Yesterday I got the aim myspace virus from one of my friends. I found these message boards so I read up on it and found out how to get rid of it. I think that I did but I am not positive yet and I was hoping someone could tell me if it is gone or not. When I first got it ims were popping up on my screen every second but now that doesn't happen.

First, I ran a scan of my computer and that didn't show up anything. After that I downloaded aim fix and ran that. Everytime I run it I get the same message. I have 2 versions of aim downloaded on my computer. Would that affect the aim fix program at all? Here are the resuls.

AIMFix version: 1.6.316.08 (Mar 16 2007 00:08:59)
SeDebug Privilege set successfully

***ANY VIRUS FILES REMOVED WILL BE LISTED BELOW***

BlockRemove(): Now checking for Block-Checker: .5
BlockRemove(): Block-Checker not found
IMNamesRemove(): Now checking for IMNames: .2
IMNamesRemove(): IM Names not found
CleanMstc(): mstc not found

***RUN COMPLETED. ANY FILES REMOVED LISTED ABOVE***

So, after I did that I read on here about that hijackthis program. After I ran it I also put the results at http://www.hijackthis.de and everything came up safe. Today it isn't with the latest scan. I hope that I gave enough information. I just realized that I'm not supposed to post the hijack logs unless asked so is there any other way that you would be able to figure out if it is gone. And thanks in advance to anyone who can help me out.

Please post your Hijack This log.

Please download SmitFraudFix from this link http://siri.urz.free.fr/Fix/Smitfra... Then extract the contents to your desktop.

!!!! Only run option #1 as runing the other options on an uninfected computer will damage the desktop.!!!!

Open the "SmitfraudFix" folder and double-click "smitfraudfix.cmd"
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.
Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.

I know for a fact that I still have it because it happened again with the ims popping up.

Here is my new hijack log that I just did

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 12:20:30 PM, on 3/16/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe
C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\gcsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\WINDOWS\system32\dlcccoms.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\PROGRA~1\TRENDM~1\INTERN~1\PccVScan.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpHost.exe
C:\Documents and Settings\Ryan Popovitch\Desktop\Downloads\HiJackThis_v2.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3061015
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?Lin...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3061015
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.7.0\ViewBarBHO.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.7.0\IEViewBar.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe"
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DLCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [dlccmon.exe] "C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe"
O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?Lin...
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: dlcc_device - - C:\WINDOWS\system32\dlcccoms.exe
O23 - Service: Intel(R) Quick Resume technology (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Remote Print Spooler (RPSGV) - Unknown owner - C:\WINDOWS\gcsvc.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 9775 bytes

And here is my smitfraudfix log.

SmitFraudFix v2.148

Scan done at 1:33:17.37, Sat 03/17/2007
Run from C:\Documents and Settings\Ryan Popovitch\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» hosts

»»»»»»»»»»»»»»»»»»»»»»»» C:\

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Ryan Popovitch

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Ryan Popovitch\Application Data

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\RYANPO~1\FAVORI~1

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\\PROGRA~1\\Google\\GOOGLE~1\\GOEC62~1.DLL"

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32-huy32

»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection

»»»»»»»»»»»»»»»»»»»»»»»» End

Run Hijack this from normal mode, close all windows and browsers except Hijack This, place a check to the left of the following items and press "fix checked":

O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.7.0\ViewBarBHO.dll

O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll

O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.7.0\IEViewBar.dll

O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

Exit Hijack This

Navigate to and delete this file if found;

C:\Program Files\BAE\BAE.dll

Then navigate to and delete this folder if found:

C:\Program Files\BAE

I recommend that you remove all Viewpoint products but that is your choice. If you do decide to do this, please follow the following steps:

Go to Start > Run and copy/paste or type: taskmgr then press "ok".
Under the Processes tab find the following tasks or processes:

ViewpointService.exe
ViewMgr.exe

Highlight it and click "End Process". Repeat for any other files listed, then exit Task Manager.

Click on Start > Settings > Control Panel > Add/Remove Programs > highlight and remove all references to Viewpoint - i.e. Viewpoint, Viewpoint Manager, Viewpoint Media Player.

Click on Start > Run and type: services.msc
Press "OK".
Click the "Extended tab".
Scroll down the list and find the service called "Viewpoint Manager Service"
When you find the service, double-click on it.
In the Properties Window > General Tab that opens, click the "Stop" button.
From the drop-down menu to to the far right of "Startup Type", click on "Disabled".
Now click "Apply", then "OK" and close any open windows.
Finally, delete the following folders if found:

C:\Program Files\ViewManager

C:\Program Files\Viewpoint\Common\ViewpointService.exe (may be a file)

Please download Comboscan from this link:

Comboscan

Close all applications and windows.
Double-click on comboscan.exe to run it, and follow the prompts.
When the scan is complete, a text file will open - ComboScan.txt
Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of ComboScan.txt in your next post.
A folder, C:\ComboScan, will also open. In it will be another text file, Supplementary.txt.
Please attach Supplementary.txt to your post.

Note: some firewalls may warn that sigcheck.exe is trying to access the internet - please ensure that you allow sigcheck.exe permission to do so.

I did everything that you said. But, when I went to taskmgr to delete the viewpoint tasks they weren't there. However, I did remove them from the control panel add/remove screen in the next step. Also, the viewpoint manager sercvice wasn't showing in the extended tab so I couldn't do anything there. The last problem was that comboscan couldn't read my version of hijackthis even when I pointed out the file so I had to let comboscan install it. I'm guessing that these steps that I couldn't do are okay to skip because the stuff that you told me to do wasn't showing up but I just wanted to let you know that.

Here is my comboscan.txt

ComboScan v20070306.20 run by Ryan Popovitch on 2007-03-18 at 23:38:59
Computer is in Normal Mode.
----------------------

-- System Res---------

Successfully created ComboScan Restore Point.

-- Last 5 Restore Point(s) --
94: 2007-03-19 03:39:01 UTC - RP160 - ComboScan Restore Point
93: 2007-03-18 10:12:53 UTC - RP159 - System Checkpoint
92: 2007-03-17 10:10:49 UTC - RP158 - System Checkpoint
91: 2007-03-16 10:00:15 UTC - RP157 - Software Distribution Service 2.0
90: 2007-03-15 19:31:50 UTC - RP156 - Installed Command & Conquer 3 Tiberium Wars™ Demo.

-- First Restore Point --
1: 2006-12-19 13:11:00 UTC - RP67 - System Checkpoint

Performed disk cleanup.

-- HijackThis (run as Ryan Popovitch.--------------

Logfile of HijackThis v1.99.1
Scan saved at 11:46:59 PM, on 3/18/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe
C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\gcsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\dlcccoms.exe
C:\WINDOWS\system32\dllhost.exe
C:\Documents and Settings\Ryan Popovitch\Desktop\Downloads\comboscan.exe
C:\PROGRA~1\HIJACK~1\Ryan Popovitch.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3061015
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?Lin...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3061015
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe"
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DLCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [dlccmon.exe] "C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe"
O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?Lin...
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: dlcc_device - - C:\WINDOWS\system32\dlcccoms.exe
O23 - Service: Intel(R) Quick Resume technology (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Remote Print Spooler (RPSGV) - Unknown owner - C:\WINDOWS\gcsvc.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

-- File Associat------

.bat - batfile - "%1" %*
.chm - chm.file - "C:\WINDOWS\hh.exe" %1
.cmd - cmdfile - "%1" %*
.com - comfile - "%1" %*
.exe - exefile - "%1" %*
.hlp - hlpfile - %SystemRoot%\System32\winhlp32.exe %1
.inf - inffile - %SystemRoot%\System32\NOTEPAD.EXE %1
.ini - inifile - %SystemRoot%\System32\NOTEPAD.EXE %1
.js - JSFile - %SystemRoot%\System32\WScript.exe "%1" %*
.lnk - lnkfile - {00021401-0000-0000-C000-000000000046}
.pif - piffile - "%1" %*
.reg - regfile - regedit.exe "%1"
.scr - scrfile - "%1" /S
.txt - txtfile - %SystemRoot%\system32\NOTEPAD.EXE %1
.vbs - VBSFile - %SystemRoot%\System32\WScript.exe "%1" %*

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

4S agpCPQ (Compaq AGP Bus Filter) - C:\WINDOWS\system32\drivers\AGPCPQ.SYS
4S alim1541 (ALI AGP Bus Filter) - C:\WINDOWS\system32\drivers\ALIM1541.SYS
4S amdagp (AMD AGP Bus Filter Driver) - C:\WINDOWS\system32\drivers\AMDAGP.SYS
2R ASCTRM - C:\WINDOWS\system32\drivers\asctrm.sys
4S cbidf - C:\WINDOWS\system32\drivers\cbidf2k.sys
4S dac2w2k - C:\WINDOWS\system32\drivers\dac2w2k.sys
2R DLABOIOM - C:\WINDOWS\system32\DLA\DLABOIOM.SYS
1R DLACDBHM - C:\WINDOWS\system32\drivers\DLACDBHM.SYS
2R DLADResN - C:\WINDOWS\system32\DLA\DLADResN.SYS
2R DLAIFS_M - C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
2R DLAOPIOM - C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
2R DLAPoolM - C:\WINDOWS\system32\DLA\DLAPoolM.SYS
1R DLARTL_N - C:\WINDOWS\system32\drivers\DLARTL_N.SYS
2R DLAUDFAM - C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
2R DLAUDF_M - C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
0R DRVMCDB - C:\WINDOWS\system32\drivers\DRVMCDB.SYS
2R DRVNDDM - C:\WINDOWS\system32\drivers\DRVNDDM.SYS
3S DSproct - C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys
3S E100B (Intel(R) PRO Adapter Driver) - C:\WINDOWS\system32\drivers\e100b325.sys
3R e1express (Intel(R) PRO/1000 PCI Express Network Connection Driver) - C:\WINDOWS\system32\drivers\e1e5132.sys
3R ELacpi - C:\WINDOWS\system32\drivers\ELacpi.sys
1R ELhid (EL hid Service) - C:\WINDOWS\system32\drivers\Elhid.sys
1R ELkbd (EL KB Service) - C:\WINDOWS\system32\drivers\Elkbd.sys
1R ELmon (EL Monitor Service) - C:\WINDOWS\system32\drivers\Elmon.sys
1R ELmou (EL Mouse Service) - C:\WINDOWS\system32\drivers\Elmou.sys
3R HDAudBus (Microsoft UAA Bus Driver for High Definition Audio) - C:\WINDOWS\system32\drivers\Hdaudbus.sys
3R HidUsb (Microsoft HID Class Driver) - C:\WINDOWS\system32\drivers\hidusb.sys
3R HSFHWBS2 - C:\WINDOWS\system32\drivers\HSFHWBS2.sys
3R HSF_DP - C:\WINDOWS\system32\drivers\HSF_DP.sys
0R iastor (Intel RAID Controller) - C:\WINDOWS\system32\drivers\iaStor.sys
1R intelppm (Intel Processor Driver) - C:\WINDOWS\system32\drivers\intelppm.sys
1R kbdhid (Keyboard HID Driver) - C:\WINDOWS\system32\drivers\kbdhid.sys
2R mdmxsdk - C:\WINDOWS\system32\drivers\mdmxsdk.sys
3S MHNDRV (MHN driver) - C:\WINDOWS\system32\drivers\mhndrv.sys
3R MODEMCSA (Unimodem Streaming Filter Device) - C:\WINDOWS\system32\drivers\MODEMCSA.sys
3R mouhid (Mouse HID Driver) - C:\WINDOWS\system32\drivers\mouhid.sys
3S NAL (Nal Service ) - C:\WINDOWS\system32\drivers\iqvw32.sys
3R nv - C:\WINDOWS\system32\drivers\nv4_mini.sys
0R PxHelp20 - C:\WINDOWS\system32\drivers\pxhelp20.sys
4S sisagp (SIS AGP Bus Filter) - C:\WINDOWS\system32\drivers\SISAGP.SYS
3R STHDA (SigmaTel High Definition Audio CODEC) - C:\WINDOWS\system32\drivers\sthda.sys
2R Tmfilter - C:\WINDOWS\system32\drivers\tmxpflt.sys
2R Tmpreflt - C:\WINDOWS\system32\drivers\tmpreflt.sys
1R tmtdi (Trend Micro TDI Driver) - C:\WINDOWS\system32\drivers\tmtdi.sys
2R tm_cfw (Common Firewall Driver) - C:\WINDOWS\system32\drivers\TM_CFW.sys
3R usbccgp (Microsoft USB Generic Parent Driver) - C:\WINDOWS\system32\drivers\usbccgp.sys
3R usbehci (Microsoft USB 2.0 Enhanced Host Controller Miniport Driver) - C:\WINDOWS\system32\drivers\usbehci.sys
3R usbprint (Microsoft USB PRINTER Class) - C:\WINDOWS\system32\drivers\usbprint.sys
3R usbscan (USB Scanner Driver) - C:\WINDOWS\system32\drivers\usbscan.sys
3S USBSTOR (USB Mass Storage Driver) - C:\WINDOWS\system32\drivers\USBSTOR.SYS
4S viaagp (VIA AGP Bus Filter) - C:\WINDOWS\system32\drivers\VIAAGP.SYS
2R Vsapint - C:\WINDOWS\system32\drivers\VsapiNT.sys
3R wanatw (WAN Miniport (ATW)) - C:\WINDOWS\system32\drivers\wanatw4.sys
3R winachsf - C:\WINDOWS\system32\drivers\HSF_CNXT.sys

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

2R AOL ACS (AOL Connectivity Service) - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
3S aspnet_state (ASP.NET State Service) - C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
3R dlcc_device - C:\WINDOWS\system32\dlcccoms.exe -service
2R ehRecvr (Media Center Receiver Service) - C:\WINDOWS\eHome\ehRecvr.exe
2R ehSched (Media Center Scheduler Service) - C:\WINDOWS\eHome\ehSched.exe
2R ELService (Intel(R) Quick Resume technology) - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
2S Fax - C:\WINDOWS\system32\fxssvc.exe
3S gusvc (Google Updater Service) - "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"
2R IAANTMON (Intel(R) Matrix Storage Event Monitor) - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
3S IDriverT (InstallDriver Table Manager) - "C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe"
2R McrdSvc (Media Center Extender Service) - C:\WINDOWS\ehome\mcrdsvc.exe
3S MHN - C:\WINDOWS\System32\svchost.exe -k netsvcs
2R NVSvc (NVIDIA Display Driver Service) - C:\WINDOWS\system32\nvsvc32.exe
3S ose (Office Source Engine) - "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
2R PcCtlCom (Trend Micro Central Control Component) - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
2R RPSGV (Remote Print Spooler) - "C:\WINDOWS\gcsvc.exe"
2R Tmntsrv (Trend Micro Real-time Service) - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
2R TmPfw (Trend Micro Personal Firewall) - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
2R tmproxy (Trend Micro Proxy Service) - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
3S UMWdf (Windows User Mode Driver Framework) - C:\WINDOWS\system32\wdfmgr.exe

-- Files created between 2007-02-18 and 20---------

2007-03-17 01:33:18 3318 --a------ C:\WINDOWS\system32\tmp.reg
2007-03-17 01:33:04 79360 --a------ C:\WINDOWS\system32\swxcacls.exe
2007-03-17 01:33:04 40960 --a------ C:\WINDOWS\system32\swsc.exe
2007-03-17 01:33:04 135168 --a------ C:\WINDOWS\system32\swreg.exe
2007-03-17 01:33:04 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-03-17 01:33:04 53248 --a------ C:\WINDOWS\system32\Process.exe
2007-03-17 01:33:04 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-03-15 17:54:08 0 d-------- C:\Program Files\a-squared Anti-Malware<A-SQUA~1>
2007-03-15 17:27:20 43218 -r-hs---- C:\WINDOWS\gcsvc.exe
2007-03-15 15:34:04 0 d-------- C:\Documents and Settings\Ryan Popovitch\Application Data\Command & Conquer 3 Tiberium Wars Demo<COMMAN~1>
2007-03-15 15:33:35 3426072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2007-03-12 19:00:54 0 d-------- C:\ProgramData<PROGRA~2>
2007-03-06 14:47:29 0 d-------- C:\Documents and Settings\Ryan Popovitch\Shared
2007-03-06 14:47:26 0 d-------- C:\Documents and Settings\Ryan Popovitch\Incomplete<INCOMP~1>
2007-03-06 14:47:09 0 d-------- C:\Program Files\LimeWire
2007-03-06 14:46:34 0 d-------- C:\Documents and Settings\Ryan Popovitch\.limewire<LIMEWI~1>
2007-03-06 11:58:13 0 d-------- C:\Documents and Settings\Ryan Popovitch\Application Data\AdobeUM
2007-03-01 21:45:34 0 d-------- C:\Program Files\Common Files\Viewpoint<VIEWPO~1>
2007-02-27 12:04:08 0 d-------- C:\Documents and Settings\Ryan Popovitch\Application Data\Corel Photo Album<CORELP~1>
2007-02-27 12:03:57 3350 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2007-02-27 12:03:57 88 -r-hs---- C:\WINDOWS\system32\E5AC7ABBE8.sys<E5AC7A~1.SYS>
2007-02-25 19:35:11 0 d-------- C:\Documents and Settings\Ryan Popovitch\Application Data\acccore
2007-02-25 19:34:53 0 d-------- C:\Documents and Settings\All Users\Application Data\AOL OCP<AOLOCP~1>
2007-02-25 19:34:21 0 d-------- C:\Program Files\AIM6
2007-02-25 19:33:16 0 d-------- C:\Documents and Settings\All Users\Application Data\AOL Downloads<AOLDOW~1>

-- Find3M Re----------

2007-03-18 23:08:11 0 d-------- C:\Program Files\Dl_cats
2007-03-15 18:43:01 0 d-------- C:\Program Files\Ares
2007-03-15 15:31:52 0 d-------- C:\Program Files\Electronic Arts<ELECTR~1>
2007-03-12 19:00:59 0 d--h----- C:\Program Files\InstallShield Installation Information<INSTAL~1>
2007-02-28 16:12:50 0 d-------- C:\Program Files\AIM
2007-02-25 19:34:24 0 d-------- C:\Program Files\Common Files\AOL
2007-02-22 02:27:32 0 d---s---- C:\Documents and Settings\Ryan Popovitch\Application Data\Microsoft<MICROS~1>
2007-02-17 07:07:28 0 d-------- C:\Program Files\Dell Photo AIO Printer 924<DELLPH~1>
2007-02-12 21:42:44 0 d-------- C:\Program Files\Abbyy FineReader 6.0 Sprint<ABBYYF~1.0SP>
2007-02-06 00:51:18 0 d-------- C:\Program Files\Google
2007-02-03 17:20:59 0 d-------- C:\Documents and Settings\Ryan Popovitch\Application Data\Ventrilo
2007-02-03 17:18:59 0 d-------- C:\Program Files\Ventrilo
2007-02-03 17:18:39 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard<WISEIN~1>
2007-01-29 04:58:06 60416 -----n--- C:\WINDOWS\system32\tzchange.exe
2007-01-24 18:35:08 0 d-------- C:\Program Files\Wolfenstein - Enemy Territory<WOLFEN~1>
2007-01-24 16:30:59 0 d-------- C:\Documents and Settings\Ryan Popovitch\Application Data\Viewpoint<VIEWPO~1>
2007-01-22 02:15:29 187 --a------ C:\Documents and Settings\Ryan Popovitch\Application Data\G-Force Prefs (WindowsMediaPlayer).txt<G-FORC~1.TXT>
2007-01-12 10:27:42 232960 --a------ C:\WINDOWS\system32\webcheck.dll
2007-01-12 10:27:42 51712 -----n--- C:\WINDOWS\system32\msfeedsbs.dll<MSFEED~1.DLL>
2007-01-12 10:27:42 458752 --a------ C:\WINDOWS\system32\msfeeds.dll
2007-01-12 10:27:42 6054400 --a------ C:\WINDOWS\system32\ieframe.dll
2007-01-08 20:04:54 105984 --a------ C:\WINDOWS\system32\url.dll
2007-01-08 20:04:08 102400 --a------ C:\WINDOWS\system32\occache.dll
2007-01-08 20:02:04 266752 --a------ C:\WINDOWS\system32\iertutil.dll
2007-01-08 20:02:04 44544 --a------ C:\WINDOWS\system32\iernonce.dll
2007-01-08 20:02:02 384000 --a------ C:\WINDOWS\system32\iedkcs32.dll
2007-01-08 20:02:02 383488 --a------ C:\WINDOWS\system32\ieapfltr.dll
2007-01-08 20:02:02 161792 --a------ C:\WINDOWS\system32\ieakui.dll
2007-01-08 20:02:02 230400 --a------ C:\WINDOWS\system32\ieaksie.dll
2007-01-08 20:02:02 153088 --a------ C:\WINDOWS\system32\ieakeng.dll
2007-01-08 20:01:14 17408 --a------ C:\WINDOWS\system32\corpol.dll
2007-01-08 20:00:48 124928 --a------ C:\WINDOWS\system32\advpack.dll
2007-01-08 19:08:14 56832 --a------ C:\WINDOWS\system32\ie4uinit.exe
2007-01-08 19:08:10 13824 --a------ C:\WINDOWS\system32\ieudinit.exe
2006-12-19 17:52:18 134656 --a------ C:\WINDOWS\system32\shsvcs.dll
2006-12-19 14:16:47 333824 --a------ C:\WINDOWS\system32\wiaservc.dll

-- Registry ----------

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"OE_OEM"="\"C:\\Program Files\\Trend Micro\\Internet Security 12\\TMAS_OE\\TMAS_OEMon.exe\""
"DellSupport"="\"C:\\Program Files\\Dell Support\\DSAgnt.exe\" /startup"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"
"Aim6"=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"ehTray"="C:\\WINDOWS\\ehome\\ehtray.exe"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"SigmatelSysTrayApp"="stsystra.exe"
"IAAnotif"="C:\\Program Files\\Intel\\Intel Matrix Storage Manager\\Iaanotif.exe"
"DMXLauncher"="C:\\Program Files\\Dell\\Media Experience\\DMXLauncher.exe"
"ISUSPM Startup"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\isuspm.exe\" -startup"
"ISUSScheduler"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start"
@=""
"pccguide.exe"="\"C:\\Program Files\\Trend Micro\\Internet Security 12\\pccguide.exe\""
"DLA"="C:\\WINDOWS\\System32\\DLA\\DLACTRLW.EXE"
"Google Desktop Search"="\"C:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe\" /startup"
"MMTray"="\"C:\\Program Files\\Musicmatch\\Musicmatch Jukebox\\mm_tray.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"DLCCCATS"="rundll32 C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\DLCCtime.dll,_RunDLLEntry@16"
"dlccmon.exe"="\"C:\\Program Files\\Dell Photo AIO Printer 924\\dlccmon.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"appinit_dlls"="C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,\
63,65,73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,5c,52,6f,79,61,6c,65,2e,\
6d,73,73,74,79,6c,65,73,00
"InstallTheme"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,63,65,\
73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,2e,74,68,65,6d,65,00

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoCDBurning"=dword:00000000

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{136fb661-5fb1-11db-80ef-806d6172696f}]
Shell\AutoRun\command D:\Autorun.exe

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
Shell\AutoRun\command E:\setup.exe

-- End of ComboScan: finished at 2007-03-18 at 23:4

Here is my supplementary.txt

ComboScan v20070306.20 run by Ryan Popovitch on 2007-03-18 at 23:38:59
Supplementary logfile - please post this as an attachment with your post.
----------------------

-- System Informa-----

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel(R) Core(TM)2 CPU 6400 @ 2.13GHz
CPU 1: Intel(R) Core(TM)2 CPU 6400 @ 2.13GHz
Percentage of Memory in Use: 25%
Physical Memory (total/avail): 2045.98 MiB / 1530.54 MiB
Pagefile Memory (total/avail): 3938.33 MiB / 3591.03 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1950.48 MiB

C: is Fixed (NTFS) - 228.13 GiB total, 205.15 GiB free.
D: is CDROM (UDF)
E: is CDROM (No Media)

-- Security Ce--------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.

FW: Trend Micro PC-cillin Internet Security (Firewall) v12 (Trend Micro, Inc.)
AV: Trend Micro PC-cillin Internet Security v12.7.1019 (Trend Micro, Inc.)

-- Environment Varia--

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Ryan Popovitch\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=RYAN
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Ryan Popovitch
LOGONSERVER=\\RYAN
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Intel\DMIX;C:\Program Files\Common Files\Roxio Shared\DLLShared\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 6, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f06
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SonicCentral=C:\Program Files\Common Files\Sonic Shared\Sonic Central\
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\RYANPO~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\RYANPO~1\LOCALS~1\Temp
USERDOMAIN=RYAN
USERNAME=Ryan Popovitch
USERPROFILE=C:\Documents and Settings\Ryan Popovitch
windir=C:\WINDOWS

-- User Prof----------

Ryan Popovitch [I](admin)[/I]
Administrator [I](admin)[/I]

-- Add/Remove Prog----

--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
--> MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095}
--> MsiExec.exe /I{95D9B4D8-B091-4fab-80EA-313EB4B82FD6}
--> MsiExec.exe /I{EB997E90-5EB0-4eb5-90D0-90B1D2F0CA03}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
924PLC32 --> MsiExec.exe /I{94721EA3-7EA6-43EA-B99C-A5D0E3C66240}
a-squared Anti-Malware 2.1 --> "C:\Program Files\a-squared Anti-Malware\unins000.exe"
ABBYY FineReader 6.0 Sprint --> MsiExec.exe /I{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Reader 7.0.8 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70800000002}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Age of Empires III Trial --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{25B25C84-6132-4662-972B-4E4DC1B00C98}
AIM 6.0 --> C:\Program Files\AIM6\uninst.exe
AOL Coach Version 1.0(Build:20040229.1 en) --> C:\Program Files\Common Files\aolshare\Coach\AolCInUn.exe
AOL Connectivity Services --> C:\PROGRA~1\COMMON~1\AOL\ACS\AcsUninstall.exe /c
AOL Instant Messenger --> C:\Program Files\AIM\uninstll.exe -LOG= C:\Program Files\AIM\install.log -OEM=
AOL Uninstaller (Choose which Products to Remove) --> C:\Program Files\Common Files\AOL\uninstaller.exe
AOLIcon --> MsiExec.exe /I{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}
Battlefield 2142 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ED50ECE9-EC54-4C05-B5ED-EE4741A9F2EC}\setup.exe" -l0x9 -removeonly
Blackhawk Striker 2 --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\C0A0AA4D-C79B-48CA-8843-2B02B626C9E6\Uninstall.exe"
Command & Conquer 3 Tiberium Wars™ Demo --> MsiExec.exe /I{39F7653F-3E82-4FED-9EE5-6B9253EA57E3}
Conexant D850 56K V.9x DFVc Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1\HXFSETUP.EXE -U -Idel200fk.inf
Corel Photo Album 6 --> MsiExec.exe /X{8A9B8148-DDD7-448F-BD6C-358386D32354}
Dell CinePlayer --> MsiExec.exe /I{43CAC9A1-1993-4F65-9096-7C9AFC2BBF54}
Dell Digital Jukebox Driver --> C:\Program Files\Dell\Digital Jukebox Drivers\DrvUnins.exe /s
Dell Driver Reset Tool --> MsiExec.exe /I{5905F42D-3F5F-4916-ADA6-94A3646AEE76}
Dell Game Console --> "C:\Program Files\WildTangent\Apps\Dell Game Console\Uninstall.exe"
Dell Photo AIO Printer 924 --> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\dlccUNST.EXE -NOLICENSE
Dell Support 3.2 --> MsiExec.exe /X{3846E811-639D-4DE1-844B-30491C0A6C0C}
Digital Content Portal --> MsiExec.exe /I{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}
Digital Line Detect --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText
Documentation & Support Launcher --> MsiExec.exe /X{B0DF58A2-40DF-4465-AA56-38623EC9938C}
EA Link --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{F5577101-33CC-4711-8235-3A95BCD49DB0} /l1033
EarthLink setup files --> MsiExec.exe /X{728278A1-0BB7-45E4-AC5E-91D7C0FD1EDE}
EducateU --> MsiExec.exe /I{A683A2C0-821C-486F-858C-FA634DB5E864}
ELIcon --> MsiExec.exe /I{4667B940-BB01-428B-986E-A0CC46497BF7}
ESPNMotion --> C:\PROGRA~1\ESPNMO~1\UNWISE.EXE /u C:\PROGRA~1\ESPNMO~1\INSTALL.LOG
Games, Music, & Photos Launcher --> MsiExec.exe /X{B6884A07-0305-47AE-9969-8F26FADC17DE}
GemMaster Mystic --> "C:\Program Files\GemMaster\uninstallgemmaster.exe"
Get High Speed Internet! --> MsiExec.exe /I{7A3F0566-5E05-4919-9C98-456F6B5CF831}
Google Desktop --> C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar4.dll"
High Definition Audio Driver Package - KB835221 --> C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
Intel(R) Matrix Storage Manager --> C:\WINDOWS\System32\Imsmudlg.exe
Intel(R) Quick Resume Technology Drivers --> C:\WINDOWS\System32\Elusetup.exe
Intel® Viiv™ Software --> MsiExec.exe /X{7EAB1D85-7BA3-47C1-BBF7-A0EBC241DB94}
Internet Service Offers Launcher --> MsiExec.exe /X{E42BD75A-FC23-4E3F-9F91-2658334C644F}
J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Learn2 Player (Uninstall Only) --> C:\Program Files\Learn2.com\StRunner\stuninst.exe
LimeWire 4.12.11 --> "C:\Program Files\LimeWire\uninstall.exe"
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{91110409-6000-11D3-8CFE-0150048383C9}
Microsoft Plus! Digital Media Edition Installer --> MsiExec.exe /X{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}
Microsoft Plus! Photo Story 2 LE --> MsiExec.exe /X{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}
Microsoft Works --> MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}
Modem Helper --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
Musicmatch® Jukebox --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{85D3CC30-8859-481A-9654-FD9B74310BEF}\setup.exe" -l0x9 -uninst
NetWaiting --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText
NetZeroInstallers --> MsiExec.exe /X{352310C3-E46B-42D3-8F32-54721FDD72D9}
NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI
Otto --> "C:\Program Files\EnglishOtto\uninstallotto.exe"
Polar Golfer --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\651956B7-1969-42AA-9453-E0B813019D54\Uninstall.exe"
Qualxserve Service Agreement --> MsiExec.exe /X{0F756CD9-4A1E-409B-B101-601DDC4C03AA}
QuickTime --> C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.log
RealPlayer Basic --> C:\Program Files\Common Files\Real\Update\\rnuninst.exe RealNetworks|RealPlayer|6.0
Roxio DLA --> MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Roxio MyDVD LE --> MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29}
Roxio RecordNow Audio --> MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Roxio RecordNow Copy --> MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Roxio RecordNow Data --> MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
SearchAssist --> C:\DELL\SearchAssist\UninstSA.bat
Sonic Activation Module --> MsiExec.exe /I{5B6BE547-21E2-49CA-B2E2-6A5F470593B1}
Sonic Encoders --> MsiExec.exe /I{9941F0AA-B903-4AF4-A055-83A9815CC011}
Sonic Update Manager --> MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Trend Micro PC-cillin Internet Security 12 --> MsiExec.exe /X{7698EDA5-A90F-4205-99CB-8FF6F9048ED9}
Update Rollup 2 for Windows XP Media Center Edition 2005 --> C:\WINDOWS\$NtUninstallKB900325$\spuninst\spuninst.exe
URL Assistant --> regsvr32 /u /s "C:\Program Files\BAE\BAE.dll"
Ventrilo Client --> MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
WildTangent Web Driver --> C:\Program Files\WildTangent\Apps\CDA\CDAUninstall.exe
Windows XP Media Center Edition 2005 KB908246 --> "C:\WINDOWS\$NtUninstallKB908246$\spuninst\spuninst.exe"
Windows XP Media Center Edition 2005 KB912067 -->
Yahoo! Toolbar --> C:\PROGRA~1\Yahoo!\Common\unyt.exe

-- End of ComboScan: finished at 2007-03-18 at 23:4

I was just wondering if the steps that you told me to fix my computer were the ones to get rid of the myspace virus because I know for sure that I still had it before I did the last things that you told me to do. I'm only asking because you had me delete the viewpoint files and in the other posts that I read about the virus it seemed like you were telling others to delete the svchost files. I totally trust you on this because I wouldn't know what to do but I just wanted to get that cleared up.

Go to this link, http://www.virustotal.com/en/indexf.html and use the "browse" button to locate this file:

C:\WINDOWS\gcsvc.exe

then double click the file to enter it into the "upload and scan box", click send then post the results. You may have to scroll to the right to see the "send" button.

That file isn't on my computer. I used the link that you told me and then I did a search for it from the start menu.

Even though I couldn't find it in the browse window or double click it, I just typed it in the window and then pressed the scan button and it is working now. I hope this is alright.

Complete scanning result of "gcsvc.exe", received in VirusTotal at 03.19.2007, 05:27:37 (CET).

AhnLab-V3 2007.3.19.0 03.19.2007 Win32/IRCBot.worm.Gen
AntiVir 7.3.1.43 03.18.2007 Worm/Sdbot.43218
Authentium 4.93.8 03.17.2007 no virus found
Avast 4.7.936.0 03.19.2007 Win32:SdBot-gen44
AVG 7.5.0.447 03.18.2007 IRC/BackDoor.SdBot2.WED
BitDefender 7.2 03.19.2007 Generic.Sdbot.96D74835
CAT-QuickHeal 9.00 03.15.2007 (Suspicious) - DNAScan
ClamAV 0.90.1 03.19.2007 no virus found
DrWeb 4.33 03.18.2007 Win32.HLLW.MyBot.based
eSafe 7.0.14.0 03.16.2007 Suspicious Trojan/Worm
eTrust-Vet 30.6.3486 03.16.2007 no virus found
Ewido 4.0 03.18.2007 Backdoor.SdBot.aad
FileAdvisor 1 03.19.2007 no virus found
Fortinet 2.85.0.0 03.19.2007 W32/Tilebot.AAD!tr.bdr
F-Prot 4.3.1.45 03.17.2007 W32/Threat-HLLIP-based!Maximus
F-Secure 6.70.13030.0 03.18.2007 Backdoor.Win32.SdBot.aad
Ikarus T3.1.1.3 03.18.2007 Backdoor.Win32.SdBot.aad
Kaspersky 4.0.2.24 03.19.2007 Backdoor.Win32.SdBot.aad
McAfee 4986 03.16.2007 no virus found
Microsoft 1.2306 03.19.2007 no virus found
NOD32v2 2125 03.18.2007 a variant of IRC/SdBot
Norman 5.80.02 03.16.2007 W32/SDBot.APNI
Panda 9.0.0.4 03.18.2007 Suspicious file
Prevx1 V2 03.19.2007 no virus found
Sophos 4.15.0 03.13.2007 W32/Tilebot-Gen
Sunbelt 2.2.907.0 03.16.2007 VIPRE.Suspicious
Symantec 10 03.19.2007 no virus found
TheHacker 6.1.6.076 03.15.2007 no virus found
UNA 1.83 03.16.2007 no virus found
VBA32 3.11.2 03.18.2007 Backdoor.Win32.SdBot.aad
VirusBuster 4.3.7:9 03.18.2007 no virus found

Aditional Information
File size: 43218 bytes
MD5: 195d0ea48fd59d9060b55fcce208ef52
SHA1: bfd9750f1b25119857b56de28bec0624f7fd84e4
packers: PECompact
packers: PECOMPACT
Sunbelt info: VIPRE.Suspicious is a generic detection for potential threats that are deemed suspicious through heuristics.

It may be hidden, but as long as we get the info that will be ok.

Set up the computer to view hidden files by going to start>control panel>folder options>view tab>tick the circle beside "show hidden files and folders" and untick the box beside "hide extensions of known file types" and "hide protected system operating files">apply>ok.

Now look for the file again.

Alright the file showed up when I unclicked hide protected system operating files. Should I go back and hide this after I fix the problem? It looks like the results are the same as the last post.

Antivirus Version Update Result
AhnLab-V3 2007.3.19.0 03.19.2007 Win32/IRCBot.worm.Gen
AntiVir 7.3.1.43 03.18.2007 Worm/Sdbot.43218
Authentium 4.93.8 03.17.2007 no virus found
Avast 4.7.936.0 03.19.2007 Win32:SdBot-gen44
AVG 7.5.0.447 03.18.2007 IRC/BackDoor.SdBot2.WED
BitDefender 7.2 03.19.2007 Generic.Sdbot.96D74835
CAT-QuickHeal 9.00 03.15.2007 (Suspicious) - DNAScan
ClamAV 0.90.1 03.19.2007 no virus found
DrWeb 4.33 03.18.2007 Win32.HLLW.MyBot.based
eSafe 7.0.14.0 03.16.2007 Suspicious Trojan/Worm
eTrust-Vet 30.6.3486 03.16.2007 no virus found
Ewido 4.0 03.18.2007 Backdoor.SdBot.aad
FileAdvisor 1 03.19.2007 no virus found
Fortinet 2.85.0.0 03.19.2007 W32/Tilebot.AAD!tr.bdr
F-Prot 4.3.1.45 03.17.2007 W32/Threat-HLLIP-based!Maximus
F-Secure 6.70.13030.0 03.18.2007 Backdoor.Win32.SdBot.aad
Ikarus T3.1.1.3 03.18.2007 Backdoor.Win32.SdBot.aad
Kaspersky 4.0.2.24 03.19.2007 Backdoor.Win32.SdBot.aad
McAfee 4986 03.16.2007 no virus found
Microsoft 1.2306 03.19.2007 no virus found
NOD32v2 2125 03.18.2007 a variant of IRC/SdBot
Norman 5.80.02 03.16.2007 W32/SDBot.APNI
Panda 9.0.0.4 03.18.2007 Suspicious file
Prevx1 V2 03.19.2007 no virus found
Sophos 4.15.0 03.13.2007 W32/Tilebot-Gen
Sunbelt 2.2.907.0 03.16.2007 VIPRE.Suspicious
Symantec 10 03.19.2007 no virus found
TheHacker 6.1.6.076 03.15.2007 no virus found
UNA 1.83 03.16.2007 no virus found
VBA32 3.11.2 03.18.2007 Backdoor.Win32.SdBot.aad
VirusBuster 4.3.7:9 03.18.2007 no virus found

Aditional Information
File size: 43218 bytes
MD5: 195d0ea48fd59d9060b55fcce208ef52
SHA1: bfd9750f1b25119857b56de28bec0624f7fd84e4
packers: PECompact
packers: PECOMPACT
Sunbelt info: VIPRE.Suspicious is a generic detection for potential threats that are deemed suspicious through heuristics.

Please download ATF-Cleaner to your desktop from this link
http://www.atribune.org/content/view/19/2/ We will need it later in safe mode

Download and install AVG Anti-Spyware We will need this later in safe mode

Be sure to update AVG Anti- Spyware

Download Killbox to your desktop from this link Killbox by Option^Explicit. If you already have "Killbox" update to this newer version. We will need it later in safe mode

Go to start> control panel> administrative tools> services> scroll down to:

RPSGV (Remote Print Spooler)

and double click it> click stop> click the drop down arrow on the far right of "startup type"> click disable> apply> ok.

Check this file at virusTotal and if it shows signs of a virus delte it with Killbox when you get there:

C:\WINDOWS\system32\E5AC7ABBE8.sys

Next, please reboot your computer in Safe Mode by doing the following :

Restart your computer

After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;

Instead of Windows loading as normal, a menu with options should appear;

Select the first option, to run Windows in Safe Mode, then press "Enter".

Choose your usual account.

Run Hijack This from safe mode, close all windows except Hijack This, place a check to the left of the following items and press "fix checked":

O23 - Service: Remote Print Spooler (RPSGV) - Unknown owner - C:\WINDOWS\gcsvc.exe

Exit Hijack this but remain in safe mode.

Run Killbox from safe mode. Please double-click Killbox.exe to run it.
Select:
Delete on Reboot
then Click on the All Files button.
Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

C:\WINDOWS\gcsvc.exe

Return to Killbox, go to the File menu, and choose Paste from Clipboard.

Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let us know if you receive this message!).

If your computer does not restart automatically, please restart it manually.

Run ATF-Cleaner from safe mode.Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

Empty the restore folder. Go to start>control panel>system>system restore tab>check the box beside "turn off system restore>apply (takes a minute)>ok. Go back and uncheck the box to turn system restore back on>apply>ok.

In Safe Mode, run AVG Anti-spyware and click on the Scanner tab at the top. Click the "Settings" tab and then change the recommended action to Quarantine and click Automatically generate report after every scan. Click back to the "Scan" tab and then click on Complete System Scan. This scan can take quite a while to run, so be prepared.

AVG Anti-Spyware will list any infections found on the left hand side. When the scan has finished, it will automatically set the recommended action. Click the Apply all actions button. AVG Anti-Spyware will display "All actions have been applied" on the right hand side.

Click on "Save Report", then "Save Report As". This will create a text file. Make sure you know where to find this file again (like on the Desktop).

Post the AVG report and a new comboscan.

When I ran comboscan, the supplementary text did not show up. I looked in the C:\ComboScan folder and the folders that were in there with each scan did not show the supplementary text either. The only supplementary text available was the one from my previous scan.

AVG Anti-Spyware - Scan Report

+ Created at: 1:58:10 AM 3/19/2007

+ Scan result:

Nothing found.

::Report end

ComboScan v20070306.20 run by Ryan Popovitch on 2007-03-19 at 02:03:03
Computer is in Normal Mode.
----------------------

-- HijackThis (run as Ryan Popovitch.--------------

Logfile of HijackThis v1.99.1
Scan saved at 2:04:33 AM, on 3/19/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\dlcccoms.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\agent.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Ryan Popovitch\Desktop\Downloads\comboscan.exe
C:\PROGRA~1\HIJACK~1\RYANPO~1.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3061015
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?Lin...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3061015
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe"
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DLCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [dlccmon.exe] "C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?Lin...
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: dlcc_device - - C:\WINDOWS\system32\dlcccoms.exe
O23 - Service: Intel(R) Quick Resume technology (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

-- Files created between 2007-02-19 and 20---------

2007-03-19 01:37:41 3968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-03-19 01:37:38 0 d-------- C:\Program Files\Grisoft
2007-03-19 01:27:45 0 d-------- C:\!KillBox
2007-03-17 01:33:18 3318 --a------ C:\WINDOWS\system32\tmp.reg
2007-03-17 01:33:04 79360 --a------ C:\WINDOWS\system32\swxcacls.exe
2007-03-17 01:33:04 40960 --a------ C:\WINDOWS\system32\swsc.exe
2007-03-17 01:33:04 135168 --a------ C:\WINDOWS\system32\swreg.exe
2007-03-17 01:33:04 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-03-17 01:33:04 53248 --a------ C:\WINDOWS\system32\Process.exe
2007-03-17 01:33:04 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-03-15 17:54:08 0 d-------- C:\Program Files\a-squared Anti-Malware<A-SQUA~1>
2007-03-15 15:34:04 0 d-------- C:\Documents and Settings\Ryan Popovitch\Application Data\Command & Conquer 3 Tiberium Wars Demo<COMMAN~1>
2007-03-15 15:33:35 3426072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2007-03-12 19:00:54 0 d-------- C:\ProgramData<PROGRA~2>
2007-03-06 14:47:29 0 d-------- C:\Documents and Settings\Ryan Popovitch\Shared
2007-03-06 14:47:26 0 d-------- C:\Documents and Settings\Ryan Popovitch\Incomplete<INCOMP~1>
2007-03-06 14:47:09 0 d-------- C:\Program Files\LimeWire
2007-03-06 14:46:34 0 d-------- C:\Documents and Settings\Ryan Popovitch\.limewire<LIMEWI~1>
2007-03-06 11:58:13 0 d-------- C:\Documents and Settings\Ryan Popovitch\Application Data\AdobeUM
2007-03-01 21:45:34 0 d-------- C:\Program Files\Common Files\Viewpoint<VIEWPO~1>
2007-02-27 12:04:08 0 d-------- C:\Documents and Settings\Ryan Popovitch\Application Data\Corel Photo Album<CORELP~1>
2007-02-27 12:03:57 3350 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2007-02-27 12:03:57 88 -r-hs---- C:\WINDOWS\system32\E5AC7ABBE8.sys<E5AC7A~1.SYS>
2007-02-25 19:35:11 0 d-------- C:\Documents and Settings\Ryan Popovitch\Application Data\acccore
2007-02-25 19:34:53 0 d-------- C:\Documents and Settings\All Users\Application Data\AOL OCP<AOLOCP~1>
2007-02-25 19:34:21 0 d-------- C:\Program Files\AIM6
2007-02-25 19:33:16 0 d-------- C:\Documents and Settings\All Users\Application Data\AOL Downloads<AOLDOW~1>

-- Find3M Re----------

2007-03-19 00:58:39 0 d-------- C:\Program Files\Dl_cats
2007-03-15 18:43:01 0 d-------- C:\Program Files\Ares
2007-03-15 15:31:52 0 d-------- C:\Program Files\Electronic Arts<ELECTR~1>
2007-03-12 19:00:59 0 d--h----- C:\Program Files\InstallShield Installation Information<INSTAL~1>
2007-02-28 16:12:50 0 d-------- C:\Program Files\AIM
2007-02-25 19:34:24 0 d-------- C:\Program Files\Common Files\AOL
2007-02-22 02:27:32 0 d---s---- C:\Documents and Settings\Ryan Popovitch\Application Data\Microsoft<MICROS~1>
2007-02-17 07:07:28 0 d-------- C:\Program Files\Dell Photo AIO Printer 924<DELLPH~1>
2007-02-12 21:42:44 0 d-------- C:\Program Files\Abbyy FineReader 6.0 Sprint<ABBYYF~1.0SP>
2007-02-06 00:51:18 0 d-------- C:\Program Files\Google
2007-02-03 17:20:59 0 d-------- C:\Documents and Settings\Ryan Popovitch\Application Data\Ventrilo
2007-02-03 17:18:59 0 d-------- C:\Program Files\Ventrilo
2007-02-03 17:18:39 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard<WISEIN~1>
2007-01-29 04:58:06 60416 -----n--- C:\WINDOWS\system32\tzchange.exe
2007-01-24 18:35:08 0 d-------- C:\Program Files\Wolfenstein - Enemy Territory<WOLFEN~1>
2007-01-24 16:30:59 0 d-------- C:\Documents and Settings\Ryan Popovitch\Application Data\Viewpoint<VIEWPO~1>
2007-01-22 02:15:29 187 --a------ C:\Documents and Settings\Ryan Popovitch\Application Data\G-Force Prefs (WindowsMediaPlayer).txt<G-FORC~1.TXT>
2007-01-12 10:27:42 232960 --a------ C:\WINDOWS\system32\webcheck.dll
2007-01-12 10:27:42 51712 -----n--- C:\WINDOWS\system32\msfeedsbs.dll<MSFEED~1.DLL>
2007-01-12 10:27:42 458752 --a------ C:\WINDOWS\system32\msfeeds.dll
2007-01-12 10:27:42 6054400 --a------ C:\WINDOWS\system32\ieframe.dll
2007-01-08 20:04:54 105984 --a------ C:\WINDOWS\system32\url.dll
2007-01-08 20:04:08 102400 --a------ C:\WINDOWS\system32\occache.dll
2007-01-08 20:02:04 266752 --a------ C:\WINDOWS\system32\iertutil.dll
2007-01-08 20:02:04 44544 --a------ C:\WINDOWS\system32\iernonce.dll
2007-01-08 20:02:02 384000 --a------ C:\WINDOWS\system32\iedkcs32.dll
2007-01-08 20:02:02 383488 --a------ C:\WINDOWS\system32\ieapfltr.dll
2007-01-08 20:02:02 161792 --a------ C:\WINDOWS\system32\ieakui.dll
2007-01-08 20:02:02 230400 --a------ C:\WINDOWS\system32\ieaksie.dll
2007-01-08 20:02:02 153088 --a------ C:\WINDOWS\system32\ieakeng.dll
2007-01-08 20:01:14 17408 --a------ C:\WINDOWS\system32\corpol.dll
2007-01-08 20:00:48 124928 --a------ C:\WINDOWS\system32\advpack.dll
2007-01-08 19:08:14 56832 --a------ C:\WINDOWS\system32\ie4uinit.exe
2007-01-08 19:08:10 13824 --a------ C:\WINDOWS\system32\ieudinit.exe
2006-12-19 17:52:18 134656 --a------ C:\WINDOWS\system32\shsvcs.dll
2006-12-19 14:16:47 333824 --a------ C:\WINDOWS\system32\wiaservc.dll

-- Registry ----------

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"OE_OEM"="\"C:\\Program Files\\Trend Micro\\Internet Security 12\\TMAS_OE\\TMAS_OEMon.exe\""
"DellSupport"="\"C:\\Program Files\\Dell Support\\DSAgnt.exe\" /startup"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"
"Aim6"=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"ehTray"="C:\\WINDOWS\\ehome\\ehtray.exe"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"SigmatelSysTrayApp"="stsystra.exe"
"IAAnotif"="C:\\Program Files\\Intel\\Intel Matrix Storage Manager\\Iaanotif.exe"
"DMXLauncher"="C:\\Program Files\\Dell\\Media Experience\\DMXLauncher.exe"
"ISUSPM Startup"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\isuspm.exe\" -startup"
"ISUSScheduler"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start"
@=""
"pccguide.exe"="\"C:\\Program Files\\Trend Micro\\Internet Security 12\\pccguide.exe\""
"DLA"="C:\\WINDOWS\\System32\\DLA\\DLACTRLW.EXE"
"Google Desktop Search"="\"C:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe\" /startup"
"MMTray"="\"C:\\Program Files\\Musicmatch\\Musicmatch Jukebox\\mm_tray.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"DLCCCATS"="rundll32 C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\DLCCtime.dll,_RunDLLEntry@16"
"dlccmon.exe"="\"C:\\Program Files\\Dell Photo AIO Printer 924\\dlccmon.exe\""
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"appinit_dlls"="C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,\
63,65,73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,5c,52,6f,79,61,6c,65,2e,\
6d,73,73,74,79,6c,65,73,00
"InstallTheme"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,63,65,\
73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,2e,74,68,65,6d,65,00

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoCDBurning"=dword:00000000

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
Shell\AutoRun\command E:\setup.exe
*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_AVGASCLN

-- End of ComboScan: finished at 2007-03-19 at 02:0

Are the steps that you told me to do the same that anyone who has this virus would need to take? I'm just wondering so I can tell my friend who gave me the virus how to do this.

The virus is different on every computer>

Did you check this file at VirusTotal:

C:\WINDOWS\system32\E5AC7ABBE8.sys

Complete scanning result of "E5AC7ABBE8.sys", received in VirusTotal at 03.19.2007, 14:24:11 (CET).

AhnLab-V3 2007.3.19.0 03.19.2007 no virus found
AntiVir 7.3.1.43 03.19.2007 no virus found
Authentium 4.93.8 03.17.2007 no virus found
Avast 4.7.936.0 03.19.2007 no virus found
AVG 7.5.0.447 03.19.2007 no virus found
BitDefender 7.2 03.19.2007 no virus found
CAT-QuickHeal 9.00 03.15.2007 no virus found
ClamAV devel-20070312 03.19.2007 no virus found
DrWeb 4.33 03.19.2007 no virus found
eSafe 7.0.14.0 03.19.2007 no virus found
eTrust-Vet 30.6.3491 03.19.2007 no virus found
Ewido 4.0 03.19.2007 no virus found
FileAdvisor 1 03.19.2007 no virus found
Fortinet 2.85.0.0 03.19.2007 no virus found
F-Prot 4.3.1.45 03.17.2007 no virus found
F-Secure 6.70.13030.0 03.19.2007 no virus found
Ikarus T3.1.1.3 03.19.2007 no virus found
Kaspersky 4.0.2.24 03.19.2007 no virus found
McAfee 4986 03.16.2007 no virus found
Microsoft 1.2306 03.19.2007 no virus found
NOD32v2 2126 03.19.2007 no virus found
Norman 5.80.02 03.19.2007 no virus found
Panda 9.0.0.4 03.19.2007 no virus found
Prevx1 V2 03.19.2007 no virus found
Sophos 4.15.0 03.13.2007 no virus found
Sunbelt 2.2.907.0 03.16.2007 no virus found
Symantec 10 03.19.2007 no virus found
TheHacker 6.1.6.077 03.19.2007 no virus found
UNA 1.83 03.16.2007 no virus found
VBA32 3.11.2 03.18.2007 no virus found
VirusBuster 4.3.7:9 03.18.2007 no virus found

Aditional Information
File size: 88 bytes
MD5: de9b61e5edf8096e8270d7fcc01ea67d
SHA1: 698cab1ae97720cbc80517bcdcbfdb36113b5e62