Mxhunter

Due to certain circumstances, I was forced to reformat my computer. Therefore this problem is no longer present. Please close topic.

Hello, I believe my computer is infected. My websites are constantly redirected to other random sites. I have seen fake alerts appear as well, and am experiencing an overall slower computer as a result. Please help! Here are MBAM and HJT logs: Malwarebytes' Anti-Malware 1.41 Database version: 3255 Windows 5.1.2600 Service Pack 3 11/29/2009 12:56:21 AM mbam-log-2009-11-29 (00-56-21).txt Scan type: Quick Scan Objects scanned: 107962 Time elapsed: 4 minute(s), 27 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) =================================================================== Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:56:38 AM, on 11/29/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS C:\WINDOWS\system32\dllhost.exe C:\Ventrilo\Ventrilo.exe C:\Mozilla Firefox\firefox.exe C:\Winamp\winamp.exe C:\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gatewaybiz.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gatewaybiz.com O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [intelAudioStudio] "C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" TRAY O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Mbam\mbam.exe" /runcleanupscript O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1256604578875 O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS -- End of file - 2770 bytes Any help would be greatly appreciated! Thank you.

Hello, my computer has suddenly begun to run extremely slow despite my not downloading or running anything new or out of the ordinary. My antivirus program (AVG) recently detected a viral threat and quarantined it, leading me to believe that was the root of the problem. However, I'm not convinced my computer is free of malware, due to the continued slowness I'm experiencing. Here are my MBAM and HJT logs: Malwarebytes' Anti-Malware 1.40 Database version: 2551 Windows 5.1.2600 Service Pack 3 8/7/2009 12:18:03 AM mbam-log-2009-08-07 (00-18-03).txt Scan type: Quick Scan Objects scanned: 98769 Time elapsed: 12 minute(s), 23 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) ---------------------------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:25:51 AM, on 8/7/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSAgent.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Digital Media Reader\shwiconem.exe C:\WINDOWS\system32\hphmon03.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe C:\WINDOWS\ehome\ehtray.exe C:\DAEMON\daemon.exe C:\WINDOWS\zHotkey.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\Program Files\AVG\AVG8\IdentityProtection\agent\bin\AVGIDSUI.exe C:\Program Files\AIM6\aim6.exe C:\Program Files\AVG\AVG8\IdentityProtection\agent\bin\AVGIDSMonitor.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\PROGRA~1\AVG\AVG8\avgfws8.exe C:\Program Files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSWatcher.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS C:\PROGRA~1\AVG\AVG8\avgam.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\Program Files\IDT\WDM\STacSV.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\Program Files\AVG\AVG8\avgcsrvx.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\AIM6\aolsoftware.exe C:\WINDOWS\system32\wuauclt.exe C:\Ventrilo\Ventrilo.exe C:\Program Files\Winamp\winamp.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gatewaybiz.com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [sunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe O4 - HKLM\..\Run: [showWnd] ShowWnd.exe O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [HPHmon03] C:\WINDOWS\system32\hphmon03.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [DAEMON Tools] "C:\DAEMON\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [CHotkey] zHotkey.exe O4 - HKLM\..\Run: [sysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [AVGIDS] "C:\Program Files\AVG\AVG8\IdentityProtection\agent\bin\AVGIDSUI.exe" O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: My_AutoWarkey_Script.lnk = C:\Warkeys\AutoWarkey\AutoHotkey\AutoHotkey.exe O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Aim2\aim.exe (file missing) O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: www.eset.com O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} (Macromedia Authorware Web Player Control) - http://mc.nacs.uci.edu/mcweb/awswax.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {4E218431-2F07-40BD-A9D3-035324C1F13F} (DyynoX Class) - http://webserver.dyyno.com/DyynoClient/DyynoCAB.CAB O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1244316758953 O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {9E17A5F9-2B9C-4C66-A592-199A4BA1FBC8} (AIM UPF Control) - http://pictures05.aim.com/ygp/aol/plugin/u...AIM.9.5.1.8.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - Winlogon Notify: !SASWinLogon - C:\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exe O23 - Service: AVGIDSAgent - AVG - C:\Program Files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSAgent.exe O23 - Service: AVGIDSWatcher - AVG - C:\Program Files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSWatcher.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Pml Driver - HP - C:\WINDOWS\system32\HPHipm09.exe O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV.exe -- End of file - 7913 bytes Thank you.

All right, thanks alot for the help

Hm, actually, I noticed my windows media player is now playing video slower/choppy than before. Not sure why this is

Okay, the problems I had before are fixed. Hopefully nothing is still lingering on my computer that I'm unaware of. Here is my MBAM log: Malwarebytes' Anti-Malware 1.38 Database version: 2405 Windows 5.1.2600 Service Pack 3 7/10/2009 5:01:26 PM mbam-log-2009-07-10 (17-01-26).txt Scan type: Quick Scan Objects scanned: 95090 Time elapsed: 4 minute(s), 58 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)

Okay, here are my combofix and ESET logs: ComboFix 09-07-09.07 - Owner 07/10/2009 2:00.5.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1012.746 [GMT -7:00] Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Owner\Desktop\CFscript.txt FILE :: "c:\windows\system32\drivers\ajcwjqm.sys" . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_cmel ((((((((((((((((((((((((( Files Created from 2009-06-10 to 2009-07-10 ))))))))))))))))))))))))))))))) . 2009-07-09 23:41 . 2009-07-10 04:16 -------- d-----w- C:\World of Warcraft 2009-07-09 22:41 . 2009-07-09 22:41 255488 ----a-w- c:\documents and settings\Owner\Application Data\SystemRequirementsLab\SRLProxy_srl_4_0_0_4_d.dll 2009-07-09 22:41 . 2009-07-09 22:41 255488 ----a-w- c:\documents and settings\Owner\Application Data\SystemRequirementsLab\SRLProxy_srl_4_0_0_4_c.dll 2009-07-09 22:41 . 2009-07-09 22:41 255488 ----a-w- c:\documents and settings\Owner\Application Data\SystemRequirementsLab\SRLProxy_srl_4_0_0_4_b.dll 2009-07-09 22:41 . 2009-07-09 22:41 255488 ----a-w- c:\documents and settings\Owner\Application Data\SystemRequirementsLab\SRLProxy_srl_4_0_0_4_a.dll 2009-07-09 21:10 . 2009-07-09 21:10 -------- d-----w- c:\program files\IDT 2009-07-09 20:25 . 2009-07-09 20:25 2272 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat 2009-07-09 20:25 . 2009-07-09 20:25 -------- d-----w- c:\windows\system32\XPSViewer 2009-07-09 20:25 . 2009-07-09 20:25 -------- d-----w- c:\program files\MSBuild 2009-07-09 20:25 . 2009-07-09 20:25 -------- d-----w- c:\program files\Reference Assemblies 2009-07-09 20:24 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll 2009-07-09 20:24 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll 2009-07-09 20:24 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll 2009-07-09 20:24 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll 2009-07-09 20:24 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll 2009-07-09 20:24 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll 2009-07-09 20:24 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe 2009-07-09 20:24 . 2009-07-09 20:28 -------- d-----w- c:\windows\SxsCaPendDel 2009-07-09 19:15 . 2008-04-11 03:08 212992 ----a-w- c:\windows\system32\stacsv.exe 2009-07-09 19:15 . 2008-04-11 03:06 2129920 ----a-w- c:\windows\system32\stlang.dll 2009-07-09 17:51 . 2009-04-29 04:46 81920 ----a-w- c:\windows\system32\ieencode.dll 2009-07-09 17:45 . 2009-07-09 17:45 -------- d-----w- c:\windows\system32\CatRoot_bak 2009-07-09 17:43 . 2009-07-09 17:43 -------- d-sh--w- c:\documents and settings\Owner\PrivacIE 2009-07-09 17:41 . 2009-07-09 17:41 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache 2009-07-09 17:41 . 2009-07-09 17:41 -------- d-sh--w- c:\documents and settings\Owner\IETldCache 2009-07-09 17:28 . 2009-07-09 19:55 -------- d-----w- c:\windows\ie8updates 2009-07-09 17:27 . 2009-04-29 04:46 81920 ----a-w- c:\windows\system32\dllcache\ieencode.dll 2009-07-09 17:25 . 2009-06-02 10:12 102912 -c----w- c:\windows\system32\dllcache\iecompat.dll 2009-07-09 17:25 . 2009-04-30 21:22 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll 2009-07-09 17:25 . 2009-04-30 21:22 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll 2009-07-09 17:25 . 2009-04-30 21:22 1985024 -c----w- c:\windows\system32\dllcache\iertutil.dll 2009-07-09 17:25 . 2009-04-30 21:22 11064832 -c----w- c:\windows\system32\dllcache\ieframe.dll 2009-07-08 16:44 . 1998-09-02 08:28 38160 ----a-w- c:\windows\system32\LMRTREND.dll 2009-07-08 16:44 . 1998-08-27 04:51 182032 ----a-w- c:\windows\system32\dxtmsft3.dll 2009-07-08 16:44 . 1998-09-02 08:28 63488 ----a-w- c:\windows\system32\unam4ie.exe 2009-07-08 16:44 . 2009-07-08 16:44 4608 ----a-w- c:\windows\system32\w95inf32.dll 2009-07-08 16:44 . 2009-07-08 16:44 2272 ----a-w- c:\windows\system32\w95inf16.dll 2009-07-08 16:44 . 1998-09-02 08:02 194320 ----a-w- c:\windows\system32\qcut.dll 2009-07-08 16:44 . 1998-08-17 09:21 10240 ----a-w- c:\windows\system32\vidx16.dll 2009-07-08 16:44 . 1998-08-17 09:21 11776 ----a-w- c:\windows\system32\mciqtz.drv 2009-07-07 23:55 . 2009-07-07 23:55 41808 ----a-w- c:\windows\system32\xfcodec.dll 2009-07-01 09:13 . 2009-07-01 09:13 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Dyyno 2009-07-01 09:00 . 2009-07-08 08:58 -------- d-----w- c:\documents and settings\Owner\Application Data\Xfire 2009-07-01 09:00 . 2009-07-08 16:03 -------- d-----w- C:\Xfire 2009-06-30 17:18 . 2009-06-30 17:18 -------- d-----w- c:\program files\Trend Micro 2009-06-30 09:31 . 2009-06-30 09:31 -------- d-----w- c:\documents and settings\All Users\Application Data\The Best Eroge Ever 2009-06-30 09:31 . 2009-06-30 09:31 -------- d-----w- c:\documents and settings\All Users\Application Data\ONScripter-En 2009-06-30 03:23 . 2009-06-30 17:17 -------- d-----w- C:\HijackThis 2009-06-28 06:50 . 2009-06-28 07:01 16 --sha-w- c:\documents and settings\Owner\Application Data\BDL+D\MANGAGAMER.COM\B12AEB7E-B6E4-46CF-B5D6-B6B01AA4AC65\____.sys 2009-06-28 06:50 . 2009-06-28 06:50 -------- d-----w- c:\documents and settings\Owner\Application Data\BDL+D 2009-06-28 06:22 . 2009-06-28 07:38 -------- d-----w- C:\Fate-stay night 2009-06-28 06:17 . 2009-06-30 09:36 -------- d-----w- C:\Brass Restoration 2009-06-28 06:11 . 2009-07-07 09:52 -------- d-----w- C:\Narcissu 2009-06-27 04:10 . 2009-07-09 20:08 105 ----a-w- c:\documents and settings\Owner\Application Data\RenPy\persistent\act1.katawa-shoujo.com 2009-06-26 19:31 . 2009-06-26 19:31 -------- d-----w- c:\documents and settings\Owner\Application Data\RenPy 2009-06-26 19:29 . 2009-06-28 10:06 -------- d-----w- C:\Katawa Shoujo Act 1 2009-06-18 03:23 . 2009-07-10 04:31 3561743 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe 2009-06-15 20:02 . 2009-06-15 20:51 -------- d-----w- c:\windows\system32\Adobe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-07-10 06:22 . 2008-07-06 07:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Avg8 2009-07-10 04:20 . 2007-04-11 23:04 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment 2009-07-09 22:55 . 2009-07-09 22:55 252 ----a-w- c:\windows\system32\drivers\sthdae.log 2009-07-09 22:41 . 2008-05-23 05:02 -------- d-----w- c:\program files\SystemRequirementsLab 2009-07-09 22:41 . 2008-05-23 05:02 -------- d-----w- c:\documents and settings\Owner\Application Data\SystemRequirementsLab 2009-07-09 22:36 . 2005-09-23 23:37 73680 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-07-09 20:50 . 2005-05-24 22:43 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-07-09 20:49 . 2005-05-24 22:42 -------- d-----w- c:\program files\Common Files\InstallShield 2009-07-01 16:54 . 2005-05-24 22:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint 2009-07-01 16:54 . 2005-05-24 22:48 -------- d-----w- c:\program files\Viewpoint 2009-06-17 18:27 . 2009-06-04 17:46 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-06-17 18:27 . 2009-06-04 17:46 19096 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-06-10 00:18 . 2009-04-22 11:48 1 ----a-w- c:\documents and settings\Owner\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys 2009-06-09 21:47 . 2009-06-09 21:47 -------- d-----w- c:\program files\JRE 2009-06-09 21:47 . 2009-04-22 11:45 -------- d-----w- c:\program files\OpenOffice.org 3 2009-06-09 21:43 . 2005-04-13 17:41 -------- d-----w- c:\program files\Java 2009-06-07 16:35 . 2008-08-09 08:59 -------- d-----w- c:\program files\Microsoft Silverlight 2009-06-07 07:14 . 2009-06-07 07:14 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2 2009-06-06 20:07 . 2006-04-20 04:57 96384 ----a-w- c:\windows\system32\drivers\sptd7965.sys 2009-06-06 20:00 . 2005-04-13 17:18 86811 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat 2009-06-06 19:22 . 2009-06-06 19:18 -------- d-----w- c:\program files\Winamp 2009-06-06 19:19 . 2009-06-06 19:18 -------- d-----w- c:\documents and settings\Owner\Application Data\Winamp 2009-06-06 19:13 . 2009-06-06 19:12 -------- d-----w- c:\program files\AIM6 2009-06-06 19:12 . 2009-06-06 19:12 -------- d-----w- c:\documents and settings\All Users\Application Data\acccore 2009-06-06 19:12 . 2009-06-06 19:12 -------- d-----w- c:\program files\Common Files\AOL 2009-06-06 18:47 . 2009-06-06 18:47 410984 ----a-w- c:\windows\system32\deploytk.dll 2009-06-06 04:15 . 2009-06-06 04:15 -------- d-----w- c:\documents and settings\Owner\Application Data\Octoshape 2009-06-06 02:25 . 2009-06-06 02:25 -------- d-----w- c:\program files\ESET 2009-06-05 05:06 . 2007-07-21 19:43 -------- d-----w- c:\documents and settings\Owner\Application Data\Azureus 2009-06-03 21:20 . 2008-07-17 07:00 -------- d-----w- c:\program files\Common Files\DVDVideoSoft 2009-05-07 15:32 . 2005-04-13 16:55 345600 ----a-w- c:\windows\system32\localspl.dll 2009-04-29 04:46 . 2005-04-13 16:56 666624 ----a-w- c:\windows\system32\wininet.dll 2009-04-17 12:26 . 2005-04-13 16:56 1847168 ----a-w- c:\windows\system32\win32k.sys 2009-04-15 14:51 . 2005-04-13 16:56 585216 ----a-w- c:\windows\system32\rpcrt4.dll 2005-09-16 01:26 . 2005-09-25 05:22 44153 ----a-w- c:\program files\mozilla firefox\components\inspector.dll . ((((((((((((((((((((((((((((( SnapShot@2009-07-10_07.04.50 ))))))))))))))))))))))))))))))))))))))))) . + 2009-07-10 09:07 . 2009-07-10 09:07 16384 c:\windows\temp\Perflib_Perfdata_600.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Aim6"="c:\program files\AIM6\aim6.exe" [2009-05-19 49968] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunKistEM"="c:\program files\Digital Media Reader\shwiconem.exe" [2004-11-15 135168] "Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-13 212992] "HPHmon03"="c:\windows\system32\hphmon03.exe" [2003-01-31 311296] "HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2003-01-31 196608] "ehTray"="c:\windows\ehome\ehtray.exe" [2004-08-10 59392] "DAEMON Tools"="c:\daemon\daemon.exe" [2005-12-10 133016] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-06-06 148888] "SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-04-11 413696] "ShowWnd"="ShowWnd.exe" - c:\windows\ShowWnd.exe [2003-09-19 36864] "CHotkey"="zHotkey.exe" - c:\windows\zHotkey.exe [2004-05-18 543232] c:\documents and settings\Owner\Start Menu\Programs\Startup\ Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696] Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\superantispyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2008-12-22 19:05 356352 ----a-w- c:\superantispyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Curse\\CurseClient.exe"= "c:\\Documents and Settings\\Owner\\Local Settings\\Application Data\\Dyyno Receiver\\DPPM.exe"= "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "c:\\Program Files\\AIM6\\aim6.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "1947:TCP"= 1947:TCP:HASP SRM "1947:UDP"= 1947:UDP:HASP SRM "6112:TCP"= 6112:TCP:Battlenet "6112:UDP"= 6112:UDP:Battlenet R1 SASDIFSV;SASDIFSV;c:\superantispyware\sasdifsv.sys [1/15/2009 5:17 PM 8944] R1 SASKUTIL;SASKUTIL;c:\superantispyware\SASKUTIL.SYS [1/15/2009 5:17 PM 55024] S3 SASENUM;SASENUM;c:\superantispyware\SASENUM.SYS [1/15/2009 5:17 PM 7408] . Contents of the 'Scheduled Tasks' folder 2009-07-09 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 22:57] . . ------- Supplementary Scan ------- . uStart Page = about:blank mStart Page = hxxp://www.gatewaybiz.com uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 Trusted Zone: eset.com\www DPF: {4E218431-2F07-40BD-A9D3-035324C1F13F} - hxxp://webserver.dyyno.com/DyynoClient/DyynoCAB.CAB FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\eyoermj5.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - www.google.com FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=utf-8&fr=megaup&p= FF - plugin: c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\eyoermj5.default\extensions\NPDyyno@dyyno.com\plugins\npDyyno.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npmasque.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-07-10 02:07 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(812) c:\superantispyware\SASWINLO.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\windows\ehome\ehRecvr.exe c:\windows\ehome\ehSched.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\New Boundary\PrismXL\PRISMXL.SYS c:\program files\IDT\WDM\stacsv.exe c:\windows\system32\dllhost.exe c:\program files\AIM6\aolsoftware.exe c:\windows\ehome\ehmsas.exe . ************************************************************************** . Completion time: 2009-07-10 2:10 - machine was rebooted ComboFix-quarantined-files.txt 2009-07-10 09:10 ComboFix2.txt 2009-07-10 07:06 ComboFix3.txt 2009-07-01 16:52 Pre-Run: 76,386,594,816 bytes free Post-Run: 76,321,697,792 bytes free 226 --- E O F --- 2009-06-10 00:34 ------------------------------------------------------------------------------------------------------- ESETSmartInstaller@High as downloader log: all ok # version=6 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.5863 # api_version=3.0.2 # EOSSerial=411b4a271a931d4d9e88e01f66244d70 # end=finished # remove_checked=true # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2009-06-06 03:31:52 # local_time=2009-06-05 08:31:52 (-0800, Pacific Daylight Time) # country="United States" # lang=1033 # osver=5.1.2600 NT Service Pack 2 # scanned=80740 # found=13 # cleaned=13 # scan_time=3220 C:\fantasy.exe multiple threats (deleted - quarantined) 00000000000000000000000000000000 C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\27\62318b5b-14777128 multiple threats (deleted - quarantined) 00000000000000000000000000000000 C:\Program Files\My Love\v1r10 IRC/Flooder.gen trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C:\Program Files\My Love\v1r3 probably a variant of IRC/Goodbot trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C:\Program Files\My Love\v1r6 IRC/Flooder.gen trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C:\Program Files\My Love\v1r8 Win32/Randon worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C:\Program Files\My Love\v1rg1n IRC/Cloner.BA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C:\Program Files\My Love\x IRC/Sliv.A trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C:\Qoobox\Quarantine\C\WINDOWS\system32\UACejlcrqqmhtvguft.dll.vir Win32/Olmarik.HZ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C:\Qoobox\Quarantine\C\WINDOWS\system32\UACvdfrsorsupuuhda.dll.vir a variant of Win32/Kryptik.PS trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C:\Qoobox\Quarantine\C\WINDOWS\system32\UACywecragefytxadj.dll.vir Win32/Olmarik.IA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C:\Qoobox\Quarantine\C\WINDOWS\system32\wglxpama.ini.vir Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\UACoedeeekydryfwul.sys.vir a variant of Win32/Olmarik.ID trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 ESETSmartInstaller@High as downloader log: all ok # version=6 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.5886 # api_version=3.0.2 # EOSSerial=411b4a271a931d4d9e88e01f66244d70 # end=finished # remove_checked=false # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2009-07-10 09:56:13 # local_time=2009-07-10 02:56:13 (-0800, Pacific Daylight Time) # country="United States" # lang=1033 # osver=5.1.2600 NT Service Pack 3 # scanned=79535 # found=6 # cleaned=0 # scan_time=2237 C:\Qoobox\Quarantine\C\WINDOWS\system32\UACpwmvciirputehwmak.dll.vir a variant of Win32/Kryptik.PS trojan 00000000000000000000000000000000 I C:\Qoobox\Quarantine\C\WINDOWS\system32\UACultfbpqxwqypwklod.dll.vir Win32/Olmarik.HQ trojan 00000000000000000000000000000000 I C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\UACdjbnrbeexyiufjxtl.sys.vir a variant of Win32/Olmarik.IN trojan 00000000000000000000000000000000 I C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP280\A0034916.sys a variant of Win32/Olmarik.IN trojan 00000000000000000000000000000000 I C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP280\A0034920.dll a variant of Win32/Kryptik.PS trojan 00000000000000000000000000000000 I C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP280\A0034921.dll Win32/Olmarik.HQ trojan 00000000000000000000000000000000 I

Okay, here are my Combofix (attached), Hijackthis, and MBAM logs: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:06:44 AM, on 7/10/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS C:\Program Files\IDT\WDM\STacSV.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\explorer.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gatewaybiz.com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [sunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe O4 - HKLM\..\Run: [showWnd] ShowWnd.exe O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [HPHmon03] C:\WINDOWS\system32\hphmon03.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [DAEMON Tools] "C:\DAEMON\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [CHotkey] zHotkey.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [sysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: My_AutoWarkey_Script.lnk = C:\Warkeys\AutoWarkey\AutoHotkey\AutoHotkey.exe O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Aim2\aim.exe (file missing) O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: www.eset.com O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} (Macromedia Authorware Web Player Control) - http://mc.nacs.uci.edu/mcweb/awswax.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {4E218431-2F07-40BD-A9D3-035324C1F13F} (DyynoX Class) - http://webserver.dyyno.com/DyynoClient/DyynoCAB.CAB O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1244316758953 O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {9E17A5F9-2B9C-4C66-A592-199A4BA1FBC8} (AIM UPF Control) - http://pictures05.aim.com/ygp/aol/plugin/u...AIM.9.5.1.8.cab O20 - Winlogon Notify: !SASWinLogon - C:\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Pml Driver - HP - C:\WINDOWS\system32\HPHipm09.exe O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV.exe -- End of file - 5937 bytes ==================================================================== Malwarebytes' Anti-Malware 1.38 Database version: 2402 Windows 5.1.2600 Service Pack 3 7/10/2009 12:13:26 AM mbam-log-2009-07-10 (00-13-25).txt Scan type: Quick Scan Objects scanned: 94132 Time elapsed: 4 minute(s), 40 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) log.txt log.txt

Hi, I'm not sure what's wrong. One day I literally woke up and my comp started running extremely slow, even crashing often, and some searches would redirect me. I know something is wrong though since I haven't done anything extreme or downloaded anything recently that should have affected my computer this much. Here's my MBAM log and HJT log (however, I am unable to update my MBAM for some reason.. it's a little over a week old, so perhaps a spyware is preventing me in that area?) : Malwarebytes' Anti-Malware 1.37 Database version: 2357 Windows 5.1.2600 Service Pack 3 7/9/2009 10:58:20 AM mbam-log-2009-07-09 (10-58-20).txt Scan type: Quick Scan Objects scanned: 96107 Time elapsed: 7 minute(s), 44 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 1 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_LOCAL_MACHINE\SOFTWARE\UAC (Rootkit.Trace) -> Quarantined and deleted successfully. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\WINDOWS\system32\uacinit.dll (Trojan.Agent) -> Delete on reboot. ------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:22:37 AM, on 7/9/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Digital Media Reader\shwiconem.exe C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe C:\WINDOWS\system32\hphmon03.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe C:\WINDOWS\ehome\ehtray.exe C:\DAEMON\daemon.exe C:\WINDOWS\zHotkey.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\AIM6\aim6.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS C:\WINDOWS\system32\dllhost.exe C:\Program Files\AIM6\aolsoftware.exe C:\Program Files\Winamp\winamp.exe C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [sunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe O4 - HKLM\..\Run: [showWnd] ShowWnd.exe O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [intelAudioStudio] "C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" TRAY O4 - HKLM\..\Run: [HPHmon03] C:\WINDOWS\system32\hphmon03.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [DAEMON Tools] "C:\DAEMON\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [CHotkey] zHotkey.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: My_AutoWarkey_Script.lnk = C:\Warkeys\AutoWarkey\AutoHotkey\AutoHotkey.exe O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Aim2\aim.exe (file missing) O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: www.eset.com O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} (Macromedia Authorware Web Player Control) - http://mc.nacs.uci.edu/mcweb/awswax.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {4E218431-2F07-40BD-A9D3-035324C1F13F} (DyynoX Class) - http://webserver.dyyno.com/DyynoClient/DyynoCAB.CAB O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1244316758953 O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {9E17A5F9-2B9C-4C66-A592-199A4BA1FBC8} (AIM UPF Control) - http://pictures05.aim.com/ygp/aol/plugin/u...AIM.9.5.1.8.cab O20 - AppInit_DLLs: C:\DOCUME~1\Owner\LOCALS~1\Temp\2008078959mxx.dll O20 - Winlogon Notify: !SASWinLogon - C:\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Pml Driver - HP - C:\WINDOWS\system32\HPHipm09.exe O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS -- End of file - 6558 bytes Please help and thank you

I am able to search websites again so I would think things are better than before. Nothing too unusual.. but I could be wrong. Okay, here are the logs from the Kaspersky scan and HJT: -------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7.0 REPORT Wednesday, July 1, 2009 Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600) Kaspersky Online Scanner version: 7.0.26.13 Program database last update: Wednesday, July 01, 2009 19:18:44 Records in database: 2411768 -------------------------------------------------------------------------------- Scan settings: Scan using the following database: extended Scan archives: yes Scan mail databases: yes Scan area - My Computer: C:\ D:\ E:\ F:\ J:\ K:\ M:\ O:\ P:\ Scan statistics: Files scanned: 85095 Threat name: 1 Infected objects: 1 Suspicious objects: 0 Duration of the scan: 02:19:19 File name / Threat name / Threats count C:\WC3Banlist_2.82.exe Infected: Trojan-Downloader.Win32.Netmen.cg 1 The selected area was scanned. ---------------------------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 1:15:31 PM, on 7/1/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Digital Media Reader\shwiconem.exe C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe C:\WINDOWS\ehome\ehtray.exe C:\DAEMON\daemon.exe C:\WINDOWS\zHotkey.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\eHome\ehmsas.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\explorer.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Java\jre6\bin\java.exe C:\Program Files\Winamp\winamp.exe C:\Program Files\AIM6\aim6.exe C:\Program Files\AIM6\aolsoftware.exe C:\Ventrilo\Ventrilo.exe C:\VideoLAN\vlc.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gatewaybiz.com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [sunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe O4 - HKLM\..\Run: [showWnd] ShowWnd.exe O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [intelAudioStudio] "C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" TRAY O4 - HKLM\..\Run: [HPHmon03] C:\WINDOWS\system32\hphmon03.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [DAEMON Tools] "C:\DAEMON\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [CHotkey] zHotkey.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: My_AutoWarkey_Script.lnk = C:\Warkeys\AutoWarkey\AutoHotkey\AutoHotkey.exe O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Aim2\aim.exe (file missing) O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: www.eset.com O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} (Macromedia Authorware Web Player Control) - http://mc.nacs.uci.edu/mcweb/awswax.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {4E218431-2F07-40BD-A9D3-035324C1F13F} (DyynoX Class) - http://webserver.dyyno.com/DyynoClient/DyynoCAB.CAB O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1244316758953 O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {9E17A5F9-2B9C-4C66-A592-199A4BA1FBC8} (AIM UPF Control) - http://pictures05.aim.com/ygp/aol/plugin/u...AIM.9.5.1.8.cab O20 - Winlogon Notify: !SASWinLogon - C:\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Pml Driver - HP - C:\WINDOWS\system32\HPHipm09.exe O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS -- End of file - 6372 bytes

K, here are my MBAM and HJT logs: Malwarebytes' Anti-Malware 1.38 Database version: 2357 Windows 5.1.2600 Service Pack 3 6/30/2009 7:46:05 PM mbam-log-2009-06-30 (19-46-05).txt Scan type: Quick Scan Objects scanned: 93897 Time elapsed: 7 minute(s), 12 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) ----------------------------------------------------------------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 8:53:06 PM, on 6/30/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Digital Media Reader\shwiconem.exe C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe C:\WINDOWS\system32\hphmon03.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe C:\WINDOWS\ehome\ehtray.exe C:\DAEMON\daemon.exe C:\WINDOWS\zHotkey.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\AIM6\aim6.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\Program Files\Winamp\winamp.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\AIM6\aolsoftware.exe C:\WINDOWS\eHome\ehmsas.exe C:\Ventrilo\Ventrilo.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gatewaybiz.com R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://cdn.eyewonder.com/100125/750212/852...movies/zathura/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [sunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe O4 - HKLM\..\Run: [showWnd] ShowWnd.exe O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [intelAudioStudio] "C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" TRAY O4 - HKLM\..\Run: [HPHmon03] C:\WINDOWS\system32\hphmon03.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [DAEMON Tools] "C:\DAEMON\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [CHotkey] zHotkey.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: My_AutoWarkey_Script.lnk = C:\Warkeys\AutoWarkey\AutoHotkey\AutoHotkey.exe O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Aim2\aim.exe (file missing) O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: www.eset.com O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} (Macromedia Authorware Web Player Control) - http://mc.nacs.uci.edu/mcweb/awswax.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {4E218431-2F07-40BD-A9D3-035324C1F13F} (DyynoX Class) - http://webserver.dyyno.com/DyynoClient/DyynoCAB.CAB O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1244316758953 O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {9E17A5F9-2B9C-4C66-A592-199A4BA1FBC8} (AIM UPF Control) - http://pictures05.aim.com/ygp/aol/plugin/u...AIM.9.5.1.8.cab O20 - Winlogon Notify: !SASWinLogon - C:\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Pml Driver - HP - C:\WINDOWS\system32\HPHipm09.exe O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe -- End of file - 7071 bytes

All right, here are the Combofix and HJT logs: ComboFix 09-06-29.07 - Owner 06/30/2009 10:25.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1012.723 [GMT -7:00] Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\aspi_471a2.exe C:\hurl.exe c:\windows\system32\drivers\hjgruihwivrqoq.sys c:\windows\system32\hjgruioltxtrtb.dll c:\windows\system32\hjgruipxqpgiyt.dat c:\windows\system32\hjgruiudxxnmbk.dll c:\windows\system32\hjgruiyvetjgmc.dat c:\windows\system32\uactmp.db . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_hjgruinkvrnmql ((((((((((((((((((((((((( Files Created from 2009-05-28 to 2009-06-30 ))))))))))))))))))))))))))))))) . 2009-06-30 17:18 . 2009-06-30 17:18 -------- d-----w- c:\program files\Trend Micro 2009-06-30 09:31 . 2009-06-30 09:31 -------- d-----w- c:\documents and settings\All Users\Application Data\The Best Eroge Ever 2009-06-30 09:31 . 2009-06-30 09:31 -------- d-----w- c:\documents and settings\All Users\Application Data\ONScripter-En 2009-06-30 03:23 . 2009-06-30 17:17 -------- d-----w- C:\HijackThis 2009-06-28 06:50 . 2009-06-28 07:01 16 --sha-w- c:\documents and settings\Owner\Application Data\BDL+D\MANGAGAMER.COM\B12AEB7E-B6E4-46CF-B5D6-B6B01AA4AC65\____.sys 2009-06-28 06:50 . 2009-06-28 06:50 -------- d-----w- c:\documents and settings\Owner\Application Data\BDL+D 2009-06-28 06:49 . 2009-06-28 07:09 -------- d-----w- C:\dacapo 2009-06-28 06:22 . 2009-06-28 07:38 -------- d-----w- C:\Fate-stay night 2009-06-28 06:17 . 2009-06-30 09:36 -------- d-----w- C:\Brass Restoration 2009-06-28 06:11 . 2009-06-28 06:12 -------- d-----w- C:\Narcissu 2009-06-27 04:10 . 2009-06-27 09:02 105 ----a-w- c:\documents and settings\Owner\Application Data\RenPy\persistent\act1.katawa-shoujo.com 2009-06-26 19:31 . 2009-06-26 19:31 -------- d-----w- c:\documents and settings\Owner\Application Data\RenPy 2009-06-26 19:29 . 2009-06-28 10:06 -------- d-----w- C:\Katawa Shoujo Act 1 2009-06-18 03:23 . 2009-06-30 03:17 3561743 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe 2009-06-15 20:02 . 2009-06-15 20:51 -------- d-----w- c:\windows\system32\Adobe 2009-06-09 21:47 . 2009-06-09 21:47 -------- d-----w- c:\program files\JRE 2009-06-07 07:14 . 2009-06-07 07:14 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2 2009-06-07 02:22 . 2008-05-03 11:55 2560 ------w- c:\windows\system32\xpsp4res.dll 2009-06-07 02:22 . 2008-04-21 12:08 215552 -c----w- c:\windows\system32\dllcache\wordpad.exe 2009-06-07 02:21 . 2008-10-16 21:06 268648 ----a-w- c:\windows\system32\mucltui.dll 2009-06-06 19:57 . 2009-06-06 19:57 -------- d-----w- c:\windows\system32\scripting 2009-06-06 19:57 . 2009-06-06 19:57 -------- d-----w- c:\windows\l2schemas 2009-06-06 19:57 . 2009-06-06 19:57 -------- d-----w- c:\windows\system32\en 2009-06-06 19:57 . 2009-06-06 19:57 -------- d-----w- c:\windows\system32\bits 2009-06-06 19:55 . 2009-06-06 19:57 -------- d-----w- c:\windows\ServicePackFiles 2009-06-06 19:18 . 2008-08-20 17:58 129520 ------w- c:\windows\system32\pxafs.dll 2009-06-06 19:18 . 2009-06-06 19:22 -------- d-----w- c:\program files\Winamp 2009-06-06 19:18 . 2009-06-06 19:19 -------- d-----w- c:\documents and settings\Owner\Application Data\Winamp 2009-06-06 19:12 . 2009-06-06 19:12 -------- d-----w- c:\documents and settings\All Users\Application Data\acccore 2009-06-06 19:12 . 2009-06-06 19:12 -------- d-----w- c:\program files\Common Files\AOL 2009-06-06 19:12 . 2009-06-06 19:13 -------- d-----w- c:\program files\AIM6 2009-06-06 18:47 . 2009-06-06 18:47 410984 ----a-w- c:\windows\system32\deploytk.dll 2009-06-06 04:15 . 2009-06-06 04:15 -------- d-----w- c:\documents and settings\Owner\Application Data\Octoshape 2009-06-06 02:25 . 2009-06-06 02:25 -------- d-----w- c:\program files\ESET 2009-06-05 22:21 . 2009-06-06 02:42 -------- d-----w- C:\AVG 2009-06-05 04:46 . 2009-06-06 04:13 -------- d-----w- C:\Scanner 2009-06-05 03:29 . 2009-06-30 03:17 -------- d-----w- C:\malware 2009-06-04 17:46 . 2009-06-17 18:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-06-04 17:46 . 2009-06-17 18:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-06-04 17:46 . 2009-06-04 17:52 -------- d-----w- C:\stuff 2009-06-04 06:09 . 2009-06-04 06:09 -------- d-----w- C:\Azureus 2009-06-04 02:48 . 2006-04-20 15:34 29752 ------w- c:\windows\system32\InstHelper.dll 2009-06-04 02:48 . 2005-06-30 02:50 94720 ----a-w- c:\windows\system32\dneinobj.dll 2009-06-04 02:48 . 2005-06-30 02:50 110080 ----a-w- c:\windows\system32\drivers\dne2000.sys 2009-06-04 02:48 . 2005-05-17 11:51 5315 ----a-w- c:\windows\system32\drivers\CVirtA.sys 2009-06-04 02:48 . 2006-04-20 15:34 193584 ----a-w- c:\windows\system32\CSGina.dll 2009-06-03 21:20 . 2009-06-03 21:20 -------- d-----w- C:\DVDVideoSoft2 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-06-10 00:18 . 2009-04-22 11:48 1 ----a-w- c:\documents and settings\Owner\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys 2009-06-09 22:03 . 2005-09-23 23:37 72888 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-06-09 21:47 . 2009-04-22 11:45 -------- d-----w- c:\program files\OpenOffice.org 3 2009-06-09 21:43 . 2005-04-13 17:41 -------- d-----w- c:\program files\Java 2009-06-07 16:35 . 2008-08-09 08:59 -------- d-----w- c:\program files\Microsoft Silverlight 2009-06-06 20:07 . 2006-04-20 04:57 96384 ----a-w- c:\windows\system32\drivers\sptd7965.sys 2009-06-06 20:00 . 2005-04-13 17:18 86811 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat 2009-06-06 19:12 . 2005-05-24 22:48 -------- d-----w- c:\program files\Viewpoint 2009-06-06 19:12 . 2005-05-24 22:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint 2009-06-05 22:24 . 2008-07-06 07:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Avg8 2009-06-05 05:06 . 2007-07-21 19:43 -------- d-----w- c:\documents and settings\Owner\Application Data\Azureus 2009-06-04 06:08 . 2005-05-24 22:43 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-06-03 21:20 . 2008-07-17 07:00 -------- d-----w- c:\program files\Common Files\DVDVideoSoft 2009-05-10 04:46 . 2007-11-15 02:44 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2009-05-10 02:08 . 2009-05-10 02:08 -------- d-----w- c:\documents and settings\Owner\Application Data\Aim 2009-05-10 01:47 . 2007-06-13 23:30 -------- d-----w- c:\program files\Sony 2009-05-10 01:46 . 2005-10-04 22:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype 2009-05-10 01:44 . 2007-06-18 04:41 -------- d-----w- c:\program files\Real 2009-05-10 01:44 . 2005-05-24 22:46 -------- d-----w- c:\program files\Common Files\Real 2009-05-10 01:40 . 2009-01-19 05:17 -------- d-----w- c:\program files\Dyyno 2009-05-10 01:38 . 2005-09-23 08:09 -------- d-----w- c:\program files\DivX 2009-05-07 15:32 . 2005-04-13 16:55 345600 ----a-w- c:\windows\system32\localspl.dll 2009-04-29 04:46 . 2005-04-13 16:56 666624 ----a-w- c:\windows\system32\wininet.dll 2009-04-29 04:46 . 2005-04-13 16:55 81920 ----a-w- c:\windows\system32\ieencode.dll 2009-04-17 12:26 . 2005-04-13 16:56 1847168 ----a-w- c:\windows\system32\win32k.sys 2009-04-15 14:51 . 2005-04-13 16:56 585216 ----a-w- c:\windows\system32\rpcrt4.dll 2005-09-16 01:26 . 2005-09-25 05:22 44153 ----a-w- c:\program files\mozilla firefox\components\inspector.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Aim6"="c:\program files\AIM6\aim6.exe" [2009-05-19 49968] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunKistEM"="c:\program files\Digital Media Reader\shwiconem.exe" [2004-11-15 135168] "Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-13 212992] "IntelAudioStudio"="c:\program files\Intel Audio Studio\IntelAudioStudio.exe" [2005-05-10 7086080] "HPHmon03"="c:\windows\system32\hphmon03.exe" [2003-01-31 311296] "HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2003-01-31 196608] "ehTray"="c:\windows\ehome\ehtray.exe" [2004-08-10 59392] "DAEMON Tools"="c:\daemon\daemon.exe" [2005-12-10 133016] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-06-06 148888] "ShowWnd"="ShowWnd.exe" - c:\windows\ShowWnd.exe [2003-09-19 36864] "CHotkey"="zHotkey.exe" - c:\windows\zHotkey.exe [2004-05-18 543232] c:\documents and settings\Owner\Start Menu\Programs\Startup\ Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696] Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\superantispyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2008-12-22 19:05 356352 ----a-w- c:\superantispyware\SASWINLO.dll HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Curse\\CurseClient.exe"= "c:\\Documents and Settings\\Owner\\Local Settings\\Application Data\\Dyyno Receiver\\DPPM.exe"= "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "c:\\Program Files\\AIM6\\aim6.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "1947:TCP"= 1947:TCP:HASP SRM "1947:UDP"= 1947:UDP:HASP SRM "6112:TCP"= 6112:TCP:Battlenet "6112:UDP"= 6112:UDP:Battlenet R1 SASDIFSV;SASDIFSV;c:\superantispyware\sasdifsv.sys [1/15/2009 5:17 PM 8944] R1 SASKUTIL;SASKUTIL;c:\superantispyware\SASKUTIL.SYS [1/15/2009 5:17 PM 55024] R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [6/6/2009 12:12 PM 24652] S3 DMSKSSRh;DMSKSSRh;\??\c:\docume~1\Owner\LOCALS~1\Temp\DMSKSSRh.sys --> c:\docume~1\Owner\LOCALS~1\Temp\DMSKSSRh.sys [?] S3 SASENUM;SASENUM;c:\superantispyware\SASENUM.SYS [1/15/2009 5:17 PM 7408] . Contents of the 'Scheduled Tasks' folder 2009-06-25 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 22:57] . . ------- Supplementary Scan ------- . uStart Page = about:blank mStart Page = hxxp://www.gatewaybiz.com uInternet Connection Wizard,ShellNext = hxxp://cdn.eyewonder.com/100125/750212/852804/popup.html?null=&clickTag1=http%3A//twx.doubleclick.net/click%253Bh%3Dv5%7C32fe%7C3%7C0%7C%252a%7Cp%253B20546504%253B0-0%253B1%253B11588134%253B2-120%7C90%253B12299198%7C12317094%7C1%253B%253B%257Esscs%253D%253fhttp%253a%252f%252fwww.sonypictures.com/movies/zathura/ uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 Trusted Zone: eset.com\www DPF: {4E218431-2F07-40BD-A9D3-035324C1F13F} - hxxp://webserver.dyyno.com/DyynoClient/DyynoCAB.CAB FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\eyoermj5.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - www.google.com FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=utf-8&fr=megaup&p= FF - plugin: c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\eyoermj5.default\extensions\NPDyyno@dyyno.com\plugins\npDyyno.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npmasque.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-06-30 10:32 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(812) c:\superantispyware\SASWINLO.dll . Completion time: 2009-06-30 10:33 ComboFix-quarantined-files.txt 2009-06-30 17:33 ComboFix2.txt 2009-06-06 01:07 Pre-Run: 64,753,434,624 bytes free Post-Run: 65,989,058,560 bytes free 202 --- E O F --- 2009-06-10 00:34 -------------------------------------------------------------------------------------------------------------------------------------- -------------------------------------------------------------------------------------------------------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:35:35 AM, on 6/30/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\system32\notepad.exe C:\WINDOWS\explorer.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gatewaybiz.com R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://cdn.eyewonder.com/100125/750212/852...movies/zathura/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [sunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe O4 - HKLM\..\Run: [showWnd] ShowWnd.exe O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [intelAudioStudio] "C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" TRAY O4 - HKLM\..\Run: [HPHmon03] C:\WINDOWS\system32\hphmon03.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [DAEMON Tools] "C:\DAEMON\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [CHotkey] zHotkey.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: My_AutoWarkey_Script.lnk = C:\Warkeys\AutoWarkey\AutoHotkey\AutoHotkey.exe O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Aim2\aim.exe (file missing) O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: www.eset.com O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} (Macromedia Authorware Web Player Control) - http://mc.nacs.uci.edu/mcweb/awswax.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {4E218431-2F07-40BD-A9D3-035324C1F13F} (DyynoX Class) - http://webserver.dyyno.com/DyynoClient/DyynoCAB.CAB O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1244316758953 O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {9E17A5F9-2B9C-4C66-A592-199A4BA1FBC8} (AIM UPF Control) - http://pictures05.aim.com/ygp/aol/plugin/u...AIM.9.5.1.8.cab O20 - Winlogon Notify: !SASWinLogon - C:\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Pml Driver - HP - C:\WINDOWS\system32\HPHipm09.exe O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe -- End of file - 6424 bytes

Hi, I believe I have a trojan or spyware that is redirecting my websites. Clicking on searches I've typed in google would also redirect me to other websites. I can't seem to figure out what's wrong with my comp, nothing seems to be running slower or anything... only when I'm searching. Anyways, here are my MBAM and HJT logs. Malwarebytes' Anti-Malware 1.38 Database version: 2353 Windows 5.1.2600 Service Pack 3 6/29/2009 8:23:30 PM mbam-log-2009-06-29 (20-23-30).txt Scan type: Quick Scan Objects scanned: 96677 Time elapsed: 3 minute(s), 42 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) ---------------------------------------------------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 8:24:12 PM, on 6/29/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Digital Media Reader\shwiconem.exe C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe C:\WINDOWS\system32\hphmon03.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe C:\WINDOWS\ehome\ehtray.exe C:\DAEMON\daemon.exe C:\WINDOWS\zHotkey.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\AIM6\aim6.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\AIM6\aolsoftware.exe C:\Program Files\Winamp\winamp.exe C:\WINDOWS\eHome\ehmsas.exe C:\WINDOWS\system32\wuauclt.exe C:\Ventrilo\Ventrilo.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gatewaybiz.com R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://cdn.eyewonder.com/100125/750212/852...movies/zathura/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [sunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe O4 - HKLM\..\Run: [showWnd] ShowWnd.exe O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [intelAudioStudio] "C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" TRAY O4 - HKLM\..\Run: [HPHmon03] C:\WINDOWS\system32\hphmon03.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [DAEMON Tools] "C:\DAEMON\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [CHotkey] zHotkey.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: My_AutoWarkey_Script.lnk = C:\Warkeys\AutoWarkey\AutoHotkey\AutoHotkey.exe O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Aim2\aim.exe (file missing) O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: www.eset.com O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} (Macromedia Authorware Web Player Control) - http://mc.nacs.uci.edu/mcweb/awswax.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {4E218431-2F07-40BD-A9D3-035324C1F13F} (DyynoX Class) - http://webserver.dyyno.com/DyynoClient/DyynoCAB.CAB O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1244316758953 O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {9E17A5F9-2B9C-4C66-A592-199A4BA1FBC8} (AIM UPF Control) - http://pictures05.aim.com/ygp/aol/plugin/u...AIM.9.5.1.8.cab O20 - Winlogon Notify: !SASWinLogon - C:\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Pml Driver - HP - C:\WINDOWS\system32\HPHipm09.exe O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe -- End of file - 7045 bytes

Hm, I have no idea what that mylove folder was and after opening it, it only had a couple 1kb files that were .dat files or something like that, can't remember since I deleted it quickly. I've proceeded to update all my software and java and will continue to regularly scan my computer using updated malwarebytes. Thank you very much for the help, I cannot begin to express my appreciation for this wonderful service you provide.

My computer seems to be running better now but what do I know? After using eset+mbam, they appear to have picked up either new or existing trojans so I'm not sure. Okay, here are my eset, mbam, and hijackthis logs. ESETSmartInstaller@High as downloader log: all ok # version=6 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.5863 # api_version=3.0.2 # EOSSerial=411b4a271a931d4d9e88e01f66244d70 # end=finished # remove_checked=true # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2009-06-06 03:31:52 # local_time=2009-06-05 08:31:52 (-0800, Pacific Daylight Time) # country="United States" # lang=1033 # osver=5.1.2600 NT Service Pack 2 # scanned=80740 # found=13 # cleaned=13 # scan_time=3220 C:\fantasy.exe multiple threats (deleted - quarantined) 00000000000000000000000000000000 C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\27\62318b5b-14777128 multiple threats (deleted - quarantined) 00000000000000000000000000000000 C:\Program Files\My Love\v1r10 IRC/Flooder.gen trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C:\Program Files\My Love\v1r3 probably a variant of IRC/Goodbot trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C:\Program Files\My Love\v1r6 IRC/Flooder.gen trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C:\Program Files\My Love\v1r8 Win32/Randon worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C:\Program Files\My Love\v1rg1n IRC/Cloner.BA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C:\Program Files\My Love\x IRC/Sliv.A trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C:\Qoobox\Quarantine\C\WINDOWS\system32\UACejlcrqqmhtvguft.dll.vir Win32/Olmarik.HZ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C:\Qoobox\Quarantine\C\WINDOWS\system32\UACvdfrsorsupuuhda.dll.vir a variant of Win32/Kryptik.PS trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C:\Qoobox\Quarantine\C\WINDOWS\system32\UACywecragefytxadj.dll.vir Win32/Olmarik.IA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C:\Qoobox\Quarantine\C\WINDOWS\system32\wglxpama.ini.vir Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\UACoedeeekydryfwul.sys.vir a variant of Win32/Olmarik.ID trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 ==================================================== Malwarebytes' Anti-Malware 1.37 Database version: 2235 Windows 5.1.2600 Service Pack 2 6/5/2009 9:06:08 PM mbam-log-2009-06-05 (21-06-04).txt Scan type: Full Scan (C:\|) Objects scanned: 166184 Time elapsed: 26 minute(s), 24 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 10 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: c:\Qoobox\quarantine\C\WINDOWS\system32\UACjorpvtqtmxjynbv.dll.vir (Trojan.TDSS) -> No action taken. c:\Qoobox\quarantine\C\WINDOWS\system32\UACqanogtbitmmpxol.dll.vir (Trojan.TDSS) -> No action taken. c:\Qoobox\quarantine\C\WINDOWS\system32\UACrcvppkfidkqpmxq.dll.vir (Trojan.TDSS) -> No action taken. c:\system volume information\_restore{4653e8f8-6519-4964-b7bd-828d96fbcc0e}\RP251\A0025309.sys (Trojan.TDSS) -> No action taken. c:\system volume information\_restore{4653e8f8-6519-4964-b7bd-828d96fbcc0e}\RP251\A0025310.dll (Trojan.TDSS) -> No action taken. c:\system volume information\_restore{4653e8f8-6519-4964-b7bd-828d96fbcc0e}\RP251\A0025311.dll (Trojan.TDSS) -> No action taken. c:\system volume information\_restore{4653e8f8-6519-4964-b7bd-828d96fbcc0e}\RP251\A0025312.dll (Trojan.TDSS) -> No action taken. c:\system volume information\_restore{4653e8f8-6519-4964-b7bd-828d96fbcc0e}\RP251\A0025313.dll (Trojan.TDSS) -> No action taken. c:\system volume information\_restore{4653e8f8-6519-4964-b7bd-828d96fbcc0e}\RP251\A0025314.dll (Trojan.TDSS) -> No action taken. c:\system volume information\_restore{4653e8f8-6519-4964-b7bd-828d96fbcc0e}\RP251\A0025315.dll (Trojan.TDSS) -> No action taken. =============================================================== Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 9:08:16 PM, on 6/5/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Digital Media Reader\shwiconem.exe C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe C:\WINDOWS\system32\hphmon03.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe C:\WINDOWS\ehome\ehtray.exe C:\DAEMON\daemon.exe C:\WINDOWS\zHotkey.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Aim2\aim.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS C:\Program Files\OpenOffice.org 3\program\soffice.exe C:\Program Files\OpenOffice.org 3\program\soffice.bin C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\eHome\ehmsas.exe C:\Scanner\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gatewaybiz.com R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://cdn.eyewonder.com/100125/750212/852...movies/zathura/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O4 - HKLM\..\Run: [sunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe O4 - HKLM\..\Run: [showWnd] ShowWnd.exe O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [intelAudioStudio] "C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" TRAY O4 - HKLM\..\Run: [HPHmon03] C:\WINDOWS\system32\hphmon03.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [DAEMON Tools] "C:\DAEMON\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [CHotkey] zHotkey.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKCU\..\Run: [AIM] C:\Aim2\aim.exe -cnetwait.odl O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: My_AutoWarkey_Script.lnk = C:\Warkeys\AutoWarkey\AutoHotkey\AutoHotkey.exe O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Aim2\aim.exe O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: www.eset.com O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} (Macromedia Authorware Web Player Control) - http://mc.nacs.uci.edu/mcweb/awswax.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {4E218431-2F07-40BD-A9D3-035324C1F13F} (DyynoX Class) - http://webserver.dyyno.com/DyynoClient/DyynoCAB.CAB O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {9E17A5F9-2B9C-4C66-A592-199A4BA1FBC8} (AIM UPF Control) - http://pictures05.aim.com/ygp/aol/plugin/u...AIM.9.5.1.8.cab O20 - Winlogon Notify: !SASWinLogon - C:\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Pml Driver - HP - C:\WINDOWS\system32\HPHipm09.exe O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS -- End of file - 6691 bytes