shep711

DK I finally finished . I tried the Kaspersky OS and they do not have a "online scanner" available but provide a free security scanner which ran for a few hours. When it finished it summarized the problems but when I activated the details tab nothing happened and did this complete process twice- same result. I checked my C drive in the Kaspersky Program file folder and there was no TXT file. I ended up getting the Eset scan to work and there were no threats found. I have pasted that report. ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK # version=7 # IEXPLORE.EXE=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339) # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=ad4cf10bdbebfe4c95da16614407d12f # end=finished # remove_checked=false # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2012-11-09 07:53:30 # local_time=2012-11-09 11:53:30 (-0800, Pacific Standard Time) # country="United States" # lang=1033 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=1792 16777215 100 0 250356 250356 0 0 # compatibility_mode=6143 16777215 0 0 0 0 0 0 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # scanned=83234 # found=0 # cleaned=0 # scan_time=3206

I tried to run the scanner however when it is downloading the virus definitions/update I get an error " Can not get update. Is proxy configured?"

Scan with what? Eset? Directions are not clear.. THX

ThX DK. I ran the CF Script and the log is pasted in this reply. As far as the computer, it seems to be ok, the browser hangs abit from website to website and I stil have not run Outlook . I mentioned in my previous post that I did have an infection- It was ROOTKIT.TDSS and that is when my troubles seem to have manifested- ComboFix 12-11-08.01 - cray 11/08/2012 6:39.2.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1918.1192 [GMT -8:00] Running from: c:\documents and settings\cray\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\cray\Desktop\CFScript.txt AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095} . . ((((((((((((((((((((((((( Files Created from 2012-10-08 to 2012-11-08 ))))))))))))))))))))))))))))))) . . 2012-11-07 21:07 . 2012-11-07 21:07 29904 -c--a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{325FD400-D6AC-43E6-AAED-E8542C287782}\MpKsldaf002c0.sys 2012-11-07 02:52 . 2012-10-17 09:32 6918632 -c--a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{325FD400-D6AC-43E6-AAED-E8542C287782}\mpengine.dll 2012-11-06 18:29 . 2012-10-17 09:32 6918632 -c--a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-11-05 22:33 . 2012-11-05 22:33 -------- dc----w- c:\documents and settings\cray\Application Data\Avira 2012-11-05 22:27 . 2012-10-04 20:07 133824 -c--a-w- c:\windows\system32\drivers\avipbb.sys 2012-11-05 22:27 . 2012-09-24 17:58 36552 -c--a-w- c:\windows\system32\drivers\avkmgr.sys 2012-11-05 22:27 . 2012-09-13 18:58 83792 -c--a-w- c:\windows\system32\drivers\avgntflt.sys 2012-11-05 22:27 . 2012-11-05 22:27 -------- dc----w- c:\program files\Avira 2012-11-02 14:39 . 2012-11-02 14:39 -------- dc----w- C:\TDSSKiller_Quarantine 2012-11-01 23:36 . 2012-11-01 23:36 -------- dc----w- c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth 2012-11-01 22:49 . 2012-11-02 03:41 -------- dc----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2012-11-01 22:49 . 2012-11-01 22:59 -------- dc----w- c:\program files\Spybot - Search & Destroy 2012-10-31 16:48 . 2012-10-17 09:32 6918632 -c--a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{833B0ADF-983B-4DE5-88B9-92922D70830B}\mpengine.dll 2012-10-30 23:32 . 2012-10-30 23:32 -------- dc----w- c:\documents and settings\cray\Application Data\TuneUp Software 2012-10-30 23:24 . 2012-11-05 22:03 -------- dc----w- c:\documents and settings\All Users\Application Data\MFAData 2012-10-30 23:24 . 2012-11-05 22:03 -------- dc----w- c:\documents and settings\cray\Local Settings\Application Data\Avg2013 2012-10-30 23:24 . 2012-10-30 23:24 -------- dc-h--w- c:\documents and settings\All Users\Application Data\Common Files 2012-10-30 23:24 . 2012-10-30 23:24 -------- dc----w- c:\documents and settings\cray\Local Settings\Application Data\MFAData 2012-10-29 20:48 . 2012-10-29 20:48 -------- dc----w- c:\program files\Microsoft Security Client 2012-10-17 01:24 . 2012-10-17 01:24 -------- dc----w- c:\documents and settings\Administrator\Application Data\Malwarebytes . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-10-17 09:32 . 2009-04-16 21:53 6918632 -c--a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll 2012-10-09 02:25 . 2012-08-16 13:40 696760 -c--a-w- c:\windows\system32\FlashPlayerApp.exe 2012-10-09 02:25 . 2011-06-13 14:04 73656 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-09-30 02:54 . 2011-03-18 23:28 22856 -c--a-w- c:\windows\system32\drivers\mbam.sys 2012-08-31 05:03 . 2012-08-31 05:03 193552 -c--a-w- c:\windows\system32\drivers\MpFilter.sys 2012-08-28 15:14 . 2004-08-04 07:56 916992 -c--a-w- c:\windows\system32\wininet.dll 2012-08-28 15:14 . 2004-08-04 07:56 43520 -c--a-w- c:\windows\system32\licmgr10.dll 2012-08-28 15:14 . 2004-08-04 07:56 1469440 -c----w- c:\windows\system32\inetcpl.cpl 2012-08-28 12:07 . 2004-08-04 05:59 385024 -c----w- c:\windows\system32\html.iec 2012-08-24 13:53 . 2004-08-04 07:56 177664 -c--a-w- c:\windows\system32\wintrust.dll 2012-08-23 02:45 . 2011-12-15 00:11 499712 -c--a-w- c:\windows\system32\msvcp71.dll 2012-08-23 02:45 . 2011-12-15 00:11 348160 -c--a-w- c:\windows\system32\msvcr71.dll 2012-08-21 13:33 . 2004-08-04 06:20 2148864 -c--a-w- c:\windows\system32\ntoskrnl.exe 2012-08-21 12:58 . 2006-02-28 09:00 2027520 -c--a-w- c:\windows\system32\ntkrnlpa.exe 2001-12-04 00:09 . 2010-05-14 19:13 90112 -c----w- c:\program files\internet explorer\plugins\DjVuControl.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-15 00:32 94208 -c--a-w- c:\documents and settings\cray\Application Data\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-15 00:32 94208 -c--a-w- c:\documents and settings\cray\Application Data\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-15 00:32 94208 -c--a-w- c:\documents and settings\cray\Application Data\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-15 00:32 94208 -c--a-w- c:\documents and settings\cray\Application Data\Dropbox\bin\DropboxExt.14.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RIMDeviceManager"="c:\program files\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe" [2005-08-18 1097855] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2006-01-05 344064] "SetRefresh"="c:\program files\Compaq\SetRefresh\SetRefresh.exe" [2003-11-20 525824] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016] "Synchronization Manager"="c:\windows\system32\mobsync.exe" [2008-04-14 143360] "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-06-16 221184] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 81920] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-10-24 421888] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008] "TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2012-08-23 296096] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-13 947176] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-10-17 384800] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2010-12-21 519584] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ Desktop Manager.lnk - c:\program files\Research In Motion\BlackBerry\DesktopMgr.exe [2005-8-18 929886] . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128] . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\WINDOWS\\system32\\sessmgr.exe"= . R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [11/5/2012 2:27 PM 36552] R1 MpKsldaf002c0;MpKsldaf002c0;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{325FD400-D6AC-43E6-AAED-E8542C287782}\MpKsldaf002c0.sys [11/7/2012 1:07 PM 29904] R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [11/5/2012 2:27 PM 84256] R2 SentinelKeysServer;Sentinel Keys Server;c:\program files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [4/27/2007 12:00 AM 316992] R2 TabletServiceWacom;TabletServiceWacom;c:\windows\system32\Wacom_Tablet.exe [10/22/2009 8:54 AM 2749224] R2 VideoAcceleratorService;VideoAcceleratorService;c:\progra~1\SPEEDB~1\VideoAcceleratorService.exe -start -scm --> c:\progra~1\SPEEDB~1\VideoAcceleratorService.exe -start -scm [?] R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [10/20/2009 8:37 AM 15656] S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 6:19 PM 13592] . Contents of the 'Scheduled Tasks' folder . 2012-11-08 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-16 02:25] . 2012-10-27 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-02 00:57] . 2012-11-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2012-01-09 23:44] . 2012-11-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2012-01-09 23:44] . 2012-11-07 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job - c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-09-13 00:25] . 2012-11-08 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-104155961-2961242110-3104746187-1227.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2012-07-27 21:27] . 2012-11-06 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-104155961-2961242110-3104746187-1227.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2012-07-27 21:27] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.foxnews.com/ IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html IE: &Translate English Word - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000 IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html IE: Translate Page into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html LSP: c:\program files\SpeedBit Video Accelerator\SBLSP.dll TCP: DhcpNameServer = 172.16.1.4 206.13.29.12 206.13.30.12 DPF: {4E1AEB50-759B-495F-B91A-C9018B0E7236} - hxxps://www.sub-hub.com/Secures/SHDnld.cab DPF: {A644122F-80E1-4AD1-B2E9-4F267FC58517} - hxxps://viewer.planwellcollaborate.com/BravaServer/BravaClientXWrapper.cab . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-11-08 06:53 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(712) c:\windows\system32\Ati2evxx.dll c:\program files\SpeedBit Video Accelerator\SBLSP.dll c:\program files\SpeedBit Video Accelerator\ConfigDB.dll . - - - - - - - > 'lsass.exe'(768) c:\program files\SpeedBit Video Accelerator\SBLSP.dll c:\program files\SpeedBit Video Accelerator\ConfigDB.dll . - - - - - - - > 'explorer.exe'(2752) c:\windows\system32\WININET.dll c:\windows\system32\AcSignIcon.dll c:\documents and settings\cray\Application Data\Dropbox\bin\DropboxExt.14.dll c:\windows\system32\ieframe.dll c:\program files\Common Files\Autodesk Shared\AcSignCore16.dll c:\windows\system32\msi.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Microsoft Security Client\MsMpEng.exe c:\program files\Avira\AntiVir Desktop\avguard.exe c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\windows\system32\crypserv.exe c:\windows\system32\nvsvc32.exe c:\program files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe c:\windows\system32\UTSCSI.EXE c:\progra~1\SPEEDB~1\VideoAcceleratorService.exe c:\windows\system32\SearchIndexer.exe c:\program files\Avira\AntiVir Desktop\avshadow.exe c:\windows\system32\WTablet\Wacom_TabletUser.exe c:\windows\system32\RUNDLL32.EXE c:\program files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe . ************************************************************************** . Completion time: 2012-11-08 06:58:34 - machine was rebooted ComboFix-quarantined-files.txt 2012-11-08 14:58 ComboFix2.txt 2012-11-07 23:38 . Pre-Run: 35,002,183,680 bytes free Post-Run: 35,207,917,568 bytes free . WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect . - - End Of File - - 7333B5D83CBEE7D917011935D63127F9

I am including the 2 reports you requested here: Maybe 2 posts as the editor indicated the post was too long. Sorry I have to attach the TDSKill log as it is too long of a post I guess it would help to attach the file

I am including the 2 reports you requested here: Maybe 2 posts as the editor indicated the post was too long. Sorry I have to attach the TDSKill log as it is too long of a post

TY Dark Knight for your assistance. My computer seems to running fine now, however, I have disabled the Outlook smtp server addy until I know this computer is clean. I have an older scan report 10/16/12 from MBAM that lists the infection as well as a previous tdskill log that listed some suspicious objects. Those objects did not show in this last report and TDS-Kill did not reboot this time as before. I will provide at your request. I am including the 2 reports you requested here: Maybe 2 posts as the editor indicated the post was too long. 1of2 ComboFix 12-11-06.03 - cray 11/07/2012 15:28:33.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1918.1318 [GMT -8:00] Running from: c:\documents and settings\cray\Desktop\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\All Users\Application Data\arepo.pad c:\documents and settings\cray\Application Data\LocalLow c:\documents and settings\cray\Application Data\LocalLow\GBTemp\svrver.ini c:\documents and settings\cray\GoToAssistDownloadHelper.exe c:\program files\Shared c:\windows\system32\URTTemp c:\windows\system32\URTTemp\fusion.dll c:\windows\system32\URTTemp\mscoree.dll c:\windows\system32\URTTemp\mscoree.dll.local c:\windows\system32\URTTemp\mscorsn.dll c:\windows\system32\URTTemp\mscorwks.dll c:\windows\system32\URTTemp\msvcr71.dll c:\windows\system32\URTTemp\regtlib.exe . . ((((((((((((((((((((((((( Files Created from 2012-10-07 to 2012-11-07 ))))))))))))))))))))))))))))))) . . 2012-11-07 21:07 . 2012-11-07 21:07 29904 -c--a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{325FD400-D6AC-43E6-AAED-E8542C287782}\MpKsldaf002c0.sys 2012-11-07 02:52 . 2012-10-17 09:32 6918632 -c--a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{325FD400-D6AC-43E6-AAED-E8542C287782}\mpengine.dll 2012-11-06 18:29 . 2012-10-17 09:32 6918632 -c--a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-11-05 22:33 . 2012-11-05 22:33 -------- dc----w- c:\documents and settings\cray\Application Data\Avira 2012-11-05 22:27 . 2012-10-04 20:07 133824 -c--a-w- c:\windows\system32\drivers\avipbb.sys 2012-11-05 22:27 . 2012-09-24 17:58 36552 -c--a-w- c:\windows\system32\drivers\avkmgr.sys 2012-11-05 22:27 . 2012-09-13 18:58 83792 -c--a-w- c:\windows\system32\drivers\avgntflt.sys 2012-11-05 22:27 . 2012-11-05 22:27 -------- dc----w- c:\program files\Avira 2012-11-02 14:39 . 2012-11-02 14:39 -------- dc----w- C:\TDSSKiller_Quarantine 2012-11-01 23:36 . 2012-11-01 23:36 -------- dc----w- c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth 2012-11-01 22:49 . 2012-11-02 03:41 -------- dc----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2012-11-01 22:49 . 2012-11-01 22:59 -------- dc----w- c:\program files\Spybot - Search & Destroy 2012-10-31 16:48 . 2012-10-17 09:32 6918632 -c--a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{833B0ADF-983B-4DE5-88B9-92922D70830B}\mpengine.dll 2012-10-30 23:32 . 2012-10-30 23:32 -------- dc----w- c:\documents and settings\cray\Application Data\TuneUp Software 2012-10-30 23:24 . 2012-11-05 22:03 -------- dc----w- c:\documents and settings\All Users\Application Data\MFAData 2012-10-30 23:24 . 2012-11-05 22:03 -------- dc----w- c:\documents and settings\cray\Local Settings\Application Data\Avg2013 2012-10-30 23:24 . 2012-10-30 23:24 -------- dc-h--w- c:\documents and settings\All Users\Application Data\Common Files 2012-10-30 23:24 . 2012-10-30 23:24 -------- dc----w- c:\documents and settings\cray\Local Settings\Application Data\MFAData 2012-10-29 20:48 . 2012-10-29 20:48 -------- dc----w- c:\program files\Microsoft Security Client 2012-10-17 01:24 . 2012-10-17 01:24 -------- dc----w- c:\documents and settings\Administrator\Application Data\Malwarebytes . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-10-17 09:32 . 2009-04-16 21:53 6918632 -c--a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll 2012-10-09 02:25 . 2012-08-16 13:40 696760 -c--a-w- c:\windows\system32\FlashPlayerApp.exe 2012-10-09 02:25 . 2011-06-13 14:04 73656 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-09-30 02:54 . 2011-03-18 23:28 22856 -c--a-w- c:\windows\system32\drivers\mbam.sys 2012-08-31 05:03 . 2012-08-31 05:03 193552 -c--a-w- c:\windows\system32\drivers\MpFilter.sys 2012-08-28 15:14 . 2004-08-04 07:56 916992 -c--a-w- c:\windows\system32\wininet.dll 2012-08-28 15:14 . 2004-08-04 07:56 43520 -c--a-w- c:\windows\system32\licmgr10.dll 2012-08-28 15:14 . 2004-08-04 07:56 1469440 -c----w- c:\windows\system32\inetcpl.cpl 2012-08-28 12:07 . 2004-08-04 05:59 385024 -c----w- c:\windows\system32\html.iec 2012-08-24 13:53 . 2004-08-04 07:56 177664 -c--a-w- c:\windows\system32\wintrust.dll 2012-08-23 02:45 . 2011-12-15 00:11 499712 -c--a-w- c:\windows\system32\msvcp71.dll 2012-08-23 02:45 . 2011-12-15 00:11 348160 -c--a-w- c:\windows\system32\msvcr71.dll 2012-08-21 13:33 . 2004-08-04 06:20 2148864 -c--a-w- c:\windows\system32\ntoskrnl.exe 2012-08-21 12:58 . 2006-02-28 09:00 2027520 -c--a-w- c:\windows\system32\ntkrnlpa.exe 2001-12-04 00:09 . 2010-05-14 19:13 90112 -c----w- c:\program files\internet explorer\plugins\DjVuControl.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-15 00:32 94208 -c--a-w- c:\documents and settings\cray\Application Data\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-15 00:32 94208 -c--a-w- c:\documents and settings\cray\Application Data\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-15 00:32 94208 -c--a-w- c:\documents and settings\cray\Application Data\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-15 00:32 94208 -c--a-w- c:\documents and settings\cray\Application Data\Dropbox\bin\DropboxExt.14.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RIMDeviceManager"="c:\program files\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe" [2005-08-18 1097855] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2006-01-05 344064] "SetRefresh"="c:\program files\Compaq\SetRefresh\SetRefresh.exe" [2003-11-20 525824] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016] "Synchronization Manager"="c:\windows\system32\mobsync.exe" [2008-04-14 143360] "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-06-16 221184] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 81920] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-10-24 421888] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008] "TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2012-08-23 296096] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-13 947176] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-10-17 384800] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2010-12-21 519584] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ Desktop Manager.lnk - c:\program files\Research In Motion\BlackBerry\DesktopMgr.exe [2005-8-18 929886] . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128] . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\WINDOWS\\system32\\sessmgr.exe"= . R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [11/5/2012 2:27 PM 36552] R1 MpKsldaf002c0;MpKsldaf002c0;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{325FD400-D6AC-43E6-AAED-E8542C287782}\MpKsldaf002c0.sys [11/7/2012 1:07 PM 29904] R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [11/5/2012 2:27 PM 84256] R2 SentinelKeysServer;Sentinel Keys Server;c:\program files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [4/27/2007 12:00 AM 316992] R2 TabletServiceWacom;TabletServiceWacom;c:\windows\system32\Wacom_Tablet.exe [10/22/2009 8:54 AM 2749224] R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [10/20/2009 8:37 AM 15656] S2 VideoAcceleratorService;VideoAcceleratorService;c:\progra~1\SPEEDB~1\VideoAcceleratorService.exe -start -scm --> c:\progra~1\SPEEDB~1\VideoAcceleratorService.exe -start -scm [?] S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 6:19 PM 13592] . --- Other Services/Drivers In Memory --- . *NewlyCreated* - 30240193 *NewlyCreated* - 57459089 *NewlyCreated* - MPKSLDAF002C0 *Deregistered* - 30240193 *Deregistered* - 57459089 . Contents of the 'Scheduled Tasks' folder . 2012-11-07 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-16 02:25] . 2012-10-27 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-02 00:57] . 2012-11-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2012-01-09 23:44] . 2012-11-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2012-01-09 23:44] . 2012-11-07 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job - c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-09-13 00:25] . 2012-11-07 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-104155961-2961242110-3104746187-1227.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2012-07-27 21:27] . 2012-11-06 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-104155961-2961242110-3104746187-1227.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2012-07-27 21:27] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.foxnews.com/ uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local> IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html IE: &Translate English Word - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000 IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html IE: Translate Page into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html LSP: c:\program files\SpeedBit Video Accelerator\SBLSP.dll Trusted Zone: isqft.com\www Trusted Zone: planwellcollaborate.com\www Trusted Zone: verizon.net\www Trusted Zone: isqft.com\www TCP: DhcpNameServer = 172.16.1.4 206.13.29.12 206.13.30.12 DPF: {4E1AEB50-759B-495F-B91A-C9018B0E7236} - hxxps://www.sub-hub.com/Secures/SHDnld.cab DPF: {A644122F-80E1-4AD1-B2E9-4F267FC58517} - hxxps://viewer.planwellcollaborate.com/BravaServer/BravaClientXWrapper.cab . . ------- File Associations ------- . .scr=DWGTrueViewScriptFile . - - - - ORPHANS REMOVED - - - - . WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) HKCU-Run-Akamai NetSession Interface - c:\documents and settings\cray\Local Settings\Application Data\Akamai\netsession_win.exe SafeBoot-57459089.sys AddRemove-Intelore - RAR Password Recovery - e:\dl\RAR-PR\uninstall.exe AddRemove-Wacom Tablet Driver - c:\program files\Tablet\Wacom\Remove.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-11-07 15:34 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(708) c:\windows\system32\Ati2evxx.dll c:\program files\SpeedBit Video Accelerator\SBLSP.dll c:\program files\SpeedBit Video Accelerator\ConfigDB.dll . - - - - - - - > 'lsass.exe'(764) c:\program files\SpeedBit Video Accelerator\SBLSP.dll c:\program files\SpeedBit Video Accelerator\ConfigDB.dll . Completion time: 2012-11-07 15:38:08 ComboFix-quarantined-files.txt 2012-11-07 23:38 . Pre-Run: 34,695,151,616 bytes free Post-Run: 35,159,977,984 bytes free . WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect . - - End Of File - - 43F6BB1291F31AE3A73898A6EFBD14F7

Last week my outlook was running rampant sending bogus emails. Did a scan with Malaware Bytes Anti-malware and cleaned the infection, I have since run AVIRA and found nothing. After the scans, Outlook was still sending emails out, so we deleted the email account and reloaded Outlook. My concern is that there may still be something amiss. I have included the dds files per the pinned directions. Please advise. DDS (Ver_2012-10-19.01) - NTFS_x86 Internet Explorer: 8.0.6001.18702 Run by cray at 17:12:43 on 2012-11-05 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1918.1147 [GMT -8:00] . AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095} . ============== Running Processes ================ . C:\Program Files\Microsoft Security Client\MsMpEng.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\crypserv.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe C:\WINDOWS\system32\Wacom_Tablet.exe C:\WINDOWS\system32\UTSCSI.EXE C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe C:\WINDOWS\system32\SearchIndexer.exe C:\WINDOWS\system32\Wacom_Tablet.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\real\realplayer\update\realsched.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\System32\alg.exe C:\Program Files\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Avira\AntiVir Desktop\avshadow.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\system32\msdtc.exe C:\WINDOWS\System32\vssvc.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\system32\SearchProtocolHost.exe C:\WINDOWS\system32\SearchFilterHost.exe C:\WINDOWS\system32\SearchProtocolHost.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k NetworkService C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\system32\svchost.exe -k imgsvc . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.foxnews.com/ BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - <orphaned> BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - TB: &Google: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll TB: &Google: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [Akamai NetSession Interface] "c:\documents and settings\cray\local settings\application data\akamai\netsession_win.exe" uRun: [RIMDeviceManager] "c:\program files\common files\research in motion\rimdevicemanager\RIMDeviceManager.exe" -RunServer mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe" mRun: [setRefresh] c:\program files\compaq\setrefresh\SetRefresh.exe mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit mRun: [synchronization Manager] c:\windows\system32\mobsync.exe /logon mRun: [iSUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\deskto~1.lnk - c:\program files\research in motion\blackberry\DesktopMgr.exe uPolicies-Explorer: NoDriveTypeAutoRun = dword:145 mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1 mPolicies-Explorer: NoDriveTypeAutoRun = dword:145 IE: &Google Search - c:\program files\google\GoogleToolbar1.dll/cmsearch.html IE: &Translate English Word - c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html IE: Backward Links - c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar1.dll/cmcache.html IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000 IE: Similar Pages - c:\program files\google\GoogleToolbar1.dll/cmsimilar.html IE: Translate Page into English - c:\program files\google\GoogleToolbar1.dll/cmtrans.html IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe LSP: c:\program files\speedbit video accelerator\SBLSP.dll . INFO: HKCU has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option. . . INFO: HKLM has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option. . DPF: HP Instant Printing Plugin - hxxp://ftp.hp.com/pub/softlib/programmatic/COL23700/plugin/hpwinstallSP.cab?version=1.0 DPF: {00134F72-5284-44F7-95A8-52A619F70751} - hxxps://padilla1:4343/officescan/console/ClientInstall/WinNTChk.cab DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab DPF: {08D75BB0-D2B5-11D1-88FC-0080C859833B} - hxxps://padilla1:4343/officescan/console/ClientInstall/setupini.cab DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} - hxxps://padilla1:4343/officescan/console/ClientInstall/setup.cab DPF: {35C3D91E-401A-4E45-88A5-F3B32CD72DF4} - hxxps://padilla1:4343/officescan/console/html/AtxEnc.cab DPF: {4E1AEB50-759B-495F-B91A-C9018B0E7236} - hxxps://www.sub-hub.com/Secures/SHDnld.cab DPF: {5EFE8CB1-D095-11D1-88FC-0080C859833B} - hxxps://padilla1:4343/officescan/console/ClientInstall/RemoveCtrl.cab DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1239902377828 DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1351868458656 DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab DPF: {A644122F-80E1-4AD1-B2E9-4F267FC58517} - hxxps://viewer.planwellcollaborate.com/BravaServer/BravaClientXWrapper.cab DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: NameServer = 172.16.1.4 206.13.29.12 206.13.30.12 TCP: Interfaces\{6C5CF1FF-3342-4D81-AEC4-C9522A19EB08} : DHCPNameServer = 172.16.1.4 206.13.29.12 206.13.30.12 Filter: text/html - {a75dc788-5829-4e70-b0a8-c4f3500a9872} - Notify: AtiExtEvent - Ati2evxx.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: Microsoft AntiMalware ShellExecuteHook - {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - c:\program files\windows defender\MpShHook.dll SEH: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll Hosts: 127.0.0.1 www.spywareinfo.com . ============= SERVICES / DRIVERS =============== . R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-8-30 193552] R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2012-11-5 36552] R1 MpKsl7966ccf8;MpKsl7966ccf8;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{3cfa9df9-c185-402a-a76e-231c709b4b25}\MpKsl7966ccf8.sys [2012-11-5 29904] R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\avira\antivir desktop\sched.exe [2012-11-5 84256] R2 AntiVirService;Avira Real-Time Protection;c:\program files\avira\antivir desktop\avguard.exe [2012-11-5 108320] R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2012-11-5 83792] R2 SentinelKeysServer;Sentinel Keys Server;c:\program files\common files\safenet sentinel\sentinel keys server\sntlkeyssrvr.exe [2007-4-27 316992] R2 TabletServiceWacom;TabletServiceWacom;c:\windows\system32\Wacom_Tablet.exe [2009-10-22 2749224] R2 VideoAcceleratorService;VideoAcceleratorService;c:\progra~1\speedb~1\videoacceleratorservice.exe -start -scm --> c:\progra~1\speedb~1\VideoAcceleratorService.exe -start -scm [?] R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [2009-10-20 15656] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-1-9 136176] S2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-8-16 250808] S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-1-9 136176] S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000] S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-8-3 14336] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504] . =============== File Associations =============== . FileExt: .scr: DWGTrueViewScriptFile=c:\windows\system32\notepad.exe "%1" ShellExec: DWGVIEWR.exe: open="c:\program files\autodesk\dwg trueview 2011\DWGVIEWR.exe" . =============== Created Last 30 ================ . 2012-11-05 22:33:36 -------- dc----w- c:\documents and settings\cray\application data\Avira 2012-11-05 22:27:36 83792 -c--a-w- c:\windows\system32\drivers\avgntflt.sys 2012-11-05 22:27:36 36552 -c--a-w- c:\windows\system32\drivers\avkmgr.sys 2012-11-05 22:27:34 -------- dc----w- c:\program files\Avira 2012-11-05 22:06:31 29904 -c--a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{3cfa9df9-c185-402a-a76e-231c709b4b25}\MpKsl7966ccf8.sys 2012-11-05 03:36:35 6918632 -c--a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{3cfa9df9-c185-402a-a76e-231c709b4b25}\mpengine.dll 2012-11-02 20:53:23 6918632 -c--a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll 2012-11-02 14:39:44 -------- dc----w- C:\TDSSKiller_Quarantine 2012-11-01 22:49:32 -------- dc----w- c:\program files\Spybot - Search & Destroy 2012-11-01 22:49:32 -------- dc----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy 2012-10-31 16:48:39 6918632 -c--a-w- c:\documents and settings\all users\application data\microsoft\windows defender\definition updates\{833b0adf-983b-4de5-88b9-92922d70830b}\mpengine.dll 2012-10-30 23:32:23 -------- dc----w- c:\documents and settings\cray\application data\TuneUp Software 2012-10-30 23:24:40 -------- dc-h--w- c:\documents and settings\all users\application data\Common Files 2012-10-30 23:24:40 -------- dc----w- c:\documents and settings\cray\local settings\application data\MFAData 2012-10-30 23:24:40 -------- dc----w- c:\documents and settings\cray\local settings\application data\Avg2013 2012-10-30 23:24:40 -------- dc----w- c:\documents and settings\all users\application data\MFAData 2012-10-29 20:48:17 -------- dc----w- c:\program files\Microsoft Security Client . ==================== Find3M ==================== . 2012-10-09 02:25:21 73656 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-10-09 02:25:21 696760 -c--a-w- c:\windows\system32\FlashPlayerApp.exe 2012-09-30 02:54:26 22856 -c--a-w- c:\windows\system32\drivers\mbam.sys 2012-08-31 05:03:50 193552 -c--a-w- c:\windows\system32\drivers\MpFilter.sys 2012-08-28 15:14:53 916992 -c--a-w- c:\windows\system32\wininet.dll 2012-08-28 15:14:53 43520 -c--a-w- c:\windows\system32\licmgr10.dll 2012-08-28 15:14:52 1469440 -c----w- c:\windows\system32\inetcpl.cpl 2012-08-28 12:07:15 385024 -c----w- c:\windows\system32\html.iec 2012-08-24 13:53:22 177664 -c--a-w- c:\windows\system32\wintrust.dll 2012-08-23 02:45:53 499712 -c--a-w- c:\windows\system32\msvcp71.dll 2012-08-23 02:45:53 348160 -c--a-w- c:\windows\system32\msvcr71.dll 2012-08-21 13:33:26 2148864 -c--a-w- c:\windows\system32\ntoskrnl.exe 2012-08-21 12:58:09 2027520 -c--a-w- c:\windows\system32\ntkrnlpa.exe . ============= FINISH: 17:13:58.58 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-10-19.01) . Microsoft Windows XP Professional Boot Device: \Device\HarddiskVolume1 Install Date: 4/16/2009 10:17:15 AM System Uptime: 11/5/2012 2:04:15 PM (3 hours ago) . Motherboard: MSI | | 0A48 Processor: Intel® Pentium® 4 CPU 3.06GHz | Socket 775 | 3066/133mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 75 GiB total, 32.613 GiB free. D: is CDROM () F: is NetworkDisk (NTFS) - 126 GiB total, 78.755 GiB free. Q: is NetworkDisk (NTFS) - 233 GiB total, 69.82 GiB free. . ==== Disabled Device Manager Items ============= . Class GUID: {4D36E96F-E325-11CE-BFC1-08002BE10318} Description: PS/2 Compatible Mouse Device ID: ACPI\PNP0F13\3&61AAA01&0 Manufacturer: Microsoft Name: PS/2 Compatible Mouse PNP Device ID: ACPI\PNP0F13\3&61AAA01&0 Service: i8042prt . ==== System Restore Points =================== . RP787: 8/30/2012 2:32:16 AM - System Checkpoint RP788: 8/31/2012 2:19:57 AM - Software Distribution Service 3.0 RP789: 9/4/2012 6:17:58 AM - Software Distribution Service 3.0 RP790: 9/5/2012 8:03:05 AM - System Checkpoint RP791: 9/6/2012 2:30:50 AM - Software Distribution Service 3.0 RP792: 9/7/2012 2:31:40 AM - Software Distribution Service 3.0 RP793: 9/8/2012 3:22:36 AM - System Checkpoint RP794: 9/9/2012 4:14:10 AM - System Checkpoint RP795: 9/10/2012 4:33:09 AM - System Checkpoint RP796: 9/11/2012 1:34:15 AM - Software Distribution Service 3.0 RP797: 9/12/2012 2:24:27 AM - System Checkpoint RP798: 9/12/2012 6:36:22 AM - Software Distribution Service 3.0 RP799: 9/13/2012 7:17:01 AM - System Checkpoint RP800: 9/16/2012 7:48:56 PM - Software Distribution Service 3.0 RP801: 9/17/2012 8:39:21 PM - System Checkpoint RP802: 9/18/2012 2:01:47 AM - Software Distribution Service 3.0 RP803: 9/19/2012 3:01:01 AM - System Checkpoint RP804: 9/20/2012 3:57:44 AM - System Checkpoint RP805: 9/21/2012 1:42:29 AM - Software Distribution Service 3.0 RP806: 9/21/2012 3:17:20 PM - Software Distribution Service 3.0 RP807: 9/23/2012 8:13:34 PM - System Checkpoint RP808: 9/24/2012 9:31:12 PM - System Checkpoint RP809: 9/25/2012 1:41:35 AM - Software Distribution Service 3.0 RP810: 9/26/2012 2:05:56 AM - System Checkpoint RP811: 9/27/2012 3:01:11 AM - System Checkpoint RP812: 9/28/2012 1:41:49 AM - Software Distribution Service 3.0 RP813: 9/29/2012 1:46:37 AM - System Checkpoint RP814: 9/30/2012 2:45:03 AM - System Checkpoint RP815: 10/1/2012 3:44:52 AM - System Checkpoint RP816: 10/2/2012 1:41:14 AM - Software Distribution Service 3.0 RP817: 10/3/2012 1:44:39 AM - System Checkpoint RP818: 10/4/2012 2:45:02 AM - System Checkpoint RP819: 10/5/2012 1:54:37 AM - Software Distribution Service 3.0 RP820: 10/8/2012 9:22:48 AM - System Checkpoint RP821: 10/9/2012 2:04:28 AM - Software Distribution Service 3.0 RP822: 10/10/2012 2:07:07 AM - System Checkpoint RP823: 10/10/2012 7:47:22 AM - Software Distribution Service 3.0 RP824: 10/10/2012 3:59:33 PM - Installed ARCTurboAccelerator RP825: 10/11/2012 5:33:59 PM - System Checkpoint RP826: 10/12/2012 1:55:08 AM - Software Distribution Service 3.0 RP827: 10/14/2012 10:25:24 PM - System Checkpoint RP828: 10/15/2012 10:41:53 PM - System Checkpoint RP829: 10/16/2012 1:41:34 AM - Software Distribution Service 3.0 RP830: 10/17/2012 10:07:54 AM - System Checkpoint RP831: 10/18/2012 1:59:15 AM - Software Distribution Service 3.0 RP832: 10/19/2012 1:59:11 AM - Software Distribution Service 3.0 RP833: 10/20/2012 2:01:52 AM - System Checkpoint RP834: 10/21/2012 2:56:20 AM - System Checkpoint RP835: 10/22/2012 3:49:01 AM - System Checkpoint RP836: 10/23/2012 1:59:19 AM - Software Distribution Service 3.0 RP837: 10/24/2012 2:44:39 AM - System Checkpoint RP838: 10/25/2012 3:35:21 AM - System Checkpoint RP839: 10/26/2012 4:26:22 AM - System Checkpoint RP840: 10/26/2012 9:43:18 AM - Software Distribution Service 3.0 RP841: 10/29/2012 7:31:12 AM - System Checkpoint RP842: 10/29/2012 1:53:58 PM - Software Distribution Service 3.0 RP843: 10/30/2012 11:54:18 AM - Removed Avira SearchFree Toolbar plus Web Protection. RP844: 10/30/2012 4:25:08 PM - Installed AVG 2013 RP845: 10/30/2012 4:25:49 PM - Installed AVG 2013 RP846: 10/30/2012 11:52:29 PM - Software Distribution Service 3.0 RP847: 10/31/2012 9:48:35 AM - Software Distribution Service 3.0 RP848: 11/1/2012 10:29:15 AM - Software Distribution Service 3.0 RP849: 11/1/2012 5:26:13 PM - Removed Java™ 6 Update 31 RP850: 11/2/2012 1:53:14 PM - Software Distribution Service 3.0 RP851: 11/4/2012 7:36:23 PM - Software Distribution Service 3.0 RP852: 11/5/2012 2:01:19 PM - Removed AVG 2013 RP853: 11/5/2012 2:03:19 PM - Removed AVG 2013 . ==== Installed Programs ====================== . Acme CAD Converter 2012 v8.2.5 Acrobat.com Adobe Flash Player 11 ActiveX Adobe Reader X (10.1.4) Apple Application Support Apple Mobile Device Support Apple Software Update ARCTurboAccelerator ATI - Software Uninstall Utility ATI Control Panel ATI Display Driver Autodesk Buzzsaw 2012.1.20.6492 Autodesk Design Review 2011 Avira Free Antivirus BidMail IP Tools BlackBerry Desktop Software 4.1 Bonjour Citrix Presentation Server Client Compatibility Pack for the 2007 Office system CP210x USB to UART Bridge Controller Critical Update for Windows Media Player 11 (KB959772) CutePDF Writer 2.8 Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition DivX Setup Dropbox DWG TrueView 2011 FastStone Image Viewer 4.0 FileZilla Client 3.5.3 Formatta Filler 7.0 GB Manager Google Earth Google Toolbar for Internet Explorer Google Update Helper High Definition Audio Driver Package - KB888111 Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix for Windows Media Player 11 (KB939683) Hotfix for Windows XP (KB2158563) Hotfix for Windows XP (KB2443685) Hotfix for Windows XP (KB2570791) Hotfix for Windows XP (KB2633952) Hotfix for Windows XP (KB2756822) Hotfix for Windows XP (KB915800-v4) Hotfix for Windows XP (KB942288-v3) Hotfix for Windows XP (KB952287) Hotfix for Windows XP (KB954550-v5) Hotfix for Windows XP (KB961118) Hotfix for Windows XP (KB970653-v3) Hotfix for Windows XP (KB979306) Hotfix for Windows XP (KB981793) HP Help and Support HP Instant Printing Infuzer iSqFt Full Viewer V4.01 Malwarebytes Anti-Malware version 1.65.1.1000 MasterSplitter Program Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Security Update (KB2656353) Microsoft .NET Framework 1.1 Security Update (KB2656370) Microsoft .NET Framework 1.1 Security Update (KB979906) Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 4 Client Profile Microsoft Application Error Reporting Microsoft Base Smart Card Cryptographic Service Provider Package Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Internationalized Domain Names Mitigation APIs Microsoft National Language Support Downlevel APIs Microsoft Office 2010 Service Pack 1 (SP1) Microsoft Office Access 2003 Microsoft Office Access MUI (English) 2010 Microsoft Office Access Setup Metadata MUI (English) 2010 Microsoft Office Excel MUI (English) 2010 Microsoft Office OneNote MUI (English) 2010 Microsoft Office Outlook MUI (English) 2010 Microsoft Office PowerPoint MUI (English) 2010 Microsoft Office Professional 2010 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2010 Microsoft Office Proof (Spanish) 2010 Microsoft Office Proofing (English) 2010 Microsoft Office Publisher MUI (English) 2010 Microsoft Office Shared MUI (English) 2010 Microsoft Office Shared Setup Metadata MUI (English) 2010 Microsoft Office Single Image 2010 Microsoft Office Word MUI (English) 2010 Microsoft Office XP Standard Microsoft Security Client Microsoft Security Essentials Microsoft Silverlight Microsoft Software Update for Web Folders (English) 14 Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 NVIDIA Drivers On-Screen Takeoff Quick Bid QuickTime RAR Password Recovery v1.1 RC16 (remove only) RealNetworks - Microsoft Visual C++ 2005 Runtime RealNetworks - Microsoft Visual C++ 2008 Runtime RealPlayer Realtek High Definition Audio Driver RealUpgrade 1.1 Roxio CinePlayer Security Update for CAPICOM (KB931906) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553091) Security Update for Microsoft Office 2010 (KB2553096) Security Update for Microsoft Office 2010 (KB2553260) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2589322) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2589337) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition Security Update for Microsoft Windows (KB2564958) Security Update for Microsoft Word 2010 (KB2553488) 32-Bit Edition Security Update for Windows Internet Explorer 7 (KB938127-v2) Security Update for Windows Internet Explorer 7 (KB963027) Security Update for Windows Internet Explorer 7 (KB969897) Security Update for Windows Internet Explorer 8 (KB2183461) Security Update for Windows Internet Explorer 8 (KB2360131) Security Update for Windows Internet Explorer 8 (KB2416400) Security Update for Windows Internet Explorer 8 (KB2482017) Security Update for Windows Internet Explorer 8 (KB2497640) Security Update for Windows Internet Explorer 8 (KB2510531) Security Update for Windows Internet Explorer 8 (KB2530548) Security Update for Windows Internet Explorer 8 (KB2544521) Security Update for Windows Internet Explorer 8 (KB2559049) Security Update for Windows Internet Explorer 8 (KB2586448) Security Update for Windows Internet Explorer 8 (KB2618444) Security Update for Windows Internet Explorer 8 (KB2647516) Security Update for Windows Internet Explorer 8 (KB2675157) Security Update for Windows Internet Explorer 8 (KB2699988) Security Update for Windows Internet Explorer 8 (KB2722913) Security Update for Windows Internet Explorer 8 (KB2744842) Security Update for Windows Internet Explorer 8 (KB969897) Security Update for Windows Internet Explorer 8 (KB971961) Security Update for Windows Internet Explorer 8 (KB972260) Security Update for Windows Internet Explorer 8 (KB974455) Security Update for Windows Internet Explorer 8 (KB981332) Security Update for Windows Internet Explorer 8 (KB982381) Security Update for Windows Media Player (KB2378111) Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player (KB954155) Security Update for Windows Media Player (KB968816) Security Update for Windows Media Player (KB973540) Security Update for Windows Media Player (KB975558) Security Update for Windows Media Player (KB978695) Security Update for Windows Media Player 11 (KB936782) Security Update for Windows Media Player 11 (KB954154) Security Update for Windows Search 4 - KB963093 Security Update for Windows XP (KB2079403) Security Update for Windows XP (KB2115168) Security Update for Windows XP (KB2121546) Security Update for Windows XP (KB2160329) Security Update for Windows XP (KB2229593) Security Update for Windows XP (KB2259922) Security Update for Windows XP (KB2279986) Security Update for Windows XP (KB2286198) Security Update for Windows XP (KB2296011) Security Update for Windows XP (KB2296199) Security Update for Windows XP (KB2347290) Security Update for Windows XP (KB2360937) Security Update for Windows XP (KB2387149) Security Update for Windows XP (KB2393802) Security Update for Windows XP (KB2412687) Security Update for Windows XP (KB2419632) Security Update for Windows XP (KB2423089) Security Update for Windows XP (KB2436673) Security Update for Windows XP (KB2440591) Security Update for Windows XP (KB2443105) Security Update for Windows XP (KB2476490) Security Update for Windows XP (KB2476687) Security Update for Windows XP (KB2478960) Security Update for Windows XP (KB2478971) Security Update for Windows XP (KB2479628) Security Update for Windows XP (KB2479943) Security Update for Windows XP (KB2481109) Security Update for Windows XP (KB2483185) Security Update for Windows XP (KB2485376) Security Update for Windows XP (KB2485663) Security Update for Windows XP (KB2503658) Security Update for Windows XP (KB2503665) Security Update for Windows XP (KB2506212) Security Update for Windows XP (KB2506223) Security Update for Windows XP (KB2507618) Security Update for Windows XP (KB2507938) Security Update for Windows XP (KB2508272) Security Update for Windows XP (KB2508429) Security Update for Windows XP (KB2509553) Security Update for Windows XP (KB2511455) Security Update for Windows XP (KB2524375) Security Update for Windows XP (KB2535512) Security Update for Windows XP (KB2536276-v2) Security Update for Windows XP (KB2536276) Security Update for Windows XP (KB2544893-v2) Security Update for Windows XP (KB2544893) Security Update for Windows XP (KB2555917) Security Update for Windows XP (KB2562937) Security Update for Windows XP (KB2566454) Security Update for Windows XP (KB2567053) Security Update for Windows XP (KB2567680) Security Update for Windows XP (KB2570222) Security Update for Windows XP (KB2570947) Security Update for Windows XP (KB2584146) Security Update for Windows XP (KB2585542) Security Update for Windows XP (KB2592799) Security Update for Windows XP (KB2598479) Security Update for Windows XP (KB2603381) Security Update for Windows XP (KB2618451) Security Update for Windows XP (KB2619339) Security Update for Windows XP (KB2620712) Security Update for Windows XP (KB2621440) Security Update for Windows XP (KB2624667) Security Update for Windows XP (KB2631813) Security Update for Windows XP (KB2633171) Security Update for Windows XP (KB2639417) Security Update for Windows XP (KB2641653) Security Update for Windows XP (KB2646524) Security Update for Windows XP (KB2647518) Security Update for Windows XP (KB2653956) Security Update for Windows XP (KB2655992) Security Update for Windows XP (KB2659262) Security Update for Windows XP (KB2660465) Security Update for Windows XP (KB2661637) Security Update for Windows XP (KB2676562) Security Update for Windows XP (KB2685939) Security Update for Windows XP (KB2686509) Security Update for Windows XP (KB2691442) Security Update for Windows XP (KB2695962) Security Update for Windows XP (KB2698365) Security Update for Windows XP (KB2705219) Security Update for Windows XP (KB2707511) Security Update for Windows XP (KB2709162) Security Update for Windows XP (KB2712808) Security Update for Windows XP (KB2718523) Security Update for Windows XP (KB2719985) Security Update for Windows XP (KB2723135) Security Update for Windows XP (KB2724197) Security Update for Windows XP (KB2731847) Security Update for Windows XP (KB923561) Security Update for Windows XP (KB923789) Security Update for Windows XP (KB938464-v2) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB950760) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951066) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952004) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB954459) Security Update for Windows XP (KB954600) Security Update for Windows XP (KB955069) Security Update for Windows XP (KB956572) Security Update for Windows XP (KB956744) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956803) Security Update for Windows XP (KB956844) Security Update for Windows XP (KB957097) Security Update for Windows XP (KB958644) Security Update for Windows XP (KB958687) Security Update for Windows XP (KB958690) Security Update for Windows XP (KB958869) Security Update for Windows XP (KB959426) Security Update for Windows XP (KB960225) Security Update for Windows XP (KB960715) Security Update for Windows XP (KB960803) Security Update for Windows XP (KB960859) Security Update for Windows XP (KB961371) Security Update for Windows XP (KB961373) Security Update for Windows XP (KB961501) Security Update for Windows XP (KB963027) Security Update for Windows XP (KB968537) Security Update for Windows XP (KB969059) Security Update for Windows XP (KB969898) Security Update for Windows XP (KB969947) Security Update for Windows XP (KB970238) Security Update for Windows XP (KB970430) Security Update for Windows XP (KB971468) Security Update for Windows XP (KB971486) Security Update for Windows XP (KB971557) Security Update for Windows XP (KB971633) Security Update for Windows XP (KB971657) Security Update for Windows XP (KB972270) Security Update for Windows XP (KB973346) Security Update for Windows XP (KB973354) Security Update for Windows XP (KB973507) Security Update for Windows XP (KB973525) Security Update for Windows XP (KB973869) Security Update for Windows XP (KB973904) Security Update for Windows XP (KB974112) Security Update for Windows XP (KB974318) Security Update for Windows XP (KB974392) Security Update for Windows XP (KB974571) Security Update for Windows XP (KB975025) Security Update for Windows XP (KB975467) Security Update for Windows XP (KB975560) Security Update for Windows XP (KB975561) Security Update for Windows XP (KB975562) Security Update for Windows XP (KB975713) Security Update for Windows XP (KB977816) Security Update for Windows XP (KB977914) Security Update for Windows XP (KB978037) Security Update for Windows XP (KB978262) Security Update for Windows XP (KB978338) Security Update for Windows XP (KB978542) Security Update for Windows XP (KB978601) Security Update for Windows XP (KB978706) Security Update for Windows XP (KB979309) Security Update for Windows XP (KB979482) Security Update for Windows XP (KB979559) Security Update for Windows XP (KB979683) Security Update for Windows XP (KB979687) Security Update for Windows XP (KB980195) Security Update for Windows XP (KB980218) Security Update for Windows XP (KB980232) Security Update for Windows XP (KB980436) Security Update for Windows XP (KB981322) Security Update for Windows XP (KB981852) Security Update for Windows XP (KB981957) Security Update for Windows XP (KB981997) Security Update for Windows XP (KB982132) Security Update for Windows XP (KB982214) Security Update for Windows XP (KB982665) Security Update for Windows XP (KB982802) Sentinel Protection Installer 7.4.0 Spybot - Search & Destroy TeraCopy 2.27 Tweak UI Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft Office 2010 (KB2553065) Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition Update for Microsoft Office 2010 (KB2566458) Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition Update for Microsoft Office 2010 (KB2598289) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition Update for Microsoft Windows (KB971513) Update for Windows Internet Explorer 8 (KB2447568) Update for Windows Internet Explorer 8 (KB971930) Update for Windows Internet Explorer 8 (KB976662) Update for Windows Internet Explorer 8 (KB980182) Update for Windows XP (KB2141007) Update for Windows XP (KB2345886) Update for Windows XP (KB2467659) Update for Windows XP (KB2492386) Update for Windows XP (KB2541763) Update for Windows XP (KB2607712) Update for Windows XP (KB2616676) Update for Windows XP (KB2641690) Update for Windows XP (KB2661254-v2) Update for Windows XP (KB2718704) Update for Windows XP (KB2736233) Update for Windows XP (KB2749655) Update for Windows XP (KB943729) Update for Windows XP (KB951978) Update for Windows XP (KB955759) Update for Windows XP (KB955839) Update for Windows XP (KB967715) Update for Windows XP (KB968389) Update for Windows XP (KB971029) Update for Windows XP (KB971737) Update for Windows XP (KB973687) Update for Windows XP (KB973815) VC80CRTRedist - 8.0.50727.6195 Wacom Tablet WebFldrs XP Windows Defender Windows Genuine Advantage Notifications (KB905474) Windows Genuine Advantage Validation Tool (KB892130) Windows Internet Explorer 7 Windows Internet Explorer 8 Windows Management Framework Core Windows Media Format 11 runtime Windows Media Player 11 Windows Search 4.0 Windows XP Service Pack 3 WinRAR archiver . ==== Event Viewer Messages From Past Week ======== . 11/2/2012 8:00:38 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the avgwd service. 11/1/2012 9:33:53 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the Akamai service. 10/31/2012 10:23:22 AM, error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied. 10/30/2012 12:06:07 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811} 10/30/2012 12:04:18 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E} 10/30/2012 12:02:57 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 10/30/2012 12:02:50 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Fips intelppm IPSec MpFilter MRxSmb NetBIOS NetBT NetworkX RasAcd Rdbss Tcpip WS2IFSL 10/30/2012 12:02:50 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning. 10/30/2012 12:02:50 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning. 10/30/2012 12:02:50 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning. 10/30/2012 12:02:50 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning. 10/30/2012 12:02:50 PM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning. 10/30/2012 12:02:50 PM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning. 10/29/2012 6:16:42 AM, error: NETLOGON [5719] - No Domain Controller is available for domain PADILLA due to the following: The RPC server is unavailable. . Make sure that the computer is connected to the network and try again. If the problem persists, please contact your domain administrator. 10/29/2012 6:13:06 AM, error: NETLOGON [5719] - No Domain Controller is available for domain PADILLA due to the following: There are currently no logon servers available to service the logon request. . Make sure that the computer is connected to the network and try again. If the problem persists, please contact your domain administrator. 10/29/2012 1:56:25 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.139.863.0). 10/29/2012 1:55:15 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.139.863.0 Update Source: Microsoft Update Server Update Stage: Install Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8904.0 Error code: 0x80070643 Error description: Fatal error during installation. 10/29/2012 1:55:11 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: Update Source: User Update Stage: Install Source Path: Signature Type: Update Type: User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: Error code: 0x80070652 Error description: Another installation is already in progress. Complete that installation before proceeding with this install. . ==== End Of File ===========================

I'll get back to you on Wednesday late, as I am away from my computer. I did run another AVIRA scan before I ran MBAM again for you, but, did not post that log as you said not to. It found a couple more trojans but cleaned them up.

Sorry I thought I was helping. Here is the latest MBAM log . I copied it just as displayed. Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Database version: 5974 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 3/6/2011 6:11:59 PM mbam-log-2011-03-06 (18-11-59).txt Scan type: Quick scan Objects scanned: 329198 Time elapsed: 32 minute(s), 17 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)

Ok I know that MBAM ran fully and quarantined the 2 registry items, but looking in the quarantine tab those items are not listed. I also looked at the 2-21-2011 log posted in this topic and the one that is being shown from my computer log is not complete like the one is posted here (it's cut on my computer). I ran another avira scan yesterday and I am posting that one. Shall I re scan with MBAM to see if I can a complete report for you? Avira AntiVir Personal Report file date: Saturday, March 05, 2011 14:08 Scanning for 2460711 virus strains and unwanted programs. The program is running as an unrestricted full version. Online services are available: Licensee : Avira AntiVir Personal - FREE Antivirus Serial number : 0000149996-ADJIE-0000001 Platform : Windows XP Windows version : (Service Pack 3) [5.1.2600] Boot mode : Normally booted Username : SYSTEM Computer name : YOUR-XHTR8HVC4P Version information: BUILD.DAT : 10.0.0.611 31824 Bytes 1/14/2011 13:42:00 AVSCAN.EXE : 10.0.3.5 435368 Bytes 12/9/2010 04:12:31 AVSCAN.DLL : 10.0.3.0 46440 Bytes 4/1/2010 21:57:04 LUKE.DLL : 10.0.3.2 104296 Bytes 12/9/2010 04:12:32 LUKERES.DLL : 10.0.0.1 12648 Bytes 2/11/2010 08:40:49 VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 18:05:36 VBASE001.VDF : 7.11.0.0 13342208 Bytes 12/14/2010 17:29:28 VBASE002.VDF : 7.11.3.0 1950720 Bytes 2/9/2011 15:37:41 VBASE003.VDF : 7.11.3.1 2048 Bytes 2/9/2011 15:37:41 VBASE004.VDF : 7.11.3.2 2048 Bytes 2/9/2011 15:37:41 VBASE005.VDF : 7.11.3.3 2048 Bytes 2/9/2011 15:37:42 VBASE006.VDF : 7.11.3.4 2048 Bytes 2/9/2011 15:37:42 VBASE007.VDF : 7.11.3.5 2048 Bytes 2/9/2011 15:37:42 VBASE008.VDF : 7.11.3.6 2048 Bytes 2/9/2011 15:37:42 VBASE009.VDF : 7.11.3.7 2048 Bytes 2/9/2011 15:37:43 VBASE010.VDF : 7.11.3.8 2048 Bytes 2/9/2011 15:37:43 VBASE011.VDF : 7.11.3.9 2048 Bytes 2/9/2011 15:37:43 VBASE012.VDF : 7.11.3.10 2048 Bytes 2/9/2011 15:37:43 VBASE013.VDF : 7.11.3.59 157184 Bytes 2/14/2011 15:34:17 VBASE014.VDF : 7.11.3.97 120320 Bytes 2/16/2011 15:33:54 VBASE015.VDF : 7.11.3.148 128000 Bytes 2/19/2011 15:35:50 VBASE016.VDF : 7.11.3.183 140288 Bytes 2/22/2011 01:28:44 VBASE017.VDF : 7.11.3.216 124416 Bytes 2/24/2011 01:28:46 VBASE018.VDF : 7.11.3.251 159232 Bytes 2/28/2011 08:03:26 VBASE019.VDF : 7.11.4.33 148992 Bytes 3/2/2011 08:03:31 VBASE020.VDF : 7.11.4.34 2048 Bytes 3/2/2011 08:03:31 VBASE021.VDF : 7.11.4.35 2048 Bytes 3/2/2011 08:03:31 VBASE022.VDF : 7.11.4.36 2048 Bytes 3/2/2011 08:03:32 VBASE023.VDF : 7.11.4.37 2048 Bytes 3/2/2011 08:03:32 VBASE024.VDF : 7.11.4.38 2048 Bytes 3/2/2011 08:03:32 VBASE025.VDF : 7.11.4.39 2048 Bytes 3/2/2011 08:03:32 VBASE026.VDF : 7.11.4.40 2048 Bytes 3/2/2011 08:03:32 VBASE027.VDF : 7.11.4.41 2048 Bytes 3/2/2011 08:03:33 VBASE028.VDF : 7.11.4.42 2048 Bytes 3/2/2011 08:03:33 VBASE029.VDF : 7.11.4.43 2048 Bytes 3/2/2011 08:03:35 VBASE030.VDF : 7.11.4.44 2048 Bytes 3/2/2011 08:03:35 VBASE031.VDF : 7.11.4.71 118784 Bytes 3/4/2011 08:03:39 Engineversion : 8.2.4.178 AEVDF.DLL : 8.1.2.1 106868 Bytes 8/3/2010 00:09:54 AESCRIPT.DLL : 8.1.3.55 1282426 Bytes 2/28/2011 01:29:18 AESCN.DLL : 8.1.7.2 127349 Bytes 11/22/2010 18:53:26 AESBX.DLL : 8.1.3.2 254324 Bytes 11/22/2010 18:53:58 AERDL.DLL : 8.1.9.2 635252 Bytes 11/10/2010 10:28:36 AEPACK.DLL : 8.2.4.11 520566 Bytes 3/5/2011 08:03:45 AEOFFICE.DLL : 8.1.1.16 205179 Bytes 1/31/2011 05:44:47 AEHEUR.DLL : 8.1.2.81 3314038 Bytes 2/28/2011 01:29:10 AEHELP.DLL : 8.1.16.1 246134 Bytes 2/4/2011 05:45:42 AEGEN.DLL : 8.1.5.2 397683 Bytes 1/21/2011 18:40:52 AEEMU.DLL : 8.1.3.0 393589 Bytes 11/22/2010 18:51:12 AECORE.DLL : 8.1.19.2 196983 Bytes 1/21/2011 18:40:49 AEBB.DLL : 8.1.1.0 53618 Bytes 8/3/2010 00:09:48 AVWINLL.DLL : 10.0.0.0 19304 Bytes 8/3/2010 00:09:56 AVPREF.DLL : 10.0.0.0 44904 Bytes 8/3/2010 00:09:55 AVREP.DLL : 10.0.0.8 62209 Bytes 6/17/2010 23:27:13 AVREG.DLL : 10.0.3.2 53096 Bytes 8/3/2010 00:09:55 AVSCPLR.DLL : 10.0.3.2 84328 Bytes 12/9/2010 04:12:32 AVARKT.DLL : 10.0.22.6 231784 Bytes 12/9/2010 04:12:27 AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 8/3/2010 00:09:55 SQLITE3.DLL : 3.6.19.0 355688 Bytes 6/17/2010 23:27:22 AVSMTP.DLL : 10.0.0.17 63848 Bytes 8/3/2010 00:09:56 NETNT.DLL : 10.0.0.0 11624 Bytes 6/17/2010 23:27:21 RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 1/28/2010 22:10:20 RCTEXT.DLL : 10.0.58.0 97128 Bytes 8/3/2010 00:10:08 Configuration settings for the scan: Jobname.............................: Complete system scan Configuration file..................: C:\Program Files\Avira\AntiVir Desktop\sysscan.avp Logging.............................: low Primary action......................: interactive Secondary action....................: ignore Scan master boot sector.............: on Scan boot sector....................: on Boot sectors........................: C:, D:, Process scan........................: on Extended process scan...............: on Scan registry.......................: on Search for rootkits.................: on Integrity checking of system files..: off Scan all files......................: All files Scan archives.......................: on Recursion depth.....................: 20 Smart extensions....................: on Macro heuristic.....................: on File heuristic......................: medium Deviating risk categories...........: +APPL,+GAME,+JOKE,+PCK,+PFS,+SPR, Start of the scan: Saturday, March 05, 2011 14:08 Starting search for hidden objects. HKEY_LOCAL_MACHINE\System\ControlSet002\Services\xcnshbg\ogztenwax [NOTE] The registry entry is invisible. HKEY_LOCAL_MACHINE\System\ControlSet002\Services\xcnshbg\type [NOTE] The registry entry is invisible. HKEY_LOCAL_MACHINE\System\ControlSet002\Services\xcnshbg\start [NOTE] The registry entry is invisible. HKEY_LOCAL_MACHINE\System\ControlSet002\Services\xcnshbg\errorcontrol [NOTE] The registry entry is invisible. HKEY_LOCAL_MACHINE\System\ControlSet002\Services\xcnshbg\group [NOTE] The registry entry is invisible. HKEY_LOCAL_MACHINE\System\ControlSet002\Services\xcnshbg\group HKEY_LOCAL_MACHINE\System\ControlSet002\Services\xcnshbg\lf8rs5la1tn [NOTE] The registry entry is invisible. HKEY_LOCAL_MACHINE\System\ControlSet002\Services\xcnshbg\qhqh2hs2 [NOTE] The registry entry is invisible. HKEY_LOCAL_MACHINE\System\ControlSet002\Services\xcnshbg\ptuyicu [NOTE] The registry entry is invisible. HKEY_LOCAL_MACHINE\System\ControlSet003\Services\NtmsSvc\Config\Standalone\drivelist [NOTE] The registry entry is invisible. HKEY_LOCAL_MACHINE\System\ControlSet003\Services\xcnshbg\ogztenwax [NOTE] The registry entry is invisible. HKEY_LOCAL_MACHINE\System\ControlSet003\Services\xcnshbg\type [NOTE] The registry entry is invisible. HKEY_LOCAL_MACHINE\System\ControlSet003\Services\xcnshbg\start [NOTE] The registry entry is invisible. HKEY_LOCAL_MACHINE\System\ControlSet003\Services\xcnshbg\errorcontrol [NOTE] The registry entry is invisible. HKEY_LOCAL_MACHINE\System\ControlSet003\Services\xcnshbg\lf8rs5la1tn [NOTE] The registry entry is invisible. HKEY_LOCAL_MACHINE\System\ControlSet003\Services\xcnshbg\qhqh2hs2 [NOTE] The registry entry is invisible. HKEY_LOCAL_MACHINE\System\ControlSet003\Services\xcnshbg\ptuyicu [NOTE] The registry entry is invisible. The scan of running processes will be started Scan process 'msdtc.exe' - '40' Module(s) have been scanned Scan process 'dllhost.exe' - '59' Module(s) have been scanned Scan process 'dllhost.exe' - '45' Module(s) have been scanned Scan process 'vssvc.exe' - '48' Module(s) have been scanned Scan process 'avscan.exe' - '70' Module(s) have been scanned Scan process 'avcenter.exe' - '94' Module(s) have been scanned Scan process 'ctfmon.exe' - '25' Module(s) have been scanned Scan process 'msmsgs.exe' - '41' Module(s) have been scanned Scan process 'GrooveMonitor.exe' - '43' Module(s) have been scanned Scan process 'HPWuSchd.exe' - '17' Module(s) have been scanned Scan process 'hpztsb09.exe' - '19' Module(s) have been scanned Scan process 'igfxtray.exe' - '26' Module(s) have been scanned Scan process 'avgnt.exe' - '54' Module(s) have been scanned Scan process 'KBD.EXE' - '57' Module(s) have been scanned Scan process 'hphmon05.exe' - '22' Module(s) have been scanned Scan process 'hpqcmon.exe' - '29' Module(s) have been scanned Scan process 'hkcmd.exe' - '29' Module(s) have been scanned Scan process 'hpsysdrv.exe' - '13' Module(s) have been scanned Scan process 'Explorer.EXE' - '101' Module(s) have been scanned Scan process 'svchost.exe' - '45' Module(s) have been scanned Scan process 'svchost.exe' - '38' Module(s) have been scanned Scan process 'alg.exe' - '35' Module(s) have been scanned Scan process 'OPXPApp.exe' - '13' Module(s) have been scanned Scan process 'svchost.exe' - '39' Module(s) have been scanned Scan process 'Omniserv.exe' - '12' Module(s) have been scanned Scan process 'avshadow.exe' - '25' Module(s) have been scanned Scan process 'avguard.exe' - '54' Module(s) have been scanned Scan process 'svchost.exe' - '34' Module(s) have been scanned Scan process 'sched.exe' - '45' Module(s) have been scanned Scan process 'spoolsv.exe' - '58' Module(s) have been scanned Scan process 'svchost.exe' - '39' Module(s) have been scanned Scan process 'svchost.exe' - '34' Module(s) have been scanned Scan process 'svchost.exe' - '170' Module(s) have been scanned Scan process 'svchost.exe' - '41' Module(s) have been scanned Scan process 'svchost.exe' - '51' Module(s) have been scanned Scan process 'lsass.exe' - '60' Module(s) have been scanned Scan process 'services.exe' - '49' Module(s) have been scanned Scan process 'winlogon.exe' - '71' Module(s) have been scanned Scan process 'csrss.exe' - '12' Module(s) have been scanned Scan process 'smss.exe' - '2' Module(s) have been scanned Starting master boot sector scan: Master boot sector HD0 [iNFO] No virus was found! Start scanning boot sectors: Boot sector 'C:\' [iNFO] No virus was found! Boot sector 'D:\' [iNFO] No virus was found! Starting to scan executable files (registry). The registry was scanned ( '395' files ). Starting the file scan: Begin scan in 'C:\' <HP_PAVILION> C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP159\A0051709.dll [DETECTION] Is the TR/Kazy.3810.108 Trojan C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP159\A0051710.exe [DETECTION] Is the TR/Kazy.13211.psa Trojan C:\WINDOWS\SoftwareDistribution\Download\6189e468edd5590d58e8ee89d5ba249f\BIT4.tmp [0] Archive type: CAB (Microsoft) --> _sfx_0007._p [WARNING] The file could not be written! C:\WINDOWS\system32\drivers\xcnshbg.sys [DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan Begin scan in 'D:\' <HP_RECOVERY> Beginning disinfection: C:\WINDOWS\system32\drivers\xcnshbg.sys [DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan [NOTE] The file was moved to the quarantine directory under the name '46ca52e5.qua'. C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP159\A0051710.exe [DETECTION] Is the TR/Kazy.13211.psa Trojan [NOTE] The file was moved to the quarantine directory under the name '5e1f7684.qua'. C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP159\A0051709.dll [DETECTION] Is the TR/Kazy.3810.108 Trojan [NOTE] The file was moved to the quarantine directory under the name '0c402c6c.qua'. End of the scan: Saturday, March 05, 2011 19:20 Used time: 3:10:25 Hour(s) The scan has been done completely. 19429 Scanned directories 714352 Files were scanned 3 Viruses and/or unwanted programs were found 0 Files were classified as suspicious 0 files were deleted 0 Viruses and unwanted programs were repaired 3 Files were moved to quarantine 0 Files were renamed 0 Files cannot be scanned 714349 Files not concerned 21745 Archives were scanned 1 Warnings 2 Notes 710582 Objects were scanned with rootkit scan 17 Hidden objects were found

Ok thanks for waiting. I was able to update and run in regular mode. Time elapsed: 34 minute(s), 20 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 2 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CURRENT_USER\SOFTWARE\whitesmoketoolbar (PUP.Whitesmoke) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\whitesmoketoolbar (PUP.Whitesmoke) -> Quarantined and deleted successfully. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) DDS (Ver_10-12-12.02) - NTFSx86 Run by Owner at 0:55:34.31 on Sat 03/05/2011 Internet Explorer: 8.0.6001.18702 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.247.67 [GMT -8:00] AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe svchost.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Avira\AntiVir Desktop\avshadow.exe C:\Program Files\Softex\OmniPass\Omniserv.exe C:\WINDOWS\System32\svchost.exe -k imgsvc "C:\WINDOWS\System32\svchost.exe" "C:\WINDOWS\System32\svchost.exe" C:\Program Files\Softex\OmniPass\OPXPApp.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\taskmgr.exe C:\windows\system\hpsysdrv.exe C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe C:\WINDOWS\System32\hphmon05.exe C:\HP\KBD\KBD.EXE C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe C:\Program Files\HP\HP Software Update\HPWuSchd.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Owner.YOUR-XHTR8HVC4P.001\Desktop\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://www.calbanktrust.com/ uWindow Title = Internet Explorer, optimized for Bing and MSN uDefault_Page_URL = hxxp://www.msn.com BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll BHO: WOT Helper: {c920e44a-7f78-4e64-bdd7-a57026e7feb7} - c:\program files\wot\WOT.dll BHO: Yontoo Layers: {fd72061e-9fde-484d-a58a-0bab4151cad8} - c:\program files\drop down deals\YontooIEClient.dll TB: HP View: {b2847e28-5d7d-4deb-8b67-05d28bcf79f5} - c:\program files\hewlett-packard\digital imaging\bin\hpdtlk02.dll TB: WOT: {71576546-354d-41c9-aae8-31f2ec22bf0d} - c:\program files\wot\WOT.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll EB: hp view: {8f4902b6-6c04-4ade-8052-aa58578a21bd} - c:\windows\system32\Shdocvw.dll EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File uRun: [NVIEW] rundll32.exe nview.dll,nViewLoadHook uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [hpsysdrv] c:\windows\system\hpsysdrv.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [CamMonitor] c:\program files\hewlett-packard\digital imaging\\unload\hpqcmon.exe mRun: [HPHUPD05] c:\program files\hewlett-packard\{45b6180b-dcab-4093-8ee8-6164457517f0}\hphupd05.exe mRun: [HPHmon05] c:\windows\system32\hphmon05.exe mRun: [KBD] c:\hp\kbd\KBD.EXE mRun: [storageGuard] "c:\program files\common files\sonic\update manager\sgtray.exe" /r mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot mRun: [AutoTKit] c:\hp\bin\AUTOTKIT.EXE mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect mRun: [_SetRes] c:\hp\bin\cloaker c:\hp\bin\res.bat mRun: [icoSet] c:\hp\bin\cloaker.exe c:\hp\bin\icoset\adjust.bat seticon mRun: [regcmdcons] c:\hp\bin\cloaker.exe c:\hp\bin\cmdcons.cmd mRun: [Reminder] "c:\windows\creator\Remind_XP.exe" mRun: [PS2] c:\windows\system32\ps2.exe mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min mRun: [AlcxMonitor] ALCXMNTR.EXE mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe mRun: [HP Software Update] "c:\program files\hp\hp software update\HPWuSchd.exe" mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe" StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpqtra08.exe StartupFolder: c:\documents and settings\all users\start menu\programs\startup\Microsoft Office.lnk.disabled StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quicke~1.lnk - c:\program files\quicken\bagent.exe IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\windows\system32\msjava.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL LSP: SpSubLSP.dll Trusted Zone: microsoft.com\*.update Trusted Zone: microsoft.com\update DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1289381534141 DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1289381690875 DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/1.4/jinstall-14_02-windows-i586.cab DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://www.cvsphoto.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/1.4/jinstall-14_02-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - c:\program files\wot\WOT.dll Notify: igfxcui - igfxsrvc.dll Notify: OPXPGina - c:\program files\softex\omnipass\opxpgina.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll Hosts: 127.0.0.1 www.spywareinfo.com ============= SERVICES / DRIVERS =============== R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-8-8 11608] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-8-8 135336] R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-8-8 267944] R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-11-10 61960] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-12-4 136176] S2 mrtRate;mrtRate; [x] S3 rootrepeal;rootrepeal;\??\c:\windows\system32\drivers\rootrepeal.sys --> c:\windows\system32\drivers\rootrepeal.sys [?] =============== Created Last 30 ================ 2011-02-21 23:01:45 -------- d-----w- c:\program files\Drop Down Deals 2011-02-21 23:00:25 -------- d-----w- c:\docume~1\alluse~1\applic~1\Tarma Installer 2011-02-21 00:04:45 0 ----a-w- c:\windows\Hgoyu.bin 2011-02-21 00:04:43 -------- d-----w- c:\docume~1\ownery~1.001\locals~1\applic~1\{F4809D4F-E098-48E2-B273-25D45A255A4E} 2011-02-21 00:01:29 762368 ----a-w- c:\windows\system32\drivers\xcnshbg.sys 2011-02-20 23:59:57 -------- d-----w- c:\docume~1\alluse~1\applic~1\dJnHmOd15400 2011-02-20 14:53:56 -------- d-----w- c:\program files\Yontoo Layers Client 2011-02-19 22:40:40 -------- d-----w- c:\docume~1\ownery~1.001\applic~1\Malwarebytes 2011-02-19 22:05:38 709456 ----a-w- c:\windows\isRS-000.tmp ==================== Find3M ==================== 2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll 2011-01-07 14:09:02 290048 ----a-w- c:\windows\system32\atmfd.dll 2010-12-31 13:10:33 1854976 ----a-w- c:\windows\system32\win32k.sys 2010-12-22 12:34:28 301568 ----a-w- c:\windows\system32\kerberos.dll 2010-12-20 23:59:20 916480 ----a-w- c:\windows\system32\wininet.dll 2010-12-20 23:59:19 43520 ----a-w- c:\windows\system32\licmgr10.dll 2010-12-20 23:59:19 1469440 ----a-w- c:\windows\system32\inetcpl.cpl 2010-12-20 17:26:00 730112 ----a-w- c:\windows\system32\lsasrv.dll 2010-12-20 12:55:26 385024 ----a-w- c:\windows\system32\html.iec 2010-12-09 15:15:09 718336 ----a-w- c:\windows\system32\ntdll.dll 2010-12-09 14:30:22 33280 ----a-w- c:\windows\system32\csrsrv.dll 2010-12-09 13:38:47 2192768 ----a-w- c:\windows\system32\ntoskrnl.exe 2010-12-09 13:07:05 2069376 ----a-w- c:\windows\system32\ntkrnlpa.exe ============= FINISH: 0:58:08.64 ===============

Hi Maniac I got my computer back up and running, however, every time I try and update the MBAM it reboots my computer before install. Suggestions? I work away from my home computer, so any tasks you provide will be a few days before I am able to carry them out.. Thanks for your help..

I did as directed in normal mode and when the DL tried to install into MBAM, my computer rebooted before it finished. So I repeated it, same result. I then reviewed this artical http://forums.malwarebytes.org/index.php?showtopic=12709 and tried to run Root Repeal and as it was trying to open up my computer locked up. I did a hard shut down and now several of the system32 drivers are not present and my OS will not load. At this point my computer will not open up, I do not know if it was the virus or user error that caused this to happen, in any case, I will attempt to reload the OS and go from there. It may be a while for me to repost, so take what ever action necessary to this post. THX

Ok I know I have a rootkit. I've ran several scans of MBAM and Avira and quarantined the files that were infected, however the bug keeps returning. I also ran 2 GMER scans and could not get the log to save as in the save window there was no active destination or computer to save it to. I then ran a short scan with GMER and I was able to save that. I've copied the latest logs and attached what was required, please help in removing this bug, Thanks DDS (Ver_10-12-12.02) - NTFSx86 Run by Owner at 23:41:40.20 on Mon 02/21/2011 Internet Explorer: 8.0.6001.18702 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.247.105 [GMT -8:00] AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe svchost.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Avira\AntiVir Desktop\avshadow.exe C:\Program Files\Softex\OmniPass\Omniserv.exe C:\WINDOWS\System32\svchost.exe -k imgsvc C:\WINDOWS\Explorer.EXE C:\windows\system\hpsysdrv.exe C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe C:\WINDOWS\System32\hphmon05.exe C:\HP\KBD\KBD.EXE "C:\WINDOWS\System32\svchost.exe" "C:\WINDOWS\System32\svchost.exe" C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe C:\Program Files\HP\HP Software Update\HPWuSchd.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe C:\WINDOWS\System32\dllhost.exe C:\WINDOWS\system32\taskmgr.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Softex\OmniPass\OPXPApp.exe C:\WINDOWS\System32\vssvc.exe C:\WINDOWS\System32\dllhost.exe C:\Documents and Settings\Owner.YOUR-XHTR8HVC4P.001\Desktop\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://www.calbanktrust.com/ uWindow Title = Internet Explorer, optimized for Bing and MSN uDefault_Page_URL = hxxp://www.msn.com BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll BHO: WOT Helper: {c920e44a-7f78-4e64-bdd7-a57026e7feb7} - c:\program files\wot\WOT.dll BHO: Yontoo Layers: {fd72061e-9fde-484d-a58a-0bab4151cad8} - c:\program files\drop down deals\YontooIEClient.dll TB: HP View: {b2847e28-5d7d-4deb-8b67-05d28bcf79f5} - c:\program files\hewlett-packard\digital imaging\bin\hpdtlk02.dll TB: WOT: {71576546-354d-41c9-aae8-31f2ec22bf0d} - c:\program files\wot\WOT.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll EB: hp view: {8f4902b6-6c04-4ade-8052-aa58578a21bd} - c:\windows\system32\Shdocvw.dll EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File uRun: [NVIEW] rundll32.exe nview.dll,nViewLoadHook uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background mRun: [hpsysdrv] c:\windows\system\hpsysdrv.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [CamMonitor] c:\program files\hewlett-packard\digital imaging\\unload\hpqcmon.exe mRun: [HPHUPD05] c:\program files\hewlett-packard\{45b6180b-dcab-4093-8ee8-6164457517f0}\hphupd05.exe mRun: [HPHmon05] c:\windows\system32\hphmon05.exe mRun: [KBD] c:\hp\kbd\KBD.EXE mRun: [storageGuard] "c:\program files\common files\sonic\update manager\sgtray.exe" /r mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot mRun: [AutoTKit] c:\hp\bin\AUTOTKIT.EXE mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect mRun: [_SetRes] c:\hp\bin\cloaker c:\hp\bin\res.bat mRun: [icoSet] c:\hp\bin\cloaker.exe c:\hp\bin\icoset\adjust.bat seticon mRun: [regcmdcons] c:\hp\bin\cloaker.exe c:\hp\bin\cmdcons.cmd mRun: [Reminder] "c:\windows\creator\Remind_XP.exe" mRun: [PS2] c:\windows\system32\ps2.exe mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min mRun: [AlcxMonitor] ALCXMNTR.EXE mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe mRun: [HP Software Update] "c:\program files\hp\hp software update\HPWuSchd.exe" mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe" mRun: [Wsaxifi] rundll32.exe "c:\windows\oxojevoh.dll",Startup StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpqtra08.exe StartupFolder: c:\documents and settings\all users\start menu\programs\startup\Microsoft Office.lnk.disabled StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quicke~1.lnk - c:\program files\quicken\bagent.exe IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\windows\system32\msjava.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL LSP: SpSubLSP.dll Trusted Zone: microsoft.com\*.update Trusted Zone: microsoft.com\update DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1289381534141 DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1289381690875 DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/1.4/jinstall-14_02-windows-i586.cab DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://www.cvsphoto.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/1.4/jinstall-14_02-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - c:\program files\wot\WOT.dll Notify: igfxcui - igfxsrvc.dll Notify: OPXPGina - c:\program files\softex\omnipass\opxpgina.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll Hosts: 127.0.0.1 www.spywareinfo.com ============= SERVICES / DRIVERS =============== R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-8-8 11608] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-8-8 135336] R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-8-8 267944] R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-11-10 61960] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-12-4 136176] S2 mrtRate;mrtRate; [x] S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-11-20 38224] =============== Created Last 30 ================ 2011-02-21 23:01:45 -------- d-----w- c:\program files\Drop Down Deals 2011-02-21 23:00:25 -------- d-----w- c:\docume~1\alluse~1\applic~1\Tarma Installer 2011-02-21 00:04:45 0 ----a-w- c:\windows\Hgoyu.bin 2011-02-21 00:04:43 -------- d-----w- c:\docume~1\ownery~1.001\locals~1\applic~1\{F4809D4F-E098-48E2-B273-25D45A255A4E} 2011-02-21 00:01:29 762368 ----a-w- c:\windows\system32\drivers\xcnshbg.sys 2011-02-20 23:59:57 -------- d-----w- c:\docume~1\alluse~1\applic~1\dJnHmOd15400 2011-02-20 14:53:56 -------- d-----w- c:\program files\Yontoo Layers Client 2011-02-19 22:40:40 -------- d-----w- c:\docume~1\ownery~1.001\applic~1\Malwarebytes 2011-02-19 22:05:38 709456 ----a-w- c:\windows\isRS-000.tmp ==================== Find3M ==================== 2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll 2011-01-07 14:09:02 290048 ----a-w- c:\windows\system32\atmfd.dll 2010-12-31 13:10:33 1854976 ----a-w- c:\windows\system32\win32k.sys 2010-12-22 12:34:28 301568 ----a-w- c:\windows\system32\kerberos.dll 2010-12-20 23:59:20 916480 ----a-w- c:\windows\system32\wininet.dll 2010-12-20 23:59:19 43520 ----a-w- c:\windows\system32\licmgr10.dll 2010-12-20 23:59:19 1469440 ----a-w- c:\windows\system32\inetcpl.cpl 2010-12-20 17:26:00 730112 ----a-w- c:\windows\system32\lsasrv.dll 2010-12-20 12:55:26 385024 ----a-w- c:\windows\system32\html.iec 2010-12-09 15:15:09 718336 ----a-w- c:\windows\system32\ntdll.dll 2010-12-09 14:30:22 33280 ----a-w- c:\windows\system32\csrsrv.dll 2010-12-09 13:38:47 2192768 ----a-w- c:\windows\system32\ntoskrnl.exe 2010-12-09 13:07:05 2069376 ----a-w- c:\windows\system32\ntkrnlpa.exe ============= FINISH: 23:43:36.92 =============== Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Database version: 5823 Windows 5.1.2600 Service Pack 3 (Safe Mode) Internet Explorer 8.0.6001.18702 2/21/2011 4:22:47 PM mbam-log-2011-02-21 (16-22-47).txt Scan type: Quick scan Objects scanned: 321619 Time elapsed: 25 minute(s), 45 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 3 Registry Values Infected: 2 Registry Data Items Infected: 0 Folders Infected: 1 Files Infected: 7 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CLASSES_ROOT\CLSID\{52794457-af6c-4c50-9def-f2e24f4c8889} (PUP.WhiteSmoke) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{52794457-AF6C-4C50-9DEF-F2E24F4C8889} (PUP.WhiteSmoke) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{52794457-AF6C-4C50-9DEF-F2E24F4C8889} (PUP.WhiteSmoke) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{52794457-AF6C-4C50-9DEF-F2E24F4C8889} (PUP.WhiteSmoke) -> Value: {52794457-AF6C-4C50-9DEF-F2E24F4C8889} -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{52794457-af6c-4c50-9def-f2e24f4c8889} (PUP.WhiteSmoke) -> Value: {52794457-af6c-4c50-9def-f2e24f4c8889} -> Quarantined and deleted successfully. Registry Data Items Infected: (No malicious items detected) Folders Infected: c:\documents and settings\networkservice\application data\whitesmoketoolbar (PUP.WhiteSmoke) -> Quarantined and deleted successfully. Files Infected: c:\WINDOWS\temp\1728600 (PUP.BHO) -> Quarantined and deleted successfully. c:\WINDOWS\temp\2375820 (PUP.BHO) -> Quarantined and deleted successfully. c:\documents and settings\networkservice\local settings\temporary internet files\Content.IE5\WWRP5B21\whitesmoketoolbar[1].exe (PUP.WhiteSmoke) -> Quarantined and deleted successfully. c:\documents and settings\networkservice\application data\whitesmoketoolbar\dtx.ini (PUP.WhiteSmoke) -> Quarantined and deleted successfully. c:\documents and settings\networkservice\application data\whitesmoketoolbar\exeArgs.xml (PUP.WhiteSmoke) -> Quarantined and deleted successfully. c:\documents and settings\networkservice\application data\whitesmoketoolbar\guid.dat (PUP.WhiteSmoke) -> Quarantined and deleted successfully. c:\documents and settings\networkservice\application data\whitesmoketoolbar\setupCfg.xml (PUP.WhiteSmoke) -> Quarantined and deleted successfully. Avira AntiVir Personal Report file date: Monday, February 21, 2011 19:31 Scanning for 2419316 virus strains and unwanted programs. The program is running as an unrestricted full version. Online services are available: Licensee : Avira AntiVir Personal - FREE Antivirus Serial number : 0000149996-ADJIE-0000001 Platform : Windows XP Windows version : (Service Pack 3) [5.1.2600] Boot mode : Normally booted Username : SYSTEM Computer name : YOUR-XHTR8HVC4P Version information: BUILD.DAT : 10.0.0.611 31824 Bytes 1/14/2011 13:42:00 AVSCAN.EXE : 10.0.3.5 435368 Bytes 12/9/2010 04:12:31 AVSCAN.DLL : 10.0.3.0 46440 Bytes 4/1/2010 21:57:04 LUKE.DLL : 10.0.3.2 104296 Bytes 12/9/2010 04:12:32 LUKERES.DLL : 10.0.0.1 12648 Bytes 2/11/2010 08:40:49 VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 18:05:36 VBASE001.VDF : 7.11.0.0 13342208 Bytes 12/14/2010 17:29:28 VBASE002.VDF : 7.11.3.0 1950720 Bytes 2/9/2011 15:37:41 VBASE003.VDF : 7.11.3.1 2048 Bytes 2/9/2011 15:37:41 VBASE004.VDF : 7.11.3.2 2048 Bytes 2/9/2011 15:37:41 VBASE005.VDF : 7.11.3.3 2048 Bytes 2/9/2011 15:37:42 VBASE006.VDF : 7.11.3.4 2048 Bytes 2/9/2011 15:37:42 VBASE007.VDF : 7.11.3.5 2048 Bytes 2/9/2011 15:37:42 VBASE008.VDF : 7.11.3.6 2048 Bytes 2/9/2011 15:37:42 VBASE009.VDF : 7.11.3.7 2048 Bytes 2/9/2011 15:37:43 VBASE010.VDF : 7.11.3.8 2048 Bytes 2/9/2011 15:37:43 VBASE011.VDF : 7.11.3.9 2048 Bytes 2/9/2011 15:37:43 VBASE012.VDF : 7.11.3.10 2048 Bytes 2/9/2011 15:37:43 VBASE013.VDF : 7.11.3.59 157184 Bytes 2/14/2011 15:34:17 VBASE014.VDF : 7.11.3.97 120320 Bytes 2/16/2011 15:33:54 VBASE015.VDF : 7.11.3.148 128000 Bytes 2/19/2011 15:35:50 VBASE016.VDF : 7.11.3.149 2048 Bytes 2/19/2011 15:35:51 VBASE017.VDF : 7.11.3.150 2048 Bytes 2/19/2011 15:35:51 VBASE018.VDF : 7.11.3.151 2048 Bytes 2/19/2011 15:35:51 VBASE019.VDF : 7.11.3.152 2048 Bytes 2/19/2011 15:35:51 VBASE020.VDF : 7.11.3.153 2048 Bytes 2/19/2011 15:35:51 VBASE021.VDF : 7.11.3.154 2048 Bytes 2/19/2011 15:35:52 VBASE022.VDF : 7.11.3.155 2048 Bytes 2/19/2011 15:35:52 VBASE023.VDF : 7.11.3.156 2048 Bytes 2/19/2011 15:35:52 VBASE024.VDF : 7.11.3.157 2048 Bytes 2/19/2011 15:35:52 VBASE025.VDF : 7.11.3.158 2048 Bytes 2/19/2011 15:35:52 VBASE026.VDF : 7.11.3.159 2048 Bytes 2/19/2011 15:35:53 VBASE027.VDF : 7.11.3.160 2048 Bytes 2/19/2011 15:35:53 VBASE028.VDF : 7.11.3.161 2048 Bytes 2/19/2011 15:35:53 VBASE029.VDF : 7.11.3.162 2048 Bytes 2/19/2011 15:35:53 VBASE030.VDF : 7.11.3.163 2048 Bytes 2/19/2011 15:37:14 VBASE031.VDF : 7.11.3.172 58368 Bytes 2/21/2011 21:13:01 Engineversion : 8.2.4.170 AEVDF.DLL : 8.1.2.1 106868 Bytes 8/3/2010 00:09:54 AESCRIPT.DLL : 8.1.3.53 1282427 Bytes 1/31/2011 05:44:57 AESCN.DLL : 8.1.7.2 127349 Bytes 11/22/2010 18:53:26 AESBX.DLL : 8.1.3.2 254324 Bytes 11/22/2010 18:53:58 AERDL.DLL : 8.1.9.2 635252 Bytes 11/10/2010 10:28:36 AEPACK.DLL : 8.2.4.9 512374 Bytes 1/31/2011 05:44:51 AEOFFICE.DLL : 8.1.1.16 205179 Bytes 1/31/2011 05:44:47 AEHEUR.DLL : 8.1.2.78 3277175 Bytes 2/18/2011 15:34:35 AEHELP.DLL : 8.1.16.1 246134 Bytes 2/4/2011 05:45:42 AEGEN.DLL : 8.1.5.2 397683 Bytes 1/21/2011 18:40:52 AEEMU.DLL : 8.1.3.0 393589 Bytes 11/22/2010 18:51:12 AECORE.DLL : 8.1.19.2 196983 Bytes 1/21/2011 18:40:49 AEBB.DLL : 8.1.1.0 53618 Bytes 8/3/2010 00:09:48 AVWINLL.DLL : 10.0.0.0 19304 Bytes 8/3/2010 00:09:56 AVPREF.DLL : 10.0.0.0 44904 Bytes 8/3/2010 00:09:55 AVREP.DLL : 10.0.0.8 62209 Bytes 6/17/2010 23:27:13 AVREG.DLL : 10.0.3.2 53096 Bytes 8/3/2010 00:09:55 AVSCPLR.DLL : 10.0.3.2 84328 Bytes 12/9/2010 04:12:32 AVARKT.DLL : 10.0.22.6 231784 Bytes 12/9/2010 04:12:27 AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 8/3/2010 00:09:55 SQLITE3.DLL : 3.6.19.0 355688 Bytes 6/17/2010 23:27:22 AVSMTP.DLL : 10.0.0.17 63848 Bytes 8/3/2010 00:09:56 NETNT.DLL : 10.0.0.0 11624 Bytes 6/17/2010 23:27:21 RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 1/28/2010 22:10:20 RCTEXT.DLL : 10.0.58.0 97128 Bytes 8/3/2010 00:10:08 Configuration settings for the scan: Jobname.............................: Complete system scan Configuration file..................: c:\program files\avira\antivir desktop\sysscan.avp Logging.............................: low Primary action......................: interactive Secondary action....................: ignore Scan master boot sector.............: on Scan boot sector....................: on Boot sectors........................: C:, D:, Process scan........................: on Extended process scan...............: on Scan registry.......................: on Search for rootkits.................: on Integrity checking of system files..: off Scan all files......................: All files Scan archives.......................: on Recursion depth.....................: 20 Smart extensions....................: on Macro heuristic.....................: on File heuristic......................: medium Deviating risk categories...........: +APPL,+GAME,+JOKE,+PCK,+PFS,+SPR, Start of the scan: Monday, February 21, 2011 19:31 Starting search for hidden objects. HKEY_LOCAL_MACHINE\System\ControlSet002\Services\xcnshbg\ogztenwax [NOTE] The registry entry is invisible. HKEY_LOCAL_MACHINE\System\ControlSet002\Services\xcnshbg\type [NOTE] The registry entry is invisible. HKEY_LOCAL_MACHINE\System\ControlSet002\Services\xcnshbg\start [NOTE] The registry entry is invisible. HKEY_LOCAL_MACHINE\System\ControlSet002\Services\xcnshbg\errorcontrol [NOTE] The registry entry is invisible. HKEY_LOCAL_MACHINE\System\ControlSet002\Services\xcnshbg\group [NOTE] The registry entry is invisible. HKEY_LOCAL_MACHINE\System\ControlSet002\Services\xcnshbg\group HKEY_LOCAL_MACHINE\System\ControlSet002\Services\xcnshbg\lf8rs5la1tn [NOTE] The registry entry is invisible. HKEY_LOCAL_MACHINE\System\ControlSet002\Services\xcnshbg\qhqh2hs2 [NOTE] The registry entry is invisible. HKEY_LOCAL_MACHINE\System\ControlSet002\Services\xcnshbg\ptuyicu [NOTE] The registry entry is invisible. HKEY_LOCAL_MACHINE\System\ControlSet003\Services\NtmsSvc\Config\Standalone\drivelist [NOTE] The registry entry is invisible. HKEY_LOCAL_MACHINE\System\ControlSet003\Services\xcnshbg\ogztenwax [NOTE] The registry entry is invisible. HKEY_LOCAL_MACHINE\System\ControlSet003\Services\xcnshbg\type [NOTE] The registry entry is invisible. HKEY_LOCAL_MACHINE\System\ControlSet003\Services\xcnshbg\start [NOTE] The registry entry is invisible. HKEY_LOCAL_MACHINE\System\ControlSet003\Services\xcnshbg\errorcontrol [NOTE] The registry entry is invisible. HKEY_LOCAL_MACHINE\System\ControlSet003\Services\xcnshbg\lf8rs5la1tn [NOTE] The registry entry is invisible. HKEY_LOCAL_MACHINE\System\ControlSet003\Services\xcnshbg\qhqh2hs2 [NOTE] The registry entry is invisible. HKEY_LOCAL_MACHINE\System\ControlSet003\Services\xcnshbg\ptuyicu [NOTE] The registry entry is invisible. The scan of running processes will be started Scan process 'logon.scr' - '12' Module(s) have been scanned Scan process 'avscan.exe' - '70' Module(s) have been scanned Scan process 'avcenter.exe' - '65' Module(s) have been scanned Scan process 'wscntfy.exe' - '21' Module(s) have been scanned Scan process 'taskmgr.exe' - '37' Module(s) have been scanned Scan process 'msdtc.exe' - '40' Module(s) have been scanned Scan process 'dllhost.exe' - '59' Module(s) have been scanned Scan process 'dllhost.exe' - '45' Module(s) have been scanned Scan process 'vssvc.exe' - '48' Module(s) have been scanned Scan process 'hpqtra08.exe' - '36' Module(s) have been scanned Scan process 'ctfmon.exe' - '28' Module(s) have been scanned Scan process 'msmsgs.exe' - '45' Module(s) have been scanned Scan process 'GrooveMonitor.exe' - '45' Module(s) have been scanned Scan process 'HPWuSchd.exe' - '21' Module(s) have been scanned Scan process 'hpztsb09.exe' - '22' Module(s) have been scanned Scan process 'igfxtray.exe' - '32' Module(s) have been scanned Scan process 'avgnt.exe' - '56' Module(s) have been scanned Scan process 'svchost.exe' - '45' Module(s) have been scanned Scan process 'svchost.exe' - '38' Module(s) have been scanned Scan process 'KBD.EXE' - '59' Module(s) have been scanned Scan process 'hphmon05.exe' - '24' Module(s) have been scanned Scan process 'hpqcmon.exe' - '32' Module(s) have been scanned Scan process 'hkcmd.exe' - '32' Module(s) have been scanned Scan process 'hpsysdrv.exe' - '21' Module(s) have been scanned Scan process 'Explorer.EXE' - '130' Module(s) have been scanned Scan process 'alg.exe' - '35' Module(s) have been scanned Scan process 'OPXPApp.exe' - '13' Module(s) have been scanned Scan process 'svchost.exe' - '42' Module(s) have been scanned Scan process 'Omniserv.exe' - '12' Module(s) have been scanned Scan process 'avshadow.exe' - '25' Module(s) have been scanned Scan process 'avguard.exe' - '54' Module(s) have been scanned Scan process 'svchost.exe' - '34' Module(s) have been scanned Scan process 'sched.exe' - '45' Module(s) have been scanned Scan process 'spoolsv.exe' - '58' Module(s) have been scanned Scan process 'svchost.exe' - '39' Module(s) have been scanned Scan process 'svchost.exe' - '34' Module(s) have been scanned Scan process 'svchost.exe' - '168' Module(s) have been scanned Scan process 'svchost.exe' - '41' Module(s) have been scanned Scan process 'svchost.exe' - '51' Module(s) have been scanned Scan process 'lsass.exe' - '60' Module(s) have been scanned Scan process 'services.exe' - '49' Module(s) have been scanned Scan process 'winlogon.exe' - '67' Module(s) have been scanned Scan process 'csrss.exe' - '14' Module(s) have been scanned Scan process 'smss.exe' - '2' Module(s) have been scanned Starting master boot sector scan: Master boot sector HD0 [iNFO] No virus was found! Master boot sector HD1 [iNFO] No virus was found! Start scanning boot sectors: Boot sector 'C:\' [iNFO] No virus was found! Boot sector 'D:\' [iNFO] No virus was found! Starting to scan executable files (registry). The registry was scanned ( '397' files ). Starting the file scan: Begin scan in 'C:\' <HP_PAVILION> C:\WINDOWS\system32\drivers\xcnshbg.sys [DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan Begin scan in 'D:\' <HP_RECOVERY> Beginning disinfection: C:\WINDOWS\system32\drivers\xcnshbg.sys [DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan [NOTE] The file was moved to the quarantine directory under the name '4741c764.qua'. End of the scan: Monday, February 21, 2011 23:38 Used time: 3:01:51 Hour(s) The scan has been done completely. 19456 Scanned directories 715146 Files were scanned 1 Viruses and/or unwanted programs were found 0 Files were classified as suspicious 0 files were deleted 0 Viruses and unwanted programs were repaired 1 Files were moved to quarantine 0 Files were renamed 0 Files cannot be scanned 715145 Files not concerned 21743 Archives were scanned 0 Warnings 0 Notes 706206 Objects were scanned with rootkit scan 17 Hidden objects were found

I wanted to thank you for all of your help and donating your valuable time. My computer seems to be working well and I will download some of the programs you recommended. I do have SPYBOT which has a hosts file, I just do not know if the other programs will cause a conflict with it.

Hi I deleted the email that was unimportant. I noticed Opera files in my logs. I deleted via Add/remove programs all Opera from my computer over a year ago. Do some files still hang around? Here is the log ========== PROCESSES ========== Unable to kill process: c:\windows\system32\CF11993.exe ========== FILES ========== c:\windows\system32\CF11993.exe moved successfully. C:\Program Files\AIM\Sysfiles\WxBug.EXE moved successfully. ========== REGISTRY ========== Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tyF73.sys\\ deleted successfully. ========== COMMANDS ========== User's Temp folder emptied. User's Internet Explorer cache folder emptied. File delete failed. C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot. User's Temporary Internet Files folder emptied. File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat scheduled to be deleted on reboot. Local Service Temp folder emptied. File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot. Local Service Temporary Internet Files folder emptied. Network Service Temp folder emptied. File delete failed. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot. Network Service Temporary Internet Files folder emptied. File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_6e0.dat scheduled to be deleted on reboot. Windows Temp folder emptied. Java cache emptied. Temp folders emptied. OTM by OldTimer - Version 2.1.0.1 log created on 06172009_075525 Files moved on Reboot... File C:\WINDOWS\temp\Perflib_Perfdata_6e0.dat not found! Registry entries deleted on Reboot... Computer is working fine..

Here you go. Eset worked, but took a while. I did not remove any of the files from Eset. Computer is working better... ComboFix 09-06-16.01 - Owner 06/16/2009 17:15.3 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.247.113 [GMT -7:00] Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} AV: Spy Sweeper with AntiVirus *On-access scanning disabled* (Updated) {B3891867-7230-459B-9987-E7CCFA7A7D1D} FILE :: "c:\windows\system32\CF26347.exe" . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\CF26347.exe . ((((((((((((((((((((((((( Files Created from 2009-05-17 to 2009-06-17 ))))))))))))))))))))))))))))))) . 2009-06-16 15:13 . 2009-06-16 15:13 410984 ----a-w- c:\windows\system32\deploytk.dll 2009-06-16 00:45 . 2009-06-16 00:46 984 ----a-w- c:\documents and settings\Owner\Application Data\Motive\Acme\plugin\maps\mmap.bat 2009-06-16 00:45 . 2009-06-16 00:46 413696 ----a-w- c:\documents and settings\Owner\Application Data\Motive\Acme\plugin\maps\resources\deusr\bin\motkt.dll 2009-06-16 00:45 . 2009-06-16 00:46 311296 ----a-w- c:\documents and settings\Owner\Application Data\Motive\Acme\plugin\maps\resources\deusr\bin\motivede.dll 2009-06-14 06:06 . 2009-06-14 06:06 -------- d-----w- c:\program files\ERUNT 2009-06-13 16:47 . 2009-03-30 17:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys 2009-06-13 16:47 . 2009-03-24 23:08 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2009-06-13 16:47 . 2009-02-13 19:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys 2009-06-13 16:47 . 2009-02-13 19:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys 2009-06-13 16:47 . 2009-06-13 16:47 -------- d-----w- c:\program files\Avira 2009-06-13 16:47 . 2009-06-13 16:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira 2009-06-13 01:40 . 2009-06-13 01:40 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Webroot . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-06-16 15:13 . 2004-01-31 07:44 -------- d-----w- c:\program files\Java 2009-06-13 06:59 . 2009-02-10 04:07 -------- d-----w- c:\program files\Common Files\Scanner 2009-06-05 06:02 . 2008-06-01 07:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-06-05 06:02 . 2008-06-15 03:49 3371383 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe 2009-05-29 07:54 . 2008-10-11 06:11 -------- d-----w- c:\program files\Moyea 2009-05-26 20:20 . 2008-08-27 16:57 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-05-26 20:19 . 2008-06-01 07:04 19096 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-05-07 15:32 . 2006-07-15 16:08 345600 ----a-w- c:\windows\system32\localspl.dll 2009-04-29 04:56 . 2006-06-23 18:33 827392 ----a-w- c:\windows\system32\wininet.dll 2009-04-29 04:55 . 2004-08-04 07:56 78336 ----a-w- c:\windows\system32\ieencode.dll 2009-04-27 03:22 . 2009-02-10 04:04 -------- d-----w- c:\program files\Verizon 2009-04-19 16:49 . 2003-08-23 14:12 53568 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-04-17 12:26 . 2006-07-15 16:08 1847168 ----a-w- c:\windows\system32\win32k.sys 2009-04-15 14:51 . 2006-07-15 16:08 585216 ----a-w- c:\windows\system32\rpcrt4.dll 2005-08-01 04:25 . 2005-08-01 04:25 1691 ----a-w- c:\program files\ImageMixer VCD DVD2 for OLYMPUS 2.0.lnk . ((((((((((((((((((((((((((((( SnapShot@2009-06-16_02.59.19 ))))))))))))))))))))))))))))))))))))))))) . + 2009-06-17 00:26 . 2009-06-17 00:26 16384 c:\windows\temp\Perflib_Perfdata_6e0.dat - 2003-08-23 12:55 . 2009-06-16 00:13 49152 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat + 2003-08-23 12:55 . 2009-06-16 18:31 49152 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat - 2003-08-23 12:55 . 2009-06-16 00:13 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat + 2003-08-23 12:55 . 2009-06-16 18:31 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat + 2009-06-16 15:13 . 2009-06-16 15:13 148888 c:\windows\system32\javaws.exe + 2009-06-16 15:13 . 2009-06-16 15:13 144792 c:\windows\system32\javaw.exe + 2009-06-16 15:13 . 2009-06-16 15:13 144792 c:\windows\system32\java.exe + 2009-06-17 00:13 . 2009-06-17 00:13 389120 c:\windows\system32\CF11993.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VirtualExpanderFile.1] @="{E4000AC4-5E5F-4956-807A-C5854405D64F}" [HKEY_CLASSES_ROOT\CLSID\{E4000AC4-5E5F-4956-807A-C5854405D64F}] 2006-04-23 00:20 73728 ----a-w- c:\windows\system32\VirtualExpander\VEShellExt.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736] "Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992] "CamMonitor"="c:\program files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe" [2002-10-07 90112] "HPHUPD05"="c:\program files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [2003-05-23 49152] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088] "Verizon_McciTrayApp"="c:\program files\Verizon\McciTrayApp.exe" [2009-01-30 1553920] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-06-16 148888] "AlcxMonitor"="ALCXMNTR.EXE" - c:\windows\ALCXMNTR.EXE [2004-09-07 57344] c:\documents and settings\Administrator\Start Menu\Programs\Startup\ mod_sm.lnk.disabled [2003-3-3 641] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Microsoft Office.lnk.disabled [2004-11-23 1736] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoViewOnDrive"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina] 2003-02-21 10:50 40960 ----a-w- c:\program files\Softex\OmniPass\OPXPGina.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tyF73.sys] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService] @="Service" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk backup=c:\windows\pss\Quicken Scheduled Updates.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SideACT!.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\SideACT!.lnk backup=c:\windows\pss\SideACT!.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates from HP.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Updates from HP.lnk backup=c:\windows\pss\Updates from HP.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^spamsubtract.lnk] path=c:\documents and settings\Owner\Start Menu\Programs\Startup\spamsubtract.lnk backup=c:\windows\pss\spamsubtract.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^VirtualExpander.lnk] path=c:\documents and settings\Owner\Start Menu\Programs\Startup\VirtualExpander.lnk backup=c:\windows\pss\VirtualExpander.lnkStartup [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "ctfmon.exe"=c:\windows\system32\ctfmon.exe "Evidence Eliminator"=c:\program files\Evidence Eliminator\ee.exe /m "MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background "NVIEW"=rundll32.exe nview.dll,nViewLoadHook "BackupNotify"="c:\program files\Hewlett-Packard\Digital Imaging\bin\backupnotify.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime "NvCplDaemon"=RUNDLL32.EXE c:\windows\System32\NvCpl.dll,NvStartup "IgfxTray"=c:\windows\system32\igfxtray.exe "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" "HotKeysCmds"=c:\windows\system32\hkcmd.exe "HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" "NSWosCheck"="c:\program files\Norton SystemWorks" Basic Edition\osCheck.exe "osCheck"="c:\program files\Norton Internet Security\osCheck.exe" "Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_06\bin\jusched.exe" "KBD"=c:\hp\KBD\KBD.EXE "HPHmon05"=c:\windows\System32\hphmon05.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\Program Files\\AIM\\aim.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\WINDOWS\\system32\\sessmgr.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= R2 BCMNTIO;BCMNTIO;c:\progra~1\CheckIt\DIAGNO~1\BCMNTIO.sys [4/27/2006 8:56 PM 3744] R2 MAPMEM;MAPMEM;c:\progra~1\CheckIt\DIAGNO~1\MAPMEM.sys [4/27/2006 8:56 PM 3904] . Contents of the 'Scheduled Tasks' folder 2009-06-02 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-12 20:34] . - - - - ORPHANS REMOVED - - - - BHO-{6E2ACE37-CF69-4DF0-AD17-C07A90DFB7F7} - (no file) BHO-{D404CB63-461C-4797-8E18-F10BC5D6D824} - (no file) . ------- Supplementary Scan ------- . uStart Page = hxxp://calbanktrust.com mStart Page = hxxp://us9.hpwis.com/ mSearch Bar = hxxp://srch-us9.hpwis.com/ uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = localhost IE: &Google Search - c:\program files\google\GoogleToolbar2.dll/cmsearch.html IE: &Translate English Word - c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html IE: &Viewpoint Search - c:\program files\Viewpoint\Viewpoint Toolbar V35\ViewBar.dll/CXTSEARCH.HTML IE: Backward Links - c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar2.dll/cmcache.html IE: Similar Pages - c:\program files\google\GoogleToolbar2.dll/cmsimilar.html IE: Translate Page into English - c:\program files\google\GoogleToolbar2.dll/cmtrans.html DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab DPF: PackageCab - hxxp://ak.imgag.com/imgag/cp/install/AxCtp2.cab DPF: vzTCPConfig - hxxps://www.verizon.net/WhatsNext/CheckMyPc/vzTCPConfig.CAB DPF: {01010200-5E80-11D8-9E86-0007E96C65AE} - hxxp://supportcenter.adelphia.net/sdccommon/download/tgctlins.cab DPF: {38578BF0-0ABB-11D3-9330-0080C6F796A1} - hxxp://www.imgag.com/cp/install/AxCtp.cab DPF: {B8E71371-F7F7-11D2-A2CE-0060B0FB9D0D} - hxxp://free.aol.com/tryaolfree/cdt175/aolcdt175.cab . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-06-16 17:27 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-326441947-1957948835-3910647482-1003\Software\Microsoft\SystemCertificates\AddressBook*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(644) c:\program files\Softex\OmniPass\opxpgina.dll c:\windows\system32\WRLogonNTF.dll - - - - - - - > 'explorer.exe'(2764) c:\windows\system32\VirtualExpander\VEShellExt.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Avira\AntiVir Desktop\sched.exe c:\program files\Avira\AntiVir Desktop\avguard.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\windows\system32\bgsvcgen.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Common Files\Authentium\AntiVirus\dvpapi.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\Motive\McciCMService.exe c:\program files\Softex\OmniPass\omniServ.exe c:\windows\system32\hpzipm12.exe c:\program files\Viewpoint\Common\ViewpointService.exe c:\program files\Webroot\Spy Sweeper\SpySweeper.exe c:\program files\Softex\OmniPass\OPXPApp.exe c:\windows\system32\CF11993.exe c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe c:\windows\system32\wscntfy.exe c:\program files\Hewlett-Packard\Digital Imaging\Unload\HpqCmon.exe c:\program files\iPod\bin\iPodService.exe c:\windows\system32\taskmgr.exe . ************************************************************************** . Completion time: 2009-06-17 17:44 - machine was rebooted ComboFix-quarantined-files.txt 2009-06-17 00:44 ComboFix2.txt 2009-06-16 14:43 ComboFix3.txt 2009-06-16 03:08 Pre-Run: 48,226,770,944 bytes free Post-Run: 48,296,103,936 bytes free 240 --- E O F --- 2009-06-11 10:38 ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK # version=6 # iexplore.exe=7.00.6000.16850 (vista_gdr.090423-0018) # OnlineScanner.ocx=1.0.0.5863 # api_version=3.0.2 # EOSSerial=2aabe6b737edab43a35e39d82a09fccd # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2009-06-17 03:05:27 # local_time=2009-06-16 08:05:27 (-0800, Pacific Daylight Time) # country="United States" # lang=1033 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=1797 37 100 100 308462187500 # scanned=124236 # found=8 # cleaned=0 # scan_time=7640 C:\Documents and Settings\Mom\Local Settings\Application Data\Identities\{079470BD-0D1E-4703-9CBB-F232AE85514B}\Microsoft\Outlook Express\Inbox.dbx multiple threats 00000000000000000000000000000000 C:\Documents and Settings\Owner\Application Data\Opera\Opera8\mail\store\account2\2007-02.mbs Win32/Nuwar.gen worm 00000000000000000000000000000000 C:\Documents and Settings\Owner\My Documents\XPMedic_Setup.zip probably unknown NewHeur_PE virus 00000000000000000000000000000000 C:\Program Files\AIM\Sysfiles\WxBug.EXE Win32/Adware.WBug.A application 00000000000000000000000000000000 C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe probably a variant of Win32/Agent trojan 00000000000000000000000000000000 C:\Qoobox\Quarantine\[4]-Submit_2009-06-16_07.19.34.zip Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 C:\Qoobox\Quarantine\C\WINDOWS\system32\uuDgPqss.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP99\A0019311.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000

I have attached the new combo fix log. I updated java per your instructions. When I try to download the Kaspersky scanner I get an error message about the Java applet failing to load and there is no action for a dl. It suggests to go online but where? In regards to Avira, when I downloaded this a few days ago it did an online update. I did a manual download and it fully updated now. ComboFix 09-06-15.07 - Owner 06/16/2009 7:20.2 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.247.99 [GMT -7:00] Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} AV: Spy Sweeper with AntiVirus *On-access scanning disabled* (Updated) {B3891867-7230-459B-9987-E7CCFA7A7D1D} file zipped: c:\windows\system32\96F0810076.sys file zipped: c:\windows\system32\ajkrtcao.tmp file zipped: c:\windows\system32\ycpqelpo.tmp . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Application Data\13724534 c:\documents and settings\All Users\Application Data\93734526 c:\documents and settings\All Users\Application Data\13724534\13724534.glu c:\documents and settings\All Users\Application Data\13724534\pc13724534cnf c:\documents and settings\All Users\Application Data\13724534\pc13724534ins c:\windows\system32\96F0810076.sys c:\windows\system32\ajkrtcao.tmp c:\windows\system32\ycpqelpo.tmp . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_MRTRATE -------\Service_mrtRate -------\Service_tyF73 ((((((((((((((((((((((((( Files Created from 2009-05-16 to 2009-06-16 ))))))))))))))))))))))))))))))) . 2009-06-16 00:45 . 2009-06-16 00:46 984 ----a-w- c:\documents and settings\Owner\Application Data\Motive\Acme\plugin\maps\mmap.bat 2009-06-16 00:45 . 2009-06-16 00:46 413696 ----a-w- c:\documents and settings\Owner\Application Data\Motive\Acme\plugin\maps\resources\deusr\bin\motkt.dll 2009-06-16 00:45 . 2009-06-16 00:46 311296 ----a-w- c:\documents and settings\Owner\Application Data\Motive\Acme\plugin\maps\resources\deusr\bin\motivede.dll 2009-06-14 06:06 . 2009-06-14 06:06 -------- d-----w- c:\program files\ERUNT 2009-06-13 16:47 . 2009-03-30 17:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys 2009-06-13 16:47 . 2009-03-24 23:08 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2009-06-13 16:47 . 2009-02-13 19:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys 2009-06-13 16:47 . 2009-02-13 19:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys 2009-06-13 16:47 . 2009-06-13 16:47 -------- d-----w- c:\program files\Avira 2009-06-13 16:47 . 2009-06-13 16:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira 2009-06-13 01:40 . 2009-06-13 01:40 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Webroot . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-06-13 06:59 . 2009-02-10 04:07 -------- d-----w- c:\program files\Common Files\Scanner 2009-06-05 06:02 . 2008-06-01 07:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-06-05 06:02 . 2008-06-15 03:49 3371383 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe 2009-05-29 07:54 . 2008-10-11 06:11 -------- d-----w- c:\program files\Moyea 2009-05-26 20:20 . 2008-08-27 16:57 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-05-26 20:19 . 2008-06-01 07:04 19096 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-05-07 15:32 . 2006-07-15 16:08 345600 ----a-w- c:\windows\system32\localspl.dll 2009-04-29 04:56 . 2006-06-23 18:33 827392 ----a-w- c:\windows\system32\wininet.dll 2009-04-29 04:55 . 2004-08-04 07:56 78336 ----a-w- c:\windows\system32\ieencode.dll 2009-04-27 03:22 . 2009-02-10 04:04 -------- d-----w- c:\program files\Verizon 2009-04-19 16:49 . 2003-08-23 14:12 53568 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-04-17 12:26 . 2006-07-15 16:08 1847168 ----a-w- c:\windows\system32\win32k.sys 2009-04-15 14:51 . 2006-07-15 16:08 585216 ----a-w- c:\windows\system32\rpcrt4.dll 2005-08-01 04:25 . 2005-08-01 04:25 1691 ----a-w- c:\program files\ImageMixer VCD DVD2 for OLYMPUS 2.0.lnk . ((((((((((((((((((((((((((((( SnapShot@2009-06-16_02.59.19 ))))))))))))))))))))))))))))))))))))))))) . + 2009-06-16 14:17 . 2009-06-16 14:17 389120 c:\windows\system32\CF26347.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VirtualExpanderFile.1] @="{E4000AC4-5E5F-4956-807A-C5854405D64F}" [HKEY_CLASSES_ROOT\CLSID\{E4000AC4-5E5F-4956-807A-C5854405D64F}] 2006-04-23 00:20 73728 ----a-w- c:\windows\system32\VirtualExpander\VEShellExt.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736] "Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992] "CamMonitor"="c:\program files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe" [2002-10-07 90112] "HPHUPD05"="c:\program files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [2003-05-23 49152] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088] "Verizon_McciTrayApp"="c:\program files\Verizon\McciTrayApp.exe" [2009-01-30 1553920] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] "AlcxMonitor"="ALCXMNTR.EXE" - c:\windows\ALCXMNTR.EXE [2004-09-07 57344] c:\documents and settings\Administrator\Start Menu\Programs\Startup\ mod_sm.lnk.disabled [2003-3-3 641] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Microsoft Office.lnk.disabled [2004-11-23 1736] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoViewOnDrive"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina] 2003-02-21 10:50 40960 ----a-w- c:\program files\Softex\OmniPass\OPXPGina.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rqRHaWQi] [bU] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService] @="Service" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk backup=c:\windows\pss\Quicken Scheduled Updates.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SideACT!.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\SideACT!.lnk backup=c:\windows\pss\SideACT!.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates from HP.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Updates from HP.lnk backup=c:\windows\pss\Updates from HP.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^spamsubtract.lnk] path=c:\documents and settings\Owner\Start Menu\Programs\Startup\spamsubtract.lnk backup=c:\windows\pss\spamsubtract.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^VirtualExpander.lnk] path=c:\documents and settings\Owner\Start Menu\Programs\Startup\VirtualExpander.lnk backup=c:\windows\pss\VirtualExpander.lnkStartup [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "ctfmon.exe"=c:\windows\system32\ctfmon.exe "Evidence Eliminator"=c:\program files\Evidence Eliminator\ee.exe /m "IEUpdate"=c:\windows\system32\ahuit.exe "MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background "NVIEW"=rundll32.exe nview.dll,nViewLoadHook "BackupNotify"="c:\program files\Hewlett-Packard\Digital Imaging\bin\backupnotify.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "UserFaultCheck"=%systemroot%\system32\dumprep 0 -u "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime "NvCplDaemon"=RUNDLL32.EXE c:\windows\System32\NvCpl.dll,NvStartup "KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k "IEUpdate"=c:\windows\system32\ahuit.exe "IgfxTray"=c:\windows\system32\igfxtray.exe "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" "78d2b5e2"=rundll32.exe "c:\windows\system32\cujeewdj.dll",b "BM7be1867e"=Rundll32.exe "c:\windows\system32\oruqqdea.dll",s "HotKeysCmds"=c:\windows\system32\hkcmd.exe "HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" "NSWosCheck"="c:\program files\Norton SystemWorks" Basic Edition\osCheck.exe "osCheck"="c:\program files\Norton Internet Security\osCheck.exe" "Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_06\bin\jusched.exe" "93734526"=c:\documents and settings\All Users\Application Data\93734526\93734526.exe "13724534"=c:\documents and settings\All Users\Application Data\13724534\13724534.exe "KBD"=c:\hp\KBD\KBD.EXE "HPHmon05"=c:\windows\System32\hphmon05.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\Program Files\\AIM\\aim.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\WINDOWS\\system32\\sessmgr.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [6/13/2009 9:47 AM 108289] R2 BCMNTIO;BCMNTIO;c:\progra~1\CheckIt\DIAGNO~1\BCMNTIO.sys [4/27/2006 8:56 PM 3744] R2 MAPMEM;MAPMEM;c:\progra~1\CheckIt\DIAGNO~1\MAPMEM.sys [4/27/2006 8:56 PM 3904] . Contents of the 'Scheduled Tasks' folder 2009-06-02 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-12 20:34] . - - - - ORPHANS REMOVED - - - - BHO-{6E2ACE37-CF69-4DF0-AD17-C07A90DFB7F7} - (no file) BHO-{D404CB63-461C-4797-8E18-F10BC5D6D824} - (no file) . ------- Supplementary Scan ------- . uStart Page = hxxp://calbanktrust.com mStart Page = hxxp://us9.hpwis.com/ mSearch Bar = hxxp://srch-us9.hpwis.com/ uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = localhost IE: &Google Search - c:\program files\google\GoogleToolbar2.dll/cmsearch.html IE: &Translate English Word - c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html IE: &Viewpoint Search - c:\program files\Viewpoint\Viewpoint Toolbar V35\ViewBar.dll/CXTSEARCH.HTML IE: Backward Links - c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar2.dll/cmcache.html IE: Similar Pages - c:\program files\google\GoogleToolbar2.dll/cmsimilar.html IE: Translate Page into English - c:\program files\google\GoogleToolbar2.dll/cmtrans.html DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab DPF: PackageCab - hxxp://ak.imgag.com/imgag/cp/install/AxCtp2.cab DPF: vzTCPConfig - hxxps://www.verizon.net/WhatsNext/CheckMyPc/vzTCPConfig.CAB DPF: {01010200-5E80-11D8-9E86-0007E96C65AE} - hxxp://supportcenter.adelphia.net/sdccommon/download/tgctlins.cab DPF: {38578BF0-0ABB-11D3-9330-0080C6F796A1} - hxxp://www.imgag.com/cp/install/AxCtp.cab DPF: {B8E71371-F7F7-11D2-A2CE-0060B0FB9D0D} - hxxp://free.aol.com/tryaolfree/cdt175/aolcdt175.cab . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-06-16 07:33 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-326441947-1957948835-3910647482-1003\Software\Microsoft\SystemCertificates\AddressBook*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(640) c:\program files\Softex\OmniPass\opxpgina.dll c:\windows\system32\WRLogonNTF.dll - - - - - - - > 'explorer.exe'(5504) c:\windows\system32\VirtualExpander\VEShellExt.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Avira\AntiVir Desktop\avguard.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\windows\system32\bgsvcgen.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Common Files\Authentium\AntiVirus\dvpapi.exe c:\program files\Common Files\Motive\McciCMService.exe c:\program files\Softex\OmniPass\omniServ.exe c:\windows\system32\hpzipm12.exe c:\program files\Viewpoint\Common\ViewpointService.exe c:\program files\Webroot\Spy Sweeper\SpySweeper.exe c:\program files\Softex\OmniPass\OPXPApp.exe c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe c:\windows\system32\CF26347.exe c:\program files\Hewlett-Packard\Digital Imaging\Unload\HpqCmon.exe c:\windows\system32\taskmgr.exe . ************************************************************************** . Completion time: 2009-06-16 7:43 - machine was rebooted ComboFix-quarantined-files.txt 2009-06-16 14:43 ComboFix2.txt 2009-06-16 03:08 Pre-Run: 48,110,297,088 bytes free Post-Run: 48,100,691,968 bytes free 245 --- E O F --- 2009-06-11 10:38 Please advise as to how to get the Kaspersky downloaded. THX again..

Here you go. Computer is behaving very good.. THANK YOU . Please advise if all clear.. ComboFix 09-06-15.05 - Owner 06/15/2009 19:31.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.247.19 [GMT -7:00] Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7} AV: Spy Sweeper with AntiVirus *On-access scanning disabled* (Updated) {B3891867-7230-459B-9987-E7CCFA7A7D1D} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\drivers\SKYNETxdqqoqom.sys c:\windows\system32\SKYNETliltabdr.dll c:\windows\system32\SKYNETrnygsifv.dat c:\windows\system32\SKYNETtuhdpjwr.dll c:\windows\system32\SKYNETvxbqmwwb.dat c:\windows\IE4 Error Log.txt c:\windows\system32\drivers\SKYNETxdqqoqom.sys c:\windows\system32\iAlmcoin.dll c:\windows\system32\SKYNETliltabdr.dll c:\windows\system32\SKYNETrnygsifv.dat c:\windows\system32\SKYNETtuhdpjwr.dll c:\windows\system32\SKYNETvxbqmwwb.dat c:\windows\system32\uuDgPqss.ini D:\Autorun.inf D:\Desktop.ini . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_SKYNETswrrjcbr -------\Legacy_CLBDRIVER ((((((((((((((((((((((((( Files Created from 2009-05-16 to 2009-06-16 ))))))))))))))))))))))))))))))) . 2009-06-16 00:45 . 2009-06-16 00:46 984 ----a-w- c:\documents and settings\Owner\Application Data\Motive\Acme\plugin\maps\mmap.bat 2009-06-16 00:45 . 2009-06-16 00:46 413696 ----a-w- c:\documents and settings\Owner\Application Data\Motive\Acme\plugin\maps\resources\deusr\bin\motkt.dll 2009-06-16 00:45 . 2009-06-16 00:46 311296 ----a-w- c:\documents and settings\Owner\Application Data\Motive\Acme\plugin\maps\resources\deusr\bin\motivede.dll 2009-06-14 06:06 . 2009-06-14 06:06 -------- d-----w- c:\program files\ERUNT 2009-06-13 16:47 . 2009-03-30 17:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys 2009-06-13 16:47 . 2009-03-24 23:08 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2009-06-13 16:47 . 2009-02-13 19:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys 2009-06-13 16:47 . 2009-02-13 19:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys 2009-06-13 16:47 . 2009-06-13 16:47 -------- d-----w- c:\program files\Avira 2009-06-13 16:47 . 2009-06-13 16:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira 2009-06-13 01:40 . 2009-06-13 01:40 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Webroot 2009-06-12 22:04 . 2009-06-13 06:21 -------- d-----w- c:\documents and settings\All Users\Application Data\93734526 2009-06-12 22:04 . 2009-06-13 06:21 -------- d-----w- c:\documents and settings\All Users\Application Data\13724534 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-06-13 06:59 . 2009-02-10 04:07 -------- d-----w- c:\program files\Common Files\Scanner 2009-06-05 06:02 . 2008-06-01 07:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-06-05 06:02 . 2008-06-15 03:49 3371383 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe 2009-05-29 07:54 . 2008-10-11 06:11 -------- d-----w- c:\program files\Moyea 2009-05-26 20:20 . 2008-08-27 16:57 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-05-26 20:19 . 2008-06-01 07:04 19096 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-05-07 15:32 . 2006-07-15 16:08 345600 ----a-w- c:\windows\system32\localspl.dll 2009-04-29 04:56 . 2006-06-23 18:33 827392 ----a-w- c:\windows\system32\wininet.dll 2009-04-29 04:55 . 2004-08-04 07:56 78336 ----a-w- c:\windows\system32\ieencode.dll 2009-04-27 03:22 . 2009-02-10 04:04 -------- d-----w- c:\program files\Verizon 2009-04-19 16:49 . 2003-08-23 14:12 53568 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-04-17 12:26 . 2006-07-15 16:08 1847168 ----a-w- c:\windows\system32\win32k.sys 2009-04-15 14:51 . 2006-07-15 16:08 585216 ----a-w- c:\windows\system32\rpcrt4.dll 2005-08-01 04:25 . 2005-08-01 04:25 1691 ----a-w- c:\program files\ImageMixer VCD DVD2 for OLYMPUS 2.0.lnk 2004-03-27 23:26 . 2004-02-03 02:23 56 --sha-r- c:\windows\system32\96F0810076.sys 2008-05-26 00:03 . 2008-05-26 00:03 1417782 --sha-w- c:\windows\system32\ajkrtcao.tmp 2008-05-31 20:19 . 2008-05-31 20:19 1504336 --sha-w- c:\windows\system32\ycpqelpo.tmp . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VirtualExpanderFile.1] @="{E4000AC4-5E5F-4956-807A-C5854405D64F}" [HKEY_CLASSES_ROOT\CLSID\{E4000AC4-5E5F-4956-807A-C5854405D64F}] 2006-04-23 00:20 73728 ----a-w- c:\windows\system32\VirtualExpander\VEShellExt.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736] "Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992] "CamMonitor"="c:\program files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe" [2002-10-07 90112] "HPHUPD05"="c:\program files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [2003-05-23 49152] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088] "Verizon_McciTrayApp"="c:\program files\Verizon\McciTrayApp.exe" [2009-01-30 1553920] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] "AlcxMonitor"="ALCXMNTR.EXE" - c:\windows\ALCXMNTR.EXE [2004-09-07 57344] c:\documents and settings\Administrator\Start Menu\Programs\Startup\ mod_sm.lnk.disabled [2003-3-3 641] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Microsoft Office.lnk.disabled [2004-11-23 1736] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoViewOnDrive"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina] 2003-02-21 10:50 40960 ----a-w- c:\program files\Softex\OmniPass\OPXPGina.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tyF73.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService] @="Service" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk backup=c:\windows\pss\Quicken Scheduled Updates.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SideACT!.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\SideACT!.lnk backup=c:\windows\pss\SideACT!.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates from HP.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Updates from HP.lnk backup=c:\windows\pss\Updates from HP.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^spamsubtract.lnk] path=c:\documents and settings\Owner\Start Menu\Programs\Startup\spamsubtract.lnk backup=c:\windows\pss\spamsubtract.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^VirtualExpander.lnk] path=c:\documents and settings\Owner\Start Menu\Programs\Startup\VirtualExpander.lnk backup=c:\windows\pss\VirtualExpander.lnkStartup [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "ctfmon.exe"=c:\windows\system32\ctfmon.exe "Evidence Eliminator"=c:\program files\Evidence Eliminator\ee.exe /m "IEUpdate"=c:\windows\system32\ahuit.exe "MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background "NVIEW"=rundll32.exe nview.dll,nViewLoadHook "BackupNotify"="c:\program files\Hewlett-Packard\Digital Imaging\bin\backupnotify.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "UserFaultCheck"=%systemroot%\system32\dumprep 0 -u "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime "NvCplDaemon"=RUNDLL32.EXE c:\windows\System32\NvCpl.dll,NvStartup "KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k "IEUpdate"=c:\windows\system32\ahuit.exe "IgfxTray"=c:\windows\system32\igfxtray.exe "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" "78d2b5e2"=rundll32.exe "c:\windows\system32\cujeewdj.dll",b "BM7be1867e"=Rundll32.exe "c:\windows\system32\oruqqdea.dll",s "HotKeysCmds"=c:\windows\system32\hkcmd.exe "HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" "NSWosCheck"="c:\program files\Norton SystemWorks" Basic Edition\osCheck.exe "osCheck"="c:\program files\Norton Internet Security\osCheck.exe" "Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_06\bin\jusched.exe" "93734526"=c:\documents and settings\All Users\Application Data\93734526\93734526.exe "13724534"=c:\documents and settings\All Users\Application Data\13724534\13724534.exe "KBD"=c:\hp\KBD\KBD.EXE "HPHmon05"=c:\windows\System32\hphmon05.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\Program Files\\AIM\\aim.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\WINDOWS\\system32\\sessmgr.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [6/13/2009 9:47 AM 108289] R2 BCMNTIO;BCMNTIO;c:\progra~1\CheckIt\DIAGNO~1\BCMNTIO.sys [4/27/2006 8:56 PM 3744] R2 MAPMEM;MAPMEM;c:\progra~1\CheckIt\DIAGNO~1\MAPMEM.sys [4/27/2006 8:56 PM 3904] R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [1/16/2007 10:22 PM 24652] S0 tyF73;tyF73;c:\windows\system32\Drivers\tyF73.sys --> c:\windows\system32\Drivers\tyF73.sys [?] S2 mrtRate;mrtRate; [x] . Contents of the 'Scheduled Tasks' folder 2009-06-02 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-12 20:34] 2009-06-04 c:\windows\Tasks\wrSpySweeper_L56BE5A51941B4B4380CA04DA49F74016.job - c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe [2008-05-29 03:56] 2009-06-04 c:\windows\Tasks\wrSpySweeper_L56BE5A51941B4B4380CA04DA49F74016.job - c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe [2008-05-29 03:56] 2009-05-27 c:\windows\Tasks\wrSpySweeper_LC480A12D1CFB4B78B14DA6D5915F96D8.job - c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe [2008-05-29 03:56] 2009-05-27 c:\windows\Tasks\wrSpySweeper_LC480A12D1CFB4B78B14DA6D5915F96D8.job - c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe [2008-05-29 03:56] 2009-06-13 c:\windows\Tasks\wrSpySweeper_LD3C05A2BEF2C41BBB1E724849A929432.job - c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe [2008-05-29 03:56] 2009-06-13 c:\windows\Tasks\wrSpySweeper_LD3C05A2BEF2C41BBB1E724849A929432.job - c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe [2008-05-29 03:56] . - - - - ORPHANS REMOVED - - - - BHO-{6E2ACE37-CF69-4DF0-AD17-C07A90DFB7F7} - (no file) BHO-{D404CB63-461C-4797-8E18-F10BC5D6D824} - (no file) Notify-rqRHaWQi - (no file) . ------- Supplementary Scan ------- . uStart Page = hxxp://calbanktrust.com uDefault_Search_URL = about:blank mStart Page = hxxp://us9.hpwis.com/ mSearch Bar = hxxp://srch-us9.hpwis.com/ uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = localhost IE: &Google Search - c:\program files\google\GoogleToolbar2.dll/cmsearch.html IE: &Translate English Word - c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html IE: &Viewpoint Search - c:\program files\Viewpoint\Viewpoint Toolbar V35\ViewBar.dll/CXTSEARCH.HTML IE: Backward Links - c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar2.dll/cmcache.html IE: Similar Pages - c:\program files\google\GoogleToolbar2.dll/cmsimilar.html IE: Translate Page into English - c:\program files\google\GoogleToolbar2.dll/cmtrans.html Trusted Zone: alliedinsurance.com\www Trusted Zone: frontbridge.com\spam Trusted Zone: frontbridge.com\webmail Trusted Zone: microsoft.com\*.update Trusted Zone: windowsupdate.com\download DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab DPF: PackageCab - hxxp://ak.imgag.com/imgag/cp/install/AxCtp2.cab DPF: vzTCPConfig - hxxps://www.verizon.net/WhatsNext/CheckMyPc/vzTCPConfig.CAB DPF: {01010200-5E80-11D8-9E86-0007E96C65AE} - hxxp://supportcenter.adelphia.net/sdccommon/download/tgctlins.cab DPF: {38578BF0-0ABB-11D3-9330-0080C6F796A1} - hxxp://www.imgag.com/cp/install/AxCtp.cab DPF: {B8E71371-F7F7-11D2-A2CE-0060B0FB9D0D} - hxxp://free.aol.com/tryaolfree/cdt175/aolcdt175.cab . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-06-15 19:58 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-326441947-1957948835-3910647482-1003\Software\Microsoft\SystemCertificates\AddressBook*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(644) c:\program files\Softex\OmniPass\opxpgina.dll c:\windows\system32\WRLogonNTF.dll - - - - - - - > 'explorer.exe'(240) c:\windows\system32\VirtualExpander\VEShellExt.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Avira\AntiVir Desktop\avguard.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\windows\system32\bgsvcgen.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Common Files\Authentium\AntiVirus\dvpapi.exe c:\program files\Common Files\Motive\McciCMService.exe c:\program files\Softex\OmniPass\omniServ.exe c:\windows\system32\hpzipm12.exe c:\program files\Webroot\Spy Sweeper\SpySweeper.exe c:\program files\Softex\OmniPass\OPXPApp.exe c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe c:\program files\Hewlett-Packard\Digital Imaging\Unload\HpqCmon.exe c:\program files\iPod\bin\iPodService.exe . ************************************************************************** . Completion time: 2009-06-16 20:08 - machine was rebooted ComboFix-quarantined-files.txt 2009-06-16 03:08 Pre-Run: 47,578,062,848 bytes free Post-Run: 48,131,715,072 bytes free 269 --- E O F --- 2009-06-11 10:38

Ok I'm back.. I've copied the partial report from gmer. As an after thought, I am also copying the results of the scans that I had completed prior to contacting this forum. Maybe this will help in discerning the problems. Should I proceed to do the ROOTREPEAL scan? I will wait for your response.. Thanks again! GMER 1.0.15.14972 - http://www.gmer.net Rootkit scan 2009-06-15 07:09:21 Windows 5.1.2600 Service Pack 3 ---- System - GMER 1.0.15 ---- Code FFB46678 ZwCreateSection Code 81A33C70 ZwDuplicateObject Code FF93BA30 ZwEnumerateKey Code FF9979C8 ZwFlushInstructionCache Code FF95AC70 ZwSetInformationFile Code 81993510 ZwSetSystemInformation Code FF7D3C70 ZwWriteFile Code FF997E36 IofCallDriver Code FF9714A6 IofCompleteRequest Code FFB46677 NtCreateSection Code 81A33C6F NtDuplicateObject Code FF95AC6F NtSetInformationFile Code FF7D3C6F NtWriteFile ---- Devices - GMER 1.0.15 ---- AttachedDevice \FileSystem\Ntfs \Ntfs SSFS0BB9.SYS (Spy Sweeper FileSystem Filter Driver/Webroot Software Inc (www.webroot.com)) Device \FileSystem\Fastfat \FatCdrom Code FFB41340 Device \Driver\Tcpip \Device\Ip FF9CA190 Device \Driver\Tcpip \Device\Ip FFB37020 Device ACPI.sys (ACPI Driver for NT/Microsoft Corporation) Device \Driver\Tcpip \Device\Tcp FF9CA190 Device \Driver\Tcpip \Device\Tcp FFB37020 Device \Driver\Tcpip \Device\Udp FF9CA190 Device \Driver\Tcpip \Device\Udp FFB37020 Device \Driver\Tcpip \Device\RawIp FF9CA190 Device \Driver\Tcpip \Device\RawIp FFB37020 Device \Driver\Tcpip \Device\IPMULTICAST FF9CA190 Device \Driver\Tcpip \Device\IPMULTICAST FFB37020 Device \FileSystem\Fastfat \Fat Code FFB41340 AttachedDevice \FileSystem\Fastfat \Fat SSFS0BB9.SYS (Spy Sweeper FileSystem Filter Driver/Webroot Software Inc (www.webroot.com)) AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) ---- Processes - GMER 1.0.15 ---- Process hidden process (*** hidden *** ) 15204 Process hidden process (*** hidden *** ) 15428 Process hidden process (*** hidden *** ) 15536 Process hidden process (*** hidden *** ) 15576 Process hidden process (*** hidden *** ) 15796 Process hidden process (*** hidden *** ) 15820 Process hidden process (*** hidden *** ) 15852 Process hidden process (*** hidden *** ) 15860 Process hidden process (*** hidden *** ) 15868 Process hidden process (*** hidden *** ) 15908 Process hidden process (*** hidden *** ) 15920 Process hidden process (*** hidden *** ) 16072 ---- Services - GMER 1.0.15 ---- Service C:\WINDOWS\system32\drivers\SKYNETxdqqoqom.sys (*** hidden *** ) [sYSTEM] SKYNETswrrjcbr <-- ROOTKIT !!! ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETswrrjcbr Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETswrrjcbr@start 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETswrrjcbr@type 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETswrrjcbr@group file system Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETswrrjcbr@imagepath \systemroot\system32\drivers\SKYNETxdqqoqom.sys Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETswrrjcbr\main Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETswrrjcbr\main@aid 10120 Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETswrrjcbr\main@sid 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETswrrjcbr\main@cmddelay 7200 Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETswrrjcbr\main\delete Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETswrrjcbr\main\injector Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETswrrjcbr\main\injector@* SKYNETwsp.dll Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETswrrjcbr\main\tasks Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETswrrjcbr\modules Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETswrrjcbr\modules@SKYNETrk.sys \systemroot\system32\drivers\SKYNETxdqqoqom.sys Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETswrrjcbr\modules@SKYNETcmd.dll \systemroot\system32\SKYNETliltabdr.dll Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETswrrjcbr\modules@SKYNETlog.dat \systemroot\system32\SKYNETvxbqmwwb.dat Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETswrrjcbr\modules@SKYNETwsp.dll \systemroot\system32\SKYNETtuhdpjwr.dll Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETswrrjcbr\modules@SKYNET.dat \systemroot\system32\SKYNETrnygsifv.dat Reg HKLM\SYSTEM\ControlSet004\Services\SKYNETswrrjcbr Reg HKLM\SYSTEM\ControlSet004\Services\SKYNETswrrjcbr@start 1 Reg HKLM\SYSTEM\ControlSet004\Services\SKYNETswrrjcbr@type 1 Reg HKLM\SYSTEM\ControlSet004\Services\SKYNETswrrjcbr@group file system Reg HKLM\SYSTEM\ControlSet004\Services\SKYNETswrrjcbr@imagepath \systemroot\system32\drivers\SKYNETxdqqoqom.sys Reg HKLM\SYSTEM\ControlSet004\Services\SKYNETswrrjcbr\main Reg HKLM\SYSTEM\ControlSet004\Services\SKYNETswrrjcbr\main@aid 10120 Reg HKLM\SYSTEM\ControlSet004\Services\SKYNETswrrjcbr\main@sid 0 Reg HKLM\SYSTEM\ControlSet004\Services\SKYNETswrrjcbr\main@cmddelay 7200 Reg HKLM\SYSTEM\ControlSet004\Services\SKYNETswrrjcbr\main\delete Reg HKLM\SYSTEM\ControlSet004\Services\SKYNETswrrjcbr\main\injector Reg HKLM\SYSTEM\ControlSet004\Services\SKYNETswrrjcbr\main\injector@* SKYNETwsp.dll Reg HKLM\SYSTEM\ControlSet004\Services\SKYNETswrrjcbr\main\tasks Reg HKLM\SYSTEM\ControlSet004\Services\SKYNETswrrjcbr\modules Reg HKLM\SYSTEM\ControlSet004\Services\SKYNETswrrjcbr\modules@SKYNETrk.sys \systemroot\system32\drivers\SKYNETxdqqoqom.sys Reg HKLM\SYSTEM\ControlSet004\Services\SKYNETswrrjcbr\modules@SKYNETcmd.dll \systemroot\system32\SKYNETliltabdr.dll Reg HKLM\SYSTEM\ControlSet004\Services\SKYNETswrrjcbr\modules@SKYNETlog.dat \systemroot\system32\SKYNETvxbqmwwb.dat Reg HKLM\SYSTEM\ControlSet004\Services\SKYNETswrrjcbr\modules@SKYNETwsp.dll \systemroot\system32\SKYNETtuhdpjwr.dll Reg HKLM\SYSTEM\ControlSet004\Services\SKYNETswrrjcbr\modules@SKYNET.dat \systemroot\system32\SKYNETrnygsifv.dat Reg HKLM\SOFTWARE\Classes\CLSID\{00A2CCDC-4BE0-BECD-A563-A7145AE65077}\InProcServer32@ %SystemRoot%\System32\browseui.dll Reg HKLM\SOFTWARE\Classes\CLSID\{00A2CCDC-4BE0-BECD-A563-A7145AE65077}\InProcServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{00C10500-6CE3-84D4-575D-175CB8B271FF}\InprocHandler32@ ole32.dll Reg HKLM\SOFTWARE\Classes\CLSID\{00C10500-6CE3-84D4-575D-175CB8B271FF}\LocalServer32@ C:\PROGRA~1\MICROS~2\Office\WINWORD.EXE /Automation Reg HKLM\SOFTWARE\Classes\CLSID\{00C10500-6CE3-84D4-575D-175CB8B271FF}\LocalServer32@LocalServer32 10!!!gxsf(Ng]qF`H{LsWORDFiles>llT]jI{jf(=1&L[-81-] /Automation? Reg HKLM\SOFTWARE\Classes\CLSID\{00C10500-6CE3-84D4-575D-175CB8B271FF}\ProgID@ Word.Application.9 Reg HKLM\SOFTWARE\Classes\CLSID\{00C10500-6CE3-84D4-575D-175CB8B271FF}\VersionIndependentProgID@ Word.Application Reg HKLM\SOFTWARE\Classes\CLSID\{031B8030-D0A2-363F-2275-1D5FEF65A9F6}\Insertable@ Reg HKLM\SOFTWARE\Classes\CLSID\{031B8030-D0A2-363F-2275-1D5FEF65A9F6}\Ole1Class@ MPlayer Reg HKLM\SOFTWARE\Classes\CLSID\{031B8030-D0A2-363F-2275-1D5FEF65A9F6}\ProgID@ MPlayer Reg HKLM\SOFTWARE\Classes\CLSID\{031B8030-D0A2-363F-2275-1D5FEF65A9F6}\TreatAs@ {00022601-0000-0000-C000-000000000046} Reg HKLM\SOFTWARE\Classes\CLSID\{0A432577-9DC9-40AE-AA46-6411124A4C8E}\Ole1Class@ WP8Doc Reg HKLM\SOFTWARE\Classes\CLSID\{0A432577-9DC9-40AE-AA46-6411124A4C8E}\ProgID@ WP8Doc Reg HKLM\SOFTWARE\Classes\CLSID\{0D05F5EA-EF9F-7F27-904C-5AC5AC1B9155}\InprocServer32@ C:\WINDOWS\system32\mfc42.dll Reg HKLM\SOFTWARE\Classes\CLSID\{0D05F5EA-EF9F-7F27-904C-5AC5AC1B9155}\InprocServer32@InprocServer32 R0XISx3yLA2[L[A^.G0(Typical>l^*4T$!iE@AW'_1m2-*C?@Gem2BdaJ?ES60)4^LTy>=3&5,B^pf(V%eqFgkW_B?voC'0Fe7s=eTxzvF2=aaScan>=3&5,B^pf(V%eqFgkW_B?XmU5ExJfu9]$gId's5~1QuickProjects>=3&5,B^pf(V%eqFgkW_B?JS+qg~3aA?X$KEQ{w?_-MyImages>=3&5,B^pf(V%eqFgkW_B?s46'FYxog=e~RTbgveVQPrintCreator>=%YAYRcuf(mdaqF-Q9q.?s46'FYxog=e~RTbgveVQcuPvc2>=3&5,B^pf(V%eqFgkW_B? Reg HKLM\SOFTWARE\Classes\CLSID\{15AFE201-8D63-7C14-2165-38E87248F036}\InprocServer32@ C:\WINDOWS\System32\dx3j.dll Reg HKLM\SOFTWARE\Classes\CLSID\{15AFE201-8D63-7C14-2165-38E87248F036}\InprocServer32@ThreadingModel both Reg HKLM\SOFTWARE\Classes\CLSID\{15AFE201-8D63-7C14-2165-38E87248F036}\ProgID@ DIRECT.DirectPlay2.3 Reg HKLM\SOFTWARE\Classes\CLSID\{15AFE201-8D63-7C14-2165-38E87248F036}\VersionIndependentProgID@ DIRECT.DiectPlay2.3 Reg HKLM\SOFTWARE\Classes\CLSID\{23935D06-F101-12F8-4D8F-8F243ECDD1A4}\LocalServer32@ "C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE" Reg HKLM\SOFTWARE\Classes\CLSID\{23935D06-F101-12F8-4D8F-8F243ECDD1A4}\ProgID@ Symantec.stLUProgressCallback.1 Reg HKLM\SOFTWARE\Classes\CLSID\{23935D06-F101-12F8-4D8F-8F243ECDD1A4}\TypeLib@ {51B9BCA6-4A06-11D3-B538-00902771A435} Reg HKLM\SOFTWARE\Classes\CLSID\{23935D06-F101-12F8-4D8F-8F243ECDD1A4}\VersionIndependentProgID@ Symantec.stLUProgressCallback Reg HKLM\SOFTWARE\Classes\CLSID\{252E569D-13FE-94AF-FD02-2752A487F89C}\InprocServer32@ C:\WINDOWS\System32\mstime.dll Reg HKLM\SOFTWARE\Classes\CLSID\{252E569D-13FE-94AF-FD02-2752A487F89C}\InprocServer32@ThreadingModel both Reg HKLM\SOFTWARE\Classes\CLSID\{252E569D-13FE-94AF-FD02-2752A487F89C}\ProgID@ MSTIME.SMILAnimCompSiteFactory.1 Reg HKLM\SOFTWARE\Classes\CLSID\{252E569D-13FE-94AF-FD02-2752A487F89C}\VersionIndependentProgID@ MSTIME.SMILAnimCompSiteFactory Reg HKLM\SOFTWARE\Classes\CLSID\{25CBCEA0-43D5-1289-C7B6-517316B45B4B}\InprocHandler32@ ole32.dll Reg HKLM\SOFTWARE\Classes\CLSID\{25CBCEA0-43D5-1289-C7B6-517316B45B4B}\LocalServer32@ C:\PROGRA~1\MICROS~2\Office\OUTLOOK.EXE Reg HKLM\SOFTWARE\Classes\CLSID\{25CBCEA0-43D5-1289-C7B6-517316B45B4B}\LocalServer32@LocalServer32 10!!!gxsf(Ng]qF`H{LsOUTLOOKFiles>ToT]jI{jf(=1&L[-81-]? Reg HKLM\SOFTWARE\Classes\CLSID\{26B41561-A1B3-8D17-A7DE-051BE27736BA}\AutoConvertTo@ {64818D10-4F9B-11CF-86EA-00AA00B929E8} Reg HKLM\SOFTWARE\Classes\CLSID\{26B41561-A1B3-8D17-A7DE-051BE27736BA}\NotInsertable@ Reg HKLM\SOFTWARE\Classes\CLSID\{26B41561-A1B3-8D17-A7DE-051BE27736BA}\Ole1Class@ MSPowerPoint Reg HKLM\SOFTWARE\Classes\CLSID\{26B41561-A1B3-8D17-A7DE-051BE27736BA}\ProgID@ MSPowerPoint Reg HKLM\SOFTWARE\Classes\CLSID\{2C5CCF7C-0D36-2744-777E-BDB8E644C83C}\InprocServer32@ c:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqehttp.dll Reg HKLM\SOFTWARE\Classes\CLSID\{2C5CCF7C-0D36-2744-777E-BDB8E644C83C}\InprocServer32@InprocServer32 s46'FYxog=e~RTbgveVQcuPvc1>Kws&^g.Bw8Q84F.'H+wn? Reg HKLM\SOFTWARE\Classes\CLSID\{2C5CCF7C-0D36-2744-777E-BDB8E644C83C}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{2C5CCF7C-0D36-2744-777E-BDB8E644C83C}\ProgID@ Hpqehttp.AssetUploadService.1 Reg HKLM\SOFTWARE\Classes\CLSID\{2C5CCF7C-0D36-2744-777E-BDB8E644C83C}\TypeLib@ {8E88DCDE-C5CC-462D-9D69-4058A2F97730} Reg HKLM\SOFTWARE\Classes\CLSID\{2C5CCF7C-0D36-2744-777E-BDB8E644C83C}\VersionIndependentProgID@ Hpqehttp.AssetUploadService Reg HKLM\SOFTWARE\Classes\CLSID\{2DA93FC2-192D-002B-F974-1CAF66C808E2}\InprocServer32@ C:\WINDOWS\System32\qcap.dll Reg HKLM\SOFTWARE\Classes\CLSID\{2DA93FC2-192D-002B-F974-1CAF66C808E2}\InprocServer32@ThreadingModel Both Reg HKLM\SOFTWARE\Classes\CLSID\{30D25B48-48C5-F1BE-9E07-DCD372605F11}\InProcServer32@ wiavusd.dll Reg HKLM\SOFTWARE\Classes\CLSID\{30D25B48-48C5-F1BE-9E07-DCD372605F11}\InProcServer32@ThreadingModel Both Reg HKLM\SOFTWARE\Classes\CLSID\{30D25B48-48C5-F1BE-9E07-DCD372605F11}\ProgId@ StillImage.VideoCapture.1 Reg HKLM\SOFTWARE\Classes\CLSID\{30D25B48-48C5-F1BE-9E07-DCD372605F11}\VersionIndependentProgId@ StillImage.VideoCapture.1 Reg HKLM\SOFTWARE\Classes\CLSID\{36018685-C5B5-9B32-AB55-39A30EA1A452}\InProcServer32@ ole32.dll Reg HKLM\SOFTWARE\Classes\CLSID\{37E6B737-2341-8A00-D250-BD1235C52220}\RTFClassName@ WrdPrfctDos Reg HKLM\SOFTWARE\Classes\CLSID\{38AE9EA3-F103-9F16-A792-ED2C16FB1CA2}\InprocServer32@ C:\WINDOWS\System32\qdv.dll Reg HKLM\SOFTWARE\Classes\CLSID\{38AE9EA3-F103-9F16-A792-ED2C16FB1CA2}\InprocServer32@ThreadingModel Both Reg HKLM\SOFTWARE\Classes\CLSID\{38AF9B91-0245-992F-6C66-53D38DF21EE6}\Implemented Categories\{62C8FE65-4EBB-45E7-B440-6E39B2CDBF29} Reg HKLM\SOFTWARE\Classes\CLSID\{38AF9B91-0245-992F-6C66-53D38DF21EE6}\Implemented Categories\{62C8FE65-4EBB-45E7-B440-6E39B2CDBF29}@ Reg HKLM\SOFTWARE\Classes\CLSID\{38AF9B91-0245-992F-6C66-53D38DF21EE6}\InprocServer32@ mscoree.dll Reg HKLM\SOFTWARE\Classes\CLSID\{38AF9B91-0245-992F-6C66-53D38DF21EE6}\InprocServer32@ThreadingModel Both Reg HKLM\SOFTWARE\Classes\CLSID\{38AF9B91-0245-992F-6C66-53D38DF21EE6}\InprocServer32@Class System.Runtime.InteropServices.COMException Reg HKLM\SOFTWARE\Classes\CLSID\{38AF9B91-0245-992F-6C66-53D38DF21EE6}\InprocServer32@Assembly mscorlib, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 Reg HKLM\SOFTWARE\Classes\CLSID\{38AF9B91-0245-992F-6C66-53D38DF21EE6}\InprocServer32@RuntimeVersion v1.1.4322 Reg HKLM\SOFTWARE\Classes\CLSID\{38AF9B91-0245-992F-6C66-53D38DF21EE6}\InprocServer32\1.0.5000.0 Reg HKLM\SOFTWARE\Classes\CLSID\{38AF9B91-0245-992F-6C66-53D38DF21EE6}\InprocServer32\1.0.5000.0@Class System.Runtime.InteropServices.COMException Reg HKLM\SOFTWARE\Classes\CLSID\{38AF9B91-0245-992F-6C66-53D38DF21EE6}\InprocServer32\1.0.5000.0@Assembly mscorlib, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 Reg HKLM\SOFTWARE\Classes\CLSID\{38AF9B91-0245-992F-6C66-53D38DF21EE6}\InprocServer32\1.0.5000.0@RuntimeVersion v1.1.4322 Reg HKLM\SOFTWARE\Classes\CLSID\{38AF9B91-0245-992F-6C66-53D38DF21EE6}\ProgId@ System.Runtime.InteropServices.COMException Reg HKLM\SOFTWARE\Classes\CLSID\{3C91CB00-8514-901B-651D-5D20DF97F7FA}\InprocServer32@ C:\WINDOWS\System32\nvcpl.dll Reg HKLM\SOFTWARE\Classes\CLSID\{3C91CB00-8514-901B-651D-5D20DF97F7FA}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{44A5F587-110C-7775-09E1-150D080F26AE}\InprocServer32@ C:\WINDOWS\system32\msvidctl.dll Reg HKLM\SOFTWARE\Classes\CLSID\{44A5F587-110C-7775-09E1-150D080F26AE}\InprocServer32@ThreadingModel Both Reg HKLM\SOFTWARE\Classes\CLSID\{44A5F587-110C-7775-09E1-150D080F26AE}\TypeLib@ {9B085638-018E-11D3-9D8E-00C04F72D980} Reg HKLM\SOFTWARE\Classes\CLSID\{4B39E890-C7CA-9820-0BCA-6DA048925FED}\InprocHandler32@ ole32.dll Reg HKLM\SOFTWARE\Classes\CLSID\{4B39E890-C7CA-9820-0BCA-6DA048925FED}\LocalServer32@ C:\PROGRA~1\MICROS~2\Office\OUTLOOK.EXE Reg HKLM\SOFTWARE\Classes\CLSID\{4B39E890-C7CA-9820-0BCA-6DA048925FED}\LocalServer32@LocalServer32 10!!!gxsf(Ng]qF`H{LsOUTLOOKFiles>ToT]jI{jf(=1&L[-81-]? Reg HKLM\SOFTWARE\Classes\CLSID\{4DEF69C9-7051-AD87-BDC1-D408C5390C5C}\LocalServer32@LocalServer32 10!!!gxsf(Ng]qF`H{LsDatabaseReplication>hzBkuInpf(Ed)L[lj+'(? Reg HKLM\SOFTWARE\Classes\CLSID\{4DEF69C9-7051-AD87-BDC1-D408C5390C5C}\ProgID@ WzConflict.Wizard Reg HKLM\SOFTWARE\Classes\CLSID\{5218F687-A38C-4622-C098-EDAB060EE2C7}\InprocServer32@ C:\Program Files\Microsoft Money\System\mspfctl1.ocx Reg HKLM\SOFTWARE\Classes\CLSID\{5218F687-A38C-4622-C098-EDAB060EE2C7}\InprocServer32@InprocServer32 .I}^!g[j7A2=!H+BS2TOfeat.Program>`]J-Uux@g(gjYeAyP.HQ? Reg HKLM\SOFTWARE\Classes\CLSID\{5255CE12-C99C-E457-4434-E1142D08C704}\Insertable@ Reg HKLM\SOFTWARE\Classes\CLSID\{5255CE12-C99C-E457-4434-E1142D08C704}\Ole1Class@ MPlayer Reg HKLM\SOFTWARE\Classes\CLSID\{5255CE12-C99C-E457-4434-E1142D08C704}\ProgID@ MPlayer Reg HKLM\SOFTWARE\Classes\CLSID\{5255CE12-C99C-E457-4434-E1142D08C704}\TreatAs@ {00022601-0000-0000-C000-000000000046} Reg HKLM\SOFTWARE\Classes\CLSID\{5A1A4A1F-3466-CD6F-A443-FF5E420A7557}\InprocServer32@ C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\MMRadioEngine.dll Reg HKLM\SOFTWARE\Classes\CLSID\{5A1A4A1F-3466-CD6F-A443-FF5E420A7557}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{5A1A4A1F-3466-CD6F-A443-FF5E420A7557}\ProgID@ MMRadioEngine.RadioEngineObj.1 Reg HKLM\SOFTWARE\Classes\CLSID\{5A1A4A1F-3466-CD6F-A443-FF5E420A7557}\TypeLib@ {0C5D39A3-460B-11D4-ADE1-0050DACD3DB9} Reg HKLM\SOFTWARE\Classes\CLSID\{5A1A4A1F-3466-CD6F-A443-FF5E420A7557}\VersionIndependentProgID@ MMRadioEngine.RadioEngineObj Reg HKLM\SOFTWARE\Classes\CLSID\{5CA477D1-1E14-16B2-2605-3950024911C6}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502} Reg HKLM\SOFTWARE\Classes\CLSID\{5CA477D1-1E14-16B2-2605-3950024911C6}\InProcServer32@ C:\WINDOWS\System32\wshom.ocx Reg HKLM\SOFTWARE\Classes\CLSID\{5CA477D1-1E14-16B2-2605-3950024911C6}\InProcServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{5CA477D1-1E14-16B2-2605-3950024911C6}\ProgID@ WScript.Network.1 Reg HKLM\SOFTWARE\Classes\CLSID\{5CA477D1-1E14-16B2-2605-3950024911C6}\TypeLib@ {F935DC20-1CF0-11D0-ADB9-00C04FD58A0B} Reg HKLM\SOFTWARE\Classes\CLSID\{5CA477D1-1E14-16B2-2605-3950024911C6}\VersionIndependentProgID@ WScript.Network Reg HKLM\SOFTWARE\Classes\CLSID\{5D089152-8CE4-5472-CD9A-40C48337E28A}\ShellFolder@Attributes 114 Reg HKLM\SOFTWARE\Classes\CLSID\{69ADA834-9CB5-8EE9-1265-38883729A7A2}\InprocServer32@ %ProgramFiles%\Outlook Express\oeimport.dll Reg HKLM\SOFTWARE\Classes\CLSID\{69ADA834-9CB5-8EE9-1265-38883729A7A2}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{6B30EBC6-92C2-8F00-10CC-96A2713E8079}\InProcServer32@ dpvoice.dll Reg HKLM\SOFTWARE\Classes\CLSID\{6B30EBC6-92C2-8F00-10CC-96A2713E8079}\InProcServer32@ThreadingModel Both Reg HKLM\SOFTWARE\Classes\CLSID\{6B30EBC6-92C2-8F00-10CC-96A2713E8079}\ProgID@ DirectPlayVoice.Test.1 Reg HKLM\SOFTWARE\Classes\CLSID\{6B30EBC6-92C2-8F00-10CC-96A2713E8079}\VersionIndependentProgID@ DirectPlayVoice.Test Reg HKLM\SOFTWARE\Classes\CLSID\{7068F753-86F0-CAA4-2F34-A44A63EC61C9}\Implemented Categories\{62C8FE65-4EBB-45E7-B440-6E39B2CDBF29} Reg HKLM\SOFTWARE\Classes\CLSID\{7068F753-86F0-CAA4-2F34-A44A63EC61C9}\Implemented Categories\{62C8FE65-4EBB-45E7-B440-6E39B2CDBF29}@ Reg HKLM\SOFTWARE\Classes\CLSID\{7068F753-86F0-CAA4-2F34-A44A63EC61C9}\InprocServer32@ mscoree.dll Reg HKLM\SOFTWARE\Classes\CLSID\{7068F753-86F0-CAA4-2F34-A44A63EC61C9}\InprocServer32@ThreadingModel Both Reg HKLM\SOFTWARE\Classes\CLSID\{7068F753-86F0-CAA4-2F34-A44A63EC61C9}\InprocServer32@Class System.Runtime.Remoting.Proxies.ProxyAttribute Reg HKLM\SOFTWARE\Classes\CLSID\{7068F753-86F0-CAA4-2F34-A44A63EC61C9}\InprocServer32@Assembly mscorlib, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 Reg HKLM\SOFTWARE\Classes\CLSID\{7068F753-86F0-CAA4-2F34-A44A63EC61C9}\InprocServer32@RuntimeVersion v1.1.4322 Reg HKLM\SOFTWARE\Classes\CLSID\{7068F753-86F0-CAA4-2F34-A44A63EC61C9}\InprocServer32\1.0.5000.0 Reg HKLM\SOFTWARE\Classes\CLSID\{7068F753-86F0-CAA4-2F34-A44A63EC61C9}\InprocServer32\1.0.5000.0@Class System.Runtime.Remoting.Proxies.ProxyAttribute Reg HKLM\SOFTWARE\Classes\CLSID\{7068F753-86F0-CAA4-2F34-A44A63EC61C9}\InprocServer32\1.0.5000.0@Assembly mscorlib, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 Reg HKLM\SOFTWARE\Classes\CLSID\{7068F753-86F0-CAA4-2F34-A44A63EC61C9}\InprocServer32\1.0.5000.0@RuntimeVersion v1.1.4322 Reg HKLM\SOFTWARE\Classes\CLSID\{7068F753-86F0-CAA4-2F34-A44A63EC61C9}\ProgId@ System.Runtime.Remoting.Proxies.ProxyAttribute Reg HKLM\SOFTWARE\Classes\CLSID\{7BBA5882-DB4F-47F1-2264-2198A23006C0}\AuxUserType@ Clip Reg HKLM\SOFTWARE\Classes\CLSID\{7BBA5882-DB4F-47F1-2264-2198A23006C0}\AuxUserType\2 Reg HKLM\SOFTWARE\Classes\CLSID\{7BBA5882-DB4F-47F1-2264-2198A23006C0}\AuxUserType\2@ Clip Reg HKLM\SOFTWARE\Classes\CLSID\{7BBA5882-DB4F-47F1-2264-2198A23006C0}\AuxUserType\3 Reg HKLM\SOFTWARE\Classes\CLSID\{7BBA5882-DB4F-47F1-2264-2198A23006C0}\AuxUserType\3@ Clip Gallery Reg HKLM\SOFTWARE\Classes\CLSID\{7BBA5882-DB4F-47F1-2264-2198A23006C0}\DefaultIcon@ C:\PROGRA~1\COMMON~1\MICROS~1\Artgalry\artgalrY.exe,1 Reg HKLM\SOFTWARE\Classes\CLSID\{7BBA5882-DB4F-47F1-2264-2198A23006C0}\InprocHandler32@ ole32.dll Reg HKLM\SOFTWARE\Classes\CLSID\{7BBA5882-DB4F-47F1-2264-2198A23006C0}\InprocServer32@ Reg HKLM\SOFTWARE\Classes\CLSID\{7BBA5882-DB4F-47F1-2264-2198A23006C0}\Insertable@ Reg HKLM\SOFTWARE\Classes\CLSID\{7BBA5882-DB4F-47F1-2264-2198A23006C0}\LocalServer32@ C:\PROGRA~1\COMMON~1\MICROS~1\Artgalry\artgalrY.exe Reg HKLM\SOFTWARE\Classes\CLSID\{7BBA5882-DB4F-47F1-2264-2198A23006C0}\LocalServer32@LocalServer32 10!!!gxsf(Ng]qF`H{LsClipGalleryFiles>jYR4knDlf(2D6__kM!0Q? Reg HKLM\SOFTWARE\Classes\CLSID\{7BBA5882-DB4F-47F1-2264-2198A23006C0}\MiscStatus@ 512 Reg HKLM\SOFTWARE\Classes\CLSID\{7BBA5882-DB4F-47F1-2264-2198A23006C0}\ProgID@ MS_ClipArt_Gallery.5 Reg HKLM\SOFTWARE\Classes\CLSID\{7BBA5882-DB4F-47F1-2264-2198A23006C0}\Verb@ Reg HKLM\SOFTWARE\Classes\CLSID\{7BBA5882-DB4F-47F1-2264-2198A23006C0}\Verb\0 Reg HKLM\SOFTWARE\Classes\CLSID\{7BBA5882-DB4F-47F1-2264-2198A23006C0}\Verb\0@ &Replace,0,2 Reg HKLM\SOFTWARE\Classes\CLSID\{7BBA5882-DB4F-47F1-2264-2198A23006C0}\VersionIndependentProgID@ MS_ClipArt_Gallery Reg HKLM\SOFTWARE\Classes\CLSID\{806D8188-10B6-89D5-FB7C-3EC3580C1DD4}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{806D8188-10B6-89D5-FB7C-3EC3580C1DD4}\InprocServer32@ C:\Program Files\Norton Internet Security\Norton AntiVirus\NAVLUCBK.dll Reg HKLM\SOFTWARE\Classes\CLSID\{806D8188-10B6-89D5-FB7C-3EC3580C1DD4}\ProgID@ LiveUpdate.luNavCallBack.1 Reg HKLM\SOFTWARE\Classes\CLSID\{806D8188-10B6-89D5-FB7C-3EC3580C1DD4}\VersionIndependentProgID@ LiveUpdate.luNavCallBack Reg HKLM\SOFTWARE\Classes\CLSID\{8473CFA3-17F8-A0DB-7FFF-44784AFAF9FE}\Implemented Categories\{62C8FE65-4EBB-45E7-B440-6E39B2CDBF29} Reg HKLM\SOFTWARE\Classes\CLSID\{8473CFA3-17F8-A0DB-7FFF-44784AFAF9FE}\Implemented Categories\{62C8FE65-4EBB-45E7-B440-6E39B2CDBF29}@ Reg HKLM\SOFTWARE\Classes\CLSID\{8473CFA3-17F8-A0DB-7FFF-44784AFAF9FE}\InprocServer32@ mscoree.dll Reg HKLM\SOFTWARE\Classes\CLSID\{8473CFA3-17F8-A0DB-7FFF-44784AFAF9FE}\InprocServer32@ThreadingModel Both Reg HKLM\SOFTWARE\Classes\CLSID\{8473CFA3-17F8-A0DB-7FFF-44784AFAF9FE}\InprocServer32@Class Microsoft.JScript.JSAuthor Reg HKLM\SOFTWARE\Classes\CLSID\{8473CFA3-17F8-A0DB-7FFF-44784AFAF9FE}\InprocServer32@Assembly Microsoft.JScript, Version=7.0.5000.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a Reg HKLM\SOFTWARE\Classes\CLSID\{8473CFA3-17F8-A0DB-7FFF-44784AFAF9FE}\InprocServer32@RuntimeVersion v1.1.4322 Reg HKLM\SOFTWARE\Classes\CLSID\{8473CFA3-17F8-A0DB-7FFF-44784AFAF9FE}\InprocServer32\7.0.5000.0 Reg HKLM\SOFTWARE\Classes\CLSID\{8473CFA3-17F8-A0DB-7FFF-44784AFAF9FE}\InprocServer32\7.0.5000.0@Class Microsoft.JScript.JSAuthor Reg HKLM\SOFTWARE\Classes\CLSID\{8473CFA3-17F8-A0DB-7FFF-44784AFAF9FE}\InprocServer32\7.0.5000.0@Assembly Microsoft.JScript, Version=7.0.5000.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a Reg HKLM\SOFTWARE\Classes\CLSID\{8473CFA3-17F8-A0DB-7FFF-44784AFAF9FE}\InprocServer32\7.0.5000.0@RuntimeVersion v1.1.4322 Reg HKLM\SOFTWARE\Classes\CLSID\{8473CFA3-17F8-A0DB-7FFF-44784AFAF9FE}\ProgId@ Microsoft.JScript.JSAuthor Reg HKLM\SOFTWARE\Classes\CLSID\{8742D82B-F165-76CC-FA0F-9ED6AFA6D482}\InprocServer32@ C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqimgr.dll Reg HKLM\SOFTWARE\Classes\CLSID\{8742D82B-F165-76CC-FA0F-9ED6AFA6D482}\InprocServer32@InprocServer32 Rh]S]2l%(?l~`k4dPHT+CreativeProjects>V?N-uf7x~?19C_P+aQ^B?JS+qg~3aA?X$KEQ{w?_-GalleryFramework>V?N-uf7x~?19C_P+aQ^B? Reg HKLM\SOFTWARE\Classes\CLSID\{8742D82B-F165-76CC-FA0F-9ED6AFA6D482}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{8742D82B-F165-76CC-FA0F-9ED6AFA6D482}\ProgID@ ImageManager.ImageMgr.1 Reg HKLM\SOFTWARE\Classes\CLSID\{8742D82B-F165-76CC-FA0F-9ED6AFA6D482}\TypeLib@ {8782862A-52D2-4716-BD46-1D1E0DCB62F3} Reg HKLM\SOFTWARE\Classes\CLSID\{8742D82B-F165-76CC-FA0F-9ED6AFA6D482}\VersionIndependentProgID@ ImageManager.ImageMgr Reg HKLM\SOFTWARE\Classes\CLSID\{8C9DE8F6-531D-DE55-1757-04854AFB348C}\InprocServer32@ C:\WINDOWS\System32\wmvadvd.dll Reg HKLM\SOFTWARE\Classes\CLSID\{8C9DE8F6-531D-DE55-1757-04854AFB348C}\InprocServer32@ThreadingModel Both Reg HKLM\SOFTWARE\Classes\CLSID\{8CD83E60-946D-C604-0BB1-C8A0A8356DDD}\Ole1Class@ Package Reg HKLM\SOFTWARE\Classes\CLSID\{8CD83E60-946D-C604-0BB1-C8A0A8356DDD}\ProgID@ Package Reg HKLM\SOFTWARE\Classes\CLSID\{942D82A5-DA03-640B-5E19-3CBD62700780}\InprocServer32@ %ProgramFiles%\Outlook Express\oeimport.dll Reg HKLM\SOFTWARE\Classes\CLSID\{942D82A5-DA03-640B-5E19-3CBD62700780}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{96221559-5328-0735-5782-A49F687771FA}\InProcServer32@ C:\WINDOWS\System32\urlmon.dll Reg HKLM\SOFTWARE\Classes\CLSID\{96221559-5328-0735-5782-A49F687771FA}\InProcServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{96387558-4A4A-C5ED-42AE-A37C590677E6}\InProcServer32@ shell32.dll Reg HKLM\SOFTWARE\Classes\CLSID\{96387558-4A4A-C5ED-42AE-A37C590677E6}\InProcServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{96387558-4A4A-C5ED-42AE-A37C590677E6}\PersistentAddinsRegistered\{89BCB740-6119-101A-BCB7-00DD010655AF} Reg HKLM\SOFTWARE\Classes\CLSID\{96387558-4A4A-C5ED-42AE-A37C590677E6}\PersistentAddinsRegistered\{89BCB740-6119-101A-BCB7-00DD010655AF}@ {00021401-0000-0000-C000-000000000046} Reg HKLM\SOFTWARE\Classes\CLSID\{96387558-4A4A-C5ED-42AE-A37C590677E6}\PersistentHandler@ {00021401-0000-0000-C000-000000000046} Reg HKLM\SOFTWARE\Classes\CLSID\{96387558-4A4A-C5ED-42AE-A37C590677E6}\ProgID@ lnkfile Reg HKLM\SOFTWARE\Classes\CLSID\{96387558-4A4A-C5ED-42AE-A37C590677E6}\shellex\MayChangeDefaultMenu Reg HKLM\SOFTWARE\Classes\CLSID\{97BFF69F-6B37-B21D-271B-1C691B57AAE7}\Implemented Categories\{F2BB56D1-DB07-11D1-AA6B-006097DB9539} Reg HKLM\SOFTWARE\Classes\CLSID\{97BFF69F-6B37-B21D-271B-1C691B57AAE7}\InprocServer32@ C:\PROGRA~1\MICROS~2\Office\MSOWC.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{97BFF69F-6B37-B21D-271B-1C691B57AAE7}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{97BFF69F-6B37-B21D-271B-1C691B57AAE7}\MiscStatus@ 0 Reg HKLM\SOFTWARE\Classes\CLSID\{97BFF69F-6B37-B21D-271B-1C691B57AAE7}\MiscStatus\1 Reg HKLM\SOFTWARE\Classes\CLSID\{97BFF69F-6B37-B21D-271B-1C691B57AAE7}\MiscStatus\1@ 131473 Reg HKLM\SOFTWARE\Classes\CLSID\{97BFF69F-6B37-B21D-271B-1C691B57AAE7}\ProgID@ OWC.PivotTable.9 Reg HKLM\SOFTWARE\Classes\CLSID\{97BFF69F-6B37-B21D-271B-1C691B57AAE7}\ToolboxBitmap32@ C:\PROGRA~1\MICROS~2\Office\MSOWC.DLL, 1010 Reg HKLM\SOFTWARE\Classes\CLSID\{97BFF69F-6B37-B21D-271B-1C691B57AAE7}\TypeLib@ {0002E540-0000-0000-C000-000000000046} Reg HKLM\SOFTWARE\Classes\CLSID\{97BFF69F-6B37-B21D-271B-1C691B57AAE7}\Version@ 1.0 Reg HKLM\SOFTWARE\Classes\CLSID\{97BFF69F-6B37-B21D-271B-1C691B57AAE7}\VersionIndependentProgID@ OWC.PivotTable Reg HKLM\SOFTWARE\Classes\CLSID\{99ABF834-28BA-1905-404D-473A6F82B52F}\MiscStatus@ 512 Reg HKLM\SOFTWARE\Classes\CLSID\{99ABF834-28BA-1905-404D-473A6F82B52F}\Ole1Class@ Note-It Reg HKLM\SOFTWARE\Classes\CLSID\{99ABF834-28BA-1905-404D-473A6F82B52F}\ProgID@ Note-It Reg HKLM\SOFTWARE\Classes\CLSID\{9AED5D30-9D2E-D167-C810-42EC6B3814C2}\Implemented Categories\{62C8FE65-4EBB-45E7-B440-6E39B2CDBF29} Reg HKLM\SOFTWARE\Classes\CLSID\{9AED5D30-9D2E-D167-C810-42EC6B3814C2}\Implemented Categories\{62C8FE65-4EBB-45E7-B440-6E39B2CDBF29}@ Reg HKLM\SOFTWARE\Classes\CLSID\{9AED5D30-9D2E-D167-C810-42EC6B3814C2}\InprocServer32@ C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscormmc.dll Reg HKLM\SOFTWARE\Classes\CLSID\{9AED5D30-9D2E-D167-C810-42EC6B3814C2}\InprocServer32@ThreadingModel Both Reg HKLM\SOFTWARE\Classes\CLSID\{9AED5D30-9D2E-D167-C810-42EC6B3814C2}\InprocServer32@Class Microsoft.CLRAdmin.CCommandHistory Reg HKLM\SOFTWARE\Classes\CLSID\{9AED5D30-9D2E-D167-C810-42EC6B3814C2}\InprocServer32@Assembly mscorcfg, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a Reg HKLM\SOFTWARE\Classes\CLSID\{9AED5D30-9D2E-D167-C810-42EC6B3814C2}\InprocServer32@RuntimeVersion v1.1.4322 Reg HKLM\SOFTWARE\Classes\CLSID\{9AED5D30-9D2E-D167-C810-42EC6B3814C2}\InprocServer32\1.0.5000.0 Reg HKLM\SOFTWARE\Classes\CLSID\{9AED5D30-9D2E-D167-C810-42EC6B3814C2}\InprocServer32\1.0.5000.0@Class Microsoft.CLRAdmin.CCommandHistory Reg HKLM\SOFTWARE\Classes\CLSID\{9AED5D30-9D2E-D167-C810-42EC6B3814C2}\InprocServer32\1.0.5000.0@Assembly mscorcfg, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a Reg HKLM\SOFTWARE\Classes\CLSID\{9AED5D30-9D2E-D167-C810-42EC6B3814C2}\InprocServer32\1.0.5000.0@RuntimeVersion v1.1.4322 Reg HKLM\SOFTWARE\Classes\CLSID\{9AED5D30-9D2E-D167-C810-42EC6B3814C2}\ProgId@ Microsoft.CLRAdmin.CCommandHistory Reg HKLM\SOFTWARE\Classes\CLSID\{A04522E5-8205-FF06-51DC-66F5B88D62BA}\InprocServer32@ C:\Program Files\Common Files\Microsoft Shared\DAO\dao360.dll Reg HKLM\SOFTWARE\Classes\CLSID\{A04522E5-8205-FF06-51DC-66F5B88D62BA}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{A04522E5-8205-FF06-51DC-66F5B88D62BA}\ProgID@ DAO.Relation.36 Reg HKLM\SOFTWARE\Classes\CLSID\{A3276B48-53CE-0999-D7C7-E343217A8D0C}\InProcServer32@ %SystemRoot%\system32\SHELL32.dll Reg HKLM\SOFTWARE\Classes\CLSID\{A3276B48-53CE-0999-D7C7-E343217A8D0C}\InProcServer32@ThreadingModel Free Reg HKLM\SOFTWARE\Classes\CLSID\{B9A286B5-B92D-D63C-14B5-3825F6D657F0}\InprocServer32@ C:\Program Files\Common Files\System\ado\msado15.dll Reg HKLM\SOFTWARE\Classes\CLSID\{B9A286B5-B92D-D63C-14B5-3825F6D657F0}\InprocServer32@ThreadingModel Both Reg HKLM\SOFTWARE\Classes\CLSID\{B9A286B5-B92D-D63C-14B5-3825F6D657F0}\ProgID@ ADODB.Command.2.7 Reg HKLM\SOFTWARE\Classes\CLSID\{B9A286B5-B92D-D63C-14B5-3825F6D657F0}\VersionIndependentProgID@ ADODB.Command Reg HKLM\SOFTWARE\Classes\CLSID\{DA07BE83-B97B-BA2D-4FC8-30F1027AA7BE}\CLSID@ Standard Font Reg HKLM\SOFTWARE\Classes\CLSID\{DA07BE83-B97B-BA2D-4FC8-30F1027AA7BE}\InprocServer32@ oleaut32.dll Reg HKLM\SOFTWARE\Classes\CLSID\{DA07BE83-B97B-BA2D-4FC8-30F1027AA7BE}\InprocServer32@ThreadingModel Both Reg HKLM\SOFTWARE\Classes\CLSID\{DA07BE83-B97B-BA2D-4FC8-30F1027AA7BE}\InprocServer32@InprocServer32 @Gem2BdaJ?ES60)4^LTy>M5KDYSUnf(HA*L[xeX)y?HMaD8.R.E@h%^}&Ow}MS>M5KDYSUnf(HA*L[xeX)y?'wFBCL'aJA^v~hSk`-f-WordPerfect11>M5KDYSUnf(HA*L[xeX)y?jEQLu3YJb?]i)6&6ifvJMSRedist>M5KDYSUnf(HA*L[xeX)y? Reg HKLM\SOFTWARE\Classes\CLSID\{DA07BE83-B97B-BA2D-4FC8-30F1027AA7BE}\ProgID@ StdFont Reg HKLM\SOFTWARE\Classes\CLSID\{E553DAF6-FCA6-C8B7-70AE-3045F402CE4A}\InprocServer32@ C:\Program Files\Common Files\Microsoft Shared\DAO\DAO350.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{E553DAF6-FCA6-C8B7-70AE-3045F402CE4A}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{E553DAF6-FCA6-C8B7-70AE-3045F402CE4A}\ProgID@ DAO.QueryDef.35 Reg HKLM\SOFTWARE\Classes\CLSID\{EF41EF0C-281B-B63D-581F-B46DFA63498D}\InprocServer32@ C:\PROGRA~1\MICROS~2\Office\OUTLAS9.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{F2629F5A-D854-9380-83B2-7EA341879FAD}\InprocServer32@ C:\WINDOWS\system32\catsrvut.dll Reg HKLM\SOFTWARE\Classes\CLSID\{F2629F5A-D854-9380-83B2-7EA341879FAD}\InprocServer32@ThreadingModel Both Reg HKLM\SOFTWARE\Classes\CLSID\{F2629F5A-D854-9380-83B2-7EA341879FAD}\ProgID@ AppExport.AppExport.1 Reg HKLM\SOFTWARE\Classes\CLSID\{F2629F5A-D854-9380-83B2-7EA341879FAD}\VersionIndependentProgID@ AppExport.AppExport Reg HKLM\SOFTWARE\Classes\CLSID\{F49A1416-F382-CDFB-ED83-10138E9A8684}\AutoConvertTo@ {64818D11-4F9B-11CF-86EA-00AA00B929E8} Reg HKLM\SOFTWARE\Classes\CLSID\{F49A1416-F382-CDFB-ED83-10138E9A8684}\Insertable@ Reg HKLM\SOFTWARE\Classes\CLSID\{F49A1416-F382-CDFB-ED83-10138E9A8684}\ProgID@ PowerPoint.Slide.4 Reg HKLM\SOFTWARE\Classes\CLSID\{F49A1416-F382-CDFB-ED83-10138E9A8684}\TreatAs@ {64818D11-4F9B-11CF-86EA-00AA00B929E8} Reg HKLM\SOFTWARE\Classes\CLSID\{F5F197F4-92C8-E0D4-50F4-A8EEC0CCAA0C}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{F5F197F4-92C8-E0D4-50F4-A8EEC0CCAA0C}\InprocServer32@ C:\Program Files\Norton Internet Security\Norton AntiVirus\NAVOpts.dll Reg HKLM\SOFTWARE\Classes\CLSID\{F5F197F4-92C8-E0D4-50F4-A8EEC0CCAA0C}\ProgID@ Symantec.Norton.Antivirus.Exclusion.1 Reg HKLM\SOFTWARE\Classes\CLSID\{F5F197F4-92C8-E0D4-50F4-A8EEC0CCAA0C}\TypeLib@ {D323F395-AA30-4DF9-A379-2F3F4819AB00} Reg HKLM\SOFTWARE\Classes\CLSID\{F5F197F4-92C8-E0D4-50F4-A8EEC0CCAA0C}\VersionIndependentProgID@ Symantec.Norton.Antivirus.Exclusion Reg HKLM\SOFTWARE\Classes\CLSID\{FB409A84-95E0-21B9-3E97-466E0AE1532D}\InprocServer32@ C:\Program Files\Common Files\System\ado\msado15.dll Reg HKLM\SOFTWARE\Classes\CLSID\{FB409A84-95E0-21B9-3E97-466E0AE1532D}\InprocServer32@ThreadingModel Both Reg HKLM\SOFTWARE\Classes\CLSID\{FB409A84-95E0-21B9-3E97-466E0AE1532D}\ProgID@ ADODB.Command.2.7 Reg HKLM\SOFTWARE\Classes\CLSID\{FB409A84-95E0-21B9-3E97-466E0AE1532D}\VersionIndependentProgID@ ADODB.Command Reg HKLM\SOFTWARE\Classes\CLSID\{FBD44B43-52CF-EDF3-2A14-9785820AB493}\InprocServer32@ C:\WINDOWS\system32\cewmdm.dll Reg HKLM\SOFTWARE\Classes\CLSID\{FBD44B43-52CF-EDF3-2A14-9785820AB493}\InprocServer32@ThreadingModel Free Reg HKLM\SOFTWARE\Classes\CLSID\{FBD44B43-52CF-EDF3-2A14-9785820AB493}\ProgID@ WMDMCESP.WMDMCESP.1 Reg HKLM\SOFTWARE\Classes\CLSID\{FBD44B43-52CF-EDF3-2A14-9785820AB493}\VersionIndependentProgID@ WMDMCESP.WMDMCESP Reg HKLM\SOFTWARE\Classes\CLSID\{FFBDEE52-ACBB-BF9B-8EA8-3563F6258696}\InprocServer32@ C:\WINDOWS\System32\nvcpl.dll Reg HKLM\SOFTWARE\Classes\CLSID\{FFBDEE52-ACBB-BF9B-8EA8-3563F6258696}\InprocServer32@ThreadingModel Apartment ---- EOF - GMER 1.0.15 ---- Previous scans: Malwarebytes' Anti-Malware 1.37 Database version: 2265 Windows 5.1.2600 Service Pack 3 6/12/2009 7:59:26 AM mbam-log-2009-06-12 (07-59-26).txt Scan type: Full Scan (C:\|) Objects scanned: 259333 Time elapsed: 50 minute(s), 42 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\WINDOWS\system32\winlogin.exe (Backdoor.Bot) -> Quarantined and deleted successfully. Malwarebytes' Anti-Malware 1.37 Database version: 2271 Windows 5.1.2600 Service Pack 3 6/12/2009 11:21:42 PM mbam-log-2009-06-12 (23-21-42).txt Scan type: Full Scan (C:\|) Objects scanned: 250045 Time elapsed: 50 minute(s), 52 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 2 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: c:\documents and settings\all users\application data\13724534\13724534.exe (Rogue.SystemSecurity) -> Quarantined and deleted successfully. c:\documents and settings\all users\application data\93734526\93734526.exe (Rogue.SystemSecurity) -> Quarantined and deleted successfully. Malwarebytes' Anti-Malware 1.37 Database version: 2271 Windows 5.1.2600 Service Pack 3 6/13/2009 8:18:20 PM mbam-log-2009-06-13 (20-18-20).txt Scan type: Quick Scan Objects scanned: 128852 Time elapsed: 16 minute(s), 19 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 1 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Internet Explorer\Control Panel\Homepage (Hijack.Homepage) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Avira AntiVir Personal Report file date: Saturday, June 13, 2009 10:17 Scanning for 1464231 virus strains and unwanted programs. Licensee : Avira AntiVir Personal - FREE Antivirus Serial number : 0000149996-ADJIE-0000001 Platform : Windows XP Windows version : (Service Pack 3) [5.1.2600] Boot mode : Normally booted Username : SYSTEM Computer name : HOMEBASE Version information: BUILD.DAT : 9.0.0.403 17961 Bytes 6/3/2009 17:05:00 AVSCAN.EXE : 9.0.3.6 466689 Bytes 6/13/2009 17:03:08 AVSCAN.DLL : 9.0.3.0 40705 Bytes 2/27/2009 18:58:24 LUKE.DLL : 9.0.3.2 209665 Bytes 2/20/2009 19:35:49 LUKERES.DLL : 9.0.2.0 12033 Bytes 2/27/2009 18:58:52 ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 10/27/2008 20:30:36 ANTIVIR1.VDF : 7.1.2.12 3336192 Bytes 2/11/2009 04:33:26 ANTIVIR2.VDF : 7.1.4.87 2982912 Bytes 6/12/2009 17:03:06 ANTIVIR3.VDF : 7.1.4.88 2048 Bytes 6/12/2009 17:03:06 Engineversion : 8.2.0.187 AEVDF.DLL : 8.1.1.1 106868 Bytes 6/13/2009 17:03:07 AESCRIPT.DLL : 8.1.2.6 409978 Bytes 6/13/2009 17:03:07 AESCN.DLL : 8.1.2.3 127347 Bytes 6/13/2009 17:03:07 AERDL.DLL : 8.1.1.3 438645 Bytes 10/30/2008 02:24:41 AEPACK.DLL : 8.1.3.18 401783 Bytes 6/13/2009 17:03:07 AEOFFICE.DLL : 8.1.0.36 196987 Bytes 2/27/2009 04:01:56 AEHEUR.DLL : 8.1.0.131 1786232 Bytes 6/13/2009 17:03:07 AEHELP.DLL : 8.1.3.6 205174 Bytes 6/13/2009 17:03:07 AEGEN.DLL : 8.1.1.45 348532 Bytes 6/13/2009 17:03:07 AEEMU.DLL : 8.1.0.9 393588 Bytes 10/9/2008 22:32:40 AECORE.DLL : 8.1.6.12 180599 Bytes 6/13/2009 17:03:07 AEBB.DLL : 8.1.0.3 53618 Bytes 10/9/2008 22:32:40 AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 16:47:59 AVPREF.DLL : 9.0.0.1 43777 Bytes 12/5/2008 18:32:15 AVREP.DLL : 8.0.0.3 155905 Bytes 1/20/2009 22:34:28 AVREG.DLL : 9.0.0.0 36609 Bytes 12/5/2008 18:32:09 AVARKT.DLL : 9.0.0.3 292609 Bytes 3/24/2009 23:05:41 AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 1/30/2009 18:37:08 SQLITE3.DLL : 3.6.1.0 326401 Bytes 1/28/2009 23:03:49 SMTPLIB.DLL : 9.2.0.25 28417 Bytes 2/2/2009 16:21:33 NETNT.DLL : 9.0.0.0 11521 Bytes 12/5/2008 18:32:10 RCIMAGE.DLL : 9.0.0.25 2438913 Bytes 6/13/2009 17:03:06 RCTEXT.DLL : 9.0.37.0 86785 Bytes 4/17/2009 18:19:48 Configuration settings for the scan: Jobname.............................: Complete system scan Configuration file..................: c:\program files\avira\antivir desktop\sysscan.avp Logging.............................: low Primary action......................: interactive Secondary action....................: ignore Scan master boot sector.............: on Scan boot sector....................: on Boot sectors........................: C:, D:, Process scan........................: on Scan registry.......................: on Search for rootkits.................: on Integrity checking of system files..: off Scan all files......................: All files Scan archives.......................: on Recursion depth.....................: 20 Smart extensions....................: on Macro heuristic.....................: on File heuristic......................: medium Deviating risk categories...........: +APPL,+SPR, Start of the scan: Saturday, June 13, 2009 10:17 Starting search for hidden objects. HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SKYNETswrrjcbr\main [iNFO] The registry entry is invisible. HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SKYNETswrrjcbr\modules [iNFO] The registry entry is invisible. HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SKYNETswrrjcbr\start [iNFO] The registry entry is invisible. HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SKYNETswrrjcbr\type [iNFO] The registry entry is invisible. HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SKYNETswrrjcbr\group [iNFO] The registry entry is invisible. HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SKYNETswrrjcbr\imagepath [iNFO] The registry entry is invisible. '8402' objects were checked, '6' hidden objects were found. The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'taskmgr.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'OPXPApp.exe' - '1' Module(s) have been scanned Scan process 'sched.exe' - '1' Module(s) have been scanned Scan process 'avguard.exe' - '1' Module(s) have been scanned Scan process 'avgnt.exe' - '1' Module(s) have been scanned Scan process 'avira_antivir_personal_en.exe' - '1' Module(s) have been scanned Scan process 'iPodService.exe' - '1' Module(s) have been scanned Scan process 'ctfmon.exe' - '1' Module(s) have been scanned Scan process 'msmsgs.exe' - '1' Module(s) have been scanned Scan process 'McciTrayApp.exe' - '1' Module(s) have been scanned Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned Scan process 'realsched.exe' - '1' Module(s) have been scanned Scan process 'hphmon05.exe' - '1' Module(s) have been scanned Scan process 'kbd.exe' - '1' Module(s) have been scanned Scan process 'HpqCmon.exe' - '1' Module(s) have been scanned Scan process 'hpsysdrv.exe' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'ViewMgr.exe' - '1' Module(s) have been scanned Scan process 'alg.exe' - '1' Module(s) have been scanned Scan process 'SpySweeper.exe' - '1' Module(s) have been scanned Scan process 'ViewpointService.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'hpzipm12.exe' - '1' Module(s) have been scanned Scan process 'omniServ.exe' - '1' Module(s) have been scanned Scan process 'McciCMService.exe' - '1' Module(s) have been scanned Scan process 'dvpapi.exe' - '1' Module(s) have been scanned Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned Scan process 'bgsvcgen.exe' - '1' Module(s) have been scanned Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'spoolsv.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 43 processes with 43 modules were scanned Starting master boot sector scan: Master boot sector HD0 [iNFO] No virus was found! Master boot sector HD1 [iNFO] No virus was found! Start scanning boot sectors: Boot sector 'C:\' [iNFO] No virus was found! Boot sector 'D:\' [iNFO] No virus was found! Starting to scan executable files (registry). The registry was scanned ( '68' files ). Starting the file scan: Begin scan in 'C:\' <HP_PAVILION> C:\pagefile.sys [WARNING] The file could not be opened! [NOTE] This file is a Windows system file. [NOTE] This file cannot be opened for scanning. C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyBar.zip [DETECTION] Contains suspicious code GEN/PwdZIP C:\Documents and Settings\Mom\Local Settings\Temporary Internet Files\Content.IE5\PT8I6PXZ\index[1].htm [DETECTION] Contains recognition pattern of the HTML/FakeAlert.njh HTML script virus C:\Documents and Settings\Mom\Local Settings\Temporary Internet Files\Content.IE5\V1TDVQEX\bigpornotube_com[1].htm [DETECTION] Contains HEUR/HTML.Malware suspicious code C:\hp\bin\KillIt.exe [DETECTION] Contains recognition pattern of the APPL/KillApp.A application C:\hp\bin\KillWind.exe [DETECTION] Contains recognition pattern of the APPL/KillApplicat.A application C:\hp\bin\Terminator.exe [DETECTION] Contains recognition pattern of the APPL/KillApplicat.A application C:\Program Files\Oberon Media\Marble Blast\MarbleBlast.exe [DETECTION] Is the TR/Crypt.ULPM.Gen Trojan C:\Program Files\Opera7\Plugins\npwthost.dll [DETECTION] Contains recognition pattern of the SPR/WildTangent.B.1 program Begin scan in 'D:\' <HP_RECOVERY> Beginning disinfection: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyBar.zip [DETECTION] Contains suspicious code GEN/PwdZIP [NOTE] The detection was classified as suspicious. [NOTE] The file was moved to '4a8b30d9.qua'! C:\Documents and Settings\Mom\Local Settings\Temporary Internet Files\Content.IE5\PT8I6PXZ\index[1].htm [DETECTION] Contains recognition pattern of the HTML/FakeAlert.njh HTML script virus [NOTE] The file was moved to '4a9830cf.qua'! C:\Documents and Settings\Mom\Local Settings\Temporary Internet Files\Content.IE5\V1TDVQEX\bigpornotube_com[1].htm [DETECTION] Contains HEUR/HTML.Malware suspicious code [NOTE] The detection was classified as suspicious. [NOTE] The file was moved to '4a9b30ca.qua'! C:\hp\bin\KillIt.exe [DETECTION] Contains recognition pattern of the APPL/KillApp.A application [NOTE] The file was moved to '4aa030ca.qua'! C:\hp\bin\KillWind.exe [DETECTION] Contains recognition pattern of the APPL/KillApplicat.A application [NOTE] The file was moved to '58bd282b.qua'! C:\hp\bin\Terminator.exe [DETECTION] Contains recognition pattern of the APPL/KillApplicat.A application [NOTE] The file was moved to '4aa630c6.qua'! C:\Program Files\Oberon Media\Marble Blast\MarbleBlast.exe [DETECTION] Is the TR/Crypt.ULPM.Gen Trojan [NOTE] The file was moved to '4aa630c3.qua'! C:\Program Files\Opera7\Plugins\npwthost.dll [DETECTION] Contains recognition pattern of the SPR/WildTangent.B.1 program [NOTE] The file was moved to '4aab30d2.qua'! End of the scan: Saturday, June 13, 2009 16:04 Used time: 1:46:07 Hour(s) The scan has been done completely. 12718 Scanned directories 573449 Files were scanned 6 Viruses and/or unwanted programs were found 2 Files were classified as suspicious 0 files were deleted 0 Viruses and unwanted programs were repaired 8 Files were moved to quarantine 0 Files were renamed 1 Files cannot be scanned 573440 Files not concerned 20539 Archives were scanned 1 Warnings 9 Notes 8402 Objects were scanned with rootkit scan 6 Hidden objects were found

The only indication from gmer about rootkit activity is in the window after I select "Scan" there are several lisitings in red saying "Hidden". Unfortunately, I am in my office and will not be at my infected computer until 5pm ( paciifc time) this evening. I will rin the new program at that time. I did save a partial log from gmer before my coputer had a chance to reboot. Would you like to see a copy of that, as well?

Hello and thank you for your help. This infection is a nasty one. I ran all the programs per your instruction and the only problem that occurs is that when I run gmer ( 4 times) my computer reboots about 2 hours into the scan and I am unable to get a log report. FYI I've disconnected from the internet and disabled my AVS. Please advise. I am posting the logs from DDS. Thank you again.. DDS (Ver_09-05-14.01) - NTFSx86 Run by Owner at 20:29:55.98 on Sun 06/14/2009 Internet Explorer: 7.0.5730.11 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.247.67 [GMT -7:00] AV: Spy Sweeper with AntiVirus *On-access scanning disabled* (Updated) {B3891867-7230-459B-9987-E7CCFA7A7D1D} AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe svchost.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\system32\bgsvcgen.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe C:\Program Files\Common Files\Motive\McciCMService.exe C:\Program Files\Softex\OmniPass\Omniserv.exe C:\WINDOWS\System32\svchost.exe -k imgsvc C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Softex\OmniPass\OPXPApp.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\wuauclt.exe C:\windows\system\hpsysdrv.exe C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Verizon\McciTrayApp.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Outlook Express\msimn.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Softex\OmniPass\OPXPApp.exe C:\Documents and Settings\Owner\Desktop\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://calbanktrust.com uSearch Page = hxxp://google.com uDefault_Search_URL = about:blank uSearch Bar = hxxp://google.com uWindow Title = Road Runner High Speed Online mDefault_Page_URL = hxxp://go.microsoft.com mStart Page = hxxp://us9.hpwis.com/ mSearch Bar = hxxp://srch-us9.hpwis.com/ uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = localhost BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll BHO: {6E2ACE37-CF69-4DF0-AD17-C07A90DFB7F7} - No File BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_06\bin\ssv.dll BHO: Viewpoint Toolbar BHO: {a7327c09-b521-4edb-8509-7d2660c9ec98} - c:\program files\viewpoint\viewpoint toolbar\3.9.0\ViewBarBHO.dll BHO: {D404CB63-461C-4797-8E18-F10BC5D6D824} - No File TB: HP View: {b2847e28-5d7d-4deb-8b67-05d28bcf79f5} - c:\program files\hewlett-packard\digital imaging\bin\hpdtlk02.dll TB: {301c19bc-4368-46a4-8fbd-a0e9d0dcd4f7} - No File TB: Viewpoint Toolbar: {f8ad5aa5-d966-4667-9daf-2561d68b2012} - c:\program files\common files\viewpoint\toolbar runtime\3.9.0\IEViewBar.dll TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File EB: hp view: {8f4902b6-6c04-4ade-8052-aa58578a21bd} - c:\windows\system32\Shdocvw.dll EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe mRun: [hpsysdrv] c:\windows\system\hpsysdrv.exe mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE mRun: [AlcxMonitor] ALCXMNTR.EXE mRun: [CamMonitor] "c:\program files\hewlett-packard\digital imaging\\unload\hpqcmon.exe" mRun: [HPHUPD05] "c:\program files\hewlett-packard\{45b6180b-dcab-4093-8ee8-6164457517f0}\hphupd05.exe" mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [Verizon_McciTrayApp] "c:\program files\verizon\McciTrayApp.exe" mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min mRun: [spybotSnD] "c:\program files\spybot - search & destroy\SpybotSD.exe" mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k StartupFolder: c:\documents and settings\all users\start menu\programs\startup\Microsoft Office.lnk.disabled uPolicies-explorer: NoViewOnDrive = 0 (0x0) IE: &Google Search - c:\program files\google\GoogleToolbar2.dll/cmsearch.html IE: &Translate English Word - c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html IE: &Viewpoint Search - c:\program files\viewpoint\viewpoint toolbar v35\ViewBar.dll/CXTSEARCH.HTML IE: Backward Links - c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar2.dll/cmcache.html IE: Similar Pages - c:\program files\google\GoogleToolbar2.dll/cmsimilar.html IE: Translate Page into English - c:\program files\google\GoogleToolbar2.dll/cmtrans.html IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partygaming\partypoker\RunApp.exe IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_06\bin\npjpi160_06.dll IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll IE: {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - {DD6687B5-CB43-4211-BFC9-2942CCBDCB3E} - c:\program files\microsoft money\system\mnyside.dll Trusted Zone: alliedinsurance.com\www Trusted Zone: frontbridge.com\spam Trusted Zone: frontbridge.com\webmail Trusted Zone: microsoft.com\*.update Trusted Zone: windowsupdate.com\download DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab DPF: PackageCab - hxxp://ak.imgag.com/imgag/cp/install/AxCtp2.cab DPF: vzTCPConfig - hxxps://www.verizon.net/WhatsNext/CheckMyPc/vzTCPConfig.CAB DPF: {01010200-5E80-11D8-9E86-0007E96C65AE} - hxxp://supportcenter.adelphia.net/sdccommon/download/tgctlins.cab DPF: {01111F00-3E00-11D2-8470-0060089874ED} - hxxp://supportsoft.adelphia.net/sdccommon/download/tgctlins.cab DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxps://activatemyfios.verizon.net/sdcCommon/download/FIOS/Verizon%20FiOS%20Installer.cab DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} - hxxp://www.ipix.com/viewers/ipixx.cab DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204 DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - hxxp://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} - hxxps://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab DPF: {38578BF0-0ABB-11D3-9330-0080C6F796A1} - hxxp://www.imgag.com/cp/install/AxCtp.cab DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} - hxxps://www-secure.symantec.com/techsupp/asa/ctrl/tgctlsi.cab DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} - hxxps://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - hxxps://webdl.symantec.com/activex/symdlmgr.cab DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1152942121593 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab DPF: {A30FBBDC-FA29-4606-8565-14AADCCA6708} - hxxps://photos.riteaid.com/control/RiteAidOneHourPhotoOnline.cab DPF: {A8683C98-5341-421B-B23C-8514C05354F1} - hxxp://photo.walmart.com/photo/uploads/FujifilmUploadClient.cab DPF: {B8E71371-F7F7-11D2-A2CE-0060B0FB9D0D} - hxxp://free.aol.com/tryaolfree/cdt175/aolcdt175.cab DPF: {BB383206-6DA1-4E80-B62A-3DF950FCC697} - hxxp://ak.imgag.com/imgag/cp/install/AxCtp2.cab DPF: {BE5431D2-0F30-11D4-89D9-00C04F509C0A} - hxxps://secure.stamps.com/download/us/cab/stamps/stamps.cab?r=0.409881591796875&file=stamps.cab DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - hxxps://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll Notify: igfxcui - igfxsrvc.dll Notify: OPXPGina - c:\program files\softex\omnipass\opxpgina.dll Notify: WRNotifier - WRLogonNTF.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll LSA: Authentication Packages = msv1_0 c:\windows\system32\pmnnKdec LSA: Notification Packages = scecli scecli scecli scecli scecli ============= SERVICES / DRIVERS =============== R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-6-13 11608] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-6-13 108289] R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-6-13 185089] R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-6-13 55640] R2 BCMNTIO;BCMNTIO;c:\progra~1\checkit\diagno~1\BCMNTIO.sys [2006-4-27 3744] R2 MAPMEM;MAPMEM;c:\progra~1\checkit\diagno~1\MAPMEM.sys [2006-4-27 3904] R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-1-16 24652] R2 WebrootSpySweeperService;Webroot Spy Sweeper Engine;c:\program files\webroot\spy sweeper\SpySweeper.exe [2008-5-28 3572592] S0 tyF73;tyF73;c:\windows\system32\drivers\tyf73.sys --> c:\windows\system32\drivers\tyF73.sys [?] S2 mrtRate;mrtRate; [x] =============== Created Last 30 ================ 2009-06-13 09:47 55,640 a------- c:\windows\system32\drivers\avgntflt.sys 2009-06-13 09:47 <DIR> --d----- c:\program files\Avira 2009-06-13 09:47 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Avira 2009-06-12 15:04 <DIR> --d----- c:\docume~1\alluse~1\applic~1\93734526 2009-06-12 15:04 <DIR> --d----- c:\docume~1\alluse~1\applic~1\13724534 2009-05-22 22:57 20,117 a------- c:\windows\system32\icra.rat ==================== Find3M ==================== 2009-05-26 13:20 40,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys 2009-05-26 13:19 19,096 a------- c:\windows\system32\drivers\mbam.sys 2009-05-07 08:32 345,600 a------- c:\windows\system32\localspl.dll 2009-04-28 21:56 827,392 a------- c:\windows\system32\wininet.dll 2009-04-28 21:55 78,336 a------- c:\windows\system32\ieencode.dll 2009-04-17 05:26 1,847,168 a------- c:\windows\system32\win32k.sys 2009-04-15 07:51 585,216 a------- c:\windows\system32\rpcrt4.dll 2005-10-13 22:01 161,928 a------- c:\documents and settings\all users\FixVundo.exe 2005-07-31 21:25 1,691 a------- c:\program files\ImageMixer VCD DVD2 for OLYMPUS 2.0.lnk 2004-03-27 16:26 56 a--shr-- c:\windows\system32\96F0810076.sys ============= FINISH: 20:32:44.09 =============== And UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT DDS (Ver_09-05-14.01) Microsoft Windows XP Home Edition Boot Device: \Device\HarddiskVolume2 Install Date: 1/30/2004 11:45:07 PM System Uptime: 6/14/2009 6:43:21 PM (2 hours ago) Motherboard: TriGem Computer Inc. | | Glendale motherboard Processor: Intel® Pentium® 4 CPU 2.50GHz | WMT478/NWD | 2486/mhz ==== Disk Partitions ========================= A: is Removable C: is FIXED (NTFS) - 67 GiB total, 44.375 GiB free. D: is FIXED (FAT32) - 7 GiB total, 2.061 GiB free. E: is CDROM () F: is Removable ==== Disabled Device Manager Items ============= Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318} Description: Realtek RTL8139/810x Family Fast Ethernet NIC Device ID: PCI\VEN_10EC&DEV_8139&SUBSYS_3189109F&REV_10\4&2C53C0AE&0&10F0 Manufacturer: Realtek Name: Realtek RTL8139/810x Family Fast Ethernet NIC PNP Device ID: PCI\VEN_10EC&DEV_8139&SUBSYS_3189109F&REV_10\4&2C53C0AE&0&10F0 Service: rtl8139 ==== System Restore Points =================== RP1: 6/11/2009 1:13:46 PM - System Checkpoint RP2: 6/11/2009 1:13:47 PM - System Checkpoint RP3: 6/11/2009 1:13:48 PM - System Checkpoint RP4: 6/11/2009 1:13:48 PM - System Checkpoint RP5: 6/11/2009 1:13:48 PM - System Checkpoint RP6: 6/11/2009 1:13:48 PM - System Checkpoint RP7: 6/11/2009 1:13:48 PM - System Checkpoint RP8: 6/11/2009 1:13:48 PM - System Checkpoint RP9: 6/11/2009 1:13:48 PM - System Checkpoint RP10: 6/11/2009 1:13:48 PM - Software Distribution Service 3.0 RP11: 6/11/2009 1:13:48 PM - Installed Windows XP KB967715. RP12: 6/11/2009 1:13:48 PM - System Checkpoint RP13: 6/11/2009 1:13:48 PM - System Checkpoint RP14: 6/11/2009 1:13:49 PM - System Checkpoint RP15: 6/11/2009 1:13:49 PM - Software Distribution Service 3.0 RP16: 6/11/2009 1:13:49 PM - Installed Windows Media Player 11 KB959772. RP17: 6/11/2009 1:13:49 PM - Installed Windows XP KB958690. RP18: 6/11/2009 1:13:49 PM - Installed Windows XP KB938464-v2. RP19: 6/11/2009 1:13:49 PM - Installed Windows XP KB960225. RP20: 6/11/2009 1:13:50 PM - System Checkpoint RP21: 6/11/2009 1:13:50 PM - System Checkpoint RP22: 6/11/2009 1:13:50 PM - System Checkpoint RP23: 6/11/2009 1:13:50 PM - FiOS Installation RP24: 6/11/2009 1:13:50 PM - System Checkpoint RP25: 6/11/2009 1:13:50 PM - Software Distribution Service 3.0 RP26: 6/11/2009 1:13:51 PM - System Checkpoint RP27: 6/11/2009 1:13:51 PM - System Checkpoint RP28: 6/11/2009 1:13:51 PM - System Checkpoint RP29: 6/11/2009 1:13:52 PM - System Checkpoint RP30: 6/11/2009 1:13:52 PM - System Checkpoint RP31: 6/11/2009 1:13:52 PM - System Checkpoint RP32: 6/11/2009 1:13:52 PM - System Checkpoint RP33: 6/11/2009 1:13:52 PM - System Checkpoint RP34: 6/11/2009 1:13:53 PM - System Checkpoint RP35: 6/11/2009 1:13:53 PM - System Checkpoint RP36: 6/11/2009 1:13:53 PM - System Checkpoint RP37: 6/11/2009 1:13:53 PM - System Checkpoint RP38: 6/11/2009 1:13:53 PM - System Checkpoint RP39: 6/11/2009 1:13:53 PM - System Checkpoint RP40: 6/11/2009 1:13:53 PM - System Checkpoint RP41: 6/11/2009 1:13:53 PM - System Checkpoint RP42: 6/11/2009 1:13:54 PM - Software Distribution Service 3.0 RP43: 6/11/2009 1:13:54 PM - Installed Windows XP KB923561. RP44: 6/11/2009 1:13:54 PM - Installed Windows XP KB960803. RP45: 6/11/2009 1:13:55 PM - Installed Windows XP KB952004. RP46: 6/11/2009 1:13:55 PM - Installed Windows XP KB956572. RP47: 6/11/2009 1:13:55 PM - Installed Windows XP KB963027. RP48: 6/11/2009 1:13:55 PM - Installed Windows XP KB961373. RP49: 6/11/2009 1:13:55 PM - Installed Windows XP KB959426. RP50: 6/11/2009 1:13:55 PM - System Checkpoint RP51: 6/11/2009 1:13:55 PM - System Checkpoint RP52: 6/11/2009 1:13:55 PM - System Checkpoint RP53: 6/11/2009 1:13:55 PM - System Checkpoint RP54: 6/11/2009 1:13:56 PM - System Checkpoint RP55: 6/11/2009 1:13:56 PM - System Checkpoint RP56: 6/11/2009 1:13:56 PM - System Checkpoint RP57: 6/11/2009 1:13:56 PM - System Checkpoint RP58: 6/11/2009 1:13:56 PM - System Checkpoint RP59: 6/11/2009 1:13:56 PM - System Checkpoint RP60: 6/11/2009 1:13:56 PM - System Checkpoint RP61: 6/11/2009 1:13:56 PM - System Checkpoint RP62: 6/11/2009 1:13:56 PM - System Checkpoint RP63: 6/11/2009 1:13:56 PM - System Checkpoint RP64: 6/11/2009 1:13:56 PM - System Checkpoint RP65: 6/11/2009 1:13:56 PM - System Checkpoint RP66: 6/11/2009 1:13:56 PM - System Checkpoint RP67: 6/11/2009 1:13:56 PM - System Checkpoint RP68: 6/11/2009 1:13:56 PM - System Checkpoint RP69: 6/11/2009 1:13:56 PM - System Checkpoint RP70: 6/11/2009 1:13:56 PM - Software Distribution Service 3.0 RP71: 6/11/2009 1:13:56 PM - System Checkpoint RP72: 6/11/2009 1:13:56 PM - System Checkpoint RP73: 6/11/2009 1:13:56 PM - System Checkpoint RP74: 6/11/2009 1:13:56 PM - System Checkpoint RP75: 6/11/2009 1:13:56 PM - System Checkpoint RP76: 6/11/2009 1:13:56 PM - System Checkpoint RP77: 6/11/2009 1:13:56 PM - System Checkpoint RP78: 6/11/2009 1:13:56 PM - System Checkpoint RP79: 6/11/2009 1:13:56 PM - System Checkpoint RP80: 6/11/2009 1:13:56 PM - System Checkpoint RP81: 6/11/2009 1:13:56 PM - System Checkpoint RP82: 6/11/2009 1:13:56 PM - System Checkpoint RP83: 6/11/2009 1:13:56 PM - System Checkpoint RP84: 6/11/2009 1:13:56 PM - System Checkpoint RP85: 6/11/2009 1:13:56 PM - System Checkpoint RP86: 6/11/2009 1:13:56 PM - System Checkpoint RP87: 6/11/2009 1:13:56 PM - System Checkpoint RP88: 6/11/2009 1:13:56 PM - System Checkpoint RP89: 6/11/2009 1:13:56 PM - System Checkpoint RP90: 6/11/2009 1:13:56 PM - System Checkpoint RP91: 6/11/2009 1:13:56 PM - System Checkpoint RP92: 6/11/2009 1:13:56 PM - System Checkpoint RP93: 6/11/2009 1:13:56 PM - System Checkpoint RP94: 6/11/2009 1:13:56 PM - Software Distribution Service 3.0 RP95: 6/11/2009 1:13:56 PM - Installed Windows XP KB968537. RP96: 6/11/2009 1:13:56 PM - Installed Windows XP KB969897. RP97: 6/11/2009 1:13:56 PM - Installed Windows XP KB970238. RP98: 6/11/2009 1:13:56 PM - Installed Windows XP KB969898. RP99: 6/11/2009 1:13:56 PM - Installed Windows XP KB961501. ==== Installed Programs ====================== 5 Spots Accent EXCEL Password Recovery 2.30 Adobe Flash Player 10 ActiveX Adobe Reader 7.0.9 AiO_Scan AIOMinimal Alien Shooter AOL Instant Messenger Apple Mobile Device Support Apple Software Update Authentium AntiVirus SDK - 2 Avira AntiVir Personal - Free Antivirus Ballistik Balloon Blast Bonjour CheckIt Diagnostics Copy CreativeProjects Critical Update for Windows Media Player 11 (KB959772) Director DivX Player DivX Pro Codec Adware DocProc Enhanced Multimedia Keyboard Solution ERUNT 1.1j Family Feud Holidays fbmgamesetup Toolbar Freaky Freezeday Funkiball GdiplusUpgrade Glenn's Premier Software Google Earth Google Toolbar for Internet Explorer HijackThis 2.0.2 Hotfix for Windows Internet Explorer 7 (KB947864) Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix for Windows Media Format SDK (KB902344) Hotfix for Windows Media Player 11 (KB939683) Hotfix for Windows XP (KB952287) HP Deskjet Preloaded Printer Drivers HP Image Zone 3.5 HP Instant Support HP Organize HP Photo and Imaging 2.0 - Photosmart Cameras HP PSC & OfficeJet 3.5 HP Software Update HPImageZone HPIZ Fix2 hpmdtab HpSdpAppCoreApp HPSystemDiagnostics ImageMixer VCD/DVD2 for OLYMPUS Inspector-Parker Intel® Extreme Graphics Driver IntelliMover Data Transfer Demo iTunes Java 6 Update 2 Java 6 Update 3 Java 6 Update 6 Java SE Runtime Environment 6 Update 1 Jigsaw Deluxe Nickelodeon Logitech Desktop Messenger Logitech iTouch Software Logitech MouseWare 9.75 Logitech Resource Center Luxor Macromedia Shockwave Player Mah Jong Quest Malwarebytes' Anti-Malware Marble Blast MasterSplitter Program Memories Disc Creator 2.0 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Hotfix (KB928366) Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Data Access Components KB870669 Microsoft Internationalized Domain Names Mitigation APIs Microsoft Money 2003 Microsoft Money 2003 System Pack Microsoft National Language Support Downlevel APIs Microsoft Office 2000 Premium Microsoft Office PowerPoint Viewer 2003 Microsoft Plus! Digital Media Edition Microsoft Streets and Trips 2004 Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual J# .NET Redistributable Package 1.1 Microsoft Works 7.0 Moyea FLV Player version 1.5.2.7 MSN Music Assistant MSXML 4.0 SP2 (KB925672) MSXML 4.0 SP2 (KB927978) MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 (KB954430) MUSICMATCH

I have tried several scans and removed the viruses and malware,but, when going to bing or yahoo for searches the initial topic search list the results and when I proceed to click the item I get redirected to other sites . Please find my malwarebytes' log along with the HJT logs. THX PS Malwarebytes' Anti-Malware 1.37 Database version: 2271 Windows 5.1.2600 Service Pack 3 6/13/2009 9:21:22 PM mbam-log-2009-06-13 (21-21-22).txt Scan type: Full Scan (C:\|D:\|) Objects scanned: 257712 Time elapsed: 51 minute(s), 6 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:10:39 PM, on 6/13/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16850) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\system32\bgsvcgen.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe C:\Program Files\Common Files\Motive\McciCMService.exe C:\Program Files\Softex\OmniPass\Omniserv.exe C:\WINDOWS\System32\HPZipm12.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\Program Files\Softex\OmniPass\OPXPApp.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\windows\system\hpsysdrv.exe C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Verizon\McciTrayApp.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\taskmgr.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://calbanktrust.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us9.hpwis.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://us9.hpwis.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Road Runner High Speed Online R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {6E2ACE37-CF69-4DF0-AD17-C07A90DFB7F7} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.9.0\ViewBarBHO.dll O2 - BHO: (no name) - {D404CB63-461C-4797-8E18-F10BC5D6D824} - (no file) O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpdtlk02.dll O3 - Toolbar: (no name) - {301c19bc-4368-46a4-8fbd-a0e9d0dcd4f7} - (no file) O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.9.0\IEViewBar.dll O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE O4 - HKLM\..\Run: [CamMonitor] "c:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe" O4 - HKLM\..\Run: [HPHUPD05] "c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Verizon_McciTrayApp] "C:\Program Files\Verizon\McciTrayApp.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [spybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-21-326441947-1957948835-3910647482-1008\..\Run: [backupNotify] "c:\Program Files\Hewlett-Packard\Digital Imaging\bin\backupnotify.exe" (User 'Mom') O4 - HKUS\S-1-5-21-326441947-1957948835-3910647482-1008\..\Run: [OM_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe" -NoStart (User 'Mom') O4 - HKUS\S-1-5-21-326441947-1957948835-3910647482-1008\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Mom') O4 - HKUS\S-1-5-21-326441947-1957948835-3910647482-1008\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Mom') O4 - HKUS\S-1-5-21-326441947-1957948835-3910647482-1010\..\Run: [OM_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe" -NoStart (User 'MATT') O4 - HKUS\S-1-5-21-326441947-1957948835-3910647482-1010\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime (User 'MATT') O4 - HKUS\S-1-5-21-326441947-1957948835-3910647482-500\..\Run: [backupNotify] c:\Program Files\Hewlett-Packard\Digital Imaging\bin\backupnotify.exe (User 'Administrator') O4 - S-1-5-21-326441947-1957948835-3910647482-500 Startup: mod_sm.lnk.disabled (User 'Administrator') O4 - S-1-5-21-326441947-1957948835-3910647482-500 User Startup: mod_sm.lnk.disabled (User 'Administrator') O4 - .DEFAULT User Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'Default user') O4 - Global Startup: Microsoft Office.lnk.disabled O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar V35\ViewBar.dll/CXTSEARCH.HTML O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\npjpi160_06.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\npjpi160_06.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing) O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing) O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: http://www.alliedinsurance.com O15 - Trusted Zone: http://download.windowsupdate.com O16 - DPF: PackageCab - http://ak.imgag.com/imgag/cp/install/AxCtp2.cab O16 - DPF: vzTCPConfig - https://www.verizon.net/WhatsNext/CheckMyPc/vzTCPConfig.CAB O16 - DPF: {01010200-5E80-11D8-9E86-0007E96C65AE} - http://supportcenter.adelphia.net/sdccommo...ad/tgctlins.cab O16 - DPF: {01111F00-3E00-11D2-8470-0060089874ED} - http://supportsoft.adelphia.net/sdccommon/...ad/tgctlins.cab O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemyfios.verizon.net/sdcCommo...20Installer.cab O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} - http://www.ipix.com/viewers/ipixx.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/as...rl/SymAData.cab O16 - DPF: {38578BF0-0ABB-11D3-9330-0080C6F796A1} (Create & Print ActiveX Plug-in) - http://www.imgag.com/cp/install/AxCtp.cab O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - https://www-secure.symantec.com/techsupp/as...trl/tgctlsi.cab O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/as...abs/tgctlsr.cab O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1152942121593 O16 - DPF: {A30FBBDC-FA29-4606-8565-14AADCCA6708} - https://photos.riteaid.com/control/RiteAidO...PhotoOnline.cab O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} - http://photo.walmart.com/photo/uploads/Fuj...ploadClient.cab O16 - DPF: {B8E71371-F7F7-11D2-A2CE-0060B0FB9D0D} - http://free.aol.com/tryaolfree/cdt175/aolcdt175.cab O16 - DPF: {BB383206-6DA1-4E80-B62A-3DF950FCC697} (Create & Print ActiveX Plug-in) - http://ak.imgag.com/imgag/cp/install/AxCtp2.cab O16 - DPF: {BE5431D2-0F30-11D4-89D9-00C04F509C0A} - https://secure.stamps.com/download/us/cab/s...file=stamps.cab O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} (Java Plug-in 1.4.2_03) - O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} (Java Plug-in 1.5.0_06) - O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - https://www-secure.symantec.com/techsupp/as...rl/SymAData.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flas...ent/swflash.cab O20 - Winlogon Notify: rqRHaWQi - C:\WINDOWS\ O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: Radialpoint Unicorn Update Service (RPSUpdaterR) - Radialpoint Inc. - C:\Program Files\Verizon\PC Security Checkup\rpsupdaterR.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe -- End of file - 13594 bytes