HI I had a virus alert Trojan. After reading the numerous threads about this I downloaded Mal ware bytes and did a scan and removed 116 infected files I have gotten control of my pc back I Just was wondering if anyone would check out my hijack this log to make sure I am clean. Thanks

Please download and install the latest version of HijackThis v2.0.2: Download the "HijackThis" Installer from this link: Hijack This 1. Save " HJTInstall.exe" to your desktop. 2. Double click on HJTInstall.exe to run the program. 3. By default it will install to C:\Program Files\Trend Micro\HijackThis. 4. Accept the license agreement by clicking the "I Accept" button. 5.Click on the "Do a system scan and save a log file" button. It will scan and then ask you to save the log. 6. Click "Save log" to save the log file and then the log will open in Notepad. 7. Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log. 8. Paste the log in your next reply. 9. Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required. Please download Malwarebytes' Anti-Malware from one of these sites: MalwareBytes1 MalwareBytes2 1. Double Click mbam-setup.exe to install the application. 2. Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. 3. If an update is found, it will download and install the latest version. 4. Once the program has loaded, select "Perform Quick Scan", then click Scan. The scan may take some time to finish,so please be patient. 5. When the scan is complete, click OK, then Show Results to view the results. 6. Make sure that everything found is checked, and click Remove Selected. 7. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately. 8. The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. 9. Copy&Paste the entire report in your next reply.

Heres the hijack this log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 8:33:43 AM, on 8/28/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\WINDOWS\system32\RUNDLL32.exe C:\Program Files\Logitech\G-series Software\LGDCore.exe C:\Program Files\Logitech\G-series Software\LCDMon.exe C:\WINDOWS\SOUNDMAN.exe C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\McAfee.com\Agent\mcagent.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\Logitech\G-series Software\Applets\LCDClock.exe C:\Program Files\Logitech\G-series Software\Applets\LCDMedia.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\McAfee\MBK\MBackMonitor.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe C:\Program Files\McAfee\VirusScan\McShield.exe C:\Program Files\McAfee\MPF\MPFSrv.exe C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\UPHClean\uphclean.exe c:\WINDOWS\system32\ZuneBusEnum.exe C:\Program Files\Windows Media Player\WMPNetwk.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\iPod\bin\iPodService.exe C:\PROGRA~1\McAfee\VIRUSS~2\mcsysmon.exe C:\WINDOWS\System32\alg.exe C:\Program Files\Microsoft Office\Office10\OUTLOOK.exe C:\Program Files\Microsoft Office\Office10\WINWORD.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\bryan\Desktop\HijackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?Lin... R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?Lin... R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: (no name) - {082e2baf-b9cc-4cb1-a20e-1c5b28a1594b} - (no file) O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: URLDetector Class - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - C:\Documents and Settings\All Users\Application Data\Prevx\pxbho.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O3 - Toolbar: (no name) - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - (no file) O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.exe C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.exe C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\G-series Software\LCDMon.exe" O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.exe O4 - HKLM\..\Run: [Windows Media Connect 2] "C:\Program Files\Windows Media Connect 2\WMCCFG.exe" /StartQuiet O4 - HKLM\..\Run: [McAfee Backup] C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.exe O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Insight NetKnowledge Tools - {102910D3-CF07-4BED-ACDC-D165385B9B66} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?lin... O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {DB6D4758-0AC3-4B84-A239-D9D4B3F61A2E} - http://mediaplayer.walmart.com/inst... O20 - AppInit_DLLs: cxvumu.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: ippcfg - C:\WINDOWS\ O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares Ultra\chatServer.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~2\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\McShield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~2\mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Prevx Agent (PREVXAgent) - Prevx - C:\Program Files\Prevx2\PXAgent.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe -- End of file - 9209 bytes I ran Malwarbytes last night and this morning i will post both logs: last nights log: Malwarebytes' Anti-Malware 1.25 Database version: 1090 Windows 5.1.2600 Service Pack 3 10:14:53 PM 8/27/2008 mbam-log-08-27-2008 (22-14-53).txt Scan type: Full Scan (C:\|) Objects scanned: 190717 Time elapsed: 2 hour(s), 40 minute(s), 15 second(s) Memory Processes Infected: 0 Memory Modules Infected: 2 Registry Keys Infected: 28 Registry Values Infected: 33 Registry Data Items Infected: 16 Folders Infected: 1 Files Infected: 35 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: C:\WINDOWS\system32\khfEVMFX.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\hgGywVLB.dll (Trojan.Vundo) -> Delete on reboot. Registry Keys Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e2f07b43-b06a-4863-8f0b-62eac14bbee7} (Trojan.Vundo.H) -> Delete on reboot. HKEY_CLASSES_ROOT\CLSID\{e2f07b43-b06a-4863-8f0b-62eac14bbee7} (Trojan.Vundo.H) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{feead861-8455-42f3-8a7e-b7756084bb36} (Trojan.Vundo.H) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\hggywvlb (Trojan.Vundo.H) -> Delete on reboot. HKEY_CLASSES_ROOT\CLSID\{feead861-8455-42f3-8a7e-b7756084bb36} (Trojan.Vundo.H) -> Delete on reboot. HKEY_CLASSES_ROOT\CLSID\{882cb10f-6fb7-4f3e-a3ce-a40ed36640da} (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DFC (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DInf (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DnngCon (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\TypeLib\{a7b2a7c4-f024-4102-9833-7e4118524146} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{52544a8c-fe78-4335-ae08-6516b8d6e833} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{be61601d-ad8c-43eb-b544-6f011f47deb7} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{955eea90-3b73-4571-ac04-84e90ba56b91} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{955eea90-3b73-4571-ac04-84e90ba56b91} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{32b393c4-f9c4-42a2-b374-b96fde1412c0} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\TypeLib\{90a5c022-f23d-4158-822e-89572b82eecd} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{24e25881-f4ea-49fd-8414-f895673d6919} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{d5ea3c8b-5074-4c2e-a15e-37aa47c40aa8} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSPlugin (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\qalkfxor.bnmt (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\qalkfxor.toolbar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{feead861-8455-42f3-8a7e-b7756084bb36} (Trojan.Vundo) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\pdoskegl (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\c8788331 (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\antivirus (Rogue.MSAntivirus) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\antivirus (Rogue.MSAntivirus) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\vie1b8.exe (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\vie1b9.exe (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\vie1bd.exe (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\vie1be.exe (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\vie1d3.exe (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\vie1.exe (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\vie2.exe (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\vie3.exe (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\vie6.exe (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\vie10.exe (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\vie4.exe (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\vie11.exe (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\vie12.exe (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\vie1b8.exe (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\vie1b9.exe (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\vie1bd.exe (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\vie1be.exe (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\vie1d3.exe (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\vie1.exe (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\vie2.exe (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\vie3.exe (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\vie6.exe (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\vie10.exe (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\vie4.exe (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\vie11.exe (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\vie12.exe (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\rqbmvpso (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{d5ea3c8b-5074-4c2e-a15e-37aa47c40aa8} (Trojan.FakeAlert) -> Quarantined and deleted successfully. Registry Data Items Infected: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\khfevmfx -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\khfevmfx -> Delete on reboot. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page (Hijack.Homepage) -> Bad: (http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2) Good: (http://www.google.com/) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProductId (Trojan.FakeAlert) -> Bad: (VIRUS ALERT!) Good: () -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Control Panel\International\sTimeFormat (Trojan.FakeAlert) -> Bad: (HH:mm: VIRUS ALERT!) Good: (h:mm:ss tt) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowControlPanel (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowRun (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowHelp (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyDocs (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyComputer (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\StartMenuLogOff (Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoStartMenuMorePrograms (Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\StartMenuLogOff (Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDrives (Hijack.Drives) -> Bad: (12) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoToolbarCustomize (Hijack.Explorer) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Folders Infected: C:\Program Files\PCHealthCenter (Trojan.Fakealert) -> Quarantined and deleted successfully. Files Infected: C:\WINDOWS\system32\khfEVMFX.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\XFMVEfhk.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\XFMVEfhk.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\hgGywVLB.dll (Trojan.Vundo.H) -> Delete on reboot. C:\Documents and Settings\bryan\Local Settings\Temporary Internet Files\Content.IE5\LL89VP3Q\cntr[1] (Trojan.Vundo) -> Quarantined and deleted successfully. C:\Documents and Settings\bryan\Local Settings\Temporary Internet Files\Content.IE5\LL89VP3Q\cntr[1].gif (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\etba.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\pdoskegl.dll (Trojan.Zlob) -> Quarantined and deleted successfully. C:\WINDOWS\system32\cxvumu.dll (Trojan.Vundo) -> Delete on reboot. C:\WINDOWS\system32\hevhlefa.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\wspivxme.dll (Trojan.Vundo) -> Delete on reboot. C:\WINDOWS\system32\wvUkJayA.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\Program Files\PCHealthCenter\0.exe (Trojan.Fakealert) -> Quarantined and deleted successfully. C:\Program Files\PCHealthCenter\0.gif (Trojan.Fakealert) -> Quarantined and deleted successfully. C:\Program Files\PCHealthCenter\1.gif (Trojan.Fakealert) -> Quarantined and deleted successfully. C:\Program Files\PCHealthCenter\1.ico (Trojan.Fakealert) -> Quarantined and deleted successfully. C:\Program Files\PCHealthCenter\2.gif (Trojan.Fakealert) -> Quarantined and deleted successfully. C:\Program Files\PCHealthCenter\2.ico (Trojan.Fakealert) -> Quarantined and deleted successfully. C:\Program Files\PCHealthCenter\3.gif (Trojan.Fakealert) -> Quarantined and deleted successfully. C:\Program Files\PCHealthCenter\5.exe (Trojan.Fakealert) -> Quarantined and deleted successfully. C:\Program Files\PCHealthCenter\sc.html (Trojan.Fakealert) -> Quarantined and deleted successfully. C:\Program Files\MSA\MSA.exe (Rogue.MSAntivirus) -> Quarantined and deleted successfully. C:\Program Files\MSA\msa0.dat (Rogue.MSAntivirus) -> Quarantined and deleted successfully. C:\Program Files\MSA\msa1.dat (Rogue.MSAntivirus) -> Quarantined and deleted successfully. C:\Program Files\MSA\MSA.cpl (Rogue.MSAntivirus) -> Quarantined and deleted successfully. C:\Program Files\MSA\MSA.ooo (Rogue.MSAntivirus) -> Quarantined and deleted successfully. C:\WINDOWS\system32\MSA.cpl (Rogue.MSAntivirus) -> Quarantined and deleted successfully. C:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\rodqgpvlrmk.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\rvoelbxt.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\rqbmvpso.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\qalkfxor.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\bryan\Favorites\Error Cleaner.url (Rogue.Link) -> Quarantined and deleted successfully. C:\Documents and Settings\bryan\Favorites\Privacy Protector.url (Rogue.Link) -> Quarantined and deleted successfully. C:\Documents and Settings\bryan\Favorites\Spyware&Malware Protection.url (Rogue.Link) -> Quarantined and deleted successfully. Then again this morning: Malwarebytes' Anti-Malware 1.25 Database version: 1090 Windows 5.1.2600 Service Pack 3 8:06:52 AM 8/28/2008 mbam-log-08-28-2008 (08-06-52).txt Scan type: Full Scan (C:\|) Objects scanned: 184849 Time elapsed: 3 hour(s), 27 minute(s), 9 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 2 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 6 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9a451c79-2a7f-4a58-a124-9c6d808505ae} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{9a451c79-2a7f-4a58-a124-9c6d808505ae} (Trojan.Vundo.H) -> Quarantined and deleted successfully. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\WINDOWS\system32\cxvumu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\Documents and Settings\bryan\Local Settings\Temporary Internet Files\Content.IE5\943V3DLS\kb767887[1] (Trojan.Vundo) -> Quarantined and deleted successfully. C:\Documents and Settings\bryan\Local Settings\Temporary Internet Files\Content.IE5\LL89VP3Q\kb456456[1] (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{E4EB6C1C-6349-43A3-B026-E4C9A98987B6}\RP466\A0222888.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{E4EB6C1C-6349-43A3-B026-E4C9A98987B6}\RP466\A0222889.dll (Trojan.Zlob) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{E4EB6C1C-6349-43A3-B026-E4C9A98987B6}\RP466\A0222890.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

I just rid myself of the famous xp 2008 antivirus using jabuck's method last night. The only thing I did different was to run a bit defender scan beforehand. As he stated, you can run a quick scan with malwarebytes which will only take 5 or 10 minutes where as I see you did a full scan which took hours. Since you are asking if you are now clean you can do an online analasys of your hjt log here http://www.hijackthis.de/index.php?... and it should come up clean. Then run a quick scan with malwarebytes, and there should be nothing found. It worked for me.

Run Hijack This , close all windows and browsers except Hijack this, place a check to the left of the following items and press "fix checked": R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: (no name) - {082e2baf-b9cc-4cb1-a20e-1c5b28a1594b} - (no file) O3 - Toolbar: (no name) - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - (no file) O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O20 - AppInit_DLLs: cxvumu.dll O20 - Winlogon Notify: ippcfg - C:\WINDOWS\ Exit Hijack This Please download ComboFix to the desktop from one of the following links: Link1 Link 2 Link 3 Combofix is a powerful tool so follow the instructions exactly or you could damage your computer. Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with Combofix and remove some of its embedded files which may cause "unpredictable results". Click on This Link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask. I your case to run Combofix do the following: 1. Go offline, turn off you McAfee Antivirus,Ad-Aware, Spyware Doctor and Spybot. 2. Run Combofix and save the log. 3. Restart the computer so that the antivirus is running ( leave the other antispyware programs off for now) 4. Post the Combofix log please. Remember to re-enable the protection again afterwards before connecting to the Internet. Double-click combofix.exe Follow the prompts. (Don't click on the window while the program is running or move the mouse, it will cause your system to hang.) Please post the log it produces.

Here is combo fix log: ComboFix 08-08-28.04 - bryan 2008-08-28 20:38:15.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.497 [GMT -6:00] Running from: C:\Documents and Settings\bryan\Desktop\ComboFix.exe * Created a new restore point [color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color] . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\_000007_.tmp.dll C:\WINDOWS\system32\_000008_.tmp.dll C:\WINDOWS\system32\dnc878839e.dat C:\WINDOWS\system32\url(3).dll C:\WINDOWS\system32\url(4).dll . ((((((((((((((((((((((((( Files Created from 2008-07-28 to 2008-08-29 ))))))))))))))))))))))))))))))) . 2067-02-24 16:21 . 2003-02-05 05:02 79,947 --a--c--- C:\WINDOWS\fw20.vxd 2008-08-27 22:22 . 2008-08-27 22:22 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com 2008-08-27 22:21 . 2008-08-27 22:22 <DIR> d-------- C:\Program Files\SUPERAntiSpyware 2008-08-27 22:21 . 2008-08-27 22:21 <DIR> d-------- C:\Documents and Settings\bryan\Application Data\SUPERAntiSpyware.com 2008-08-27 20:08 . 2008-08-27 22:14 355 ---hs---- C:\WINDOWS\system32\emxvipsw.ini 2008-08-27 19:49 . 2008-08-27 19:49 4,590 --a------ C:\WINDOWS\system32\tmp.reg 2008-08-27 19:48 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe 2008-08-27 19:48 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe 2008-08-27 19:48 . 2008-08-26 20:19 88,576 --a------ C:\WINDOWS\system32\AntiXPVSTFix.exe 2008-08-27 19:48 . 2008-08-27 15:17 87,040 --a------ C:\WINDOWS\system32\VACFix.exe 2008-08-27 19:48 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe 2008-08-27 19:48 . 2008-08-14 21:52 82,432 --a------ C:\WINDOWS\system32\IEDFix.C.exe 2008-08-27 19:48 . 2008-08-18 12:19 82,432 --a------ C:\WINDOWS\system32\404Fix.exe 2008-08-27 19:48 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe 2008-08-27 19:48 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe 2008-08-27 19:20 . 2008-08-27 19:20 <DIR> d-------- C:\Documents and Settings\bryan\Application Data\Malwarebytes 2008-08-27 19:19 . 2008-08-17 15:01 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-08-27 19:18 . 2008-08-27 22:14 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-08-27 19:18 . 2008-08-27 19:18 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-08-27 19:18 . 2008-08-17 15:01 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2008-08-27 16:12 . 2008-08-27 22:14 <DIR> d-------- C:\Program Files\MSA 2008-08-26 20:37 . 2001-12-19 11:45 8,576 --a------ C:\WINDOWS\system32\drivers\VCdRom.sys 2008-08-26 18:36 . 2008-08-26 18:36 <DIR> d-------- C:\Documents and Settings\bryan\Application Data\InstallShield 2008-08-26 10:58 . 2008-08-26 10:58 <DIR> d-------- C:\Documents and Settings\bryan\dwhelper 2008-08-24 12:22 . 2008-08-28 20:23 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-08-24 12:22 . 2008-08-24 12:22 1,409 --a------ C:\WINDOWS\QTFont.for 2008-08-19 10:26 . 2008-08-19 10:26 <DIR> d-------- C:\WINDOWS\system32\scripting 2008-08-19 10:26 . 2008-08-19 10:26 <DIR> d-------- C:\WINDOWS\system32\en 2008-08-19 10:26 . 2008-08-19 10:26 <DIR> d-------- C:\WINDOWS\system32\bits 2008-08-19 10:26 . 2008-08-19 10:26 <DIR> d-------- C:\WINDOWS\l2schemas 2008-08-19 10:18 . 2008-08-19 10:28 <DIR> d-------- C:\WINDOWS\ServicePackFiles 2008-08-19 09:51 . 2008-08-19 09:51 <DIR> d-------- C:\WINDOWS\EHome 2008-08-19 09:19 . 2008-04-13 18:12 276,992 --------- C:\WINDOWS\system32\wmphoto.dll 2008-08-19 09:17 . 2008-04-13 18:12 412,160 --------- C:\WINDOWS\system32\photometadatahandler.dll 2008-08-19 09:16 . 2008-04-13 18:12 1,737,856 --------- C:\WINDOWS\system32\mtxparhd.dll 2008-08-19 09:15 . 2008-04-13 18:11 397,312 --------- C:\WINDOWS\system32\mmcex.dll 2008-08-19 09:14 . 2004-08-03 22:41 1,041,536 --------- C:\WINDOWS\system32\drivers\hsfdpsp2.sys 2008-08-19 09:14 . 2004-08-03 22:41 685,056 --------- C:\WINDOWS\system32\drivers\hsfcxts2.sys 2008-08-19 09:14 . 2004-08-03 22:41 220,032 --------- C:\WINDOWS\system32\drivers\hsfbs2s2.sys 2008-08-19 09:14 . 2008-04-13 10:36 144,384 --------- C:\WINDOWS\system32\drivers\hdaudbus.sys 2008-08-19 09:14 . 2008-04-13 12:36 46,464 --------- C:\WINDOWS\system32\drivers\gagp30kx.sys 2008-08-19 09:14 . 2008-04-13 18:11 32,285 --------- C:\WINDOWS\system32\hsfcisp2.dll 2008-08-19 09:14 . 2008-04-13 12:46 25,600 --------- C:\WINDOWS\system32\drivers\hidbth.sys 2008-08-19 09:14 . 2008-04-13 12:45 19,200 --------- C:\WINDOWS\system32\drivers\hidir.sys 2008-08-19 09:14 . 2007-09-17 02:48 1,261 --------- C:\WINDOWS\system32\pid.inf 2008-08-19 09:12 . 2008-04-13 18:11 1,888,992 --------- C:\WINDOWS\system32\ati3duag.dll 2008-08-19 09:11 . 2008-04-13 18:11 136,192 --------- C:\WINDOWS\system32\aaclient.dll 2008-08-19 09:11 . 2008-04-13 12:36 44,928 --------- C:\WINDOWS\system32\drivers\agpcpq.sys 2008-08-19 09:11 . 2008-04-13 18:11 4,255 --------- C:\WINDOWS\system32\drivers\adv01nt5.dll 2008-08-19 09:11 . 2008-04-13 18:11 3,967 --------- C:\WINDOWS\system32\drivers\adv02nt5.dll 2008-08-19 09:11 . 2008-04-13 18:11 3,775 --------- C:\WINDOWS\system32\drivers\adv11nt5.dll 2008-08-19 09:11 . 2008-04-13 18:11 3,711 --------- C:\WINDOWS\system32\drivers\adv09nt5.dll 2008-08-19 09:11 . 2008-04-13 18:11 3,647 --------- C:\WINDOWS\system32\drivers\adv07nt5.dll 2008-08-19 09:11 . 2008-04-13 18:11 3,615 --------- C:\WINDOWS\system32\drivers\adv05nt5.dll 2008-08-19 09:11 . 2008-04-13 18:11 3,135 --------- C:\WINDOWS\system32\drivers\adv08nt5.dll 2008-08-16 15:59 . 2008-08-23 11:50 <DIR> d-------- C:\Program Files\Zune 2008-08-16 15:03 . 2008-08-16 15:03 <DIR> d-------- C:\Program Files\Sun 2008-08-16 13:45 . 2008-08-16 14:45 <DIR> d-------- C:\Program Files\Zune(2) 2008-08-16 13:45 . 2008-08-20 03:25 21,095,692 --a------ C:\WINDOWS\setupapi.log.4.old 2008-08-16 13:45 . 2008-08-18 18:36 8,438,717 --a------ C:\WINDOWS\setupapi.log.0.old 2008-08-16 13:45 . 2008-08-19 14:07 6,151,894 --a------ C:\WINDOWS\setupapi.log.2.old 2008-08-16 13:45 . 2008-08-19 15:12 1,975,806 --a------ C:\WINDOWS\setupapi.log.3.old 2008-08-16 13:45 . 2008-08-19 10:40 1,772,380 --a------ C:\WINDOWS\setupapi.log.1.old 2008-08-14 21:35 . 2008-04-11 13:04 691,712 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll 2008-08-04 16:09 . 2008-08-04 16:09 <DIR> d----c--- C:\Documents and Settings\madison\Application Data\Nero 2008-08-04 12:22 . 2008-08-16 14:48 <DIR> d-------- C:\Program Files\Common Files\AnswerWorks 5.0 2008-08-04 12:21 . 2008-08-04 12:21 <DIR> d-------- C:\Program Files\Common Files\Intuit 2008-08-04 12:21 . 2008-08-04 12:21 <DIR> d-------- C:\Documents and Settings\bryan\Application Data\Intuit 2008-08-04 12:20 . 2008-08-16 14:48 <DIR> d-------- C:\Program Files\Quicken 2008-08-04 12:19 . 2008-08-04 12:19 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Intuit 2008-08-01 01:40 . 2008-08-16 14:48 <DIR> d----c--- C:\TempDVD 2008-07-29 01:26 . 2008-07-29 01:26 <DIR> d-------- C:\Documents and Settings\bryan\Application Data\Nero 2008-07-29 01:20 . 2008-07-29 01:20 <DIR> d-------- C:\Program Files\Nero 2008-07-29 01:20 . 2008-08-16 14:48 <DIR> d-------- C:\Program Files\Common Files\Nero 2008-07-29 01:20 . 2008-08-16 14:48 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Nero . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-08-29 02:28 --------- d-----w C:\Documents and Settings\bryan\Application Data\SiteAdvisor 2008-08-28 14:29 --------- dc--a-w C:\Documents and Settings\All Users\Application Data\TEMP 2008-08-28 14:29 --------- d-----w C:\Program Files\Spyware Doctor 2008-08-28 04:42 160,792 ----a-w C:\WINDOWS\system32\drivers\pctfw2.sys 2008-08-28 02:08 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2008-08-27 22:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-08-27 21:53 --------- d-----w C:\Documents and Settings\bryan\Application Data\UseNeXT 2008-08-27 19:16 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-08-27 00:13 --------- d-----w C:\Program Files\Microsoft Games 2008-08-23 18:18 --------- d-----w C:\Documents and Settings\bryan\Application Data\My Games 2008-08-23 18:05 --------- d-----w C:\Program Files\Microsoft Windows Vista Upgrade Advisor 2008-08-23 18:01 --------- d-----w C:\Program Files\Cimaware 2008-08-23 18:01 --------- d-----w C:\Program Files\CCleaner 2008-08-20 16:17 36,352 -c--a-w C:\Documents and Settings\bryan\Application Data\GDIPFONTCACHEV1.DAT 2008-08-17 04:19 --------- d-----w C:\Program Files\Microsoft USB Flash Drive Manager 2008-08-16 21:20 --------- d-----w C:\Program Files\McAfee 2008-08-16 21:02 --------- d-----w C:\Program Files\Java 2008-08-16 20:49 --------- d-----w C:\Program Files\Total Video Converter 2008-08-16 20:48 --------- d-----w C:\Program Files\Common Files\Ahead 2008-08-16 20:48 --------- d-----w C:\Program Files\Ahead 2008-08-08 21:34 --------- d-----w C:\Documents and Settings\bryan\Application Data\Vso 2008-07-11 17:51 --------- d-----w C:\Program Files\Common Files\McAfee 2008-07-07 20:26 253,952 ----a-w C:\WINDOWS\system32\es.dll 2008-06-30 20:44 --------- d-----w C:\Documents and Settings\bryan\Application Data\foobar2000 2008-06-24 16:43 74,240 ----a-w C:\WINDOWS\system32\mscms.dll 2008-06-23 16:57 826,368 ----a-w C:\WINDOWS\system32\wininet.dll 2008-06-20 17:46 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll 2006-07-28 00:10 81,920 -c--a-w C:\Documents and Settings\bryan\Application Data\ezpinst.exe 2006-07-28 00:10 47,360 -c--a-w C:\Documents and Settings\bryan\Application Data\pcouffin.sys 2006-01-07 18:17 65 -c--a-w C:\Program Files\Common Files\appop.log . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 18:12 15360] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2008-04-13 18:12 1695232] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 21:05 204288] "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-08-19 23:34 1576176] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-10-10 22:49 7286784] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-10-10 22:49 86016] "Launch LGDCore"="C:\Program Files\Logitech\G-series Software\LGDCore.exe" [2005-08-23 07:36 1110079] "Launch LCDMon"="C:\Program Files\Logitech\G-series Software\LCDMon.exe" [2005-08-23 07:22 188416] "Windows Media Connect 2"="C:\Program Files\Windows Media Connect 2\WMCCFG.exe" [2006-10-18 22:58 8704] "McAfee Backup"="C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe" [2007-01-16 14:59 4838952] "MBkLogOnHook"="C:\Program Files\McAfee\MBK\LogOnHook.exe" [2007-01-08 12:22 20480] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048] "mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-11-01 19:12 582992] "Zune Launcher"="c:\Program Files\Zune\ZuneLauncher.exe" [2008-04-29 19:56 158624] "nwiz"="nwiz.exe" [2005-10-10 22:49 1519616 C:\WINDOWS\system32\nwiz.exe] "SoundMan"="SOUNDMAN.EXE" [2006-06-21 05:42 577536 C:\WINDOWS\soundman.exe] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-06-12 21:26:39 113664] Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 03:38:16 29696] Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.exe [2001-02-13 01:01:04 83360] Service Manager.lnk - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2000-08-06 01:03:20 69632] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoBandCustomize"= 0 (0x0) "NoMovingBands"= 0 (0x0) "NoCloseDragDropBands"= 0 (0x0) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 10:13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2008-07-23 16:28 352256 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] SecurityProviders msapsspc.dllschannel.dlldigest.dllmsnsspc.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mfehidk] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mfehidk.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mferkdk] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mferkdk.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mfetdik] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mfetdik.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2008-03-28 23:37 413696 C:\Program Files\QuickTime\QTTask.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background "swg"=C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe "AnyDVD"=C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "WINCINEMAMGR"="C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe" "HPDJ Taskbar Utility"=C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime "NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Ares Ultra\\Ares Ultra.exe"= "C:\\WINDOWS\\system32\\svchost.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\McAfee\\MBK\\McAfeeDataBackup.exe"= "C:\\Program Files\\Mozilla Firefox\\firefox.exe"= "C:\\Program Files\\uTorrent\\uTorrent.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= "C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"= R0 fasttrak;fasttrak;C:\WINDOWS\system32\DRIVERS\fasttrak.sys [2003-04-25 16:20] R0 Hpt366;Hpt366;C:\WINDOWS\system32\DRIVERS\Hpt366.sys [2000-04-27 14:47] R0 ivicd;Ivi CDVD Filter Driver;C:\WINDOWS\system32\drivers\ivicd.sys [2005-01-12 07:29] R0 SI3112r;Silicon Image SiI 3112 SATARaid Controller;C:\WINDOWS\system32\DRIVERS\SI3112r.sys [2004-08-27 17:18] R1 pctfw2;pctfw2;C:\WINDOWS\system32\drivers\pctfw2.sys [2008-08-27 22:42] R1 vcdrom;Virtual CD-ROM Device Driver;C:\WINDOWS\system32\drivers\VCdRom.sys [2001-12-19 11:45] R2 NwSapAgent;SAP Agent;C:\WINDOWS\system32\svchost.exe [2008-04-13 18:12] R2 zumbus;Zune Bus Enumerator Driver;C:\WINDOWS\system32\DRIVERS\zumbus.sys [2008-04-29 19:39] R2 ZuneBusEnum;Zune Bus Enumerator;c:\WINDOWS\system32\ZuneBusEnum.exe [2008-04-29 19:56] R3 iviudf;iviudf;C:\WINDOWS\system32\drivers\IviUdf.sys [2005-01-12 21:28] S3 ZuneWlanCfgSvc;Zune Wireless Configuration Service;c:\WINDOWS\system32\ZuneWlanCfgSvc.exe [2008-04-29 19:56] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\Y] \Shell\AutoRun\command - Y:\blank.exe *Newly Created Service* - CATCHME *Newly Created Service* - PROCEXP90 . Contents of the 'Scheduled Tasks' folder 2008-08-15 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57] 2007-12-24 C:\WINDOWS\Tasks\McDefragTask.job - c:\PROGRA~1\mcafee\mqc\QcConsol.exe [2007-12-04 13:32] 2008-08-01 C:\WINDOWS\Tasks\McQcTask.job - c:\PROGRA~1\mcafee\mqc\QcConsol.exe [2007-12-04 13:32] 2006-06-12 C:\WINDOWS\Tasks\XoftSpy.job - C:\Program Files\XoftSpy\XoftSpy.exe [] 2008-08-29 C:\WINDOWS\Tasks\XoftSpySE 2.job - C:\Program Files\XoftSpySE\XoftSpy.exe [2007-10-24 12:59] 2008-08-19 C:\WINDOWS\Tasks\XoftSpySE.job - C:\Program Files\XoftSpySE\XoftSpy.exe [2007-10-24 12:59] . - - - - ORPHANS REMOVED - - - - MSConfigStartUp-ParetoLogic Anti-Spyware - C:\Program Files\ParetoLogic\Anti-Spyware\Pareto_AS.exe . ------- Supplementary Scan ------- . FireFox -: Profile - C:\Documents and Settings\bryan\Application Data\Mozilla\Firefox\Profiles\pt69jmi4.default\ FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.com/ig?client=firefox-a&rls=org.mozilla:en-US:official&ie=UTF-8&oe=UTF-8&hl=en&channel=s&q=&tab=iw FF -: plugin - C:\Program Files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll FF -: plugin - C:\Program Files\Yahoo!\Common\npyaxmpb.dll . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-28 20:43:51 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run McAfee Backup = C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe????????????????????????????????????????????????????????????????????????????????? scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-08-28 20:46:09 ComboFix-quarantined-files.txt 2008-08-29 02:45:53 Pre-Run: 32,010,518,528 bytes free Post-Run: 32,261,029,888 bytes free 265 --- E O F --- 2008-08-20 09:28:58

Empty the restore folder. Go to start>control panel>system>system restore tab>check the box beside "turn off system restore>apply (takes a minute)>ok. Go back and uncheck the box to turn system restore back on>apply>ok. Download ATF Cleaner from this link: http://www.majorgeeks.com/ATF_Cleaner_d4949.html Run ATF-Cleaner Double-click ATF-Cleaner.exe to run the program. Under Main choose: Select All Click the Empty Selected button. Let us know how the computer is operating please.