cls123

I dont think the computer is showing anymore signs of infection. The search went back to normal and I will post back if anything comes up again. Thanks.

ran another scan with avira and it picked up these Avira AntiVir Personal Report file date: Thursday, February 05, 2009 16:43 Scanning for 1317607 virus strains and unwanted programs. Licensed to: Avira AntiVir PersonalEdition Classic Serial number: 0000149996-ADJIE-0001 Platform: Windows XP Windows version: (Service Pack 2) [5.1.2600] Boot mode: Normally booted Username: SYSTEM Computer name: USER-JYHXSUGSQJ Version information: BUILD.DAT : 8.2.0.337 16934 Bytes 11/18/2008 13:05:00 AVSCAN.EXE : 8.1.4.10 315649 Bytes 11/18/2008 14:21:26 AVSCAN.DLL : 8.1.4.0 40705 Bytes 5/26/2008 13:56:40 LUKE.DLL : 8.1.4.5 164097 Bytes 6/12/2008 18:44:19 LUKERES.DLL : 8.1.4.0 12033 Bytes 5/26/2008 13:58:52 ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 10/27/2008 17:30:36 ANTIVIR1.VDF : 7.1.1.113 2817536 Bytes 1/14/2009 22:34:50 ANTIVIR2.VDF : 7.1.1.207 1359360 Bytes 1/30/2009 22:34:59 ANTIVIR3.VDF : 7.1.1.234 237056 Bytes 2/5/2009 21:41:26 Engineversion : 8.2.0.74 AEVDF.DLL : 8.1.1.0 106868 Bytes 1/31/2009 22:35:18 AESCRIPT.DLL : 8.1.1.42 344441 Bytes 2/4/2009 22:21:59 AESCN.DLL : 8.1.1.6 127348 Bytes 1/31/2009 22:35:15 AERDL.DLL : 8.1.1.3 438645 Bytes 11/4/2008 19:58:38 AEPACK.DLL : 8.1.3.8 397684 Bytes 2/4/2009 22:21:58 AEOFFICE.DLL : 8.1.0.33 196987 Bytes 1/31/2009 22:35:12 AEHEUR.DLL : 8.1.0.90 1573237 Bytes 2/4/2009 22:21:55 AEHELP.DLL : 8.1.2.0 119159 Bytes 1/31/2009 22:35:06 AEGEN.DLL : 8.1.1.12 328053 Bytes 1/31/2009 22:35:03 AEEMU.DLL : 8.1.0.9 393588 Bytes 10/14/2008 16:05:56 AECORE.DLL : 8.1.6.4 176501 Bytes 2/2/2009 22:33:16 AEBB.DLL : 8.1.0.3 53618 Bytes 10/14/2008 16:05:56 AVWINLL.DLL : 1.0.0.12 15105 Bytes 7/9/2008 14:40:05 AVPREF.DLL : 8.0.2.0 38657 Bytes 5/16/2008 15:28:01 AVREP.DLL : 8.0.0.2 98344 Bytes 7/31/2008 18:02:15 AVREG.DLL : 8.0.0.1 33537 Bytes 5/9/2008 17:26:40 AVARKT.DLL : 1.0.0.23 307457 Bytes 2/12/2008 14:29:23 AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 6/12/2008 18:27:49 SQLITE3.DLL : 3.3.17.1 339968 Bytes 1/22/2008 23:28:02 SMTPLIB.DLL : 1.2.0.23 28929 Bytes 6/12/2008 18:49:40 NETNT.DLL : 8.0.0.1 7937 Bytes 1/25/2008 18:05:10 RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 6/12/2008 19:48:07 RCTEXT.DLL : 8.0.52.0 86273 Bytes 6/27/2008 19:34:37 Configuration settings for the scan: Jobname..........................: Complete system scan Configuration file...............: C:\Program Files\Avira\AntiVir PersonalEdition Classic\sysscan.avp Logging..........................: low Primary action...................: interactive Secondary action.................: ignore Scan master boot sector..........: on Scan boot sector.................: on Boot sectors.....................: C:, Process scan.....................: on Scan registry....................: on Search for rootkits..............: off Scan all files...................: Intelligent file selection Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Macro heuristic..................: on File heuristic...................: medium Start of the scan: Thursday, February 05, 2009 16:43 The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'shellmon.exe' - '1' Module(s) have been scanned Scan process 'wuauclt.exe' - '1' Module(s) have been scanned Scan process 'wuauclt.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'alg.exe' - '1' Module(s) have been scanned Scan process 'hposts08.exe' - '1' Module(s) have been scanned Scan process 'msiexec.exe' - '1' Module(s) have been scanned Scan process 'iPodService.exe' - '1' Module(s) have been scanned Scan process 'aolsoftware.exe' - '1' Module(s) have been scanned Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned Scan process 'wmpnetwk.exe' - '1' Module(s) have been scanned Scan process 'wanmpsvc.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'snmp.exe' - '1' Module(s) have been scanned Scan process 'tcpsvcs.exe' - '1' Module(s) have been scanned Scan process 'jqs.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'aoltpspd.exe' - '1' Module(s) have been scanned Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned Scan process 'aoltsmon.exe' - '1' Module(s) have been scanned Scan process 'AOLacsd.exe' - '1' Module(s) have been scanned Scan process 'avguard.exe' - '1' Module(s) have been scanned Scan process 'hpoevm08.exe' - '1' Module(s) have been scanned Scan process 'NintendoWFCReg.exe' - '1' Module(s) have been scanned Scan process 'WkCalRem.exe' - '1' Module(s) have been scanned Scan process 'SchSvr.exe' - '1' Module(s) have been scanned Scan process 'hpohmr08.exe' - '1' Module(s) have been scanned Scan process 'waol.exe' - '1' Module(s) have been scanned Scan process 'wmpnscfg.exe' - '1' Module(s) have been scanned Scan process 'NMBgMonitor.exe' - '1' Module(s) have been scanned Scan process 'ctfmon.exe' - '1' Module(s) have been scanned Scan process 'msmsgs.exe' - '1' Module(s) have been scanned Scan process 'jusched.exe' - '1' Module(s) have been scanned Scan process 'reader_sl.exe' - '1' Module(s) have been scanned Scan process 'avgnt.exe' - '1' Module(s) have been scanned Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned Scan process 'igfxpers.exe' - '1' Module(s) have been scanned Scan process 'hkcmd.exe' - '1' Module(s) have been scanned Scan process 'FastTVSync.exe' - '1' Module(s) have been scanned Scan process 'AOLDial.exe' - '1' Module(s) have been scanned Scan process 'aolsoftware.exe' - '1' Module(s) have been scanned Scan process 'wkssb.exe' - '1' Module(s) have been scanned Scan process 'sched.exe' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'spoolsv.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 56 processes with 56 modules were scanned Starting master boot sector scan: Master boot sector HD0 [iNFO] No virus was found! Start scanning boot sectors: Boot sector 'C:\' [iNFO] No virus was found! Starting to scan the registry. The registry was scanned ( '70' files ). Starting the file scan: Begin scan in 'C:\' C:\pagefile.sys [WARNING] The file could not be opened! C:\Documents and Settings\All Users\Application Data\AOL Downloads\ssc_suite_installer_1.210.2.4_suite\comps\avinst.exe [0] Archive type: NSIS --> [unknownDir] [1] Archive type: CAB (Microsoft) --> mcscan32.vxd [WARNING] No further files can be extracted from this archive. The archive will be closed C:\Program Files\Common Files\AOL\Backup\ACS\Rollback\Suite\comps\acslaeu.exe [0] Archive type: NSIS --> [PluginsDir]/utility.dll [DETECTION] Is the TR/StartPage.21845.K Trojan [NOTE] The file was moved to '49fe61b7.qua'! C:\Program Files\Common Files\AOL\Backup\ACS\Rollback\Suite\comps\acslang.exe [0] Archive type: NSIS --> [PluginsDir]/utility.dll [DETECTION] Is the TR/StartPage.HMG Trojan [NOTE] The file was moved to '49fe61bd.qua'! C:\Program Files\Common Files\AOL\Backup\ACS\Rollback\Suite\comps\acsrollb.exe [0] Archive type: NSIS --> [PluginsDir]/utility.dll [DETECTION] Is the TR/StartPage.HMI Trojan [NOTE] The file was moved to '49fe61c3.qua'! C:\System Volume Information\_restore{3661949D-142F-4A71-84D7-9EE6222155B6}\RP4\A0001499.exe [0] Archive type: NSIS --> [PluginsDir]/utility.dll [DETECTION] Is the TR/StartPage.21845.K Trojan [NOTE] The file was moved to '49bb635b.qua'! C:\System Volume Information\_restore{3661949D-142F-4A71-84D7-9EE6222155B6}\RP4\A0001500.exe [0] Archive type: NSIS --> [PluginsDir]/utility.dll [DETECTION] Is the TR/StartPage.HMG Trojan [NOTE] The file was moved to '49bb635c.qua'! C:\System Volume Information\_restore{3661949D-142F-4A71-84D7-9EE6222155B6}\RP4\A0001501.exe [0] Archive type: NSIS --> [PluginsDir]/utility.dll [DETECTION] Is the TR/StartPage.HMI Trojan [NOTE] The file was moved to '49bb635d.qua'! End of the scan: Thursday, February 05, 2009 17:19 Used time: 36:13 Minute(s) The scan has been done completely. 7722 Scanning directories 184758 Files were scanned 6 viruses and/or unwanted programs were found 0 Files were classified as suspicious: 0 files were deleted 0 files were repaired 6 files were moved to quarantine 0 files were renamed 1 Files cannot be scanned 184751 Files not concerned 1507 Archives were scanned 2 Warnings 6 Notes ______________________ I think avira detects these because I dont have a software firewall. Can you guide me to one that works with avira, malwarebytes', spybot search and destroy and ad-aware?

Here is the combofix logs just in case ComboFix 09-02-04.04 - User 2009-02-05 15:50:43.2 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1263.791 [GMT -5:00] Running from: c:\documents and settings\User\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\User\Desktop\CFscript.txt AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated) * Created a new restore point . ((((((((((((((((((((((((( Files Created from 2009-01-05 to 2009-02-05 ))))))))))))))))))))))))))))))) . 2009-02-04 16:57 . 2009-02-04 16:57 <DIR> d-------- c:\program files\CCleaner 2009-02-02 15:21 . 2009-02-02 15:20 410,984 --a------ c:\windows\system32\deploytk.dll 2009-02-02 15:21 . 2009-02-02 15:20 73,728 --a------ c:\windows\system32\javacpl.cpl 2009-02-02 15:20 . 2009-02-02 15:20 <DIR> d-------- c:\program files\Java 2009-01-31 17:30 . 2009-01-31 17:30 <DIR> d-------- c:\program files\Avira 2009-01-31 17:30 . 2009-01-31 17:30 <DIR> d-------- c:\documents and settings\All Users\Application Data\Avira 2009-01-31 11:59 . 2009-01-31 11:59 <DIR> d-------- c:\program files\Trend Micro 2009-01-18 07:37 . 2009-01-18 07:37 <DIR> d-------- c:\program files\Common Files\Software Update Utility 2009-01-17 10:44 . 2009-01-17 11:00 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware 2009-01-17 10:44 . 2009-01-17 10:44 <DIR> d-------- c:\documents and settings\User\Application Data\Malwarebytes 2009-01-17 10:44 . 2009-01-17 10:44 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-01-17 10:44 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2009-01-17 10:44 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2009-01-15 16:42 . 2009-01-15 16:42 <DIR> d-------- c:\program files\SDHelper (Spybot - Search & Destroy) 2009-01-15 16:42 . 2009-01-15 16:42 <DIR> d-------- c:\program files\Misc. Support Library (Spybot - Search & Destroy) 2009-01-15 15:13 . 2009-01-15 15:13 <DIR> d-------- c:\program files\TeaTimer (Spybot - Search & Destroy) 2009-01-15 15:13 . 2009-01-15 15:13 <DIR> d-------- c:\program files\File Scanner Library (Spybot - Search & Destroy) . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-02-01 22:51 --------- d-----w c:\documents and settings\All Users\Application Data\McAfee 2009-02-01 22:49 --------- d-----w c:\program files\Common Files\AOL 2009-02-01 22:49 --------- d-----w c:\documents and settings\All Users\Application Data\AOL 2009-02-01 16:57 --------- d-----w c:\program files\Common Files\Adobe 2009-01-31 15:37 --------- d--h--w c:\program files\InstallShield Installation Information 2009-01-31 15:37 --------- d-----w c:\program files\Pure Networks 2009-01-31 15:31 --------- d-----w c:\program files\Common Files\Real 2009-01-31 15:29 --------- d-----w c:\program files\NewTech Infosystems 2009-01-31 15:26 --------- d-----w c:\program files\Microsoft Picture It! PhotoPub 2009-01-31 15:22 --------- d-----w c:\program files\Kodak 2009-01-31 15:21 --------- d-----w c:\program files\Hewlett-Packard 2009-01-18 12:37 --------- d-----w c:\program files\AOL Toolbar 2009-01-15 03:18 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2008-12-21 19:23 --------- d-----w c:\program files\Google 2008-12-11 11:57 333,184 ----a-w c:\windows\system32\drivers\srv.sys 2009-01-14 01:38 67,688 ----a-w c:\program files\mozilla firefox\components\jar50.dll 2009-01-14 01:38 54,368 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll 2009-01-14 01:38 34,944 ----a-w c:\program files\mozilla firefox\components\myspell.dll 2009-01-14 01:38 46,712 ----a-w c:\program files\mozilla firefox\components\spellchk.dll 2009-01-14 01:38 172,136 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll . ((((((((((((((((((((((((((((( snapshot@2009-02-01_18.12.09.10 ))))))))))))))))))))))))))))))))))))))))) . - 2005-10-20 12:02:28 163,328 ----a-w c:\windows\ERDNT\Hiv-backup\ERDNT.EXE + 2005-10-21 01:02:28 163,328 ----a-w c:\windows\ERDNT\Hiv-backup\ERDNT.EXE - 2000-08-31 13:00:00 286,720 ----a-w c:\windows\SWREG.exe + 2000-08-31 13:00:00 161,792 ----a-w c:\windows\SWREG.exe + 2009-02-02 20:20:54 144,792 ----a-w c:\windows\system32\java.exe + 2009-02-02 20:20:54 144,792 ----a-w c:\windows\system32\javaw.exe + 2009-02-02 20:20:54 148,888 ----a-w c:\windows\system32\javaws.exe + 2008-10-05 03:24:02 3,695,008 ----a-w c:\windows\system32\Macromed\Flash\NPSWF32.dll + 2008-10-05 03:24:04 235,936 ----a-w c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe + 2009-02-03 12:19:08 84,661 ----a-w c:\windows\system32\Macromed\Flash\uninstall_plugin.exe + 2009-02-05 20:54:18 16,384 ----atw c:\windows\temp\Perflib_Perfdata_624.dat + 2009-02-05 20:54:18 16,384 ----atw c:\windows\temp\Perflib_Perfdata_6bc.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-06-01 94208] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288] "AOL Fast Start"="c:\program files\AOL 9.1\AOL.EXE" [2007-10-27 50528] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WorksFUD"="c:\program files\Microsoft Works\wkfud.exe" [2000-08-08 24576] "Microsoft Works Portfolio"="c:\program files\Microsoft Works\WksSb.exe" [2000-08-08 311350] "HostManager"="c:\program files\Common Files\AOL\1127779177\ee\AOLSoftware.exe" [2008-06-24 41824] "EPSON Stylus Photo R220 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIAIA.EXE" [2005-03-09 98304] "AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe" [2006-10-23 71216] "FastTVSync"="c:\program files\Common Files\InterVideo\FastTVSync\FastTVSync.exe" [2003-06-04 241664] "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648] "igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208] "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824] "igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688] "PinnacleDriverCheck"="c:\windows\system32\\PSDrvCheck.exe" [2004-03-10 406016] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-03-30 267048] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696] "avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-02 136600] c:\documents and settings\User\Start Menu\Programs\Startup\ AOL OpenRide.lnk - c:\program files\Common Files\AOL\Launch\aollaunch.exe [2008-06-24 41824] c:\documents and settings\All Users\Start Menu\Programs\Startup\ hp psc 1000 series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-04-06 147456] InterVideo Scheduler server.lnk - c:\program files\InterVideo\WinDVD4PR\SchSvr.exe [2004-11-13 135168] Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-08-08 65588] Microsoft Works Calendar Reminders.lnk - c:\program files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe [2000-08-08 24633] Norton Internet Security.lnk - c:\documents and settings\User\My Documents\iTunesSetup.exe [2007-08-19 19979192] Run Registration Tool.lnk - c:\program files\WiFiConnector\NintendoWFCReg.exe [2007-11-20 1175552] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.3IV2"= 3ivxVfWCodec_dec.dll "VIDC.MJPG"= Pvmjpg30.dll "VIDC.PIM1"= pclepim1.dll "aux2"= wdmaud.sys [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"= "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"= "c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"= "c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"= "c:\\Program Files\\Common Files\\AOL\\1127779177\\ee\\AOLServiceHost.exe"= "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"= "c:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"= "c:\\WINDOWS\\system32\\dpnsvr.exe"= "c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"= "c:\\Program Files\\Common Files\\AOL\\1127779177\\ee\\aolsoftware.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\3ivx\\3ivx D4 4.5.1 Decoder\\3ivxConfig.exe"= "c:\\Documents and Settings\\User\\My Documents\\iTunesSetup.exe"= "c:\\Program Files\\WiFiConnector\\NintendoWFCReg.exe"= "c:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe"= "c:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe"= "c:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"= "c:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe"= "c:\\Program Files\\AOL 9.0\\waol.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\AOL 9.1\\waol.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3587:TCP"= 3587:TCP:Windows Peer-to-Peer Grouping "3540:UDP"= 3540:UDP:Peer Name Resolution Protocol (PNRP) "3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings] "AllowInboundEchoRequest"= 1 (0x1) S3 AKDWC20ET;Creation Station;c:\windows\system32\Drivers\csvid.sys --> c:\windows\system32\Drivers\csvid.sys [?] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc . Contents of the 'Scheduled Tasks' folder 2009-02-01 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57] 2005-02-13 c:\windows\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1100110607.job - c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-06 00:52] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.aol.com/?src=toolbar uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 uInternet Settings,ProxyOverride = 127.0.0.1 uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/su/*http://www.yahoo.com IE: &AOL Toolbar Search - c:\documents and settings\All Users\Application Data\AOL\ieToolbar\resources\en-US\local\search.html IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Download All by FlashGet - c:\progra~1\FlashGet\jc_all.htm IE: Download using FlashGet - c:\progra~1\FlashGet\jc_link.htm Trusted Zone: aol.com\free DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\vqos985a.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.aol.com/aolcom/search?invocationType=tbff50ie7&query= FF - prefs.js: browser.search.selectedEngine - AOL Search FF - prefs.js: browser.startup.homepage - hxxp://www.aol.com?src=toolbar FF - prefs.js: keyword.URL - hxxp://search.aol.com/aolcom/search?invocationType=tbff50ab&query= FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-02-05 15:55:40 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(3888) c:\program files\Common Files\AOL\ACS\WLHook.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe c:\program files\Common Files\AOL\ACS\AOLacsd.exe c:\program files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe c:\program files\Java\jre6\bin\jqs.exe c:\windows\system32\tcpsvcs.exe c:\windows\system32\snmp.exe c:\windows\wanmpsvc.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\program files\Common Files\AOL\Loader\aolload.exe c:\program files\iPod\bin\iPodService.exe c:\program files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe c:\program files\Common Files\AOL\Loader\aolload.exe c:\windows\system32\msiexec.exe c:\program files\Hewlett-Packard\Digital Imaging\bin\hposts08.exe c:\windows\system32\wscntfy.exe c:\program files\AOL 9.1\waol.exe c:\program files\AOL 9.1\waol.exe . ************************************************************************** . Completion time: 2009-02-05 16:02:08 - machine was rebooted [user] ComboFix-quarantined-files.txt 2009-02-05 21:02:01 ComboFix2.txt 2009-02-01 23:15:54 Pre-Run: 12,479,668,224 bytes free Post-Run: 12,594,741,248 bytes free 214 --- E O F --- 2009-01-14 05:04:22 Strange, It seems that netscape is not listed in the add/remove programs and yet there are files of it on my system.

I don't really use netscape so I think I will uninstall it before following your instructions in a few hours. (Leaving out the last part of them.)

Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 5:22:54 PM, on 2/4/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Microsoft Works\WksSb.exe C:\Program Files\Common Files\AOL\1127779177\ee\AOLSoftware.exe C:\Program Files\Common Files\AOL\ACS\AOLDial.exe C:\Program Files\Common Files\InterVideo\FastTVSync\FastTVSync.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe C:\Program Files\InterVideo\WinDVD4PR\SchSvr.exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe C:\Program Files\WiFiConnector\NintendoWFCReg.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\System32\tcpsvcs.exe C:\WINDOWS\System32\snmp.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\wanmpsvc.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\msiexec.exe C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe C:\Program Files\Common Files\AOL\1127779177\ee\aolsoftware.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) N2 - Netscape 6: # Mozilla User Preferences // This is a generated file! user_pref("aim.session.firsttime", false); user_pref("browser.download.dir", "C:\\Documents and Settings\\User\\Desktop"); user_pref("browser.history.last_page_visited", "http://search.netscape.com/search/browserup"); user_pref("browser.search.defaultengine", "http://www.google.com/"); user_pref("browser.startup.homepage_override.mstone", "rv:0.9.4"); user_pref("intl.charsetmenu.browser.cache", "UTF-8"); user_pref("prefs.converted-to-utf8", true); user_pref("timebomb.first_launch_time", "1183771706734000"); user_pref("browser.helperApps.neverAsk.openFile", "application%2Fx-java-jnlp-file"); (C:\Documents and Settings\USER\Application Data\Mozilla\Profiles\default\e87wmdun.slt\prefs.js) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: AOL Toolbar Loader - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL Toolbar\aoltb.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL Toolbar\aoltb.dll O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1127779177\ee\AOLSoftware.exe O4 - HKLM\..\Run: [EPSON Stylus Photo R220 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIA.EXE /P30 "EPSON Stylus Photo R220 Series" /O6 "USB002" /M "Stylus Photo R220" O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe O4 - HKLM\..\Run: [FastTVSync] "C:\Program Files\Common Files\InterVideo\FastTVSync\FastTVSync.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\\PSDrvCheck.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - Startup: AOL OpenRide.lnk = C:\Program Files\Common Files\AOL\Launch\aollaunch.exe O4 - Global Startup: hp psc 1000 series.lnk = ? O4 - Global Startup: InterVideo Scheduler server.lnk = C:\Program Files\InterVideo\WinDVD4PR\SchSvr.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ? O4 - Global Startup: Norton Internet Security.lnk = C:\Documents and Settings\User\My Documents\iTunesSetup.exe O4 - Global Startup: Run Registration Tool.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe O8 - Extra context menu item: &AOL Toolbar Search - C:\Documents and Settings\All Users\Application Data\AOL\ieToolbar\resources\en-US\local\search.html O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O8 - Extra context menu item: Download All by FlashGet - C:\PROGRA~1\FlashGet\jc_all.htm O8 - Extra context menu item: Download using FlashGet - C:\PROGRA~1\FlashGet\jc_link.htm O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {315B0BFB-2BD4-481B-80A3-A9B80727C61B} (WebIQ Engine Application Object) - http://webiq005.webiqonline.com/WebIQ/Data...6-6D5536C585C9} O16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} (AOL Content Update) - http://esupport.aol.com/help/acp2/engine/aolcoach_core_1.cab O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1099927148234 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1136256744125 O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - file://C:\TempEI4\EI40_\msxml4.cab O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD5/JSCDL/jre...ows-i586-jc.cab O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe -- End of file - 11127 bytes

Malwarebytes didn't detect anything for some reason Don't know if that was supposed to happen. HJT log coming up after the restart. Malwarebytes' Anti-Malware 1.33 Database version: 1728 Windows 5.1.2600 Service Pack 2 2/4/2009 5:12:45 PM mbam-log-2009-02-04 (17-12-45).txt Scan type: Quick Scan Objects scanned: 55825 Time elapsed: 5 minute(s), 0 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)

REGLOOKS logfile version 0.977 Wed 02/04/2009 16:37:18.51 running from: "C:\Documents and Settings\User\Desktop" --- SSODL regkeys --- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad "UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}" FILE ="C:\\WINDOWS\\system32\\upnpui.dll" --- STS regkeys --- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler only standard or legit regkeys found --- USERINIT regkey --- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon "Userinit"="C:\\WINDOWS\\system32\\userinit.exe," --- SHELL regkey --- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell"="Explorer.exe" --- SYSTEM regkey --- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon "System"="" --- APPINIT_DLLS regkey --- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows "AppInit_DLLs"="" --- NOTIFY regkeys --- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify "igfxcui" "DLLName"="igfxdev.dll" --- BOOTEXECUTE regkey --- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager BootExecute= autocheck autochk *\0\0 --- PENDINGFILERENAMEOPERATIONS regkey --- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager Pendingfilerenameoperations= \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\aecore.dll.tmp\0\0\??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\aepack.dll.tmp\0\0\??\C:\DOCUME~1\User\LOCALS~1\Temp\~nsu.tmp\Au_.exe\0\0\0 --- SHELLEXECUTEHOOKS regkey --- HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"="" --- HKLM\Run regkeys --- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "WorksFUD"="C:\\Program Files\\Microsoft Works\\wkfud.exe" "Microsoft Works Portfolio"="C:\\Program Files\\Microsoft Works\\WksSb.exe /AllUsers" "HostManager"="C:\\Program Files\\Common Files\\AOL\\1127779177\\ee\\AOLSoftware.exe" "EPSON Stylus Photo R220 Series"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_FATIAIA.EXE /P30 \"EPSON Stylus Photo R220 Series\" /O6 \"USB002\" /M \"Stylus Photo R220\"" "AOLDialer"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe" "FastTVSync"="\"C:\\Program Files\\Common Files\\InterVideo\\FastTVSync\\FastTVSync.exe\"" "NeroFilterCheck"="C:\\Program Files\\Common Files\\Ahead\\Lib\\NeroCheck.exe" "igfxtray"="C:\\WINDOWS\\system32\\igfxtray.exe" "igfxhkcmd"="C:\\WINDOWS\\system32\\hkcmd.exe" "igfxpers"="C:\\WINDOWS\\system32\\igfxpers.exe" "PinnacleDriverCheck"="C:\\WINDOWS\\system32\\\\PSDrvCheck.exe" "iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\"" "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime" "avgnt"="\"C:\\Program Files\\Avira\\AntiVir PersonalEdition Classic\\avgnt.exe\" /min" "Adobe Reader Speed Launcher"="\"C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\Reader_sl.exe\"" "SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre6\\bin\\jusched.exe\"" [Run\OptionalComponents] @="" [Run\OptionalComponents\IMAIL] "Installed"="1" @="" [Run\OptionalComponents\MAPI] "NoChange"="1" "Installed"="1" @="" [Run\OptionalComponents\MSFS] "Installed"="1" @="" --- HKLM\RunOnce regkeys --- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce no HKLM RunOnce keys found --- HKLM\RunOnceEx regkeys --- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx no HKLM RunOnceEx keys found --- HKLM\RunServices regkeys --- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices no HKLM RunServices keys found --- HKLM\RunServicesOnce regkeys --- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce no HKLM RunServicesOnce keys found --- HKCU\Run regkeys --- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background" "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe" "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Program Files\\Common Files\\Ahead\\Lib\\NMBgMonitor.exe\"" "AOL Fast Start"="\"C:\\Program Files\\AOL 9.1\\AOL.EXE\" -b" "WMPNSCFG"="C:\\Program Files\\Windows Media Player\\WMPNSCFG.exe" --- HKCU\RunOnce regkeys --- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce "FlashPlayerUpdate"="C:\\Program Files\\Mozilla Firefox\\plugins\\NPSWF32_FlashUtil.exe -p" --- HKCU\RunOnceEx regkeys --- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx no HKCU RunOnceEx keys found --- HKCU\RunServices regkeys --- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices no HKCU RunServices keys found --- HKCU\RunServicesOnce regkeys --- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce no HKCU RunServicesOnce keys found --- HKU\.DEFAULT\Run regkeys - Default user --- HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run no HKU\.DEFAULT\Run keys found --- HKU\S-1-5-18\Run regkeys - user SYSTEM --- HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run no HKU\S-1-5-18\Run keys found --- HKU\S-1-5-19\Run regkeys - User Lokale service --- HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run regkey does not exist --- HKU\S-1-5-20\Run regkeys - User Netwerkservice --- HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run regkey does not exist --- HKLM\Explorer\Run regkeys --- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run no HKLM Explorer\Run keys found --- HKCU\Explorer\Run regkeys --- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run no HKCU Explorer\Run keys found --- Image File Execution regkeys --- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options no debuggers found --- BROWSER HELPER OBJECTS regkeys --- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects "{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}" regkey not found (ERROR) "{53707962-6F74-2D53-2644-206D7942484F}" FILE ="C:\\PROGRA~1\\SPYBOT~1\\SDHelper.dll" "{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}" FILE ="C:\\Program Files\\Java\\jre6\\bin\\ssv.dll" "{7C554162-8CB7-45A4-B8F4-8EA1C75885F9}" FILE ="C:\\Program Files\\AOL Toolbar\\aoltb.dll" "{DBC80044-A445-435b-BC74-9C25C1C588A9}" FILE ="C:\\Program Files\\Java\\jre6\\bin\\jp2ssv.dll" "{E7E6F031-17CE-4C07-BC86-EABFE594F69C}" FILE ="C:\\Program Files\\Java\\jre6\\lib\\deploy\\jqs\\ie\\jqs_plugin.dll" --- TOOLBAR regkeys --- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar "{DE9C389F-3316-41A7-809B-AA305ED9D922}" FILE ="C:\\Program Files\\AOL Toolbar\\aoltb.dll" --- URLSEARCHHOOKS regkeys --- HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks "{EF99BD32-C1FB-11D2-892F-0090271D4F88}"="" FILE NOT FOUND --- CONTEXTMENUHANDLERS regkeys --- HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers "Offline Files" CLSID ={750fdf0e-2a26-11d1-a3ea-080036587f03} FILE =%SystemRoot%\System32\cscui.dll "Open With" CLSID ={09799AFB-AD67-11d1-ABCD-00C04FC30936} FILE =%SystemRoot%\system32\SHELL32.dll "Open With EncryptionMenu" CLSID ={A470F8CF-A1E8-4f65-8335-227475AA5C46} FILE =%SystemRoot%\system32\SHELL32.dll "Shell Extension for Malware scanning" CLSID ={45AC2688-0253-4ED8-97DE-B5370FA7D48A} FILE ="C:\\Program Files\\Avira\\AntiVir PersonalEdition Classic\\shlext.dll" "{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}" Start Menu Pin FILE =%SystemRoot%\system32\SHELL32.dll HKEY_CLASSES_ROOT\Directory\shellex\ContextMenuHandlers "EncryptionMenu" CLSID ={A470F8CF-A1E8-4f65-8335-227475AA5C46} FILE =%SystemRoot%\system32\SHELL32.dll "Offline Files" CLSID ={750fdf0e-2a26-11d1-a3ea-080036587f03} FILE =%SystemRoot%\System32\cscui.dll "Sharing" CLSID ={f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} FILE ="ntshrui.dll" HKEY_CLASSES_ROOT\Folder\shellex\ContextMenuHandlers "MBAMShlExt" CLSID ={57CE581A-0CB6-4266-9CA0-19364C90A0B3} FILE ="C:\\Program Files\\Malwarebytes' Anti-Malware\\mbamext.dll" "Shell Extension for Malware scanning" CLSID ={45AC2688-0253-4ED8-97DE-B5370FA7D48A} FILE ="C:\\Program Files\\Avira\\AntiVir PersonalEdition Classic\\shlext.dll" --- ALTERNATESHELL regkey --- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot "AlternateShell"="cmd.exe" --- SAFEBOOT MINIMAL SERVICES --- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal no unknown services found --- SAFEBOOT NETWORK SERVICES --- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network no unknown services found --- SERVICES --- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\6to4 "DisplayName"="IPv6 Helper Service" %SystemRoot%\system32\svchost.exe -k netsvcs HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\aeaudio system32\drivers\aeaudio.sys HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AKDWC20ET "DisplayName"="Creation Station" System32\Drivers\csvid.sys HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AOL ACS "DisplayName"="AOL Connectivity Service" "C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe" HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AOL TopSpeedMonitor "DisplayName"="AOL TopSpeed Monitor" C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Class no imagepath value found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Intels51 "DisplayName"="Intel® 536EP Modem" System32\DRIVERS\Intels51.sys HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\JavaQuickStarterService "DisplayName"="Java Quick Starter" "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf" HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MidiSyn "DisplayName"="MidiSyn" system32\drivers\MidiSyn.sys HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\p2pgasvc "DisplayName"="Peer Networking Group Authentication" %SystemRoot%\System32\svchost.exe -k p2psvc HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PinnacleMarvinUsb no imagepath value found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RT25USBAP "DisplayName"="Nintendo Wi-Fi USB Connector Service" system32\DRIVERS\rt25usbap.sys HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sf "DisplayName"="SFI Service" system32\drivers\sf.sys HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SimpTcp "DisplayName"="Simple TCP/IP Services" %SystemRoot%\System32\tcpsvcs.exe HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\swwd no imagepath value found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\VXD no imagepath value found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wanatw "DisplayName"="WAN Miniport (ATW)" system32\DRIVERS\wanatw4.sys HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WANMiniportService "DisplayName"="WAN Miniport (ATW) Service" "C:\WINDOWS\wanmpsvc.exe" HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WISTechVIDCAP "DisplayName"="Dazzle DVC170" system32\drivers\wisgostrm.sys HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{11D9D154-7133-4B22-BE50-D512091F7261} no imagepath value found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{5B5FF29C-30B4-4842-8FC7-D006E95B0FF2} no imagepath value found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{6080A529-897E-4629-A488-ABA0C29B635E} "DisplayName"="Intel® Graphics Platform (SoftBIOS) Driver" system32\drivers\ialmsbw.sys HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{7F640170-A0D3-4C42-A673-CB0F9929BD73} no imagepath value found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{CF0F5A33-0643-4100-A30A-05BE6BABE5A2} no imagepath value found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{D0A76349-B682-434A-AE61-E04E2E6B5EF5} no imagepath value found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{D31A0762-0CEB-444e-ACFF-B049A1F6FE91} "DisplayName"="Intel® Graphics Chipset (KCH) Driver" system32\drivers\ialmkchw.sys --- SECURITYPROVIDERS regkey --- HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll" --- SVCHOST regkey --- HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost LocalService: Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService: DnsCache\0\0 netsvcs: 6to4\0AppMgmt\0AudioSrv\0Browser\0CryptSvc\0DMServer\0DHCP\0ERSvc\0EventSystem\0FastUserSwitchingCompatibility\0HidServ\0Ias\0Iprip\0Irmon\0LanmanServer\0LanmanWorkstation\0Messenger\0Netman\0Nla\0Ntmssvc\0NWCWorkstation\0Nwsapagent\0Rasauto\0Rasman\0Remoteaccess\0Schedule\0Seclogon\0SENS\0Sharedaccess\0SRService\0Tapisrv\0Themes\0TrkWks\0W32Time\0WZCSVC\0Wmi\0WmdmPmSp\0winmgmt\0TermService\0wuauserv\0BITS\0ShellHWDetection\0helpsvc\0xmlprov\0wscsvc\0WmdmPmSN\0\0 rpcss: RpcSs\0\0 imgsvc: StiSvc\0\0 termsvcs: TermService\0\0 HTTPFilter: HTTPFilter\0\0 DcomLaunch: DcomLaunch\0TermService\0\0 p2psvc: p2psvc\0p2pimsvc\0p2pgasvc\0PNRPSvc\0\0 WudfServiceGroup: WUDFSvc\0\0 --- WOW-CMDLINE regkeys --- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WOW "cmdline" = %SystemRoot%\system32\ntvdm.exe "wowcmdline" = %SystemRoot%\system32\ntvdm.exe -a %SystemRoot%\system32\krnl386 --- DNS SERVER regkeys --- no "NameServer" values found --- STARTUP FOLDERS --- C:\Documents and Settings\User\Start Menu\Programs\Startup\AOL OpenRide.lnk C:\Documents and Settings\User\Start Menu\Programs\Startup\desktop.ini C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hp psc 1000 series.lnk C:\Documents and Settings\All Users\Start Menu\Programs\Startup\InterVideo Scheduler server.lnk C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Works Calendar Reminders.lnk C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Norton Internet Security.lnk C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Run Registration Tool.lnk --- TASK SCHEDULER JOBS --- C:\WINDOWS\tasks\AppleSoftwareUpdate.job C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1100110607.job --- File associations --- .BAT files: ("%1" %*) .COM files: ("%1" %*) .EXE files: ("%1" %*) .HLP files: (%SystemRoot%\System32\winhlp32.exe %1) .INF files: (%SystemRoot%\System32\NOTEPAD.EXE %1) .INI files: (%SystemRoot%\System32\NOTEPAD.EXE %1) .JS files: (%SystemRoot%\System32\WScript.exe "%1" %*) .PIF files: ("%1" %*) .REG files: (regedit.exe "%1") .SCR files: ("%1" /S) .TXT files: (%SystemRoot%\system32\NOTEPAD.EXE %1) .VBS files: (%SystemRoot%\System32\WScript.exe "%1" %*) FINISHED Oh, and I re-installed java if your wondering.

Sorry this took so long Malwarebytes' Anti-Malware 1.33 Database version: 1721 Windows 5.1.2600 Service Pack 2 2/3/2009 4:08:47 PM mbam-log-2009-02-03 (16-08-47).txt Scan type: Full Scan (C:\|) Objects scanned: 127350 Time elapsed: 53 minute(s), 41 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Avira does detect threats every onece and a while (one time during malwarebytes' full scan). Dont know if they are false positives or real threats though. Can you tell me how to submit avira detections to malwarebytes'.

Oops. Forgot javara JavaRa 1.13 Removal Log. Report follows after line. ------------------------------------ The JavaRa removal process was started on Sun Feb 01 12:29:39 2009 Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\JavaPlugin.150_10 Found and removed: SOFTWARE\Classes\JavaWebStart.isInstalled.1.5.0.0 Found and removed: Software\Classes\JavaPlugin.160_01 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_03\ ------------------------------------ Finished reporting.

Ok, here are the results ComboFix 09-02-01.01 - User 2009-02-01 18:02:34.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1263.798 [GMT -5:00] Running from: c:\documents and settings\User\Desktop\ComboFix.exe AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated) * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_IPRIP ((((((((((((((((((((((((( Files Created from 2009-01-01 to 2009-02-01 ))))))))))))))))))))))))))))))) . 2009-01-31 17:30 . 2009-01-31 17:30 <DIR> d-------- c:\program files\Avira 2009-01-31 17:30 . 2009-01-31 17:30 <DIR> d-------- c:\documents and settings\All Users\Application Data\Avira 2009-01-31 11:59 . 2009-01-31 11:59 <DIR> d-------- c:\program files\Trend Micro 2009-01-18 07:37 . 2009-01-18 07:37 <DIR> d-------- c:\program files\Common Files\Software Update Utility 2009-01-17 10:44 . 2009-01-17 11:00 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware 2009-01-17 10:44 . 2009-01-17 10:44 <DIR> d-------- c:\documents and settings\User\Application Data\Malwarebytes 2009-01-17 10:44 . 2009-01-17 10:44 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-01-17 10:44 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2009-01-17 10:44 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2009-01-15 16:42 . 2009-01-15 16:42 <DIR> d-------- c:\program files\SDHelper (Spybot - Search & Destroy) 2009-01-15 16:42 . 2009-01-15 16:42 <DIR> d-------- c:\program files\Misc. Support Library (Spybot - Search & Destroy) 2009-01-15 15:13 . 2009-01-15 15:13 <DIR> d-------- c:\program files\TeaTimer (Spybot - Search & Destroy) 2009-01-15 15:13 . 2009-01-15 15:13 <DIR> d-------- c:\program files\File Scanner Library (Spybot - Search & Destroy) . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-02-01 22:51 --------- d-----w c:\documents and settings\All Users\Application Data\McAfee 2009-02-01 22:49 --------- d-----w c:\program files\Common Files\AOL 2009-02-01 22:49 --------- d-----w c:\documents and settings\All Users\Application Data\AOL 2009-02-01 16:57 --------- d-----w c:\program files\Common Files\Adobe 2009-01-31 15:37 --------- d--h--w c:\program files\InstallShield Installation Information 2009-01-31 15:37 --------- d-----w c:\program files\Pure Networks 2009-01-31 15:31 --------- d-----w c:\program files\Common Files\Real 2009-01-31 15:29 --------- d-----w c:\program files\NewTech Infosystems 2009-01-31 15:26 --------- d-----w c:\program files\Microsoft Picture It! PhotoPub 2009-01-31 15:22 --------- d-----w c:\program files\Kodak 2009-01-31 15:21 --------- d-----w c:\program files\Hewlett-Packard 2009-01-18 12:37 --------- d-----w c:\program files\AOL Toolbar 2009-01-15 03:18 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2008-12-21 19:23 --------- d-----w c:\program files\Google 2008-12-11 11:57 333,184 ----a-w c:\windows\system32\drivers\srv.sys 2009-01-14 01:38 67,688 ----a-w c:\program files\mozilla firefox\components\jar50.dll 2009-01-14 01:38 54,368 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll 2009-01-14 01:38 34,944 ----a-w c:\program files\mozilla firefox\components\myspell.dll 2009-01-14 01:38 46,712 ----a-w c:\program files\mozilla firefox\components\spellchk.dll 2009-01-14 01:38 172,136 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-06-01 94208] "AOL Fast Start"="c:\program files\AOL 9.1\AOL.EXE" [2007-10-27 50528] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WorksFUD"="c:\program files\Microsoft Works\wkfud.exe" [2000-08-08 24576] "Microsoft Works Portfolio"="c:\program files\Microsoft Works\WksSb.exe" [2000-08-08 311350] "HostManager"="c:\program files\Common Files\AOL\1127779177\ee\AOLSoftware.exe" [2008-06-24 41824] "EPSON Stylus Photo R220 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIAIA.EXE" [2005-03-09 98304] "AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe" [2006-10-23 71216] "FastTVSync"="c:\program files\Common Files\InterVideo\FastTVSync\FastTVSync.exe" [2003-06-04 241664] "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648] "igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208] "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824] "igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688] "PinnacleDriverCheck"="c:\windows\system32\\PSDrvCheck.exe" [2004-03-10 406016] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-03-30 267048] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696] "avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792] c:\documents and settings\User\Start Menu\Programs\Startup\ AOL OpenRide.lnk - c:\program files\Common Files\AOL\Launch\aollaunch.exe [2008-06-24 41824] c:\documents and settings\All Users\Start Menu\Programs\Startup\ hp psc 1000 series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-04-06 147456] InterVideo Scheduler server.lnk - c:\program files\InterVideo\WinDVD4PR\SchSvr.exe [2004-11-13 135168] Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-08-08 65588] Microsoft Works Calendar Reminders.lnk - c:\program files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe [2000-08-08 24633] Norton Internet Security.lnk - c:\documents and settings\User\My Documents\iTunesSetup.exe [2007-08-19 19979192] Run Registration Tool.lnk - c:\program files\WiFiConnector\NintendoWFCReg.exe [2007-11-20 1175552] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.3IV2"= 3ivxVfWCodec_dec.dll "VIDC.MJPG"= Pvmjpg30.dll "VIDC.PIM1"= pclepim1.dll "aux2"= wdmaud.sys [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"= "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"= "c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"= "c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"= "c:\\Program Files\\Common Files\\AOL\\1127779177\\ee\\AOLServiceHost.exe"= "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"= "c:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"= "c:\\WINDOWS\\system32\\dpnsvr.exe"= "c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"= "c:\\Program Files\\Common Files\\AOL\\1127779177\\ee\\aolsoftware.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\3ivx\\3ivx D4 4.5.1 Decoder\\3ivxConfig.exe"= "c:\\Documents and Settings\\User\\My Documents\\iTunesSetup.exe"= "c:\\Program Files\\WiFiConnector\\NintendoWFCReg.exe"= "c:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe"= "c:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe"= "c:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"= "c:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe"= "c:\\Program Files\\AOL 9.0\\waol.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\AOL 9.1\\waol.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3587:TCP"= 3587:TCP:Windows Peer-to-Peer Grouping "3540:UDP"= 3540:UDP:Peer Name Resolution Protocol (PNRP) "3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings] "AllowInboundEchoRequest"= 1 (0x1) S3 AKDWC20ET;Creation Station;c:\windows\system32\Drivers\csvid.sys --> c:\windows\system32\Drivers\csvid.sys [?] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc . Contents of the 'Scheduled Tasks' folder 2009-02-01 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57] 2005-02-13 c:\windows\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1100110607.job - c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-06 00:52] . - - - - ORPHANS REMOVED - - - - HKLM-Run-Microsoft Works Update Detection - c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe HKLM-Run-SoundMAXPnP - c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe HKLM-Run-IMONTRAY - c:\program files\Intel\Intel® Active Monitor\imontray.exe HKLM-Run-AOL Spyware Protection - c:\progra~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe HKLM-Run-PCLEUSBTip - c:\program files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe HKLM-Run-NWEReboot - (no file) . ------- Supplementary Scan ------- . uStart Page = hxxp://www.aol.com/?src=toolbar uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 uInternet Settings,ProxyOverride = 127.0.0.1 uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/su/*http://www.yahoo.com IE: &AOL Toolbar Search - c:\documents and settings\All Users\Application Data\AOL\ieToolbar\resources\en-US\local\search.html IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Download All by FlashGet - c:\progra~1\FlashGet\jc_all.htm IE: Download using FlashGet - c:\progra~1\FlashGet\jc_link.htm Trusted Zone: aol.com\free DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\vqos985a.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.aol.com/aolcom/search?invocationType=tbff50ie7&query= FF - prefs.js: browser.search.selectedEngine - AOL Search FF - prefs.js: browser.startup.homepage - hxxp://www.aol.com?src=toolbar FF - prefs.js: keyword.URL - hxxp://search.aol.com/aolcom/search?invocationType=tbff50ab&query= FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-02-01 18:07:24 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "cd042efbbd7f7af1647644e76e06692b"=hex:c8,28,51,af,b0,29,a3,98,a1,ce,19,66,2d, a3,e7,7b,e2,63,26,f1,3f,c8,ff,68,86,eb,ac,a7,c2,ff,d9,d7,e2,63,26,f1,3f,c8,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "bca643cdc5c2726b20d2ecedcc62c59b"=hex:71,3b,04,66,8b,46,0d,96,73,09,80,e1,90, 1e,68,1a,6a,9c,d6,61,af,45,84,18,3d,ff,b8,b3,98,28,57,03,6a,9c,d6,61,af,45,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "2c81e34222e8052573023a60d06dd016"=hex:25,da,ec,7e,55,20,c9,26,92,36,5d,25,9f, 10,60,16,ff,7c,85,e0,43,d4,0e,fe,8b,29,26,17,27,11,55,ac,ff,7c,85,e0,43,d4,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "2582ae41fb52324423be06337561aa48"=hex:86,8c,21,01,be,91,eb,e7,c4,ec,b9,a6,40, aa,70,59,86,8c,21,01,be,91,eb,e7,ad,c7,5d,0d,13,b0,4a,56,86,8c,21,01,be,91,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "caaeda5fd7a9ed7697d9686d4b818472"=hex:cd,44,cd,b9,a6,33,6c,cd,1b,53,35,a7,c8, af,90,37,f5,1d,4d,73,a8,13,5c,05,74,f4,94,d4,13,3d,f7,6b,f5,1d,4d,73,a8,13,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:df,20,58,62,78,6b,cf,c8,af,3b,cd,4a,34, f9,61,9b,df,20,58,62,78,6b,cf,c8,3a,12,23,13,45,98,20,d9,df,20,58,62,78,6b,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "4d370831d2c43cd13623e232fed27b7b"=hex:fb,a7,78,e6,12,2f,9a,ea,37,79,ad,a0,06, 53,da,f8,fb,a7,78,e6,12,2f,9a,ea,b5,a1,96,43,cd,d8,22,3e,fb,a7,78,e6,12,2f,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "1d68fe701cdea33e477eb204b76f993d"=hex:83,6c,56,8b,a0,85,96,ab,74,79,86,8d,ef, 9d,3a,da,01,3a,48,fc,e8,04,4a,f1,c8,91,7a,18,76,00,20,00,01,3a,48,fc,e8,04,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "1fac81b91d8e3c5aa4b0a51804d844a3"=hex:b2,46,9a,e2,1b,fe,1b,94,52,8c,35,4c,2d, 0c,9d,03,f6,0f,4e,58,98,5b,89,c9,44,82,7c,13,ad,ff,40,40,f6,0f,4e,58,98,5b,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "f5f62a6129303efb32fbe080bb27835b"=hex:3d,ce,ea,26,2d,45,aa,78,e4,9e,fd,1a,4f, 9b,47,e1,3d,ce,ea,26,2d,45,aa,78,bf,64,95,96,59,4d,3a,ba,3d,ce,ea,26,2d,45,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:2a,b7,cc,b5,b9,7f,41,e7,89,0c,6c,d5,a8, c5,9f,ea,2a,b7,cc,b5,b9,7f,41,e7,7a,8e,0c,d0,ec,7a,80,93,2a,b7,cc,b5,b9,7f,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "8a8aec57dd6508a385616fbc86791ec2"=hex:05,73,21,dd,54,d8,4a,c5,bf,24,f3,8f,77, e9,06,3a,6c,43,2d,1e,aa,22,2f,9c,f6,07,cb,cd,17,47,8b,b9,6c,43,2d,1e,aa,22,\ . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(3608) c:\program files\Common Files\AOL\ACS\WLHook.dll c:\program files\AOL Deskbar\deskbar.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe c:\program files\Common Files\AOL\ACS\AOLacsd.exe c:\program files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe c:\windows\system32\tcpsvcs.exe c:\windows\system32\snmp.exe c:\windows\wanmpsvc.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\program files\AOL 9.1\waol.exe c:\program files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe c:\program files\iPod\bin\iPodService.exe c:\windows\system32\msiexec.exe c:\program files\Hewlett-Packard\Digital Imaging\bin\hposts08.exe c:\program files\AOL 9.1\shellmon.exe . ************************************************************************** . Completion time: 2009-02-01 18:15:47 - machine was rebooted [user] ComboFix-quarantined-files.txt 2009-02-01 23:14:16 Pre-Run: 9,911,480,320 bytes free Post-Run: 10,118,426,624 bytes free WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn 269 --- E O F --- 2009-01-14 05:04:22 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 6:20:28 PM, on 2/1/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\tcpsvcs.exe C:\WINDOWS\System32\snmp.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\wanmpsvc.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Microsoft Works\WksSb.exe C:\Program Files\Common Files\AOL\1127779177\ee\AOLSoftware.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIA.EXE C:\Program Files\Common Files\InterVideo\FastTVSync\FastTVSync.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Program Files\AOL 9.1\waol.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe C:\Program Files\InterVideo\WinDVD4PR\SchSvr.exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe C:\Program Files\WiFiConnector\NintendoWFCReg.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe C:\Program Files\Common Files\AOL\1127779177\ee\aolsoftware.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\AOL 9.1\shellmon.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) N2 - Netscape 6: # Mozilla User Preferences // This is a generated file! user_pref("aim.session.firsttime", false); user_pref("browser.download.dir", "C:\\Documents and Settings\\User\\Desktop"); user_pref("browser.history.last_page_visited", "http://search.netscape.com/search/browserup"); user_pref("browser.search.defaultengine", "http://www.google.com/"); user_pref("browser.startup.homepage_override.mstone", "rv:0.9.4"); user_pref("intl.charsetmenu.browser.cache", "UTF-8"); user_pref("prefs.converted-to-utf8", true); user_pref("timebomb.first_launch_time", "1183771706734000"); user_pref("browser.helperApps.neverAsk.openFile", "application%2Fx-java-jnlp-file"); (C:\Documents and Settings\USER\Application Data\Mozilla\Profiles\default\e87wmdun.slt\prefs.js) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: AOL Toolbar Loader - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL Toolbar\aoltb.dll O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL Toolbar\aoltb.dll O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1127779177\ee\AOLSoftware.exe O4 - HKLM\..\Run: [EPSON Stylus Photo R220 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIA.EXE /P30 "EPSON Stylus Photo R220 Series" /O6 "USB002" /M "Stylus Photo R220" O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe O4 - HKLM\..\Run: [FastTVSync] "C:\Program Files\Common Files\InterVideo\FastTVSync\FastTVSync.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\\PSDrvCheck.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\AOL 9.1\AOL.EXE" -b O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - Startup: AOL OpenRide.lnk = C:\Program Files\Common Files\AOL\Launch\aollaunch.exe O4 - Global Startup: hp psc 1000 series.lnk = ? O4 - Global Startup: InterVideo Scheduler server.lnk = C:\Program Files\InterVideo\WinDVD4PR\SchSvr.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ? O4 - Global Startup: Norton Internet Security.lnk = C:\Documents and Settings\User\My Documents\iTunesSetup.exe O4 - Global Startup: Run Registration Tool.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe O8 - Extra context menu item: &AOL Toolbar Search - C:\Documents and Settings\All Users\Application Data\AOL\ieToolbar\resources\en-US\local\search.html O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O8 - Extra context menu item: Download All by FlashGet - C:\PROGRA~1\FlashGet\jc_all.htm O8 - Extra context menu item: Download using FlashGet - C:\PROGRA~1\FlashGet\jc_link.htm O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {315B0BFB-2BD4-481B-80A3-A9B80727C61B} (WebIQ Engine Application Object) - http://webiq005.webiqonline.com/WebIQ/Data...6-6D5536C585C9} O16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} (AOL Content Update) - http://esupport.aol.com/help/acp2/engine/aolcoach_core_1.cab O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1099927148234 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1136256744125 O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - file://C:\TempEI4\EI40_\msxml4.cab O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe -- End of file - 10246 bytes

Downloaded avira and it solved the problem. Here's the scan logfile for avira Avira AntiVir Personal Report file date: Saturday, January 31, 2009 17:38 Scanning for 1302306 virus strains and unwanted programs. Licensed to: Avira AntiVir PersonalEdition Classic Serial number: 0000149996-ADJIE-0001 Platform: Windows XP Windows version: (Service Pack 2) [5.1.2600] Boot mode: Normally booted Username: SYSTEM Computer name: USER-JYHXSUGSQJ Version information: BUILD.DAT : 8.2.0.337 16934 Bytes 11/18/2008 13:05:00 AVSCAN.EXE : 8.1.4.10 315649 Bytes 11/18/2008 14:21:26 AVSCAN.DLL : 8.1.4.0 40705 Bytes 5/26/2008 13:56:40 LUKE.DLL : 8.1.4.5 164097 Bytes 6/12/2008 18:44:19 LUKERES.DLL : 8.1.4.0 12033 Bytes 5/26/2008 13:58:52 ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 10/27/2008 17:30:36 ANTIVIR1.VDF : 7.1.1.113 2817536 Bytes 1/14/2009 22:34:50 ANTIVIR2.VDF : 7.1.1.207 1359360 Bytes 1/30/2009 22:34:59 ANTIVIR3.VDF : 7.1.1.208 2048 Bytes 1/30/2009 22:34:59 Engineversion : 8.2.0.70 AEVDF.DLL : 8.1.1.0 106868 Bytes 1/31/2009 22:35:18 AESCRIPT.DLL : 8.1.1.39 344443 Bytes 1/31/2009 22:35:16 AESCN.DLL : 8.1.1.6 127348 Bytes 1/31/2009 22:35:15 AERDL.DLL : 8.1.1.3 438645 Bytes 11/4/2008 19:58:38 AEPACK.DLL : 8.1.3.5 393588 Bytes 1/31/2009 22:35:14 AEOFFICE.DLL : 8.1.0.33 196987 Bytes 1/31/2009 22:35:12 AEHEUR.DLL : 8.1.0.89 1569143 Bytes 1/31/2009 22:35:11 AEHELP.DLL : 8.1.2.0 119159 Bytes 1/31/2009 22:35:06 AEGEN.DLL : 8.1.1.12 328053 Bytes 1/31/2009 22:35:03 AEEMU.DLL : 8.1.0.9 393588 Bytes 10/14/2008 16:05:56 AECORE.DLL : 8.1.6.3 176501 Bytes 1/31/2009 22:35:01 AEBB.DLL : 8.1.0.3 53618 Bytes 10/14/2008 16:05:56 AVWINLL.DLL : 1.0.0.12 15105 Bytes 7/9/2008 14:40:05 AVPREF.DLL : 8.0.2.0 38657 Bytes 5/16/2008 15:28:01 AVREP.DLL : 8.0.0.2 98344 Bytes 7/31/2008 18:02:15 AVREG.DLL : 8.0.0.1 33537 Bytes 5/9/2008 17:26:40 AVARKT.DLL : 1.0.0.23 307457 Bytes 2/12/2008 14:29:23 AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 6/12/2008 18:27:49 SQLITE3.DLL : 3.3.17.1 339968 Bytes 1/22/2008 23:28:02 SMTPLIB.DLL : 1.2.0.23 28929 Bytes 6/12/2008 18:49:40 NETNT.DLL : 8.0.0.1 7937 Bytes 1/25/2008 18:05:10 RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 6/12/2008 19:48:07 RCTEXT.DLL : 8.0.52.0 86273 Bytes 6/27/2008 19:34:37 Configuration settings for the scan: Jobname..........................: Complete system scan Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp Logging..........................: low Primary action...................: interactive Secondary action.................: ignore Scan master boot sector..........: on Scan boot sector.................: on Boot sectors.....................: C:, Process scan.....................: on Scan registry....................: on Search for rootkits..............: off Scan all files...................: Intelligent file selection Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Macro heuristic..................: on File heuristic...................: medium Start of the scan: Saturday, January 31, 2009 17:38 The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'avgnt.exe' - '1' Module(s) have been scanned Scan process 'rundll32.exe' - '1' Module(s) have been scanned Scan process 'avguard.exe' - '1' Module(s) have been scanned Scan process 'sched.exe' - '1' Module(s) have been scanned Scan process 'aolsoftware.exe' - '1' Module(s) have been scanned Scan process 'aoltpsd3.exe' - '1' Module(s) have been scanned Scan process 'AOLSP Scheduler.exe' - '1' Module(s) have been scanned Scan process 'MpfTray.exe' - '1' Module(s) have been scanned Scan process 'aolsoftware.exe' - '1' Module(s) have been scanned Scan process 'aolsoftware.exe' - '1' Module(s) have been scanned Scan process 'shellmon.exe' - '1' Module(s) have been scanned Scan process 'wuauclt.exe' - '1' Module(s) have been scanned Scan process 'waol.exe' - '1' Module(s) have been scanned Scan process 'cidaemon.exe' - '1' Module(s) have been scanned Scan process 'alg.exe' - '1' Module(s) have been scanned Scan process 'iPodService.exe' - '1' Module(s) have been scanned Scan process 'wmpnetwk.exe' - '1' Module(s) have been scanned Scan process 'wanmpsvc.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'snmp.exe' - '1' Module(s) have been scanned Scan process 'tcpsvcs.exe' - '1' Module(s) have been scanned Scan process 'MpfService.exe' - '1' Module(s) have been scanned Scan process 'McShield.exe' - '1' Module(s) have been scanned Scan process 'ITMRTSVC.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'cisvc.exe' - '1' Module(s) have been scanned Scan process 'aoltpspd.exe' - '1' Module(s) have been scanned Scan process 'aolavupd.exe' - '1' Module(s) have been scanned Scan process 'aoltsmon.exe' - '1' Module(s) have been scanned Scan process 'AOLacsd.exe' - '1' Module(s) have been scanned Scan process 'ctfmon.exe' - '1' Module(s) have been scanned Scan process 'spoolsv.exe' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 45 processes with 45 modules were scanned Starting master boot sector scan: Master boot sector HD0 [iNFO] No virus was found! Start scanning boot sectors: Boot sector 'C:\' [iNFO] No virus was found! Starting to scan the registry. The registry was scanned ( '75' files ). Starting the file scan: Begin scan in 'C:\' C:\pagefile.sys [WARNING] The file could not be opened! C:\Documents and Settings\All Users\Application Data\AOL Downloads\AOL_OpenRide_1.23.16.1\comps\acscore.exe [DETECTION] Is the TR/Agent.1436664 Trojan [NOTE] The file was moved to '49f7d3ee.qua'! End of the scan: Saturday, January 31, 2009 18:41 Used time: 1:02:23 Hour(s) The scan has been done completely. 9853 Scanning directories 280863 Files were scanned 1 viruses and/or unwanted programs were found 0 Files were classified as suspicious: 0 files were deleted 0 files were repaired 1 files were moved to quarantine 0 files were renamed 1 Files cannot be scanned 280861 Files not concerned 1490 Archives were scanned 1 Warnings 1 Notes Please notify me if I seem to be still infected.

Here is an image of what is happening.

Bump Still not solved. Getting redirected to un-related sites. Help

I am currently having problems using google on mozilla firefox. If I search a topic on google, I get strange website in green below the website description. (e.g. Searching google on Google.com gives me hxxp://whattoexpect.com/) It's only on the first page of the search results. Firefox is version 2.0.0.20. Malwarebytes' Anti-Malware 1.33 Database version: 1712 Windows 5.1.2600 Service Pack 2 1/31/2009 12:30:38 PM mbam-log-2009-01-31 (12-30-38).txt Scan type: Quick Scan Objects scanned: 66756 Time elapsed: 9 minute(s), 20 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:00:24 PM, on 1/31/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Microsoft Works\WksSb.exe C:\Program Files\Common Files\AOL\1127779177\ee\services\safetyCore\ver210_5_2_1\AOLSP Scheduler.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\Common Files\InterVideo\FastTVSync\FastTVSync.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe C:\Program Files\InterVideo\WinDVD4PR\SchSvr.exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe C:\Program Files\WiFiConnector\NintendoWFCReg.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe C:\Program Files\Common Files\AOL\1127779177\ee\services\safetyCore\ver210_5_2_1\aolavupd.exe C:\WINDOWS\system32\cisvc.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe C:\Program Files\Common Files\AOL\1127779177\ee\aolsoftware.exe C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe C:\Program Files\Common Files\AOL\1127779177\ee\AOLOpenRide.exe C:\Program Files\mcafee.com\personal firewall\MPFService.exe C:\PROGRA~1\mcafee.com\ANTIVI~1\OasClnt.exe C:\WINDOWS\System32\tcpsvcs.exe C:\WINDOWS\System32\snmp.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\wanmpsvc.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe C:\Program Files\mcafee.com\personal firewall\MpfTray.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Common Files\AOL\1127779177\ee\aolsoftware.exe C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe C:\WINDOWS\system32\cidaemon.exe C:\Program Files\AOL 9.1\waol.exe C:\Program Files\AOL 9.1\shellmon.exe C:\Program Files\Common Files\AOL\Topspeed\3.0\aoltpsd3.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 R3 - URLSearchHook: IAOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL Toolbar\aoltb.dll R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) N2 - Netscape 6: user_pref("browser.search.defaultengine", "http://www.google.com/"); (C:\Documents and Settings\USER\Application Data\Mozilla\Profiles\default\e87wmdun.slt\prefs.js) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: AOL Toolbar Loader - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL Toolbar\aoltb.dll O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL Toolbar\aoltb.dll O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1127779177\ee\AOLSoftware.exe O4 - HKLM\..\Run: [EPSON Stylus Photo R220 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIA.EXE /P30 "EPSON Stylus Photo R220 Series" /O6 "USB002" /M "Stylus Photo R220" O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe O4 - HKLM\..\Run: [AOLSPScheduler] C:\Program Files\Common Files\AOL\1127779177\ee\services\safetyCore\ver210_5_2_1\AOLSP Scheduler.exe O4 - HKLM\..\Run: [sscRun] C:\Program Files\Common Files\AOL\1127779177\ee\SSCRun.exe O4 - HKLM\..\Run: [MPFExe] C:\Program Files\mcafee.com\personal firewall\MPfTray.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe O4 - HKLM\..\Run: [soundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray O4 - HKLM\..\Run: [iMONTRAY] C:\Program Files\Intel\Intel® Active Monitor\imontray.exe O4 - HKLM\..\Run: [FastTVSync] "C:\Program Files\Common Files\InterVideo\FastTVSync\FastTVSync.exe" O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [PCLEUSBTip] C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\\PSDrvCheck.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\AOL 9.1\AOL.EXE" -b O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - Startup: AOL OpenRide.lnk = C:\Program Files\Common Files\AOL\Launch\aollaunch.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: hp psc 1000 series.lnk = ? O4 - Global Startup: InterVideo Scheduler server.lnk = C:\Program Files\InterVideo\WinDVD4PR\SchSvr.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ? O4 - Global Startup: Norton Internet Security.lnk = C:\Documents and Settings\User\My Documents\iTunesSetup.exe O4 - Global Startup: Run Registration Tool.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe O8 - Extra context menu item: &AOL Toolbar Search - C:\Documents and Settings\All Users\Application Data\AOL\ieToolbar\resources\en-US\local\search.html O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O8 - Extra context menu item: Download All by FlashGet - C:\PROGRA~1\FlashGet\jc_all.htm O8 - Extra context menu item: Download using FlashGet - C:\PROGRA~1\FlashGet\jc_link.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {315B0BFB-2BD4-481B-80A3-A9B80727C61B} (WebIQ Engine Application Object) - http://webiq005.webiqonline.com/WebIQ/Data...6-6D5536C585C9} O16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} (AOL Content Update) - http://esupport.aol.com/help/acp2/engine/aolcoach_core_1.cab O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1099927148234 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1136256744125 O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - file://C:\TempEI4\EI40_\msxml4.cab O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe O23 - Service: AOL Antivirus Update Service (aolavupd) - AOL LLC - C:\Program Files\Common Files\AOL\1127779177\ee\services\safetyCore\ver210_5_2_1\aolavupd.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe O23 - Service: McAfee McShield (McShield) - McAfee Inc. - C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\Program Files\mcafee.com\personal firewall\MPFService.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe -- End of file - 11970 bytes Please help.