Hello, I have had this irritating problem go on for a while, and I am not sure what it is. My search results on google (or even yahoo) get re-directed about 70% of the time to some site called “copy-book.com”. Now I thought it was just my computer, but we have 3 computers all connected to the same internet (one being a mac) and this problem happens on all 3. I have also had a problem with pop-ups as of late, on some sites pop-ups will just get through my firefox pop-up blocker, not sure why, but it never happened before.

I have windows vista home premium on my HP M8100N multimedia pc. I would really appreciate some help, I am not sure if my computer is safe while this irritating problem is still there. I have the following programs for protection and cleaning of my computer: CCleaner, Spybot - Search & Destroy, HiJack This, Malwarebytes' Anti-Malware, Ad-Aware, and avast! Antivirus. I am also having troubles updating Windows defender and Windows in general, and have read that they could be linked. Lastly, when I have done scans of my computer with Search and Destroy as well as with Malwarebytes' Anti-Malware, they keep finding Zlob. but every time I fix it and re-scan, it comes back.

Here is the Hijack this log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:25:21 AM, on 15/08/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\MagicTune Premium\MagicTuneEngine.exe
C:\Program Files\Common Files\logishrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Webroot\Washer\wwDisp.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\MagicTune Premium\GammaTray.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\MagicTune Premium\MagicTune.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\hp\kbd\kbd.exe
C:\Windows\system32\conime.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Last.fm\LastFM.exe
C:\Windows\system32\taskeng.exe
C:\Windows\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Trend Micro\HijackThis\Crusty.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [MagicTuneEngine] C:\Program Files\MagicTune Premium\MagicTuneEngine.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [HPADVISOR] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
O4 - Global Startup: GammaTray.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD44/JSCDL/jd...ows-i586-jc.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files\Webroot\Washer\WasherSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 11833 bytes

This post has been edited by Michael_888: Aug 15 2008, 12:48 PM

Hi there and sorry for the delay. I would like a deeper look at your system

As a Vista user I will require that all the programmes I ask you to run, be run by right clicking the icon and selecting Run as Administrator. Otherwise some programmes may fail to do their job properly

Download OTScanit to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.

• Close ALL OTHER PROGRAMS.
• Open the OTScanit folder and double-click on OTScanit.exe to start the program.
• Check the box that says Scan All User Accounts
• Check the Radio buttons for Files/Folders Created Within 90 Days and Files/Folders Modified Within 90 Days
• Under Additional Scans check the following:
  • Reg - BotCheck
    
  • File - Additional Folder Scans
    
  • File - Purity Scan
• Now click the Run Scan button on the toolbar.
• Let it run unhindered until it finishes.
• When the scan is complete Notepad will open with the report file loaded in it.
• Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.

Please attach the log in your next post.

To attach a file, do the following:

• Click Add Reply
• Under the reply panel is the Attachments Panel
• Browse for the attachment file you want to upload, then click the green Upload button
• Once it has uploaded, click the Manage Current Attachments drop down box
• Click on to insert the attachment into your post

Thank you very much for the replay. I hope we can resolve this issue.

Hmm nothing jumps out at me from that so I would like to run a general purpose scanner to see what that shows

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Thanks for the replay again, here is the Malwarebytes Log:

Malwarebytes' Anti-Malware 1.25
Database version: 1062
Windows 6.0.6001 Service Pack 1

13:54:53 22/08/2008
mbam-log-08-22-2008 (13-54-53).txt

Scan type: Quick Scan
Objects scanned: 45228
Time elapsed: 2 minute(s), 20 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 4
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.114.4 85.255.112.73 64.59.144.92 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{fcb267f2-7ab8-4ea5-9763-8563732e01b6}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.114.4 85.255.112.73 64.59.144.92 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.114.4 85.255.112.73 64.59.144.92 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{fcb267f2-7ab8-4ea5-9763-8563732e01b6}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.114.4 85.255.112.73 64.59.144.92 -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

I just want to note that I have run this scan multiple times on this PC as well as restarted as a result, but every time I do these same infections always seem to return. The number of them changes from 6 infections to 4, depending, but it’s always the same infection.

OK that shows a wareout infection although there is no evidence on the Hijackthis log... So lets use a specialist tool

Please download FixWareout from here:
http://downloads.subratam.org/Fixwareout.exe

Save it to your desktop and run it. Click Next, then Install, make sure "Run fixit" is checked and click Finish.
The fix will begin; follow the prompts. If your firewall gives an alert, (because this tool will download an additional file from the internet), please don't let your firewall block it, but allow it instead.
Then you will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.
Once the desktop loads please post the text that will open (report.txt) and a new Hijackthis log

It has told me I have an unsupported Windows Version, what should I do?

Wareout should work on Vista

OK lets try another tool

As a Vista user ignore the references to recovery console

Please visit this web page for instructions for downloading and running ComboFix

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

This includes installing the Windows XP Recovery Console in case you have not installed it yet. It is imperative that you install this as it will enable a system recovery in the event of problems

For more information on the Windows XP Recovery Console read http://support.microsoft.com/kb/314058.

Once you install the Recovery Console, when you reboot your computer, you'll see the option for the Recovery Console now as well. Don't select Recovery Console as we don't need it. By default, your main OS is selected there. The screen stays for 2 seconds and then it proceeds to load Windows. That is normal.

Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.

Here is the ComboFix log:

ComboFix 08-08-21.02 - User 2008-08-23 12:13:11.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1936 [GMT -7:00]
Running from: C:\Users\User\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2008-07-23 to 2008-08-23 )))))))))))))))))))))))))))))))
.

2008-08-22 16:18 . 2008-08-23 11:21 <DIR> d-------- C:\fixwareout
2008-08-22 02:40 . 2008-08-22 16:27 5,374 --a------ C:\Windows\System32\tmp.reg
2008-08-22 02:38 . 2008-08-21 23:41 87,552 --a------ C:\Windows\System32\AntiXPVSTFix.exe
2008-08-20 06:27 . 2008-08-20 06:27 247,076,469 --a------ C:\Windows\MEMORY.DMP
2008-08-19 17:31 . 2008-08-19 17:31 <DIR> d-------- C:\Windows\Sun
2008-08-17 23:50 . 2008-07-15 18:32 2,048 --a------ C:\Windows\System32\tzres.dll
2008-08-17 16:16 . 2008-06-26 18:55 1,383,424 --a------ C:\Windows\System32\mshtml.tlb
2008-08-17 16:16 . 2008-06-26 21:15 827,392 --a------ C:\Windows\System32\wininet.dll
2008-08-17 16:16 . 2008-06-18 20:31 361,984 --a------ C:\Windows\System32\IPSECSVC.DLL
2008-08-17 16:16 . 2008-04-17 22:48 269,312 --a------ C:\Windows\System32\es.dll
2008-08-17 16:15 . 2008-04-09 22:12 738,304 --a------ C:\Windows\System32\inetcomm.dll
2008-08-15 01:21 . 2008-08-17 15:01 38,472 --a------ C:\Windows\System32\drivers\mbamswissarmy.sys
2008-08-13 14:59 . 2008-08-14 00:16 <DIR> d-------- C:\Users\User\AppData\Roaming\SmartDraw
2008-08-13 14:57 . 2008-08-23 11:51 <DIR> d-------- C:\Program Files\SmartDraw 2008
2008-08-12 00:41 . 2008-08-12 00:41 <DIR> d-------- C:\Users\User\AppData\Roaming\CANON INC
2008-08-12 00:41 . 2008-08-20 18:52 <DIR> d-------- C:\Users\User\AppData\Roaming\CameraWindowDC
2008-08-12 00:40 . 2008-08-12 00:40 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2008-08-12 00:39 . 2008-08-20 18:52 <DIR> d-------- C:\Users\User\AppData\Roaming\ZoomBrowser EX
2008-08-12 00:22 . 2008-08-12 00:22 <DIR> d-------- C:\Users\All Users\ZoomBrowser
2008-08-12 00:22 . 2008-08-12 00:22 <DIR> d-------- C:\ProgramData\ZoomBrowser
2008-08-12 00:22 . 2008-08-12 00:22 <DIR> d-------- C:\Program Files\Canon
2008-08-12 00:20 . 2008-08-12 00:20 <DIR> d-------- C:\Program Files\Common Files\Canon
2008-08-05 17:24 . 2008-08-05 17:24 <DIR> d-------- C:\Program Files\Apple Software Update
2008-07-30 20:40 . 2008-07-30 20:40 <DIR> d-------- C:\Program Files\iPod
2008-07-23 09:26 . 2008-06-25 18:45 12,240,896 --a------ C:\Windows\System32\NlsLexicons0007.dll
2008-07-23 09:26 . 2008-06-25 18:45 2,644,480 --a------ C:\Windows\System32\NlsLexicons0009.dll
2008-07-23 09:25 . 2008-06-25 20:29 801,280 --a------ C:\Windows\System32\NaturalLanguage6.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-22 23:27 691 ----a-w C:\Users\User\AppData\Roaming\GetValue.vbs
2008-08-22 23:27 35 ----a-w C:\Users\User\AppData\Roaming\SetValue.bat
2008-08-21 03:20 --------- d-----w C:\Users\User\AppData\Roaming\uTorrent
2008-08-20 07:47 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-08-19 20:18 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-08-19 20:15 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
2008-08-19 01:21 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
2008-08-18 13:32 --------- d-----w C:\Program Files\Common Files\muvee Technologies
2008-08-18 06:50 --------- d-----w C:\ProgramData\Microsoft Help
2008-08-18 06:48 --------- d-----w C:\Program Files\Windows Mail
2008-08-18 02:32 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-18 02:32 --------- d---a-w C:\ProgramData\TEMP
2008-08-18 02:30 --------- d-----w C:\Program Files\Panda Security
2008-08-17 22:01 17,144 ----a-w C:\Windows\system32\drivers\mbam.sys
2008-07-31 03:40 --------- d-----w C:\Program Files\iTunes
2008-07-19 14:36 51,280 ----a-w C:\Windows\system32\drivers\aswMonFlt.sys
2008-07-14 03:11 --------- d-----w C:\Users\User\AppData\Roaming\Skype
2008-07-14 02:36 --------- d-----w C:\Program Files\Common Files\Skype
2008-07-14 02:34 --------- d-----w C:\Users\User\AppData\Roaming\skypePM
2008-07-14 02:33 --------- d-----w C:\Program Files\Yahoo!
2008-07-14 01:42 --------- d-----w C:\Program Files\CCleaner
2008-07-14 01:40 --------- d-----w C:\Program Files\Common Files\Webroot Shared
2008-07-13 23:58 --------- d-----w C:\Program Files\Lavasoft
2008-07-13 23:45 --------- d-----w C:\Program Files\Java
2008-07-11 00:57 --------- d-----w C:\Program Files\Bonjour
2008-07-11 00:56 --------- d-----w C:\Program Files\QuickTime
2008-07-02 20:33 82,432 ----a-w C:\Windows\System32\IEDFix.C.exe
2008-06-29 01:07 0 ---ha-w C:\Windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-06-28 02:03 --------- d-----w C:\ProgramData\NVIDIA
2008-06-28 01:29 174 --sha-w C:\Program Files\desktop.ini
2008-06-28 01:23 --------- d-----w C:\Program Files\Windows Sidebar
2008-06-28 01:23 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-06-28 01:23 --------- d-----w C:\Program Files\Windows Journal
2008-06-28 01:23 --------- d-----w C:\Program Files\Windows Defender
2008-06-28 01:23 --------- d-----w C:\Program Files\Windows Collaboration
2008-06-28 01:23 --------- d-----w C:\Program Files\Windows Calendar
2008-06-28 01:10 82,432 ----a-w C:\Windows\System32\axaltocm.dll
2008-06-28 01:10 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
2008-06-28 00:49 47,560 ----a-w C:\Windows\System32\SPReview.exe
2008-06-28 00:49 152,576 ----a-w C:\Windows\System32\SPWizUI.dll
2008-06-24 02:50 --------- d-----w C:\Users\User\AppData\Roaming\Malwarebytes
2008-06-24 02:50 --------- d-----w C:\ProgramData\Malwarebytes
2008-06-12 05:28 541,696 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-05-30 23:22 823,296 ----a-w C:\Windows\System32\divx_xx0c.dll
2008-05-30 23:22 823,296 ----a-w C:\Windows\System32\divx_xx07.dll
2008-05-30 23:22 815,104 ----a-w C:\Windows\System32\divx_xx0a.dll
2008-05-30 23:22 802,816 ----a-w C:\Windows\System32\divx_xx11.dll
2008-05-30 23:22 683,520 ----a-w C:\Windows\System32\DivX.dll
2008-05-30 23:22 593,920 ----a-w C:\Windows\System32\dpuGUI11.dll
2008-05-30 23:22 57,344 ----a-w C:\Windows\System32\dpv11.dll
2008-05-30 23:22 53,248 ----a-w C:\Windows\System32\dpuGUI10.dll
2008-05-30 23:22 344,064 ----a-w C:\Windows\System32\dpus11.dll
2008-05-30 23:22 294,912 ----a-w C:\Windows\System32\dpu11.dll
2008-05-30 23:22 294,912 ----a-w C:\Windows\System32\dpu10.dll
2008-05-29 16:35 86,528 ----a-w C:\Windows\System32\VACFix.exe
2008-05-24 01:21 81,920 ----a-w C:\Windows\System32\404Fix.exe
2008-03-15 06:43 32 ----a-w C:\Users\All Users\ezsid.dat
2008-03-15 06:43 32 ----a-w C:\ProgramData\ezsid.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-18 23:33 125952]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-18 23:33 1233920]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 12:34 5724184]
"Window Washer"="C:\Program Files\Webroot\Washer\wwDisp.exe" [2007-11-26 15:47 1206600]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-03-14 04:55 486856]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-18 23:33 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2006-09-28 06:42 65536]
"KBD"="C:\HP\KBD\KbdStub.EXE" [2006-12-08 09:16 65536]
"OsdMaestro"="C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 03:59 118784]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2007-08-31 13:01 1037736]
"itype"="C:\Program Files\Microsoft IntelliType Pro\itype.exe" [2006-11-21 18:08 813912]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"XboxStat"="C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2007-09-26 19:05 734264]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 18:38 583048]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 07:38 78008]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 16:24 54840]
"MagicTuneEngine"="C:\Program Files\MagicTune Premium\MagicTuneEngine.exe" [2008-02-06 10:52 69632]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 16:33 563984]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [2007-10-25 16:37 2178832]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-12-18 20:55 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-12-18 20:55 8530464]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-12-18 20:55 81920]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 09:47 116040]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 10:50 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-30 10:47 289064]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-15 11:26 4874240 C:\Windows\RtHDVCpl.exe]

C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Yahoo! Widgets.lnk - C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe [2007-12-11 15:34:48 3746856]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
GammaTray.lnk - C:\Program Files\MagicTune Premium\GammaTray.exe [2008-05-03 11:41:43 36864]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2008-04-28 11:20:00 415072]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= divxa32.acm
"VIDC.XFR1"= xfcodec.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001
"AntiVirusDisableNotify"="0x00000000"
"UpdatesDisableNotify"="0x00000000"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{8CA92B35-FBCB-4FDA-B51E-83DA290A9E50}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{592FCEC0-5FE8-44AB-918A-A7C6CE442277}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{6C01A786-CE67-4B67-91B2-05491D0843A8}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{E9F38940-8300-41FF-A3BE-78CA77025B7E}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{98F3DD6B-2856-4990-AF39-05F87FAF6AC2}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{ECC437B6-2948-40BC-B229-CF308DEFAFA9}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{9AB4DE16-5BD0-4B5E-BBB6-14742A4C296B}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{0A01282E-F361-4989-9B96-4DE2162F027F}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{07DB054C-D258-4DB9-80D0-67E83F30BF5D}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{E198CF6C-CFEA-41F7-B1B4-E1121D5EC13F}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{0BF1A14C-15DE-4EC1-ABD0-C79E281AB93F}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{67766609-A156-4501-BF73-DD5FBABC0382}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{648D6A62-852F-45D8-B6FC-AFCCE0A59C4B}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{FC05C64B-B2F2-4386-857D-8138FAD67367}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{823CCF46-F698-4577-AAB0-3C581F86C05D}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{0B347163-CE09-4B65-9816-9ABFE6EF7C85}C:\\program files\\magictune premium\\magictune.exe"= UDP:C:\program files\magictune premium\magictune.exe:MagicTune
"UDP Query User{5EA80459-018B-40BD-9A0B-BAD8A417A752}C:\\program files\\magictune premium\\magictune.exe"= TCP:C:\program files\magictune premium\magictune.exe:MagicTune
"TCP Query User{A8DB55FC-948C-4422-BAF3-AD7D9600EC1B}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{EF93B243-DB8A-41BE-8D26-B70865101E19}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{2D1601DD-3939-4F3E-A34C-D0DB5BE4391D}C:\\program files\\skype\\phone\\skype.exe"= UDP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"UDP Query User{BB5504C5-7E8A-4B00-A7D6-A747686F9FB0}C:\\program files\\skype\\phone\\skype.exe"= TCP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"TCP Query User{3069A348-C9DA-4718-9160-9FB2429FE571}C:\\program files\\joost\\xulrunner\\tvprunner.exe"= UDP:C:\program files\joost\xulrunner\tvprunner.exe:tvprunner
"UDP Query User{64A2B05D-D1F3-4CD9-BFC8-1EF942DF1213}C:\\program files\\joost\\xulrunner\\tvprunner.exe"= TCP:C:\program files\joost\xulrunner\tvprunner.exe:tvprunner
"{44888291-2B3E-47C3-BA09-CAD3FB5BB28C}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{5D8714AF-1859-472E-A348-29ECD322C1DB}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{3D30A54E-42C7-4C15-B35D-75C83DA207AD}"= C:\Program Files\Skype\Phone\Skype.exe:Skype
"{4E6725CF-BFDE-4A6B-A0F2-24D9D5965677}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{5C4309E0-DBCF-4562-B2BA-D9A797A50BBE}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{F6A2433C-8B9F-45A5-805E-E3850105E8DE}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{A1712A92-EE90-47FF-97C1-48F02BFB571B}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (UDP-In)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"= C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink

R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-07-19 07:35]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-07-19 07:37]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-07-19 07:36]
R3 hcw18bda;Hauppauge WinTV 418 Driver;C:\Windows\system32\drivers\hcw18bda.sys [2007-04-18 17:30]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{faea5825-cba4-11dc-9d27-001bb9722339}]
\shell\AutoRun\command - L:\SETUP.EXE
\shell\configure\command - L:\SETUP.EXE
\shell\install\command - L:\SETUP.EXE

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-HPADVISOR - C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\7dzusmbw.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.ca/
FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npyaxmpb.dll
FF -: plugin - C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll
FF -: plugin - C:\Program Files\VistaCodecPack\rm\browser\plugins\nppl3260.dll
FF -: plugin - C:\Program Files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-23 13:04:54
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-08-23 13:42:18
ComboFix-quarantined-files.txt 2008-08-23 20:38:20

Pre-Run: 362,167,574,528 bytes free
Post-Run: 363,999,289,344 bytes free

224 --- E O F --- 2008-08-20 07:47:22

Hmm nothing showing there - so I will flush your DNS first and then do an online scan

1. Click the Microsoft Vista Start logo in the bottom left corner of the screen
2. Click All Programs
3. Click Accessories
4. RIGHT-click on Command Prompt
5. Select Run As Administrator
6. In the command window type the following and then hit enter: ipconfig /flushdns (note the space between g and / )
7. You will see the following confirmation:

THEN

Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe

• Doubleclick the drweb-cureit.exe file and Allow to run the express scan
• This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
• Once the short scan has finished, mark the drives that you want to scan.
• Select all drives. A red dot shows which drives have been chosen.
• Click the green arrow at the right, and the scan will start.
• Click 'Yes to all' if it asks if you want to cure/move the file.
• When the scan has finished, in the menu, click file and choose save report list
• Save the report to your desktop. The report will be called DrWeb.csv
• Close Dr.Web Cureit.

Here is the log file for the drweb-cureit program:

data032\data002;D:\hp\apps\APP25627\src\install\games\cakemania-setup.exe\data032;Adware.SpywareStorm;;
data032;D:\hp\apps\APP25627\src\install\games\cakemania-setup.exe;Archive contains infected objects;;
cakemania-setup.exe;D:\hp\apps\APP25627\src\install\games;Archive contains infected objects;Moved.;
6D952C06d01\327882R2FWJFW\List-C.bat;C:\Documents and Settings\User\AppData\Local\Application Data\Mozilla\Firefox\Profiles\7dzusmbw.default\Cache\6D952C06d01;Probably BATCH.Virus;;
6D952C06d01\327882R2FWJFW\psexec.cfexe;C:\Documents and Settings\User\AppData\Local\Application Data\Mozilla\Firefox\Profiles\7dzusmbw.default\Cache\6D952C06d01;Program.PsExec.171;;
6D952C06d01;C:\Documents and Settings\User\AppData\Local\Application Data\Mozilla\Firefox\Profiles\7dzusmbw.default\Cache;Archive contains infected objects;Moved.;
ComboFix.exe\327882R2FWJFW\List-C.bat;C:\Documents and Settings\User\Desktop\ComboFix.exe;Probably BATCH.Virus;;
ComboFix.exe\327882R2FWJFW\psexec.cfexe;C:\Documents and Settings\User\Desktop\ComboFix.exe;Program.PsExec.171;;
ComboFix.exe;C:\Documents and Settings\User\Desktop;Archive contains infected objects;Moved.;
SmitfraudFix.exe\SmitfraudFix\Process.exe;C:\Documents and Settings\User\Desktop\SmitfraudFix.exe;Tool.Prockill;;
SmitfraudFix.exe\SmitfraudFix\restart.exe;C:\Documents and Settings\User\Desktop\SmitfraudFix.exe;Tool.ShutDown.11;;
SmitfraudFix.exe;C:\Documents and Settings\User\Desktop;Archive contains infected objects;Moved.;
data002\\Trgtdir\mmInstall.dll;C:\Documents and Settings\User\Desktop\Davis Stuff\Homework\Marin