my computer got the lovgate.f worm and i think there was a virus piggy-backed to it because my computer started randomly shutting down when burning(anything) and now it does it when trying to run certain virus scans. I use ad-aware, AVG, and Avast! any suggestions? my CPU usage is crazy and goes really high then low, but mostly high while nothing is running. Also, i know it is not a heat problem too.

Please download SDFix by AndyManchesta and save it to your desktop.

Please then reboot your computer in Safe Mode by doing the following:
Restart your computer.
After hearing your computer beep once during startup, but just before the Windows icon appears, tap the F8 key continually.
Instead of Windows loading as normal, a menu with options should appear.
Select the first option, to run Windows in "Safe Mode", then press "Enter".
Choose your usual account.

Once in Safe Mode, please do the following:
In Safe Mode, right-click the SDFix.zip folder and choose Extract All.
Open the extracted folder and double-click RunThis.bat to start the script.
Type Y to begin the script.
It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
Your system will take longer that normal to restart as the fixtool will be running and removing files.
When the desktop loads the fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons.
Finally open the SDFix folder on your desktop and copy and paste the contents of the results file Report.txt

Please download SmitFraudFix from this link http://siri.urz.free.fr/Fix/Smitfra... Then extract the contents to your desktop.

!!!! Only run option #1 as runing the other options on an uninfected computer will damage the desktop.!!!!

Open the "SmitfraudFix" folder and double-click "smitfraudfix.cmd"
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.
Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.

Please download and install the latest version of HijackThis v2.0.2:

Download the HijackThis Installer from this link: HijackThis

1. Save " HJTInstall.exe" to your desktop.
2. Double click on HJTInstall.exe to run the program.
3. By default it will install to C:\Program Files\Trend Micro\HijackThis.
4. Accept the license agreement by clicking the "I Accept" button.
5.Click on the "Do a system scan and save a log file" button. It will scan and then ask you to save the log.
6. Click "Save log" to save the log file and then the log will open in Notepad.
7. Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
8. Paste the log in your next reply.
9. Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.

when i restart and hit f8, it asks me where to boot from (cd, HD, etc) not the normal safe mode screen i am used to

Run Combofix, post its log and a Hijack This log please.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:29:55 PM, on 10/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
E:\Program Files\Alwil Software\Avast4\ashServ.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\Common Files\AOL\1156714696\ee\AOLSoftware.exe
E:\Program Files\Common Files\AOL\ACS\AOLDial.exe
E:\Program Files\Creative\SBAudigy4\DVDAudio\CTDVDDET.EXE
E:\Program Files\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe
E:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
E:\WINDOWS\CTHELPER.EXE
E:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
E:\PROGRA~1\Grisoft\AVG7\avgcc.exe
E:\Program Files\Common Files\Real\Update_OB\realsched.exe
E:\Program Files\UltraMon\UltraMon.exe
E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
E:\Program Files\iTunes\iTunesHelper.exe
E:\Program Files\UltraMon\UltraMonTaskbar.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
E:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
E:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
E:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
E:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
E:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
E:\Program Files\Nikon\PictureProject\NkbMonitor.exe
E:\PROGRA~1\Grisoft\AVG7\avgemc.exe
E:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
E:\WINDOWS\System32\nvsvc32.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
E:\Program Files\Alwil Software\Avast4\ashWebSv.exe
E:\Program Files\iPod\bin\iPodService.exe
e:\program files\common files\aol\1156714696\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
e:\program files\common files\aol\1156714696\ee\aolsoftware.exe
E:\Program Files\Common Files\Teleca Shared\Generic.exe
E:\Program Files\Trend Micro\HijackThis\HijackThis.exe
E:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
E:\WINDOWS\system32\wuauclt.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.comcast.net/toolbar2.0/s...
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.comcast.net/toolbar2.0/s...
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - E:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - E:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - E:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O4 - HKLM\..\Run: [HostManager] E:\Program Files\Common Files\AOL\1156714696\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AOLDialer] E:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [Pure Networks Port Magic] "E:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [CTDVDDET] "E:\Program Files\Creative\SBAudigy4\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [CTSysVol] E:\Program Files\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [RCSystem] "E:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" RCSystem * -Startup
O4 - HKLM\..\Run: [AudioDrvEmulator] "E:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "E:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] E:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG7_CC] E:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "E:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] E:\Program Files\Browser Mouse\MOffice.exe
O4 - HKLM\..\Run: [UltraMon] "E:\Program Files\UltraMon\UltraMon.exe" /auto
O4 - HKLM\..\Run: [avast!] E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [FLMK08KB] E:\Program Files\Multimedia keyboard utility\KbdAp32A.exe
O4 - HKLM\..\Run: [iTunesHelper] "E:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [343763395] D:\Reg\Pentax_Win_GM_12062004.exe /r "D:\Reg\Pentax_Win_GM_12062004.rpd"
O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "E:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "E:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /Minimized
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "E:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] E:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] E:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] E:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] E:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: NkbMonitor.exe.lnk = E:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: Post-it® Software Notes.lnk = E:\Program Files\3M\PSNotes2\Psn2.exe
O8 - Extra context menu item: &AOL Toolbar search - res://E:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - E:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - E:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - E:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: e:\windows\system32\nwprovau.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - E:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - E:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - E:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - E:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - E:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\System32\nvsvc32.exe

--
End of file - 9230 bytes

ComboFix 07-10-11.5 - Mike 2007-10-10 19:36:06.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.596 [GMT -7:00]
Running from: E:\Documents and Settings\Mike\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

E:\WINDOWS\system32\drivers\nvudisp.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_NWSAPAGENT
-------\NwSapAgent

((((((((((((((((((((((((( Files Created from 2007-09-11 to 2007-10-11 )))))))))))))))))))))))))))))))
.

2007-10-10 19:35 51,200 --a------ E:\WINDOWS\NirCmd.exe
2007-10-10 19:29 <DIR> d-------- E:\Program Files\Trend Micro
2007-10-09 21:54 584,192 -----c--- E:\WINDOWS\system32\dllcache\rpcrt4.dll
2007-10-09 21:31 <DIR> d-------- E:\Program Files\Alwil Software
2007-10-09 21:31 801,144 --a------ E:\WINDOWS\system32\aswBoot.exe
2007-10-09 21:31 95,608 --a------ E:\WINDOWS\system32\AvastSS.scr
2007-10-09 21:31 94,416 --a------ E:\WINDOWS\system32\drivers\aswmon2.sys
2007-10-09 21:31 92,848 --a------ E:\WINDOWS\system32\drivers\aswmon.sys
2007-10-09 21:31 42,912 --a------ E:\WINDOWS\system32\drivers\aswTdi.sys
2007-10-09 21:31 26,624 --a------ E:\WINDOWS\system32\drivers\aavmker4.sys
2007-10-09 21:31 23,152 --a------ E:\WINDOWS\system32\drivers\aswRdr.sys
2007-10-09 14:41 <DIR> d-------- E:\Documents and Settings\Mike\.housecall6.6
2007-10-02 23:09 <DIR> d-------- E:\Program Files\Nero
2007-10-02 15:18 <DIR> d-------- E:\Program Files\DVD Shrink
2007-09-26 02:02 3,441,296 --a------ E:\WINDOWS\Swordfish Screensaver 1.exe
2007-09-26 02:02 238,232 --a------ E:\WINDOWS\Swordfish Screensaver 1.scr
2007-09-26 02:02 40,960 --a------ E:\WINDOWS\Swordfish Screensaver 1.dll
2007-09-26 02:02 18,192 --a------ E:\WINDOWS\Swordfish Screensaver 1.dat
2007-09-26 01:43 <DIR> d-------- E:\Program Files\UltraMon
2007-09-26 01:43 <DIR> d-------- E:\Program Files\Common Files\Realtime Soft
2007-09-26 01:43 <DIR> d-------- E:\Documents and Settings\Mike\Application Data\Realtime Soft
2007-09-26 01:43 <DIR> d-------- E:\Documents and Settings\All Users\Application Data\Realtime Soft
2007-09-24 01:01 <DIR> d-------- E:\Documents and Settings\Mike\Application Data\DivX
2007-09-17 11:23 823,296 --a------ E:\WINDOWS\system32\divx_xx0c.dll
2007-09-17 11:23 823,296 --a------ E:\WINDOWS\system32\divx_xx07.dll
2007-09-17 11:22 802,816 --a------ E:\WINDOWS\system32\divx_xx11.dll
2007-09-17 11:22 739,840 --a------ E:\WINDOWS\system32\DivX.dll
2007-09-11 16:14 156,992 --a------ E:\WINDOWS\system32\DivXCodecVersionChecker.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-10 15:00 --------- d-----w E:\Documents and Settings\LocalService\Application Data\AVG7
2007-10-10 07:27 --------- d-----w E:\Documents and Settings\Mike\Application Data\AVG7
2007-10-04 00:29 --------- d-----w E:\Documents and Settings\All Users\Application Data\DVD Shrink
2007-10-03 23:45 --------- d-----w E:\Program Files\Winamp
2007-10-03 05:52 --------- d-----w E:\Program Files\Common Files\Ahead
2007-10-02 20:56 --------- d--h--w E:\Program Files\InstallShield Installation Information
2007-09-24 03:31 --------- d-----w E:\Program Files\DivX
2007-09-14 00:31 --------- d-----w E:\Program Files\WinMPG VideoConvert
2007-09-14 00:30 --------- d-----w E:\Program Files\Avi2Dvd
2007-09-10 22:23 --------- d-----w E:\Program Files\Common Files\Blizzard Entertainment
2007-09-06 22:06 --------- d-----w E:\Program Files\LimeWire
2007-08-31 02:33 --------- d-----w E:\Program Files\Ares
2007-08-26 23:18 --------- d-----w E:\Program Files\Java
2007-08-21 06:15 683,520 ----a-w E:\WINDOWS\system32\inetcomm.dll
2007-08-21 00:26 81,920 ----a-w E:\WINDOWS\system32\dpl100.dll
2007-08-21 00:26 196,608 ----a-w E:\WINDOWS\system32\dtu100.dll
2007-08-15 22:33 524,288 ----a-w E:\WINDOWS\system32\DivXsm.exe
2007-08-15 22:33 3,596,288 ----a-w E:\WINDOWS\system32\qt-dx331.dll
2007-08-15 22:33 200,704 ----a-w E:\WINDOWS\system32\ssldivx.dll
2007-08-15 22:33 129,784 ------w E:\WINDOWS\system32\pxafs.dll
2007-08-15 22:33 120,056 ------w E:\WINDOWS\system32\pxcpyi64.exe
2007-08-15 22:33 118,520 ------w E:\WINDOWS\system32\pxinsi64.exe
2007-08-15 22:33 1,044,480 ----a-w E:\WINDOWS\system32\libdivx.dll
2007-08-15 22:31 593,920 ----a-w E:\WINDOWS\system32\dpuGUI11.dll
2007-08-15 22:31 57,344 ----a-w E:\WINDOWS\system32\dpv11.dll
2007-08-15 22:31 53,248 ----a-w E:\WINDOWS\system32\dpuGUI10.dll
2007-08-15 22:31 344,064 ----a-w E:\WINDOWS\system32\dpus11.dll
2007-08-15 22:31 294,912 ----a-w E:\WINDOWS\system32\dpu11.dll
2007-08-15 22:31 294,912 ----a-w E:\WINDOWS\system32\dpu10.dll
2007-08-15 22:30 12,288 ----a-w E:\WINDOWS\system32\DivXWMPExtType.dll
2007-07-31 02:19 92,504 ----a-w E:\WINDOWS\system32\cdm.dll
2007-07-31 02:19 549,720 ----a-w E:\WINDOWS\system32\wuapi.dll
2007-07-31 02:19 53,080 ----a-w E:\WINDOWS\system32\wuauclt.exe
2007-07-31 02:19 43,352 ----a-w E:\WINDOWS\system32\wups2.dll
2007-07-31 02:19 325,976 ----a-w E:\WINDOWS\system32\wucltui.dll
2007-07-31 02:19 203,096 ----a-w E:\WINDOWS\system32\wuweb.dll
2007-07-31 02:19 1,712,984 ----a-w E:\WINDOWS\system32\wuaueng.dll
2007-07-31 02:18 33,624 ----a-w E:\WINDOWS\system32\wups.dll
2007-07-30 23:46 20 ---h--w E:\Documents and Settings\All Users\Application Data\PKP_DLds.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HostManager"="E:\Program Files\Common Files\AOL\1156714696\ee\AOLSoftware.exe" [2006-09-25 17:52]
"AOLDialer"="E:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [2006-10-23 05:50]
"Pure Networks Port Magic"="E:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" [2004-04-05 14:33]
"CTDVDDET"="E:\Program Files\Creative\SBAudigy4\DVDAudio\CTDVDDET.EXE" [2003-06-18 01:00]
"CTSysVol"="E:\Program Files\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe" [2005-02-15 16:10]
"RCSystem"="E:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-06-16 18:25]
"AudioDrvEmulator"="E:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-06-16 18:25]
"CTHelper"="CTHELPER.EXE" [2005-06-17 23:01 E:\WINDOWS\CTHELPER.EXE]
"UpdReg"="E:\WINDOWS\UpdReg.EXE" [2000-05-11 01:00]
"NvCplDaemon"="E:\WINDOWS\System32\NvCpl.dll" [2006-03-13 19:58]
"NvMediaCenter"="E:\WINDOWS\System32\NvMcTray.dll" [2006-03-13 19:58]
"SunJavaUpdateSched"="E:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"AVG7_CC"="E:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-09-13 09:23]
"QuickTime Task"="E:\Program Files\QuickTime\qttask.exe" [2006-11-02 20:50]
"TkBellExe"="E:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-11-21 18:25]
"FLMOFFICE4DMOUSE"="E:\Program Files\Browser Mouse\MOffice.exe" [2007-01-13 23:22]
"UltraMon"="E:\Program Files\UltraMon\UltraMon.exe" [2006-10-12 21:27]
"avast!"="E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 03:06]
"FLMK08KB"="E:\Program Files\Multimedia keyboard utility\KbdAp32A.exe" [2007-01-13 23:24]
"iTunesHelper"="E:\Program Files\iTunes\iTunesHelper.exe" [2005-10-18 12:58]
"nwiz"="nwiz.exe" [2006-03-13 19:58 E:\WINDOWS\system32\nwiz.exe]
"343763395"="D:\Reg\Pentax_Win_GM_12062004.exe" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="E:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56]
"MSMSGS"="E:\Program Files\Messenger\msmsgs.exe" [2004-10-13 09:24]
"Sony Ericsson PC Suite"="E:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-08-09 19:14]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="E:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" []
"ares"="C:\Program Files\Ares\Ares.exe" []

E:\Documents and Settings\All Users\Start Menu\Programs\Startup\
NkbMonitor.exe.lnk - E:\Program Files\Nikon\PictureProject\NkbMonitor.exe [2007-07-30 16:47:15]
Post-itr Software Notes.lnk - E:\Program Files\3M\PSNotes2\Psn2.exe [2002-01-21 08:00:24]

R2 UltraMonUtility;UltraMon Utility Driver;\??\E:\Program Files\Common Files\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys
R3 moufiltr;Mouse Filter Driver;E:\WINDOWS\system32\DRIVERS\moufiltr.sys
R3 UltraMonMirror;UltraMonMirror;E:\WINDOWS\system32\DRIVERS\UltraMonMirror.sys
S3 PciCon;PciCon;\??\D:\PciCon.sys
S3 w600bus;Sony Ericsson W600 driver (WDM);E:\WINDOWS\system32\DRIVERS\w600bus.sys
S3 w600mdfl;Sony Ericsson W600 USB WMC Modem Filter;E:\WINDOWS\system32\DRIVERS\w600mdfl.sys
S3 w600mdm;Sony Ericsson W600 USB WMC Modem Drivers;E:\WINDOWS\system32\DRIVERS\w600mdm.sys
S3 w600mgmt;Sony Ericsson W600 USB WMC Device Management Drivers;E:\WINDOWS\system32\DRIVERS\w600mgmt.sys
S3 w600obex;Sony Ericsson W600 USB WMC OBEX Interface Drivers;E:\WINDOWS\system32\DRIVERS\w600obex.sys

.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-10 19:40:38
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

E:\WINDOWS\system32\Postin__.FOT

scan completed successfully
hidden files: 1

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ATWPKT2]
"ImagePath"="\??\E:\WINDOWS\system32\drivers\ATWPKT2.SYS"
.
Completion time: 2007-10-10 19:42:01 - machine was rebooted
.
--- E O F ---

Go to this link, VirusTotal copy the following files one at the time into the "upload and scan box", click submit then post the results.

D:\Reg\Pentax_Win_GM_12062004.exe

E:\WINDOWS\system32\Postin__.FOT

Fix SafeBoot Reg key:

Download and run AVZ from rhis link Repair SafeBoot

Unzip it to a folder on your desktop
Double click on AVZ.exe
Click on the file tab and then click on System recovery
Put a checkmark next to Restore SafeBoot registry keys
Click on Execute selected operations

Try to run SDFix and post the results please.

cant find the first two files to put into that virus total program. also cant run sdfix without being in safe mode. i no longer have a boot.ini in msconfig and like i said earlier, F8 just asks what to boot from. not the normal screen to select safe mode. however, i did do the AVZ program like you said

Please download SmitFraudFix from this link http://siri.urz.free.fr/Fix/Smitfra... Then extract the contents to your desktop.

!!!! Only run option #1 as runing the other options on an uninfected computer will damage the desktop.!!!!

Open the "SmitfraudFix" folder and double-click "smitfraudfix.cmd"
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.
Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.

SmitFraudFix v2.240

Scan done at 16:18:59.39, Mon 10/15/2007
Run from E:\Documents and Settings\Mike\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
E:\Program Files\Alwil Software\Avast4\ashServ.exe
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\Explorer.EXE
E:\Program Files\Common Files\AOL\1156714696\ee\AOLSoftware.exe
E:\Program Files\Creative\SBAudigy4\DVDAudio\CTDVDDET.EXE
E:\Program Files\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe
E:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
E:\WINDOWS\CTHELPER.EXE
E:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
E:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
E:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
E:\PROGRA~1\Grisoft\AVG7\avgcc.exe
E:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
E:\Program Files\Common Files\Real\Update_OB\realsched.exe
E:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
E:\Program Files\UltraMon\UltraMon.exe
E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
E:\Program Files\iTunes\iTunesHelper.exe
E:\PROGRA~1\Grisoft\AVG7\avgemc.exe
E:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
E:\WINDOWS\system32\ctfmon.exe
E:\WINDOWS\System32\nvsvc32.exe
E:\Program Files\UltraMon\UltraMonTaskbar.exe
E:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Nikon\PictureProject\NkbMonitor.exe
E:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
E:\Program Files\Alwil Software\Avast4\ashWebSv.exe
E:\Program Files\iPod\bin\iPodService.exe
e:\program files\common files\aol\1156714696\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
e:\program files\common files\aol\1156714696\ee\aolsoftware.exe
E:\Program Files\Common Files\Teleca Shared\Generic.exe
E:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
E:\Program Files\Java\jre1.6.0_02\bin\jucheck.exe
E:\Program Files\America Online 9.0\waol.exe
E:\Program Files\America Online 9.0\shellmon.exe
E:\PROGRA~1\MOZILL~1\FIREFOX.EXE
E:\WINDOWS\system32\cmd.exe
E:\WINDOWS\notepad.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts

»»»»»»»»»»»»»»»»»»»»»»»» E:\

»»»»»»»»»»»»»»»»»»»»»»»» E:\WINDOWS

»»»»»»»»»»»»»»»»»»»»»»»» E:\WINDOWS\system

»»»»»»»»»»»»»»»»»»»»»»»» E:\WINDOWS\Web

»»»»»»»»»»»»»»»»»»»»»»»» E:\WINDOWS\system32

»»»»»»»»»»»»»»»»»»»»»»»» E:\Documents and Settings\Mike

»»»»»»»»»»»»»»»»»»»»»»»» E:\Documents and Settings\Mike\Application Data

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

»»»»»»»»»»»»»»»»»»»»»»»» E:\DOCUME~1\Mike\FAVORI~1

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

»»»»»»»»»»»»»»»»»»»»»»»» E:\Program Files

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» Rustock

»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Realtek RTL8169/8110 Family Gigabit Ethernet NIC - Packet Scheduler Miniport
DNS Server Search Order: 12.183.168.5
DNS Server Search Order: 12.127.16.67
DNS Server Search Order: 12.127.17.71

HKLM\SYSTEM\CCS\Services\Tcpip\..\{FCDFA58E-FF3D-4542-A3BC-2559B5910AAC}: DhcpNameServer=12.183.168.5 12.127.16.67 12.127.17.71
HKLM\SYSTEM\CS1\Services\Tcpip\..\{FCDFA58E-FF3D-4542-A3BC-2559B5910AAC}: DhcpNameServer=12.183.168.5 12.127.16.67 12.127.17.71
HKLM\SYSTEM\CS3\Services\Tcpip\..\{FCDFA58E-FF3D-4542-A3BC-2559B5910AAC}: DhcpNameServer=12.183.168.5 12.127.16.67 12.127.17.71
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=12.183.168.5 12.127.16.67 12.127.17.71
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=12.183.168.5 12.127.16.67 12.127.17.71
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=12.183.168.5 12.127.16.67 12.127.17.71

»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection

»»»»»»»»»»»»»»»»»»»»»»»» End

First you must uninstall one of the antivirus progarms you have. Chooose AVG or Avast and uninstall the other as they will conflict.

Next go to start> control panel> add/remove programs and uninstall this program if found:

LimeWire

Please download the Sophos Anti-Rootkit Scanner and save it to your desktop from the following link.
Sophos-Anti-Rootkit

You will need to enter your name, e-mail address and location in order to access the download page.
Once you have downloaded the file, double click the sarsfx icon
Review the licence agreement and click on the Accept button
The scanner will prompt you to extract the files to C:\SOPHTEMP - DO NOT change this location, simply click the Install button
Once the files have been extracted; using Windows Explorer, navigate to C:\SOPHTEMP and double click on the blue shield icon called sargui.

Ensure that there are checkmarks next to Running processes, Windows registry and Local hard drives, then click Start scan
Allow the program to scan your computer - please be patient as it may take some time
Once the scan has completed a window will pop-up with the results of the scan - click OK to this.

In the main window, you will see each of the entries found by the scan (if any)
If the scanner generated any warning messages, please click on each warning and copy and paste the text of it into this thread for me to review.

Once you have posted any warning messages here, you can close the scanner and wait for me to get back to you.

If you have not had any warnings, any entries which can be cleaned up by the scanner will have a box with a green checkmark in it next to the entry
To clean up these entries click on the Clean up checked items button.

If you accidentally check a file NOT recommended for clean up, you will get a warning message and if necessary can re-select the entries you want to clean up
Once you have cleaned the selected files, you will be prompted to re-boot your computer - please do so.

Pst a new Hijack This log and a new Combofix log please.

here are the warnings...

Warning: Error parsing raw registry hive S-1-5-18. Registry scan may not be supported on this version of Windows.

here is hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:16:17 PM, on 10/15/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
E:\Program Files\Alwil Software\Avast4\ashServ.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\Common Files\AOL\1156714696\ee\AOLSoftware.exe
E:\Program Files\Creative\SBAudigy4\DVDAudio\CTDVDDET.EXE
E:\Program Files\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe
E:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
E:\WINDOWS\CTHELPER.EXE
E:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
E:\Program Files\Common Files\Real\Update_OB\realsched.exe
E:\Program Files\UltraMon\UltraMon.exe
E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
e:\program files\common files\aol\1156714696\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
e:\program files\common files\aol\1156714696\ee\aolsoftware.exe
E:\Program Files\iTunes\iTunesHelper.exe
E:\Program Files\UltraMon\UltraMonTaskbar.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
E:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
E:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
E:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
E:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
E:\WINDOWS\System32\nvsvc32.exe
E:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
E:\Program Files\America Online 9.0\waol.exe
E:\Program Files\Nikon\PictureProject\NkbMonitor.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
E:\Program Files\Alwil Software\Avast4\ashWebSv.exe
E:\Program Files\iPod\bin\iPodService.exe
E:\Program Files\Common Files\Teleca Shared\Generic.exe
E:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
E:\Program Files\America Online 9.0\shellmon.exe
E:\Program Files\Sophos\Sophos Anti-Rootkit\sargui.exe
E:\PROGRA~1\MOZILL~1\FIREFOX.EXE
E:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - E:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - E:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - E:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O4 - HKLM\..\Run: [HostManager] E:\Program Files\Common Files\AOL\1156714696\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AOLDialer] E:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [Pure Networks Port Magic] "E:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [CTDVDDET] "E:\Program Files\Creative\SBAudigy4\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [CTSysVol] E:\Program Files\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [RCSystem] "E:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" RCSystem * -Startup
O4 - HKLM\..\Run: [AudioDrvEmulator] "E:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "E:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] E:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "E:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] E:\Program Files\Browser Mouse\MOffice.exe
O4 - HKLM\..\Run: [UltraMon] "E:\Program Files\UltraMon\UltraMon.exe" /auto
O4 - HKLM\..\Run: [avast!] E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [FLMK08KB] E:\Program Files\Multimedia keyboard utility\KbdAp32A.exe
O4 - HKLM\..\Run: [iTunesHelper] "E:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [343763395] D:\Reg\Pentax_Win_GM_12062004.exe /r "D:\Reg\Pentax_Win_GM_12062004.rpd"
O4 - HKLM\..\Run: [NeroFilterCheck] E:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "E:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "E:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /Minimized
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "E:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [AOL Fast Start] "E:\Program Files\America Online 9.0\AOL.EXE" -b
O4 - Global Startup: NkbMonitor.exe.lnk = E:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: Post-it® Software Notes.lnk = E:\Program Files\3M\PSNotes2\Psn2.exe
O8 - Extra context menu item: &AOL Toolbar search - res://E:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - E:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - E:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - E:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: e:\windows\system32\nwprovau.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - E:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - E:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - E:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - E:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - E:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - E:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\System32\nvsvc32.exe

--
End of file - 8441 bytes

here is combofix

ComboFix 07-10-11.5 - Mike 2007-10-15 22:16:59.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.592 [GMT -7:00]
Running from: E:\Documents and Settings\Mike\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2007-09-16 to 2007-10-16 )))))))))))))))))))))))))))))))
.

2007-10-15 22:04 <DIR> d-------- E:\Documents and Settings\All Users\Application Data\Avg7
2007-10-15 22:00 <DIR> d-------- E:\Program Files\Sophos
2007-10-15 16:39 <DIR> d-------- E:\FEAR_AND_LOATHING
2007-10-15 16:18 4,500 --a------ E:\WINDOWS\system32\tmp.reg
2007-10-10 19:35 51,200 --a------ E:\WINDOWS\NirCmd.exe
2007-10-10 19:29 <DIR> d-------- E:\Program Files\Trend Micro
2007-10-09 21:54 584,192 -----c--- E:\WINDOWS\system32\dllcache\rpcrt4.dll
2007-10-09 21:31 <DIR> d-------- E:\Program Files\Alwil Software
2007-10-09 21:31 801,144 --a------ E:\WINDOWS\system32\aswBoot.exe
2007-10-09 21:31 95,608 --a------ E:\WINDOWS\system32\AvastSS.scr
2007-10-09 21:31 94,416 --a------ E:\WINDOWS\system32\drivers\aswmon2.sys
2007-10-09 21:31 92,848 --a------ E:\WINDOWS\system32\drivers\aswmon.sys
2007-10-09 21:31 42,912 --a------ E:\WINDOWS\system32\drivers\aswTdi.sys
2007-10-09 21:31 26,624 --a------ E:\WINDOWS\system32\drivers\aavmker4.sys
2007-10-09 21:31 23,152 --a------ E:\WINDOWS\system32\drivers\aswRdr.sys
2007-10-09 14:41 <DIR> d-------- E:\Documents and Settings\Mike\.housecall6.6
2007-10-02 23:09 <DIR> d-------- E:\Program Files\Nero
2007-10-02 15:18 <DIR> d-------- E:\Program Files\DVD Shrink
2007-09-26 02:02 3,441,296 --a------ E:\WINDOWS\Swordfish Screensaver 1.exe
2007-09-26 02:02 238,232 --a------ E:\WINDOWS\Swordfish Screensaver 1.scr
2007-09-26 02:02 40,960 --a------ E:\WINDOWS\Swordfish Screensaver 1.dll
2007-09-26 02:02 18,192 --a------ E:\WINDOWS\Swordfish Screensaver 1.dat
2007-09-26 01:43 <DIR> d-------- E:\Program Files\UltraMon
2007-09-26 01:43 <DIR> d-------- E:\Program Files\Common Files\Realtime Soft
2007-09-26 01:43 <DIR> d-------- E:\Documents and Settings\Mike\Application Data\Realtime Soft
2007-09-26 01:43 <DIR> d-------- E:\Documents and Settings\All Users\Application Data\Realtime Soft
2007-09-24 01:01 <DIR> d-------- E:\Documents and Settings\Mike\Application Data\DivX
2007-09-17 11:23 823,296 --a------ E:\WINDOWS\system32\divx_xx0c.dll
2007-09-17 11:23 823,296 --a------ E:\WINDOWS\system32\divx_xx07.dll
2007-09-17 11:22 802,816 --a------ E:\WINDOWS\system32\divx_xx11.dll
2007-09-17 11:22 739,840 --a------ E:\WINDOWS\system32\DivX.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-16 04:47 --------- d-----w E:\Program Files\Java
2007-10-15 23:32 --------- d-----w E:\Program Files\Common Files\Ahead
2007-10-15 23:23 --------- d-----w E:\Documents and Settings\All Users\Application Data\DVD Shrink
2007-10-03 23:45 --------- d-----w E:\Program Files\Winamp
2007-10-02 20:56 --------- d--h--w E:\Program Files\InstallShield Installation Information
2007-09-24 03:31 --------- d-----w E:\Program Files\DivX
2007-09-14 00:31 --------- d-----w E:\Program Files\WinMPG VideoConvert
2007-09-14 00:30 --------- d-----w E:\Program Files\Avi2Dvd
2007-09-11 23:14 156,992 ----a-w E:\WINDOWS\system32\DivXCodecVersionChecker.exe
2007-09-10 22:23 --------- d-----w E:\Program Files\Common Files\Blizzard Entertainment
2007-08-31 02:33 --------- d-----w E:\Program Files\Ares
2007-08-21 06:15 683,520 ----a-w E:\WINDOWS\system32\inetcomm.dll
2007-08-21 00:26 81,920 ----a-w E:\WINDOWS\system32\dpl100.dll
2007-08-21 00:26 196,608 ----a-w E:\WINDOWS\system32\dtu100.dll
2007-08-15 22:33 524,288 ----a-w E:\WINDOWS\system32\DivXsm.exe
2007-08-15 22:33 3,596,288 ----a-w E:\WINDOWS\system32\qt-dx331.dll
2007-08-15 22:33 200,704 ----a-w E:\WINDOWS\system32\ssldivx.dll
2007-08-15 22:33 129,784 ------w E:\WINDOWS\system32\pxafs.dll
2007-08-15 22:33 120,056 ------w E:\WINDOWS\system32\pxcpyi64.exe
2007-08-15 22:33 118,520 ------w E:\WINDOWS\system32\pxinsi64.exe
2007-08-15 22:33 1,044,480 ----a-w E:\WINDOWS\system32\libdivx.dll
2007-08-15 22:31 593,920 ----a-w E:\WINDOWS\system32\dpuGUI11.dll
2007-08-15 22:31 57,344 ----a-w E:\WINDOWS\system32\dpv11.dll
2007-08-15 22:31 53,248 ----a-w E:\WINDOWS\system32\dpuGUI10.dll
2007-08-15 22:31 344,064 ----a-w E:\WINDOWS\system32\dpus11.dll
2007-08-15 22:31 294,912 ----a-w E:\WINDOWS\system32\dpu11.dll
2007-08-15 22:31 294,912 ----a-w E:\WINDOWS\system32\dpu10.dll
2007-08-15 22:30 12,288 ----a-w E:\WINDOWS\system32\DivXWMPExtType.dll
2007-07-31 02:19 92,504 ----a-w E:\WINDOWS\system32\cdm.dll
2007-07-31 02:19 549,720 ----a-w E:\WINDOWS\system32\wuapi.dll
2007-07-31 02:19 53,080 ----a-w E:\WINDOWS\system32\wuauclt.exe
2007-07-31 02:19 43,352 ----a-w E:\WINDOWS\system32\wups2.dll
2007-07-31 02:19 325,976 ----a-w E:\WINDOWS\system32\wucltui.dll
2007-07-31 02:19 203,096 ----a-w E:\WINDOWS\system32\wuweb.dll
2007-07-31 02:19 1,712,984 ----a-w E:\WINDOWS\system32\wuaueng.dll
2007-07-31 02:18 33,624 ----a-w E:\WINDOWS\system32\wups.dll
2007-07-30 23:46 20 ---h--w E:\Documents and Settings\All Users\Application Data\PKP_DLds.DAT
.

((((((((((((((((((((((((((((( snapshot@2007-10-10_19.41.29.07 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-10-15 23:33:51 25,214 ----a-r E:\WINDOWS\Installer\{2F351A97-7BAC-4045-80A4-3527805E1033}\ARPPRODUCTICON.exe
+ 2005-08-15 19:08:26 5,888 ----a-w E:\WINDOWS\system32\drivers\imagedrv.sys
+ 2005-08-15 19:08:26 127,488 ----a-w E:\WINDOWS\system32\drivers\imagesrv.sys
+ 2004-07-27 00:16:10 1,568,768 ----a-w E:\WINDOWS\system32\imagX7.dll
+ 2004-07-27 00:16:10 476,320 ----a-w E:\WINDOWS\system32\imagXpr7.dll
+ 2004-07-27 00:16:10 262,144 ----a-w E:\WINDOWS\system32\imagXR7.dll
+ 2004-07-27 00:16:10 471,040 ----a-w E:\WINDOWS\system32\imagXRA7.dll
- 2007-07-12 08:22:00 135,168 ----a-w E:\WINDOWS\system32\java.exe
+ 2007-09-25 05:30:28 135,168 ----a-w E:\WINDOWS\system32\java.exe
- 2007-07-12 08:22:04 135,168 ----a-w E:\WINDOWS\system32\javaw.exe
+ 2007-09-25 05:30:30 135,168 ----a-w E:\WINDOWS\system32\javaw.exe
- 2007-07-12 09:22:38 139,264 ----a-w E:\WINDOWS\system32\javaws.exe
+ 2007-09-25 06:31:42 139,264 ----a-w E:\WINDOWS\system32\javaws.exe
+ 2005-02-16 22:18:04 90,184 ----a-w E:\WINDOWS\system32\NeroCo.dll
+ 2004-07-09 16:43:56 364,544 ----a-w E:\WINDOWS\system32\TwnLib4.dll
+ 2007-10-16 05:05:44 16,384 ----atw E:\WINDOWS\Temp\Perflib_Perfdata_5ac.dat
+ 2005-09-12 23:13:46 233,472 ----a-w E:\WINDOWS\UNNeroBackItUp.exe
+ 2005-09-12 23:13:46 233,472 ----a-w E:\WINDOWS\UNNeroMediaHome.exe
+ 2005-09-12 23:13:46 233,472 ----a-w E:\WINDOWS\UNNeroShowTime.exe
+ 2005-09-12 23:13:46 233,472 ----a-w E:\WINDOWS\UNNeroVision.exe
+ 2005-09-12 23:13:46 233,472 ----a-w E:\WINDOWS\UNRecode.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HostManager"="E:\Program Files\Common Files\AOL\1156714696\ee\AOLSoftware.exe" [2006-09-25 17:52]
"AOLDialer"="E:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [2006-10-23 05:50]
"Pure Networks Port Magic"="E:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" [2004-04-05 14:33]
"CTDVDDET"="E:\Program Files\Creative\SBAudigy4\DVDAudio\CTDVDDET.EXE" [2003-06-18 01:00]
"CTSysVol"="E:\Program Files\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe" [2005-02-15 16:10]
"RCSystem"="E:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-06-16 18:25]
"AudioDrvEmulator"="E:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-06-16 18:25]
"CTHelper"="CTHELPER.EXE" [2005-06-17 23:01 E:\WINDOWS\CTHELPER.EXE]
"UpdReg"="E:\WINDOWS\UpdReg.EXE" [2000-05-11 01:00]
"NvCplDaemon"="E:\WINDOWS\System32\NvCpl.dll" [2006-03-13 19:58]
"NvMediaCenter"="E:\WINDOWS\System32\NvMcTray.dll" [2006-03-13 19:58]
"SunJavaUpdateSched"="E:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"QuickTime Task"="E:\Program Files\QuickTime\qttask.exe" [2006-11-02 20:50]
"TkBellExe"="E:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-11-21 18:25]
"FLMOFFICE4DMOUSE"="E:\Program Files\Browser Mouse\MOffice.exe" [2007-01-13 23:22]
"UltraMon"="E:\Program Files\UltraMon\UltraMon.exe" [2006-10-12 21:27]
"avast!"="E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 03:06]
"FLMK08KB"="E:\Program Files\Multimedia keyboard utility\KbdAp32A.exe" [2007-01-13 23:24]
"iTunesHelper"="E:\Program Files\iTunes\iTunesHelper.exe" [2005-10-18 12:58]
"nwiz"="nwiz.exe" [2006-03-13 19:58 E:\WINDOWS\system32\nwiz.exe]
"343763395"="D:\Reg\Pentax_Win_GM_12062004.exe" []
"NeroFilterCheck"="E:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 16:40]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="E:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56]
"MSMSGS"="E:\Program Files\Messenger\msmsgs.exe" [2004-10-13 09:24]
"Sony Ericsson PC Suite"="E:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-08-09 19:14]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="E:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-08-22 09:52]
"ares"="C:\Program Files\Ares\Ares.exe" []
"AOL Fast Start"="E:\Program Files\America Online 9.0\AOL.exe" [2005-07-12 06:17]

E:\Documents and Settings\All Users\Start Menu\Programs\Startup\
NkbMonitor.exe.lnk - E:\Program Files\Nikon\PictureProject\NkbMonitor.exe [2007-07-30 16:47:15]
Post-itr Software Notes.lnk - E:\Program Files\3M\PSNotes2\Psn2.exe [2002-01-21 08:00:24]

R2 UltraMonUtility;UltraMon Utility Driver;\??\E:\Program Files\Common Files\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys
R3 MEMSWEEP2;MEMSWEEP2;\??\E:\WINDOWS\system32\113.tmp
R3 moufiltr;Mouse Filter Driver;E:\WINDOWS\system32\DRIVERS\moufiltr.sys
R3 UltraMonMirror;UltraMonMirror;E:\WINDOWS\system32\DRIVERS\UltraMonMirror.sys
R3 w600bus;Sony Ericsson W600 driver (WDM);E:\WINDOWS\system32\DRIVERS\w600bus.sys
R3 w600mdfl;Sony Ericsson W600 USB WMC Modem Filter;E:\WINDOWS\system32\DRIVERS\w600mdfl.sys
R3 w600mdm;Sony Ericsson W600 USB WMC Modem Drivers;E:\WINDOWS\system32\DRIVERS\w600mdm.sys
R3 w600mgmt;Sony Ericsson W600 USB WMC Device Management Drivers;E:\WINDOWS\system32\DRIVERS\w600mgmt.sys
R3 w600obex;Sony Ericsson W600 USB WMC OBEX Interface Drivers;E:\WINDOWS\system32\DRIVERS\w600obex.sys
S3 PciCon;PciCon;\??\D:\PciCon.sys

.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-15 22:17:55
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-15 22:18:26
E:\ComboFix2.txt ... 2007-10-10 19:42
.
--- E O F ---

Please download ATF-Cleaner to your desktop from this link
http://www.atribune.org/content/view/19/2/ We will need it later in safe mode

Empty the restore folder. Go to start>control panel>system>system restore tab>check the box beside "turn off system restore>apply (takes a minute)>ok. Go back and uncheck the box to turn system restore back on>apply>ok.

Next, please reboot your computer in Safe Mode by doing the following :

Restart your computer

After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;

Instead of Windows loading as normal, a menu with options should appear;

Select the first option, to run Windows in Safe Mode, then press "Enter".

Choose your usual account.

Run ATF-Cleaner from safe mode.Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

Then post a new Combofix log, hope fully the last one needed. Is your computer operating any better?

my computer is operating better but still crashes while trying to burn anything (cd/dvd) and i still cannot get my computer into safe mode. when i hit f8 it asks which i want to boot from, not safe mode, normal mode, etc. and i still do not have a safe mode boot.ini option in msconfig to start in safe mode that way. any thoughts on how to boot in safe mode?

Do you have an xp cd?

yes. my computer kept freezing when trying to load it...

This may fix the dvd drive.

1. Click on START button, the click on RUN.

2. Enter REGEDIT and press Enter.

3. When REGEDIT starts, open up the following folders by clicking the plus (+)sign to the left of these folders.

HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Control/Class

Then click on this folder (not the + sign)
{4D36E965-E325 -11CE-BFC1-08002BE10318}.

4. After clicking on {4D36E965-E325 -11CE-BFC1-08002BE10318} you should see two settings on the right pane:
"Upperfilters"
"Lowerfilters"
Right click on each of them, press DELETE and click YES then restart the computer.

did that. still crashed while trying to burn anything. i would just reformat my hard drive except that i cant burn to even back anything up

also. now it is popping up with lovgate.f like every two hours as a virus...

so i take it you gave up or ran out of ideas?

It sounds as though the cd/dvd burner may need the drivers replaced, this program may at least expose the offending files.

Please download Dr Web CureIt to your desktop from this link ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
Doubleclick the drweb-cureit.exe file and Allow to run the express scan.
This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it.
This is only a short scan.
Once the short scan has finished, mark the drives that you want to scan.
Select all drives.
A red dot shows which drives have been chosen.
Click the green arrow at the right, and the scan will start.
Click 'Yes to all' if it asks if you want to cure/move the file.
When the scan has finished, look if you can click next icon next to the files found:
If so, click it and then click the next icon right below and select Move incurable.
This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
Save the report to your desktop. The report will be called DrWeb.csv
Close Dr.Web Cureit.
Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
After reboot, post the contents of the log on your desktop.

so the first scan found 16 files. but on 99% my computer rebooted. so i didnt get a chance to save the files. i tried to run the program again and it crashed on 1% so im gonna try again, but thought i would give you the heads up

i just found the log in the autolog function. here is what it gave me

e:\program files\common files\scanner\ppctl.dll - incurable - moved

[Scan path] C:\
[Scan path] E:\
>E:\AOL Instant Messenger\AIM.exe\data041 is an adware program Adware.Aws
E:\AOL Instant Messenger\AIM.exe - archive contains infected objects
>E:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\ASP1F2.tmp\asprtpup.exe\data007 probably infected with BACKDOOR.Trojan
E:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\ASP1F2.tmp\asprtpup.exe - archive contains infected objects
E:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\ASP54.tmp\aspapp\setup.exe probably infected with BACKDOOR.Trojan
>E:\Documents and Settings\Mike\Desktop\SDFix.exe\SDFix\apps\Process.exe is a hacktool program Tool.Prockill - ignored
E:\Documents and Settings\Mike\Desktop\SmitfraudFix\restart.exe is a hacktool program Tool.ShutDown.11 - ignored
E:\Mike\Documents\Random Again\SmitfraudFix\restart.exe is a hacktool program Tool.ShutDown.11 - ignored
>>E:\Program Files\AOL\Installers\ASP 2.0\ocpinst.exe\data179 probably infected with DLOADER.Trojan
E:\Program Files\AOL\Installers\ASP 2.0\ocpinst.exe - archive contains infected objects
E:\Program Files\AOL\Installers\ASP 2.0\setup.exe probably infected with BACKDOOR.Trojan
E:\Program Files\ComcastToolbar\register.exe is an adware program Adware.Xbarre
E:\Program Files\ComcastToolbar\uninstall.exe is an adware program Adware.VMN
>>>E:\Program Files\Common Files\AOL\AOL Spyware Protection\Update\aspupdate\data014\data179 probably infected with DLOADER.Trojan
>E:\Program Files\Common Files\AOL\AOL Spyware Protection\Update\aspupdate\data014 - archive contains infected objects
>E:\Program Files\Common Files\AOL\AOL Spyware Protection\Update\aspupdate\data017 probably infected with BACKDOOR.Trojan
E:\Program Files\Common Files\AOL\AOL Spyware Protection\Update\aspupdate - archive contains infected objects
>E:\Program Files\Common Files\AOL\Backup\ACS\Rollback\acssetup.exe\data010 probably infected with BACKDOOR.Trojan
E:\Program Files\Common Files\AOL\Backup\ACS\Rollback\acssetup.exe - archive contains infected objects
>E:\Program Files\Common Files\aolback\Comps\coach\aolcinst.exe\core.cab\GTDOWNAO_106.ocx is an adware program Adware.Gdown
E:\Program Files\Common Files\aolback\Comps\coach\aolcinst.exe - archive contains infected objects
>E:\Program Files\Common Files\aolback\Comps\tpspd\TSSetup.exe\data002 probably infected with DLOADER.Trojan
E:\Program Files\Common Files\aolback\Comps\tpspd\TSSetup.exe - archive contains infected objects
E:\Program Files\Common Files\AolCoach\en_en\GTDownAO_106.ocx is an adware program Adware.Gdown
>E:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL\lib/zi/ZoneInfoMappings>E:\Program Files\DivX\DivX Web Player\npdivx32.dll - decompression error
>E:\Program Files\Mozilla Firefox\plugins\npdivx32.dll - decompression error
E:\System Volume Information\_restore{284EF9AB-E0FA-4C1F-A032-1F0C3CBBFC0D}\RP11\A0002744.exe is a hacktool program Tool.Prockill - ignored
>E:\System Volume Information\_restore{284EF9AB-E0FA-4C1F-A032-1F0C3CBBFC0D}\RP16\A0003098.dll probably infected with DLOADER.Trojan
>E:\System Volume Information\_restore{284EF9AB-E0FA-4C1F-A032-1F0C3CBBFC0D}\RP16\A0003099.dll probably infected with DLOADER.Trojan
E:\System Volume Information\_restore{284EF9AB-E0FA-4C1F-A032-1F0C3CBBFC0D}\RP2\A0000072.exe is a hacktool program Tool.Prockill - ignored

im gonna try and run it again so it will move these files or cure them for me. let me know the next step

got it to run a full scan without rebooting by doing a custom scan without folders i knew didnt have problems. it found 15. these are them. i was also able to move them to a folder. and when it found the lovgate worm it said it cured it (this was done separately from the scan) my computer seems to be running slow now

E:\AOL Instant Messenger\AIM.exe - moved
E:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\ASP1F2.tmp\asprtpup.exe - moved
E:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\ASP54.tmp\aspapp\setup.exe - moved
E:\Program Files\AOL\Installers\ASP 2.0\ocpinst.exe - moved
E:\Program Files\AOL\Installers\ASP 2.0\setup.exe - moved
E:\Program Files\ComcastToolbar\register.exe - moved
E:\Program Files\ComcastToolbar\uninstall.exe - moved
E:\Program Files\Common Files\AOL\AOL Spyware Protection\Update\aspupdate - moved
E:\Program Files\Common Files\AOL\Backup\ACS\Rollback\acssetup.exe - moved
E:\Program Files\Common Files\aolback\Comps\coach\aolcinst.exe - moved
E:\Program Files\Common Files\aolback\Comps\tpspd\TSSetup.exe - moved
E:\Program Files\Common Files\AolCoach\en_en\GTDownAO_106.ocx - moved
E:\System Volume Information\_restore{284EF9AB-E0FA-4C1F-A032-1F0C3CBBFC0D}\RP16\A0003098.dll - moved
E:\System Volume Information\_restore{284EF9AB-E0FA-4C1F-A032-1F0C3CBBFC0D}\RP16\A0003099.dll - moved

=============================================================================
Total session statistics
=============================================================================
Objects scanned: 278435
Infected objects found: 0
Objects with modifications found: 0
Suspicious objects found: 10
Adware programs found: 5
Dialer programs found: 0
Joke programs found: 0
Riskware programs found: 0
Hacktool programs found: 0
Cured: 0
Deleted: 0
Renamed: 0
Moved: 14
Ignored: 5
Scan speed: 437 Kb/s
Scan time: 01:21:32

Please download SilentRunners from this link http://www.silentrunners.org/Silent%20Runners.zip. Unzip it to the desktop and double-click on it. If you get any kind of warning message about scripts, please choose to allow the script to run. When the scan is finished, it will create a logfile on the desktop. Please post the entire contents of this logfile in a reply to this post.

"Silent Runners.vbs", revision 52, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"

Startup items buried in registry:
----

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"ctfmon.exe" = "E:\WINDOWS\system32\ctfmon.exe" [MS]
"MSMSGS" = ""E:\Program Files\Messenger\msmsgs.exe" /background" [MS]
"Sony Ericsson PC Suite" = ""E:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /Minimized" ["Sony Ericsson Mobile Communications AB"]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" = ""E:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"" ["Nero AG"]
"ares" = ""C:\Program Files\Ares\Ares.exe" -h" [file not found]
"AOL Fast Start" = ""E:\Program Files\America Online 9.0\AOL.EXE" -b" ["America Online, Inc."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"HostManager" = "E:\Program Files\Common Files\AOL\1156714696\ee\AOLSoftware.exe" ["America Online, Inc."]
"AOLDialer" = "E:\Program Files\Common Files\AOL\ACS\AOLDial.exe" ["AOL LLC"]
"Pure Networks Port Magic" = ""E:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run" ["Pure Networks, Inc."]
"CTDVDDET" = ""E:\Program Files\Creative\SBAudigy4\DVDAudio\CTDVDDET.EXE"" ["Creative Technology Ltd"]
"CTSysVol" = "E:\Program Files\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe /r" ["Creative Technology Ltd"]
"RCSystem" = ""E:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" RCSystem * -Startup" ["Creative Technology Ltd."]
"AudioDrvEmulator" = ""E:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "E:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"" ["Creative Technology Ltd."]
"CTHelper" = "CTHELPER.EXE" ["Creative Technology Ltd"]
"UpdReg" = "E:\WINDOWS\UpdReg.EXE" ["Creative Technology Ltd."]
"NvCplDaemon" = "RUNDLL32.EXE E:\WINDOWS\System32\NvCpl.dll,NvStartup" [MS]
"NvMediaCenter" = "RUNDLL32.EXE E:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit" [MS]
"SunJavaUpdateSched" = ""E:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"" ["Sun Microsystems, Inc."]
"QuickTime Task" = ""E:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]
"TkBellExe" = ""E:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot" ["RealNetworks, Inc."]
"FLMOFFICE4DMOUSE" = "E:\Program Files\Browser Mouse\MOffice.exe" [empty string]
"UltraMon" = ""E:\Program Files\UltraMon\UltraMon.exe" /auto" ["Realtime Soft"]
"FLMK08KB" = "E:\Program Files\Multimedia keyboard utility\KbdAp32A.exe" [empty string]
"iTunesHelper" = ""E:\Program Files\iTunes\iTunesHelper.exe"" ["Apple Computer, Inc."]
"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]
"343763395" = "D:\Reg\Pentax_Win_GM_12062004.exe /r "D:\Reg\Pentax_Win_GM_12062004.rpd"" [file not found]
"NeroFilterCheck" = "E:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" ["Nero AG"]
"SpIDerNT" = "E:\PROGRA~1\DrWeb\spiderui.exe /agent" ["Doctor Web, Ltd."]
"SpIDerMail" = ""E:\Program Files\DrWeb\spiderml.exe"" ["Doctor Web, Ltd."]
"DrWebScheduler" = ""E:\Program Files\DrWeb\DRWEBSCD.EXE"" ["Doctor Web, Ltd."]
"KernelFaultCheck" = "E:\WINDOWS\system32\dumprep 0 -k"

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "AcroIEHlprObj Class"
\InProcServer32\(Default) = "E:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx" [empty string]
{4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Comcast Toolbar"
\InProcServer32\(Default) = "E:\PROGRA~1\COMCAS~1\COMCAS~1.DLL" [empty string]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
-> {HKLM...CLSID} = "SSVHelper Class"
\InProcServer32\(Default) = "E:\Program Files\Java\jre1.6.0_03\bin\ssv.dll" ["Sun Microsystems, Inc."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Display Panning CPL Extension"
-> {HKLM...CLSID} = "Display Panning CPL Extension"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "E:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "E:\Program Files\WinRAR\rarext.dll" [null data]
"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
-> {HKLM...CLSID} = "DesktopContext Class"
\InProcServer32\(Default) = "E:\WINDOWS\System32\nvcpl.dll" ["NVIDIA Corporation"]
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"
-> {HKLM...CLSID} = "NVIDIA CPL Extension"
\InProcServer32\(Default) = "E:\WINDOWS\System32\nvcpl.dll" ["NVIDIA Corporation"]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"
-> {HKLM...CLSID} = "Desktop Explorer"
\InProcServer32\(Default) = "E:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "E:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"
-> {HKLM...CLSID} = "nView Desktop Context Menu"
\InProcServer32\(Default) = "E:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{A5110426-177D-4e08-AB3F-785F10B4439C}" = "Sony Ericsson File Manager"
-> {HKLM...CLSID} = "Sony Ericsson File Manager"
\InProcServer32\(Default) = "E:\Program Files\Sony Ericsson\Mobile2\File Manager\fmgrgui.dll" ["Sony Ericsson Mobile Communications AB"]
"{B327765E-D724-4347-8B16-78AE18552FC3}" = "NeroDigitalIconHandler"
-> {HKLM...CLSID} = "NeroDigitalIconHandler Class"
\InProcServer32\(Default) = "E:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]
"{7F1CF152-04F8-453A-B34C-E609530A9DC8}" = "NeroDigitalPropSheetHandler"
-> {HKLM...CLSID} = "NeroDigitalPropSheetHandler Class"
\InProcServer32\(Default) = "E:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]
"{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"
-> {HKLM...CLSID} = "Microsoft Office Outlook"
\InProcServer32\(Default) = "E:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL" [MS]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler"
-> {HKLM...CLSID} = "Outlook File Icon Extension"
\InProcServer32\(Default) = "E:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "E:\Program Files\Microsoft Office\OFFICE11\msohev.dll" [MS]
"{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}" = "iTunes"
-> {HKLM...CLSID} = "iTunes"
\InProcServer32\(Default) = "E:\Program Files\iTunes\iTunesMiniPlayer.dll" ["Apple Computer, Inc."]
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
-> {HKLM...CLSID} = "RealOne Player Context Menu Class"
\InProcServer32\(Default) = "E:\Program Files\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."]
"{e7593602-124b-47c9-9f73-a69308edc973}" = "Shell Extension for DrWeb"
-> {HKLM...CLSID} = "Shell Extension for DrWeb"
\InProcServer32\(Default) = "E:\Program Files\DrWeb\drwsxtn.dll" ["Doctor Web, Ltd."]

HKLM\Software\Classes\PROTOCOLS\Filter\
<<!>> text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "E:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]

HKLM\Software\Classes\Folder\shellex\ColumnHandlers\
{7D4D6379-F301-4311-BEBA-E26EB0561882}\(Default) = "NeroDigitalExt.NeroDigitalColumnHandler"
-> {HKLM...CLSID} = "NeroDigitalColumnHandler Class"
\InProcServer32\(Default) = "E:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
DrWMenuHandlers\(Default) = "{e7593602-124b-47c9-9f73-a69308edc973}"
-> {HKLM...CLSID} = "Shell Extension for DrWeb"
\InProcServer32\(Default) = "E:\Program Files\DrWeb\drwsxtn.dll" ["Doctor Web, Ltd."]
MagicISO\(Default) = "{DB85C504-C730-49DD-BEC1-7B39C6103B7A}"
-> {HKLM...CLSID} = "MShellExtMenu Class"
\InProcServer32\(Default) = "E:\Program Files\MagicISO\misosh.dll" ["MagicISO, Inc."]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "E:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
MagicISO\(Default) = "{DB85C504-C730-49DD-BEC1-7B39C6103B7A}"
-> {HKLM...CLSID} = "MShellExtMenu Class"
\InProcServer32\(Default) = "E:\Program Files\MagicISO\misosh.dll" ["MagicISO, Inc."]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "E:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
DrWMenuHandlers\(Default) = "{e7593602-124b-47c9-9f73-a69308edc973}"
-> {HKLM...CLSID} = "Shell Extension for DrWeb"
\InProcServer32\(Default) = "E:\Program Files\DrWeb\drwsxtn.dll" ["Doctor Web, Ltd."]
MagicISO\(Default) = "{DB85C504-C730-49DD-BEC1-7B39C6103B7A}"
-> {HKLM...CLSID} = "MShellExtMenu Class"
\InProcServer32\(Default) = "E:\Program Files\MagicISO\misosh.dll" ["MagicISO, Inc."]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "E:\Program Files\WinRAR\rarext.dll" [null data]

Default executables:
--------------------

HKCU\Software\Classes\piffile\

Group Policies {GPedit.msc branch and setting}:
------------------

Note: detected settings may not have any effect.

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\

"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}

"undockwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without ha