LesleyA

my disk cleanup looks different

Was out of the house ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK # version=6 # iexplore.exe=7.00.6000.16876 (vista_gdr.090625-2339) # OnlineScanner.ocx=1.0.0.6048 # api_version=3.0.2 # EOSSerial=f989cc4127c9b743984c06c5083f17f2 # end=finished # remove_checked=false # archives_checked=false # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2009-08-19 12:45:43 # local_time=2009-08-18 08:45:43 (-0500, Eastern Daylight Time) # country="United States" # lang=1033 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=1797 37 100 100 877459531250 # scanned=281960 # found=11 # cleaned=0 # scan_time=4242 C:\HaxFix.exe multiple threats 00000000000000000000000000000000 I C:\Documents and Settings\lesleya\Desktop\haxfix.exe multiple threats 00000000000000000000000000000000 I C:\Documents and Settings\lesleya\Desktop\SmitfraudFix\Process.exe Win32/PrcView application 00000000000000000000000000000000 I C:\Documents and Settings\lesleya\Desktop\SmitfraudFix\restart.exe Win32/Shutdown.NAA application 00000000000000000000000000000000 I C:\Documents and Settings\lesleya\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache\f_000409 multiple threats 00000000000000000000000000000000 I C:\Documents and Settings\lesleya\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache\f_000791 multiple threats 00000000000000000000000000000000 I C:\Documents and Settings\lesleya\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache\f_000792 multiple threats 00000000000000000000000000000000 I C:\Documents and Settings\lesleya\My Documents\personal\ARINC\MyDocuments\2006-12-15\ipscan.exe Win32/NetTool.Portscan.C application 00000000000000000000000000000000 I C:\HaxFix\process.exe Win32/PrcView application 00000000000000000000000000000000 I C:\HaxFix\reboot.exe Win32/Reboot.NAA application 00000000000000000000000000000000 I C:\Qoobox\Quarantine\C\WINDOWS\system32\temp.exe.vir Win32/Adware.PrivacyCenter application 00000000000000000000000000000000 I

I went with:

FYI - ESET screen has changed it seems

Malwarebytes' Anti-Malware 1.40 Database version: 2651 Windows 5.1.2600 Service Pack 3 8/18/2009 7:25:50 PM mbam-log-2009-08-18 (19-25-50).txt Scan type: Quick Scan Objects scanned: 121823 Time elapsed: 9 minute(s), 46 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)

ComboFix 09-08-10.06 - lesleya 08/17/2009 21:43.3.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.679 [GMT -4:00] Running from: c:\documents and settings\lesleya\Desktop\ComboFix.exe AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\zcjmwtk.dll c:\windows\system32\zcjmwtk.dll.bak D:\Autorun.inf . ((((((((((((((((((((((((( Files Created from 2009-07-18 to 2009-08-18 ))))))))))))))))))))))))))))))) . 2009-08-18 01:30 . 2009-08-18 01:41 -------- d-----w- c:\program files\DraftDominator 2009-08-18 00:59 . 2009-08-18 00:59 3942048 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe 2009-08-18 00:46 . 2009-08-18 00:46 -------- d-----w- c:\documents and settings\All Users\Application Data\id Software 2009-08-11 23:47 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll 2009-08-05 09:01 . 2009-08-05 09:01 204800 -c----w- c:\windows\system32\dllcache\mswebdvd.dll 2009-08-05 02:57 . 2009-08-05 02:57 -------- d-sh--w- C:\found.000 2009-08-05 00:54 . 2009-08-05 00:56 -------- d-----w- C:\HaxFix 2009-08-05 00:54 . 2009-08-05 00:55 485902 ----a-w- C:\HaxFix.exe 2009-08-04 23:24 . 2009-08-04 23:24 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\bfqovzes 2009-08-04 23:24 . 2009-08-04 23:24 -------- d-----w- c:\documents and settings\NetworkService\Application Data\bfqovzes 2009-08-04 11:30 . 2009-08-05 00:41 -------- d-----w- c:\program files\PrivacyCenter 2009-08-04 00:49 . 2009-08-04 00:49 -------- d-----w- c:\program files\Trend Micro 2009-08-02 14:39 . 2009-08-02 14:39 -------- d-----w- c:\windows\system32\en 2009-07-31 01:29 . 2009-08-08 01:32 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2009-07-31 01:29 . 2009-03-30 14:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys 2009-07-31 01:29 . 2009-02-13 16:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys 2009-07-31 01:29 . 2009-02-13 16:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys 2009-07-31 01:29 . 2009-07-31 01:29 -------- d-----w- c:\program files\Avira 2009-07-31 01:29 . 2009-07-31 01:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira 2009-07-31 00:40 . 2009-07-31 00:40 -------- d-----w- C:\_OTM 2009-07-23 05:26 . 2009-07-23 05:26 19915 ----a-w- c:\windows\system32\drivers\AegisP.sys 2009-07-23 05:26 . 2005-04-21 19:56 242176 ----a-w- c:\windows\system32\rt2500.sys 2009-07-23 05:26 . 2003-10-13 19:30 94208 ----a-w- c:\windows\system32\GTW32N50.dll 2009-07-23 05:26 . 2003-09-26 02:15 15872 ----a-w- c:\windows\system32\GTNDIS5.sys 2009-07-23 05:26 . 2009-07-23 05:26 -------- d-----w- c:\program files\Linksys Wireless-G PCI Wireless Network Monitor 2009-07-23 05:26 . 2005-02-01 22:18 17992 ----a-w- c:\windows\system32\bcm42rly.sys 2009-07-23 05:25 . 2009-07-23 05:25 -------- d-----w- C:\Linksys Driver . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-08-18 01:42 . 2006-10-17 02:17 -------- d-----w- c:\program files\Trillian 2009-08-18 00:59 . 2009-07-17 22:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-08-18 00:46 . 2008-08-09 20:10 -------- d-----w- c:\documents and settings\lesleya\Application Data\id Software 2009-08-18 00:46 . 2007-09-21 02:21 111928 ----a-w- c:\windows\system32\PnkBstrB.exe 2009-08-18 00:46 . 2008-04-20 23:56 2373712 ----a-w- c:\windows\system32\pbsvc.exe 2009-08-18 00:46 . 2007-09-21 02:21 75064 ----a-w- c:\windows\system32\PnkBstrA.exe 2009-08-12 07:15 . 2007-06-26 22:08 -------- d-----w- c:\documents and settings\lesleya\Application Data\uTorrent 2009-08-09 10:30 . 2008-04-14 04:32 -------- d-----w- c:\documents and settings\lesleya\Application Data\mIRC 2009-08-08 00:37 . 2008-04-14 04:32 -------- d-----w- c:\program files\mIRC 2009-08-05 09:01 . 2001-08-23 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll 2009-08-03 17:36 . 2009-07-17 22:38 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-08-03 17:36 . 2009-07-17 22:38 19096 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-08-02 14:31 . 2009-08-02 14:31 0 ----atw- c:\windows\007348_.tmp 2009-07-31 00:59 . 2009-07-15 23:45 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8 2009-07-31 00:33 . 2009-01-25 21:11 -------- d-----w- c:\program files\Microsoft Silverlight 2009-07-23 05:26 . 2006-10-14 22:52 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-07-17 22:38 . 2009-07-17 22:38 -------- d-----w- c:\documents and settings\lesleya\Application Data\Malwarebytes 2009-07-17 22:38 . 2009-07-17 22:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-07-17 19:01 . 2001-08-23 12:00 58880 ----a-w- c:\windows\system32\atl.dll 2009-07-14 03:43 . 2004-08-04 07:56 286208 ----a-w- c:\windows\system32\wmpdxm.dll 2009-07-06 18:01 . 2009-07-06 18:01 2373712 ----a-w- c:\documents and settings\All Users\Application Data\id Software\QuakeLive\pbsvc.exe 2009-06-29 16:12 . 2004-01-08 19:23 827392 ----a-w- c:\windows\system32\wininet.dll 2009-06-29 16:12 . 2004-08-04 07:56 78336 ----a-w- c:\windows\system32\ieencode.dll 2009-06-29 16:12 . 2001-08-23 12:00 17408 ----a-w- c:\windows\system32\corpol.dll 2009-06-23 11:16 . 2007-11-08 01:10 -------- d-----w- c:\documents and settings\lesleya\Application Data\FileZilla 2009-06-16 14:36 . 2001-08-23 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll 2009-06-16 14:36 . 2001-08-23 12:00 119808 ------w- c:\windows\system32\t2embed.dll 2009-06-12 12:31 . 2001-08-23 12:00 80896 ----a-w- c:\windows\system32\tlntsess.exe 2009-06-12 12:31 . 2001-08-23 12:00 76288 ----a-w- c:\windows\system32\telnet.exe 2009-06-10 14:13 . 2001-08-23 12:00 84992 ----a-w- c:\windows\system32\avifil32.dll 2009-06-10 13:19 . 2006-10-13 20:34 2066432 ----a-w- c:\windows\system32\mstscax.dll 2009-06-10 06:14 . 2001-08-23 12:00 132096 ----a-w- c:\windows\system32\wkssvc.dll 2009-06-03 19:09 . 2001-08-23 12:00 1291264 ----a-w- c:\windows\system32\quartz.dll 2006-11-30 01:46 . 2006-11-30 01:46 60518 ----a-w- c:\program files\mozilla firefox\components\jar50.dll 2006-11-30 01:47 . 2006-11-30 01:47 49248 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll 2006-11-30 01:46 . 2006-11-30 01:46 165992 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll 2006-05-03 10:06 . 2008-02-03 16:15 163328 --sh--r- c:\windows\system32\flvDX.dll 2007-02-21 11:47 . 2008-02-03 16:15 31232 --sh--r- c:\windows\system32\msfDX.dll 2007-12-17 13:43 . 2008-02-03 16:15 27648 --sh--w- c:\windows\system32\Smab0.dll . ((((((((((((((((((((((((((((( SnapShot@2009-08-05_01.51.33 ))))))))))))))))))))))))))))))))))))))))) . - 2006-10-13 23:43 . 2007-08-11 00:46 26488 c:\windows\system32\spupdsvc.exe + 2006-10-13 23:43 . 2007-07-27 14:41 26488 c:\windows\system32\spupdsvc.exe - 2006-12-18 04:55 . 2007-11-30 12:39 17272 c:\windows\system32\spmsg.dll + 2006-12-18 04:55 . 2008-07-08 13:02 17272 c:\windows\system32\spmsg.dll + 2009-06-12 12:31 . 2009-06-12 12:31 80896 c:\windows\system32\dllcache\tlntsess.exe + 2009-06-12 12:31 . 2009-06-12 12:31 76288 c:\windows\system32\dllcache\telnet.exe + 2009-06-10 14:13 . 2009-06-10 14:13 84992 c:\windows\system32\dllcache\avifil32.dll + 2009-07-17 19:01 . 2009-07-17 19:01 58880 c:\windows\system32\dllcache\atl.dll + 2006-10-13 20:39 . 2009-08-05 01:49 81920 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat - 2006-10-13 20:39 . 2009-08-05 01:13 81920 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat + 2006-10-13 20:39 . 2009-08-05 01:49 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat - 2006-10-13 20:39 . 2009-08-05 01:13 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat + 2009-08-18 00:29 . 2009-08-18 00:33 2204 c:\windows\SoftwareDistribution\EventCache\{973A3C9D-A183-4A5D-970F-82F4A688C742}.bin - 2008-07-07 00:41 . 2009-08-05 01:51 223931 c:\windows\system32\inetsrv\MetaBase.bin + 2008-07-07 00:41 . 2009-08-18 01:19 223931 c:\windows\system32\inetsrv\MetaBase.bin + 2004-08-04 07:56 . 2009-07-14 03:43 286208 c:\windows\system32\dllcache\wmpdxm.dll + 2009-06-10 06:14 . 2009-06-10 06:14 132096 c:\windows\system32\dllcache\wkssvc.dll + 2009-08-18 00:46 . 2009-08-18 00:46 214528 c:\windows\Installer\11d970.msi + 2009-06-10 13:19 . 2009-06-10 13:19 2066432 c:\windows\system32\dllcache\mstscax.dll + 2004-08-04 07:56 . 2009-07-14 03:43 10841088 c:\windows\system32\wmp.dll + 2006-10-13 21:42 . 2009-07-30 00:49 24281536 c:\windows\system32\MRT.exe + 2004-08-04 07:56 . 2009-07-14 03:43 10841088 c:\windows\system32\dllcache\wmp.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-28 68856] "Google Update"="c:\documents and settings\lesleya\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-06-24 133104] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-09-17 8491008] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-09-17 81920] "itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2008-06-10 1442888] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2008-06-10 1406024] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-01 282624] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] Psi.lnk - c:\program files\Psi\psi.exe [2006-1-11 1667072] Trillian.lnk - c:\program files\Trillian\trillian.exe [2009-7-16 1873272] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\uTorrent\\utorrent.exe"= "c:\\WINDOWS\\system32\\PnkBstrA.exe"= "c:\\WINDOWS\\system32\\PnkBstrB.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\Trillian\\trillian.exe"= "c:\\Program Files\\mIRC\\mirc.exe"= "c:\\Program Files\\Psi\\psi.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings] "AllowInboundEchoRequest"= 1 (0x1) R1 RCFOX;SonicWALL IPsec Driver;c:\windows\system32\drivers\RCFOX.SYS [11/22/2007 1:39 AM 101528] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [7/30/2009 9:29 PM 108289] S3 rcvpn;SonicWALL VPN Adapter;c:\windows\system32\drivers\rcvpn.sys [11/22/2007 1:38 AM 24876] . Contents of the 'Scheduled Tasks' folder 2009-08-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-436374069-606747145-725345543-1003Core.job - c:\documents and settings\lesleya\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-06-24 23:52] 2009-08-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-436374069-606747145-725345543-1003UA.job - c:\documents and settings\lesleya\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-06-24 23:52] . - - - - ORPHANS REMOVED - - - - BHO-{8FBE2BC0-A5AB-4CE1-A812-5DAC4F035018} - c:\windows\system32\zcjmwtk.dll . ------- Supplementary Scan ------- . IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\lesleya\Application Data\Mozilla\Firefox\Profiles\agi1jkw5.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FF - prefs.js: browser.search.selectedEngine - Google FF - component: c:\documents and settings\lesleya\Application Data\Mozilla\Firefox\Profiles\agi1jkw5.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar.dll FF - component: c:\documents and settings\lesleya\Application Data\Mozilla\Firefox\Profiles\agi1jkw5.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\metrics.dll FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://branding/content/searchconfig.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://branding/content/searchconfig.properties"); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-08-17 21:50 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(968) c:\windows\system32\Ati2evxx.dll . Completion time: 2009-08-18 21:54 ComboFix-quarantined-files.txt 2009-08-18 01:54 ComboFix2.txt 2009-08-05 02:43 ComboFix3.txt 2009-08-05 02:02 Pre-Run: 26,824,826,880 bytes free Post-Run: 26,784,755,712 bytes free Current=2 Default=2 Failed=3 LastKnownGood=5 Sets=2,3,4,5 193 --- E O F --- 2009-08-12 07:10

Malwarebytes' Anti-Malware 1.40 Database version: 2644 Windows 5.1.2600 Service Pack 3 8/17/2009 9:15:07 PM mbam-log-2009-08-17 (21-15-07).txt Scan type: Quick Scan Objects scanned: 122248 Time elapsed: 13 minute(s), 57 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 5 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 1 Files Infected: 3 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\lxyfqgiq (Rootkit.Agent.Z) -> Delete on reboot. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\lxyfqgiq (Rootkit.Agent.Z) -> Delete on reboot. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\lxyfqgiq (Rootkit.Agent.Z) -> Delete on reboot. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\lxyfqgiq (Rootkit.Agent.Z) -> Delete on reboot. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lxyfqgiq (Rootkit.Agent.Z) -> Delete on reboot. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: C:\Documents and Settings\All Users\Application Data\19911254 (Rogue.Multiple) -> Quarantined and deleted successfully. Files Infected: C:\WINDOWS\system32\Drivers\lxyfqgiq.sys (Rootkit.Agent.Z) -> Quarantined and deleted successfully. C:\WINDOWS\meta4.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\19911254\19911254 (Rogue.Multiple) -> Quarantined and deleted successfully. If you could send me a PM when you get to this, I would appreciate it. Thanks

Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:56:11, on 8/17/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16876) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Juniper Networks\Common Files\dsNcService.exe C:\WINDOWS\system32\inetsrv\inetinfo.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Microsoft IntelliType Pro\itype.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Psi\psi.exe C:\Program Files\Trillian\trillian.exe C:\WINDOWS\System32\svchost.exe C:\Documents and Settings\lesleya\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\WINDOWS\system32\wscntfy.exe C:\Documents and Settings\lesleya\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\WINDOWS\system32\msiexec.exe C:\WINDOWS\system32\PnkBstrA.exe C:\Documents and Settings\lesleya\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\lesleya\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\lesleya\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\lesleya\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 O2 - BHO: (no name) - {8FBE2BC0-A5AB-4CE1-A812-5DAC4F035018} - c:\windows\system32\zcjmwtk.dll (file missing) O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe" O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\lesleya\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p O4 - Startup: Psi.lnk = C:\Program Files\Psi\psi.exe O4 - Startup: Trillian.lnk = C:\Program Files\Trillian\trillian.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1160772877085 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1204906654406 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://sslvpn.comcast.net/dana-cached/setu...perSetupSP1.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: SonicWall VPN Client Service (RampartSvc) - SonicWALL, Inc. - C:\Program Files\SonicWALL\SonicWALL Global VPN Client\RampartSvc.exe O23 - Service: WMP54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe -- End of file - 6943 bytes

Since combofix requested in the log I run it again

I ran combofix myself as im out of options here is the log

latest Malwarebytes log

Sorry for bumping my own thread. When I got home from work I get a "Gay Porn" splash screen with lots of different popups. There was some sort of email address popup which looked like a list of addresses to send to. Also, something tried to run Outlook as I dont have it installed and the default screens to install Outlook Express 2002 came up. Also, upon reboot I get an audio message of a female voice: "Serious System Error" and some sort "Privacy Center" screens. Please help

AV keeps finding a Virus at each daily scan. It says it cant delete it, and will rename/quarintine. Each time I run Malwarebytes it fins about 17 issues. It requires a reboot to delete things. After the reboot, it again finds the same issues and requires a reboot. Here are the attached logs. Thanks for ANY help you guys can give me! FWIW - My guess is these 2 files (from the malwarebytes log. I dont know what to do to fix them though: O20 - Winlogon Notify: ldawujme - C:\WINDOWS\SYSTEM32\zcjmwtk.dll O20 - Winlogon Notify: rbadzm - rbadzm.dll (file missing)