ok i have read other posts about the solultion to this problem and it says to relpy the log files, im new to this forum and not sure what you mean by that. i see that others have copy and pasted them in to the messages, is this required? also i see that one of the messages say donot use hijack this to fix any thing untill the reply about the log files, please clarify for me! i need to get rid of this virus with out reformatting, i am currently on another computer leaving this message and am scanning my computer with the MBAM-setup.exe app. any help will be greatly appreciated. the message i got my info from was on here and this is the link. http://www.computing.net/answers/se... thanks again!

Please download Malwarebytes' Anti-Malware from one of these sites: MalwareBytes1 MalwareBytes2 1. Double Click mbam-setup.exe to install the application. 2. Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. 3. If an update is found, it will download and install the latest version. 4. Once the program has loaded, select "Perform Quick Scan", then click Scan. The scan may take some time to finish,so please be patient. 5. When the scan is complete, click OK, then Show Results to view the results. 6. Make sure that everything found is checked, and click Remove Selected. 7. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately. 8. The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. 9. Copy&Paste the entire report in your next reply. Please download and install the latest version of HijackThis v2.0.2: Download the "HijackThis" Installer from this link: Hijack This 1. Save " HJTInstall.exe" to your desktop. 2. Double click on HJTInstall.exe to run the program. 3. By default it will install to C:\Program Files\Trend Micro\HijackThis. 4. Accept the license agreement by clicking the "I Accept" button. 5.Click on the "Do a system scan and save a log file" button. It will scan and then ask you to save the log. 6. Click "Save log" to save the log file and then the log will open in Notepad. 7. Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log. 8. Paste the log in your next reply. 9. Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.

ok the MBAM log is; Malwarebytes' Anti-Malware 1.28 Database version: 1134 Windows 5.1.2600 Service Pack 3 9/28/2008 5:42:56 PM mbam-log-2008-09-28 (17-42-56).txt Scan type: Quick Scan Objects scanned: 61125 Time elapsed: 10 minute(s), 50 second(s) Memory Processes Infected: 0 Memory Modules Infected: 1 Registry Keys Infected: 5 Registry Values Infected: 1 Registry Data Items Infected: 16 Folders Infected: 1 Files Infected: 13 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: C:\WINDOWS\system32\yaywvwWM.dll (Trojan.Vundo) -> Delete on reboot. Registry Keys Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{376efd74-7aa4-44a4-9e39-e374ed3139a9} (Trojan.Vundo.H) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\yaywvwwm (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{376efd74-7aa4-44a4-9e39-e374ed3139a9} (Trojan.Vundo.H) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSPlugin (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WebVideo (Trojan.FakeAlert) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{376efd74-7aa4-44a4-9e39-e374ed3139a9} (Trojan.Vundo) -> Quarantined and deleted successfully. Registry Data Items Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page (Hijack.Homepage) -> Bad: (http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2) Good: (http://www.google.com/) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProductId (Trojan.FakeAlert) -> Bad: (VIRUS ALERT!) Good: () -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Control Panel\International\sTimeFormat (Trojan.FakeAlert) -> Bad: (HH:mm: VIRUS ALERT!) Good: (h:mm:ss tt) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowControlPanel (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowRun (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowHelp (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyDocs (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyComputer (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoStartMenuMorePrograms (Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\StartMenuLogOff (Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDrives (Hijack.Drives) -> Bad: (12) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoToolbarCustomize (Hijack.Explorer) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetFolders (Hijack.Explorer) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispCPL (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Folders Infected: C:\Program Files\PCHealthCenter (Trojan.Fakealert) -> Quarantined and deleted successfully. Files Infected: C:\WINDOWS\system32\yaywvwWM.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\vtUlLBUO.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\Documents and Settings\Compaq_Administrator\Local Settings\Temporary Internet Files\Content.IE5\4HAZYWWH\file[1].exe (Trojan.Vundo) -> Quarantined and deleted successfully. C:\Program Files\PCHealthCenter\0.gif (Trojan.Fakealert) -> Quarantined and deleted successfully. C:\Program Files\PCHealthCenter\1.gif (Trojan.Fakealert) -> Quarantined and deleted successfully. C:\Program Files\PCHealthCenter\1.ico (Trojan.Fakealert) -> Quarantined and deleted successfully. C:\Program Files\PCHealthCenter\2.gif (Trojan.Fakealert) -> Quarantined and deleted successfully. C:\Program Files\PCHealthCenter\2.ico (Trojan.Fakealert) -> Quarantined and deleted successfully. C:\Program Files\PCHealthCenter\3.gif (Trojan.Fakealert) -> Quarantined and deleted successfully. C:\Program Files\PCHealthCenter\sc.html (Trojan.Fakealert) -> Quarantined and deleted successfully. C:\Documents and Settings\Compaq_Administrator\Favorites\Error Cleaner.url (Rogue.Link) -> Quarantined and deleted successfully. C:\Documents and Settings\Compaq_Administrator\Favorites\Privacy Protector.url (Rogue.Link) -> Quarantined and deleted successfully. C:\Documents and Settings\Compaq_Administrator\Favorites\Spyware&Malware Protection.url (Rogue.Link) -> Quarantined and deleted successfully. ---------- and the hijack this log is; Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 5:46:09 PM, on 9/28/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Safe mode Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe C:\WINDOWS\Explorer.exe c:\PROGRA~1\mcafee.com\agent\mcagent.exe I:\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?T... R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?T... R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?T... R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?Lin... R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?Lin... R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?T... R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?Lin... R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?T... R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?T... R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: QXK Olive - {129D532E-E2EC-4527-B4BA-4626830EFE18} - C:\WINDOWS\dfmlxbpkbkl.dll O2 - BHO: (no name) - {376EFD74-7AA4-44A4-9E39-E374ED3139A9} - C:\WINDOWS\system32\yaywvwWM.dll (file missing) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.7.0\ViewBarBHO.dll O2 - BHO: HpWebHelper - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\webhelper.dll O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.7.0\IEViewBar.dll O3 - Toolbar: peltodgx - {BAB8F6DC-41B1-440F-A066-AAC224906880} - C:\WINDOWS\peltodgx.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.exe O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.exe O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [DISCover] C:\Program Files\DISC\DISCover.exe O4 - HKLM\..\Run: [DiscUpdateManager] C:\Program Files\DISC\DiscUpdMgr.exe O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.exe O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [LGODDFU] "C:\Program Files\lg_fwupdate\fwupdate.exe" blrun O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.exe O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe O4 - HKLM\..\Run: [McAfee Backup] C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" /background O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 O4 - S-1-5-18 Startup: Pin.lnk = C:\hp\bin\CLOAKER.exe (User 'SYSTEM') O4 - .DEFAULT Startup: Pin.lnk = C:\hp\bin\CLOAKER.exe (User 'Default user') O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.exe (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: ImageMixer for HDD Camcorder.lnk = C:\Program Files\PIXELA\ImageMixer for HDD Camcorder\IMx3Launcher.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O15 - Trusted Zone: http://*.trymedia.com (HKLM) O20 - Winlogon Notify: yaywvwWM - yaywvwWM.dll (file missing) O21 - SSODL: rwlfsdmk - {6F1BF0E0-B1A6-4A71-9BB3-28C4F534E0D2} - C:\WINDOWS\rwlfsdmk.dll O21 - SSODL: onfwbsak - {CF7B9CCE-786E-4BBC-9EC0-2AB7827B2221} - C:\WINDOWS\onfwbsak.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\McShield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe -- End of file - 10935 bytes ----- thanks for all your help!

Please download ComboFix to the desktop from one of the following links: Link1 Link 2 Link 3 Combofix is a powerful tool so follow the instructions exactly or you could damage your computer. Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with Combofix and remove some of its embedded files which may cause "unpredictable results". Click on This Link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask. In your case to run Combofix do the following: 1. Go offline turn off your McAfee antivirus, and any antispyware that you may have. 2. Run Combofix and save its log. 3. Restart the computer to get the antivirus running again but leave the antispyware programs off until we get the computer cleaned. 4. Post the Combofix log. Remember to re-enable the protection again afterwards before connecting to the Internet. Double-click combofix.exe Follow the prompts. (Don't click on the window while the program is running or move the mouse, it will cause your system to hang.) Please post the log it produces.

OK i did as you said, but whilst combofix was running the virus alert next to the clock came back, it ran and went through its processes and told me that it will restart, it restarted, then said it was going to create a log and do not run files till its done, but my start-up files went. so after waiting like 20 minutes i restarted in safe mode and then ran it again and it went through then created the log file. it is as follows; ComboFix 08-09-27.06 - Compaq_Administrator 2008-09-28 21:20:18.2 - NTFSx86 MINIMAL Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.749 [GMT -4:00] Running from: C:\Documents and Settings\Compaq_Administrator\Desktop\ComboFix.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . ---- Previous Run ------- . C:\Documents and Settings\Compaq_Administrator\Application Data\inst.exe C:\Documents and Settings\Compaq_Administrator\Desktop\Error Cleaner.url C:\Documents and Settings\Compaq_Administrator\Desktop\Privacy Protector.url C:\Documents and Settings\Compaq_Administrator\Desktop\Spyware&Malware Protection.url C:\Documents and Settings\Compaq_Administrator\Favorites\Error Cleaner.url C:\Documents and Settings\Compaq_Administrator\Favorites\Privacy Protector.url C:\Documents and Settings\Compaq_Administrator\Favorites\Spyware&Malware Protection.url C:\WINDOWS\dfmlxbpkbkl.dll C:\WINDOWS\exwf.exe C:\WINDOWS\onfwbsak.dll C:\WINDOWS\peltodgx.dll C:\WINDOWS\rwlfsdmk.dll C:\WINDOWS\system32\drivers\npf.sys C:\WINDOWS\system32\packet.dll C:\WINDOWS\system32\pthreadVC.dll C:\WINDOWS\system32\wanpacket.dll C:\WINDOWS\system32\wpcap.dll D:\Autorun.inf . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_NPF -------\Service_NPF ((((((((((((((((((((((((( Files Created from 2008-08-28 to 2008-09-29 ))))))))))))))))))))))))))))))) . 2008-09-28 17:20 . 2008-09-28 17:20 <DIR> d-------- C:\Documents and Settings\Compaq_Administrator\Application Data\Malwarebytes 2008-09-28 17:19 . 2008-09-28 17:20 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-09-28 17:19 . 2008-09-28 17:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-09-28 17:19 . 2008-09-10 00:08 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2008-09-28 17:19 . 2008-09-10 00:08 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-09-28 00:14 . 2008-09-28 00:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ncjwreja 2008-09-27 11:38 . 2008-09-26 05:29 147,456 --a------ C:\WINDOWS\fbxrqtwn.exe 2008-09-14 23:25 . 2008-09-15 11:55 <DIR> d-------- C:\Program Files\Full Tilt Poker 2008-09-12 02:28 . 2008-09-12 02:28 <DIR> d-------- C:\Documents and Settings\Compaq_Administrator\Application Data\AVS4YOU 2008-09-12 02:28 . 2008-09-12 02:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AVS4YOU 2008-09-12 02:27 . 2008-09-19 23:25 <DIR> d-------- C:\Program Files\AVS4YOU 2008-09-12 02:11 . 2008-09-12 02:12 <DIR> d-------- C:\Documents and Settings\Compaq_Administrator\Application Data\Moyea 2008-09-12 02:07 . 2008-09-12 02:07 <DIR> d-------- C:\Program Files\OJOsoft 2008-09-12 02:07 . 2008-09-12 02:07 <DIR> d-------- C:\Program Files\Common Files\Common Share 2008-09-11 10:34 . 2008-09-11 10:34 <DIR> d-------- C:\Program Files\iTunes 2008-09-11 10:34 . 2008-09-11 10:34 <DIR> d-------- C:\Program Files\iPod 2008-09-11 10:34 . 2008-09-11 10:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} 2008-09-11 10:33 . 2008-09-11 10:33 <DIR> d-------- C:\Program Files\Bonjour 2008-09-11 10:31 . 2008-09-11 10:32 <DIR> d-------- C:\Program Files\QuickTime 2008-09-11 00:45 . 2008-09-11 00:45 <DIR> d-------- C:\Documents and Settings\Compaq_Administrator\Application Data\QQ Games 2008-09-10 22:23 . 2008-09-10 22:23 <DIR> d-------- C:\WINDOWS\system32\scripting 2008-09-10 22:23 . 2008-09-10 22:23 <DIR> d-------- C:\WINDOWS\system32\en 2008-09-10 22:23 . 2008-09-10 22:23 <DIR> d-------- C:\WINDOWS\system32\bits 2008-09-10 22:23 . 2008-09-10 22:23 <DIR> d-------- C:\WINDOWS\l2schemas 2008-09-10 22:18 . 2008-09-10 22:23 <DIR> d-------- C:\WINDOWS\ServicePackFiles 2008-09-06 15:09 . 2008-09-06 15:09 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx 2008-09-06 15:09 . 2008-09-06 15:09 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts 2008-09-02 17:12 . 2008-09-02 17:12 <DIR> d-------- C:\Program Files\uTorrent 2008-09-02 17:12 . 2008-09-28 00:14 <DIR> d-------- C:\Documents and Settings\Compaq_Administrator\Application Data\uTorrent 2008-08-29 23:45 . 2008-04-13 20:12 1,737,856 --------- C:\WINDOWS\system32\mtxparhd.dll 2008-08-29 23:44 . 2008-04-13 20:11 1,888,992 --------- C:\WINDOWS\system32\ati3duag.dll 2008-08-29 10:18 . 2008-08-29 10:18 87,336 --a------ C:\WINDOWS\system32\dns-sd.exe 2008-08-29 09:53 . 2008-08-29 09:53 61,440 --a------ C:\WINDOWS\system32\dnssd.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-09-29 01:05 --------- d-----w C:\Program Files\lg_fwupdate 2008-09-27 06:00 --------- d-----w C:\Program Files\PowerArchiver 2008-09-26 08:28 --------- d-----w C:\Program Files\DVDFab 5 2008-09-20 03:25 --------- d-----w C:\Program Files\Common Files\AVSMedia 2008-09-15 03:29 --------- d-----w C:\Documents and Settings\Compaq_Administrator\Application Data\AdobeUM 2008-09-15 03:25 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-09-12 08:13 --------- d-----w C:\Program Files\McAfee 2008-09-11 14:31 --------- d-----w C:\Program Files\Common Files\Apple 2008-09-11 02:27 61,440 ----a-w C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\modemutil.dll 2008-09-11 02:27 45,056 ----a-w C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\uninstallUI\eHelpSetup.exe 2008-09-11 02:27 44,032 ----a-w C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Scripts\devcon.exe 2008-09-11 02:27 40,960 ----a-w C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\ScDmi.dll 2008-09-11 02:27 341,048 ----a-w C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\HPBasicDetection3.dll 2008-09-11 02:27 32,768 ----a-w C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\uploadHSC.dll 2008-09-11 02:27 32,768 ----a-w C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\Scom.dll 2008-09-11 02:27 217,088 ----a-w C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll 2008-09-11 02:27 163,840 ----a-w C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\modemcheck.dll 2008-09-09 09:26 --------- d-----w C:\Documents and Settings\Compaq_Administrator\Application Data\LimeWire 2008-09-08 05:05 --------- d-----w C:\Program Files\AIMTunes 2008-09-04 20:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink 2008-08-28 07:01 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2 2008-08-27 16:15 --------- d-----w C:\Program Files\Windows Live 2008-08-27 05:44 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller 2008-08-27 05:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller 2008-08-24 04:35 --------- d-----w C:\Program Files\PokerStars.NET 2008-08-13 04:51 --------- d-----w C:\Program Files\AIM6 2008-08-11 16:09 --------- d-----w C:\Program Files\Apple Software Update 2008-08-07 04:59 --------- d-----w C:\Program Files\Tencent 2008-08-07 04:59 --------- d-----w C:\Documents and Settings\Compaq_Administrator\Application Data\QQ Games Plugin 2008-08-07 04:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint 2008-08-07 04:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\acccore 2008-08-05 17:51 --------- d-----w C:\Program Files\Sun 2008-08-05 17:50 --------- d-----w C:\Program Files\Java 2008-07-19 05:08 719,872 ----a-w C:\WINDOWS\system32\devil.dll 2008-07-19 05:08 351,744 ----a-w C:\WINDOWS\system32\avisynth.dll 2008-07-19 02:10 94,920 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll 2008-07-19 02:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll 2008-07-19 02:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe 2008-07-19 02:10 53,448 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe 2008-07-19 02:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll 2008-07-19 02:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll 2008-07-19 02:10 36,552 ----a-w C:\WINDOWS\system32\dllcache\wups.dll 2008-07-19 02:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll 2008-07-19 02:09 563,912 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll 2008-07-19 02:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll 2008-07-19 02:09 325,832 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll 2008-07-19 02:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll 2008-07-19 02:09 205,000 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll 2008-07-19 02:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll 2008-07-19 02:09 1,811,656 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll 2008-07-19 02:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll 2008-07-19 02:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll 2008-07-07 20:26 253,952 ----a-w C:\WINDOWS\system32\es.dll 2008-07-07 20:26 253,952 ------w C:\WINDOWS\system32\dllcache\es.dll 2008-05-30 03:41 47,360 ----a-w C:\Documents and Settings\Compaq_Administrator\Application Data\pcouffin.sys 2004-10-01 19:00 40,960 -c--a-w C:\Program Files\Uninstall_CDS.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 15360] "Aim6"="C:\Program Files\AIM6\aim6.exe" [2008-06-19 50528] "updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-30 67584] "DISCover"="C:\Program Files\DISC\DISCover.exe" [2006-03-16 1077248] "DiscUpdateManager"="C:\Program Files\DISC\DiscUpdMgr.exe" [2006-03-16 61440] "Recguard"="C:\WINDOWS\SMINST\RECGUARD.exe" [2005-07-23 237568] "HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-16 249856] "HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840] "InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2006-03-16 1397760] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648] "LGODDFU"="C:\Program Files\lg_fwupdate\fwupdate.exe" [2007-04-06 249856] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "KBD"="C:\HP\KBD\KBD.exe" [2005-02-02 61440] "IPHSend"="C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe" [2006-02-17 124520] "McAfee Backup"="C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe" [2007-01-16 4838952] "MBkLogOnHook"="C:\Program Files\McAfee\MBK\LogOnHook.exe" [2007-01-08 20480] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-05-05 180269] "RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-08-16 236016] "mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-11-01 582992] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-09-06 413696] "AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-09-08 289576] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-01-24 7311360] "RTHDCPL"="RTHDCPL.EXE" [2006-03-08 C:\WINDOWS\RTHDCPL.EXE] "AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 C:\WINDOWS\arpwrmsg.exe] "nwiz"="nwiz.exe" [2006-01-24 C:\WINDOWS\system32\nwiz.exe] C:\Documents and Settings\Default User\Start Menu\Programs\Startup\ Pin.lnk - C:\hp\bin\CLOAKER.exe [2006-05-05 27136] C:\Documents and Settings\Compaq_Administrator\Start Menu\Programs\Startup\ Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696] Compaq Connections.lnk - C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe [2006-05-05 36903] HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 288472] ImageMixer for HDD Camcorder.lnk - C:\Program Files\PIXELA\ImageMixer for HDD Camcorder\IMx3Launcher.exe [2006-10-29 1871872] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles "InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\DISC\\DISCover.exe"= "C:\\Program Files\\DISC\\DiscStreamHub.exe"= "C:\\Program Files\\DISC\\myFTP.exe"= "C:\\Program Files\\Compaq Connections\\5577497\\Program\\Compaq Connections.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"= "C:\\Program Files\\LimeWire\\LimeWire.exe"= "C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\McAfee\\MBK\\McAfeeDataBackup.exe"= "C:\\Program Files\\AIM6\\aim6.exe"= "C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"= "C:\\Program Files\\AIM\\aim.exe"= "C:\\Program Files\\Tencent\\QQ Games\\QQGames.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "C:\\Program Files\\uTorrent\\uTorrent.exe"= "C:\\Program Files\\Bonjour\\mDNSResponder.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= S2 Viewpoint Manager Service;Viewpoint Manager Service;C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{20849083-4ab5-11db-98cc-001731c58640}] \Shell\AutoRun\command - K:\setupSNK.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2e3e3e12-216b-11dd-84dd-001731c58640}] \Shell\AutoRun\command - K:\WD_Windows_Tools\Setup.exe . Contents of the 'Scheduled Tasks' folder . - - - - ORPHANS REMOVED - - - - BHO-{129D532E-E2EC-4527-B4BA-4626830EFE18} - C:\WINDOWS\dfmlxbpkbkl.dll Toolbar-{BAB8F6DC-41B1-440F-A066-AAC224906880} - C:\WINDOWS\peltodgx.dll HKCU-Run-MsnMsgr - C:\Program Files\Windows Live\Messenger\MsnMsgr.exe HKLM-Run-PCDrProfiler - (no file) . ------- Supplementary Scan ------- . FireFox -: Profile - C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\rypbmw6g.default\ FireFox -: prefs.js - STARTUP.HOMEPAGE - mail.yahoo.com FF -: plugin - C:\Program Files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll FF -: plugin - C:\Program Files\DivX\DivX Content Uploader\npUpload.dll FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npmozax.dll FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npunagi2.dll FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll FF -: plugin - C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll FF -: plugin - C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-09-28 21:25:52 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-09-28 21:29:23 ComboFix-quarantined-files.txt 2008-09-29 01:28:30 Pre-Run: 36,995,084,288 bytes free Post-Run: 36,976,267,264 bytes free 255 --- E O F --- 2008-09-12 07:01:15 thank you for your help and is there anything else i need to do?

Open Notepad and copy/paste everything between the X"s into it and make sure the first word (such as KILLALL, Or File, etc.) is at the very top of the page. XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX KILLALL:: File:: C:\WINDOWS\fbxrqtwn.exe DirLook:: C:\Documents and Settings\All Users\Application Data\ncjwreja XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX Go to File on the top bar and choose" Save As", Change the "Save As Type" to All Files, Name it CFScript.txt then save it to your desktop. Then drag/drop the CFScript.txt onto ComboFix.exe (the red symbol on your desktop) if combofix does not auto start click "run". Post a new Combofix log following the previous directions.

ok heres the log file after the script you said to do; ComboFix 08-09-27.06 - Compaq_Administrator 2008-09-28 23:40:21.5 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.602 [GMT -4:00] Running from: C:\Documents and Settings\Compaq_Administrator\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\Compaq_Administrator\Desktop\CFScript.txt * Created a new restore point FILE :: C:\WINDOWS\fbxrqtwn.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . ---- Previous Run ------- . C:\WINDOWS\fbxrqtwn.exe . ((((((((((((((((((((((((( Files Created from 2008-08-28 to 2008-09-29 ))))))))))))))))))))))))))))))) . 2008-09-28 17:20 . 2008-09-28 17:20 <DIR> d-------- C:\Documents and Settings\Compaq_Administrator\Application Data\Malwarebytes 2008-09-28 17:19 . 2008-09-28 17:20 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-09-28 17:19 . 2008-09-28 17:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-09-28 17:19 . 2008-09-10 00:08 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2008-09-28 17:19 . 2008-09-10 00:08 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-09-28 00:14 . 2008-09-28 00:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ncjwreja 2008-09-14 23:25 . 2008-09-15 11:55 <DIR> d-------- C:\Program Files\Full Tilt Poker 2008-09-12 02:28 . 2008-09-12 02:28 <DIR> d-------- C:\Documents and Settings\Compaq_Administrator\Application Data\AVS4YOU 2008-09-12 02:28 . 2008-09-12 02:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AVS4YOU 2008-09-12 02:27 . 2008-09-19 23:25 <DIR> d-------- C:\Program Files\AVS4YOU 2008-09-12 02:11 . 2008-09-12 02:12 <DIR> d-------- C:\Documents and Settings\Compaq_Administrator\Application Data\Moyea 2008-09-12 02:07 . 2008-09-12 02:07 <DIR> d-------- C:\Program Files\OJOsoft 2008-09-12 02:07 . 2008-09-12 02:07 <DIR> d-------- C:\Program Files\Common Files\Common Share 2008-09-11 10:34 . 2008-09-11 10:34 <DIR> d-------- C:\Program Files\iTunes 2008-09-11 10:34 . 2008-09-11 10:34 <DIR> d-------- C:\Program Files\iPod 2008-09-11 10:34 . 2008-09-11 10:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} 2008-09-11 10:33 . 2008-09-11 10:33 <DIR> d-------- C:\Program Files\Bonjour 2008-09-11 10:31 . 2008-09-11 10:32 <DIR> d-------- C:\Program Files\QuickTime 2008-09-11 00:45 . 2008-09-11 00:45 <DIR> d-------- C:\Documents and Settings\Compaq_Administrator\Application Data\QQ Games 2008-09-10 22:23 . 2008-09-10 22:23 <DIR> d-------- C:\WINDOWS\system32\scripting 2008-09-10 22:23 . 2008-09-10 22:23 <DIR> d-------- C:\WINDOWS\system32\en 2008-09-10 22:23 . 2008-09-10 22:23 <DIR> d-------- C:\WINDOWS\system32\bits 2008-09-10 22:23 . 2008-09-10 22:23 <DIR> d-------- C:\WINDOWS\l2schemas 2008-09-10 22:18 . 2008-09-10 22:23 <DIR> d-------- C:\WINDOWS\ServicePackFiles 2008-09-06 15:09 . 2008-09-06 15:09 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx 2008-09-06 15:09 . 2008-09-06 15:09 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts 2008-09-02 17:12 . 2008-09-02 17:12 <DIR> d-------- C:\Program Files\uTorrent 2008-09-02 17:12 . 2008-09-28 00:14 <DIR> d-------- C:\Documents and Settings\Compaq_Administrator\Application Data\uTorrent 2008-08-29 23:45 . 2008-04-13 20:12 1,737,856 --------- C:\WINDOWS\system32\mtxparhd.dll 2008-08-29 23:44 . 2008-04-13 20:11 1,888,992 --------- C:\WINDOWS\system32\ati3duag.dll 2008-08-29 10:18 . 2008-08-29 10:18 87,336 --a------ C:\WINDOWS\system32\dns-sd.exe 2008-08-29 09:53 . 2008-08-29 09:53 61,440 --a------ C:\WINDOWS\system32\dnssd.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-09-29 03:52 --------- d-----w C:\Program Files\lg_fwupdate 2008-09-27 06:00 --------- d-----w C:\Program Files\PowerArchiver 2008-09-26 08:28 --------- d-----w C:\Program Files\DVDFab 5 2008-09-20 03:25 --------- d-----w C:\Program Files\Common Files\AVSMedia 2008-09-15 03:29 --------- d-----w C:\Documents and Settings\Compaq_Administrator\Application Data\AdobeUM 2008-09-15 03:25 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-09-12 08:13 --------- d-----w C:\Program Files\McAfee 2008-09-11 14:31 --------- d-----w C:\Program Files\Common Files\Apple 2008-09-09 09:26 --------- d-----w C:\Documents and Settings\Compaq_Administrator\Application Data\LimeWire 2008-09-08 05:05 --------- d-----w C:\Program Files\AIMTunes 2008-09-04 20:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink 2008-08-28 07:01 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2 2008-08-27 16:15 --------- d-----w C:\Program Files\Windows Live 2008-08-27 05:44 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller 2008-08-27 05:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller 2008-08-24 04:35 --------- d-----w C:\Program Files\PokerStars.NET 2008-08-13 04:51 --------- d-----w C:\Program Files\AIM6 2008-08-11 16:09 --------- d-----w C:\Program Files\Apple Software Update 2008-08-07 04:59 --------- d-----w C:\Program Files\Tencent 2008-08-07 04:59 --------- d-----w C:\Documents and Settings\Compaq_Administrator\Application Data\QQ Games Plugin 2008-08-07 04:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint 2008-08-07 04:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\acccore 2008-08-05 17:51 --------- d-----w C:\Program Files\Sun 2008-08-05 17:50 --------- d-----w C:\Program Files\Java 2008-05-30 03:41 47,360 ----a-w C:\Documents and Settings\Compaq_Administrator\Application Data\pcouffin.sys 2004-10-01 19:00 40,960 -c--a-w C:\Program Files\Uninstall_CDS.exe . (((((((((((((((((((((((((((((((((((((((((((( Look ))))))))))))))))))))))))))))))))))))))))))))))))))))))))) . ---- Directory of C:\Documents and Settings\All Users\Application Data\ncjwreja ---- 2008-09-27 11:41 61440 --a------ C:\Documents and Settings\All Users\Application Data\ncjwreja\nsrgdyjw.exe ((((((((((((((((((((((((((((( snapshot@2008-09-28_21.28.18.23 ))))))))))))))))))))))))))))))))))))))))) . - 2008-09-28 22:09:10 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat + 2008-09-29 02:26:38 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat - 2008-09-28 22:09:10 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat + 2008-09-29 02:26:38 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat - 2008-09-28 22:09:10 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat + 2008-09-29 02:26:38 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 15360] "updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-30 67584] "DISCover"="C:\Program Files\DISC\DISCover.exe" [2006-03-16 1077248] "DiscUpdateManager"="C:\Program Files\DISC\DiscUpdMgr.exe" [2006-03-16 61440] "Recguard"="C:\WINDOWS\SMINST\RECGUARD.exe" [2005-07-23 237568] "HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-16 249856] "HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840] "InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2006-03-16 1397760] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648] "LGODDFU"="C:\Program Files\lg_fwupdate\fwupdate.exe" [2007-04-06 249856] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "KBD"="C:\HP\KBD\KBD.exe" [2005-02-02 61440] "IPHSend"="C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe" [2006-02-17 124520] "McAfee Backup"="C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe" [2007-01-16 4838952] "MBkLogOnHook"="C:\Program Files\McAfee\MBK\LogOnHook.exe" [2007-01-08 20480] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-05-05 180269] "RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-08-16 236016] "mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-11-01 582992] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-09-06 413696] "AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-09-08 289576] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-01-24 7311360] "RTHDCPL"="RTHDCPL.EXE" [2006-03-08 C:\WINDOWS\RTHDCPL.EXE] "AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 C:\WINDOWS\arpwrmsg.exe] "nwiz"="nwiz.exe" [2006-01-24 C:\WINDOWS\system32\nwiz.exe] C:\Documents and Settings\Default User\Start Menu\Programs\Startup\ Pin.lnk - C:\hp\bin\CLOAKER.exe [2006-05-05 27136] C:\Documents and Settings\Compaq_Administrator\Start Menu\Programs\Startup\ Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles "InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\DISC\\DISCover.exe"= "C:\\Program Files\\DISC\\DiscStreamHub.exe"= "C:\\Program Files\\DISC\\myFTP.exe"= "C:\\Program Files\\Compaq Connections\\5577497\\Program\\Compaq Connections.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"= "C:\\Program Files\\LimeWire\\LimeWire.exe"= "C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\McAfee\\MBK\\McAfeeDataBackup.exe"= "C:\\Program Files\\AIM6\\aim6.exe"= "C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"= "C:\\Program Files\\AIM\\aim.exe"= "C:\\Program Files\\Tencent\\QQ Games\\QQGames.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "C:\\Program Files\\uTorrent\\uTorrent.exe"= "C:\\Program Files\\Bonjour\\mDNSResponder.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= R2 Viewpoint Manager Service;Viewpoint Manager Service;C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{20849083-4ab5-11db-98cc-001731c58640}] \Shell\AutoRun\command - K:\setupSNK.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2e3e3e12-216b-11dd-84dd-001731c58640}] \Shell\AutoRun\command - K:\WD_Windows_Tools\Setup.exe . Contents of the 'Scheduled Tasks' folder . - - - - ORPHANS REMOVED - - - - HKCU-Run-Aim6 - (no file) ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-09-28 23:52:02 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . r Running Proce . C:\Program Files\Ahead\InCD\InCDsrv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\arservice.exe C:\PROGRA~1\McAfee.com\Agent\mcagent.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\ehome\ehrecvr.exe C:\WINDOWS\ehome\ehSched.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe C:\PROGRA~1\COMMON~1\McAfee\McProxy\McProxy.exe C:\PROGRA~1\McAfee\VIRUSS~1\Mcshield.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.exe C:\Program Files\McAfee\MPF\MpfSrv.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\ehome\mcrdsvc.exe C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\WINDOWS\ehome\ehmsas.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\DISC\DiscStreamHub.exe C:\PROGRA~1\McAfee\MSC\mcuimgr.exe C:\ComboFix\pv.cfexe . ************************************************************************** . Completion time: 2008-09-29 0:06:47 - machine was rebooted [Compaq_Administrator] ComboFix-quarantined-files.txt 2008-09-29 04:06:42 ComboFix2.txt 2008-09-29 01:29:23 Pre-Run: 39,717,552,128 bytes free Post-Run: 39,681,114,112 bytes free 227 --- E O F --- 2008-09-12 07:01:15