Solved Back again. I suspect a virus

[Klykyl]

A few nights ago I was told something about a boot sector crashing or something like that. But since then I have uninstalled a whole lot of programs since this is not my computer I don't know what has been done on here. This is the same computer I had cleaned a month or so ago. So can I also have links to some kind of like guide for smart computer use or something. I don't want to be here a month from now again. I feel like I'm using up your guys time to much.

I ran 2 Malwarebytes scans
--
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6008

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19019

3/10/2011 10:23:25 PM
mbam-log-2011-03-10 (22-23-25).txt

Scan type: Full scan (C:\|D:\|E:\|G:\|I:\|J:\|K:\|L:\|M:\|)
Objects scanned: 471821
Time elapsed: 1 hour(s), 51 minute(s), 1 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Users\Kyle\documents\my downloads\aviconvertersetup(1).exe (Adware.Agent) -> Quarantined and deleted successfully.
c:\Users\Kyle\documents\my downloads\aviconvertersetup.exe (Adware.Agent) -> Quarantined and deleted successfully.
\
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6008

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19019

3/9/2011 10:35:28 PM
mbam-log-2011-03-09 (22-35-28).txt

Scan type: Quick scan
Objects scanned: 225977
Time elapsed: 30 minute(s), 51 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{7FE26BE2-B923-4B41-9834-E84DA1CC1F96} (Adware.ClosetMaid) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7FE26BE2-B923-4B41-9834-E84DA1CC1F96} (Adware.ClosetMaid) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Users\Kyle\AppData\Local\temp\icreinstall\aviconvertersetup.exe (Adware.Agent) -> Quarantined and deleted successfully.

--

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit quick scan 2011-03-15 17:27:12
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\00000063 ST332062 rev.3.AD
Running: u8p256cl.exe; Driver: C:\Users\Kyle\AppData\Local\Temp\kxkiipog.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

---

.
DDS (Ver_11-03-05.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume3
Install Date: 8/3/2007 8:58:02 AM
System Uptime: 3/15/2011 5:28:16 PM (0 hours ago)
.
Motherboard: Dell Inc. | | 0RY206
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 4400+ | Socket AM2 | 2310/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 288 GiB total, 125.154 GiB free.
D: is FIXED (NTFS) - 10 GiB total, 0.007 GiB free.
E: is CDROM ()
F: is FIXED (FAT32) - 56 GiB total, 48.687 GiB free.
G: is CDROM (CDFS)
I: is Removable
J: is Removable
K: is Removable
L: is Removable
M: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft Tun Miniport Adapter
Device ID: ROOT\*TUNMP\0001
Manufacturer: Microsoft
Name: Teredo Tunneling Pseudo-Interface
PNP Device ID: ROOT\*TUNMP\0001
Service: tunmp
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
.
Sansa Media Converter
3ivx MPEG-4 5.0.3 (remove only)
747Boeing_BCA Screen Saver
777Boeing_BCA2 Screen Saver
Acrobat.com
Adobe AIR
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Help Center 1.0
Adobe Photoshop CS2
Adobe Reader X (10.0.1)
Adobe Shockwave Player 11.5
Adobe Stock Photos 1.0
Adobe® Photoshop® Album Starter Edition 3.2
Akamai NetSession Interface
Amazon MP3 Downloader 1.0.0+6
Animoids
AOL Mail and AIM Gadget
AOL Registration
AOL Toolbar 5.0
AOL Uninstaller (Choose which Products to Remove)
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft Print Creations
ArcSoft Print Creations - Album Page
ArcSoft Print Creations - Funhouse
ArcSoft Print Creations - Greeting Card
ArcSoft Print Creations - Photo Book
ArcSoft Print Creations - Photo Calendar
ArcSoft Print Creations - Scrapbook
ArcSoft Print Creations - Slimline Card
Atomaders
Avira AntiVir Personal - Free Antivirus
Bejeweled 2 Deluxe
Bejeweled 2 Deluxe 1.1
Bejeweled Twist 1.0
Belkin Wireless Driver
Big Fish Games Client
Bonjour
Brain Train on the Go (remove only)
Brother HL-2170W
CCleaner
CCScore
Cisco Network Magic
Comcast High-Speed Internet Install Wizard
Conexant D850 PCI V.92 Modem
Cook'n with Betty Crocker
D3DX10
Dell DataSafe Online
Dell Printer Software Uninstall
Dell Support Center
Dell System Customization Wizard
DellSupport
Desktop Doctor
Digital Line Detect
DivX Setup
EA Download Manager
EA Download Manager UI
ESSBrwr
ESSCDBK
ESScore
ESSgui
ESSini
ESSPCD
ESSPDock
ESSTOOLS
essvatgt
FlipShare
Games, Music, & Photos Launcher
Garmin USB Drivers
Garmin WebUpdater
getPlus(R) for Adobe
Google Chrome
Google Desktop
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP My Display
IRIScan 2
iTunes
Java Auto Updater
Java(TM) 6 Update 23
Jewel Quest 3
Junk Mail filter update
Kodak EasyShare software
LanUpdate
LEGO Digital Designer
Malwarebytes' Anti-Malware
MediaBar 2.0
Megaupload Toolbar
Mesh Runtime
Messenger Companion
MetaFrame Presentation Server Client
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Flight Simulator 2004 A Century of Flight
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Live Add-in 1.5
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Standard 2007
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works
MobileMe Control Panel
Modem Diagnostic Tool
Mozilla Firefox (3.6.13)
Mozilla Firefox (3.6.15)
MP3 Player Recovery Tool
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
muvee Plugin 1.0
Need for Speed Underground 2 Demo
netbrdg
Netgear Update Assistant
NetWaiting
Network Magic
Nitto 1320 Legends Public Beta 0.9.12.8
NVIDIA Drivers
NVIDIANetworkDiagnostic
OfotoXMI
OGA Notifier 2.0.0048.0
Paint Shop Pro 7 Anniversary Edition
PlayStation(R)Network Downloader
Product Documentation Launcher
Project64 1.6
Pure Networks Platform
QLP 2002 Manuals
Quicken Lawyer 2002 Personal Deluxe
QuickTime
Readiris Pro 11
RealArcade
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
Realtek High Definition Audio Driver
RealUpgrade 1.1
Registry Mechanic 8.0
Revo Uninstaller 1.91
Revo Uninstaller Pro 2.5.1
Rhapsody
Rhapsody MP3 Download Manager
Rhapsody Player Engine
Roblox for Kyle
Roxio Creator Audio
Roxio Creator BDAV Plugin
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Drag-to-Disc
Roxio Express Labeler
Roxio MyDVD DE
Roxio Update Manager
RTC Client API v1.2
Safari
Samsung CLP-310 Series
SDK
Secunia PSI (2.0.0.3001)
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2289158)
Security Update for 2007 Microsoft Office System (KB2344875)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Office Excel 2007 (KB2345035)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office PowerPoint Viewer (KB2413381)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Segoe UI
SFR
SHASTA
skin0001
SKINXSDK
Sonic Activation Module
Spelling Dictionaries Support For Adobe Reader 9
staticcr
Stunt Track Driver
SUPERAntiSpyware Free Edition
The Sims 2 HomeCrafter Plus
The Sims™ 2 Apartment Life
The Sims™ 2 Best of Business Collection
The Sims™ 2 Double Deluxe
The Sims™ 2 IKEA® Home Stuff
The Sims™ 2 Seasons
The Weather Channel Desktop 6
TVersity Codec Pack 1.4
TVersity Media Server 1.9.3
TVersitybar Toolbar
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Outlook 2007 (KB2412171)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (KB2508979)
URL Assistant
User's Guides
VC80CRTRedist - 8.0.50727.4053
Viewpoint Media Player
VoiceOver Kit
VPRINTOL
Wal-Mart Music Downloads Store
WebEx
WebEx Support Manager for Internet Explorer
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Movie Maker 2.6
WinRAR archiver
WIRELESS
Yahoo! Toolbar
.
==== End Of File ===========================

--
.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Kyle at 17:34:39.54 on Tue 03/15/2011
Internet Explorer: 8.0.6001.19019 BrowserJavaVersion: 1.6.0_23
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3518.2130 [GMT -7:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\rundll32.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Windows\system32\AERTSrv.exe
C:\Windows\System32\svchost.exe -k Akamai
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\atashost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\ProgramData\Clickfree\C2NPlus\Reminder\SacNetAgent.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Secunia\PSI\PSIA.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\ProgramData\TVersity\Media Server\MediaServer.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\UI0Detect.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\aol\1187236095\ee\aolsoftware.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Netgear Update Assistant\LANUpdate.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\iriscn2i\bmanm12.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Brownie\BrStsWnd.exe
C:\Program Files\Secunia\PSI\sua.exe
C:\Program Files\Real\RealPlayer\Update\realsched.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Registry Mechanic\RMTray.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Secunia\PSI\psi_tray.exe
C:\Windows\ehome\ehmsas.exe
c:\program files\real\realplayer\RealPlay.exe
C:\Program Files\Brownie\brpjp04a.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\SearchProtocolHost.exe
\\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Kyle\Desktop\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.bearshare.com/
uWindow Title = Internet Explorer provided by Dell
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: TVersitybar Toolbar: {66bd2442-241b-44cd-8c7a-b51037053cdb} - c:\program files\tversitybar\tbTVer.dll
uURLSearchHooks: H - No File
mURLSearchHooks: TVersitybar Toolbar: {66bd2442-241b-44cd-8c7a-b51037053cdb} - c:\program files\tversitybar\tbTVer.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: Megaupload Toolbar: {4e7bd74f-2b8d-469e-ccb0-b130eedbe97c} - c:\progra~1\megaup~2\MEGAUP~1.DLL
BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: TVersitybar Toolbar: {66bd2442-241b-44cd-8c7a-b51037053cdb} - c:\program files\tversitybar\tbTVer.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: AOL Toolbar Launcher: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - c:\program files\search toolbar\SearchToolbar.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.6209.1142\swg.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: BearShare MediaBar: {d3dee18f-db64-4beb-9ff1-e1f0a5033e4a} - c:\program files\bearshare applications\bearshare mediabar\BearShareMediaBar.dll
TB: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - c:\program files\search toolbar\SearchToolbar.dll
TB: Megaupload Toolbar: {4e7bd74f-2b8d-469e-ccb0-b130eedbe97c} - c:\progra~1\megaup~2\MEGAUP~1.DLL
TB: TVersitybar Toolbar: {66bd2442-241b-44cd-8c7a-b51037053cdb} - c:\program files\tversitybar\tbTVer.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB: {BA14329E-9550-4989-B3F2-9732E92D17CC} - No File
uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [BearShare] "c:\program files\bearshare applications\bearshare\BearShare.exe" --lightmode
uRun: [RegistryMechanic] c:\program files\registry mechanic\RMTray.exe /H
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [DW6] "c:\program files\the weather channel fw\desktop\DesktopWeather.exe"
uRun: [Megakey] c:\users\kyle\appdata\local\megamedia\megakey\Megakey.exe /Tray
uRun: [MegakeyUpdater] c:\users\kyle\appdata\local\megamedia\megakey\MegakeyUpdater.exe
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [AdobeUpdater] c:\program files\common files\adobe\updater\AdobeUpdater.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [ECenter] c:\dell\e-center\EULALauncher.exe
mRun: [HostManager] c:\program files\common files\aol\1187236095\ee\AOLSoftware.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
mRun: [ddoctorv2] "c:\program files\comcast\desktop doctor\bin\sprtcmd.exe" /P ddoctorv2
mRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
mRun: [Samsung PanelMgr] c:\windows\samsung\panelmgr\SSMMgr.exe /autorun
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.2\apps\apdproxy.exe"
mRun: [LanUpdate] "c:\program files\netgear update assistant\LanUpdate.exe"
mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe"
mRun: [nmapp] "c:\program files\pure networks\network magic\nmapp.exe" -autorun -nosplash
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [IRIScan 2 button manager] "c:\program files\iriscn2i\bmanm12.exe"
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [BrStsWnd] c:\program files\brownie\BrstsWnd.exe Autorun
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\kodake~1.lnk - c:\program files\kodak\kodak easyshare software\bin\EasyShare.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\secuni~1.lnk - c:\program files\secunia\psi\psi_tray.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-us\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {3369AF0D-62E9-4bda-8103-B4C75499B578} - {DE9C389F-3316-41A7-809B-AA305ED9D922} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
LSP: c:\windows\system32\wpclsp.dll
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.8.cab
DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} - hxxp://support.dell.com/systemprofiler/SysProExe.CAB
DPF: {71D413D7-38C5-4035-8548-976522CF11D5} - hxxp://www.crucial.com/controls/cpcVistaBeta.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {99FE5072-78AA-4FEE-89BA-69A5FA55343F} - hxxp://download.microsoft.com/download/B/3/A/B3A2EA73-793D-4ABE-992D-C81140384044/igdtoolx.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://boeing.webex.com/client/T27L10NSP11_PSOBOEING/webex/ieatgpc1.cab
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
AppInit_DLLs: c:\progra~1\google\google~2\GoogleDesktopNetwork3.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\kyle\appdata\roaming\mozilla\firefox\profiles\mw7j842y.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2504091&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2504091&SearchSource=13
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z039&form=ZGAADF&q=
FF - component: c:\programdata\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\programdata\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordlegacyext.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox 3.6 beta 4\plugins\npnul32.dll
FF - plugin: c:\program files\mozilla firefox 3.6 beta 4\plugins\nppl3260.dll
FF - plugin: c:\program files\mozilla firefox 3.6 beta 4\plugins\nprjplug.dll
FF - plugin: c:\program files\mozilla firefox 3.6 beta 4\plugins\nprpjplug.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\programdata\real\realplayer\browserrecordplugin\firefox\Ext
FF - Ext: DivX Plus Web Player HTML5 &lt;video&gt;: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\divx\divx plus web player\firefox\html5video
FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files\divx\divx plus web player\firefox\wpa
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Flagfox: {1018e4d6-728f-4b20-ad56-37578a4de76b} - %profile%\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
FF - Ext: AnyColor: anycolor.pavlos256@gmail.com - %profile%\extensions\anycolor.pavlos256@gmail.com
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: Personas: personas@christopher.beard - %profile%\extensions\personas@christopher.beard
FF - Ext: PimpZilla: {a02c0c70-605c-11da-8cd6-0800200c9a66} - %profile%\extensions\{a02c0c70-605c-11da-8cd6-0800200c9a66}
FF - Ext: MP4 Downloader: mp4downloader@jeff.net - %profile%\extensions\mp4downloader@jeff.net
FF - Ext: InvisibleHand: canitbecheaper@trafficbroker.co.uk - %profile%\extensions\canitbecheaper@trafficbroker.co.uk
FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF - Ext: Fire.fm: {6F0976E6-26F3-4AFE-BBEC-9E99E27E4DF3} - %profile%\extensions\{6F0976E6-26F3-4AFE-BBEC-9E99E27E4DF3}
FF - Ext: FastestFox: smarterwiki@wikiatic.com - %profile%\extensions\smarterwiki@wikiatic.com
FF - Ext: Search Toolbar: searchtoolbar@zugo.com - %profile%\extensions\searchtoolbar@zugo.com
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============
.
R0 amacpi;Microsoft Away Mode System;c:\windows\system32\drivers\null.sys [2008-6-14 4608]
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-9-26 11608]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-9-26 61960]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2011-1-8 39272]
.
=============== Created Last 30 ================
.
2011-03-11 07:43:35 5943120 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{45fa31e0-bd0f-4b3e-b3e9-7aa625124624}\mpengine.dll
2011-03-10 07:58:46 -------- d-----w- c:\program files\common files\Symantec Shared
2011-03-10 04:59:06 -------- d-----w- c:\program files\iPod
2011-03-09 14:15:37 429056 ----a-w- c:\windows\system32\EncDec.dll
2011-03-09 14:15:37 322560 ----a-w- c:\windows\system32\sbe.dll
2011-03-09 14:15:37 177664 ----a-w- c:\windows\system32\mpg2splt.ax
2011-03-09 14:15:37 153088 ----a-w- c:\windows\system32\sbeio.dll
2011-03-09 14:15:33 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-03-09 14:15:33 2067968 ----a-w- c:\windows\system32\mstscax.dll
2011-03-03 04:51:33 -------- d-----w- C:\divx
2011-02-28 07:30:35 -------- d-----w- c:\program files\common files\PX Storage Engine
2011-02-28 07:29:50 -------- d-----w- c:\program files\common files\DivX Shared
2011-02-28 07:29:15 -------- d-----w- c:\program files\DivX
2011-02-28 07:28:56 -------- d-----w- c:\progra~2\DivX
2011-02-27 05:28:49 -------- d-----w- c:\users\kyle\appdata\local\BuildAGadget Content
2011-02-27 04:53:39 -------- d-----w- c:\users\kyle\appdata\roaming\Azureus
2011-02-22 05:29:02 -------- d-----w- c:\program files\TVersitybar
2011-02-22 05:27:18 -------- d-----w- c:\program files\TVersity Codec Pack
2011-02-22 05:26:59 -------- d-----w- c:\progra~2\TVersity
2011-02-19 08:14:09 -------- d-----w- c:\users\kyle\roblox decals
2011-02-19 00:36:58 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2011-02-19 00:36:58 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2011-02-16 03:22:06 -------- d-----w- c:\users\kyle\appdata\roaming\MegauploadToolbar
2011-02-16 03:22:06 -------- d-----w- c:\program files\MegauploadToolbar
2011-02-15 02:03:58 -------- d-----w- c:\program files\Search Toolbar
2011-02-15 02:03:49 -------- d-----w- c:\program files\FoxTabAVIConverter
2011-02-15 01:03:13 -------- d-----w- c:\program files\Animoids
2011-02-15 01:01:23 -------- d--h--w- c:\program files\Zero G Registry
2011-02-15 01:00:29 -------- d-----w- c:\users\kyle\Zero G Registry
.
==================== Find3M ====================
.
2011-02-06 04:25:36 499712 ----a-w- c:\windows\system32\msvcp71.dll
2011-02-06 04:25:36 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-02-03 01:11:20 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-01-20 16:08:16 478720 ----a-w- c:\windows\system32\dxgi.dll
2011-01-20 16:08:06 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2011-01-20 16:08:06 189952 ----a-w- c:\windows\system32\d3d10core.dll
2011-01-20 16:08:06 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2011-01-20 16:08:06 1029120 ----a-w- c:\windows\system32\d3d10.dll
2011-01-20 16:07:58 37376 ----a-w- c:\windows\system32\cdd.dll
2011-01-20 16:07:42 258048 ----a-w- c:\windows\system32\winspool.drv
2011-01-20 16:07:16 586240 ----a-w- c:\windows\system32\stobject.dll
2011-01-20 16:06:38 2873344 ----a-w- c:\windows\system32\mf.dll
2011-01-20 16:06:35 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2011-01-20 16:04:54 98816 ----a-w- c:\windows\system32\mfps.dll
2011-01-20 16:04:54 209920 ----a-w- c:\windows\system32\mfplat.dll
2011-01-20 14:28:38 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2011-01-20 14:27:50 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-01-20 14:26:30 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2011-01-20 14:25:25 847360 ----a-w- c:\windows\system32\OpcServices.dll
2011-01-20 14:24:32 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-01-20 14:24:26 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2011-01-20 14:15:10 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
2011-01-20 14:14:39 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll
2011-01-20 14:14:03 302592 ----a-w- c:\windows\system32\mfmp4src.dll
2011-01-20 14:14:03 261632 ----a-w- c:\windows\system32\mfreadwrite.dll
2011-01-20 14:12:46 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2011-01-20 14:11:34 486400 ----a-w- c:\windows\system32\d3d10level9.dll
2011-01-20 13:47:51 683008 ----a-w- c:\windows\system32\d2d1.dll
2011-01-20 13:44:05 1068544 ----a-w- c:\windows\system32\DWrite.dll
2011-01-20 13:44:03 797184 ----a-w- c:\windows\system32\FntCache.dll
2011-01-08 08:47:50 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-01-08 06:28:49 292352 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:57:01 2039808 ----a-w- c:\windows\system32\win32k.sys
2010-12-28 15:55:03 413696 ----a-w- c:\windows\system32\odbc32.dll
2010-12-18 06:27:04 916480 ----a-w- c:\windows\system32\wininet.dll
2010-12-18 06:22:41 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-12-18 06:22:27 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-12-18 06:22:11 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-12-18 06:22:11 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-12-18 05:25:26 385024 ----a-w- c:\windows\system32\html.iec
2010-12-18 04:48:39 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-12-18 04:47:11 1638912 ----a-w- c:\windows\system32\mshtml.tlb
.
============= FINISH: 17:39:30.20 ===============

 

[Bobbye]

Well, I'd welcome you back, but you'd probably rather not be here! But based on some of your comments, I'll make a couple of my own!

1. This computer was cleaned a month ago.
2. A boot sector crash doesn't mean malware.
3. A lot of program have been uninstalled> like what? And why/
4. He has his Start page loading uStart Page = hxxp://search.bearshare.com/> a fairly nasty file sharing program.
5. He's loading and running c:\users\kyle\appdata\roaming\Azureus, another file haring program
6. Hr has several plugins for Firefox 6 Beta 4, which I believe is not out on Final Release.
7. There is a Toolbar on the system, Search Toolbar which comes from zugo.com, bundled with various third party applications - detected by Malwarebytes' Anti-Malware as Adware.Zugo - It is referred to as "potentially unwanted program" (PUP) or foistwareThis software is not a virus or a Trojan. Moist Foistware is bundled with another unrelated program. Some are prechecked on the download screen, but basically they are downloaded without the users permission or knowledge.

From #4, all are vulnerabilities to the system. Unless he makes some changes, he is never going to be without malware.
==================================
Run Eset NOD32 Online AntiVirus scan HEREhttp://www.eset.eu/online-scanner

1. Tick the box next to YES, I accept the Terms of Use.
2. Click Start
3. When asked, allow the Active X control to install
4. Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
5. Click Start
6. Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
7. Click Scan
8. Wait for the scan to finish
9. Click on "Copy to Clipboard"> (you won't see the 'clipboard')
10. Click anywhere in the post where you want the logs to go, the do Ctrl V. The log will be sent from the clipboard and pasted in the post.
11. Re-enable your Antivirus software.
    NOTE: If you forget to copy to the clipboard you can find the log here:
    C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.

===========================================
Download Combofix to your desktop from one of these locations:
Link 1
Link 2http://www.forospyware.com/sUBs/ComboFix.exe

• Double click combofix.exe & follow the prompts.
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
  **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
• Query- Recovery Console image
  
  
  
  

  WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

• Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
  
  
• .Click on Yes, to continue scanning for malware
• .If Combofix asks you to update the program, allow
• .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
• .Close any open browsers.
• .Double click combofix.exe
  
  & follow the prompts to run.
• When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..

Re-enable your Antivirus software.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

You're not using too much of our time, but the big problem here is that it's not your computer so basically that can mean you don't really know what the user is doing.

Do you have any malware related problems- other than you mention about a boot sector problem?

 

[Klykyl]

Alrighty sorry for the delay I', participating in a competition on a website that is very demanding.

Okay I have some what of a clue what he is doing on this computer, he is doing alot of downloading. I don't know exactly what but stuff for his sims program and videos and whatnot. And he's recently gotten into downloading movies online which I put a stop to immediatly. Like he tried downloading frostwire on a different computer which I uninstalled immediatly as soon as i saw it.

And I know bearshare isn't something wanted on this computer so I deleted a good while ago but I could never get rid of that tool bar.

But I've been uninstalling unnecessary programs. That i know he doesn't need and he doesn't fully comprehend what he is downloading because he's a 14 year old boy who doesn't read.
So heres some of the things I've uninstalled.
Sciagaj.org
vuse
MegaKey
Wefi (I still don't have a clue what this is or why it's there)
Tversity
MojoPac
iLivid
Bflix
7z SFX
--
Also what worried me about this computer was my malwarebytes program was corrupt and I had to reinstall it. And my google searches differed from the same search of a computer in the same room. I also think a few of my searches redirected. SOrry but my memory is fuzzy this was like a week and a half ago. But anyways I suppose those difference in results could be from all the different tool bars he had.

Anyways here are the logs!

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6425
# api_version=3.0.2
# EOSSerial=851cdfd32d942f4eadc68298b7666803
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-03-16 06:22:14
# local_time=2011-03-15 11:22:14 (-0800, Pacific Daylight Time)
# country="United States"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1797 16775165 100 100 0 75024313 120881 0
# compatibility_mode=2560 16777215 100 0 0 0 0 0
# compatibility_mode=5892 16776573 100 100 0 136857677 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=260156
# found=1
# cleaned=0
# scan_time=6385
C:\Program Files\FoxTabAVIConverter\AviConverter.exe a variant of Win32/SweetIM.B application (unable to clean) 00000000000000000000000000000000 I


ComboFix 11-03-18.01 - Kyle 03/18/2011 14:42:21.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3518.1524 [GMT -7:00]
Running from: c:\users\Kyle\Downloads\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Search Toolbar
c:\program files\Search Toolbar\icon.ico
c:\program files\Search Toolbar\SearchToolbar.dll
c:\program files\Search Toolbar\SearchToolbarUninstall.exe
c:\program files\Search Toolbar\SearchToolbarUpdater.exe
c:\programdata\ntuser.dat
c:\programdata\PCDr\5744\Downloads\ceb06396-ae9d-42b7-a00f-867e3e8710fd.dll
c:\programdata\PCDr\5744\Downloads\fb37c43e-fc6b-476d-8936-e95ecdba3cf7.dll
c:\users\Deborah\ntuser.pol
c:\users\Kelly x3\ntuser.pol
c:\users\Kyle\ntuser.pol
c:\users\Lawrence\ntuser.pol
c:\users\Mcx1\ntuser.pol
F:\Autorun.inf
.
.
((((((((((((((((((((((((( Files Created from 2011-02-18 to 2011-03-18 )))))))))))))))))))))))))))))))
.
.
2011-03-18 22:33 . 2011-03-18 22:33 -------- d-----w- c:\users\Public\AppData\Local\temp
2011-03-18 22:33 . 2011-03-18 22:33 -------- d-----w- c:\users\Mcx1\AppData\Local\temp
2011-03-18 22:33 . 2011-03-18 22:33 -------- d-----w- c:\users\Lawrence\AppData\Local Settings\Roaming\temp
2011-03-18 22:33 . 2011-03-18 22:33 -------- d-----w- c:\users\Kelly x3\AppData\Local\temp
2011-03-18 22:33 . 2011-03-18 22:33 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-03-18 22:33 . 2011-03-18 22:33 -------- d-----w- c:\users\Deborah\AppData\Local\temp
2011-03-18 21:39 . 2011-03-18 21:39 -------- d-----w- C:\32788R22FWJFW
2011-03-18 13:47 . 2011-02-11 06:54 5943120 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8F422C40-602D-42A8-9A38-71462E57267B}\mpengine.dll
2011-03-16 04:31 . 2011-03-16 04:31 -------- d-----w- c:\program files\ESET
2011-03-10 07:58 . 2011-03-12 02:41 -------- d-----w- c:\program files\Common Files\Symantec Shared
2011-03-10 04:59 . 2011-03-10 04:59 -------- d-----w- c:\program files\iPod
2011-03-09 14:15 . 2010-12-29 18:28 322560 ----a-w- c:\windows\system32\sbe.dll
2011-03-09 14:15 . 2010-12-29 18:28 153088 ----a-w- c:\windows\system32\sbeio.dll
2011-03-09 14:15 . 2010-12-29 18:28 429056 ----a-w- c:\windows\system32\EncDec.dll
2011-03-09 14:15 . 2010-12-29 18:26 177664 ----a-w- c:\windows\system32\mpg2splt.ax
2011-03-09 14:15 . 2010-12-17 15:45 2067968 ----a-w- c:\windows\system32\mstscax.dll
2011-03-09 14:15 . 2010-12-17 13:54 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-03-08 14:42 . 2011-03-08 14:42 -------- d-----w- c:\users\Deborah\AppData\Roaming\MEGAUPLOADTOOLBAR
2011-03-04 21:00 . 2011-03-04 21:00 -------- d-----w- c:\users\Lawrence\AppData\Local\DDMSettings
2011-03-03 04:51 . 2011-03-09 03:41 -------- d-----w- C:\divx
2011-02-28 22:29 . 2011-03-03 02:54 -------- d-----w- c:\users\Lawrence\AppData\Roaming\Azureus
2011-02-28 07:31 . 2011-03-03 04:51 -------- d-----w- c:\users\Kyle\AppData\Roaming\DivX
2011-02-28 07:30 . 2011-02-28 07:30 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2011-02-28 07:29 . 2011-02-28 07:29 -------- d-----w- c:\program files\Common Files\DivX Shared
2011-02-28 07:29 . 2011-02-28 07:32 -------- d-----w- c:\program files\DivX
2011-02-28 07:28 . 2011-02-28 07:32 -------- d-----w- c:\programdata\DivX
2011-02-27 05:28 . 2011-02-27 05:28 -------- d-----w- c:\users\Kyle\AppData\Local\BuildAGadget Content
2011-02-27 04:53 . 2011-02-28 06:11 -------- d-----w- c:\users\Kyle\AppData\Roaming\Azureus
2011-02-22 05:29 . 2011-02-22 05:29 -------- d-----w- c:\program files\TVersitybar
2011-02-22 05:27 . 2011-02-22 05:27 -------- d-----w- c:\program files\TVersity Codec Pack
2011-02-22 05:26 . 2011-02-22 05:26 -------- d-----w- c:\programdata\TVersity
2011-02-19 08:14 . 2011-02-19 08:14 -------- d-----w- c:\users\Kyle\roblox decals
2011-02-19 00:36 . 2011-02-19 00:36 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2011-02-19 00:36 . 2011-02-19 00:36 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-17 00:29 . 2009-09-26 17:12 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-03-10 05:16 . 2010-06-24 19:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-02-06 04:25 . 2007-10-27 17:45 499712 ----a-w- c:\windows\system32\msvcp71.dll
2011-02-06 04:25 . 2007-10-27 17:45 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-02-03 01:35 . 2011-02-03 01:35 388096 ----a-r- c:\users\Deborah\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-02-03 01:11 . 2011-02-04 03:18 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-01-20 16:37 . 2011-02-08 23:34 638336 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2011-01-20 16:08 . 2011-02-08 23:34 478720 ----a-w- c:\windows\system32\dxgi.dll
2011-01-20 16:08 . 2011-02-08 23:34 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2011-01-20 16:08 . 2011-02-08 23:34 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2011-01-20 16:08 . 2011-02-08 23:34 1029120 ----a-w- c:\windows\system32\d3d10.dll
2011-01-20 16:08 . 2011-02-08 23:34 189952 ----a-w- c:\windows\system32\d3d10core.dll
2011-01-20 16:07 . 2011-02-08 23:34 37376 ----a-w- c:\windows\system32\cdd.dll
2011-01-20 16:07 . 2011-02-08 23:34 258048 ----a-w- c:\windows\system32\winspool.drv
2011-01-20 16:07 . 2011-02-08 23:34 586240 ----a-w- c:\windows\system32\stobject.dll
2011-01-20 16:06 . 2011-02-08 23:34 2873344 ----a-w- c:\windows\system32\mf.dll
2011-01-20 16:06 . 2011-02-08 23:34 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2011-01-20 16:04 . 2011-02-08 23:34 209920 ----a-w- c:\windows\system32\mfplat.dll
2011-01-20 16:04 . 2011-02-08 23:34 98816 ----a-w- c:\windows\system32\mfps.dll
2011-01-20 14:28 . 2011-02-08 23:34 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2011-01-20 14:27 . 2011-02-08 23:34 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-01-20 14:26 . 2011-02-08 23:34 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2011-01-20 14:25 . 2011-02-08 23:34 847360 ----a-w- c:\windows\system32\OpcServices.dll
2011-01-20 14:24 . 2011-02-08 23:34 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-01-20 14:24 . 2011-02-08 23:34 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2011-01-20 14:15 . 2011-02-08 23:34 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
2011-01-20 14:14 . 2011-02-08 23:34 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll
2011-01-20 14:14 . 2011-02-08 23:34 302592 ----a-w- c:\windows\system32\mfmp4src.dll
2011-01-20 14:14 . 2011-02-08 23:34 261632 ----a-w- c:\windows\system32\mfreadwrite.dll
2011-01-20 14:12 . 2011-02-08 23:34 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2011-01-20 14:11 . 2011-02-08 23:34 486400 ----a-w- c:\windows\system32\d3d10level9.dll
2011-01-20 13:47 . 2011-02-08 23:34 683008 ----a-w- c:\windows\system32\d2d1.dll
2011-01-20 13:44 . 2011-02-08 23:34 1068544 ----a-w- c:\windows\system32\DWrite.dll
2011-01-20 13:44 . 2011-02-08 23:34 797184 ----a-w- c:\windows\system32\FntCache.dll
2011-01-08 08:47 . 2011-02-08 23:33 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-01-08 06:28 . 2011-02-08 23:33 292352 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:57 . 2011-02-08 23:34 2039808 ----a-w- c:\windows\system32\win32k.sys
2010-12-28 15:55 . 2011-01-12 04:56 413696 ----a-w- c:\windows\system32\odbc32.dll
2010-12-22 09:06 . 2010-12-22 09:06 749832 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-12-21 02:09 . 2009-09-27 04:17 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-21 02:08 . 2009-09-27 04:17 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-27 18:15 . 2009-11-24 03:11 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{66bd2442-241b-44cd-8c7a-b51037053cdb}"= "c:\program files\TVersitybar\tbTVer.dll" [2010-10-10 3906656]
.
[HKEY_CLASSES_ROOT\clsid\{66bd2442-241b-44cd-8c7a-b51037053cdb}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{66bd2442-241b-44cd-8c7a-b51037053cdb}]
2010-10-10 23:51 3906656 ----a-w- c:\program files\TVersitybar\tbTVer.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{66bd2442-241b-44cd-8c7a-b51037053cdb}"= "c:\program files\TVersitybar\tbTVer.dll" [2010-10-10 3906656]
.
[HKEY_CLASSES_ROOT\clsid\{66bd2442-241b-44cd-8c7a-b51037053cdb}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{66BD2442-241B-44CD-8C7A-B51037053CDB}"= "c:\program files\TVersitybar\tbTVer.dll" [2010-10-10 3906656]
.
[HKEY_CLASSES_ROOT\clsid\{66bd2442-241b-44cd-8c7a-b51037053cdb}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"="oobefldr.dll" [2009-04-11 2153472]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-21 213936]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-07-31 68856]
"RegistryMechanic"="c:\program files\Registry Mechanic\RMTray.exe" [2008-07-03 812952]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"DW6"="c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe" [2010-04-16 818288]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater\AdobeUpdater.exe" [2005-03-17 970752]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-17 4907008]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-03-21 86960]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2007-03-16 17920]
"HostManager"="c:\program files\Common Files\AOL\1187236095\ee\AOLSoftware.exe" [2008-06-24 41824]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"ddoctorv2"="c:\program files\Comcast\Desktop Doctor\bin\sprtcmd.exe" [2008-04-24 202560]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-21 213936]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2008-08-08 524288]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
"LanUpdate"="c:\program files\Netgear Update Assistant\LanUpdate.exe" [2008-05-02 77824]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2009-07-07 647216]
"nmapp"="c:\program files\Pure Networks\Network Magic\nmapp.exe" [2009-07-08 472112]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-03 281768]
"IRIScan 2 button manager"="c:\program files\iriscn2i\bmanm12.exe" [2008-09-02 2323120]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-03-18 207360]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"BrStsWnd"="c:\program files\Brownie\BrstsWnd.exe" [2009-06-11 3618104]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-30 421888]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-03-12 232184]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2011-02-06 273544]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-02-15 1230704]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-07 421160]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-21 963976]
.
c:\users\Lawrence\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2010-1-27 323584]
Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2011-1-10 291896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=c:\windows\pss\WinZip Quick Pick.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^ymetray.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ymetray.lnk
backup=c:\windows\pss\ymetray.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Lawrence^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^AOL Desktop.lnk]
path=c:\users\Lawrence\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AOL Desktop.lnk
backup=c:\windows\pss\AOL Desktop.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2010-07-13 22:10 47904 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DT HPW]
2007-01-17 00:12 280576 ----a-w- c:\program files\Portrait Displays\HP My Display\dthtml.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core]
2009-04-29 17:55 3338240 ----a-w- c:\program files\Electronic Arts\EADM\Core.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2010-06-27 18:15 30192 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-30 01:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SansaDispatch]
2009-04-21 03:30 79872 ----a-w- c:\users\Lawrence\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate1ca513fd70eb30;Google Update Service (gupdate1ca513fd70eb30);c:\program files\Google\Update\GoogleUpdate.exe [2009-10-20 133104]
R2 SacNetAgentService_C57C4F854F53;SacNetAgentService_C57C4F854F53;c:\programdata\Clickfree\C2NPlus\Reminder\SacNetAgent.exe [2010-08-10 141640]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-06-27 30192]
R3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe [2008-01-19 21504]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 27192]
R3 RTL85n86;Belkin Wireless G Notebook Card Service v8;c:\windows\system32\DRIVERS\RTL85n86.sys [2007-03-13 354816]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 51040]
S0 amacpi;Microsoft Away Mode System;c:\windows\system32\DRIVERS\null.sys [2008-01-19 4608]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2009-10-13 9968]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2009-10-13 74480]
S2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2007-12-05 77824]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2008-01-19 21504]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-11-03 135336]
S2 atashost;WebEx Service Host for Support Center;c:\windows\system32\atashost.exe [2009-03-06 20376]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\PSIA.exe [2011-01-10 993848]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [2011-01-10 399416]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2007-08-13 5120]
S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2010-09-01 15544]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-10-13 7408]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - PCDSRVC{E9D79540-57D5953E-06020101}_0
*Deregistered* - PCDSRVC{E9D79540-57D5953E-06020101}_0
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
Akamai REG_MULTI_SZ Akamai
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2011-03-18 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-07-31 04:12]
.
2011-03-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-20 04:37]
.
2011-03-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-20 04:37]
.
2011-03-03 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2010-11-18 15:13]
.
2011-03-18 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\pcdrcui.exe [2010-11-18 15:13]
.
2011-03-18 c:\windows\Tasks\User_Feed_Synchronization-{38E61D04-D3F6-4D37-8904-57EA300894C0}.job
- c:\windows\system32\msfeedssync.exe [2011-02-08 04:47]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.bearshare.com/
uInternet Settings,ProxyOverride = *.local
IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-us\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
LSP: c:\windows\system32\wpclsp.dll
DPF: {71D413D7-38C5-4035-8548-976522CF11D5} - hxxp://www.crucial.com/controls/cpcVistaBeta.cab
FF - ProfilePath - c:\users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\mw7j842y.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2504091&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2504091&SearchSource=13
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z039&form=ZGAADF&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - Ext: DivX Plus Web Player HTML5 &lt;video&gt;: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\DivX\DivX Plus Web Player\firefox\html5video
FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files\DivX\DivX Plus Web Player\firefox\wpa
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Flagfox: {1018e4d6-728f-4b20-ad56-37578a4de76b} - %profile%\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
FF - Ext: AnyColor: anycolor.pavlos256@gmail.com - %profile%\extensions\anycolor.pavlos256@gmail.com
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: Personas: personas@christopher.beard - %profile%\extensions\personas@christopher.beard
FF - Ext: PimpZilla: {a02c0c70-605c-11da-8cd6-0800200c9a66} - %profile%\extensions\{a02c0c70-605c-11da-8cd6-0800200c9a66}
FF - Ext: MP4 Downloader: mp4downloader@jeff.net - %profile%\extensions\mp4downloader@jeff.net
FF - Ext: InvisibleHand: canitbecheaper@trafficbroker.co.uk - %profile%\extensions\canitbecheaper@trafficbroker.co.uk
FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF - Ext: Fire.fm: {6F0976E6-26F3-4AFE-BBEC-9E99E27E4DF3} - %profile%\extensions\{6F0976E6-26F3-4AFE-BBEC-9E99E27E4DF3}
FF - Ext: FastestFox: smarterwiki@wikiatic.com - %profile%\extensions\smarterwiki@wikiatic.com
FF - Ext: Search Toolbar: searchtoolbar@zugo.com - %profile%\extensions\searchtoolbar@zugo.com
FF - user.js: yahoo.homepage.dontask - true
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{ba14329e-9550-4989-b3f2-9732e92d17cc} - (no file)
WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file)
HKCU-Run-BearShare - c:\program files\BearShare Applications\BearShare\BearShare.exe
HKCU-Run-Megakey - c:\users\Kyle\AppData\Local\Megamedia\Megakey\Megakey.exe
HKCU-Run-MegakeyUpdater - c:\users\Kyle\AppData\Local\Megamedia\Megakey\MegakeyUpdater.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-18 15:35
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
c:\users\Kyle\AppData\Local\Temp\catchme.dll 53248 bytes executable
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flac\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ogg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pls\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.spx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\HWP26A2\4&317f13c5&0&UID256\Device Parameters\MODES]
@DACL=(02 0000)
.
Completion time: 2011-03-18 16:03:01
ComboFix-quarantined-files.txt 2011-03-18 23:02
.
Pre-Run: 125,017,178,112 bytes free
Post-Run: 125,661,233,152 bytes free
.
- - End Of File - - 13ABA18DAC0782BCBBB3C1F5D73654F5

 

[Bobbye]

Sorry- I got a bit behind!

First off- are you using a flash drive? There is a deletion in Combofix that indicates you are. You can also clean other removable drives, if needed, at the same time. If so, run it through the following:

These worms travel through your portable drives. If they have been connected to other machines, they may now be infected.

Please disinfect all movable drives

1. Please download Flash_Disinfector.exe by sUBs and save it to your desktop.
2. Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
   Note: Some security programs will flag Flash_Disinfector as being some sort of malware, you can safely ignore these warnings
3. The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
4. Wait until it has finished scanning and then exit the program.
5. Reboot your computer when done.

Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder. It will help protect your drives from future infection.
=================
I'm finishing setting up some script for you to run through Combofix. Do you want me to remove entries for the file sharing and any left 'over I see from the programs you removed?

 

[Klykyl]

It's okay! Like I said I'm in a competition thats eats up my time.
Okay ill run this but do microsd cards that have been in the computer need to be scanned to or no?


And yes, can you please have the left overs removed? Especially those file sharing entries.

edit: oh and i dont know if this is of any concern but I was downloading a addon earlier and this popped up with avira not to long afterward.
Virus or unwanted program 'TR/Crypt.XPACK.Gen [trojan]'
detected in file 'C:\Users\Deborah\AppData\Local\temp\EAD1290.exe.
Action performed: Deny access
Virus or unwanted program 'TR/Crypt.XPACK.Gen [trojan]'
detected in file 'C:\Users\Deborah\AppData\Local\temp\EAD1290.exe.
Action performed: Deny access

 

[Bobbye]

Please run the Eset scan again:

Run Eset NOD32 Online AntiVirus scan HEREhttp://www.eset.eu/online-scanner

1. Tick the box next to YES, I accept the Terms of Use.
2. Click Start
3. When asked, allow the Active X control to install
4. Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
5. Click Start
6. Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
7. Click Scan
8. Wait for the scan to finish
9. Click on "Copy to Clipboard"> (you won't see the 'clipboard')
10. Click anywhere in the post where you want the logs to go, the do Ctrl V. The log will be sent from the clipboard and pasted in the post.
11. Re-enable your Antivirus software.
    NOTE: If you forget to copy to the clipboard you can find the log here:
    C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.

There was one entry I was going to have you remove. If there is anything new, I should see it here. It would be beset if he doesn't download anything new while I'm trying to clean the system.

 

[Bobbye]

Please run this Custom CFScript:

• 
  [1]. Close any open browsers.
  [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  [3]. Open notepad> click on Format> Uncheck 'Word Wrap'> and copy/paste the text in the code below into it:Be sure to scroll down to include ALL lines.

File::
Folder::
c:\program files\common files\Symantec Shared
c:\users\Lawrence\AppData\Roaming\Azureus
c:\users\Kyle\AppData\Roaming\Azureus
DDS::
uStart Page = hxxp://search.bearshare.com/
uURLSearchHooks: TVersitybar Toolbar: {66bd2442-241b-44cd-8c7a-b51037053cdb} - c:\program files\tversitybar\tbTVer.dll
uURLSearchHooks: H - No File
mURLSearchHooks: TVersitybar Toolbar: {66bd2442-241b-44cd-8c7a-b51037053cdb} - c:\program files\tversitybar\tbTVer.dll
BHO: TVersitybar Toolbar: {66bd2442-241b-44cd-8c7a-b51037053cdb} - c:\program files\tversitybar\tbTVer.dll
TB: BearShare MediaBar: {d3dee18f-db64-4beb-9ff1-e1f0a5033e4a} - c:\program files\bearshare applications\bearshare mediabar\BearShareMediaBar.dll
TB: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - c:\program files\search toolbar\SearchToolbar.dll
TB: Megaupload Toolbar: {4e7bd74f-2b8d-469e-ccb0-b130eedbe97c} - c:\progra~1\megaup~2\MEGAUP~1.DLL
TB: TVersitybar Toolbar: {66bd2442-241b-44cd-8c7a-b51037053cdb} - c:\program files\tversitybar\tbTVer.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB: {BA14329E-9550-4989-B3F2-9732E92D17CC} - No File
uRun: [BearShare] "c:\program files\bearshare applications\bearshare\BearShare.exe" --lightmode
uRun: [Megakey] c:\users\kyle\appdata\local\megamedia\megakey\Megakey.exe /Tray
uRun: [MegakeyUpdater] c:\users\kyle\appdata\local\megamedia\megakey\MegakeyUpdater.exe
Registry::
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{66bd2442-241b-44cd-8c7a-b51037053cdb}"=- 
[HKEY_CLASSES_ROOT\clsid\{66bd2442-241b-44cd-8c7a-b51037053cdb}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{66bd2442-241b-44cd-8c7a-b51037053cdb}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{66bd2442-241b-44cd-8c7a-b51037053cdb}"=- 
[HKEY_CLASSES_ROOT\clsid\{66bd2442-241b-44cd-8c7a-b51037053cdb}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{66BD2442-241B-44CD-8C7A-B51037053CDB}"=- 
[HKEY_CLASSES_ROOT\clsid\{66bd2442-241b-44cd-8c7a-b51037053cdb}]
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=-
Extras::
File::
c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
c:\program files\mozilla firefox 3.6 beta 4\plugins\npnul32.dll
c:\program files\mozilla firefox 3.6 beta 4\plugins\nppl3260.dll
c:\program files\mozilla firefox 3.6 beta 4\plugins\nprjplug.dll
c:\program files\mozilla firefox 3.6 beta 4\plugins\nprpjplug.dll
Firefox::
Firefox-: - Profile - c:\users\kyle\appdata\roaming\mozilla\firefox\profiles\mw7j842y.default\

Save this as CFScript.txt, in the same location as ComboFix.exe

Referring to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt . Please paste in your next reply.
====================
I've moved as many processes as I recognized from your uninstalls.
The Firefox Extensions needs to be opened and the following Java removed: Jave v6u16, v6u20, v6u22
NOTE: Java updates do not have to be added to Firefox extensions. Be sure the most current version is on the system: Check this site .Java Updates Current is v6u24. Uninstall any earlier versions in Add/Remove Programs as they are vulnerabilities for the system.

The following Firefox Extension also need to be removed:
Ext: Search Toolbar: searchtoolbar@zugo.com - %profile%\extensions\searchtoolbar@zugo.com

I'll have you clean the Eset entry after I see the log from the new scan.

 

[Klykyl]

alright I tried running that disenfect thing and it just wouldnt pop up when i clicked it I tried a few times.
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6425
# api_version=3.0.2
# EOSSerial=851cdfd32d942f4eadc68298b7666803
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-03-16 06:22:14
# local_time=2011-03-15 11:22:14 (-0800, Pacific Daylight Time)
# country="United States"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1797 16775165 100 100 0 75024313 120881 0
# compatibility_mode=2560 16777215 100 0 0 0 0 0
# compatibility_mode=5892 16776573 100 100 0 136857677 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=260156
# found=1
# cleaned=0
# scan_time=6385
C:\Program Files\FoxTabAVIConverter\AviConverter.exe a variant of Win32/SweetIM.B application (unable to clean) 00000000000000000000000000000000 I
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6425
# api_version=3.0.2
# EOSSerial=851cdfd32d942f4eadc68298b7666803
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-03-24 01:36:49
# local_time=2011-03-23 06:36:49 (-0800, Pacific Daylight Time)
# country="United States"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1797 16775165 100 100 0 75697014 0 0
# compatibility_mode=2560 16777215 100 0 0 0 0 0
# compatibility_mode=5892 16776573 100 100 12409 137530378 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=292943
# found=1
# cleaned=0
# scan_time=7758
C:\Program Files\FoxTabAVIConverter\AviConverter.exe a variant of Win32/SweetIM.B application (unable to clean) 00000000000000000000000000000000 I


---

ComboFix 11-03-23.04 - Kyle 03/23/2011 19:10:08.3.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3518.2167 [GMT -7:00]
Running from: c:\users\Kyle\Downloads\ComboFix.exe
Command switches used :: c:\users\Kyle\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\program files\mozilla firefox 3.6 beta 4\plugins\npnul32.dll"
"c:\program files\mozilla firefox 3.6 beta 4\plugins\nppl3260.dll"
"c:\program files\mozilla firefox 3.6 beta 4\plugins\nprjplug.dll"
"c:\program files\mozilla firefox 3.6 beta 4\plugins\nprpjplug.dll"
"c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\progra~1\megaup~2\MEGAUP~1.DLL
c:\program files\bearshare applications\bearshare mediabar\BearShareMediaBar.dll
c:\program files\common files\Symantec Shared
c:\program files\mozilla firefox 3.6 beta 4\plugins\npnul32.dll
c:\program files\mozilla firefox 3.6 beta 4\plugins\nppl3260.dll
c:\program files\mozilla firefox 3.6 beta 4\plugins\nprjplug.dll
c:\program files\mozilla firefox 3.6 beta 4\plugins\nprpjplug.dll
c:\program files\tversitybar\tbTVer.dll
c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
c:\users\Kyle\AppData\Roaming\Azureus
c:\users\Kyle\AppData\Roaming\Azureus\.certs
c:\users\Kyle\AppData\Roaming\Azureus\.keystore
c:\users\Kyle\AppData\Roaming\Azureus\.lock
c:\users\Kyle\AppData\Roaming\Azureus\azureus.config
c:\users\Kyle\AppData\Roaming\Azureus\azureus.config.bak
c:\users\Kyle\AppData\Roaming\Azureus\azureus.statistics
c:\users\Kyle\AppData\Roaming\Azureus\azureus.statistics.bak
c:\users\Kyle\AppData\Roaming\Azureus\cache\-355833786.ico
c:\users\Kyle\AppData\Roaming\Azureus\cache\-636886948.ico
c:\users\Kyle\AppData\Roaming\Azureus\cache\1348866851.ico
c:\users\Kyle\AppData\Roaming\Azureus\cache\1734918254.ico
c:\users\Kyle\AppData\Roaming\Azureus\cache\1737934631.ico
c:\users\Kyle\AppData\Roaming\Azureus\cache\206891298.ico
c:\users\Kyle\AppData\Roaming\Azureus\cache\569002433.ico
c:\users\Kyle\AppData\Roaming\Azureus\devices.config
c:\users\Kyle\AppData\Roaming\Azureus\devices.config.bak
c:\users\Kyle\AppData\Roaming\Azureus\devices\a5d7869e-1ab9-6098-fef9-88476d988455.dat
c:\users\Kyle\AppData\Roaming\Azureus\dht\addresses.dat
c:\users\Kyle\AppData\Roaming\Azureus\dht\contacts.dat
c:\users\Kyle\AppData\Roaming\Azureus\dht\diverse.dat
c:\users\Kyle\AppData\Roaming\Azureus\dht\version.dat
c:\users\Kyle\AppData\Roaming\Azureus\downloads.config
c:\users\Kyle\AppData\Roaming\Azureus\downloads.config.bak
c:\users\Kyle\AppData\Roaming\Azureus\ipfilter.cache
c:\users\Kyle\AppData\Roaming\Azureus\logs\debug_1.log
c:\users\Kyle\AppData\Roaming\Azureus\logs\Plugin Update_1.log
c:\users\Kyle\AppData\Roaming\Azureus\metasearch.config
c:\users\Kyle\AppData\Roaming\Azureus\metasearch.config.bak
c:\users\Kyle\AppData\Roaming\Azureus\net\pm_33650.dat
c:\users\Kyle\AppData\Roaming\Azureus\net\pm_default.dat
c:\users\Kyle\AppData\Roaming\Azureus\plugins\aefeatman_v\aefeatman_v_1.2.jar
c:\users\Kyle\AppData\Roaming\Azureus\plugins\aefeatman_v\aefeatman_v_1.2.zip
c:\users\Kyle\AppData\Roaming\Azureus\plugins\aefeatman_v\plugin.properties
c:\users\Kyle\AppData\Roaming\Azureus\plugins\aefeatman_v\plugin.properties_1.2
c:\users\Kyle\AppData\Roaming\Azureus\plugins\azupnpav\cd.dat
c:\users\Kyle\AppData\Roaming\Azureus\plugins\azutp\azutp_0.2.8.jar
c:\users\Kyle\AppData\Roaming\Azureus\plugins\azutp\azutp_0.2.8.zip
c:\users\Kyle\AppData\Roaming\Azureus\plugins\azutp\plugin.properties
c:\users\Kyle\AppData\Roaming\Azureus\plugins\azutp\plugin_install.properties
c:\users\Kyle\AppData\Roaming\Azureus\plugins\azutp\win32\LICENSE
c:\users\Kyle\AppData\Roaming\Azureus\plugins\azutp\win32\msvcr100.dll
c:\users\Kyle\AppData\Roaming\Azureus\plugins\azutp\win32\utp.dll
c:\users\Kyle\AppData\Roaming\Azureus\plugins\azutp\x64\LICENSE
c:\users\Kyle\AppData\Roaming\Azureus\plugins\azutp\x64\msvcr100.dll
c:\users\Kyle\AppData\Roaming\Azureus\plugins\azutp\x64\utp.dll
c:\users\Kyle\AppData\Roaming\Azureus\plugins\mlab\mlab_0.1.9.jar
c:\users\Kyle\AppData\Roaming\Azureus\plugins\mlab\mlab_0.1.9.zip
c:\users\Kyle\AppData\Roaming\Azureus\plugins\mlab\plugin.properties
c:\users\Kyle\AppData\Roaming\Azureus\plugins\mlab\ShaperProbeC.exe
c:\users\Kyle\AppData\Roaming\Azureus\plugins\vuzexcode\ffmpeg.exe
c:\users\Kyle\AppData\Roaming\Azureus\plugins\vuzexcode\mediainfo.exe
c:\users\Kyle\AppData\Roaming\Azureus\plugins\vuzexcode\plugin.properties
c:\users\Kyle\AppData\Roaming\Azureus\plugins\vuzexcode\plugin_install.properties
c:\users\Kyle\AppData\Roaming\Azureus\plugins\vuzexcode\profiles\android_generic.properties
c:\users\Kyle\AppData\Roaming\Azureus\plugins\vuzexcode\profiles\AppleTV.properties
c:\users\Kyle\AppData\Roaming\Azureus\plugins\vuzexcode\profiles\AppleTV2.properties
c:\users\Kyle\AppData\Roaming\Azureus\plugins\vuzexcode\profiles\blackberry_320.properties
c:\users\Kyle\AppData\Roaming\Azureus\plugins\vuzexcode\profiles\blackberry_400.properties
c:\users\Kyle\AppData\Roaming\Azureus\plugins\vuzexcode\profiles\blackberry_480x320.properties
c:\users\Kyle\AppData\Roaming\Azureus\plugins\vuzexcode\profiles\blackberry_480x360.properties
c:\users\Kyle\AppData\Roaming\Azureus\plugins\vuzexcode\profiles\Boxee_h264_720p.properties
c:\users\Kyle\AppData\Roaming\Azureus\plugins\vuzexcode\profiles\Browser.properties
c:\users\Kyle\AppData\Roaming\Azureus\plugins\vuzexcode\profiles\devicelist.csv
c:\users\Kyle\AppData\Roaming\Azureus\plugins\vuzexcode\profiles\Generic_directTV.properties
c:\users\Kyle\AppData\Roaming\Azureus\plugins\vuzexcode\profiles\Generic_h264_480p.properties
c:\users\Kyle\AppData\Roaming\Azureus\plugins\vuzexcode\profiles\Generic_h264_720p.properties
c:\users\Kyle\AppData\Roaming\Azureus\plugins\vuzexcode\profiles\Generic_mp4.properties
c:\users\Kyle\AppData\Roaming\Azureus\plugins\vuzexcode\profiles\h264_1024x600_generic.properties
c:\users\Kyle\AppData\Roaming\Azureus\plugins\vuzexcode\profiles\h264_160x128_generic.properties
c:\users\Kyle\AppData\Roaming\Azureus\plugins\vuzexcode\profiles\h264_220x176_generic.properties
c:\users\Kyle\AppData\Roaming\Azureus\plugins\vuzexcode\profiles\h264_320x240_generic.properties
c:\users\Kyle\AppData\Roaming\Azureus\plugins\vuzexcode\profiles\h264_400x240_generic.properties
c:\users\Kyle\AppData\Roaming\Azureus\plugins\vuzexcode\profiles\h264_480x320_generic.properties
c:\users\Kyle\AppData\Roaming\Azureus\plugins\vuzexcode\profiles\h264_640x360_generic.properties
c:\users\Kyle\AppData\Roaming\Azureus\plugins\vuzexcode\profiles\h264_800x480_generic.properties
c:\users\Kyle\AppData\Roaming\Azureus\plugins\vuzexcode\profiles\h264_800x480_LQ_generic.properties
c:\users\Kyle\AppData\Roaming\Azureus\plugins\vuzexcode\profiles\h264_856x480_generic.properties
c:\users\Kyle\AppData\Roaming\Azureus\plugins\vuzexcode\profiles\iPad.properties
c:\users\Kyle\AppData\Roaming\Azureus\plugins\vuzexcode\profiles\iPhone.properties
c:\users\Kyle\AppData\Roaming\Azureus\plugins\vuzexcode\profiles\iPhone4.properties
c:\users\Kyle\AppData\Roaming\Azureus\plugins\vuzexcode\profiles\iPodClassic.properties
c:\users\Kyle\AppData\Roaming\Azureus\plugins\vuzexcode\profiles\iPodNano.properties
c:\users\Kyle\AppData\Roaming\Azureus\plugins\vuzexcode\profiles\iPodTouch.properties
c:\users\Kyle\AppData\Roaming\Azureus\plugins\vuzexcode\profiles\LG_DMP_h264_720p.properties
c:\users\Kyle\AppData\Roaming\Azureus\plugins\vuzexcode\profiles\libx264-default.ffpreset
c:\users\Kyle\AppData\Roaming\Azureus\plugins\vuzexcode\profiles\libx264-ipad.ffpreset
c:\users\Kyle\AppData\Roaming\Azureus\plugins\vuzexcode\profiles\libx264-ipod640.ffpreset
c:\users\Kyle\AppData\Roaming\Azureus\plugins\vuzexcode\profiles\PS3_HD.properties
c:\users\Kyle\AppData\Roaming\Azureus\plugins\vuzexcode\profiles\PS3_SD.properties
c:\users\Kyle\AppData\Roaming\Azureus\plugins\vuzexcode\profiles\PSP.properties
c:\users\Kyle\AppData\Roaming\Azureus\plugins\vuzexcode\profiles\samsung_sgh-t959.properties
c:\users\Kyle\AppData\Roaming\Azureus\plugins\vuzexcode\profiles\samsung_sgh-t959_card.properties
c:\users\Kyle\AppData\Roaming\Azureus\plugins\vuzexcode\profiles\Sony_BluRay_Player.properties
c:\users\Kyle\AppData\Roaming\Azureus\plugins\vuzexcode\profiles\Sony_Bravia.properties
c:\users\Kyle\AppData\Roaming\Azureus\plugins\vuzexcode\profiles\Sony_Bravia_16-9.properties
c:\users\Kyle\AppData\Roaming\Azureus\plugins\vuzexcode\profiles\Sony_InternetTV_h264_720p.properties
c:\users\Kyle\AppData\Roaming\Azureus\plugins\vuzexcode\profiles\TiVo_HD.properties
c:\users\Kyle\AppData\Roaming\Azureus\plugins\vuzexcode\profiles\Wii.properties
c:\users\Kyle\AppData\Roaming\Azureus\plugins\vuzexcode\profiles\XBox_HD.properties
c:\users\Kyle\AppData\Roaming\Azureus\plugins\vuzexcode\profiles\XBox_SD.properties
c:\users\Kyle\AppData\Roaming\Azureus\plugins\vuzexcode\profiles\Zen.properties
c:\users\Kyle\AppData\Roaming\Azureus\plugins\vuzexcode\vuzexcode_0.7.2.jar
c:\users\Kyle\AppData\Roaming\Azureus\plugins\vuzexcode\vuzexcode_0.7.2.zip
c:\users\Kyle\AppData\Roaming\Azureus\sidebarauto.config
c:\users\Kyle\AppData\Roaming\Azureus\tables.config
c:\users\Kyle\AppData\Roaming\Azureus\tables.config.bak
c:\users\Kyle\AppData\Roaming\Azureus\tmp\AZU1778561098993647650.tmp
c:\users\Kyle\AppData\Roaming\Azureus\tmp\AZU2364115000078785854.tmp
c:\users\Kyle\AppData\Roaming\Azureus\tmp\AZU2477893825132718404.tmp
c:\users\Kyle\AppData\Roaming\Azureus\tmp\AZU4147122689535228570.tmp
c:\users\Kyle\AppData\Roaming\Azureus\tmp\AZU4321534706374544160.tmp
c:\users\Kyle\AppData\Roaming\Azureus\tmp\AZU4350709544634494390.tmp
c:\users\Kyle\AppData\Roaming\Azureus\tmp\AZU4699965962052597769.tmp
c:\users\Kyle\AppData\Roaming\Azureus\tmp\AZU5018616847872755251.tmp
c:\users\Kyle\AppData\Roaming\Azureus\tmp\AZU5369731145363840878.tmp
c:\users\Kyle\AppData\Roaming\Azureus\tmp\AZU554039839922557836.tmp
c:\users\Kyle\AppData\Roaming\Azureus\tmp\AZU5964271044784106882.tmp
c:\users\Kyle\AppData\Roaming\Azureus\tmp\AZU7073259769881982248.tmp
c:\users\Kyle\AppData\Roaming\Azureus\tmp\AZU7830725853837656564.tmp
c:\users\Kyle\AppData\Roaming\Azureus\tmp\AZU8734052951368668690.tmp
c:\users\Kyle\AppData\Roaming\Azureus\tmp\AZU9180080896649617609.tmp
c:\users\Kyle\AppData\Roaming\Azureus\tmp\AZU954140240891388422.tmp
c:\users\Kyle\AppData\Roaming\Azureus\torrents\AZU3608869756757462139.tmp
c:\users\Kyle\AppData\Roaming\Azureus\torrents\AZU7552754533994725594.tmp
c:\users\Kyle\AppData\Roaming\Azureus\torrents\AZU8211178868350714330.tmp
c:\users\Kyle\AppData\Roaming\Azureus\torrents\AZU8657926461577167651.tmp
c:\users\Kyle\AppData\Roaming\Azureus\VuzeActivities.config
c:\users\Kyle\AppData\Roaming\Azureus\xcodejobs.config
c:\users\Kyle\AppData\Roaming\Azureus\xcodejobs.config.bak
c:\users\Lawrence\AppData\Roaming\Azureus
c:\users\Lawrence\AppData\Roaming\Azureus\.certs
c:\users\Lawrence\AppData\Roaming\Azureus\.keystore
c:\users\Lawrence\AppData\Roaming\Azureus\.lock
c:\users\Lawrence\AppData\Roaming\Azureus\azureus.config
c:\users\Lawrence\AppData\Roaming\Azureus\azureus.config.bak
c:\users\Lawrence\AppData\Roaming\Azureus\azureus.statistics
c:\users\Lawrence\AppData\Roaming\Azureus\azureus.statistics.bak
c:\users\Lawrence\AppData\Roaming\Azureus\devices.config
c:\users\Lawrence\AppData\Roaming\Azureus\devices.config.bak
c:\users\Lawrence\AppData\Roaming\Azureus\dht\addresses.dat
c:\users\Lawrence\AppData\Roaming\Azureus\dht\contacts.dat
c:\users\Lawrence\AppData\Roaming\Azureus\dht\diverse.dat
c:\users\Lawrence\AppData\Roaming\Azureus\dht\version.dat
c:\users\Lawrence\AppData\Roaming\Azureus\downloads.config
c:\users\Lawrence\AppData\Roaming\Azureus\downloads.config.bak
c:\users\Lawrence\AppData\Roaming\Azureus\ipfilter.cache
c:\users\Lawrence\AppData\Roaming\Azureus\logs\debug_1.log
c:\users\Lawrence\AppData\Roaming\Azureus\logs\Plugin Update_1.log
c:\users\Lawrence\AppData\Roaming\Azureus\metasearch.config
c:\users\Lawrence\AppData\Roaming\Azureus\metasearch.config.bak
c:\users\Lawrence\AppData\Roaming\Azureus\net\pm_33650.dat
c:\users\Lawrence\AppData\Roaming\Azureus\net\pm_default.dat
c:\users\Lawrence\AppData\Roaming\Azureus\plugins\aefeatman_v\aefeatman_v_1.2.jar
c:\users\Lawrence\AppData\Roaming\Azureus\plugins\aefeatman_v\aefeatman_v_1.2.zip
c:\users\Lawrence\AppData\Roaming\Azureus\plugins\aefeatman_v\plugin.properties
c:\users\Lawrence\AppData\Roaming\Azureus\plugins\aefeatman_v\plugin.properties_1.2
c:\users\Lawrence\AppData\Roaming\Azureus\plugins\azupnpav\cd.dat
c:\users\Lawrence\AppData\Roaming\Azureus\plugins\azutp\azutp_0.2.8.jar
c:\users\Lawrence\AppData\Roaming\Azureus\plugins\azutp\azutp_0.2.8.zip
c:\users\Lawrence\AppData\Roaming\Azureus\plugins\azutp\plugin.properties
c:\users\Lawrence\AppData\Roaming\Azureus\plugins\azutp\plugin_install.properties
c:\users\Lawrence\AppData\Roaming\Azureus\plugins\azutp\win32\LICENSE
c:\users\Lawrence\AppData\Roaming\Azureus\plugins\azutp\win32\msvcr100.dll
c:\users\Lawrence\AppData\Roaming\Azureus\plugins\azutp\win32\utp.dll
c:\users\Lawrence\AppData\Roaming\Azureus\plugins\azutp\x64\LICENSE
c:\users\Lawrence\AppData\Roaming\Azureus\plugins\azutp\x64\msvcr100.dll
c:\users\Lawrence\AppData\Roaming\Azureus\plugins\azutp\x64\utp.dll
c:\users\Lawrence\AppData\Roaming\Azureus\plugins\mlab\mlab_0.1.9.jar
c:\users\Lawrence\AppData\Roaming\Azureus\plugins\mlab\mlab_0.1.9.zip
c:\users\Lawrence\AppData\Roaming\Azureus\plugins\mlab\plugin.properties
c:\users\Lawrence\AppData\Roaming\Azureus\plugins\mlab\ShaperProbeC.exe
c:\users\Lawrence\AppData\Roaming\Azureus\sidebarauto.config
c:\users\Lawrence\AppData\Roaming\Azureus\tmp\AZU1132088417804163158.tmp
c:\users\Lawrence\AppData\Roaming\Azureus\tmp\AZU256236340827781327.tmp
c:\users\Lawrence\AppData\Roaming\Azureus\tmp\AZU3169371554525113763.tmp
c:\users\Lawrence\AppData\Roaming\Azureus\tmp\AZU3482766534707194187.tmp
c:\users\Lawrence\AppData\Roaming\Azureus\tmp\AZU5312978799117572369.tmp
c:\users\Lawrence\AppData\Roaming\Azureus\tmp\AZU5918946887469331866.tmp
c:\users\Lawrence\AppData\Roaming\Azureus\tmp\AZU6027605154609805850.tmp
c:\users\Lawrence\AppData\Roaming\Azureus\tmp\AZU7197483561679179391.tmp
c:\users\Lawrence\AppData\Roaming\Azureus\tmp\AZU7679101338222980639.tmp
c:\users\Lawrence\AppData\Roaming\Azureus\tmp\AZU8627739579258120343.tmp
c:\users\Lawrence\AppData\Roaming\Azureus\tmp\AZU8812842383438595828.tmp
c:\users\Lawrence\AppData\Roaming\Azureus\tmp\AZU8963289841605882432.tmp
c:\users\Lawrence\AppData\Roaming\Azureus\tmp\AZU9104025744595597831.tmp
c:\users\Lawrence\AppData\Roaming\Azureus\torrents\AZU3011071094651982753.tmp
c:\users\Lawrence\AppData\Roaming\Azureus\torrents\AZU6678209823951935209.tmp
c:\users\Lawrence\AppData\Roaming\Azureus\torrents\AZU8353882587423751505.tmp
c:\users\Lawrence\AppData\Roaming\Azureus\VuzeActivities.config
.
.
((((((((((((((((((((((((( Files Created from 2011-02-24 to 2011-03-24 )))))))))))))))))))))))))))))))
.
.
2011-03-24 02:18 . 2011-03-24 02:18 -------- d-----w- c:\users\Public\AppData\Local\temp
2011-03-24 02:18 . 2011-03-24 02:18 -------- d-----w- c:\users\Mcx1\AppData\Local\temp
2011-03-24 02:18 . 2011-03-24 02:18 -------- d-----w- c:\users\Lawrence\AppData\Local\temp
2011-03-24 02:18 . 2011-03-24 02:18 -------- d-----w- c:\users\Lawrence\AppData\Local Settings\Roaming\temp
2011-03-24 02:18 . 2011-03-24 02:18 -------- d-----w- c:\users\Kelly x3\AppData\Local\temp
2011-03-24 02:18 . 2011-03-24 02:18 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-03-23 22:18 . 2011-03-23 22:18 -------- d-----w- c:\program files\iPod
2011-03-22 20:09 . 2011-02-22 13:33 1068544 ----a-w- c:\windows\system32\DWrite.dll
2011-03-22 20:09 . 2011-02-22 14:13 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-03-22 20:09 . 2011-02-22 13:33 797696 ----a-w- c:\windows\system32\FntCache.dll
2011-03-22 20:00 . 2011-02-11 06:54 5943120 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3EC3B66F-D62D-4806-8404-CAF9BD3B73D0}\mpengine.dll
2011-03-21 04:55 . 2011-03-21 04:55 -------- d-----w- c:\users\Kyle\AppData\Local\DDMSettings
2011-03-19 04:47 . 2011-03-19 04:47 -------- d-----w- c:\windows\Sun
2011-03-19 02:58 . 2011-03-19 02:58 -------- d-----w- c:\programdata\Roblox
2011-03-19 02:58 . 2011-03-19 02:58 -------- d-----w- c:\program files\Roblox
2011-03-18 23:03 . 2011-03-24 02:18 -------- d-----w- c:\users\Deborah\AppData\Local\temp
2011-03-16 04:31 . 2011-03-16 04:31 -------- d-----w- c:\program files\ESET
2011-03-09 14:15 . 2010-12-29 18:28 322560 ----a-w- c:\windows\system32\sbe.dll
2011-03-09 14:15 . 2010-12-29 18:28 153088 ----a-w- c:\windows\system32\sbeio.dll
2011-03-09 14:15 . 2010-12-29 18:28 429056 ----a-w- c:\windows\system32\EncDec.dll
2011-03-09 14:15 . 2010-12-29 18:26 177664 ----a-w- c:\windows\system32\mpg2splt.ax
2011-03-09 14:15 . 2010-12-17 15:45 2067968 ----a-w- c:\windows\system32\mstscax.dll
2011-03-09 14:15 . 2010-12-17 13:54 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-03-08 14:42 . 2011-03-08 14:42 -------- d-----w- c:\users\Deborah\AppData\Roaming\MEGAUPLOADTOOLBAR
2011-03-04 21:00 . 2011-03-04 21:00 -------- d-----w- c:\users\Lawrence\AppData\Local\DDMSettings
2011-03-03 04:51 . 2011-03-09 03:41 -------- d-----w- C:\divx
2011-02-28 07:31 . 2011-03-03 04:51 -------- d-----w- c:\users\Kyle\AppData\Roaming\DivX
2011-02-28 07:30 . 2011-02-28 07:30 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2011-02-28 07:29 . 2011-02-28 07:29 -------- d-----w- c:\program files\Common Files\DivX Shared
2011-02-28 07:29 . 2011-02-28 07:32 -------- d-----w- c:\program files\DivX
2011-02-28 07:28 . 2011-02-28 07:32 -------- d-----w- c:\programdata\DivX
2011-02-27 05:28 . 2011-02-27 05:28 -------- d-----w- c:\users\Kyle\AppData\Local\BuildAGadget Content
2011-02-22 05:29 . 2011-03-24 02:17 -------- d-----w- c:\program files\TVersitybar
2011-02-22 05:27 . 2011-02-22 05:27 -------- d-----w- c:\program files\TVersity Codec Pack
2011-02-22 05:26 . 2011-02-22 05:26 -------- d-----w- c:\programdata\TVersity
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-17 00:29 . 2009-09-26 17:12 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-03-10 05:16 . 2010-06-24 19:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-02-19 00:36 . 2011-02-19 00:36 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2011-02-19 00:36 . 2011-02-19 00:36 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2011-02-06 04:25 . 2007-10-27 17:45 499712 ----a-w- c:\windows\system32\msvcp71.dll
2011-02-06 04:25 . 2007-10-27 17:45 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-02-03 01:35 . 2011-02-03 01:35 388096 ----a-r- c:\users\Deborah\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-02-03 01:11 . 2011-02-04 03:18 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-01-20 16:37 . 2011-02-08 23:34 638336 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2011-01-20 16:08 . 2011-02-08 23:34 478720 ----a-w- c:\windows\system32\dxgi.dll
2011-01-20 16:08 . 2011-02-08 23:34 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2011-01-20 16:08 . 2011-02-08 23:34 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2011-01-20 16:08 . 2011-02-08 23:34 1029120 ----a-w- c:\windows\system32\d3d10.dll
2011-01-20 16:08 . 2011-02-08 23:34 189952 ----a-w- c:\windows\system32\d3d10core.dll
2011-01-20 16:07 . 2011-02-08 23:34 37376 ----a-w- c:\windows\system32\cdd.dll
2011-01-20 16:07 . 2011-02-08 23:34 258048 ----a-w- c:\windows\system32\winspool.drv
2011-01-20 16:07 . 2011-02-08 23:34 586240 ----a-w- c:\windows\system32\stobject.dll
2011-01-20 16:06 . 2011-02-08 23:34 2873344 ----a-w- c:\windows\system32\mf.dll
2011-01-20 16:06 . 2011-02-08 23:34 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2011-01-20 16:04 . 2011-02-08 23:34 209920 ----a-w- c:\windows\system32\mfplat.dll
2011-01-20 16:04 . 2011-02-08 23:34 98816 ----a-w- c:\windows\system32\mfps.dll
2011-01-20 14:28 . 2011-02-08 23:34 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2011-01-20 14:27 . 2011-02-08 23:34 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-01-20 14:26 . 2011-02-08 23:34 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2011-01-20 14:25 . 2011-02-08 23:34 847360 ----a-w- c:\windows\system32\OpcServices.dll
2011-01-20 14:24 . 2011-02-08 23:34 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2011-01-20 14:15 . 2011-02-08 23:34 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
2011-01-20 14:14 . 2011-02-08 23:34 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll
2011-01-20 14:14 . 2011-02-08 23:34 302592 ----a-w- c:\windows\system32\mfmp4src.dll
2011-01-20 14:14 . 2011-02-08 23:34 261632 ----a-w- c:\windows\system32\mfreadwrite.dll
2011-01-20 14:12 . 2011-02-08 23:34 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2011-01-20 14:11 . 2011-02-08 23:34 486400 ----a-w- c:\windows\system32\d3d10level9.dll
2011-01-20 13:47 . 2011-02-08 23:34 683008 ----a-w- c:\windows\system32\d2d1.dll
2011-01-08 08:47 . 2011-02-08 23:33 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-01-08 06:28 . 2011-02-08 23:33 292352 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:57 . 2011-02-08 23:34 2039808 ----a-w- c:\windows\system32\win32k.sys
2010-12-28 15:55 . 2011-01-12 04:56 413696 ----a-w- c:\windows\system32\odbc32.dll
2010-06-27 18:15 . 2009-11-24 03:11 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"="oobefldr.dll" [2009-04-11 2153472]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-21 213936]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-07-31 68856]
"RegistryMechanic"="c:\program files\Registry Mechanic\RMTray.exe" [2008-07-03 812952]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"DW6"="c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe" [2010-04-16 818288]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater\AdobeUpdater.exe" [2005-03-17 970752]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-17 4907008]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-03-21 86960]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2007-03-16 17920]
"HostManager"="c:\program files\Common Files\AOL\1187236095\ee\AOLSoftware.exe" [2008-06-24 41824]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"ddoctorv2"="c:\program files\Comcast\Desktop Doctor\bin\sprtcmd.exe" [2008-04-24 202560]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-21 213936]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2008-08-08 524288]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
"LanUpdate"="c:\program files\Netgear Update Assistant\LanUpdate.exe" [2008-05-02 77824]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2009-07-07 647216]
"nmapp"="c:\program files\Pure Networks\Network Magic\nmapp.exe" [2009-07-08 472112]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-03 281768]
"IRIScan 2 button manager"="c:\program files\iriscn2i\bmanm12.exe" [2008-09-02 2323120]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-03-18 207360]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"BrStsWnd"="c:\program files\Brownie\BrstsWnd.exe" [2009-06-11 3618104]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-30 421888]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-03-12 232184]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2011-02-06 273544]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-02-15 1230704]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-21 963976]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-07 421160]
.
c:\users\Lawrence\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2010-1-27 323584]
Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2011-1-10 291896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=c:\windows\pss\WinZip Quick Pick.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^ymetray.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ymetray.lnk
backup=c:\windows\pss\ymetray.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Lawrence^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^AOL Desktop.lnk]
path=c:\users\Lawrence\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AOL Desktop.lnk
backup=c:\windows\pss\AOL Desktop.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2010-07-13 22:10 47904 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DT HPW]
2007-01-17 00:12 280576 ----a-w- c:\program files\Portrait Displays\HP My Display\dthtml.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core]
2009-04-29 17:55 3338240 ----a-w- c:\program files\Electronic Arts\EADM\Core.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2010-06-27 18:15 30192 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-30 01:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SansaDispatch]
2009-04-21 03:30 79872 ----a-w- c:\users\Lawrence\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate1ca513fd70eb30;Google Update Service (gupdate1ca513fd70eb30);c:\program files\Google\Update\GoogleUpdate.exe [2009-10-20 133104]
R2 SacNetAgentService_C57C4F854F53;SacNetAgentService_C57C4F854F53;c:\programdata\Clickfree\C2NPlus\Reminder\SacNetAgent.exe [2010-08-10 141640]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-06-27 30192]
R3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe [2008-01-19 21504]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 27192]
R3 RTL85n86;Belkin Wireless G Notebook Card Service v8;c:\windows\system32\DRIVERS\RTL85n86.sys [2007-03-13 354816]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 51040]
S0 amacpi;Microsoft Away Mode System;c:\windows\system32\DRIVERS\null.sys [2008-01-19 4608]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2009-10-13 9968]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2009-10-13 74480]
S2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2007-12-05 77824]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2008-01-19 21504]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-11-03 135336]
S2 atashost;WebEx Service Host for Support Center;c:\windows\system32\atashost.exe [2009-03-06 20376]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\PSIA.exe [2011-01-10 993848]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [2011-01-10 399416]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2007-08-13 5120]
S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2010-09-01 15544]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-10-13 7408]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - CFCATCHME
*Deregistered* - CFcatchme
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
Akamai REG_MULTI_SZ Akamai
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2011-03-23 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-07-31 04:12]
.
2011-03-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-20 04:37]
.
2011-03-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-20 04:37]
.
2011-03-03 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2010-11-18 15:13]
.
2011-03-24 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\pcdrcui.exe [2010-11-18 15:13]
.
2011-03-24 c:\windows\Tasks\User_Feed_Synchronization-{38E61D04-D3F6-4D37-8904-57EA300894C0}.job
- c:\windows\system32\msfeedssync.exe [2011-02-08 04:47]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-us\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
LSP: c:\windows\system32\wpclsp.dll
DPF: {71D413D7-38C5-4035-8548-976522CF11D5} - hxxp://www.crucial.com/controls/cpcVistaBeta.cab
FF - ProfilePath - c:\users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\mw7j842y.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2504091&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2504091&SearchSource=13
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z039&form=ZGAADF&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - Ext: DivX Plus Web Player HTML5 &lt;video&gt;: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\DivX\DivX Plus Web Player\firefox\html5video
FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files\DivX\DivX Plus Web Player\firefox\wpa
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Flagfox: {1018e4d6-728f-4b20-ad56-37578a4de76b} - %profile%\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
FF - Ext: AnyColor: anycolor.pavlos256@gmail.com - %profile%\extensions\anycolor.pavlos256@gmail.com
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: Personas: personas@christopher.beard - %profile%\extensions\personas@christopher.beard
FF - Ext: PimpZilla: {a02c0c70-605c-11da-8cd6-0800200c9a66} - %profile%\extensions\{a02c0c70-605c-11da-8cd6-0800200c9a66}
FF - Ext: MP4 Downloader: mp4downloader@jeff.net - %profile%\extensions\mp4downloader@jeff.net
FF - Ext: InvisibleHand: canitbecheaper@trafficbroker.co.uk - %profile%\extensions\canitbecheaper@trafficbroker.co.uk
FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF - Ext: Fire.fm: {6F0976E6-26F3-4AFE-BBEC-9E99E27E4DF3} - %profile%\extensions\{6F0976E6-26F3-4AFE-BBEC-9E99E27E4DF3}
FF - Ext: FastestFox: smarterwiki@wikiatic.com - %profile%\extensions\smarterwiki@wikiatic.com
FF - Ext: Search Toolbar: searchtoolbar@zugo.com - %profile%\extensions\searchtoolbar@zugo.com
FF - Ext: VideoSurf Videos at a Glance: videosurf_enhanced@videosurf.com - %profile%\extensions\videosurf_enhanced@videosurf.com
FF - user.js: yahoo.homepage.dontask - true
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-23 19:22
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flac\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ogg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pls\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.spx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\HWP26A2\4&317f13c5&0&UID256\Device Parameters\MODES]
@DACL=(02 0000)
.
Completion time: 2011-03-23 19:25:19
ComboFix-quarantined-files.txt 2011-03-24 02:25
ComboFix2.txt 2011-03-18 23:03
.
Pre-Run: 138,453,549,056 bytes free
Post-Run: 138,751,664,128 bytes free
.
- - End Of File - - B68AC5EA2D22881364865632FDFFF9C2

 

[Klykyl]

Avira scanned today and found 7 things. we haven't downloading anything but looks like it flagged that disinfecting program thing
Heres the log./


Avira AntiVir Personal
Report file date: Thursday, March 24, 2011 12:00

Scanning for 2529438 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available:

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows Vista
Windows version : (Service Pack 2) [6.0.6002]
Boot mode : Normally booted
Username : SYSTEM
Computer name : FAMILY_ROOM_2PC

Version information:
BUILD.DAT : 10.0.0.635 31822 Bytes 3/7/2011 12:15:00
AVSCAN.EXE : 10.0.3.5 435368 Bytes 12/9/2010 05:38:24
AVSCAN.DLL : 10.0.3.0 46440 Bytes 4/19/2010 10:25:20
LUKE.DLL : 10.0.3.2 104296 Bytes 12/9/2010 05:38:25
LUKERES.DLL : 10.0.0.1 12648 Bytes 2/11/2010 06:40:49
VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 03:15:54
VBASE001.VDF : 7.11.0.0 13342208 Bytes 12/14/2010 05:43:01
VBASE002.VDF : 7.11.3.0 1950720 Bytes 2/9/2011 11:34:17
VBASE003.VDF : 7.11.3.1 2048 Bytes 2/9/2011 11:34:17
VBASE004.VDF : 7.11.3.2 2048 Bytes 2/9/2011 11:34:18
VBASE005.VDF : 7.11.3.3 2048 Bytes 2/9/2011 11:34:18
VBASE006.VDF : 7.11.3.4 2048 Bytes 2/9/2011 11:34:18
VBASE007.VDF : 7.11.3.5 2048 Bytes 2/9/2011 11:34:18
VBASE008.VDF : 7.11.3.6 2048 Bytes 2/9/2011 11:34:18
VBASE009.VDF : 7.11.3.7 2048 Bytes 2/9/2011 11:34:19
VBASE010.VDF : 7.11.3.8 2048 Bytes 2/9/2011 11:34:19
VBASE011.VDF : 7.11.3.9 2048 Bytes 2/9/2011 11:34:19
VBASE012.VDF : 7.11.3.10 2048 Bytes 2/9/2011 11:34:19
VBASE013.VDF : 7.11.3.59 157184 Bytes 2/14/2011 11:32:20
VBASE014.VDF : 7.11.3.97 120320 Bytes 2/16/2011 03:35:31
VBASE015.VDF : 7.11.3.148 128000 Bytes 2/19/2011 03:35:50
VBASE016.VDF : 7.11.3.183 140288 Bytes 2/22/2011 23:59:09
VBASE017.VDF : 7.11.3.216 124416 Bytes 2/24/2011 23:58:59
VBASE018.VDF : 7.11.3.251 159232 Bytes 2/28/2011 06:18:03
VBASE019.VDF : 7.11.4.33 148992 Bytes 3/2/2011 02:57:31
VBASE020.VDF : 7.11.4.73 150016 Bytes 3/6/2011 02:58:25
VBASE021.VDF : 7.11.4.108 122880 Bytes 3/8/2011 05:29:00
VBASE022.VDF : 7.11.4.150 133120 Bytes 3/10/2011 06:26:18
VBASE023.VDF : 7.11.4.183 122368 Bytes 3/14/2011 00:28:54
VBASE024.VDF : 7.11.4.228 123392 Bytes 3/16/2011 00:28:54
VBASE025.VDF : 7.11.5.8 246272 Bytes 3/21/2011 01:53:35
VBASE026.VDF : 7.11.5.38 137216 Bytes 3/23/2011 02:37:14
VBASE027.VDF : 7.11.5.39 2048 Bytes 3/23/2011 02:37:14
VBASE028.VDF : 7.11.5.40 2048 Bytes 3/23/2011 02:37:14
VBASE029.VDF : 7.11.5.41 2048 Bytes 3/23/2011 02:37:14
VBASE030.VDF : 7.11.5.42 2048 Bytes 3/23/2011 02:37:14
VBASE031.VDF : 7.11.5.57 78336 Bytes 3/24/2011 11:48:22
Engineversion : 8.2.4.188
AEVDF.DLL : 8.1.2.1 106868 Bytes 7/30/2010 05:01:05
AESCRIPT.DLL : 8.1.3.57 1261947 Bytes 3/18/2011 10:20:28
AESCN.DLL : 8.1.7.2 127349 Bytes 11/23/2010 05:38:25
AESBX.DLL : 8.1.3.2 254324 Bytes 11/23/2010 05:38:26
AERDL.DLL : 8.1.9.8 639346 Bytes 3/17/2011 00:29:06
AEPACK.DLL : 8.2.4.12 520567 Bytes 3/17/2011 00:29:03
AEOFFICE.DLL : 8.1.1.17 205177 Bytes 3/8/2011 02:57:36
AEHEUR.DLL : 8.1.2.87 3371383 Bytes 3/18/2011 10:20:24
AEHELP.DLL : 8.1.16.1 246134 Bytes 2/4/2011 04:04:29
AEGEN.DLL : 8.1.5.3 397684 Bytes 3/18/2011 10:20:05
AEEMU.DLL : 8.1.3.0 393589 Bytes 11/23/2010 05:38:20
AECORE.DLL : 8.1.19.2 196983 Bytes 2/4/2011 04:04:28
AEBB.DLL : 8.1.1.0 53618 Bytes 4/24/2010 10:25:56
AVWINLL.DLL : 10.0.0.0 19304 Bytes 1/14/2010 19:03:38
AVPREF.DLL : 10.0.0.0 44904 Bytes 1/14/2010 19:03:35
AVREP.DLL : 10.0.0.8 62209 Bytes 2/18/2010 23:47:40
AVREG.DLL : 10.0.3.2 53096 Bytes 11/3/2010 10:24:24
AVSCPLR.DLL : 10.0.3.2 84328 Bytes 12/9/2010 05:38:25
AVARKT.DLL : 10.0.22.6 231784 Bytes 12/9/2010 05:38:23
AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 1/26/2010 16:53:30
SQLITE3.DLL : 3.6.19.0 355688 Bytes 1/28/2010 19:57:58
AVSMTP.DLL : 10.0.0.17 63848 Bytes 3/16/2010 22:38:56
NETNT.DLL : 10.0.0.0 11624 Bytes 2/19/2010 21:41:00
RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 1/28/2010 20:10:20
RCTEXT.DLL : 10.0.58.0 97128 Bytes 11/3/2010 10:24:23

Configuration settings for the scan:
Jobname.............................: Local Hard Disks
Configuration file..................: C:\Program Files\Avira\AntiVir Desktop\alldiscs.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, D:, F:,
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: off
Integrity checking of system files..: off
Scan all files......................: Intelligent file selection
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium
Deviating risk categories...........: +APPL,+JOKE,+PCK,+SPR,

Start of the scan: Thursday, March 24, 2011 12:00

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'LogonUI.exe' - '1' Module(s) have been scanned
Scan process 'plugin-container.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'mobsync.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'Explorer.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'iPodService.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'ehmsas.exe' - '1' Module(s) have been scanned
Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned
Scan process 'ehtray.exe' - '1' Module(s) have been scanned
Scan process 'psi_tray.exe' - '1' Module(s) have been scanned
Scan process 'EasyShare.exe' - '1' Module(s) have been scanned
Scan process 'SUPERAntiSpyware.exe' - '1' Module(s) have been scanned
Scan process 'DSAgnt.exe' - '1' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
Scan process 'DivXUpdate.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'ACDaemon.exe' - '1' Module(s) have been scanned
Scan process 'bmanm12.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'nmapp.exe' - '1' Module(s) have been scanned
Scan process 'nmctxth.exe' - '1' Module(s) have been scanned
Scan process 'apdproxy.exe' - '1' Module(s) have been scanned
Scan process 'SSMMgr.exe' - '1' Module(s) have been scanned
Scan process 'ISUSPM.exe' - '1' Module(s) have been scanned
Scan process 'sprtcmd.exe' - '1' Module(s) have been scanned
Scan process 'aolsoftware.exe' - '1' Module(s) have been scanned
Scan process 'RtHDVCpl.exe' - '1' Module(s) have been scanned
Scan process 'taskeng.exe' - '1' Module(s) have been scanned
Scan process 'Dwm.exe' - '1' Module(s) have been scanned
Scan process 'wmpnetwk.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'taskeng.exe' - '1' Module(s) have been scanned
Scan process 'sua.exe' - '1' Module(s) have been scanned
Scan process 'unsecapp.exe' - '1' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
Scan process 'WUDFHost.exe' - '1' Module(s) have been scanned
Scan process 'WLIDSvcM.exe' - '1' Module(s) have been scanned
Scan process 'nmsrvc.exe' - '1' Module(s) have been scanned
Scan process 'SearchIndexer.exe' - '1' Module(s) have been scanned
Scan process 'WLIDSVC.EXE' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'sprtsvc.exe' - '1' Module(s) have been scanned
Scan process 'PSIA.exe' - '1' Module(s) have been scanned
Scan process 'SeaPort.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'FlipShareService.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'avshadow.exe' - '1' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
Scan process 'atashost.exe' - '1' Module(s) have been scanned
Scan process 'AOLAcsd.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'AERTSrv.exe' - '1' Module(s) have been scanned
Scan process 'ACService.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'SLsvc.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'nvvsvc.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'lsm.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'wininit.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
Master boot sector HD2
[INFO] No virus was found!
Master boot sector HD3
[INFO] No virus was found!
Master boot sector HD4
[INFO] No virus was found!
Master boot sector HD5
[INFO] No virus was found!
Master boot sector HD6
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!
Boot sector 'F:\'
[INFO] No virus was found!

Starting to scan executable files (registry).
The registry was scanned ( '1921' files ).


Starting the file scan:

Begin scan in 'C:\' <OS>
C:\Qoobox\Quarantine\C\Program Files\Mozilla Firefox 3.6 Beta 4\plugins\npnul32.dll.vir
[DETECTION] Is the TR/Trash.Gen Trojan
C:\Qoobox\Quarantine\C\Program Files\Mozilla Firefox 3.6 Beta 4\plugins\nppl3260.dll.vir
[DETECTION] Is the TR/Trash.Gen Trojan
C:\Qoobox\Quarantine\C\Program Files\Mozilla Firefox 3.6 Beta 4\plugins\nprjplug.dll.vir
[DETECTION] Is the TR/Trash.Gen Trojan
C:\Qoobox\Quarantine\C\Program Files\Mozilla Firefox 3.6 Beta 4\plugins\nprpjplug.dll.vir
[DETECTION] Is the TR/Trash.Gen Trojan
C:\Qoobox\Quarantine\C\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll.vir
[DETECTION] Is the TR/Trash.Gen Trojan
C:\Users\Kyle\Desktop\Flash_Disinfector.exe
[DETECTION] Contains recognition pattern of the APPL/NirCmd.2 application

[0] Archive type: RAR SFX (self extracting)
--> nircmd.exe
[DETECTION] Contains recognition pattern of the APPL/NirCmd.2 application
C:\Users\Kyle\Downloads\Flash_Disinfector.exe
[DETECTION] Contains recognition pattern of the APPL/NirCmd.2 application

[0] Archive type: RAR SFX (self extracting)
--> nircmd.exe
[DETECTION] Contains recognition pattern of the APPL/NirCmd.2 application
Begin scan in 'D:\' <RECOVERY>
Begin scan in 'F:\' <WD Passport>

Beginning disinfection:
C:\Users\Kyle\Downloads\Flash_Disinfector.exe
[DETECTION] Contains recognition pattern of the APPL/NirCmd.2 application
[NOTE] The file was moved to the quarantine directory under the name '482213ef.qua'.
C:\Users\Kyle\Desktop\Flash_Disinfector.exe
[DETECTION] Contains recognition pattern of the APPL/NirCmd.2 application
[NOTE] The file was moved to the quarantine directory under the name '50b53c48.qua'.
C:\Qoobox\Quarantine\C\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll.vir
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '02e766ac.qua'.
C:\Qoobox\Quarantine\C\Program Files\Mozilla Firefox 3.6 Beta 4\plugins\nprpjplug.dll.vir
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '64cc296e.qua'.
C:\Qoobox\Quarantine\C\Program Files\Mozilla Firefox 3.6 Beta 4\plugins\nprjplug.dll.vir
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '21480450.qua'.
C:\Qoobox\Quarantine\C\Program Files\Mozilla Firefox 3.6 Beta 4\plugins\nppl3260.dll.vir
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '5e553631.qua'.
C:\Qoobox\Quarantine\C\Program Files\Mozilla Firefox 3.6 Beta 4\plugins\npnul32.dll.vir
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '12ef1a7b.qua'.


End of the scan: Thursday, March 24, 2011 14:25
Used time: 2:01:35 Hour(s)

The scan has been done completely.

43082 Scanned directories
871462 Files were scanned
7 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
7 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
871455 Files not concerned
4928 Archives were scanned
0 Warnings
7 Notes

 

[Bobbye]

Avira scan is OK- this is a legitimate part of the flash disinfector: I suggest you delete the entries from Avira, uninstall the current Flash Disinfector, download it again, disable Avira before running the scan. It's possible that Avira is removing necessary processes to run the scan.
C:\Users\Kyle\Downloads\Flash_Disinfector.exe>>APPL/NirCmd.2 application

Qoobox is where Combofix puts the qurantined files.C:\Qoobox\Quarantine\C\Program Files\Mozilla Firefox 3.6 Beta 4\plugins\npnul32.dll.vir
[DETECTION] Is the TR/Trash.Gen Trojan

No new or bad entries found.
=========================================
Please download OTMovit by Old Timer and save to your desktop.

• Double-click OTMoveIt3.exe to run it. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")
• Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  

  :Files 
  C:\Program Files\FoxTabAVIConverter\AviConverter.exe 
  
  :Commands
  [purity]
  [emptytemp]
  [start explorer]
  [Reboot]

• Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window and choose Paste.
• Click the red Moveit! button.
• A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
• Close OTMoveIt3

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
=====================================
IF you did not reboot the computer, do it now.
Empty the Recycle Bin.
========================================
Remove outdated Java plugin files from the Firefox plugins folder:
Note: It is recommended that you do not copy Java plugins from other locations to the Firefox plugins folder. Outdated Java plugins can cause Java not to work if you update Java and then uninstall the older Java version, if plugins from the old Java version are still in the Firefox plugins folder.
1. Open Firefox> Tools> Add-ons. The Add-ons window will open.
2. In the Add-ons window> select the Plugins panel, to display a list of installed plugins.
3. Select each Java plugin listed to make sure that all are enabled.
4. Check if the Java plugins are correctly detected. All Java plugins listed in the Add-ons window should match the version number of the currently installed JRE. There should be no plugins for earlier versions of Java.
5. Java plugin files that do not match your current version means that the Firefox plugins folder contains outdated Java plugin files which should be removed. This folder is typically in the following location: Use Windows Explorer to access> My Computer> Local Drive> Programs>>>
C:\Program Files\Mozilla Firefox\plugins
Java files from older versions in the Firefox plugins folder can prevent Java from working correctly.

Please remove Java v6u16, Java v6u17, Java v6u20, Java v6u22
If you have any of these versions in Add/Remove Programs.
lease update to the current v6u24: Java Updates
Reminder: you do not have to add a separate plugin to Java when you update the OS.

 

[Klykyl]

All processes killed
========== FILES ==========
C:\Program Files\FoxTabAVIConverter\AviConverter.exe moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Deborah
->Temp folder emptied: 86204 bytes
->Temporary Internet Files folder emptied: 636869 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 101259883 bytes
->Flash cache emptied: 1961 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56466 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Kelly x3
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Kyle
->Temp folder emptied: 1050022 bytes
->Temporary Internet Files folder emptied: 35582410 bytes
->Java cache emptied: 28363 bytes
->FireFox cache emptied: 103004011 bytes
->Google Chrome cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 7028 bytes

User: Lawrence
->Temp folder emptied: 43444735 bytes
->Temporary Internet Files folder emptied: 67544519 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 1421 bytes

User: Mcx1
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 169299 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 78450 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 664 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 337.00 mb


OTM by OldTimer - Version 3.1.17.2 log created on 03292011_165834

Files moved on Reboot...
File C:\Users\Deborah\AppData\Local\Temp\JET4F78.tmp not found!
C:\Users\Lawrence\AppData\Local\Temp\CMLS--2011-03-29--16-58-59.log moved successfully.
File C:\Users\Lawrence\AppData\Local\Temp\~DF51D1.tmp not found!
File C:\Users\Lawrence\AppData\Local\Temp\~DF5E45.tmp not found!
File C:\Users\Lawrence\AppData\Local\Temp\~DF5EA5.tmp not found!
File C:\Users\Lawrence\AppData\Local\Temp\~DF627D.tmp not found!
File C:\Users\Lawrence\AppData\Local\Temp\~DF6779.tmp not found!
File C:\Users\Lawrence\AppData\Local\Temp\~DF6D3A.tmp not found!
C:\Users\Lawrence\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ZR8HXJ0S\01[1].htm moved successfully.
C:\Users\Lawrence\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ZR8HXJ0S\openhand_8_8[1].bmp moved successfully.
C:\Users\Lawrence\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ZR8HXJ0S\Pug[1].gif moved successfully.
C:\Users\Lawrence\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ZR8HXJ0S\Pug[1].htm moved successfully.
C:\Users\Lawrence\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ZR8HXJ0S\type_simple_nrmp-zoom-in[1].ico moved successfully.
C:\Users\Lawrence\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YORZLSSK\fc[1].htm moved successfully.
C:\Users\Lawrence\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YORZLSSK\half_ebay_com[1].htm moved successfully.
C:\Users\Lawrence\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YORZLSSK\ifpc_relay[1].htm moved successfully.
C:\Users\Lawrence\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YORZLSSK\ifr[1].htm moved successfully.
C:\Users\Lawrence\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YORZLSSK\ifr[2].htm moved successfully.
C:\Users\Lawrence\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YORZLSSK\pixel[1].htm moved successfully.
C:\Users\Lawrence\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OE5UST5W\home_header_frm[1].htm moved successfully.
C:\Users\Lawrence\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DMRQJ8CD\01[1].htm moved successfully.
C:\Users\Lawrence\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DMRQJ8CD\0[2].htm moved successfully.
C:\Users\Lawrence\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DMRQJ8CD\AdDisplayTrackerServlet[1].htm moved successfully.
C:\Users\Lawrence\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DMRQJ8CD\AdDisplayTrackerServlet[2].htm moved successfully.
C:\Users\Lawrence\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DMRQJ8CD\ae_12232010[1].html moved successfully.
C:\Users\Lawrence\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DMRQJ8CD\build_creative[1].htm moved successfully.
C:\Users\Lawrence\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DMRQJ8CD\comcast_net[1].htm moved successfully.
C:\Users\Lawrence\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DMRQJ8CD\freq[1].html moved successfully.
C:\Users\Lawrence\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DMRQJ8CD\hbpix[1].gif moved successfully.
C:\Users\Lawrence\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DMRQJ8CD\IFrame[1].htm moved successfully.
C:\Users\Lawrence\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DMRQJ8CD\ifr[1].htm moved successfully.
C:\Users\Lawrence\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DMRQJ8CD\login_status[1].htm moved successfully.
C:\Users\Lawrence\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DMRQJ8CD\meta[1].htm moved successfully.
C:\Users\Lawrence\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DMRQJ8CD\Pug[1].gif moved successfully.
C:\Users\Lawrence\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DMRQJ8CD\Pug[1].htm moved successfully.
C:\Users\Lawrence\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DMRQJ8CD\Pug[2].gif moved successfully.
C:\Users\Lawrence\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DMRQJ8CD\Pug[3].gif moved successfully.
C:\Users\Lawrence\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DMRQJ8CD\readyToDownload[1].htm moved successfully.
C:\Users\Lawrence\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3VOKC2LO\01[1].htm moved successfully.
C:\Users\Lawrence\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3VOKC2LO\ddc[1].htm moved successfully.
C:\Users\Lawrence\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3VOKC2LO\dell[1].htm moved successfully.
C:\Users\Lawrence\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3VOKC2LO\frame[1].htm moved successfully.
C:\Users\Lawrence\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3VOKC2LO\freq[1].html moved successfully.
C:\Users\Lawrence\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3VOKC2LO\ifpc_relay[1].htm moved successfully.
C:\Users\Lawrence\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3VOKC2LO\index[1].htm moved successfully.
C:\Users\Lawrence\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3VOKC2LO\like[1].htm moved successfully.
C:\Users\Lawrence\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3VOKC2LO\like[2].htm moved successfully.
C:\Users\Lawrence\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3VOKC2LO\like[3].htm moved successfully.
C:\Users\Lawrence\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3VOKC2LO\syncuppixels[1].html moved successfully.
C:\Users\Lawrence\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3VOKC2LO\world_news-asiapacific[1].htm moved successfully.
C:\Users\Lawrence\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\167VZQ13\aviationskills_com[1].htm moved successfully.
C:\Users\Lawrence\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\167VZQ13\data_sync[1].htm moved successfully.
C:\Users\Lawrence\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\167VZQ13\ifpc_relay[1].htm moved successfully.
C:\Users\Lawrence\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\167VZQ13\ifr[1].htm moved successfully.
C:\Users\Lawrence\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\167VZQ13\ig[1].htm moved successfully.
C:\Users\Lawrence\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\167VZQ13\my_yahoo_com[1].htm moved successfully.
C:\Users\Lawrence\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\167VZQ13\theanimenetwork_com[1].htm moved successfully.
C:\Users\Lawrence\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
C:\Users\Lawrence\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\SuggestedSites.dat moved successfully.
File C:\Users\Lawrence\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z5LLK932\6407052283[1].htm not found!
C:\Users\Lawrence\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z5LLK932\dell[1].txt moved successfully.
C:\Users\Lawrence\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z5LLK932\home_header_frm[1].htm moved successfully.
C:\Users\Lawrence\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z5LLK932\tcode_helix[1].htm moved successfully.
C:\Users\Lawrence\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UHKLQZL3\ifpc_relay[1].txt moved successfully.
C:\Users\Lawrence\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UHKLQZL3\load_v6[1].htm moved successfully.
C:\Users\Lawrence\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UHKLQZL3\login[1].psp moved successfully.
C:\Users\Lawrence\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UHKLQZL3\mailhelixinbox160x600_adult[1].htm moved successfully.
C:\Users\Lawrence\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UHKLQZL3\mailhelixrw728x90_adult[1].htm moved successfully.
C:\Users\Lawrence\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UHKLQZL3\tcodewads_at[1].htm moved successfully.
File C:\Users\Lawrence\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\47E5HOAT\2644527252[1].htm not found!
C:\Users\Lawrence\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\47E5HOAT\ifr[1].txt moved successfully.
C:\Users\Lawrence\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\47E5HOAT\ifr[2].txt moved successfully.
C:\Users\Lawrence\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\47E5HOAT\ifr[3].txt moved successfully.
C:\Users\Lawrence\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\47E5HOAT\ifr[4].txt moved successfully.
C:\Users\Lawrence\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\47E5HOAT\ServiceLogin[1].txt moved successfully.
C:\Users\Lawrence\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\47E5HOAT\welcome_aol_com[1].txt moved successfully.
C:\Windows\temp\WebEx\Log\323\atashost.log moved successfully.

Registry entries deleted on Reboot...



---

I will be on vacation from tomorrow till next wednesday.. Sorry for the late reply my internet competition finally ended.


Oh and I still cant get that disenfectant to run and i've tried multiple times.

 

[Bobbye]

Okay, good. I'm running behind. Going to check out the flash disinft. Many having problems.

Later

 

[Klykyl]

Back and refreshed from my trip to disney!

I hope your not still running behind and hopefully there isnt to much left to do with this computer!

 

[Bobbye]

I have to ask about something I just noticed. You mentioned that the system belonged to a 14 year old boy. But I see all these users:
c:\users\Deborah\ntuser.pol
c:\users\Kellyx3\ntuser.pol
c:\users\Kyle\ntuser.pol
c:\users\Lawrence\ntuser.pol
c:\users\Mcx1\ntuser.pol

So now I am puzzle!

 

[Klykyl]

It's a shared computer or at least it was when we first bought it but he is for the most part the only one who uses it besides my dad. Deborah is my mom ( she has 2 other computers) Kelly is me (and I have my own computer) Kyle is the boy and lawrence is my dad..
But I do not recognize Mcx1.. I've never seen it on the welcome screen..

 

[Bobbye]

Guess you can tell I'm still running behind! Sorry. You are very patient.

Account 'mystery' solved: MCX1 is user account used by the Xbox 360 to access the media on the PC. So if you still use Xbox 360, leave it. If you don't, go into the Control Panel> User Accounts and remove it.

Are you still having the original problems?

 

[Klykyl]

Haha yes I can tell you are still running behind but I know how important it is to be patient I'm a mod on a forum and I know that it is greatly appreciated when people are patient.

Alrighty, I'll leave that account then. I don't think the computer is having the original problem I haven't heard any complaints about any problems. SO is the computer all good now?
And I do plan as soon as you give me the all clear to restrict the boys account and not allow him to download.

 

[Bobbye]

How about a quick scan with the following?

Download HijackThis http://download.bleepingcomputer.com/hijackthis/HijackThis.zipand save to your desktop.

• Extract it to a directory on your hard drive called c:\HijackThis.
• Then navigate to that directory and double-click on the hijackthis.exe file.
• When started click on the Scan button and then the Save Log button to create a log of your information.
• The log file and then the log will open in notepad. Be sure to click on Format> Uncheck Word Wrap when you open Notepad
• Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
• Come back here to this thread and paste (Ctrl+V) the log in your next reply.

NOTE: Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.

I'll check this log and if okay, I'll have you remove the cleaning tools.
==================================
About these entries in the Avira scan: Sometimes, it can be unfortunate when the AV program takes an 'all or nothing' approach: For instance:

C:\Users\Kyle\Desktop\Flash_Disinfector.exe
[DETECTION] Contains recognition pattern of the APPL/NirCmd.2 application

NirCmd is a small command-line utility that allows you to do some useful tasks without displaying any user interface. http://www.nirsoft.net/utils/nircmd.html

I like to use analogies: Think of a bomb-sniffing dog. If he gets near anything with explosives, he will wag and go in circles, telling his master that he found explosives. But consider this> If the explosives were contained in a legitimate package, (don't ask!) he would still wag and circle the same.

The AV is telling you that this entry has a pattern sometimes seen in malware programs. But the same process, when used correctly in a legitimate program can be very acceptable.

Another example: Qoobox holds the files and folders that were removed in Combofix. They are no longer active in the system. But the AV flags the original malware infections in the Qoobox that were removed in Combofix. It doesn't recognize that these are no longer active in the system.

C:\Qoobox\Quarantine\C\Program Files\Mozilla Firefox 3.6 Beta 4\plugins\nprjplug.dll.vir
[DETECTION] Is the TR/Trash.Gen Trojan[NOTE] The file was moved to the quarantine directory under the name '21480450.qua'.
This entry has actually already been quarantined. The original malware was no longer active in the system.

Okay, lesson over. We'll finish up after the HJT log.

 

[Klykyl]

Just posting to say I haven't forgotten i've just been sick. Ill run the scan tonight.

 

[Klykyl]

Alright I'm always ready to learn and your little lesson was very understandable. So the stuff that was flagged in the last scan was not harmful at all. Oh goody.
Now the long awaited log.
--

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:11:55 PM, on 4/21/2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.19048)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\aol\1187236095\ee\aolsoftware.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Windows\Samsung\PanelMgr\SSMMgr.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Netgear Update Assistant\LANUpdate.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\iriscn2i\bmanm12.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Brownie\BrStsWnd.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Registry Mechanic\RMTray.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Secunia\PSI\psi_tray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Brownie\brpjp04a.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Comcast\Desktop Doctor\agent\bin\bcont_nm.exe
C:\Program Files\Dell Support Center\imstrayicon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Real\RealPlayer\update\realsched.exe
C:\Users\Kyle\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ECenter] c:\dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1187236095\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ddoctorv2] "C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe" /P ddoctorv2
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe /autorun
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [LanUpdate] "C:\Program Files\Netgear Update Assistant\LanUpdate.exe"
O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [IRIScan 2 button manager] "C:\Program Files\iriscn2i\bmanm12.exe"
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [BrStsWnd] C:\Program Files\Brownie\BrstsWnd.exe Autorun
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Real\RealPlayer\update\realsched.exe" -osboot
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RMTray.exe /H
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater\AdobeUpdater.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-21-1464156989-3786269669-3921397701-1000\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'Lawrence')
O4 - HKUS\S-1-5-21-1464156989-3786269669-3921397701-1000\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup (User 'Lawrence')
O4 - HKUS\S-1-5-21-1464156989-3786269669-3921397701-1000\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe (User 'Lawrence')
O4 - HKUS\S-1-5-21-1464156989-3786269669-3921397701-1000\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter (User 'Lawrence')
O4 - HKUS\S-1-5-21-1464156989-3786269669-3921397701-1000\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler (User 'Lawrence')
O4 - HKUS\S-1-5-21-1464156989-3786269669-3921397701-1000\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" (User 'Lawrence')
O4 - HKUS\S-1-5-21-1464156989-3786269669-3921397701-1000\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Lawrence')
O4 - HKUS\S-1-5-21-1464156989-3786269669-3921397701-1000\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (User 'Lawrence')
O4 - HKUS\S-1-5-21-1464156989-3786269669-3921397701-1000\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (User 'Lawrence')
O4 - HKUS\S-1-5-21-1464156989-3786269669-3921397701-1000\..\Run: [SacReminderHDDV2N] C:\ProgramData\Clickfree\C2NPlus\reminder\SacReminder.exe (User 'Lawrence')
O4 - HKUS\S-1-5-21-1464156989-3786269669-3921397701-1000\..\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe" (User 'Lawrence')
O4 - S-1-5-21-1464156989-3786269669-3921397701-1000 Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User 'Lawrence')
O4 - S-1-5-21-1464156989-3786269669-3921397701-1000 User Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User 'Lawrence')
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Secunia PSI Tray.lnk = C:\Program Files\Secunia\PSI\psi_tray.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-us\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O16 - DPF: Garmin Communicator Plug-In - https://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.8.cab
O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} (WMI Class) - http://support.dell.com/systemprofiler/SysProExe.CAB
O16 - DPF: {71D413D7-38C5-4035-8548-976522CF11D5} (Crucial cpcScan) - http://www.crucial.com/controls/cpcVistaBeta.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://boeing.webex.com/client/T27L10NSP11_PSOBOEING/webex/ieatgpc1.cab
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Windows\system32\AERTSrv.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: WebEx Service Host for Support Center (atashost) - WebEx Communications, Inc. - C:\Windows\system32\atashost.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
O23 - Service: FlipShare Service - Unknown owner - C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate1ca513fd70eb30) (gupdate1ca513fd70eb30) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Cisco Systems, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SacNetAgentService_C57C4F854F53 - Storage Appliance Corporation - C:\ProgramData\Clickfree\C2NPlus\Reminder\SacNetAgent.exe
O23 - Service: Secunia PSI Agent - Secunia - C:\Program Files\Secunia\PSI\PSIA.exe
O23 - Service: Secunia Update Agent - Secunia - C:\Program Files\Secunia\PSI\sua.exe
O23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - SupportSoft, Inc. - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - Unknown owner - C:\Program Files\Dell Support Center\bin\sprtsvc.exe (file missing)
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: TVersity Media Server (TVersityMediaServer) - Unknown owner - C:\ProgramData\TVersity\Media Server\MediaServer.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 17243 bytes

 

[Klykyl]

It's been almost a week.. is the computer ok?

 

[Bobbye]

Sorry- I didn't get notice of your reply after you were sick. Hope all is better now.

I reviewed all the log and the current HijackThis log. I do not seen any entries for malware. But what I do see is an extraordinary number of unecessary processes running. Considering what you've uninstalled and what has been removed, that is saying a lot.

I would strongly recommend doing a reformat/reinstall. Don't ut anything back on the Startup Menu except the AV, firewall if there is a 3rd party one running, the Pure Magic processes (2 or 3), touchpad if laptop and nothing else.

Review the Services on Black Viper's site and put any Service that doesn't need to start on boot on Manual Startup type. Some can also be disabled.
============================================
If you're going to stick with it, Removing all of the tools we used and the files and folders they created

• Uninstall ComboFix and all Backups of the files it deleted
• Click START> then RUN
• Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.

• Download OTCleanIt by OldTimer and save it to your Desktop.
• Double click OTCleanIt.exe.
• Click the CleanUp! button.
• If you are prompted to Reboot during the cleanup, select Yes.
• The tool will delete itself once it finishes.

Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.
Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

• You should now set a new Restore Point and remove the old restore points to prevent infection from any previous Restore Points.
• Go to Start > All Programs > Accessories > System Tools
• Click "System Restore".
• Choose "Create a Restore Point" on the first screen then click "Next".
• Give the Restore Point a name> click "Create".
  
• Go back and follow the path to > System Tools.
  [*]Choose Disc Cleanup
  [*]Click "OK" to select the partition or drive you want.
  [*]Click the "More Options" Tab.
  [*]Click "Clean Up" in the System Restore section to remove all previous Restore Points except the newly created one.

Empty the Recycle Bin
===================================
And here's some guidance you asked for:
Tips for added security and safer browsing: (Links are in Bold Blue)

1. Browser Security
   [o] Safe Settings
   [o] ZonedOut. This manages the Zones in Internet Explorer. (For IE7 and IE8, Windows 2000 thru Vista. No Windows 7)
   [o] Replace the Host Files
   [o] Google Toolbar Pop Up Blocker
   [o]Web of Trust (WOT) Site Advisor. Traffic-light rating symbols show which rate the site for Trustworthiness, Vendor Reliability, Privacy, Child Safety.
   
2. Have layered Security:
   [o]Antivirus :(only one):Both of the following programs are free and known to be good:
   [o]Avira-AntiVir-Personal-Free-Antivirus
   [o]Avast Free Version
   [o]Firewall (only one): Use bi-directional firewall. Both of the following programs are free and known to be good:
   [o]Comodo
   [o]Zone Alarm
   
3. Antimalware: I recommend all of the following:
   [o]Spywareblaster: SpywareBlaster protects against bad ActiveX.
   [o]Spybot Search & Destroy
   
4. Updates: Stay current:
   [o] the Microsoft Download Sitefrequently. All updates marked Critical and the current SP updates.
   [o]Adobe Reader Install current, uninstall old.
   [o]Java Updates Install current, uninstall old.
   
5. Tracking Cookies
   Reset Cookie:
   [o]For Internet Explorer: Internet Options (through Tools or Control Panel) Privacy tab> Advanced button> check 'override automatic Cookie handling'> check 'accept first party Cookies'> check 'Block third party Cookies'> check 'allow per session Cookies'> Apply> OK.
   [o]For Firefox: Tools> Options> Privacy> Cookies> check ‘accept Cookies from Sites’> Uncheck 'accept third party Cookies'> Set Keep until 'they expire'. This will allow you to keep Cookies for registered sites and prevent or remove others. (Note: for Firefox v3.5, after Privacy click on 'use custom settings for History.')
   I suggest using the following two add-on for Firefox. They will prevent the Tracking Cookies that come from ads and banners and other sources:
   AdBlock Plus
   Easy List
   [o]For Chrome: Tools> Options> Under The Hood> Privacy Section> CHECK 'Restrict how third party Cookies can be used'> Close.
   
6. Do regular Maintenance
   [o] Temporary File Cleaner
7. Restore Points:
   [o]See System Restore Guide
8. Safe Email Handling
   [o] Don't open email from anyone you don't know.
   [o] Don't open Attachments in the email. Safe to your desktop and scan for viruses using a right click
   [o] Don't leave your personal email address on the internet. Have a separate email account at one of the free web-based emails like Yahoo.

Please let me know if you find any bad links.

 

[Klykyl]

Alright sorry for the delayed response again I was celebrating my birthday and I'm sick again.

Alright what do you mean about reformatting/ reinstall of the processes?

 

[Bobbye]

Happy Birthday! And sorry you're not feeling well.

You have so many unnecessary processes starting on boot and running in the background that the best thing to do is reformat and reinstall. But don't put everything on the Startup menu- only what I recommended.

You will find excellent reformat/reinstall instructions here:
http://www.tech-101.com/tutorials/356-tutorial-windows-install-repair-xp-vista.html

 

[Klykyl]

Oh thank you And I'm always sick I hang out with elementary school kids.

So by reformat/ Reinstall you mean start the system over again? This is the fastest moving computer we have second to our 5 day old laptop. I also don't trust myself in doing this we already have lost alot of data off a corrupt hard drive on the computer I'm using now.. So Can I just leave it? The computer moves very fast and start up doesn't take long at all.