u2kid22

Everything updated ok. The system seems to be running fine. Thanks for your help.

Here are the log files for combo fix, eset, and security check. It seems like the system is running ok. Is it ok that the avira software has files in quarantine? combofix log: ComboFix 11-05-06.05 - teacher 05/07/2011 12:20:06.4.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.525 [GMT -6:00] Running from: c:\documents and settings\teacher\Desktop\ComboFix.exe AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7} . . ((((((((((((((((((((((((( Files Created from 2011-04-07 to 2011-05-07 ))))))))))))))))))))))))))))))) . . 2011-04-26 22:40 . 2011-04-30 18:20 -------- d-----w- c:\windows\system32\NtmsData 2011-04-26 22:39 . 2011-04-26 22:39 -------- d-----w- c:\documents and settings\teacher\Application Data\Avira 2011-04-26 22:34 . 2011-04-26 22:34 -------- d-----w- c:\program files\Avira 2011-04-26 22:34 . 2011-04-26 22:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira 2011-04-26 22:34 . 2011-03-04 22:11 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys 2011-04-26 22:34 . 2011-03-04 20:37 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2011-04-26 22:34 . 2010-06-17 20:27 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys 2011-04-26 22:34 . 2010-06-17 20:27 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys 2011-04-26 02:39 . 2011-04-26 02:39 -------- d-----w- c:\documents and settings\teacher\Application Data\Malwarebytes 2011-04-26 02:38 . 2010-12-21 00:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-04-26 02:38 . 2011-04-26 02:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2011-04-26 02:38 . 2011-04-26 02:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-04-26 02:38 . 2010-12-21 00:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-04-26 02:05 . 2011-04-26 02:05 -------- d-s---w- c:\documents and settings\NetworkService\UserData 2011-04-26 01:14 . 2011-04-26 01:15 -------- d-----w- C:\SAVINST 2011-04-26 00:40 . 2011-04-26 01:29 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-05-07 18:07 . 2008-06-30 13:46 17408 ----a-w- c:\windows\system32\rpcnetp.exe 2011-05-07 18:07 . 2008-06-30 13:50 56680 ----a-w- c:\windows\system32\rpcnet.dll 2011-04-23 19:45 . 2008-06-30 13:47 17408 ----a-w- c:\windows\system32\rpcnetp.dll 2011-03-07 05:33 . 2004-08-04 08:00 692736 ----a-w- c:\windows\system32\inetcomm.dll 2011-03-04 06:45 . 2004-08-04 08:00 434176 ----a-w- c:\windows\system32\vbscript.dll 2011-03-03 13:21 . 2004-08-04 08:00 1857920 ----a-w- c:\windows\system32\win32k.sys 2011-02-17 13:51 . 2004-08-04 08:00 81920 ----a-w- c:\windows\system32\ieencode.dll 2011-02-17 13:51 . 2004-08-04 08:00 667136 ----a-w- c:\windows\system32\wininet.dll 2011-02-17 13:51 . 2004-08-04 08:00 61952 ----a-w- c:\windows\system32\tdc.ocx 2011-02-17 13:18 . 2004-08-04 08:00 455936 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2011-02-17 13:18 . 2004-08-04 08:00 357888 ----a-w- c:\windows\system32\drivers\srv.sys 2011-02-17 12:37 . 2004-08-04 08:00 369664 ----a-w- c:\windows\system32\html.iec 2011-02-17 12:32 . 2009-05-01 17:45 5120 ----a-w- c:\windows\system32\xpsp4res.dll 2011-02-15 20:33 . 2010-03-17 20:54 34816 ----a-w- c:\windows\system32\identprv.dll 2011-02-15 12:56 . 2004-08-04 08:00 290432 ----a-w- c:\windows\system32\atmfd.dll 2011-02-09 13:53 . 2004-08-04 08:00 270848 ----a-w- c:\windows\system32\sbe.dll 2011-02-09 13:53 . 2004-08-04 08:00 186880 ----a-w- c:\windows\system32\encdec.dll 2011-02-08 13:33 . 2004-08-04 08:00 978944 ----a-w- c:\windows\system32\mfc42.dll 2011-02-08 13:33 . 2004-08-04 08:00 974848 ----a-w- c:\windows\system32\mfc42u.dll 2010-12-01 19:11 . 2010-12-01 19:11 288568 ----a-w- c:\program files\mozilla firefox\plugins\ieatgpc.dll . . ((((((((((((((((((((((((((((( SnapShot@2011-05-04_04.14.38 ))))))))))))))))))))))))))))))))))))))))) . + 2011-05-07 18:07 . 2011-05-07 18:07 16384 c:\windows\Temp\Perflib_Perfdata_1a0.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2009-06-30 2356088] "Skype"="c:\program files\Skype\\Phone\Skype.exe" [2010-05-13 26192168] "Creative Live! Cam Manager"="c:\program files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe" [2007-05-02 151552] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-02-21 819200] "IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-02-21 970752] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1024000] "V0470Mon.exe"="c:\windows\V0470Mon.exe" [2007-06-04 32768] "CarboniteSetupLite"="c:\program files\Carbonite\CarbonitePreinstaller.exe" [2010-11-21 283792] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-30 421888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-01-25 421160] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-03-04 281768] . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^DVD Check.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\DVD Check.lnk backup=c:\windows\pss\DVD Check.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SMART Board Tools.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\SMART Board Tools.lnk backup=c:\windows\pss\SMART Board Tools.lnkCommon Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG] 2005-12-12 21:00 88203 ----a-w- c:\windows\AGRSMMSG.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cpqset] 2006-01-26 20:35 172094 ----a-w- c:\program files\HPQ\Default Settings\Cpqset.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA] 2005-08-31 11:20 122940 ----a-w- c:\windows\system32\DLA\DLACTRLW.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] 2005-02-17 05:11 49152 ----a-w- c:\program files\Hp\HP Software Update\hpwuSchd2.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant] 2006-02-14 16:49 454656 ----a-w- c:\program files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd] 2006-03-23 12:13 77824 ----a-w- c:\windows\system32\hkcmd.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers] 2006-03-23 12:17 118784 ----a-w- c:\windows\system32\igfxpers.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray] 2006-03-23 12:17 94208 ----a-w- c:\windows\system32\igfxtray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2011-01-25 22:08 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsmqIntCert] 2008-04-14 00:11 177152 ----a-w- c:\windows\system32\mqrt.dll . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NGClient] 2005-11-29 00:26 440000 ----a-w- c:\program files\Symantec\Ghost\ngctw32.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2010-11-30 00:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX] 2005-05-06 20:06 716800 ----a-w- c:\program files\Analog Devices\SoundMAX\SMax4.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP] 2005-05-20 08:11 925696 ----a-w- c:\program files\Analog Devices\Core\smax4pnp.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh] 2007-12-06 23:20 1024000 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WatchDog] 2006-09-06 01:02 184320 ----a-w- c:\program files\InterVideo\DVD Check\DVDCheck.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG] 2006-10-19 02:05 204288 ------w- c:\program files\Windows Media Player\wmpnscfg.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "swi_service"=2 (0x2) "Sophos AutoUpdate Service"=2 (0x2) "SAVAdminService"=2 (0x2) "SAVService"=2 (0x2) . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\WINDOWS\\system32\\mqsvc.exe"= "c:\\Program Files\\Symantec\\Ghost\\ngctw32.exe"= "c:\\Novell\\GroupWise\\grpwise.exe"= "c:\\Novell\\GroupWise\\notify.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Documents and Settings\\teacher\\Application Data\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"= "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"= "c:\\Program Files\\SightSpeed\\SightSpeed.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\StreamTorrent 1.0\\StreamTorrent.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= . R0 GhMon;GhostMountMonitor - Boot Phase Driver;c:\windows\system32\drivers\GhMon.sys [11/28/2005 5:35 PM 6560] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [4/26/2011 4:34 PM 136360] R2 NGClient;Symantec Ghost Win32 Client Agent;c:\program files\Symantec\Ghost\ngctw32.exe [11/28/2005 6:26 PM 440000] R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [2/28/2006 11:05 AM 88192] R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [10/21/2005 5:19 AM 36352] S0 GhPostConfig;GhostPostConfig - Boot Phase Driver;c:\windows\system32\drivers\ghpcw2k.sys [11/28/2005 5:36 PM 199264] S2 GhPostConfig_Auto;GhostPostConfig - Auto Phase Driver;c:\windows\system32\drivers\ghpcw2k.sys [11/28/2005 5:36 PM 199264] S3 VF0470Vid;Live! Cam Notebook (VF0470);c:\windows\system32\drivers\V0470Vid.sys [8/29/2009 6:27 PM 146720] . Contents of the 'Scheduled Tasks' folder . 2011-04-17 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 17:50] . 2011-04-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-626518464-2149342555-759126337-1010Core.job - c:\documents and settings\teacher\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-09-22 02:58] . 2011-05-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-626518464-2149342555-759126337-1010UA.job - c:\documents and settings\teacher\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-09-22 02:58] . 2011-04-30 c:\windows\Tasks\Norton Security Scan for teacher.job - c:\program files\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-03-03 12:32] . 2010-04-09 c:\windows\Tasks\wavepadSevenDays.job - c:\program files\NCH Swift Sound\WavePad\wavepad.exe [2010-04-09 15:47] . 2010-04-09 c:\windows\Tasks\wavepadShakeIcon.job - c:\program files\NCH Swift Sound\WavePad\wavepad.exe [2010-04-09 15:47] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.episd.org/ uInternet Connection Wizard,ShellNext = hxxp://www.hp.com/ uInternet Settings,ProxyOverride = *.local IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 Trusted Zone: episd.org\www FF - ProfilePath - c:\documents and settings\teacher\Application Data\Mozilla\Firefox\Profiles\ru1orjlz.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/ FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} FF - Ext: IE Tab: {77b819fa-95ad-4f2c-ac7c-486b356188a9} - %profile%\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9} FF - Ext: BabelFish: {ca0849e8-2c76-42ae-9abe-34e14d337acf} - %profile%\extensions\{ca0849e8-2c76-42ae-9abe-34e14d337acf} FF - Ext: <![CDATA[1-ClickWeather]]>: {DCBD1271-D228-4082-9FBC-36D9B7660B03} - %profile%\extensions\{DCBD1271-D228-4082-9FBC-36D9B7660B03} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\documents and settings\teacher\Application Data\Move Networks FF - user.js: yahoo.ytff.general.dontshowhpoffer - true . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-05-07 12:25 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'explorer.exe'(2320) c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . Completion time: 2011-05-07 12:27:15 ComboFix-quarantined-files.txt 2011-05-07 18:26 . Pre-Run: 7,681,945,600 bytes free Post-Run: 7,666,479,104 bytes free . - - End Of File - - 91B8A191B0315E076CCEA2723FC3E121 ESET log: ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK # version=7 # iexplore.exe=6.00.2900.5512 (xpsp.080413-2105) # OnlineScanner.ocx=1.0.0.6427 # api_version=3.0.2 # EOSSerial=77b8cdd0149de044bad2613e50ce4410 # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2011-05-11 01:32:51 # local_time=2011-05-10 07:32:51 (-0700, Mountain Daylight Time) # country="United States" # lang=9 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=1797 16775145 100 93 0 41498607 218470 0 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # compatibility_mode=9217 16777214 25 9 81185244 81185245 0 0 # scanned=82308 # found=0 # cleaned=0 # scan_time=3915 security check log: Results of screen317's Security Check version 0.99.10 Windows XP Service Pack 3 Internet Explorer 6 Out of date! `````````````````````````````` Antivirus/Firewall Check: Windows Firewall Disabled! Avira AntiVir Personal - Free Antivirus ESET Online Scanner v3 Antivirus out of date! (On Access scanning disabled!) ``````````````````````````````` Anti-malware/Other Utilities Check: Malwarebytes' Anti-Malware Java 6 Update 22 Java 2 Runtime Environment, SE v1.4.2_07 Out of date Java installed! Adobe Flash Player 10.2.152.26 Adobe Reader 8 Out of date Adobe Reader installed! Mozilla Firefox (3.5.19) Firefox Out of Date! ```````````````````````````````` Process Check: objlist.exe by Laurent Avira Antivir avgnt.exe Avira Antivir avguard.exe ``````````End of Log````````````

I was able to remove Sophos, thanks. I have posted the new dds reports and the combo fix report. Avira Antivirus has 11 files in quarantine. What is my next course of action? DDS.tx . DDS (Ver_11-03-05.01) - NTFSx86 Run by teacher at 12:28:39.01 on Sat 05/07/2011 Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_22 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.563 [GMT -6:00] . AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7} . ============== Running Processes =============== . C:\WINDOWS\system32\svchost.exe -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe svchost.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe C:\Program Files\Avira\AntiVir Desktop\avshadow.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Symantec\Ghost\ngctw32.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\rpcnet.exe C:\Program Files\SMART Board Software\SMARTBoardService.exe svchost.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe C:\WINDOWS\system32\mqsvc.exe C:\WINDOWS\system32\mqtgsvc.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\V0470Mon.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe C:\WINDOWS\explorer.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\teacher\Desktop\dds.scr . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.episd.org/ uInternet Connection Wizard,ShellNext = hxxp://www.hp.com/ uInternet Settings,ProxyOverride = *.local uURLSearchHooks: H - No File BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL BHO: CIEDownload Object: {67bcf957-85fc-4036-8dc4-d4d80e00a77b} - c:\program files\smart board software\NotebookPlugin.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File uRun: [AdobeUpdater] "c:\program files\common files\adobe\updater5\AdobeUpdater.exe" uRun: [skype] "c:\program files\skype\\phone\Skype.exe" /nosplash /minimized uRun: [Creative Live! Cam Manager] "c:\program files\creative\creative live! cam\live! cam manager\CTLCMgr.exe" uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe mRun: [intelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe" mRun: [intelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [V0470Mon.exe] c:\windows\V0470Mon.exe mRun: [CarboniteSetupLite] "c:\program files\carbonite\CarbonitePreinstaller.exe" /preinstalled /showonfirst /reshowat=1800 mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: {3C3171BC-1025-43d1-8D1D-61CF4B38A28F} - c:\novell\messen~1\NMCL32.exe IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL Trusted Zone: episd.org\www DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://go.microsoft.com/fwlink/?linkid=67633 DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} - hxxp://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISDataManager.CAB DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1214838563218 DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1214838548281 DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {CAFEEFAC-0014-0002-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15108/CTPID.cab Handler: nim - {3D206AE2-3039-413B-B748-3ACC562EC22A} - c:\novell\messenger\nmcg32.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL Notify: igfxcui - igfxdev.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\docume~1\teacher\applic~1\mozilla\firefox\profiles\ru1orjlz.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/ FF - plugin: c:\documents and settings\teacher\application data\move networks\plugins\npqmp071505000010.dll FF - plugin: c:\documents and settings\teacher\application data\move networks\plugins\npqmp071705000014.dll FF - plugin: c:\documents and settings\teacher\local settings\application data\google\update\1.3.21.53\npGoogleUpdate3.dll FF - plugin: c:\program files\google\picasa3\npPicasa3.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} FF - Ext: IE Tab: {77b819fa-95ad-4f2c-ac7c-486b356188a9} - %profile%\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9} FF - Ext: BabelFish: {ca0849e8-2c76-42ae-9abe-34e14d337acf} - %profile%\extensions\{ca0849e8-2c76-42ae-9abe-34e14d337acf} FF - Ext: <![CDATA[1-ClickWeather]]>: {DCBD1271-D228-4082-9FBC-36D9B7660B03} - %profile%\extensions\{DCBD1271-D228-4082-9FBC-36D9B7660B03} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\documents and settings\teacher\application data\Move Networks . ---- FIREFOX POLICIES ---- FF - user.js: yahoo.ytff.general.dontshowhpoffer - true . ============= SERVICES / DRIVERS =============== . R0 GhMon;GhostMountMonitor - Boot Phase Driver;c:\windows\system32\drivers\GhMon.sys [2005-11-28 6560] R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2011-4-26 11608] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-4-26 136360] R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-4-26 269480] R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-4-26 61960] R2 NGClient;Symantec Ghost Win32 Client Agent;c:\program files\symantec\ghost\ngctw32.exe [2005-11-28 440000] R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [2006-2-28 88192] R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2005-10-21 36352] S0 GhPostConfig;GhostPostConfig - Boot Phase Driver;c:\windows\system32\drivers\ghpcw2k.sys [2005-11-28 199264] S2 GhPostConfig_Auto;GhostPostConfig - Auto Phase Driver;c:\windows\system32\drivers\ghpcw2k.sys [2005-11-28 199264] S3 VF0470Vid;Live! Cam Notebook (VF0470);c:\windows\system32\drivers\V0470Vid.sys [2009-8-29 146720] . =============== Created Last 30 ================ . 2011-04-30 03:26:58 -------- d-sha-r- C:\cmdcons 2011-04-30 03:24:25 98816 ----a-w- c:\windows\sed.exe 2011-04-30 03:24:25 89088 ----a-w- c:\windows\MBR.exe 2011-04-30 03:24:25 256512 ----a-w- c:\windows\PEV.exe 2011-04-30 03:24:25 161792 ----a-w- c:\windows\SWREG.exe 2011-04-26 22:40:20 -------- d-----w- c:\windows\system32\NtmsData 2011-04-26 22:39:58 -------- d-----w- c:\docume~1\teacher\applic~1\Avira 2011-04-26 22:34:07 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2011-04-26 22:34:07 -------- d-----w- c:\program files\Avira 2011-04-26 22:34:07 -------- d-----w- c:\docume~1\alluse~1\applic~1\Avira 2011-04-26 02:39:00 -------- d-----w- c:\docume~1\teacher\applic~1\Malwarebytes 2011-04-26 02:38:55 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-04-26 02:38:54 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes 2011-04-26 02:38:51 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-04-26 02:38:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-04-26 01:14:49 -------- d-----w- C:\SAVINST 2011-04-26 00:40:48 -------- d-----w- c:\docume~1\alluse~1\applic~1\MFAData . ==================== Find3M ==================== . 2011-05-07 18:07:53 17408 ----a-w- c:\windows\system32\rpcnetp.exe 2011-05-07 18:07:51 56680 ----a-w- c:\windows\system32\rpcnet.dll 2011-04-23 19:45:31 17408 ----a-w- c:\windows\system32\rpcnetp.dll 2011-03-07 05:33:50 692736 ----a-w- c:\windows\system32\inetcomm.dll 2011-03-04 06:45:07 434176 ----a-w- c:\windows\system32\vbscript.dll 2011-03-03 13:21:11 1857920 ----a-w- c:\windows\system32\win32k.sys 2011-02-17 13:51:57 81920 ----a-w- c:\windows\system32\ieencode.dll 2011-02-17 13:51:57 667136 ----a-w- c:\windows\system32\wininet.dll 2011-02-17 13:51:57 61952 ----a-w- c:\windows\system32\tdc.ocx 2011-02-17 12:37:38 369664 ----a-w- c:\windows\system32\html.iec 2011-02-17 12:32:12 5120 ----a-w- c:\windows\system32\xpsp4res.dll 2011-02-15 20:33:42 34816 ----a-w- c:\windows\system32\identprv.dll 2011-02-15 12:56:39 290432 ----a-w- c:\windows\system32\atmfd.dll 2011-02-09 13:53:52 270848 ----a-w- c:\windows\system32\sbe.dll 2011-02-09 13:53:52 186880 ----a-w- c:\windows\system32\encdec.dll 2011-02-08 13:33:55 978944 ----a-w- c:\windows\system32\mfc42.dll 2011-02-08 13:33:55 974848 ----a-w- c:\windows\system32\mfc42u.dll . ============= FINISH: 12:34:27.32 =============== Attach.zip

Here are the new logs. I cannot get rid of Sophos. It says I am not a Sophos Administrator. I want to get rid of that one because it does not seem to be working correctly (doesn't update, won't complete a scan). Since I could not uninstall I went into msconfig and prevented it from starting. Only Antivir is running now. Will that be ok? Here are the logs DDS.txt . DDS (Ver_11-03-05.01) - NTFSx86 Run by teacher at 22:23:13.21 on Tue 05/03/2011 Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_22 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.536 [GMT -6:00] . AV: Sophos Anti-Virus *Disabled/Updated* {3F13C776-3CBE-4DE9-8BF6-09E5183CA2BD} AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7} . ============== Running Processes =============== . C:\WINDOWS\system32\savedump.exe C:\WINDOWS\system32\svchost.exe -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe svchost.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Avira\AntiVir Desktop\sched.exe svchost.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Avira\AntiVir Desktop\avshadow.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Symantec\Ghost\ngctw32.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\rpcnet.exe C:\Program Files\SMART Board Software\SMARTBoardService.exe svchost.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe C:\WINDOWS\system32\mqsvc.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\V0470Mon.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\WINDOWS\system32\mqtgsvc.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\control.exe C:\Documents and Settings\teacher\Desktop\dds.scr . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.episd.org/ uInternet Connection Wizard,ShellNext = hxxp://www.hp.com/ uInternet Settings,ProxyOverride = *.local uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: Sophos Web Content Scanner: {39ea7695-b3f2-4c44-a4bc-297ada8fd235} - c:\program files\sophos\sophos anti-virus\SophosBHO.dll BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL BHO: CIEDownload Object: {67bcf957-85fc-4036-8dc4-d4d80e00a77b} - c:\program files\smart board software\NotebookPlugin.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn\YTSingleInstance.dll TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll uRun: [AdobeUpdater] "c:\program files\common files\adobe\updater5\AdobeUpdater.exe" uRun: [skype] "c:\program files\skype\\phone\Skype.exe" /nosplash /minimized uRun: [Creative Live! Cam Manager] "c:\program files\creative\creative live! cam\live! cam manager\CTLCMgr.exe" uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messenger\YahooMessenger.exe" -quiet uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe mRun: [intelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe" mRun: [intelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [V0470Mon.exe] c:\windows\V0470Mon.exe mRun: [CarboniteSetupLite] "c:\program files\carbonite\CarbonitePreinstaller.exe" /preinstalled /showonfirst /reshowat=1800 mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\sophos~1.lnk - c:\program files\sophos\autoupdate\ALMon.exe IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: {3C3171BC-1025-43d1-8D1D-61CF4B38A28F} - c:\novell\messen~1\NMCL32.exe IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL Trusted Zone: episd.org\www DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://go.microsoft.com/fwlink/?linkid=67633 DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} - hxxp://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISDataManager.CAB DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1214838563218 DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1214838548281 DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {CAFEEFAC-0014-0002-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15108/CTPID.cab Handler: nim - {3D206AE2-3039-413B-B748-3ACC562EC22A} - c:\novell\messenger\nmcg32.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL Notify: igfxcui - igfxdev.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\docume~1\teacher\applic~1\mozilla\firefox\profiles\ru1orjlz.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/ FF - plugin: c:\documents and settings\teacher\application data\move networks\plugins\npqmp071505000010.dll FF - plugin: c:\documents and settings\teacher\application data\move networks\plugins\npqmp071705000014.dll FF - plugin: c:\documents and settings\teacher\local settings\application data\google\update\1.3.21.53\npGoogleUpdate3.dll FF - plugin: c:\documents and settings\teacher\local settings\application data\yahoo!\browserplus\2.9.8\plugins\npybrowserplus_2.9.8.dll FF - plugin: c:\program files\google\picasa3\npPicasa3.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll FF - plugin: c:\program files\veetle\player\npvlc.dll FF - plugin: c:\program files\veetle\plugins\npVeetle.dll FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} FF - Ext: IE Tab: {77b819fa-95ad-4f2c-ac7c-486b356188a9} - %profile%\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9} FF - Ext: BabelFish: {ca0849e8-2c76-42ae-9abe-34e14d337acf} - %profile%\extensions\{ca0849e8-2c76-42ae-9abe-34e14d337acf} FF - Ext: <![CDATA[1-ClickWeather]]>: {DCBD1271-D228-4082-9FBC-36D9B7660B03} - %profile%\extensions\{DCBD1271-D228-4082-9FBC-36D9B7660B03} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\documents and settings\teacher\application data\Move Networks . ---- FIREFOX POLICIES ---- FF - user.js: yahoo.ytff.general.dontshowhpoffer - true . ============= SERVICES / DRIVERS =============== . R0 GhMon;GhostMountMonitor - Boot Phase Driver;c:\windows\system32\drivers\GhMon.sys [2005-11-28 6560] R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2011-4-26 11608] R1 SAVOnAccessControl;SAVOnAccessControl;c:\windows\system32\drivers\savonaccesscontrol.sys [2007-4-10 153344] R1 SAVOnAccessFilter;SAVOnAccessFilter;c:\windows\system32\drivers\savonaccessfilter.sys [2007-4-10 24064] R2 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-5-12 611664] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-4-26 136360] R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-4-26 269480] R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-4-26 61960] R2 NGClient;Symantec Ghost Win32 Client Agent;c:\program files\symantec\ghost\ngctw32.exe [2005-11-28 440000] R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [2006-2-28 88192] R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2005-10-21 36352] S0 GhPostConfig;GhostPostConfig - Boot Phase Driver;c:\windows\system32\drivers\ghpcw2k.sys [2005-11-28 199264] S2 GhPostConfig_Auto;GhostPostConfig - Auto Phase Driver;c:\windows\system32\drivers\ghpcw2k.sys [2005-11-28 199264] S3 VF0470Vid;Live! Cam Notebook (VF0470);c:\windows\system32\drivers\V0470Vid.sys [2009-8-29 146720] S4 SAVAdminService;Sophos Anti-Virus status reporter;c:\program files\sophos\sophos anti-virus\SAVAdminService.exe [2010-10-8 163056] S4 SAVService;Sophos Anti-Virus;c:\program files\sophos\sophos anti-virus\SavService.exe [2010-6-4 97520] S4 Sophos AutoUpdate Service;Sophos AutoUpdate Service;c:\program files\sophos\autoupdate\ALsvc.exe [2010-2-3 175144] S4 SophosBootDriver;SophosBootDriver;c:\windows\system32\drivers\SophosBootDriver.sys [2008-9-30 14976] S4 swi_service;Sophos Web Intelligence Service;c:\program files\sophos\sophos anti-virus\web intelligence\swi_service.exe [2010-10-8 1541360] . =============== Created Last 30 ================ . 2011-04-30 03:26:58 -------- d-sha-r- C:\cmdcons 2011-04-30 03:24:25 98816 ----a-w- c:\windows\sed.exe 2011-04-30 03:24:25 89088 ----a-w- c:\windows\MBR.exe 2011-04-30 03:24:25 256512 ----a-w- c:\windows\PEV.exe 2011-04-30 03:24:25 161792 ----a-w- c:\windows\SWREG.exe 2011-04-26 22:40:20 -------- d-----w- c:\windows\system32\NtmsData 2011-04-26 22:39:58 -------- d-----w- c:\docume~1\teacher\applic~1\Avira 2011-04-26 22:34:07 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2011-04-26 22:34:07 -------- d-----w- c:\program files\Avira 2011-04-26 22:34:07 -------- d-----w- c:\docume~1\alluse~1\applic~1\Avira 2011-04-26 02:39:00 -------- d-----w- c:\docume~1\teacher\applic~1\Malwarebytes 2011-04-26 02:38:55 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-04-26 02:38:54 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes 2011-04-26 02:38:51 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-04-26 02:38:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-04-26 01:14:49 -------- d-----w- C:\SAVINST 2011-04-26 00:40:48 -------- d-----w- c:\docume~1\alluse~1\applic~1\MFAData 2011-04-22 23:00:06 -------- d-----w- c:\program files\VlcPlus . ==================== Find3M ==================== . 2011-05-04 04:22:00 17408 ----a-w- c:\windows\system32\rpcnetp.exe 2011-05-04 04:21:57 56680 ----a-w- c:\windows\system32\rpcnet.dll 2011-04-23 19:45:31 17408 ----a-w- c:\windows\system32\rpcnetp.dll 2011-03-07 05:33:50 692736 ----a-w- c:\windows\system32\inetcomm.dll 2011-03-04 06:45:07 434176 ----a-w- c:\windows\system32\vbscript.dll 2011-03-03 13:21:11 1857920 ----a-w- c:\windows\system32\win32k.sys 2011-02-17 13:51:57 81920 ----a-w- c:\windows\system32\ieencode.dll 2011-02-17 13:51:57 667136 ----a-w- c:\windows\system32\wininet.dll 2011-02-17 13:51:57 61952 ----a-w- c:\windows\system32\tdc.ocx 2011-02-17 12:37:38 369664 ----a-w- c:\windows\system32\html.iec 2011-02-17 12:32:12 5120 ----a-w- c:\windows\system32\xpsp4res.dll 2011-02-15 20:33:42 34816 ----a-w- c:\windows\system32\identprv.dll 2011-02-15 12:56:39 290432 ----a-w- c:\windows\system32\atmfd.dll 2011-02-09 13:53:52 270848 ----a-w- c:\windows\system32\sbe.dll 2011-02-09 13:53:52 186880 ----a-w- c:\windows\system32\encdec.dll 2011-02-08 13:33:55 978944 ----a-w- c:\windows\system32\mfc42.dll 2011-02-08 13:33:55 974848 ----a-w- c:\windows\system32\mfc42u.dll . ============= FINISH: 22:24:09.43 =============== Attach.zip

MBAM Log: Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Database version: 6476 Windows 5.1.2600 Service Pack 3 Internet Explorer 6.0.2900.5512 4/29/2011 9:11:10 PM mbam-log-2011-04-29 (21-11-10).txt Scan type: Quick scan Objects scanned: 178974 Time elapsed: 18 minute(s), 16 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) DDS.txt log . DDS (Ver_11-03-05.01) - NTFSx86 Run by teacher at 22:01:44.64 on Fri 04/29/2011 Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_22 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.434 [GMT -6:00] . AV: Sophos Anti-Virus *Enabled/Updated* {3F13C776-3CBE-4DE9-8BF6-09E5183CA2BD} AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7} . ============== Running Processes =============== . C:\WINDOWS\system32\svchost.exe -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe svchost.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe svchost.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Symantec\Ghost\ngctw32.exe C:\Program Files\Avira\AntiVir Desktop\avshadow.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\rpcnet.exe C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe C:\Program Files\SMART Board Software\SMARTBoardService.exe C:\Program Files\Sophos\AutoUpdate\ALsvc.exe svchost.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe C:\WINDOWS\system32\mqsvc.exe C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe C:\WINDOWS\system32\mqtgsvc.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\V0470Mon.exe C:\Program Files\Creative\Photo Manager\CTSGrab.exe C:\Program Files\Carbonite\CarbonitePreinstaller.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Program Files\Sophos\AutoUpdate\ALMon.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\iPod\bin\iPodService.exe C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\explorer.exe C:\Documents and Settings\teacher\Desktop\dds.scr . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.episd.org/ uInternet Connection Wizard,ShellNext = hxxp://www.hp.com/ uInternet Settings,ProxyOverride = *.local uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: Sophos Web Content Scanner: {39ea7695-b3f2-4c44-a4bc-297ada8fd235} - c:\program files\sophos\sophos anti-virus\SophosBHO.dll BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL BHO: CIEDownload Object: {67bcf957-85fc-4036-8dc4-d4d80e00a77b} - c:\program files\smart board software\NotebookPlugin.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn\YTSingleInstance.dll TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll uRun: [AdobeUpdater] "c:\program files\common files\adobe\updater5\AdobeUpdater.exe" uRun: [skype] "c:\program files\skype\\phone\Skype.exe" /nosplash /minimized uRun: [Creative Live! Cam Manager] "c:\program files\creative\creative live! cam\live! cam manager\CTLCMgr.exe" uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messenger\YahooMessenger.exe" -quiet uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe mRun: [intelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe" mRun: [intelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [V0470Mon.exe] c:\windows\V0470Mon.exe mRun: [Photo Manager Screen Capture] c:\program files\creative\photo manager\CTSGrab.exe mRun: [CarboniteSetupLite] "c:\program files\carbonite\CarbonitePreinstaller.exe" /preinstalled /showonfirst /reshowat=1800 mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\sophos~1.lnk - c:\program files\sophos\autoupdate\ALMon.exe IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: {3C3171BC-1025-43d1-8D1D-61CF4B38A28F} - c:\novell\messen~1\NMCL32.exe IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL Trusted Zone: episd.org\www DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://go.microsoft.com/fwlink/?linkid=67633 DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} - hxxp://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISDataManager.CAB DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1214838563218 DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1214838548281 DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {CAFEEFAC-0014-0002-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15108/CTPID.cab Handler: nim - {3D206AE2-3039-413B-B748-3ACC562EC22A} - c:\novell\messenger\nmcg32.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL Notify: igfxcui - igfxdev.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\docume~1\teacher\applic~1\mozilla\firefox\profiles\ru1orjlz.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/ FF - plugin: c:\documents and settings\teacher\application data\move networks\plugins\npqmp071505000010.dll FF - plugin: c:\documents and settings\teacher\application data\move networks\plugins\npqmp071705000014.dll FF - plugin: c:\documents and settings\teacher\local settings\application data\google\update\1.3.21.53\npGoogleUpdate3.dll FF - plugin: c:\documents and settings\teacher\local settings\application data\yahoo!\browserplus\2.9.8\plugins\npybrowserplus_2.9.8.dll FF - plugin: c:\program files\google\picasa3\npPicasa3.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll FF - plugin: c:\program files\veetle\player\npvlc.dll FF - plugin: c:\program files\veetle\plugins\npVeetle.dll FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} FF - Ext: IE Tab: {77b819fa-95ad-4f2c-ac7c-486b356188a9} - %profile%\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9} FF - Ext: BabelFish: {ca0849e8-2c76-42ae-9abe-34e14d337acf} - %profile%\extensions\{ca0849e8-2c76-42ae-9abe-34e14d337acf} FF - Ext: <![CDATA[1-ClickWeather]]>: {DCBD1271-D228-4082-9FBC-36D9B7660B03} - %profile%\extensions\{DCBD1271-D228-4082-9FBC-36D9B7660B03} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\documents and settings\teacher\application data\Move Networks . ---- FIREFOX POLICIES ---- FF - user.js: yahoo.ytff.general.dontshowhpoffer - true . ============= SERVICES / DRIVERS =============== . R0 GhMon;GhostMountMonitor - Boot Phase Driver;c:\windows\system32\drivers\GhMon.sys [2005-11-28 6560] R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2011-4-26 11608] R1 SAVOnAccessControl;SAVOnAccessControl;c:\windows\system32\drivers\savonaccesscontrol.sys [2007-4-10 153344] R1 SAVOnAccessFilter;SAVOnAccessFilter;c:\windows\system32\drivers\savonaccessfilter.sys [2007-4-10 24064] R2 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-5-12 611664] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-4-26 136360] R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-4-26 269480] R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-4-26 61960] R2 NGClient;Symantec Ghost Win32 Client Agent;c:\program files\symantec\ghost\ngctw32.exe [2005-11-28 440000] R2 SAVAdminService;Sophos Anti-Virus status reporter;c:\program files\sophos\sophos anti-virus\SAVAdminService.exe [2010-10-8 163056] R2 SAVService;Sophos Anti-Virus;c:\program files\sophos\sophos anti-virus\SavService.exe [2010-6-4 97520] R2 Sophos AutoUpdate Service;Sophos AutoUpdate Service;c:\program files\sophos\autoupdate\ALsvc.exe [2010-2-3 175144] R2 swi_service;Sophos Web Intelligence Service;c:\program files\sophos\sophos anti-virus\web intelligence\swi_service.exe [2010-10-8 1541360] R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [2006-2-28 88192] R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2005-10-21 36352] S0 GhPostConfig;GhostPostConfig - Boot Phase Driver;c:\windows\system32\drivers\ghpcw2k.sys [2005-11-28 199264] S2 GhPostConfig_Auto;GhostPostConfig - Auto Phase Driver;c:\windows\system32\drivers\ghpcw2k.sys [2005-11-28 199264] S3 VF0470Vid;Live! Cam Notebook (VF0470);c:\windows\system32\drivers\V0470Vid.sys [2009-8-29 146720] S4 SophosBootDriver;SophosBootDriver;c:\windows\system32\drivers\SophosBootDriver.sys [2008-9-30 14976] . =============== Created Last 30 ================ . 2011-04-30 03:37:12 -------- d-----w- C:\ComboFix 2011-04-30 03:26:58 -------- d-sha-r- C:\cmdcons 2011-04-30 03:24:25 98816 ----a-w- c:\windows\sed.exe 2011-04-30 03:24:25 89088 ----a-w- c:\windows\MBR.exe 2011-04-30 03:24:25 256512 ----a-w- c:\windows\PEV.exe 2011-04-30 03:24:25 161792 ----a-w- c:\windows\SWREG.exe 2011-04-26 22:40:20 -------- d-----w- c:\windows\system32\NtmsData 2011-04-26 22:39:58 -------- d-----w- c:\docume~1\teacher\applic~1\Avira 2011-04-26 22:34:07 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2011-04-26 22:34:07 -------- d-----w- c:\program files\Avira 2011-04-26 22:34:07 -------- d-----w- c:\docume~1\alluse~1\applic~1\Avira 2011-04-26 02:39:00 -------- d-----w- c:\docume~1\teacher\applic~1\Malwarebytes 2011-04-26 02:38:55 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-04-26 02:38:54 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes 2011-04-26 02:38:51 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-04-26 02:38:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-04-26 01:14:49 -------- d-----w- C:\SAVINST 2011-04-26 00:40:48 -------- d-----w- c:\docume~1\alluse~1\applic~1\MFAData 2011-04-22 23:00:06 -------- d-----w- c:\program files\VlcPlus 2011-03-31 05:10:12 -------- d-----w- c:\docume~1\teacher\applic~1\com.zoodles.3B7D4B2F97D0C2BDB13554D0687ECC70A3734EDD.1 2011-03-31 05:10:02 -------- d-----w- c:\program files\Zoodles . ==================== Find3M ==================== . 2011-04-30 03:49:37 17408 ----a-w- c:\windows\system32\rpcnetp.exe 2011-04-30 03:49:33 56680 ----a-w- c:\windows\system32\rpcnet.dll 2011-04-23 19:45:31 17408 ----a-w- c:\windows\system32\rpcnetp.dll 2011-03-07 05:33:50 692736 ----a-w- c:\windows\system32\inetcomm.dll 2011-03-04 06:45:07 434176 ----a-w- c:\windows\system32\vbscript.dll 2011-03-03 13:21:11 1857920 ----a-w- c:\windows\system32\win32k.sys 2011-02-17 13:51:57 81920 ----a-w- c:\windows\system32\ieencode.dll 2011-02-17 13:51:57 667136 ----a-w- c:\windows\system32\wininet.dll 2011-02-17 13:51:57 61952 ----a-w- c:\windows\system32\tdc.ocx 2011-02-17 12:37:38 369664 ----a-w- c:\windows\system32\html.iec 2011-02-17 12:32:12 5120 ----a-w- c:\windows\system32\xpsp4res.dll 2011-02-15 20:33:42 34816 ----a-w- c:\windows\system32\identprv.dll 2011-02-15 12:56:39 290432 ----a-w- c:\windows\system32\atmfd.dll 2011-02-09 13:53:52 270848 ----a-w- c:\windows\system32\sbe.dll 2011-02-09 13:53:52 186880 ----a-w- c:\windows\system32\encdec.dll 2011-02-08 13:33:55 978944 ----a-w- c:\windows\system32\mfc42.dll 2011-02-08 13:33:55 974848 ----a-w- c:\windows\system32\mfc42u.dll 2011-02-02 07:58:35 2067456 ----a-w- c:\windows\system32\mstscax.dll . ============= FINISH: 22:02:03.28 =============== Attach.zip

My Sophos antivirus gets stuck at 2% while running a scan. The computer is running much slower than normal. I have run malwarebytes, avira, dds, grem. Here are the log files. Your help is greatly appreciated. malwarebyte log: Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Database version: 6444 Windows 5.1.2600 Service Pack 3 Internet Explorer 6.0.2900.5512 4/25/2011 9:24:30 PM mbam-log-2011-04-25 (21-24-30).txt Scan type: Quick scan Objects scanned: 178114 Time elapsed: 20 minute(s), 41 second(s) Memory Processes Infected: 0 Memory Modules Infected: 1 Registry Keys Infected: 0 Registry Values Infected: 1 Registry Data Items Infected: 2 Folders Infected: 0 Files Infected: 4 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: c:\WINDOWS\ikuqesod.dll (IPH.Trojan.Hiloti.B) -> Delete on reboot. Registry Keys Infected: (No malicious items detected) Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Whonoweturetoz (IPH.Trojan.Hiloti.B) -> Value: Whonoweturetoz -> Delete on reboot. Registry Data Items Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\StartMenuLogoff (PUM.Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (PUM.Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully. Folders Infected: (No malicious items detected) Files Infected: c:\WINDOWS\ikuqesod.dll (IPH.Trojan.Hiloti.B) -> Delete on reboot. c:\documents and settings\teacher\Desktop\vlc_setup.exe (Trojan.FakeVLC) -> Quarantined and deleted successfully. c:\documents and settings\teacher\local settings\Temp\xsmecnrawo.tmp (Trojan.Hiloti) -> Quarantined and deleted successfully. c:\WINDOWS\qdigfin.dll (Trojan.Hiloti) -> Quarantined and deleted successfully. dds.txt . DDS (Ver_11-03-05.01) - NTFSx86 Run by teacher at 21:34:48.90 on Mon 04/25/2011 Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_22 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.408 [GMT -6:00] . AV: Sophos Anti-Virus *Enabled/Updated* {3F13C776-3CBE-4DE9-8BF6-09E5183CA2BD} . ============== Running Processes =============== . C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe svchost.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Symantec\Ghost\ngctw32.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\rpcnet.exe C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe C:\Program Files\SMART Board Software\SMARTBoardService.exe C:\Program Files\Sophos\AutoUpdate\ALsvc.exe svchost.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe C:\WINDOWS\system32\mqsvc.exe C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe C:\WINDOWS\system32\mqtgsvc.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\V0470Mon.exe C:\Program Files\Creative\Photo Manager\CTSGrab.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Documents and Settings\teacher\Local Settings\Application Data\Google\Update\1.3.21.53\GoogleCrashHandler.exe C:\Program Files\Sophos\AutoUpdate\ALMon.exe C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe C:\Program Files\iPod\bin\iPodService.exe C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe C:\WINDOWS\TEMP\sophos_autoupdate1.dir\alupdate.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\teacher\Desktop\dds.scr . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.episd.org/ mDefault_Page_URL = hxxp://www.hp.com uInternet Connection Wizard,ShellNext = hxxp://www.hp.com/ uInternet Settings,ProxyOverride = *.local uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll mWinlogon: Userinit=userinit.exe, BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: Sophos Web Content Scanner: {39ea7695-b3f2-4c44-a4bc-297ada8fd235} - c:\program files\sophos\sophos anti-virus\SophosBHO.dll BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL BHO: CIEDownload Object: {67bcf957-85fc-4036-8dc4-d4d80e00a77b} - c:\program files\smart board software\NotebookPlugin.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn\YTSingleInstance.dll TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll uRun: [AdobeUpdater] "c:\program files\common files\adobe\updater5\AdobeUpdater.exe" uRun: [skype] "c:\program files\skype\\phone\Skype.exe" /nosplash /minimized uRun: [Creative Live! Cam Manager] "c:\program files\creative\creative live! cam\live! cam manager\CTLCMgr.exe" uRun: [Google Update] "c:\documents and settings\teacher\local settings\application data\google\update\GoogleUpdate.exe" /c uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messenger\YahooMessenger.exe" -quiet uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe mRun: [intelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe" mRun: [intelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [V0470Mon.exe] c:\windows\V0470Mon.exe mRun: [Photo Manager Screen Capture] c:\program files\creative\photo manager\CTSGrab.exe mRun: [CarboniteSetupLite] "c:\program files\carbonite\CarbonitePreinstaller.exe" /preinstalled /showonfirst /reshowat=1800 mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\sophos~1.lnk - c:\program files\sophos\autoupdate\ALMon.exe IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: {3C3171BC-1025-43d1-8D1D-61CF4B38A28F} - c:\novell\messen~1\NMCL32.exe IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL Trusted Zone: episd.org\www DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://go.microsoft.com/fwlink/?linkid=67633 DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} - hxxp://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISDataManager.CAB DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1214838563218 DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1214838548281 DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {CAFEEFAC-0014-0002-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15108/CTPID.cab Handler: nim - {3D206AE2-3039-413B-B748-3ACC562EC22A} - c:\novell\messenger\nmcg32.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL Notify: igfxcui - igfxdev.dll AppInit_DLLs: c:\progra~1\sophos\sophos~1\SOPHOS~1.DLL SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\docume~1\teacher\applic~1\mozilla\firefox\profiles\ru1orjlz.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/ FF - plugin: c:\documents and settings\teacher\application data\move networks\plugins\npqmp071505000010.dll FF - plugin: c:\documents and settings\teacher\application data\move networks\plugins\npqmp071705000014.dll FF - plugin: c:\documents and settings\teacher\local settings\application data\google\update\1.3.21.53\npGoogleUpdate3.dll FF - plugin: c:\documents and settings\teacher\local settings\application data\yahoo!\browserplus\2.9.8\plugins\npybrowserplus_2.9.8.dll FF - plugin: c:\program files\google\picasa3\npPicasa3.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll FF - plugin: c:\program files\veetle\player\npvlc.dll FF - plugin: c:\program files\veetle\plugins\npVeetle.dll FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} FF - Ext: IE Tab: {77b819fa-95ad-4f2c-ac7c-486b356188a9} - %profile%\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9} FF - Ext: BabelFish: {ca0849e8-2c76-42ae-9abe-34e14d337acf} - %profile%\extensions\{ca0849e8-2c76-42ae-9abe-34e14d337acf} FF - Ext: <![CDATA[1-ClickWeather]]>: {DCBD1271-D228-4082-9FBC-36D9B7660B03} - %profile%\extensions\{DCBD1271-D228-4082-9FBC-36D9B7660B03} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff FF - Ext: XULRunner: {229B86D7-0FDC-4F2B-9C1F-4CB11649DD45} - c:\documents and settings\teacher\local settings\application data\{229B86D7-0FDC-4F2B-9C1F-4CB11649DD45} FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\documents and settings\teacher\application data\Move Networks . ---- FIREFOX POLICIES ---- FF - user.js: yahoo.ytff.general.dontshowhpoffer - true ============= SERVICES / DRIVERS =============== . R0 GhMon;GhostMountMonitor - Boot Phase Driver;c:\windows\system32\drivers\GhMon.sys [2005-11-28 6560] R0 GhPostConfig;GhostPostConfig - Boot Phase Driver;c:\windows\system32\drivers\ghpcw2k.sys [2005-11-28 199264] R1 SAVOnAccessControl;SAVOnAccessControl;c:\windows\system32\drivers\savonaccesscontrol.sys [2007-4-10 153344] R1 SAVOnAccessFilter;SAVOnAccessFilter;c:\windows\system32\drivers\savonaccessfilter.sys [2007-4-10 24064] R2 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-5-12 611664] R2 NGClient;Symantec Ghost Win32 Client Agent;c:\program files\symantec\ghost\ngctw32.exe [2005-11-28 440000] R2 SAVAdminService;Sophos Anti-Virus status reporter;c:\program files\sophos\sophos anti-virus\SAVAdminService.exe [2010-10-8 163056] R2 SAVService;Sophos Anti-Virus;c:\program files\sophos\sophos anti-virus\SavService.exe [2010-6-4 97520] R2 Sophos AutoUpdate Service;Sophos AutoUpdate Service;c:\program files\sophos\autoupdate\ALsvc.exe [2010-2-3 175144] R2 swi_service;Sophos Web Intelligence Service;c:\program files\sophos\sophos anti-virus\web intelligence\swi_service.exe [2010-10-8 1541360] R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [2006-2-28 88192] R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2005-10-21 36352] S2 GhPostConfig_Auto;GhostPostConfig - Auto Phase Driver;c:\windows\system32\drivers\ghpcw2k.sys [2005-11-28 199264] S3 VF0470Vid;Live! Cam Notebook (VF0470);c:\windows\system32\drivers\V0470Vid.sys [2009-8-29 146720] S4 SophosBootDriver;SophosBootDriver;c:\windows\system32\drivers\SophosBootDriver.sys [2008-9-30 14976] . =============== Created Last 30 ================ . 2011-04-26 02:39:00 -------- d-----w- c:\docume~1\teacher\applic~1\Malwarebytes 2011-04-26 02:38:55 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-04-26 02:38:54 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes 2011-04-26 02:38:51 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-04-26 02:38:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-04-26 01:14:49 -------- d-----w- C:\SAVINST 2011-04-26 00:40:48 -------- d-----w- c:\docume~1\alluse~1\applic~1\MFAData 2011-04-22 23:26:55 -------- d-----w- c:\docume~1\teacher\locals~1\applic~1\{229B86D7-0FDC-4F2B-9C1F-4CB11649DD45} 2011-04-22 23:00:06 -------- d-----w- c:\program files\VlcPlus 2011-03-31 05:10:12 -------- d-----w- c:\docume~1\teacher\applic~1\com.zoodles.3B7D4B2F97D0C2BDB13554D0687ECC70A3734EDD.1 2011-03-31 05:10:02 -------- d-----w- c:\program files\Zoodles . ==================== Find3M ==================== . 2011-04-26 03:26:56 17408 ----a-w- c:\windows\system32\rpcnetp.exe 2011-04-26 03:26:53 56680 ----a-w- c:\windows\system32\rpcnet.dll 2011-04-23 19:45:31 17408 ----a-w- c:\windows\system32\rpcnetp.dll 2011-03-07 05:33:50 692736 ----a-w- c:\windows\system32\inetcomm.dll 2011-03-04 06:45:07 434176 ----a-w- c:\windows\system32\vbscript.dll 2011-03-03 13:21:11 1857920 ----a-w- c:\windows\system32\win32k.sys 2011-02-17 13:51:57 81920 ----a-w- c:\windows\system32\ieencode.dll 2011-02-17 13:51:57 667136 ----a-w- c:\windows\system32\wininet.dll 2011-02-17 13:51:57 61952 ----a-w- c:\windows\system32\tdc.ocx 2011-02-17 12:37:38 369664 ----a-w- c:\windows\system32\html.iec 2011-02-17 12:32:12 5120 ----a-w- c:\windows\system32\xpsp4res.dll 2011-02-15 20:33:42 34816 ----a-w- c:\windows\system32\identprv.dll 2011-02-15 12:56:39 290432 ----a-w- c:\windows\system32\atmfd.dll 2011-02-09 13:53:52 270848 ----a-w- c:\windows\system32\sbe.dll 2011-02-09 13:53:52 186880 ----a-w- c:\windows\system32\encdec.dll 2011-02-08 13:33:55 978944 ----a-w- c:\windows\system32\mfc42.dll 2011-02-08 13:33:55 974848 ----a-w- c:\windows\system32\mfc42u.dll 2011-02-02 07:58:35 2067456 ----a-w- c:\windows\system32\mstscax.dll 2011-01-27 11:57:06 677888 ----a-w- c:\windows\system32\mstsc.exe . ============= FINISH: 21:35:53.81 =============== attach.zip

I have Sophos Endpoint Security and while trying to run a scan of my computer it gets stuck at 2%. I ran malwarebytes and found 8 errors related to Trojan.Hiloti. Any help will be greatly appreciated. Below are the malwarebytes log as well as the dds log and att.txt zip file: Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Database version: 6444 Windows 5.1.2600 Service Pack 3 Internet Explorer 6.0.2900.5512 4/25/2011 9:24:30 PM mbam-log-2011-04-25 (21-24-30).txt Scan type: Quick scan Objects scanned: 178114 Time elapsed: 20 minute(s), 41 second(s) Memory Processes Infected: 0 Memory Modules Infected: 1 Registry Keys Infected: 0 Registry Values Infected: 1 Registry Data Items Infected: 2 Folders Infected: 0 Files Infected: 4 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: c:\WINDOWS\ikuqesod.dll (IPH.Trojan.Hiloti.B) -> Delete on reboot. Registry Keys Infected: (No malicious items detected) Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Whonoweturetoz (IPH.Trojan.Hiloti.B) -> Value: Whonoweturetoz -> Delete on reboot. Registry Data Items Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\StartMenuLogoff (PUM.Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (PUM.Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully. Folders Infected: (No malicious items detected) Files Infected: c:\WINDOWS\ikuqesod.dll (IPH.Trojan.Hiloti.B) -> Delete on reboot. c:\documents and settings\teacher\Desktop\vlc_setup.exe (Trojan.FakeVLC) -> Quarantined and deleted successfully. c:\documents and settings\teacher\local settings\Temp\xsmecnrawo.tmp (Trojan.Hiloti) -> Quarantined and deleted successfully. c:\WINDOWS\qdigfin.dll (Trojan.Hiloti) -> Quarantined and deleted successfully. dds.txt . DDS (Ver_11-03-05.01) - NTFSx86 Run by teacher at 21:34:48.90 on Mon 04/25/2011 Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_22 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.408 [GMT -6:00] . AV: Sophos Anti-Virus *Enabled/Updated* {3F13C776-3CBE-4DE9-8BF6-09E5183CA2BD} . ============== Running Processes =============== . C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe svchost.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Symantec\Ghost\ngctw32.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\rpcnet.exe C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe C:\Program Files\SMART Board Software\SMARTBoardService.exe C:\Program Files\Sophos\AutoUpdate\ALsvc.exe svchost.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe C:\WINDOWS\system32\mqsvc.exe C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe C:\WINDOWS\system32\mqtgsvc.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\V0470Mon.exe C:\Program Files\Creative\Photo Manager\CTSGrab.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Documents and Settings\teacher\Local Settings\Application Data\Google\Update\1.3.21.53\GoogleCrashHandler.exe C:\Program Files\Sophos\AutoUpdate\ALMon.exe C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe C:\Program Files\iPod\bin\iPodService.exe C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe C:\WINDOWS\TEMP\sophos_autoupdate1.dir\alupdate.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\teacher\Desktop\dds.scr . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.episd.org/ mDefault_Page_URL = hxxp://www.hp.com uInternet Connection Wizard,ShellNext = hxxp://www.hp.com/ uInternet Settings,ProxyOverride = *.local uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll mWinlogon: Userinit=userinit.exe, BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: Sophos Web Content Scanner: {39ea7695-b3f2-4c44-a4bc-297ada8fd235} - c:\program files\sophos\sophos anti-virus\SophosBHO.dll BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL BHO: CIEDownload Object: {67bcf957-85fc-4036-8dc4-d4d80e00a77b} - c:\program files\smart board software\NotebookPlugin.dll BHO: Java Attach.zip