Elchupocabra

Yeah! Been waiting to see that post for some time now. Before we close this thread, let me pick your brain real quick. I haven't really been satisfied with the antivirus software options that I have used. (Symantec, Norton, and AVG) They tend to be super annoying and AVG has been my favorite as the other two seem to cause more problems than they prevent. (also helps that AVG is free. Anyway I was wondering what antivirus software you recommend and what you think of the AVG 2011 that AVG insists on me downloading. Also, What are your thoughts on SpybotS&D? Unnecessary if I do the above recommendations? I kinda liked the teatimer but struggled to remember to turn it on when I had to turn it off.

I had it delete the quarantined files and uninstall. Hope that's not a problem. C:\Qoobox\Quarantine\C\WINDOWS\system32\fjhdyfhsn.bat.vir BAT/Agent.NGA trojan cleaned by deleting - quarantined C:\Qoobox\Quarantine\C\WINDOWS\system32\qtplugin.exe.vir a variant of Win32/Kryptik.IGB trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{2134AF20-2523-42E6-84BD-A5F95071EBBE}\RP1\A0001084.exe a variant of Win32/Kryptik.IKS trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{2134AF20-2523-42E6-84BD-A5F95071EBBE}\RP4\A0001516.bat BAT/Agent.NGA trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{2134AF20-2523-42E6-84BD-A5F95071EBBE}\RP4\A0001517.exe a variant of Win32/Kryptik.IGB trojan cleaned by deleting - quarantined

11 infected items! Malwarebytes' Anti-Malware 1.50 www.malwarebytes.org Database version: 5296 Windows 5.1.2600 Service Pack 3 Internet Explorer 7.0.5730.13 12/11/2010 1:39:39 PM mbam-log-2010-12-11 (13-39-39).txt Scan type: Full scan (A:\|C:\|D:\|E:\|G:\|) Objects scanned: 249876 Time elapsed: 1 hour(s), 38 minute(s), 15 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 11 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: c:\Qoobox\quarantine\C\documents and settings\networkservice\application data\svchost.exe.vir (Trojan.Dropper) -> Quarantined and deleted successfully. c:\Qoobox\quarantine\C\program files\microsoft\watermark.exe.vir (Spyware.Passwords.XGen) -> Quarantined and deleted successfully. c:\Qoobox\quarantine\C\WINDOWS\system32\config\systemprofile\application data\svchost.exe.vir (Trojan.Zbot) -> Quarantined and deleted successfully. c:\system volume information\_restore{2134af20-2523-42e6-84bd-a5f95071ebbe}\RP1\A0001001.exe (Trojan.Zbot) -> Quarantined and deleted successfully. c:\system volume information\_restore{2134af20-2523-42e6-84bd-a5f95071ebbe}\RP1\A0001083.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully. c:\system volume information\_restore{2134af20-2523-42e6-84bd-a5f95071ebbe}\RP1\A0001085.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. c:\system volume information\_restore{2134af20-2523-42e6-84bd-a5f95071ebbe}\RP4\A0001511.exe (Trojan.Dropper) -> Quarantined and deleted successfully. c:\system volume information\_restore{2134af20-2523-42e6-84bd-a5f95071ebbe}\RP4\A0001512.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully. c:\system volume information\_restore{2134af20-2523-42e6-84bd-a5f95071ebbe}\RP4\A0001515.exe (Trojan.Zbot) -> Quarantined and deleted successfully. c:\documents and settings\networkservice\application data\abpzlw.dat (Malware.Trace) -> Quarantined and deleted successfully. c:\WINDOWS\system32\config\systemprofile\application data\abpzlw.dat (Malware.Trace) -> Quarantined and deleted successfully.

I tried to update java but it didn't like that I'm running Windows SP2 5.1 so I neeed to update that first. Isn't this stuff supposed to update itself. Automated updates only seem to pop up when I don't want them to; now I can't seem to trigger them. Other than that everything seems to be running fine.

GooredFix by jpshortstuff (03.07.10.1) Log created at 04:02 on 09/01/2005 (Aaron) Firefox version 3.6.12 (en-US) ========== GooredScan ========== Deleting HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions\\{CFE55696-EEEE-4BA7-8BBC-1EAF70550430} -> Success! Deleting C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\{CFE55696-EEEE-4BA7-8BBC-1EAF70550430} -> Success! ========== GooredLog ========== C:\Program Files\Mozilla Firefox\extensions\ {3112ca9c-de6d-4884-a869-9855de68056c} [05:37 05/03/2007] {972ce4c6-7e08-4474-a285-3208198ce6fd} [08:27 11/09/2005] {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} [18:22 26/04/2007] {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} [15:08 16/10/2007] {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} [08:08 04/02/2009] {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} [18:37 21/04/2009] {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} [13:34 13/10/2009] C:\Documents and Settings\Aaron\Application Data\Mozilla\Firefox\Profiles\fp88zdo1.default\extensions\ youtube2mp3@mondayx.de [21:36 27/04/2010] {3112ca9c-de6d-4884-a869-9855de68056c} [19:19 12/04/2010] {463F6CA5-EE3C-4be1-B7E6-7FEE11953374} [23:30 19/09/2010] {463F6CA5-EE3C-4be1-B7E6-7FEE11953374}(2) [20:27 14/09/2007] {463F6CA5-EE3C-4be1-B7E6-7FEE11953374}(3) [19:24 16/09/2007] {987311C6-B504-4aa2-90BF-60CC49808D42} [19:16 15/09/2009] {AE93811A-5C9A-4d34-8462-F7B864FC4696} [17:43 10/11/2010] {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [03:48 06/11/2010] {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} [00:23 23/10/2010] {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}(2) [00:37 25/01/2008] {da7f40f0-8675-11db-b606-0800200c9a66} [18:09 02/05/2010] {E2883E8F-472F-4fb0-9522-AC9BF37916A7} [22:59 20/10/2010] {e968fc70-8f95-4ab9-9e79-304de2a71ee1} [05:01 16/12/2009] [HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions] "jqs@sun.com"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff" [08:08 04/02/2009] -=E.O.F=-

It might have done regular scan because it had to update. I tried it again. Here's the log: ComboFix 10-12-09.04 - Aaron 01/08/2005 19:39:40.6.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2047.1724 [GMT -7:00] Running from: c:\documents and settings\Aaron\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Aaron\Desktop\CFScript.txt FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B} . ((((((((((((((((((((((((( Files Created from 2004-12-09 to 2005-01-09 ))))))))))))))))))))))))))))))) . 2010-11-29 20:49 . 2010-11-29 20:49 -------- d-----w- C:\_OTL 2010-03-20 03:38 . 2010-03-20 03:38 -------- d-----w- C:\Linksys Driver 2009-02-05 06:26 . 2009-02-05 06:26 -------- d-----w- C:\fsaua.data 2008-06-28 12:20 . 2005-01-08 09:34 -------- d-----w- C:\$AVG8.VAULT$ 2007-09-14 20:45 . 2007-09-14 20:45 -------- d-----w- C:\NVIDIA 2007-02-28 22:00 . 2007-02-28 22:00 -------- d-----w- C:\Temp 2005-09-19 04:02 . 2005-09-19 04:03 -------- d-----w- C:\My Downloads 2005-09-15 17:54 . 2005-09-15 17:54 696320 ----a-w- C:\StubInstaller.exe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-08-07 02:24 . 2004-08-04 12:00 96480 ----a-w- c:\windows\system32\cdm.dll 2008-09-04 16:42 . 2004-08-04 12:00 1106944 ----a-w- c:\windows\system32\msxml3(2).dll 2008-04-14 00:11 . 2007-04-30 03:39 39424 ----a-w- c:\windows\apppatch\acadproc.dll 2006-10-23 15:17 . 2004-08-04 12:00 658944 ----a-w- c:\windows\system32\wininet(3).dll 2006-10-23 15:17 . 2004-08-04 12:00 613888 ----a-w- c:\windows\system32\urlmon(3).dll 2006-10-23 15:17 . 2004-08-04 12:00 474112 ----a-w- c:\windows\system32\shlwapi(3).dll 2006-10-23 15:17 . 2004-08-04 12:00 1022976 ----a-w- c:\windows\system32\browseui(2).dll 2006-04-25 05:51 . 2003-03-19 04:20 1060864 ----a-w- c:\windows\system32\MFC71.DLL 2006-04-25 05:51 . 2003-02-21 11:42 348160 ----a-w- c:\windows\system32\MSVCR71.DLL 2005-09-29 22:02 . 2005-09-29 22:02 359808 ----a-w- c:\windows\system32\drivers\TCPIP.SYS.ORIGINAL 2004-10-27 13:24 . 2004-10-27 13:24 223104 ----a-w- c:\windows\system32\drivers\yk51x86.sys . ((((((((((((((((((((((((((((( SnapShot@2005-01-08_10.44.41 ))))))))))))))))))))))))))))))))))))))))) . + 2005-01-09 02:38 . 2005-01-09 02:38 16384 c:\windows\temp\Perflib_Perfdata_4d4.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ResChanger 2005"="c:\program files\ResChanger 2005\ResChanger2005.exe" [2005-05-26 885248] "LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2005-11-09 36864] "DAEMON Tools Lite"="c:\program files\DAEMON Tools\daemon.exe" [2007-12-15 482760] "Google Update"="c:\documents and settings\Aaron\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-03-18 136176] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-07-21 7110656] "nwiz"="nwiz.exe" [2005-07-21 1519616] "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2004-12-10 49152] "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112] "CTSysVol"="c:\program files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe" [2003-09-17 57344] "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 221184] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 81920] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792] "ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2010-06-23 1043968] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-24 421160] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-07-21 86016] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-04 44544] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2005-11-9 196608] Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2005-9-11 434176] Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0sprestrt [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Soulseek\\slsk.exe"= "c:\\StubInstaller.exe"= "c:\\Documents and Settings\\Aaron\\Desktop\\Emulator\\SNES\\zsnesw.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"= "c:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"= "c:\\Program Files\\EA GAMES\\Battlefield 2\\bf2_w32ded.exe"= "c:\\Documents and Settings\\Aaron\\Desktop\\utorrent.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Last.fm\\LastFM.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\SoulseekNS\\slsk.exe"= "c:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= S0 cduqo;cduqo; [x] S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2/16/2007 5:22 PM 715248] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/7/2010 10:28 AM 135664] S3 nosGetPlusHelper;getPlus

ComboFix 10-12-09.04 - Aaron 01/08/2005 13:08:04.5.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2047.1723 [GMT -7:00] Running from: c:\documents and settings\Aaron\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Aaron\Desktop\CFScript.txt FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B} . ((((((((((((((((((((((((( Files Created from 2004-12-08 to 2005-01-08 ))))))))))))))))))))))))))))))) . 2010-11-29 20:49 . 2010-11-29 20:49 -------- d-----w- C:\_OTL 2010-03-20 03:38 . 2010-03-20 03:38 -------- d-----w- C:\Linksys Driver 2009-02-05 06:26 . 2009-02-05 06:26 -------- d-----w- C:\fsaua.data 2008-06-28 12:20 . 2005-01-08 09:34 -------- d-----w- C:\$AVG8.VAULT$ 2007-09-14 20:45 . 2007-09-14 20:45 -------- d-----w- C:\NVIDIA 2007-02-28 22:00 . 2007-02-28 22:00 -------- d-----w- C:\Temp 2005-09-19 04:02 . 2005-09-19 04:03 -------- d-----w- C:\My Downloads 2005-09-15 17:54 . 2005-09-15 17:54 696320 ----a-w- C:\StubInstaller.exe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-08-07 02:24 . 2004-08-04 12:00 96480 ----a-w- c:\windows\system32\cdm.dll 2008-09-04 16:42 . 2004-08-04 12:00 1106944 ----a-w- c:\windows\system32\msxml3(2).dll 2008-04-14 00:11 . 2007-04-30 03:39 39424 ----a-w- c:\windows\apppatch\acadproc.dll 2006-10-23 15:17 . 2004-08-04 12:00 658944 ----a-w- c:\windows\system32\wininet(3).dll 2006-10-23 15:17 . 2004-08-04 12:00 613888 ----a-w- c:\windows\system32\urlmon(3).dll 2006-10-23 15:17 . 2004-08-04 12:00 474112 ----a-w- c:\windows\system32\shlwapi(3).dll 2006-10-23 15:17 . 2004-08-04 12:00 1022976 ----a-w- c:\windows\system32\browseui(2).dll 2006-04-25 05:51 . 2003-03-19 04:20 1060864 ----a-w- c:\windows\system32\MFC71.DLL 2006-04-25 05:51 . 2003-02-21 11:42 348160 ----a-w- c:\windows\system32\MSVCR71.DLL 2005-09-29 22:02 . 2005-09-29 22:02 359808 ----a-w- c:\windows\system32\drivers\TCPIP.SYS.ORIGINAL 2004-10-27 13:24 . 2004-10-27 13:24 223104 ----a-w- c:\windows\system32\drivers\yk51x86.sys . ((((((((((((((((((((((((((((( SnapShot@2005-01-08_10.44.41 ))))))))))))))))))))))))))))))))))))))))) . + 2005-01-08 20:07 . 2005-01-08 20:07 16384 c:\windows\temp\Perflib_Perfdata_244.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ResChanger 2005"="c:\program files\ResChanger 2005\ResChanger2005.exe" [2005-05-26 885248] "LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2005-11-09 36864] "DAEMON Tools Lite"="c:\program files\DAEMON Tools\daemon.exe" [2007-12-15 482760] "Google Update"="c:\documents and settings\Aaron\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-03-18 136176] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-07-21 7110656] "nwiz"="nwiz.exe" [2005-07-21 1519616] "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2004-12-10 49152] "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112] "CTSysVol"="c:\program files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe" [2003-09-17 57344] "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 221184] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 81920] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792] "ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2010-06-23 1043968] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-24 421160] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-07-21 86016] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-04 44544] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2005-11-9 196608] Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2005-9-11 434176] Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0sprestrt [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Soulseek\\slsk.exe"= "c:\\StubInstaller.exe"= "c:\\Documents and Settings\\Aaron\\Desktop\\Emulator\\SNES\\zsnesw.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"= "c:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"= "c:\\Program Files\\EA GAMES\\Battlefield 2\\bf2_w32ded.exe"= "c:\\Documents and Settings\\Aaron\\Desktop\\utorrent.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Last.fm\\LastFM.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\SoulseekNS\\slsk.exe"= "c:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= S0 cduqo;cduqo; [x] S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2/16/2007 5:22 PM 715248] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/7/2010 10:28 AM 135664] S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [8/4/2004 5:00 AM 14336] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper . Contents of the 'Scheduled Tasks' folder 2010-11-19 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34] 2005-01-08 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-12-01 00:44] 2005-01-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-07 17:27] 2010-11-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-07 17:27] 2010-11-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1454471165-1767777339-839522115-1004Core.job - c:\documents and settings\Aaron\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-05-29 02:36] 2010-11-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1454471165-1767777339-839522115-1004UA.job - c:\documents and settings\Aaron\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-05-29 02:36] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://www.google.com/keyword/%s IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000 Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll FF - ProfilePath - c:\documents and settings\Aaron\Application Data\Mozilla\Firefox\Profiles\fp88zdo1.default\ FF - prefs.js: browser.startup.homepage - google.com FF - HiddenExtension: XUL Cache: {CFE55696-EEEE-4BA7-8BBC-1EAF70550430} - c:\windows\system32\config\systemprofile\Local Settings\Application Data\{CFE55696-EEEE-4BA7-8BBC-1EAF70550430}\ FF - Extension: Download Statusbar: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} - c:\documents and settings\Aaron\Application Data\Mozilla\Firefox\Profiles\fp88zdo1.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} FF - Extension: FoxyTunes: {463F6CA5-EE3C-4be1-B7E6-7FEE11953374} - c:\documents and settings\Aaron\Application Data\Mozilla\Firefox\Profiles\fp88zdo1.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374} FF - Extension: StumbleUpon: {AE93811A-5C9A-4d34-8462-F7B864FC4696} - c:\documents and settings\Aaron\Application Data\Mozilla\Firefox\Profiles\fp88zdo1.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696} FF - Extension: FOXSCAPE: {da7f40f0-8675-11db-b606-0800200c9a66} - c:\documents and settings\Aaron\Application Data\Mozilla\Firefox\Profiles\fp88zdo1.default\extensions\{da7f40f0-8675-11db-b606-0800200c9a66} FF - Extension: BugMeNot: {987311C6-B504-4aa2-90BF-60CC49808D42} - c:\documents and settings\Aaron\Application Data\Mozilla\Firefox\Profiles\fp88zdo1.default\extensions\{987311C6-B504-4aa2-90BF-60CC49808D42} FF - Extension: User Agent Switcher: {e968fc70-8f95-4ab9-9e79-304de2a71ee1} - c:\documents and settings\Aaron\Application Data\Mozilla\Firefox\Profiles\fp88zdo1.default\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1} FF - Extension: YouTube to MP3: youtube2mp3@mondayx.de - c:\documents and settings\Aaron\Application Data\Mozilla\Firefox\Profiles\fp88zdo1.default\extensions\youtube2mp3@mondayx.de FF - Extension: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - c:\documents and settings\Aaron\Application Data\Mozilla\Firefox\Profiles\fp88zdo1.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} FF - Extension: Adobe DLM (powered by getPlus®): {E2883E8F-472F-4fb0-9522-AC9BF37916A7} - c:\documents and settings\Aaron\Application Data\Mozilla\Firefox\Profiles\fp88zdo1.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7} FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Extension: Java Console: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} FF - Extension: Java Console: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} FF - Extension: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} FF - Extension: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} FF - Extension: XUL Cache: {CFE55696-EEEE-4BA7-8BBC-1EAF70550430} - c:\windows\system32\config\systemprofile\Local Settings\Application Data\{CFE55696-EEEE-4BA7-8BBC-1EAF70550430} FF - Extension: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2005-01-08 13:16 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(820) c:\windows\System32\BCMLogon.dll . Completion time: 2005-01-08 13:19:43 ComboFix-quarantined-files.txt 2005-01-08 20:19 ComboFix2.txt 2005-01-08 10:47 Pre-Run: 62,445,613,056 bytes free Post-Run: 62,428,131,328 bytes free Current=1 Default=1 Failed=0 LastKnownGood=6 Sets=1,2,3,4,5,6 - - End Of File - - 1F4ED565E81E71E3D39FD628CA71A701

I forgot to plug in my slave before I ran combofix but here it is anyways: ComboFix 10-12-09.02 - Aaron 01/08/2005 3:36.4.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2047.1723 [GMT -7:00] Running from: c:\documents and settings\Aaron\Desktop\ComboFix.exe FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Aaron\Application Data\avdrn.dat c:\documents and settings\Aaron\Local Settings\Application Data\{BFBBF72C-A835-44DC-8618-00FCE64E359A} c:\documents and settings\Aaron\Local Settings\Application Data\{BFBBF72C-A835-44DC-8618-00FCE64E359A}\chrome.manifest c:\documents and settings\Aaron\Local Settings\Application Data\{BFBBF72C-A835-44DC-8618-00FCE64E359A}\chrome\content\_cfg.js c:\documents and settings\Aaron\Local Settings\Application Data\{BFBBF72C-A835-44DC-8618-00FCE64E359A}\chrome\content\c.js c:\documents and settings\Aaron\Local Settings\Application Data\{BFBBF72C-A835-44DC-8618-00FCE64E359A}\chrome\content\overlay.xul c:\documents and settings\Aaron\Local Settings\Application Data\{BFBBF72C-A835-44DC-8618-00FCE64E359A}\install.rdf c:\documents and settings\NetworkService\Application Data\svchost.exe c:\program files\microsoft\watermark.exe c:\windows\Downloaded Program Files\popcaploader.inf c:\windows\run.log c:\windows\system32\CmdLineExt.dll c:\windows\system32\config\systemprofile\Application Data\shire.bat c:\windows\system32\config\systemprofile\Application Data\svchost.exe c:\windows\system32\Data c:\windows\system32\dmlconf.dat c:\windows\system32\fjhdyfhsn.bat c:\windows\system32\qtplugin.exe . ((((((((((((((((((((((((( Files Created from 2004-12-08 to 2005-01-08 ))))))))))))))))))))))))))))))) . 2010-11-29 20:49 . 2010-11-29 20:49 -------- d-----w- C:\_OTL 2010-03-20 03:38 . 2010-03-20 03:38 -------- d-----w- C:\Linksys Driver 2009-02-05 06:26 . 2009-02-05 06:26 -------- d-----w- C:\fsaua.data 2008-06-28 12:20 . 2005-01-08 09:34 -------- d-----w- C:\$AVG8.VAULT$ 2007-09-14 20:45 . 2007-09-14 20:45 -------- d-----w- C:\NVIDIA 2007-02-28 22:00 . 2007-02-28 22:00 -------- d-----w- C:\Temp 2005-09-19 04:02 . 2005-09-19 04:03 -------- d-----w- C:\My Downloads 2005-09-15 17:54 . 2005-09-15 17:54 696320 ----a-w- C:\StubInstaller.exe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-08-07 02:24 . 2004-08-04 12:00 96480 ----a-w- c:\windows\system32\cdm.dll 2008-09-04 16:42 . 2004-08-04 12:00 1106944 ----a-w- c:\windows\system32\msxml3(2).dll 2008-04-14 00:11 . 2007-04-30 03:39 39424 ----a-w- c:\windows\apppatch\acadproc.dll 2006-10-23 15:17 . 2004-08-04 12:00 658944 ----a-w- c:\windows\system32\wininet(3).dll 2006-10-23 15:17 . 2004-08-04 12:00 613888 ----a-w- c:\windows\system32\urlmon(3).dll 2006-10-23 15:17 . 2004-08-04 12:00 474112 ----a-w- c:\windows\system32\shlwapi(3).dll 2006-10-23 15:17 . 2004-08-04 12:00 1022976 ----a-w- c:\windows\system32\browseui(2).dll 2006-04-25 05:51 . 2003-03-19 04:20 1060864 ----a-w- c:\windows\system32\MFC71.DLL 2006-04-25 05:51 . 2003-02-21 11:42 348160 ----a-w- c:\windows\system32\MSVCR71.DLL 2005-09-29 22:02 . 2005-09-29 22:02 359808 ----a-w- c:\windows\system32\drivers\TCPIP.SYS.ORIGINAL 2004-10-27 13:24 . 2004-10-27 13:24 223104 ----a-w- c:\windows\system32\drivers\yk51x86.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ResChanger 2005"="c:\program files\ResChanger 2005\ResChanger2005.exe" [2005-05-26 885248] "LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2005-11-09 36864] "DAEMON Tools Lite"="c:\program files\DAEMON Tools\daemon.exe" [2007-12-15 482760] "Google Update"="c:\documents and settings\Aaron\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-03-18 136176] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-07-21 7110656] "nwiz"="nwiz.exe" [2005-07-21 1519616] "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2004-12-10 49152] "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112] "CTSysVol"="c:\program files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe" [2003-09-17 57344] "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 221184] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 81920] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792] "ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2010-06-23 1043968] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-24 421160] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-07-21 86016] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-04 44544] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2005-11-9 196608] Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2005-9-11 434176] Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0sprestrt [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Soulseek\\slsk.exe"= "c:\\StubInstaller.exe"= "c:\\Documents and Settings\\Aaron\\Desktop\\Emulator\\SNES\\zsnesw.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"= "c:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"= "c:\\Program Files\\EA GAMES\\Battlefield 2\\bf2_w32ded.exe"= "c:\\Documents and Settings\\Aaron\\Desktop\\utorrent.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Last.fm\\LastFM.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\SoulseekNS\\slsk.exe"= "c:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= S0 cduqo;cduqo; [x] S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2/16/2007 5:22 PM 715248] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/7/2010 10:28 AM 135664] S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [8/4/2004 5:00 AM 14336] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper . Contents of the 'Scheduled Tasks' folder 2010-11-19 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34] 2005-01-08 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-12-01 00:44] 2005-01-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-07 17:27] 2010-11-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-07 17:27] 2010-11-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1454471165-1767777339-839522115-1004Core.job - c:\documents and settings\Aaron\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-05-29 02:36] 2010-11-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1454471165-1767777339-839522115-1004UA.job - c:\documents and settings\Aaron\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-05-29 02:36] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://www.google.com/keyword/%s IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000 Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll FF - ProfilePath - c:\documents and settings\Aaron\Application Data\Mozilla\Firefox\Profiles\fp88zdo1.default\ FF - prefs.js: browser.startup.homepage - google.com FF - component: c:\documents and settings\Aaron\Application Data\Mozilla\Firefox\Profiles\fp88zdo1.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}\platform\WINNT\components\FoxyTunes.dll FF - plugin: c:\documents and settings\Aaron\Application Data\Mozilla\Firefox\Profiles\fp88zdo1.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll FF - plugin: c:\documents and settings\Aaron\Local Settings\Application Data\Google\Update\1.2.183.39\npGoogleOneClick8.dll FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\NPAdbESD.dll FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin8.dll FF - HiddenExtension: XUL Cache: {CFE55696-EEEE-4BA7-8BBC-1EAF70550430} - c:\windows\system32\config\systemprofile\Local Settings\Application Data\{CFE55696-EEEE-4BA7-8BBC-1EAF70550430}\ FF - Extension: Download Statusbar: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} - c:\documents and settings\Aaron\Application Data\Mozilla\Firefox\Profiles\fp88zdo1.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} FF - Extension: FoxyTunes: {463F6CA5-EE3C-4be1-B7E6-7FEE11953374} - c:\documents and settings\Aaron\Application Data\Mozilla\Firefox\Profiles\fp88zdo1.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374} FF - Extension: StumbleUpon: {AE93811A-5C9A-4d34-8462-F7B864FC4696} - c:\documents and settings\Aaron\Application Data\Mozilla\Firefox\Profiles\fp88zdo1.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696} FF - Extension: FOXSCAPE: {da7f40f0-8675-11db-b606-0800200c9a66} - c:\documents and settings\Aaron\Application Data\Mozilla\Firefox\Profiles\fp88zdo1.default\extensions\{da7f40f0-8675-11db-b606-0800200c9a66} FF - Extension: BugMeNot: {987311C6-B504-4aa2-90BF-60CC49808D42} - c:\documents and settings\Aaron\Application Data\Mozilla\Firefox\Profiles\fp88zdo1.default\extensions\{987311C6-B504-4aa2-90BF-60CC49808D42} FF - Extension: User Agent Switcher: {e968fc70-8f95-4ab9-9e79-304de2a71ee1} - c:\documents and settings\Aaron\Application Data\Mozilla\Firefox\Profiles\fp88zdo1.default\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1} FF - Extension: YouTube to MP3: youtube2mp3@mondayx.de - c:\documents and settings\Aaron\Application Data\Mozilla\Firefox\Profiles\fp88zdo1.default\extensions\youtube2mp3@mondayx.de FF - Extension: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - c:\documents and settings\Aaron\Application Data\Mozilla\Firefox\Profiles\fp88zdo1.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} FF - Extension: Adobe DLM (powered by getPlus®): {E2883E8F-472F-4fb0-9522-AC9BF37916A7} - c:\documents and settings\Aaron\Application Data\Mozilla\Firefox\Profiles\fp88zdo1.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7} FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Extension: Java Console: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} FF - Extension: Java Console: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} FF - Extension: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} FF - Extension: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} FF - Extension: XUL Cache: {CFE55696-EEEE-4BA7-8BBC-1EAF70550430} - c:\windows\system32\config\systemprofile\Local Settings\Application Data\{CFE55696-EEEE-4BA7-8BBC-1EAF70550430} FF - Extension: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff . - - - - ORPHANS REMOVED - - - - Notify-avgrsstarter - avgrsstx.dll AddRemove-HijackThis - c:\documents and settings\Aaron\Desktop\HijackThis.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2005-01-08 03:44 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(820) c:\windows\System32\BCMLogon.dll . Completion time: 2005-01-08 03:47:57 ComboFix-quarantined-files.txt 2005-01-08 10:47 Pre-Run: 62,468,239,360 bytes free Post-Run: 62,495,895,552 bytes free WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect Current=1 Default=1 Failed=0 LastKnownGood=6 Sets=1,2,3,4,5,6 - - End Of File - - 980D4DD3E6441B2BCE87405A32431460

So combofix is requesting I uninstall AVG 8.5. But when I try to uninstall it via control panel, I get the following error: Action Failed for registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows: creating registry key... error 0x80070005 It wn't let me uninstall it. Also that list of programs to deactivate didn't include Zonealarms. Do I need to deactivate it? How?

I'l have to do this when I get back from work. Can it be done from safe mode? my computer was chugging pretty hard.

Success!!! At Last!!! So good to see my desktop again But we still have work to do. AVG greeted me with a "Multiple Threat Detections" alert. It found the following Trojan Horse: PSW.Generic8.AIXY (found 4 of these) FakeAV.FUT I simply turned off the computer without taking action on these infections and await your direction. Would now be a good time to plug the "slave" HDD back in?

I can't seem to find those drivers on that disk. Anywhere else I can get 'em? Is that last link I provided good? What about this one: http://www.nvidia.com/object/nforce_nf4_winxp2k_6.53 It's looking fr nvenetfd.inf and nvenetfd.in_

Longest repair install ever Now it wants "Some files on NVIDIA Network Bus installation Disk #1" Would those be on my "NVIDIA nForce4 Series Utility CD" or do I need to get them from this:http://www.soft32.com/download_183252.html

Well I did the repair. I got a message saying something along the lines of "Windows had previously tried a repair install but it was incomplete." My options were to retry a repair install, escape, or maybe a fresh install. I should have consulted with you before choosing but my impatience got the best of me and I chose to retry the repair install. Now I'm at this screen: http://www.ianneubert.com/wp/wp-content/up...-xp-install.jpg I don't remember this screen from previous repair installs and I just wanted to make absolutely sure that I am on the correct path? Also I would like to get a couple word documents off the sick PC and was wondering if I should just wait or if I could get them with xPUD or BartPE.

your gonna have to provide more detail here. Should I disable "IDE/SATA RAID function" in Integrated Peripherals? What are "slipstreamed SATA Drivers? Where would I get them? You are remembering that I did a repair install of windows previously, Yes?