-16 00:06 -------- d-----w- c:\documents and settings\user1\Application Data\OpenOffice.org2 2009-11-05 08:24 . 2007-09-13 02:05 2296 ----a-w- c:\windows\system32\d3d9caps.dat 2009-11-03 19:35 . 2006-10-08 22:12 23512 ----a-w- c:\documents and settings\user1\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-10-07 20:30 . 2007-05-13 02:20 -------- d-----w- c:\documents and settings\user1\Application Data\U3 2009-10-01 20:18 . 2009-10-01 20:17 -------- d-----w- c:\program files\Intel 2009-10-01 20:10 . 2009-10-01 20:10 -------- d-----w- c:\program files\SystemRequirementsLab 2009-09-27 02:21 . 2009-09-27 02:21 1244648 ----a-w- c:\documents and settings\user1\Application Data\MSNInstaller\msnauins.exe 2009-09-27 02:21 . 2009-09-27 02:21 -------- d-----w- c:\documents and settings\user1\Application Data\MSNInstaller 2009-09-27 01:36 . 2006-10-19 18:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint 2009-09-27 01:34 . 2008-07-04 21:31 -------- d-----w- c:\program files\Common Files\Real 2009-09-27 01:32 . 2009-05-13 17:38 -------- d-----w- c:\program files\Panda Security 2009-09-26 20:34 . 2009-09-26 20:34 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters 2009-09-22 18:07 . 2009-09-22 18:05 17204720 ----a-w- c:\documents and settings\user1\Application Data\Real\Update\setup\rp\.exe 2009-09-22 18:05 . 2009-09-22 18:05 8406648 ----a-w- c:\documents and settings\user1\Application Data\Real\Update\setup\gtb_us\GOOGLE_TOOLBAR\GoogleToolbarInstaller.exe 2009-09-22 18:04 . 2009-09-22 18:04 10309448 ----a-w- c:\documents and settings\user1\Application Data\Real\Update\setup\chr\ChromeInstaller.exe 2009-09-22 18:02 . 2009-09-22 18:02 64000 ----a-w- c:\documents and settings\user1\Application Data\Real\Update\setup\RUP\inst_config\gcapi_dll.dll 2009-09-22 18:02 . 2009-09-22 18:02 52288 ----a-w- c:\documents and settings\user1\Application Data\Real\Update\setup\RUP\inst_config\gtapi.dll 2009-09-22 18:02 . 2009-09-22 18:02 50688 ----a-w- c:\documents and settings\user1\Application Data\Real\Update\setup\RUP\inst_config\fftbapi.dll 2009-09-22 18:02 . 2009-09-22 18:02 81920 ----a-w- c:\documents and settings\user1\Application Data\Real\Update\setup\RUP\inst_config\compat.dll 2009-09-11 14:18 . 2004-08-04 04:56 136192 ----a-w- c:\windows\system32\msv1_0.dll 2009-09-04 21:03 . 2004-08-04 04:56 58880 ----a-w- c:\windows\system32\msasn1.dll 2009-08-29 08:08 . 2004-08-04 04:56 916480 ----a-w- c:\windows\system32\wininet.dll 2009-08-26 08:00 . 2004-08-04 04:56 247326 ----a-w- c:\windows\system32\strmdll.dll 2009-05-13 20:53 . 2009-05-13 20:53 396288 ----a-w- c:\program files\HijackThis.exe . ((((((((((((((((((((((((((((( SnapShot@2009-11-03_20.11.16 ))))))))))))))))))))))))))))))))))))))))) . + 2007-11-07 07:19 . 2007-11-07 07:19 54272 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_ecc42bd1\vcomp90.dll + 2008-07-29 13:05 . 2008-07-29 13:05 62976 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90rus.dll + 2008-07-29 13:05 . 2008-07-29 13:05 46080 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90kor.dll + 2008-07-29 13:05 . 2008-07-29 13:05 46592 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90jpn.dll + 2008-07-29 13:05 . 2008-07-29 13:05 64512 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90ita.dll + 2008-07-29 13:05 . 2008-07-29 13:05 66048 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90fra.dll + 2008-07-29 13:05 . 2008-07-29 13:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esp.dll + 2008-07-29 13:05 . 2008-07-29 13:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esn.dll + 2008-07-29 13:05 . 2008-07-29 13:05 56832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90enu.dll + 2008-07-29 13:05 . 2008-07-29 13:05 66560 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90deu.dll + 2008-07-29 13:05 . 2008-07-29 13:05 39936 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90cht.dll + 2008-07-29 13:05 . 2008-07-29 13:05 38912 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90chs.dll + 2008-07-29 11:07 . 2008-07-29 11:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90u.dll + 2008-07-29 11:07 . 2008-07-29 11:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90.dll + 2009-11-06 00:15 . 2009-11-06 00:15 16384 c:\windows\temp\Perflib_Perfdata_1b0.dat + 2007-11-19 02:22 . 2009-05-11 15:12 28520 c:\windows\system32\drivers\ssmdrv.sys + 2008-07-29 13:05 . 2008-07-29 13:05 655872 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcr90.dll + 2008-07-29 13:05 . 2008-07-29 13:05 572928 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcp90.dll + 2008-07-29 08:54 . 2008-07-29 08:54 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcm90.dll + 2009-07-12 05:02 . 2009-07-12 05:02 159032 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_353599c2\atl90.dll + 2008-07-29 13:05 . 2008-07-29 13:05 161784 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_d01483b2\atl90.dll + 2009-11-05 23:00 . 2009-11-05 23:00 228352 c:\windows\Installer\d5d61.msi + 2009-11-06 08:00 . 2009-11-06 08:00 195584 c:\windows\Installer\1aafe01.msi + 2009-11-05 02:00 . 2008-07-08 13:02 382840 c:\windows\ie8updates\KB976749-IE8\spuninst\updspapi.dll + 2009-11-05 02:00 . 2008-07-08 13:02 231288 c:\windows\ie8updates\KB976749-IE8\spuninst\spuninst.exe + 2008-07-29 13:05 . 2008-07-29 13:05 3783672 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90u.dll + 2008-07-29 13:05 . 2008-07-29 13:05 3768312 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90.dll + 2004-08-04 04:56 . 2009-10-22 09:19 5939712 c:\windows\system32\mshtml.dll + 2004-08-04 04:56 . 2009-10-22 09:19 5939712 c:\windows\system32\dllcache\mshtml.dll + 2009-11-05 02:00 . 2009-08-29 08:08 5940224 c:\windows\ie8updates\KB976749-IE8\mshtml.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MtdAcqu"="c:\program files\Creative\MediaSource5\MtdAcqu.exe" [2006-03-08 278528] "updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X] "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952] "MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392] "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168] "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-03-29 413696] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888] "restorer32_a"="c:\windows\system32\restorer32_a.exe" [bU] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080] "AtiPTA"="Atiptaxx.exe" - c:\windows\system32\atiptaxx.exe [2001-10-10 270336] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "RunNarrator"="Narrator.exe" - c:\windows\system32\narrator.exe [2008-04-14 53760] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696] DataViz Inc Messenger.lnk - c:\program files\Common Files\DataViz\DvzIncMsgr.exe [2008-4-2 28672] HotSync Manager.lnk - c:\program files\palmOne\Hotsync.exe [2004-6-9 471040] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Windows Media Player\\wmplayer.exe"= R3 cwbwdm_device;Crystal WDM Audio Codec Driver;c:\windows\system32\drivers\cwbwdm.sys [10/8/2006 12:28 PM 72832] S3 ati2mpad;ati2mpad;c:\windows\system32\drivers\ati2mpad.sys [2/18/2002 1:19 PM 303360] --- Other Services/Drivers In Memory --- *Deregistered* - mbr *Deregistered* - PROCEXP113 . Contents of the 'Scheduled Tasks' folder 2009-11-05 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 19:57] 2009-11-06 c:\windows\Tasks\User_Feed_Synchronization-{0BAEA8CC-473C-4E20-92A9-FF0C786FB0BB}.job - c:\windows\system32\msfeedssync.exe [2007-08-13 08:31] . . ------- Supplementary Scan ------- . DPF: {2EDF75C0-5ABD-49f9-BAB6-220476A32034} - hxxp://intel-drv-cdn.systemrequirementslab.com/multi/bin/sysreqlab_srlx.cab . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-11-06 16:17 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2009-11-06 16:27 ComboFix-quarantined-files.txt 2009-11-06 21:26 ComboFix2.txt 2009-11-03 20:27 Pre-Run: 1,906,896,896 bytes free Post-Run: 2,000,027,648 bytes free - - End Of File - - 64255F8F14C9742C7642758CF87EDDDD Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 4:35:07 PM, on 11/6/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Creative\MediaSource5\MtdAcqu.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe C:\Program Files\palmOne\Hotsync.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Java\jre6\bin\jucheck.exe c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe C:\WINDOWS\explorer.exe C:\Program Files\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u O4 - HKLM\..\Run: [restorer32_a] C:\WINDOWS\system32\restorer32_a.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKCU\..\Run: [MtdAcqu] "C:\Program Files\Creative\MediaSource5\MtdAcqu.exe" /s O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user') O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/betapit/PCPitStop.CAB O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab O16 - DPF: {2EDF75C0-5ABD-49f9-BAB6-220476A32034} (System Requirements Lab) - http://intel-drv-cdn.systemrequirementslab...reqlab_srlx.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1188535179253 O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1188535170821 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe -- End of file - 5657 bytes

Hi. It has been several days since I was instructed to download Combofix, run it, and post the log to my thread. Still waiting on a reply. My computer is working much better now but I would like for someone to take a look at the Combofix log and let me know if everything is okay. Also, can someone tell me what was wrong with my computer? Thanks

Here is the combofix log you requested. Let me know what the trouble is/ was and if there are other steps I should complete. ComboFix 09-11-03.01 - user1 11/03/2009 14:47.1.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.255.115 [GMT -5:00] Running from: c:\documents and settings\user1\Desktop\ComboFix.exe AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Start Menu\Live Safety Center.lnk c:\documents and settings\user1\oashdihasidhasuidhiasdhiashdiuasdhasd c:\windows\ewevidif.dll c:\windows\system32\cffii.ini c:\windows\system32\cffii.ini2 c:\windows\system32\restorer32_a.exe c:\windows\system32\stem32~1 c:\windows\system32\wqehlbhb.ini . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_DOMAINSERVICE ((((((((((((((((((((((((( Files Created from 2009-10-03 to 2009-11-03 ))))))))))))))))))))))))))))))) . 2009-11-02 17:58 . 2009-11-02 17:58 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes 2009-11-02 17:57 . 2009-11-02 17:57 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache 2009-11-02 17:57 . 2009-11-02 17:57 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\{C3052C9C-5887-4B65-819A-50A5ABEADD56} 2009-10-31 21:03 . 2009-10-31 21:03 -------- d-----w- c:\documents and settings\user1\Local Settings\Application Data\WMTools Downloaded Files 2009-10-31 18:50 . 2009-11-03 18:29 0 ----a-w- c:\windows\Xbahi.bin 2009-10-31 18:50 . 2009-11-03 18:29 120 ----a-w- c:\windows\Wfawevozuji.dat 2009-10-31 18:49 . 2009-10-31 18:49 -------- d-----w- c:\documents and settings\user1\Local Settings\Application Data\{8DF5B707-E645-4D92-83EA-10ABB965D1F2} 2009-10-31 18:46 . 2009-10-31 18:46 47104 ----a-w- c:\documents and settings\user1\restorer32_a.exe 2009-10-31 18:44 . 2009-10-31 18:44 36864 ----a-w- c:\windows\sa23sl.exe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-11-03 19:35 . 2006-10-08 22:12 23512 ----a-w- c:\documents and settings\user1\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-11-02 18:31 . 2009-11-02 18:31 6435 ----a-w- c:\program files\hijackthis.log 2009-11-02 17:50 . 2006-10-16 00:06 -------- d-----w- c:\documents and settings\user1\Application Data\OpenOffice.org2 2009-10-07 20:30 . 2007-05-13 02:20 -------- d-----w- c:\documents and settings\user1\Application Data\U3 2009-10-01 20:18 . 2009-10-01 20:17 -------- d-----w- c:\program files\Intel 2009-10-01 20:10 . 2009-10-01 20:10 -------- d-----w- c:\program files\SystemRequirementsLab 2009-09-27 02:21 . 2009-09-27 02:21 -------- d-----w- c:\documents and settings\user1\Application Data\MSNInstaller 2009-09-27 01:36 . 2006-10-19 18:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint 2009-09-27 01:34 . 2008-07-04 21:31 -------- d-----w- c:\program files\Common Files\Real 2009-09-27 01:32 . 2009-05-13 17:38 -------- d-----w- c:\program files\Panda Security 2009-09-26 20:34 . 2009-09-26 20:34 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters 2009-09-24 00:28 . 2007-09-13 02:05 1636 ----a-w- c:\windows\system32\d3d9caps.dat 2009-09-11 14:18 . 2004-08-04 04:56 136192 ----a-w- c:\windows\system32\msv1_0.dll 2009-09-04 21:03 . 2004-08-04 04:56 58880 ----a-w- c:\windows\system32\msasn1.dll 2009-08-29 08:08 . 2004-08-04 04:56 916480 ----a-w- c:\windows\system32\wininet.dll 2009-08-26 08:00 . 2004-08-04 04:56 247326 ----a-w- c:\windows\system32\strmdll.dll 2009-08-06 23:24 . 2006-10-08 21:40 327896 ----a-w- c:\windows\system32\wucltui.dll 2009-08-06 23:24 . 2006-10-08 21:40 209632 ----a-w- c:\windows\system32\wuweb.dll 2009-08-06 23:24 . 2006-10-08 22:24 44768 ----a-w- c:\windows\system32\wups2.dll 2009-08-06 23:24 . 2006-10-08 21:40 35552 ----a-w- c:\windows\system32\wups.dll 2009-08-06 23:24 . 2006-10-08 21:40 53472 ----a-w- c:\windows\system32\wuauclt.exe 2009-08-06 23:24 . 2004-08-04 04:56 96480 ----a-w- c:\windows\system32\cdm.dll 2009-08-06 23:23 . 2006-10-08 21:40 575704 ----a-w- c:\windows\system32\wuapi.dll 2009-08-06 23:23 . 2007-11-20 20:35 274288 ----a-w- c:\windows\system32\mucltui.dll 2009-08-06 23:23 . 2007-07-30 23:18 215920 ----a-w- c:\windows\system32\muweb.dll 2009-08-06 23:23 . 2006-10-08 21:40 1929952 ----a-w- c:\windows\system32\wuaueng.dll 2009-05-13 20:53 . 2009-05-13 20:53 396288 ----a-w- c:\program files\HijackThis.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MtdAcqu"="c:\program files\Creative\MediaSource5\MtdAcqu.exe" [2006-03-08 278528] "updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472] "restorer32_a"="c:\documents and settings\user1\restorer32_a.exe" [2009-10-31 47104] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X] "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952] "MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392] "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168] "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168] "avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-19 266497] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-03-29 413696] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888] "AtiPTA"="Atiptaxx.exe" - c:\windows\system32\atiptaxx.exe [2001-10-10 270336] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "RunNarrator"="Narrator.exe" - c:\windows\system32\narrator.exe [2008-04-14 53760] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696] DataViz Inc Messenger.lnk - c:\program files\Common Files\DataViz\DvzIncMsgr.exe [2008-4-2 28672] HotSync Manager.lnk - c:\program files\palmOne\Hotsync.exe [2004-6-9 471040] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Windows Media Player\\wmplayer.exe"= R3 cwbwdm_device;Crystal WDM Audio Codec Driver;c:\windows\system32\drivers\cwbwdm.sys [10/8/2006 12:28 PM 72832] S3 ati2mpad;ati2mpad;c:\windows\system32\drivers\ati2mpad.sys [2/18/2002 1:19 PM 303360] --- Other Services/Drivers In Memory --- *NewlyCreated* - MBR *Deregistered* - mbr . Contents of the 'Scheduled Tasks' folder 2009-11-02 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 19:57] 2009-11-03 c:\windows\Tasks\User_Feed_Synchronization-{0BAEA8CC-473C-4E20-92A9-FF0C786FB0BB}.job - c:\windows\system32\msfeedssync.exe [2007-08-13 08:31] . . ------- Supplementary Scan ------- . DPF: {2EDF75C0-5ABD-49f9-BAB6-220476A32034} - hxxp://intel-drv-cdn.systemrequirementslab.com/multi/bin/sysreqlab_srlx.cab . - - - - ORPHANS REMOVED - - - - HKLM-Run-restorer32_a - c:\windows\system32\restorer32_a.exe HKLM-Run-Mbokeru - c:\windows\ewevidif.dll HKLM-Run-Regedit32 - c:\windows\system32\regedit.exe AddRemove-KB913433 - c:\windows\system32\MacroMed\Flash\genuinst.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-11-03 15:14 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(3580) c:\windows\system32\WININET.dll c:\windows\system32\webcheck.dll c:\windows\system32\IEFRAME.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe c:\windows\system32\CTsvcCDA.exe c:\program files\Java\jre6\bin\jqs.exe c:\windows\system32\wscntfy.exe c:\program files\Java\jre6\bin\jucheck.exe . ************************************************************************** . Completion time: 2009-11-03 15:27 - machine was rebooted ComboFix-quarantined-files.txt 2009-11-03 20:27 Pre-Run: 1,993,531,392 bytes free Post-Run: 2,062,561,280 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

Hello. This weekend I casually visited some website and my Avira virus protection started picking up all kinds of stuff. I indicated that all these worms or whatever should be quarantined. But then my computer started freezing, undergoing different problems. I received messages that the uploading module (engine CRC) had changed for Avira and the program no longer worked all of a sudden. I was told that my attempts to access Malwarebytes were invalid due to address. Then I suddenly did not have sufficient resources to complete almost all computer oprations. When I restarted my computer, the display settings changed. All desktop icons and type/ font size were much larger. I had insufficient resources or memory to complete all operations. Finally, the whole system froze. I couldn't do anything but watch the mouse move. Today, I started the system in Safe Mode, ran Malwarebytes. It picked up several things which I have pasted below. Malwarebytes only runs in Safe Mode. In Normal mode, I get a Code 703 (0,7) error message. Sometimes I get messages that various programs failed to initialize (such as drwtsn32.exe). Once I experienced a sudden NT AUTHORITY/ SYSTEM shutdown--my system was shut off against my will and restarted. Also, the system is now running very SLOW. Sorry for the long post. I hope you can help. See logs below (Malware bytes, Avira, Hijackthis). Malwarebytes' Anti-Malware 1.40 Database version: 2635 Windows 5.1.2600 Service Pack 3 (Safe Mode) 11/2/2009 1:17:27 PM mbam-log-2009-11-02 (13-17-27).txt Scan type: Quick Scan Objects scanned: 89869 Time elapsed: 14 minute(s), 52 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 1 Registry Data Items Infected: 1 Folders Infected: 0 Files Infected: 6 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Regedit32 (Trojan.Agent) -> Quarantined and deleted successfully. Registry Data Items Infected: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: sxodibk.dll -> Quarantined and deleted successfully. Folders Infected: (No malicious items detected) Files Infected: C:\WINDOWS\sxodibk.dll (Trojan.Vundo.H) -> Delete on reboot. C:\Documents and Settings\user1\Application Data\wiaserva.log (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\wpv591256559586.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\wpv611255594149.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\wpv841255492056.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\user1\oashdihasidhasuidhiasdhiashdiuasdhasd (Trace.Pandex) -> Quarantined and deleted successfully. AVIRA LOG Avira AntiVir Personal Report file date: Monday, November 02, 2009 13:57 Scanning for 1851309 virus strains and unwanted programs. Licensed to: Avira AntiVir Personal - FREE Antivirus Serial number: 0000149996-ADJIE-0000001 Platform: Windows XP Windows version: (Service Pack 3) [5.1.2600] Boot mode: Normally booted Username: SYSTEM Computer name: NCR Version information: BUILD.DAT : 8.2.0.354 17048 Bytes 10/23/2009 13:15:00 AVSCAN.EXE : 8.1.4.10 315649 Bytes 11/27/2008 02:39:34 AVSCAN.DLL : 8.1.4.0 40705 Bytes 7/19/2008 19:44:57 LUKE.DLL : 8.1.4.5 164097 Bytes 7/19/2008 19:45:06 LUKERES.DLL : 8.1.4.0 12033 Bytes 7/19/2008 19:45:06 ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 10/27/2008 21:59:23 ANTIVIR1.VDF : 7.1.4.132 5707264 Bytes 6/24/2009 01:16:35 ANTIVIR2.VDF : 7.1.6.160 5413376 Bytes 10/28/2009 01:42:13 ANTIVIR3.VDF : 7.1.6.173 71680 Bytes 10/30/2009 01:42:16 Engineversion : 8.2.1.53 AEVDF.DLL : 8.1.1.2 106867 Bytes 9/16/2009 01:30:24 AESCRIPT.DLL : 8.1.2.43 528764 Bytes 10/31/2009 01:42:56 AESCN.DLL : 8.1.2.5 127346 Bytes 9/5/2009 01:28:42 AERDL.DLL : 8.1.3.2 479604 Bytes 10/3/2009 01:33:40 AEPACK.DLL : 8.2.0.2 422263 Bytes 10/23/2009 01:37:13 AEOFFICE.DLL : 8.1.0.38 196987 Bytes 6/18/2009 01:13:46 AEHEUR.DLL : 8.1.0.173 2064760 Bytes 10/31/2009 01:42:49 AEHELP.DLL : 8.1.7.0 237940 Bytes 9/5/2009 01:28:41 AEGEN.DLL : 8.1.1.70 364917 Bytes 10/31/2009 01:42:25 AEEMU.DLL : 8.1.1.0 393587 Bytes 10/3/2009 01:33:29 AECORE.DLL : 8.1.8.1 184693 Bytes 9/16/2009 01:30:18 AEBB.DLL : 8.1.0.3 53618 Bytes 10/16/2008 02:49:28 AVWINLL.DLL : 1.0.0.12 15105 Bytes 7/19/2008 19:44:58 AVPREF.DLL : 8.0.2.0 38657 Bytes 7/19/2008 19:44:57 AVREP.DLL : 8.0.0.3 155688 Bytes 4/20/2009 21:23:43 AVREG.DLL : 8.0.0.1 33537 Bytes 7/19/2008 19:44:57 AVARKT.DLL : 1.0.0.23 307457 Bytes 4/14/2008 22:36:50 AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 7/19/2008 19:44:56 SQLITE3.DLL : 3.3.17.1 339968 Bytes 4/14/2008 22:37:02 SMTPLIB.DLL : 1.2.0.23 28929 Bytes 7/19/2008 19:45:09 NETNT.DLL : 8.0.0.1 7937 Bytes 4/14/2008 22:37:01 RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 7/19/2008 19:44:34 RCTEXT.DLL : 8.0.52.0 86273 Bytes 7/19/2008 19:44:34 Configuration settings for the scan: Jobname..........................: Complete system scan Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp Logging..........................: low Primary action...................: interactive Secondary action.................: ignore Scan master boot sector..........: on Scan boot sector.................: on Boot sectors.....................: C:, Process scan.....................: on Scan registry....................: on Search for rootkits..............: off Scan all files...................: Intelligent file selection Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Macro heuristic..................: on File heuristic...................: medium Start of the scan: Monday, November 02, 2009 13:57 The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'infocard.exe' - '1' Module(s) have been scanned Scan process 'iexplore.exe' - '1' Module(s) have been scanned Scan process 'jucheck.exe' - '1' Module(s) have been scanned Scan process 'rundll32.exe' - '1' Module(s) have been scanned Scan process 'jqs.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'CTSVCCDA.EXE' - '1' Module(s) have been scanned Scan process 'sched.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'Hotsync.exe' - '1' Module(s) have been scanned Scan process 'DvzIncMsgr.exe' - '1' Module(s) have been scanned Scan process 'restorer32_a.exe' - '1' Module(s) have been scanned Scan process 'sa23sl.exe' - '1' Module(s) have been scanned Scan process 'MtdAcqu.exe' - '1' Module(s) have been scanned Scan process 'ctfmon.exe' - '1' Module(s) have been scanned Scan process 'restorer32_a.exe' - '1' Module(s) have been scanned Scan process 'jusched.exe' - '1' Module(s) have been scanned Scan process 'avgnt.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'avguard.exe' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'spoolsv.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 39 processes with 39 modules were scanned Starting master boot sector scan: Master boot sector HD0 [iNFO] No virus was found! Master boot sector HD1 [iNFO] No virus was found! Start scanning boot sectors: Boot sector 'C:\' [iNFO] No virus was found! Starting to scan the registry. The registry was scanned ( '63' files ). Starting the file scan: Begin scan in 'C:\' <XP 10GB> C:\pagefile.sys [WARNING] The file could not be opened! End of the scan: Monday, November 02, 2009 15:26 Used time: 1:28:55 Hour(s) The scan has been done completely. 5769 Scanning directories 345331 Files were scanned 0 viruses and/or unwanted programs were found 0 Files were classified as suspicious: 0 files were deleted 0 files were repaired 0 files were moved to quarantine 0 files were renamed 1 Files cannot be scanned 345330 Files not concerned 2709 Archives were scanned 1 Warnings 0 Notes HIJACK THIS Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 1:31:15 PM, on 11/2/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\restorer32_a.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Creative\MediaSource5\MtdAcqu.exe C:\WINDOWS\sa23sl.exe C:\Documents and Settings\user1\restorer32_a.exe C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe C:\Program Files\palmOne\Hotsync.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\Temp\wpv081257179558.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Java\jre6\bin\jucheck.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe O4 - HKLM\..\Run: [restorer32_a] C:\WINDOWS\system32\restorer32_a.exe O4 - HKLM\..\Run: [Mbokeru] rundll32.exe "C:\WINDOWS\ewevidif.dll",Startup O4 - HKLM\..\Run: [Regedit32] C:\WINDOWS\system32\regedit.exe O4 - HKLM\..\Run: [sysgif32] C:\WINDOWS\Temp\wpv081257179558.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MtdAcqu] "C:\Program Files\Creative\MediaSource5\MtdAcqu.exe" /s O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 O4 - HKCU\..\Run: [ttool] C:\WINDOWS\sa23sl.exe O4 - HKCU\..\Run: [restorer32_a] C:\Documents and Settings\user1\restorer32_a.exe O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user') O4 - Startup: zavupd32.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/betapit/PCPitStop.CAB O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab O16 - DPF: {2EDF75C0-5ABD-49f9-BAB6-220476A32034} (System Requirements Lab) - http://intel-drv-cdn.systemrequirementslab...reqlab_srlx.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1188535179253 O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1188535170821 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe -- End of file - 6434 bytes

Thanks for your assistance. Here is the information you requested. (Now, do I leave both the regedit.exe and reg3dit.exe in my folder, or should I delete one?) Key Name: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32 Class Name: <NO CLASS> Last Write Time: 5/8/2009 - 5:24 PM Value 0 Name: midimapper Type: REG_SZ Data: midimap.dll Value 1 Name: msacm.imaadpcm Type: REG_SZ Data: imaadp32.acm Value 2 Name: msacm.msadpcm Type: REG_SZ Data: msadp32.acm Value 3 Name: msacm.msg711 Type: REG_SZ Data: msg711.acm Value 4 Name: msacm.msgsm610 Type: REG_SZ Data: msgsm32.acm Value 5 Name: msacm.trspch Type: REG_SZ Data: tssoft32.acm Value 6 Name: vidc.cvid Type: REG_SZ Data: iccvid.dll Value 7 Name: vidc.I420 Type: REG_SZ Data: msh263.drv Value 8 Name: vidc.iv31 Type: REG_SZ Data: ir32_32.dll Value 9 Name: vidc.iv32 Type: REG_SZ Data: ir32_32.dll Value 10 Name: vidc.iv41 Type: REG_SZ Data: ir41_32.ax Value 11 Name: vidc.iyuv Type: REG_SZ Data: iyuv_32.dll Value 12 Name: vidc.mrle Type: REG_SZ Data: msrle32.dll Value 13 Name: vidc.msvc Type: REG_SZ Data: msvidc32.dll Value 14 Name: vidc.uyvy Type: REG_SZ Data: msyuv.dll Value 15 Name: vidc.yuy2 Type: REG_SZ Data: msyuv.dll Value 16 Name: vidc.yvu9 Type: REG_SZ Data: tsbyuv.dll Value 17 Name: vidc.yvyu Type: REG_SZ Data: msyuv.dll Value 18 Name: wavemapper Type: REG_SZ Data: msacm32.drv Value 19 Name: wave Type: REG_SZ Data: wdmaud.drv Value 20 Name: midi Type: REG_SZ Data: wdmaud.drv Value 21 Name: mixer Type: REG_SZ Data: wdmaud.drv Value 22 Name: aux Type: REG_SZ Data: wdmaud.drv Value 23 Name: msacm.msg723 Type: REG_SZ Data: msg723.acm Value 24 Name: vidc.M263 Type: REG_SZ Data: msh263.drv Value 25 Name: vidc.M261 Type: REG_SZ Data: msh261.drv Value 26 Name: msacm.msaudio1 Type: REG_SZ Data: msaud32.acm Value 27 Name: msacm.sl_anet Type: REG_SZ Data: sl_anet.acm Value 28 Name: msacm.iac2 Type: REG_SZ Data: C:\WINDOWS\system32\iac25_32.ax Value 29 Name: vidc.iv50 Type: REG_SZ Data: ir50_32.dll Value 30 Name: msacm.l3acm Type: REG_SZ Data: C:\WINDOWS\system32\l3codeca.acm Value 31 Name: aux2 Type: REG_SZ Data: C:\WINDOWS\system32\..\pgpkps.xuh Key Name: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\Terminal Server Class Name: <NO CLASS> Last Write Time: 10/8/2006 - 5:36 PM Key Name: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\Terminal Server\RDP Class Name: <NO CLASS> Last Write Time: 10/8/2006 - 5:36 PM Value 0 Name: wave Type: REG_SZ Data: rdpsnd.dll Value 1 Name: mixer Type: REG_SZ Data: rdpsnd.dll Value 2 Name: MaxBandwidth Type: REG_DWORD Data: 0x56b9 Value 3 Name: wavemapper Type: REG_SZ Data: msacm32.drv Value 4 Name: EnableMP3Codec Type: REG_DWORD Data: 0x1 Value 5 Name: midimapper Type: REG_SZ Data: midimap.dll

When I try to update Virus protection, I get the following message from Malwarebytes: "Update failed. Make sure you are connected to the Internet and your firewall is set to allow Malwarebytes to access the internet." When I try to update Avira Anti-virus, I am told: Internet connection failed. The report from Avira is the following: 13.05.2009 18:10:47 - Installation Directory: C:\Program Files\Avira\AntiVir PersonalEdition Classic\ 13.05.2009 18:10:47 - Backup Directory: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\BACKUP\ 13.05.2009 18:10:47 - Temp Directory: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_4a0b4561\ 13.05.2009 18:10:47 - Using System's global Proxy settings 13.05.2009 18:10:48 - Launching GUI... display mode: 0 13.05.2009 18:10:48 - selftest successful: C:\Program Files\Avira\AntiVir PersonalEdition Classic\updlib.dll 13.05.2009 18:10:48 - selftest successful: C:\Program Files\Avira\AntiVir PersonalEdition Classic\updlibrc.dll 13.05.2009 18:10:47 - Installation Directory: C:\Program Files\Avira\AntiVir PersonalEdition Classic\ 13.05.2009 18:10:47 - Backup Directory: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\BACKUP\ 13.05.2009 18:10:47 - Temp Directory: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_4a0b4561\ 13.05.2009 18:10:47 - Using System's global Proxy settings 13.05.2009 18:10:48 - Launching GUI... display mode: 0 13.05.2009 18:10:48 - selftest successful: C:\Program Files\Avira\AntiVir PersonalEdition Classic\updlib.dll 13.05.2009 18:10:48 - selftest successful: C:\Program Files\Avira\AntiVir PersonalEdition Classic\updlibrc.dll 13.05.2009 18:10:48 - Avira AntiVir Personal - Free Antivirus 13.05.2009 18:10:55 - The file C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_4a0b4561\idx/master.idx with the following content is erroneous: 13.05.2009 18:10:55 - <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> 13.05.2009 18:10:55 - <html><head> 13.05.2009 18:10:55 - <title>403 Forbidden</title> 13.05.2009 18:10:55 - </head><body> 13.05.2009 18:10:55 - <h1>Forbidden</h1> 13.05.2009 18:10:55 - <p>You don't have permission to access /upd/idx/master.idx 13.05.2009 18:10:55 - on this server.</p> 13.05.2009 18:10:55 - </body></html> 13.05.2009 18:10:55 - There was a problem updating from the specified server: Validation error. File C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_4a0b4561\idx/master.idx is corrupted! 13.05.2009 18:10:55 - Switching to next update server 13.05.2009 18:10:57 - The file C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_4a0b4561\idx/master.idx with the following content is erroneous: 13.05.2009 18:10:57 - <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> 13.05.2009 18:10:57 - <html><head> 13.05.2009 18:10:57 - <title>403 Forbidden</title> 13.05.2009 18:10:57 - </head><body> 13.05.2009 18:10:57 - <h1>Forbidden</h1> 13.05.2009 18:10:57 - <p>You don't have permission to access /upd/idx/master.idx 13.05.2009 18:10:57 - on this server.</p> 13.05.2009 18:10:57 - </body></html> 13.05.2009 18:10:57 - There was a problem updating from the specified server: Validation error. File C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_4a0b4561\idx/master.idx is corrupted! 13.05.2009 18:10:57 - Switching to next update server 13.05.2009 18:10:58 - The file C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_4a0b4561\idx/master.idx with the following content is erroneous: 13.05.2009 18:10:58 - <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> 13.05.2009 18:10:58 - <html><head> 13.05.2009 18:10:58 - <title>403 Forbidden</title> 13.05.2009 18:10:58 - </head><body> 13.05.2009 18:10:58 - <h1>Forbidden</h1> 13.05.2009 18:10:58 - <p>You don't have permission to access /upd/idx/master.idx 13.05.2009 18:10:59 - on this server.</p> 13.05.2009 18:10:59 - </body></html> 13.05.2009 18:10:59 - There was a problem updating from the specified server: Validation error. File C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_4a0b4561\idx/master.idx is corrupted! 13.05.2009 18:10:59 - Switching to next update server 13.05.2009 18:11:00 - The file C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_4a0b4561\idx/master.idx with the following content is erroneous: 13.05.2009 18:11:00 - <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> 13.05.2009 18:11:00 - <html><head> 13.05.2009 18:11:00 - <title>403 Forbidden</title> 13.05.2009 18:11:00 - </head><body> 13.05.2009 18:11:00 - <h1>Forbidden</h1> 13.05.2009 18:11:00 - <p>You don't have permission to access /upd/idx/master.idx 13.05.2009 18:11:00 - on this server.</p> 13.05.2009 18:11:00 - </body></html> 13.05.2009 18:11:00 - There was a problem updating from the specified server: Validation error. File C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_4a0b4561\idx/master.idx is corrupted! 13.05.2009 18:11:00 - Switching to next update server 13.05.2009 18:11:02 - The file C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_4a0b4561\idx/master.idx with the following content is erroneous: 13.05.2009 18:11:02 - <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> 13.05.2009 18:11:02 - <html><head> 13.05.2009 18:11:02 - <title>403 Forbidden</title> 13.05.2009 18:11:02 - </head><body> 13.05.2009 18:11:02 - <h1>Forbidden</h1> 13.05.2009 18:11:02 - <p>You don't have permission to access /upd/idx/master.idx 13.05.2009 18:11:02 - on this server.</p> 13.05.2009 18:11:02 - </body></html> 13.05.2009 18:11:02 - There was a problem updating from the specified server: Validation error. File C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_4a0b4561\idx/master.idx is corrupted! 13.05.2009 18:11:02 - Switching to next update server 13.05.2009 18:11:03 - The file C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_4a0b4561\idx/master.idx with the following content is erroneous: 13.05.2009 18:11:03 - <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> 13.05.2009 18:11:03 - <html><head> 13.05.2009 18:11:03 - <title>403 Forbidden</title> 13.05.2009 18:11:03 - </head><body> 13.05.2009 18:11:03 - <h1>Forbidden</h1> 13.05.2009 18:11:03 - <p>You don't have permission to access /upd/idx/master.idx 13.05.2009 18:11:03 - on this server.</p> 13.05.2009 18:11:03 - </body></html> 13.05.2009 18:11:03 - There was a problem updating from the specified server: Validation error. File C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_4a0b4561\idx/master.idx is corrupted! 13.05.2009 18:11:03 - Switching to next update server 13.05.2009 18:11:05 - The file C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_4a0b4561\idx/master.idx with the following content is erroneous: 13.05.2009 18:11:05 - <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> 13.05.2009 18:11:05 - <html><head> 13.05.2009 18:11:05 - <title>403 Forbidden</title> 13.05.2009 18:11:05 - </head><body> 13.05.2009 18:11:05 - <h1>Forbidden</h1> 13.05.2009 18:11:05 - <p>You don't have permission to access /upd/idx/master.idx 13.05.2009 18:11:05 - on this server.</p> 13.05.2009 18:11:05 - </body></html> 13.05.2009 18:11:05 - There was a problem updating from the specified server: Validation error. File C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_4a0b4561\idx/master.idx is corrupted! 13.05.2009 18:11:05 - Switching to next update server 13.05.2009 18:11:06 - The file C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_4a0b4561\idx/master.idx with the following content is erroneous: 13.05.2009 18:11:06 - <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> 13.05.2009 18:11:06 - <html><head> 13.05.2009 18:11:06 - <title>403 Forbidden</title> 13.05.2009 18:11:06 - </head><body> 13.05.2009 18:11:06 - <h1>Forbidden</h1> 13.05.2009 18:11:06 - <p>You don't have permission to access /upd/idx/master.idx 13.05.2009 18:11:06 - on this server.</p> 13.05.2009 18:11:06 - </body></html> 13.05.2009 18:11:06 - There was a problem updating from the specified server: Validation error. File C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_4a0b4561\idx/master.idx is corrupted! 13.05.2009 18:11:06 - Switching to next update server 13.05.2009 18:11:08 - The file C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_4a0b4561\idx/master.idx with the following content is erroneous: 13.05.2009 18:11:08 - <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> 13.05.2009 18:11:08 - <html><head> 13.05.2009 18:11:08 - <title>403 Forbidden</title> 13.05.2009 18:11:08 - </head><body> 13.05.2009 18:11:08 - <h1>Forbidden</h1> 13.05.2009 18:11:08 - <p>You don't have permission to access /upd/idx/master.idx 13.05.2009 18:11:08 - on this server.</p> 13.05.2009 18:11:08 - </body></html> 13.05.2009 18:11:08 - There was a problem updating from the specified server: Validation error. File C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_4a0b4561\idx/master.idx is corrupted! 13.05.2009 18:11:08 - Switching to next update server 13.05.2009 18:11:09 - The file C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_4a0b4561\idx/master.idx with the following content is erroneous: 13.05.2009 18:11:09 - <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> 13.05.2009 18:11:09 - <html><head> 13.05.2009 18:11:09 - <title>403 Forbidden</title> 13.05.2009 18:11:09 - </head><body> 13.05.2009 18:11:09 - <h1>Forbidden</h1> 13.05.2009 18:11:09 - <p>You don't have permission to access /upd/idx/master.idx 13.05.2009 18:11:09 - on this server.</p> 13.05.2009 18:11:09 - </body></html> 13.05.2009 18:11:36 - Registry entry created successfully: Software\Avira\AntiVir PersonalEdition Classic |UpdateInProgress 13.05.2009 18:11:37 - Critical error: Validation error. File C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_4a0b4561\idx/master.idx is corrupted! Also, I am unable to access McAfee web page via the Internet. Other than this, my navigation seems to be working fine. Here is the Hijackthis log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 6:16:13 PM, on 5/13/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16827) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Creative\MediaSource5\MtdAcqu.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe C:\Program Files\palmOne\Hotsync.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe C:\Program Files\HijackThis.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\notepad.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: {1a481bb3-40d9-fa5b-3c94-de7a66aecd67} - {76dcea66-a7ed-49c3-b5af-9d043bb184a1} - (no file) O2 - BHO: (no name) - {7BEC4D47-38D5-4D42-9354-107925DEFE0F} - (no file) O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MtdAcqu] "C:\Program Files\Creative\MediaSource5\MtdAcqu.exe" /s O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user') O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe O4 - Global Startup: Renaissance Wireless Server.lnk = C:\Documents and Settings\All Users\Application Data\Renaissance Wireless Server\Renaissance Wireless Server.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1188535179253 O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1188535170821 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O20 - Winlogon Notify: qommklj - C:\WINDOWS\ O20 - Winlogon Notify: vvucseiz - C:\WINDOWS\ O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe -- End of file - 6468 bytes Here is the Malwarebytes log file list: Malwarebytes' Anti-Malware 1.36 Database version: 1945 Windows 5.1.2600 Service Pack 3 5/13/2009 2:19:27 PM mbam-log-2009-05-13 (14-19-27).txt Scan type: Quick Scan Objects scanned: 61836 Time elapsed: 13 minute(s), 37 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 16 Registry Values Infected: 3 Registry Data Items Infected: 0 Folders Infected: 2 Files Infected: 3 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{a95b2816-1d7e-4561-a202-68c0de02353a} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{bbb05d9e-0297-404d-a6bf-d8f2876b84a6} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a95b2816-1d7e-4561-a202-68c0de02353a} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bbb05d9e-0297-404d-a6bf-d8f2876b84a6} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\WR (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\MS Juan (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\jkwslist (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Juan (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinAble (Trojan.Adloader) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\WinAble (Trojan.Adloader) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\CAC (Malware.Trace) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{11a69ae4-fbed-4832-a2bf-45af82825583} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{11a69ae4-fbed-4832-a2bf-45af82825583} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{bbb05d9e-0297-404d-a6bf-d8f2876b84a6} (Trojan.Vundo) -> Quarantined and deleted successfully. Registry Data Items Infected: (No malicious items detected) Folders Infected: C:\Program Files\WinAble (Trojan.Adloader) -> Quarantined and deleted successfully. C:\Program Files\Temporary (Trojan.Agent) -> Quarantined and deleted successfully. Files Infected: C:\WINDOWS\system32\vvucseiz.dllbox (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Start Menu\Online Security Guide.lnk (Rogue.Link) -> Quarantined and deleted successfully. Whew! Any help would be greatly appreciated!!!