deusex

Can I really get some help with this problem i'm having please?

9/17/2009 11:05:37 PM mbam-log-2009-09-17 (23-05-37).txt Scan type: Quick Scan Objects scanned: 114457 Time elapsed: 5 minute(s), 54 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\WINDOWS\temp\rdl305.tmp.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. This thing is tricky, if I connect and start surfing it attacks again.. so i'm confused. Bump~

Not sure what.. but i've ran both Mbam and Superantispyware both have removed items but i'm still not able to enter into safemode. Not to mention some items that Mbam removes reappear again after I reboot. Here is the Hijackthis log. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 9:25:58 PM, on 9/17/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\WINDOWS\Explorer.EXE C:\Program Files\AVG\AVG8\avgcsrvx.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\WINDOWS\SM1BG.EXE C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\system32\dla\tfswctrl.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Skype\Toolbars\Shared\SkypeNames.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.3.2.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [sM1BG] C:\WINDOWS\SM1BG.EXE O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [iPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [iMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Make A Voozie] "C:\Documents and Settings\All Users\Application Data\Make A Voozie\VoozieMaker.exe" /startup O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKCU\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKCU\..\Run: [iSUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKCU\..\Run: [AdobeUpdater] "C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\IGN\Download Manager\dlm.exe /windowsstart /startifwork O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [VeohPlugin] "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user') O4 - Startup: IMVU.lnk = ? O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_11.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_11.dll O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.3.3.2.dll/206 (file missing) O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Jeff\Start Menu\Programs\IMVU\Run IMVU.lnk O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/dow...llerControl.cab O16 - DPF: {02ECD07A-22D0-4AF0-BA0A-3F6B06086D08} (GamesCampus Control) - http://xiah.gamescampus.com/luncher/GamesCampus.cab O16 - DPF: {10093E98-C073-4C75-8D0E-FB5CD3A71D33} (ZoneUpwords Object) - http://messenger.zone.msn.com/binary/Upwords.cab57176.cab O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.9.113.cab O16 - DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} (System Requirements Lab Class) - http://srtest-cdn.systemrequirementslab.co...eqlabdetect.cab O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab O16 - DPF: {6824D897-F7E1-4E41-B84B-B1D3FA4BF1BD} (PCPitstop AntiVirus) - http://utilities.pcpitstop.com/Exterminate...opAntiVirus.dll O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://messenger.zone.msn.com/EN-US/a-LUXR/mjolauncher.cab O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab O16 - DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} (WoF Control) - http://www.worldwinner.com/games/v57/wof/wof.cab O16 - DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} (NeffyLauncherCtl Class) - http://dist.globalgamecdn.com/dist/neffy/NeffyLauncher.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {BA35B9B8-DE9E-47C9-AFA7-3C77E3DDFD39} (Monopoly Control) - http://www.worldwinner.com/games/v46/monopoly/monopoly.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {DB1009C9-9555-43D5-97A6-02A844332146} (WebLauncher Control) - http://203.188.237.103/activex/app/WebLauncher.cab O16 - DPF: {E2E799BB-0285-4F31-9AE9-F21B4430A775} (EngOrkaWebCtrl Class) - http://orka.gamengame.com/Game_Exe/EngOrkaWeb.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/optimize2/pcpitstop2.dll O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: cru629.dat c:\windows\system32\yukojuni.dll,lodivime.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe -- End of file - 13441 bytes Last log from Mbam Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: C:\WINDOWS\system32\lodivime.dll (Trojan.Vundo) -> Delete on reboot. Registry Keys Infected: (No malicious items detected) Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\derefiluj (Trojan.Vundo.H) -> Quarantined and deleted successfully. Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Folders Infected: (No malicious items detected) Files Infected: C:\WINDOWS\system32\lodivime.dll (Trojan.Vundo) -> Delete on reboot. Please any help would be more than welcome, thank you.

ComboFix 09-02-27.02 - Jeff 2009-02-28 5:18:06.3 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3070.2490 [GMT -5:00] Running from: c:\documents and settings\Jeff\Desktop\ComboFix.exe AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) * Created a new restore point . ((((((((((((((((((((((((( Files Created from 2009-01-28 to 2009-02-28 ))))))))))))))))))))))))))))))) . 2009-02-28 00:50 . 2009-02-28 00:50 <DIR> d-------- c:\windows\LastGood 2009-02-28 00:50 . 2009-02-28 00:50 <DIR> d-------- c:\program files\Panda Security 2009-02-28 00:50 . 2008-06-19 16:24 28,544 --a------ c:\windows\system32\drivers\pavboot.sys 2009-02-25 19:55 . 2009-02-25 19:55 <DIR> d-------- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com 2009-02-24 15:41 . 2009-01-09 14:19 1,089,593 -----c--- c:\windows\system32\dllcache\ntprint.cat 2009-02-23 23:17 . 2009-02-23 23:17 <DIR> d-------- c:\program files\Microsoft SQL Server Compact Edition 2009-02-23 23:07 . 2009-02-23 23:07 <DIR> d-------- c:\program files\Windows Installer Clean Up 2009-02-23 23:06 . 2009-02-24 02:14 <DIR> d-------- c:\program files\MSECACHE 2009-02-23 17:44 . 2009-02-23 17:44 <DIR> d-------- c:\program files\Sophos 2009-02-23 17:43 . 2009-02-23 17:43 <DIR> d----c--- c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800} 2009-02-23 16:30 . 2009-02-23 16:30 <DIR> d-------- c:\program files\Microsoft Windows OneCare Live 2009-02-23 06:51 . 2009-02-23 06:51 <DIR> d-------- c:\program files\IObit 2009-02-23 06:51 . 2009-02-23 06:51 <DIR> d-------- c:\documents and settings\Jeff\Application Data\IObit 2009-02-23 06:39 . 2008-04-13 19:12 1,033,728 --a------ c:\windows\system32\explorer_clean.exe 2009-02-23 04:15 . 2009-02-24 16:10 <DIR> d-------- c:\program files\SpyZooka 2009-02-23 02:56 . 2009-02-23 17:37 <DIR> d-------- c:\documents and settings\All Users\Application Data\Yahoo! Companion 2009-02-23 02:41 . 2009-02-23 17:32 <DIR> d-------- c:\documents and settings\Jeff\Tracing 2009-02-23 02:35 . 2009-02-23 02:35 <DIR> d-------- c:\program files\Windows Live SkyDrive 2009-02-23 02:35 . 2009-02-23 02:35 <DIR> d-------- c:\program files\Microsoft 2009-02-23 02:31 . 2009-02-23 02:31 <DIR> d-------- c:\program files\Common Files\Windows Live 2009-02-23 02:24 . 2009-02-25 23:58 <DIR> d-------- c:\program files\PCPitstop 2009-02-22 17:15 . 2009-02-26 00:54 113,635,328 --a------ c:\windows\MEMORY.DMP 2009-02-06 15:30 . 2009-02-06 15:30 <DIR> d-------- c:\documents and settings\All Users\Application Data\acccore 2009-02-06 15:24 . 2009-02-06 15:26 <DIR> d-------- c:\program files\AIM+ 2009-02-06 15:21 . 2009-02-07 14:20 <DIR> d-------- c:\program files\Trillian 2009-02-06 15:20 . 1997-04-08 20:03 248,176 --a------ c:\windows\UNINST16.EXE 2009-02-06 15:20 . 1995-07-13 18:43 26,768 --a------ c:\windows\system\CTL3D.DLL 2009-01-31 22:25 . 2009-01-31 22:25 50 --a------ c:\windows\MegaManager.INI 2009-01-28 15:31 . 2003-03-02 17:44 7,552 --a------ c:\windows\system32\drivers\enodpl.sys 2009-01-28 15:31 . 2003-04-19 00:32 4,736 --a------ c:\windows\system32\drivers\tandpl.sys 2009-01-28 15:25 . 2009-01-28 15:25 <DIR> d-------- c:\program files\Ubisoft . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-02-26 05:06 --------- d-----w c:\program files\SUPERAntiSpyware 2009-02-26 02:46 --------- d-----w c:\program files\Malwarebytes' Anti-Malware 2009-02-25 23:46 --------- d-----w c:\program files\LimeWire 2009-02-25 23:46 --------- d-----w c:\program files\Java 2009-02-25 23:41 --------- d-----w c:\program files\Image-Line 2009-02-25 23:40 --------- d-----w c:\program files\DNA 2009-02-25 23:39 --------- d-----w c:\program files\BitLord 2009-02-25 10:57 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-02-25 09:58 --------- d-----w c:\program files\Spybot - Search & Destroy 2009-02-25 08:04 --------- d-----w c:\program files\Windows Live 2009-02-24 04:16 --------- d-----w c:\documents and settings\All Users\Application Data\WLInstaller 2009-02-24 04:12 --------- dcsh--w c:\program files\Common Files\WindowsLiveInstaller 2009-02-23 21:06 --------- d-----r c:\documents and settings\Jeff\Application Data\yahoo! 2009-02-23 11:43 10,752 ----a-w c:\windows\system32\clb.dll 2009-02-23 09:14 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP 2009-02-23 07:56 --------- d-----w c:\program files\Yahoo! 2009-02-23 07:51 --------- d-----w c:\documents and settings\All Users\Application Data\yahoo! 2009-02-23 07:25 --------- d-----w c:\documents and settings\All Users\Application Data\PCPitstop 2009-02-23 00:19 --------- d-----w c:\program files\EA GAMES 2009-02-23 00:00 --------- d--h--w c:\program files\InstallShield Installation Information 2009-02-23 00:00 --------- d-----w c:\program files\Gravity 2009-02-11 15:19 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys 2009-02-11 15:19 15,504 ----a-w c:\windows\system32\drivers\mbam.sys 2009-02-10 10:44 --------- d-----w c:\program files\Perfect World Entertainment 2009-02-10 10:22 --------- d-----w c:\documents and settings\Jeff\Application Data\GetRightToGo 2009-02-06 20:33 --------- d-----w c:\program files\AIM6 2009-02-06 20:30 --------- d-----w c:\program files\Viewpoint 2009-02-06 20:30 --------- d-----w c:\documents and settings\All Users\Application Data\Viewpoint 2009-02-06 20:30 --------- d-----w c:\documents and settings\All Users\Application Data\AOL 2009-02-03 11:47 --------- d-----w c:\documents and settings\All Users\Application Data\nView_Profiles 2009-02-01 03:29 --------- d-----w c:\program files\DivX 2009-02-01 03:26 --------- d-----w c:\program files\Logitech 2009-02-01 03:24 --------- d-----w c:\program files\NCSoft 2009-02-01 03:24 --------- d-----w c:\documents and settings\All Users\Application Data\McAfee.com 2009-01-30 03:10 --------- d-----w c:\program files\Illusion 2009-01-29 21:02 --------- d-----w c:\documents and settings\All Users\Application Data\avg8 2009-01-29 21:01 325,128 ----a-w c:\windows\system32\drivers\avgldx86.sys 2009-01-29 21:01 107,272 ----a-w c:\windows\system32\drivers\avgtdix.sys 2009-01-29 21:01 10,520 ----a-w c:\windows\system32\avgrsstx.dll 2009-01-28 19:57 --------- d-----w c:\program files\Common Files\Symantec Shared 2009-01-28 19:56 --------- d-----w c:\program files\Real 2009-01-28 11:42 --------- d-----w c:\program files\UltraISO 2009-01-28 07:37 --------- d-----w c:\program files\TEATIME 2009-01-15 08:05 --------- d-----w c:\program files\ZD Soft 2009-01-12 23:42 410,984 ----a-w c:\windows\system32\deploytk.dll 2009-01-08 06:44 --------- d-----w c:\documents and settings\All Users\Application Data\EmailNotifier 2008-12-30 12:23 --------- d-----w c:\documents and settings\Jeff\Application Data\IGN_DLM 2008-12-25 05:03 348,160 ----a-w c:\windows\system32\msvcr71.dll 2008-12-25 05:03 339,968 ----a-w c:\windows\system32\pythoncom25.dll 2008-12-25 05:03 2,117,632 ----a-w c:\windows\system32\python25.dll 2008-12-25 05:03 114,688 ----a-w c:\windows\system32\pywintypes25.dll 2008-12-20 23:15 826,368 ----a-w c:\windows\system32\wininet.dll 2008-10-21 09:20 1,682 --sha-w c:\documents and settings\All Users\Application Data\KGyGaAvL.sys 2007-10-12 06:47 22,328 -c--a-w c:\documents and settings\Jeff\Application Data\PnkBstrK.sys 2003-08-27 19:19 36,963 -c--a-r c:\program files\Common Files\SM1updtr.dll 2002-05-06 05:08 92,662 -c--a-w c:\program files\epsxe.chm 2001-02-09 01:11 28,672 ----a-w c:\program files\burutter.dll . ((((((((((((((((((((((((((((( SnapShot@2009-02-26_ 4.35.27.82 ))))))))))))))))))))))))))))))))))))))))) . + 2008-06-30 15:39:58 128,256 ----a-w c:\windows\Downloaded Program Files\as2stubie.dll + 2009-02-28 05:47:20 16,384 ----atw c:\windows\temp\Perflib_Perfdata_29c.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-10 86960] "ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-09-10 218032] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-12-04 1809648] "AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2008-11-05 2356088] "Advanced SystemCare 3"="c:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2009-01-09 2262352] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088] "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928] "SM1BG"="c:\windows\SM1BG.EXE" [2003-08-27 94208] "IPHSend"="c:\program files\Common Files\AOL\IPHSend\IPHSend.exe" [2006-02-17 124520] "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2006-09-10 218032] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016] "dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-08-13 122939] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-01-29 1601304] "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-12 208952] "IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-12 44032] "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-12 455168] "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-12 455168] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-12 136600] "nwiz"="nwiz.exe" [2008-05-16 c:\windows\system32\nwiz.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Gamma Loader.exe.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-02-06 113664] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2008-12-03 14:56 352256 c:\program files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2009-01-29 16:01 10520 c:\windows\system32\avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.divxa32"= msaud32_divx.acm "vidc.ffds"= ffdshow.ax "msacm.ac3filter"= ac3filter.acm "VIDC.XFR1"= xfcodec.dll "VIDC.ZDSV"= scrvid.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FreeRAM XP] --a------ 2006-03-22 23:13 1591808 c:\program files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager] --a------ 2006-05-09 19:24 50760 c:\program files\Common Files\AOL\1139344842\ee\aolsoftware.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igndlm.exe] --a------ 2008-08-01 12:36 1103216 c:\program files\IGN\Download Manager\DLM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] --a------ 2008-09-10 16:40 289576 c:\program files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh] --a------ 2008-08-28 09:18 3660848 c:\program files\Veoh Networks\Veoh\VeohClient.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VeohPlugin] --a------ 2008-11-03 17:45 3522296 c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-10-08 325128] R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-10-08 107272] R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2008-12-04 8944] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2008-12-04 55024] R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-10-08 903960] R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-10-08 298264] R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2009-02-06 24652] R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2008-12-04 7408] R3 scrcap;scrcap;c:\windows\system32\drivers\scrcap.sys [2006-12-27 9006] R3 vidcap;vidcap;c:\windows\system32\drivers\vidcap.sys [2006-12-27 9006] S3 LCcfltr;Logitech USB Filter Driver;c:\windows\system32\drivers\LCcfltr.sys [2008-04-01 14156] S3 samhid;samhid;c:\windows\system32\drivers\samhid.sys --> c:\windows\system32\drivers\samhid.sys [?] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8d4fdf70-95a7-11da-98e6-f485cec330b6}] \Shell\AutoRun\command - setupSNK.exe . Contents of the 'Scheduled Tasks' folder 2009-02-24 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [] . . ------- Supplementary Scan ------- . uInternet Connection Wizard,ShellNext = iexplore uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab DPF: {6824D897-F7E1-4E41-B84B-B1D3FA4BF1BD} - hxxp://utilities.pcpitstop.com/Exterminate2/pcpitstopAntiVirus.dll DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} - hxxp://dist.globalgamecdn.com/dist/neffy/NeffyLauncher.cab DPF: {DB1009C9-9555-43D5-97A6-02A844332146} - hxxp://203.188.237.103/activex/app/WebLauncher.cab DPF: {E2E799BB-0285-4F31-9AE9-F21B4430A775} - hxxp://orka.gamengame.com/Game_Exe/EngOrkaWeb.cab DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} - hxxps://secure.gopetslive.com/dev/GoPetsWeb.cab FF - ProfilePath - c:\documents and settings\Jeff\Application Data\Mozilla\Firefox\Profiles\on1v973x.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p= FF - prefs.js: browser.search.selectedEngine - Yahoo FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/ FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p= FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll FF - plugin: c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll FF - plugin: c:\documents and settings\Jeff\Application Data\Mozilla\Firefox\Profiles\on1v973x.default\extensions\{5601B994-0E9B-4ce2-8AB9-AD1155F2ABBD}\plugins\NPNeffyPlugin.dll FF - plugin: c:\documents and settings\Jeff\Application Data\Mozilla\Firefox\Profiles\on1v973x.default\extensions\SolidStateION@solidstatenetworks.com\plugins\npssn.dll FF - plugin: c:\program files\IGN\Download Manager\npfpdlm.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npCID.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\NPHoldemFireLauncher.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMFireLauncher.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll FF - plugin: c:\program files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-02-28 05:20:18 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\illusion\J0c0q0D0

Hm, well it is looking pretty clean. No problems running this one. -------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7 REPORT Saturday, February 28, 2009 Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600) Kaspersky Online Scanner 7 version: 7.0.25.0 Program database last update: Saturday, February 28, 2009 05:54:58 Records in database: 1854402 -------------------------------------------------------------------------------- Scan settings: Scan using the following database: extended Scan archives: yes Scan mail databases: yes Scan area - My Computer: A:\ C:\ D:\ E:\ F:\ H:\ Scan statistics: Files scanned: 122845 Threat name: 0 Infected objects: 0 Suspicious objects: 0 Duration of the scan: 02:35:57 No malware has been detected. The scan area is clean. The selected area was scanned.

Made it to step 4. After I click on the Scan Now after the active x and such, it fails. ActiveScan 2.0 update: Update error Sorry, updating is incomplete due to an error. Please try again. I have tried several times but it does the same thing after I hit update. As for Step 5 my pc seems to be running perfectly at the moment. I have not seen any infection reports from avg and did another scan with mbam today and nothing came up.

All steps followed in order the logs shall be posted. ComboFix 09-02-26.02 - Jeff 2009-02-27 5:02:25.2 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3070.2575 [GMT -5:00] Running from: c:\documents and settings\Jeff\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Jeff\Desktop\CFscript.txt AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) * Created a new restore point FILE :: c:\documents and settings\All Users\Application Data\27654F369A.sys c:\windows\imsins.BAK c:\windows\system32\drivers\dceotgmw.sys c:\windows\system32\UACykrrtujr.db c:\windows\system32\XDva032.sys c:\windows\system32\XDva037.sys c:\windows\system32\XDva090.sys c:\windows\system32\XDva104.sys c:\windows\system32\XDva132.sys c:\windows\system32\XDva164.sys c:\windows\system32\XDva189.sys c:\windows\system32\XDva193.sys c:\windows\system32\XDva195.sys c:\windows\trdwoemr . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Application Data\27654F369A.sys c:\windows\imsins.BAK c:\windows\system32\UACykrrtujr.db c:\windows\trdwoemr . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_TRDWOEMR -------\Legacy_XDVA032 -------\Legacy_XDVA037 -------\Legacy_XDVA090 -------\Legacy_XDVA104 -------\Legacy_XDVA132 -------\Legacy_XDVA164 -------\Legacy_XDVA189 -------\Legacy_XDVA193 -------\Legacy_XDVA195 -------\Service_trdwoemr -------\Service_XDva032 -------\Service_XDva037 -------\Service_XDva090 -------\Service_XDva104 -------\Service_XDva132 -------\Service_XDva164 -------\Service_XDva189 -------\Service_XDva193 -------\Service_XDva195 ((((((((((((((((((((((((( Files Created from 2009-01-27 to 2009-02-27 ))))))))))))))))))))))))))))))) . 2009-02-25 19:55 . 2009-02-25 19:55 <DIR> d-------- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com 2009-02-24 15:41 . 2009-01-09 14:19 1,089,593 -----c--- c:\windows\system32\dllcache\ntprint.cat 2009-02-23 23:17 . 2009-02-23 23:17 <DIR> d-------- c:\program files\Microsoft SQL Server Compact Edition 2009-02-23 23:07 . 2009-02-23 23:07 <DIR> d-------- c:\program files\Windows Installer Clean Up 2009-02-23 23:06 . 2009-02-24 02:14 <DIR> d-------- c:\program files\MSECACHE 2009-02-23 17:44 . 2009-02-23 17:44 <DIR> d-------- c:\program files\Sophos 2009-02-23 17:43 . 2009-02-23 17:43 <DIR> d----c--- c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800} 2009-02-23 16:30 . 2009-02-23 16:30 <DIR> d-------- c:\program files\Microsoft Windows OneCare Live 2009-02-23 06:51 . 2009-02-23 06:51 <DIR> d-------- c:\program files\IObit 2009-02-23 06:51 . 2009-02-23 06:51 <DIR> d-------- c:\documents and settings\Jeff\Application Data\IObit 2009-02-23 06:39 . 2008-04-13 19:12 1,033,728 --a------ c:\windows\system32\explorer_clean.exe 2009-02-23 04:15 . 2009-02-24 16:10 <DIR> d-------- c:\program files\SpyZooka 2009-02-23 02:56 . 2009-02-23 17:37 <DIR> d-------- c:\documents and settings\All Users\Application Data\Yahoo! Companion 2009-02-23 02:41 . 2009-02-23 17:32 <DIR> d-------- c:\documents and settings\Jeff\Tracing 2009-02-23 02:35 . 2009-02-23 02:35 <DIR> d-------- c:\program files\Windows Live SkyDrive 2009-02-23 02:35 . 2009-02-23 02:35 <DIR> d-------- c:\program files\Microsoft 2009-02-23 02:31 . 2009-02-23 02:31 <DIR> d-------- c:\program files\Common Files\Windows Live 2009-02-23 02:24 . 2009-02-25 23:58 <DIR> d-------- c:\program files\PCPitstop 2009-02-22 17:15 . 2009-02-26 00:54 113,635,328 --a------ c:\windows\MEMORY.DMP 2009-02-06 15:30 . 2009-02-06 15:30 <DIR> d-------- c:\documents and settings\All Users\Application Data\acccore 2009-02-06 15:24 . 2009-02-06 15:26 <DIR> d-------- c:\program files\AIM+ 2009-02-06 15:21 . 2009-02-07 14:20 <DIR> d-------- c:\program files\Trillian 2009-02-06 15:20 . 1997-04-08 20:03 248,176 --a------ c:\windows\UNINST16.EXE 2009-02-06 15:20 . 1995-07-13 18:43 26,768 --a------ c:\windows\system\CTL3D.DLL 2009-01-31 22:25 . 2009-01-31 22:25 50 --a------ c:\windows\MegaManager.INI 2009-01-28 15:31 . 2003-03-02 17:44 7,552 --a------ c:\windows\system32\drivers\enodpl.sys 2009-01-28 15:31 . 2003-04-19 00:32 4,736 --a------ c:\windows\system32\drivers\tandpl.sys 2009-01-28 15:25 . 2009-01-28 15:25 <DIR> d-------- c:\program files\Ubisoft 2009-01-27 07:18 . 2009-02-22 19:00 <DIR> d-------- c:\program files\Gravity . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-02-26 05:06 --------- d-----w c:\program files\SUPERAntiSpyware 2009-02-26 02:46 --------- d-----w c:\program files\Malwarebytes' Anti-Malware 2009-02-25 23:46 --------- d-----w c:\program files\LimeWire 2009-02-25 23:46 --------- d-----w c:\program files\Java 2009-02-25 23:41 --------- d-----w c:\program files\Image-Line 2009-02-25 23:40 --------- d-----w c:\program files\DNA 2009-02-25 23:39 --------- d-----w c:\program files\BitLord 2009-02-25 10:57 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-02-25 09:58 --------- d-----w c:\program files\Spybot - Search & Destroy 2009-02-25 08:04 --------- d-----w c:\program files\Windows Live 2009-02-24 04:16 --------- d-----w c:\documents and settings\All Users\Application Data\WLInstaller 2009-02-24 04:12 --------- dcsh--w c:\program files\Common Files\WindowsLiveInstaller 2009-02-23 21:06 --------- d-----r c:\documents and settings\Jeff\Application Data\yahoo! 2009-02-23 09:14 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP 2009-02-23 07:56 --------- d-----w c:\program files\Yahoo! 2009-02-23 07:51 --------- d-----w c:\documents and settings\All Users\Application Data\yahoo! 2009-02-23 07:25 --------- d-----w c:\documents and settings\All Users\Application Data\PCPitstop 2009-02-23 00:19 --------- d-----w c:\program files\EA GAMES 2009-02-23 00:00 --------- d--h--w c:\program files\InstallShield Installation Information 2009-02-11 15:19 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys 2009-02-11 15:19 15,504 ----a-w c:\windows\system32\drivers\mbam.sys 2009-02-10 10:44 --------- d-----w c:\program files\Perfect World Entertainment 2009-02-10 10:22 --------- d-----w c:\documents and settings\Jeff\Application Data\GetRightToGo 2009-02-06 20:33 --------- d-----w c:\program files\AIM6 2009-02-06 20:30 --------- d-----w c:\program files\Viewpoint 2009-02-06 20:30 --------- d-----w c:\documents and settings\All Users\Application Data\Viewpoint 2009-02-06 20:30 --------- d-----w c:\documents and settings\All Users\Application Data\AOL 2009-02-03 11:47 --------- d-----w c:\documents and settings\All Users\Application Data\nView_Profiles 2009-02-01 03:29 --------- d-----w c:\program files\DivX 2009-02-01 03:26 --------- d-----w c:\program files\Logitech 2009-02-01 03:24 --------- d-----w c:\program files\NCSoft 2009-02-01 03:24 --------- d-----w c:\documents and settings\All Users\Application Data\McAfee.com 2009-01-30 03:10 --------- d-----w c:\program files\Illusion 2009-01-29 21:02 --------- d-----w c:\documents and settings\All Users\Application Data\avg8 2009-01-29 21:01 325,128 ----a-w c:\windows\system32\drivers\avgldx86.sys 2009-01-29 21:01 107,272 ----a-w c:\windows\system32\drivers\avgtdix.sys 2009-01-28 19:57 --------- d-----w c:\program files\Common Files\Symantec Shared 2009-01-28 19:56 --------- d-----w c:\program files\Real 2009-01-28 11:42 --------- d-----w c:\program files\UltraISO 2009-01-28 07:37 --------- d-----w c:\program files\TEATIME 2009-01-15 08:05 --------- d-----w c:\program files\ZD Soft 2009-01-08 06:44 --------- d-----w c:\documents and settings\All Users\Application Data\EmailNotifier 2008-12-30 12:23 --------- d-----w c:\documents and settings\Jeff\Application Data\IGN_DLM 2008-10-21 09:20 1,682 --sha-w c:\documents and settings\All Users\Application Data\KGyGaAvL.sys 2007-10-12 06:47 22,328 -c--a-w c:\documents and settings\Jeff\Application Data\PnkBstrK.sys 2003-08-27 19:19 36,963 -c--a-r c:\program files\Common Files\SM1updtr.dll 2002-05-06 05:08 92,662 -c--a-w c:\program files\epsxe.chm 2001-02-09 01:11 28,672 ----a-w c:\program files\burutter.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-10 86960] "ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-09-10 218032] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-12-04 1809648] "AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2008-11-05 2356088] "Advanced SystemCare 3"="c:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2009-01-09 2262352] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088] "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928] "SM1BG"="c:\windows\SM1BG.EXE" [2003-08-27 94208] "IPHSend"="c:\program files\Common Files\AOL\IPHSend\IPHSend.exe" [2006-02-17 124520] "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2006-09-10 218032] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016] "dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-08-13 122939] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-01-29 1601304] "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-12 208952] "IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-12 44032] "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-12 455168] "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-12 455168] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-12 136600] "nwiz"="nwiz.exe" [2008-05-16 c:\windows\system32\nwiz.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Gamma Loader.exe.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-02-06 113664] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2008-12-03 14:56 352256 c:\program files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2009-01-29 16:01 10520 c:\windows\system32\avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.divxa32"= msaud32_divx.acm "vidc.ffds"= ffdshow.ax "msacm.ac3filter"= ac3filter.acm "VIDC.XFR1"= xfcodec.dll "VIDC.ZDSV"= scrvid.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FreeRAM XP] --a------ 2006-03-22 23:13 1591808 c:\program files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager] --a------ 2006-05-09 19:24 50760 c:\program files\Common Files\AOL\1139344842\ee\aolsoftware.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igndlm.exe] --a------ 2008-08-01 12:36 1103216 c:\program files\IGN\Download Manager\DLM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] --a------ 2008-09-10 16:40 289576 c:\program files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh] --a------ 2008-08-28 09:18 3660848 c:\program files\Veoh Networks\Veoh\VeohClient.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VeohPlugin] --a------ 2008-11-03 17:45 3522296 c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "c:\\Program Files\\Common Files\\AOL\\1139344842\\ee\\aolsoftware.exe"= "c:\\Program Files\\Common Files\\AOL\\1139344842\\ee\\aim6.exe"= "c:\\Program Files\\Sony\\Station\\Launchpad\\LaunchPad.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Program Files\\NetMeeting\\conf.exe"= "c:\\WINDOWS\\system32\\dxdiag.exe"= "c:\\WINDOWS\\system32\\dpnsvr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Xfire\\Xfire.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "c:\\WINDOWS\\system32\\PnkBstrA.exe"= "c:\\WINDOWS\\system32\\PnkBstrB.exe"= "c:\\games\\lbz3d\\lbzwin.exe"= "c:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"= "c:\\WINDOWS\\system32\\rtcshare.exe"= "c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"= "c:\\Program Files\\alaplaya\\S4League\\S4Client.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\AVG\\AVG8\\avgemc.exe"= "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"= "c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"= "c:\\Program Files\\Ventrilo\\Ventrilo.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\AIM6\\aim6.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "20769:TCP"= 20769:TCP:BitComet 20769 TCP "20769:UDP"= 20769:UDP:BitComet 20769 UDP "1076:TCP"= 1076:TCP:*:Disabled:SolidNetworkManager "1076:UDP"= 1076:UDP:*:Disabled:SolidNetworkManager "5050:UDP"= 5050:UDP:LaconCheck "51506:TCP"= 51506:TCP:*:Disabled:SolidNetworkManager "51506:UDP"= 51506:UDP:*:Disabled:SolidNetworkManager R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-10-08 325128] R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-10-08 107272] R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2008-12-04 8944] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2008-12-04 55024] R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-10-08 903960] R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-10-08 298264] R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2009-02-06 24652] R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2008-12-04 7408] R3 scrcap;scrcap;c:\windows\system32\drivers\scrcap.sys [2006-12-27 9006] R3 vidcap;vidcap;c:\windows\system32\drivers\vidcap.sys [2006-12-27 9006] S3 LCcfltr;Logitech USB Filter Driver;c:\windows\system32\drivers\LCcfltr.sys [2008-04-01 14156] S3 samhid;samhid;c:\windows\system32\drivers\samhid.sys --> c:\windows\system32\drivers\samhid.sys [?] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8d4fdf70-95a7-11da-98e6-f485cec330b6}] \Shell\AutoRun\command - setupSNK.exe . Contents of the 'Scheduled Tasks' folder 2009-02-24 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.windstream.net/ mStart Page = hxxp://www.yahoo.com/ mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html uInternet Connection Wizard,ShellNext = iexplore uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com IE: &Search Trusted Zone: alltel.com\care DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab DPF: {6824D897-F7E1-4E41-B84B-B1D3FA4BF1BD} - hxxp://utilities.pcpitstop.com/Exterminate2/pcpitstopAntiVirus.dll DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} - hxxp://dist.globalgamecdn.com/dist/neffy/NeffyLauncher.cab DPF: {DB1009C9-9555-43D5-97A6-02A844332146} - hxxp://203.188.237.103/activex/app/WebLauncher.cab DPF: {E2E799BB-0285-4F31-9AE9-F21B4430A775} - hxxp://orka.gamengame.com/Game_Exe/EngOrkaWeb.cab DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} - hxxps://secure.gopetslive.com/dev/GoPetsWeb.cab FF - ProfilePath - c:\documents and settings\Jeff\Application Data\Mozilla\Firefox\Profiles\on1v973x.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p= FF - prefs.js: browser.search.selectedEngine - Yahoo FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/ FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p= FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll FF - plugin: c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll FF - plugin: c:\documents and settings\Jeff\Application Data\Mozilla\Firefox\Profiles\on1v973x.default\extensions\{5601B994-0E9B-4ce2-8AB9-AD1155F2ABBD}\plugins\NPNeffyPlugin.dll FF - plugin: c:\documents and settings\Jeff\Application Data\Mozilla\Firefox\Profiles\on1v973x.default\extensions\SolidStateION@solidstatenetworks.com\plugins\npssn.dll FF - plugin: c:\program files\IGN\Download Manager\npfpdlm.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npCID.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\NPHoldemFireLauncher.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMFireLauncher.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll FF - plugin: c:\program files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-02-27 05:07:11 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\illusion\J0c0q0D0

Alright, sounds good. Thanks for your time.

ComboFix.exe/data002\32788R22FWJFW\c.bat;C:\Documents and Settings\Jeff\Desktop\ComboFix.exe/data002;Probably BATCH.Virus;; ComboFix.exe/data002\32788R22FWJFW\psexec.cfexe;C:\Documents and Settings\Jeff\Desktop\ComboFix.exe/data002;Program.PsExec.171;; data002;C:\Documents and Settings\Jeff\Desktop;Archive contains infected objects;; ComboFix.exe;C:\Documents and Settings\Jeff\Desktop;Container contains infected objects;Moved.;

ComboFix 09-02-25.02 - Jeff 2009-02-26 4:28:15.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3070.2588 [GMT -5:00] Running from: c:\documents and settings\Jeff\Desktop\ComboFix.exe AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Jeff\Application Data\Install.dat c:\windows\AppPatch\Custom\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb c:\windows\system32\abngqtvc.ini c:\windows\system32\ackchfpx.ini c:\windows\system32\asinytoc.ini c:\windows\system32\bbadd.bak2 c:\windows\system32\bbadd.ini2 c:\windows\system32\bbadd.tmp c:\windows\system32\bkrlybbm.ini c:\windows\system32\bvlqhrod.ini c:\windows\system32\cccdd.bak1 c:\windows\system32\cccdd.ini c:\windows\system32\cixchkar.ini c:\windows\system32\dvechndq.ini c:\windows\system32\dwkvsecx.ini c:\windows\system32\ensmjxdn.ini c:\windows\system32\eyllxyyd.ini c:\windows\system32\eynsttxi.ini c:\windows\system32\fvkckxao.ini c:\windows\system32\fvvoamwn.ini c:\windows\system32\fwlxvora.ini c:\windows\system32\fxlmkfkm.ini c:\windows\system32\gtjgdafb.ini c:\windows\system32\gxnhjwbm.ini c:\windows\system32\hhkmp.bak2 c:\windows\system32\htrebbie.ini c:\windows\system32\hvnfoqoy.ini c:\windows\system32\jmseldfg.ini c:\windows\system32\jmwopqoc.ini c:\windows\system32\jqlufrih.ini c:\windows\system32\jwgaoeqk.ini c:\windows\system32\kdrowdmi.ini c:\windows\system32\kgkimsxb.ini c:\windows\system32\kgnjymep.ini c:\windows\system32\kmsvfulo.ini c:\windows\system32\kqaqpbnl.ini c:\windows\system32\kudaxfwy.ini c:\windows\system32\launcher.exe c:\windows\system32\lfnejant.ini c:\windows\system32\luujedkg.ini c:\windows\system32\nbenhipm.ini c:\windows\system32\nhxsujsn.ini c:\windows\system32\njevtlnv.ini c:\windows\system32\nncahutr.ini c:\windows\system32\nqtss.bak1 c:\windows\system32\nqtss.ini c:\windows\system32\nxugkbht.ini c:\windows\system32\ovocankp.ini c:\windows\system32\owumhtts.ini c:\windows\system32\pnsjppqc.ini c:\windows\system32\pseteayv.ini c:\windows\system32\qsdqnysn.ini c:\windows\system32\revbalca.ini c:\windows\system32\roshfrkc.ini c:\windows\system32\rtutv.ini c:\windows\system32\scurit~1 c:\windows\system32\sidvrsbj.ini c:\windows\system32\srqss.bak1 c:\windows\system32\svvwa.bak1 c:\windows\system32\syjdqott.ini c:\windows\system32\tckyyfjb.ini c:\windows\system32\uhgtkrqv.ini c:\windows\system32\unsvchosts.lzma c:\windows\system32\uohyhwpw.ini c:\windows\system32\updmgaxm.ini c:\windows\system32\utixlhjm.ini c:\windows\system32\uxwiinqm.ini c:\windows\system32\vivxuuto.ini c:\windows\system32\vkqsctyo.ini c:\windows\system32\vrrlqwqw.ini c:\windows\system32\vsihqked.ini c:\windows\system32\vuekwhcr.ini c:\windows\system32\vvvwa.ini c:\windows\system32\xhgyhqon.ini c:\windows\system32\xwhvdwjy.ini c:\windows\system32\xyjcywxr.ini c:\windows\system32\yawabcgi.ini c:\windows\system32\ycbeg.bak1 . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_seneka -------\Service_sysrest.sys -------\Service_UACd.sys ((((((((((((((((((((((((( Files Created from 2009-01-26 to 2009-02-26 ))))))))))))))))))))))))))))))) . 2009-02-25 19:55 . 2009-02-25 19:55 <DIR> d-------- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com 2009-02-24 15:41 . 2009-01-09 14:19 1,089,593 -----c--- c:\windows\system32\dllcache\ntprint.cat 2009-02-23 23:17 . 2009-02-23 23:17 <DIR> d-------- c:\program files\Microsoft SQL Server Compact Edition 2009-02-23 23:07 . 2009-02-23 23:07 <DIR> d-------- c:\program files\Windows Installer Clean Up 2009-02-23 23:06 . 2009-02-24 02:14 <DIR> d-------- c:\program files\MSECACHE 2009-02-23 17:44 . 2009-02-23 17:44 <DIR> d-------- c:\program files\Sophos 2009-02-23 17:43 . 2009-02-23 17:43 <DIR> d----c--- c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800} 2009-02-23 16:30 . 2009-02-23 16:30 <DIR> d-------- c:\program files\Microsoft Windows OneCare Live 2009-02-23 06:51 . 2009-02-23 06:51 <DIR> d-------- c:\program files\IObit 2009-02-23 06:51 . 2009-02-23 06:51 <DIR> d-------- c:\documents and settings\Jeff\Application Data\IObit 2009-02-23 06:39 . 2008-04-13 19:12 1,033,728 --a------ c:\windows\system32\explorer_clean.exe 2009-02-23 04:15 . 2009-02-24 16:10 <DIR> d-------- c:\program files\SpyZooka 2009-02-23 02:56 . 2009-02-23 17:37 <DIR> d-------- c:\documents and settings\All Users\Application Data\Yahoo! Companion 2009-02-23 02:41 . 2009-02-23 17:32 <DIR> d-------- c:\documents and settings\Jeff\Tracing 2009-02-23 02:35 . 2009-02-23 02:35 <DIR> d-------- c:\program files\Windows Live SkyDrive 2009-02-23 02:35 . 2009-02-23 02:35 <DIR> d-------- c:\program files\Microsoft 2009-02-23 02:31 . 2009-02-23 02:31 <DIR> d-------- c:\program files\Common Files\Windows Live 2009-02-23 02:24 . 2009-02-25 23:58 <DIR> d-------- c:\program files\PCPitstop 2009-02-23 00:31 . 2009-02-25 03:04 1,374 --a------ c:\windows\imsins.BAK 2009-02-22 17:15 . 2009-02-26 00:54 113,635,328 --a------ c:\windows\MEMORY.DMP 2009-02-22 02:40 . 2009-02-22 02:40 1,896,749 --a------ c:\windows\system32\UACykrrtujr.db 2009-02-18 16:39 . 2009-02-25 20:50 4 --a------ c:\windows\trdwoemr 2009-02-06 15:30 . 2009-02-06 15:30 <DIR> d-------- c:\documents and settings\All Users\Application Data\acccore 2009-02-06 15:24 . 2009-02-06 15:26 <DIR> d-------- c:\program files\AIM+ 2009-02-06 15:21 . 2009-02-07 14:20 <DIR> d-------- c:\program files\Trillian 2009-02-06 15:20 . 1997-04-08 20:03 248,176 --a------ c:\windows\UNINST16.EXE 2009-02-06 15:20 . 1995-07-13 18:43 26,768 --a------ c:\windows\system\CTL3D.DLL 2009-01-31 22:25 . 2009-01-31 22:25 50 --a------ c:\windows\MegaManager.INI 2009-01-28 15:31 . 2003-03-02 17:44 7,552 --a------ c:\windows\system32\drivers\enodpl.sys 2009-01-28 15:31 . 2003-04-19 00:32 4,736 --a------ c:\windows\system32\drivers\tandpl.sys 2009-01-28 15:25 . 2009-01-28 15:25 <DIR> d-------- c:\program files\Ubisoft 2009-01-27 07:18 . 2009-02-22 19:00 <DIR> d-------- c:\program files\Gravity . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-02-26 05:06 --------- d-----w c:\program files\SUPERAntiSpyware 2009-02-26 02:46 --------- d-----w c:\program files\Malwarebytes' Anti-Malware 2009-02-25 23:46 --------- d-----w c:\program files\LimeWire 2009-02-25 23:46 --------- d-----w c:\program files\Java 2009-02-25 23:41 --------- d-----w c:\program files\Image-Line 2009-02-25 23:40 --------- d-----w c:\program files\DNA 2009-02-25 23:39 --------- d-----w c:\program files\BitLord 2009-02-25 10:57 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-02-25 09:58 --------- d-----w c:\program files\Spybot - Search & Destroy 2009-02-25 08:04 --------- d-----w c:\program files\Windows Live 2009-02-24 04:16 --------- d-----w c:\documents and settings\All Users\Application Data\WLInstaller 2009-02-24 04:12 --------- dcsh--w c:\program files\Common Files\WindowsLiveInstaller 2009-02-23 21:06 --------- d-----r c:\documents and settings\Jeff\Application Data\yahoo! 2009-02-23 09:14 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP 2009-02-23 07:56 --------- d-----w c:\program files\Yahoo! 2009-02-23 07:51 --------- d-----w c:\documents and settings\All Users\Application Data\yahoo! 2009-02-23 07:25 --------- d-----w c:\documents and settings\All Users\Application Data\PCPitstop 2009-02-23 00:19 --------- d-----w c:\program files\EA GAMES 2009-02-23 00:00 --------- d--h--w c:\program files\InstallShield Installation Information 2009-02-11 15:19 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys 2009-02-11 15:19 15,504 ----a-w c:\windows\system32\drivers\mbam.sys 2009-02-10 10:44 --------- d-----w c:\program files\Perfect World Entertainment 2009-02-10 10:22 --------- d-----w c:\documents and settings\Jeff\Application Data\GetRightToGo 2009-02-06 20:33 --------- d-----w c:\program files\AIM6 2009-02-06 20:30 --------- d-----w c:\program files\Viewpoint 2009-02-06 20:30 --------- d-----w c:\documents and settings\All Users\Application Data\Viewpoint 2009-02-06 20:30 --------- d-----w c:\documents and settings\All Users\Application Data\AOL 2009-02-03 11:47 --------- d-----w c:\documents and settings\All Users\Application Data\nView_Profiles 2009-02-01 03:29 --------- d-----w c:\program files\DivX 2009-02-01 03:26 --------- d-----w c:\program files\Logitech 2009-02-01 03:24 --------- d-----w c:\program files\NCSoft 2009-02-01 03:24 --------- d-----w c:\documents and settings\All Users\Application Data\McAfee.com 2009-01-30 03:10 --------- d-----w c:\program files\Illusion 2009-01-29 21:02 --------- d-----w c:\documents and settings\All Users\Application Data\avg8 2009-01-29 21:01 325,128 ----a-w c:\windows\system32\drivers\avgldx86.sys 2009-01-29 21:01 107,272 ----a-w c:\windows\system32\drivers\avgtdix.sys 2009-01-28 19:57 --------- d-----w c:\program files\Common Files\Symantec Shared 2009-01-28 19:56 --------- d-----w c:\program files\Real 2009-01-28 11:42 --------- d-----w c:\program files\UltraISO 2009-01-28 07:37 --------- d-----w c:\program files\TEATIME 2009-01-15 08:05 --------- d-----w c:\program files\ZD Soft 2009-01-08 06:44 --------- d-----w c:\documents and settings\All Users\Application Data\EmailNotifier 2008-12-30 12:23 --------- d-----w c:\documents and settings\Jeff\Application Data\IGN_DLM 2008-10-21 09:20 1,682 --sha-w c:\documents and settings\All Users\Application Data\KGyGaAvL.sys 2008-10-21 09:11 88 --sh--r c:\documents and settings\All Users\Application Data\27654F369A.sys 2007-10-12 06:47 22,328 -c--a-w c:\documents and settings\Jeff\Application Data\PnkBstrK.sys 2003-08-27 19:19 36,963 -c--a-r c:\program files\Common Files\SM1updtr.dll 2002-05-06 05:08 92,662 -c--a-w c:\program files\epsxe.chm 2001-02-09 01:11 28,672 ----a-w c:\program files\burutter.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-10 86960] "ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-09-10 218032] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-12-04 1809648] "AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2008-11-05 2356088] "Advanced SystemCare 3"="c:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2009-01-09 2262352] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088] "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928] "SM1BG"="c:\windows\SM1BG.EXE" [2003-08-27 94208] "IPHSend"="c:\program files\Common Files\AOL\IPHSend\IPHSend.exe" [2006-02-17 124520] "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2006-09-10 218032] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016] "dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-08-13 122939] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-01-29 1601304] "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-12 208952] "IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-12 44032] "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-12 455168] "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-12 455168] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-12 136600] "nwiz"="nwiz.exe" [2008-05-16 c:\windows\system32\nwiz.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Gamma Loader.exe.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-02-06 113664] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2008-12-03 14:56 352256 c:\program files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2009-01-29 16:01 10520 c:\windows\system32\avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.divxa32"= msaud32_divx.acm "vidc.ffds"= ffdshow.ax "msacm.ac3filter"= ac3filter.acm "VIDC.XFR1"= xfcodec.dll "VIDC.ZDSV"= scrvid.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FreeRAM XP] --a------ 2006-03-22 23:13 1591808 c:\program files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager] --a------ 2006-05-09 19:24 50760 c:\program files\Common Files\AOL\1139344842\ee\aolsoftware.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igndlm.exe] --a------ 2008-08-01 12:36 1103216 c:\program files\IGN\Download Manager\DLM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] --a------ 2008-09-10 16:40 289576 c:\program files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh] --a------ 2008-08-28 09:18 3660848 c:\program files\Veoh Networks\Veoh\VeohClient.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VeohPlugin] --a------ 2008-11-03 17:45 3522296 c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "c:\\Program Files\\Common Files\\AOL\\1139344842\\ee\\aolsoftware.exe"= "c:\\Program Files\\Common Files\\AOL\\1139344842\\ee\\aim6.exe"= "c:\\Program Files\\Sony\\Station\\Launchpad\\LaunchPad.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Program Files\\NetMeeting\\conf.exe"= "c:\\WINDOWS\\system32\\dxdiag.exe"= "c:\\WINDOWS\\system32\\dpnsvr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Xfire\\Xfire.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "c:\\WINDOWS\\system32\\PnkBstrA.exe"= "c:\\WINDOWS\\system32\\PnkBstrB.exe"= "c:\\games\\lbz3d\\lbzwin.exe"= "c:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"= "c:\\WINDOWS\\system32\\rtcshare.exe"= "c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"= "c:\\Program Files\\alaplaya\\S4League\\S4Client.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\AVG\\AVG8\\avgemc.exe"= "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"= "c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"= "c:\\Program Files\\Ventrilo\\Ventrilo.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\AIM6\\aim6.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "20769:TCP"= 20769:TCP:BitComet 20769 TCP "20769:UDP"= 20769:UDP:BitComet 20769 UDP "1076:TCP"= 1076:TCP:*:Disabled:SolidNetworkManager "1076:UDP"= 1076:UDP:*:Disabled:SolidNetworkManager "5050:UDP"= 5050:UDP:LaconCheck "51506:TCP"= 51506:TCP:*:Disabled:SolidNetworkManager "51506:UDP"= 51506:UDP:*:Disabled:SolidNetworkManager R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-10-08 325128] R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-10-08 107272] R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2008-12-04 8944] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2008-12-04 55024] R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-10-08 903960] R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-10-08 298264] R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2009-02-06 24652] R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2008-12-04 7408] R3 scrcap;scrcap;c:\windows\system32\drivers\scrcap.sys [2006-12-27 9006] R3 vidcap;vidcap;c:\windows\system32\drivers\vidcap.sys [2006-12-27 9006] S0 trdwoemr;trdwoemr;c:\windows\system32\drivers\dceotgmw.sys --> c:\windows\system32\drivers\dceotgmw.sys [?] S3 LCcfltr;Logitech USB Filter Driver;c:\windows\system32\drivers\LCcfltr.sys [2008-04-01 14156] S3 samhid;samhid;c:\windows\system32\drivers\samhid.sys --> c:\windows\system32\drivers\samhid.sys [?] S3 XDva032;XDva032;\??\c:\windows\system32\XDva032.sys --> c:\windows\system32\XDva032.sys [?] S3 XDva037;XDva037;\??\c:\windows\system32\XDva037.sys --> c:\windows\system32\XDva037.sys [?] S3 XDva090;XDva090;\??\c:\windows\system32\XDva090.sys --> c:\windows\system32\XDva090.sys [?] S3 XDva104;XDva104;\??\c:\windows\system32\XDva104.sys --> c:\windows\system32\XDva104.sys [?] S3 XDva132;XDva132;\??\c:\windows\system32\XDva132.sys --> c:\windows\system32\XDva132.sys [?] S3 XDva164;XDva164;\??\c:\windows\system32\XDva164.sys --> c:\windows\system32\XDva164.sys [?] S3 XDva189;XDva189;\??\c:\windows\system32\XDva189.sys --> c:\windows\system32\XDva189.sys [?] S3 XDva193;XDva193;\??\c:\windows\system32\XDva193.sys --> c:\windows\system32\XDva193.sys [?] S3 XDva195;XDva195;\??\c:\windows\system32\XDva195.sys --> c:\windows\system32\XDva195.sys [?] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8d4fdf70-95a7-11da-98e6-f485cec330b6}] \Shell\AutoRun\command - setupSNK.exe . Contents of the 'Scheduled Tasks' folder 2009-02-24 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [] . - - - - ORPHANS REMOVED - - - - BHO-{097FC1F9-7F43-427F-BFC8-F223C37601E1} - (no file) HKU-Default-Run-ALUAlert - c:\program files\Symantec\LiveUpdate\ALUNotify.exe HKU-Default-Run-swg - c:\program files\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe MSConfigStartUp-BitTorrent DNA - c:\program files\DNA\btdna.exe . ------- Supplementary Scan ------- . uStart Page = hxxp://www.windstream.net/ mStart Page = hxxp://www.yahoo.com/ mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html uInternet Connection Wizard,ShellNext = iexplore uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com IE: &Search Trusted Zone: alltel.com\care DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab DPF: {6824D897-F7E1-4E41-B84B-B1D3FA4BF1BD} - hxxp://utilities.pcpitstop.com/Exterminate2/pcpitstopAntiVirus.dll DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} - hxxp://dist.globalgamecdn.com/dist/neffy/NeffyLauncher.cab DPF: {DB1009C9-9555-43D5-97A6-02A844332146} - hxxp://203.188.237.103/activex/app/WebLauncher.cab DPF: {E2E799BB-0285-4F31-9AE9-F21B4430A775} - hxxp://orka.gamengame.com/Game_Exe/EngOrkaWeb.cab DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} - hxxps://secure.gopetslive.com/dev/GoPetsWeb.cab FF - ProfilePath - c:\documents and settings\Jeff\Application Data\Mozilla\Firefox\Profiles\on1v973x.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p= FF - prefs.js: browser.search.selectedEngine - Yahoo FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/ FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p= FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll FF - plugin: c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll FF - plugin: c:\documents and settings\Jeff\Application Data\Mozilla\Firefox\Profiles\on1v973x.default\extensions\{5601B994-0E9B-4ce2-8AB9-AD1155F2ABBD}\plugins\NPNeffyPlugin.dll FF - plugin: c:\documents and settings\Jeff\Application Data\Mozilla\Firefox\Profiles\on1v973x.default\extensions\SolidStateION@solidstatenetworks.com\plugins\npssn.dll FF - plugin: c:\program files\IGN\Download Manager\npfpdlm.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npCID.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\NPHoldemFireLauncher.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMFireLauncher.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll FF - plugin: c:\program files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-02-26 04:32:54 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\illusion\J0c0q0D0

Ok, so I was searching through my computer and was looking at my Superantispyware. I just noticed it had an alternative start mode.. so I opened it, updated and ran it.. went afk came back and noticed my screen was completely black.. I was like Aha! So, I started again in safe mode. Ran it again and it found 3 infected files.. one was a rootgen. Restarted, safe mode again this time I tried Malwarebytes and it opened.. ran a quicky found some infections and so on i'll post the logs. I'll list the superantispyware first, then the malwarebytes. SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 02/25/2009 at 08:50 PM Application Version : 4.23.1006 Core Rules Database Version : 3776 Trace Rules Database Version: 1735 Scan type : Complete Scan Total Scan Time : 00:35:11 Memory items scanned : 192 Memory threats detected : 0 Registry items scanned : 6231 Registry threats detected : 2 File items scanned : 26343 File threats detected : 2 Rogue.Component/Trace HKU\S-1-5-21-1645522239-484763869-839522115-1004\Software\Microsoft\CS41275 HKU\S-1-5-21-1645522239-484763869-839522115-1004\Software\Microsoft\FIAS4018 Rootkit.Agent/Gen-DP_PROT C:\WINDOWS\SYSTEM32\DRIVERS\DCEOTGMW.SYS Rootkit.Agent/Gen-UACFake C:\WINDOWS\SYSTEM32\DRIVERS\UACTDMXSNLO.SYS ________________________________________________________________________________ ____ Malwarebytes' Anti-Malware 1.33 Database version: 1742 Windows 5.1.2600 Service Pack 3 2/25/2009 8:56:50 PM mbam-log-2009-02-25 (20-56-50).txt Scan type: Quick Scan Objects scanned: 62316 Time elapsed: 3 minute(s), 14 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 1 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 5 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\memsweep2 (Trojan.Agent) -> Quarantined and deleted successfully. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\WINDOWS\system32\UACmcsgdcxn.dll (Rootkit.TDSS) -> Quarantined and deleted successfully. C:\WINDOWS\system32\UACnmxeylja.dll (Trojan.TDSS) -> Quarantined and deleted successfully. C:\WINDOWS\system32\UACxdxnojbo.dll (Rootkit.TDSS) -> Quarantined and deleted successfully. C:\WINDOWS\system32\1.tmp (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Jeff\Desktop\explorer.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully. Malwarebytes' Anti-Malware 1.33 Database version: 1742 Windows 5.1.2600 Service Pack 3 2/25/2009 9:36:18 PM mbam-log-2009-02-25 (21-36-18).txt Scan type: Full Scan (C:\|E:\|) Objects scanned: 177179 Time elapsed: 32 minute(s), 17 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 3 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\System Volume Information\_restore{65E037B0-61E7-4FC6-99F8-66D1691665A8}\RP0\A0000005.dll (Rootkit.TDSS) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{65E037B0-61E7-4FC6-99F8-66D1691665A8}\RP0\A0000006.dll (Trojan.TDSS) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{65E037B0-61E7-4FC6-99F8-66D1691665A8}\RP0\A0000007.dll (Rootkit.TDSS) -> Quarantined and deleted successfully. Malwarebytes' Anti-Malware 1.34 Database version: 1805 Windows 5.1.2600 Service Pack 3 2/25/2009 11:53:56 PM mbam-log-2009-02-25 (23-53-56).txt Scan type: Quick Scan Objects scanned: 79491 Time elapsed: 4 minute(s), 48 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 4 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\Documents and Settings\Jeff\Local Settings\Temp\UAC9bcc.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully. C:\WINDOWS\system32\uacinit.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\UACljxeyico.dat (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\UACloltpybv.log (Trojan.Agent) -> Quarantined and deleted successfully. Malwarebytes' Anti-Malware 1.34 Database version: 1805 Windows 5.1.2600 Service Pack 3 2/26/2009 12:46:21 AM mbam-log-2009-02-26 (00-46-21).txt Scan type: Full Scan (C:\|E:\|) Objects scanned: 197448 Time elapsed: 50 minute(s), 30 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\System Volume Information\_restore{65E037B0-61E7-4FC6-99F8-66D1691665A8}\RP0\A0000017.dll (Trojan.TDSS) -> Quarantined and deleted successfully. ________________________________________________________________________________ ______ And finally a new Hijackthis log. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:49:44 AM, on 2/26/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\WINDOWS\SM1BG.EXE C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\system32\dla\tfswctrl.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\AVG\AVG8\avgcsrvx.exe C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.windstream.net/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {097FC1F9-7F43-427F-BFC8-F223C37601E1} - (no file) O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (file missing) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [sM1BG] C:\WINDOWS\SM1BG.EXE O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [iPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [iMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKCU\..\Run: [iSUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKCU\..\Run: [AdobeUpdater] "C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user') O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_11.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_11.dll O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/dow...llerControl.cab O16 - DPF: {02ECD07A-22D0-4AF0-BA0A-3F6B06086D08} (GamesCampus Control) - http://xiah.gamescampus.com/luncher/GamesCampus.cab O16 - DPF: {10093E98-C073-4C75-8D0E-FB5CD3A71D33} (ZoneUpwords Object) - http://messenger.zone.msn.com/binary/Upwords.cab57176.cab O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab O16 - DPF: {6824D897-F7E1-4E41-B84B-B1D3FA4BF1BD} (PCPitstop AntiVirus) - http://utilities.pcpitstop.com/Exterminate...opAntiVirus.dll O16 - DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} (NeffyLauncherCtl Class) - http://dist.globalgamecdn.com/dist/neffy/NeffyLauncher.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {DB1009C9-9555-43D5-97A6-02A844332146} (WebLauncher Control) - http://203.188.237.103/activex/app/WebLauncher.cab O16 - DPF: {E2E799BB-0285-4F31-9AE9-F21B4430A775} (EngOrkaWebCtrl Class) - http://orka.gamengame.com/Game_Exe/EngOrkaWeb.cab O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/optimize2/pcpitstop2.dll O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe -- End of file - 11564 bytes

Alright, I have uninstalled all the software besides: ILLUSION ?????????2 This is due to a registry error, I think. It's actually been removed from the computer for a while. I just couldn't get the uninstaller to work properly and incorrectly removed it by deleting it a while back. It's all in Japanese the prompts and it won't uninstall (well on the list, since it's not on the computer anymore) through the add/remove programs listing. Beyond that all the others were removed fine. Thanks much for your time and effort.

Oh, yes, this computer does have a dvdrw/CDrw burner that should function properly. Though I think I only have a blank dvd-r to use.

Negative, this is the only computer I have available. DDS (Ver_09-02-01.01) - NTFSx86 Run by Jeff at 16:22:50.93 on Wed 02/25/2009 Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_11 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3070.2509 [GMT -5:00] AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\Program Files\AVG\AVG8\avgcsrvx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\WINDOWS\SM1BG.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\system32\dla\tfswctrl.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Jeff\Desktop\dds.scr ============== Pseudo HJT Report =============== uSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com uSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html mDefault_Page_URL = hxxp://www.yahoo.com/ mDefault_Search_URL = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com mSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com mStart Page = hxxp://www.yahoo.com/ mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html uInternet Connection Wizard,ShellNext = iexplore uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll BHO: NoExplorer - No File BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: {097FC1F9-7F43-427F-BFC8-F223C37601E1} - No File BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn\YTSingleInstance.dll TB: Veoh Browser Plug-in: {d0943516-5076-4020-a3b5-aefaf26ab263} - c:\program files\veoh networks\veoh\plugins\reg\VeohToolbar.dll TB: Veoh Web Player Video Finder: {0fbb9689-d3d7-4f7a-a2e2-585b10099bfc} - c:\program files\veoh networks\veohwebplayer\VeohIEToolbar.dll TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File TB: {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - No File uRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start uRun: [iSUSPM] "c:\program files\common files\installshield\updateservice\isuspm.exe" -scheduler uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [sUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe uRun: [AdobeUpdater] "c:\program files\common files\adobe\updater5\AdobeUpdater.exe" uRun: [Advanced SystemCare 3] "c:\program files\iobit\advanced systemcare 3\AWC.exe" /startup mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [soundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe mRun: [sM1BG] c:\windows\SM1BG.EXE mRun: [nwiz] nwiz.exe /install mRun: [iPHSend] c:\program files\common files\aol\iphsend\IPHSend.exe mRun: [iSUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit mRun: [dla] c:\windows\system32\dla\tfswctrl.exe mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe mRun: [iMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 mRun: [iMEKRMIG6.1] c:\windows\ime\imkr6_1\IMEKRMIG.EXE mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k dRun: [ALUAlert] c:\program files\symantec\liveupdate\ALUNotify.exe dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t dRun: [swg] c:\program files\google\googletoolbarnotifier\1.2.908.8472\GoogleToolbarNotifier.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe IE: &D&ownload all video with BitComet - c:\program files\bitcomet\BitComet.exe/AddVideo.htm IE: &Search IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll Trusted Zone: alltel.com\care DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab DPF: {02ECD07A-22D0-4AF0-BA0A-3F6B06086D08} - hxxp://xiah.gamescampus.com/luncher/GamesCampus.cab DPF: {10093E98-C073-4C75-8D0E-FB5CD3A71D33} - hxxp://messenger.zone.msn.com/binary/Upwords.cab57176.cab DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} - hxxp://musicmix.messenger.msn.com/Medialogic.CAB DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} - hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab DPF: {6824D897-F7E1-4E41-B84B-B1D3FA4BF1BD} - hxxp://utilities.pcpitstop.com/Exterminate2/pcpitstopAntiVirus.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} - hxxp://dist.globalgamecdn.com/dist/neffy/NeffyLauncher.cab DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://messenger.zone.msn.com/binary/ZIntro.cab56649.cab DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab DPF: {DB1009C9-9555-43D5-97A6-02A844332146} - hxxp://203.188.237.103/activex/app/WebLauncher.cab DPF: {E2E799BB-0285-4F31-9AE9-F21B4430A775} - hxxp://orka.gamengame.com/Game_Exe/EngOrkaWeb.cab DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} - hxxps://secure.gopetslive.com/dev/GoPetsWeb.cab DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - hxxp://utilities.pcpitstop.com/optimize2/pcpitstop2.dll Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll Notify: avgrsstarter - avgrsstx.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, digeste.dll ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\jeff\applic~1\mozilla\firefox\profiles\on1v973x.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p= FF - prefs.js: browser.search.selectedEngine - Yahoo FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/ FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p= FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll FF - plugin: c:\documents and settings\all users\application data\nexonus\ngm\npNxGameUS.dll FF - plugin: c:\documents and settings\jeff\application data\mozilla\firefox\profiles\on1v973x.default\extensions\{5601b994-0e9b-4ce2-8ab9-ad1155f2abbd}\plugins\NPNeffyPlugin.dll FF - plugin: c:\documents and settings\jeff\application data\mozilla\firefox\profiles\on1v973x.default\extensions\solidstateion@solidstatenetworks.com\plugins\npssn.dll FF - plugin: c:\program files\ign\download manager\npfpdlm.dll FF - plugin: c:\program files\mozilla firefox\plugins\npCID.dll FF - plugin: c:\program files\mozilla firefox\plugins\NPHoldemFireLauncher.dll FF - plugin: c:\program files\mozilla firefox\plugins\NPMFireLauncher.dll FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll FF - plugin: c:\program files\veoh networks\veoh\plugins\noreg\NPVeohVersion.dll FF - plugin: c:\program files\veoh networks\veohwebplayer\NPVeohTVPlugin.dll FF - plugin: c:\program files\veoh networks\veohwebplayer\npWebPlayerVideoPluginATL.dll FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll FF - HiddenExtension: XUL Cache: {483E3B26-70F3-4D42-BA60-C166EB99AE4B} - c:\documents and settings\jeff\local settings\application data\{483E3B26-70F3-4D42-BA60-C166EB99AE4B} ============= SERVICES / DRIVERS =============== R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-10-8 325128] R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-3-13 27656] R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-10-8 107272] R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2008-12-4 8944] R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2008-12-4 55024] R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2008-10-8 903960] R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-10-8 298264] R3 scrcap;scrcap;c:\windows\system32\drivers\scrcap.sys [2006-12-27 9006] R3 vidcap;vidcap;c:\windows\system32\drivers\vidcap.sys [2006-12-27 9006] S0 trdwoemr;trdwoemr;c:\windows\system32\drivers\dceotgmw.sys [] S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-2-6 24652] S3 Ad-Watch Connect Filter;Ad-Watch Connect Kernel Filter;\??\c:\windows\system32\drivers\nsdriver.sys --> c:\windows\system32\drivers\NSDriver.sys [?] S3 Ad-Watch Real-Time Scanner;AW Real-Time Scanner;\??\c:\windows\system32\drivers\awrtpd.sys --> c:\windows\system32\drivers\AWRTPD.sys [?] S3 Ad-Watch Registry Filter;Ad-Watch Registry Kernel Filter;\??\c:\windows\system32\drivers\awrtrd.sys --> c:\windows\system32\drivers\AWRTRD.sys [?] S3 LCcfltr;Logitech USB Filter Driver;c:\windows\system32\drivers\LCcfltr.sys [2008-4-1 14156] S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\5b.tmp --> c:\windows\system32\5B.tmp [?] S3 samhid;samhid;c:\windows\system32\drivers\samhid.sys --> c:\windows\system32\drivers\samhid.sys [?] S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2008-12-4 7408] S3 sysrest.sys;sysrest.sys;\??\c:\windows\system32\sysrest.sys --> c:\windows\system32\sysrest.sys [?] S3 XDva032;XDva032;\??\c:\windows\system32\xdva032.sys --> c:\windows\system32\XDva032.sys [?] S3 XDva037;XDva037;\??\c:\windows\system32\xdva037.sys --> c:\windows\system32\XDva037.sys [?] S3 XDva090;XDva090;\??\c:\windows\system32\xdva090.sys --> c:\windows\system32\XDva090.sys [?] S3 XDva104;XDva104;\??\c:\windows\system32\xdva104.sys --> c:\windows\system32\XDva104.sys [?] S3 XDva132;XDva132;\??\c:\windows\system32\xdva132.sys --> c:\windows\system32\XDva132.sys [?] S3 XDva164;XDva164;\??\c:\windows\system32\xdva164.sys --> c:\windows\system32\XDva164.sys [?] S3 XDva189;XDva189;\??\c:\windows\system32\xdva189.sys --> c:\windows\system32\XDva189.sys [?] S3 XDva193;XDva193;\??\c:\windows\system32\xdva193.sys --> c:\windows\system32\XDva193.sys [?] S3 XDva195;XDva195;\??\c:\windows\system32\xdva195.sys --> c:\windows\system32\XDva195.sys [?] =============== Created Last 30 ================ 2009-02-25 06:00 389,120 a------- c:\windows\system32\CF26844.exe 2009-02-24 15:41 1,089,593 -c------ c:\windows\system32\dllcache\ntprint.cat 2009-02-23 23:17 <DIR> --d----- c:\program files\Microsoft SQL Server Compact Edition 2009-02-23 23:07 <DIR> --d----- c:\program files\Windows Installer Clean Up 2009-02-23 23:06 <DIR> --d----- c:\program files\MSECACHE 2009-02-23 18:23 389,120 a------- c:\windows\system32\CF2912.exe 2009-02-23 18:19 389,120 a------- c:\windows\system32\CF1975.exe 2009-02-23 17:44 <DIR> --d----- c:\program files\Sophos 2009-02-23 17:43 <DIR> -cd----- c:\docume~1\alluse~1\applic~1\{83C91755-2546-441D-AC40-9A6B4B860800} 2009-02-23 16:30 <DIR> --d----- c:\program files\Microsoft Windows OneCare Live 2009-02-23 06:51 <DIR> --d----- c:\program files\IObit 2009-02-23 06:51 <DIR> --d----- c:\docume~1\jeff\applic~1\IObit 2009-02-23 06:39 1,033,728 a------- c:\windows\system32\explorer_clean.exe 2009-02-23 04:49 <DIR> --dshr-- C:\cmdcons 2009-02-23 04:49 <DIR> --d----- c:\windows\setupupd 2009-02-23 04:15 <DIR> --d----- c:\program files\SpyZooka 2009-02-23 02:41 <DIR> --d----- c:\documents and settings\jeff\Tracing 2009-02-23 02:35 <DIR> --d----- c:\program files\Microsoft 2009-02-23 02:35 <DIR> --d----- c:\program files\Windows Live SkyDrive 2009-02-23 02:31 <DIR> --d----- c:\program files\common files\Windows Live 2009-02-23 02:24 <DIR> --d----- c:\program files\PCPitstop 2009-02-23 00:31 1,374 a------- c:\windows\imsins.BAK 2009-02-18 16:39 4 a------- c:\windows\trdwoemr 2009-02-06 15:30 <DIR> --d----- c:\docume~1\alluse~1\applic~1\acccore 2009-02-06 15:24 <DIR> --d----- c:\program files\AIM+ 2009-02-06 15:20 248,176 a------- c:\windows\UNINST16.EXE 2009-02-06 15:20 26,768 a------- c:\windows\system\CTL3D.DLL 2009-01-31 22:25 50 a------- c:\windows\MegaManager.INI 2009-01-28 15:31 7,552 a------- c:\windows\system32\drivers\enodpl.sys 2009-01-28 15:31 4,736 a------- c:\windows\system32\drivers\tandpl.sys 2009-01-27 07:18 <DIR> --d----- c:\program files\Gravity ==================== Find3M ==================== 2009-02-23 06:43 10,752 a------- c:\windows\system32\clb.dll 2009-01-29 16:01 325,128 a------- c:\windows\system32\drivers\avgldx86.sys 2009-01-29 16:01 107,272 a------- c:\windows\system32\drivers\avgtdix.sys 2009-01-29 16:01 10,520 a------- c:\windows\system32\avgrsstx.dll 2009-01-14 16:11 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys 2009-01-14 16:11 15,504 a------- c:\windows\system32\drivers\mbam.sys 2009-01-12 18:42 410,984 a------- c:\windows\system32\deploytk.dll 2008-12-25 00:03 2,117,632 a------- c:\windows\system32\python25.dll 2008-12-25 00:03 348,160 a------- c:\windows\system32\msvcr71.dll 2008-12-25 00:03 339,968 a------- c:\windows\system32\pythoncom25.dll 2008-12-25 00:03 114,688 a------- c:\windows\system32\pywintypes25.dll 2008-12-20 18:15 826,368 a------- c:\windows\system32\wininet.dll 2008-10-21 04:20 1,682 a--sh--- c:\docume~1\alluse~1\applic~1\KGyGaAvL.sys 2008-10-21 04:11 88 ---shr-- c:\docume~1\alluse~1\applic~1\27654F369A.sys 2007-10-12 01:47 22,328 ac------ c:\docume~1\jeff\applic~1\PnkBstrK.sys 2007-07-29 01:44 0 ac------ c:\docume~1\jeff\applic~1\Install.dat 2003-08-27 14:19 36,963 ac---r-- c:\program files\common files\SM1updtr.dll 2002-05-06 00:08 92,662 ac------ c:\program files\epsxe.chm 2001-02-08 20:11 28,672 a------- c:\program files\burutter.dll 2007-08-07 14:32 1,757,899 ac-sh--- c:\windows\system32\bbadd.bak2 2007-08-08 04:06 1,758,539 ac-sh--- c:\windows\system32\bbadd.ini2 2007-08-12 15:24 6,421 ac-sh--- c:\windows\system32\cccdd.bak1 2007-08-11 15:38 6,461 ac-sh--- c:\windows\system32\hhkmp.bak2 2007-08-09 23:02 6,421 ac-sh--- c:\windows\system32\nqtss.bak1 2007-08-13 19:24 6,421 ac-sh--- c:\windows\system32\srqss.bak1 2007-08-09 19:52 6,421 ac-sh--- c:\windows\system32\svvwa.bak1 2007-08-11 14:43 6,421 ac-sh--- c:\windows\system32\ycbeg.bak1 ============= FINISH: 16:24:15.56 =============== UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT DDS (Ver_09-02-01.01) Microsoft Windows XP Home Edition Boot Device: \Device\HarddiskVolume1 Install Date: 3/23/2008 6:16:57 PM System Uptime: 2/25/2009 2:55:15 PM (2 hours ago) Motherboard: Dell Inc. | | 0U7077 Processor: Intel® Pentium® 4 CPU 3.40GHz | Microprocessor | 3391/800mhz ==== Disk Partitions ========================= A: is Removable C: is FIXED (NTFS) - 128 GiB total, 63.96 GiB free. D: is CDROM () E: is FIXED (NTFS) - 21 GiB total, 18.253 GiB free. F: is CDROM () H: is CDROM () ==== Disabled Device Manager Items ============= ==== System Restore Points =================== No restore point in system. ==== Installed Programs ====================== Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742) Adobe Anchor Service CS3 Adobe Bridge Start Meeting Adobe Camera Raw 4.0 Adobe CMaps Adobe Default Language CS3 Adobe Device Central CS3 Adobe ExtendScript Toolkit 2 Adobe Flash Player 10 ActiveX Adobe Flash Player Plugin Adobe Fonts All Adobe Help Viewer 1.1 Adobe Linguistics CS3 Adobe PDF Library Files Adobe Photoshop 6.0 Adobe Photoshop CS3 Adobe Reader 8.1.2 Adobe Reader 8.1.2 Security Update 1 (KB403742) Adobe Setup Adobe Shockwave Player Adobe Stock Photos CS3 Adobe SVG Viewer Adobe Type Support Adobe Version Cue CS3 Client Adobe WinSoft Linguistics Plugin Adobe XMP Panels CS3 Advanced SystemCare 3 AGEIA PhysX v7.09.13 AIM 6 AOL Uninstaller (Choose which Products to Remove) Apple Software Update AutoUpdate AVG Free 8.0 BitComet 0.97 BitLord 1.1 Broadcom Gigabit Integrated Controller CCleaner (remove only) CEP (Color Enable Package) v.9.0 (beta) Choice Guard Collab Conexant D850 56K V.9x DFVc Modem Cypress USB Mass Storage Driver Installation Debut Dell Photo Printer 720 DivX Codec DivX Player DivX Web Player DNA Dream Of Mirror Online Enemy Territory - QUAKE Wars 1.1 Patch Enemy Territory - QUAKE Wars 1.2 Patch Enemy Territory - QUAKE Wars 1.4 Patch GOM Player HighMAT Extension to Microsoft Windows XP CD Writing Wizard HijackThis 2.0.2 Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Windows XP (KB954550-v5) Hotfix for Windows XP (KB961118) IGN Download Manager 2.1.2 IL Download Manager ILLUSION ?-??- ILLUSION ?????????2 Interactive User

Well, if we could repair it that would be great. If you think just redoing the whole thing all over again would be the only answer then that's understandable. Either way bidding on ebay is most unsafe at this point right? I have been watching parts trying to save some money to build a new pc. So, here is where I ended up. I uninstalled Spybot I continued after the point you wanted me to. I opened Hijackthis removed all the red items that you listed. I already had CCleaner did what you listed and ran it. I downloaded Combofix.exe and saved it to my desktop. ( I did attempt to open it just to see if it would - It did not open properly ) I do know you mentioned getting the recovery console going first. I don't know how to do that exactly. When I start my pc and pick my partition (Since I have 2 partitions) the Recovery console is listed in that area buring startup but once clicked it does nothing beyond go to a black screen and does nothing. If I hit any keys on my keyboard, nothing occurs just a black screen. I would consider this to be infected also? Not sure if you need it but i'll post another Hijackthis log. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 3:26:22 PM, on 2/25/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrB.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\Program Files\AVG\AVG8\avgcsrvx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\WINDOWS\SM1BG.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\system32\dla\tfswctrl.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {097FC1F9-7F43-427F-BFC8-F223C37601E1} - (no file) O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [sM1BG] C:\WINDOWS\SM1BG.EXE O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [iPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [iMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKCU\..\Run: [iSUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKCU\..\Run: [AdobeUpdater] "C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user') O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/dow...llerControl.cab O16 - DPF: {02ECD07A-22D0-4AF0-BA0A-3F6B06086D08} (GamesCampus Control) - http://xiah.gamescampus.com/luncher/GamesCampus.cab O16 - DPF: {10093E98-C073-4C75-8D0E-FB5CD3A71D33} (ZoneUpwords Object) - http://messenger.zone.msn.com/binary/Upwords.cab57176.cab O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab O16 - DPF: {6824D897-F7E1-4E41-B84B-B1D3FA4BF1BD} (PCPitstop AntiVirus) - http://utilities.pcpitstop.com/Exterminate...opAntiVirus.dll O16 - DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} (NeffyLauncherCtl Class) - http://dist.globalgamecdn.com/dist/neffy/NeffyLauncher.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {DB1009C9-9555-43D5-97A6-02A844332146} (WebLauncher Control) - http://203.188.237.103/activex/app/WebLauncher.cab O16 - DPF: {E2E799BB-0285-4F31-9AE9-F21B4430A775} (EngOrkaWebCtrl Class) - http://orka.gamengame.com/Game_Exe/EngOrkaWeb.cab O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/optimize2/pcpitstop2.dll O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe -- End of file - 11085 bytes