[Active] Spyware;monster.fx.wild

Salibu · 15th March 2009

Hello you guys have been so great in the past to help and now I need it again. I think I have a virus not sure but my computer restarts itself over and over and when it shuts off to restart it has a blue screen and says Spyware;monster.fx.wild-0x00000000 I cant even run a virus scan it shuts down

**Aaflac** · 19th March 2009

Welcome back to WIndows BBS, Salibu!!

Please follow these instructions and post the reports requested in your reply.

Thanks!!

Salibu · 20th March 2009

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-03-16.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 6/27/2006 5:55:45 AM
System Uptime: 3/19/2009 6:22:54 PM (1 hours ago)

Motherboard: Dell Computer Corporation | | 07W080
Processor: Intel(R) Pentium(R) 4 CPU 1.80GHz | Socket 478 | 1794/400mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 149 GiB total, 121.222 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is Removable

==== Disabled Device Manager Items =============

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: PCI Simple Communications Controller
Device ID: PCI\VEN_14F1&DEV_2702&SUBSYS_8D881028&REV_01\4&1A671D0C&0&30F0
Manufacturer:
Name: PCI Simple Communications Controller
PNP Device ID: PCI\VEN_14F1&DEV_2702&SUBSYS_8D881028&REV_01\4&1A671D0C&0&30F0
Service:

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Ethernet Controller
Device ID: PCI\VEN_14E4&DEV_4401&SUBSYS_81271028&REV_01\4&1A671D0C&0&48F0
Manufacturer:
Name: Ethernet Controller
PNP Device ID: PCI\VEN_14E4&DEV_4401&SUBSYS_81271028&REV_01\4&1A671D0C&0&48F0
Service:

==== System Restore Points ===================

RP179: 12/8/2008 8:48:54 PM - System Checkpoint
RP180: 12/9/2008 9:48:56 PM - System Checkpoint
RP181: 12/10/2008 10:23:50 PM - System Checkpoint
RP182: 12/11/2008 3:00:29 AM - Software Distribution Service 3.0
RP183: 12/12/2008 3:12:46 AM - System Checkpoint
RP184: 12/13/2008 3:17:25 AM - System Checkpoint
RP185: 12/14/2008 4:06:53 AM - System Checkpoint
RP186: 12/15/2008 4:28:45 AM - System Checkpoint
RP187: 12/16/2008 5:28:45 AM - System Checkpoint
RP188: 12/17/2008 6:28:45 AM - System Checkpoint
RP189: 12/18/2008 3:00:15 AM - Software Distribution Service 3.0
RP190: 12/19/2008 3:10:38 AM - System Checkpoint
RP191: 12/20/2008 3:39:33 AM - System Checkpoint
RP192: 12/21/2008 4:10:38 AM - System Checkpoint
RP193: 12/22/2008 4:30:54 AM - System Checkpoint
RP194: 12/23/2008 5:30:54 AM - System Checkpoint
RP195: 12/24/2008 6:48:14 AM - System Checkpoint
RP196: 12/25/2008 7:30:55 AM - System Checkpoint
RP197: 12/26/2008 7:48:01 AM - System Checkpoint
RP198: 12/27/2008 8:30:42 AM - System Checkpoint
RP199: 12/28/2008 8:31:47 AM - System Checkpoint
RP200: 12/29/2008 9:30:41 AM - System Checkpoint
RP201: 12/30/2008 9:45:17 AM - System Checkpoint
RP202: 12/31/2008 10:30:42 AM - System Checkpoint
RP203: 1/1/2009 10:31:46 AM - System Checkpoint
RP204: 1/2/2009 10:55:50 AM - System Checkpoint
RP205: 1/3/2009 11:31:33 AM - System Checkpoint
RP206: 1/4/2009 11:32:33 AM - System Checkpoint
RP207: 1/5/2009 1:30:28 PM - System Checkpoint
RP208: 1/6/2009 2:30:28 PM - System Checkpoint
RP209: 1/7/2009 3:23:26 PM - System Checkpoint
RP210: 1/8/2009 4:02:38 PM - System Checkpoint
RP211: 1/9/2009 4:14:32 PM - System Checkpoint
RP212: 1/10/2009 4:42:40 PM - System Checkpoint
RP213: 1/11/2009 5:03:37 PM - System Checkpoint
RP214: 1/12/2009 8:16:46 PM - System Checkpoint
RP215: 1/13/2009 9:02:35 PM - System Checkpoint
RP216: 1/14/2009 3:00:17 AM - Software Distribution Service 3.0
RP217: 1/15/2009 3:26:20 AM - System Checkpoint
RP218: 1/16/2009 4:26:17 AM - System Checkpoint
RP219: 1/17/2009 5:11:22 AM - System Checkpoint
RP220: 1/18/2009 6:11:21 AM - System Checkpoint
RP221: 1/19/2009 7:11:22 AM - System Checkpoint
RP222: 1/20/2009 7:22:52 AM - System Checkpoint
RP223: 1/21/2009 8:44:54 AM - System Checkpoint
RP224: 1/22/2009 9:14:37 AM - System Checkpoint
RP225: 1/23/2009 10:41:37 AM - System Checkpoint
RP226: 1/24/2009 10:43:23 AM - System Checkpoint
RP227: 1/25/2009 11:43:24 AM - System Checkpoint
RP228: 1/26/2009 1:31:23 PM - System Checkpoint
RP229: 1/27/2009 1:42:19 PM - System Checkpoint
RP230: 1/28/2009 1:51:14 PM - System Checkpoint
RP231: 1/29/2009 1:40:21 PM - Installed iTunes
RP232: 1/30/2009 1:47:53 PM - System Checkpoint
RP233: 1/31/2009 1:56:56 PM - System Checkpoint
RP234: 2/1/2009 3:04:29 PM - System Checkpoint
RP235: 2/2/2009 3:47:33 PM - System Checkpoint
RP236: 2/3/2009 4:35:53 PM - System Checkpoint
RP237: 2/4/2009 5:34:52 PM - System Checkpoint
RP238: 2/5/2009 6:39:36 PM - System Checkpoint
RP239: 2/6/2009 7:44:08 PM - System Checkpoint
RP240: 2/7/2009 8:01:15 PM - System Checkpoint
RP241: 2/8/2009 9:32:31 PM - System Checkpoint
RP242: 2/9/2009 10:38:32 PM - System Checkpoint
RP243: 2/10/2009 11:30:26 PM - System Checkpoint
RP244: 2/11/2009 3:00:18 AM - Software Distribution Service 3.0
RP245: 2/12/2009 3:11:56 AM - System Checkpoint
RP246: 2/13/2009 3:12:27 AM - System Checkpoint
RP247: 2/18/2009 1:27:04 AM - System Checkpoint
RP248: 2/22/2009 2:25:05 AM - System Checkpoint
RP249: 2/23/2009 6:41:45 PM - System Checkpoint
RP250: 2/25/2009 3:00:18 AM - Software Distribution Service 3.0
RP251: 3/1/2009 7:38:22 PM - System Checkpoint
RP252: 3/2/2009 8:06:10 PM - System Checkpoint
RP253: 3/3/2009 8:18:48 PM - System Checkpoint
RP254: 3/4/2009 9:06:09 PM - System Checkpoint
RP255: 3/5/2009 10:06:09 PM - System Checkpoint
RP256: 3/6/2009 10:23:59 PM - System Checkpoint
RP257: 3/10/2009 7:50:23 PM - System Checkpoint

==== Installed Programs ======================

1Click DVD Copy 5.4.7.2
ABBYY FineReader 6.0 Sprint
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Flash Player 10 ActiveX
Adobe Reader 8.1.2
Adobe Reader 8.1.2 Security Update 1 (KB403742)
Apple Mobile Device Support
Apple Software Update
ArcSoft PhotoImpression 5
ArcSoft PhotoStudio 5.5
AVG Free 8.0
BACS
Bonjour
Broadcom Advanced Control Suite
Dell ResourceCD
Digital Line Detect
DVD43 v4.3.1
EPSON CX 3800 Guide
EPSON Printer Software
EPSON Scan
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB952287)
Intel(R) Extreme Graphics Driver
InterActual Player
IOGEAR Bluetooth Software
iTunes
Java(TM) 6 Update 6
Kaspersky Online Scanner
Kazaa 3.2.7
Lexmark 3500-4500 Series
Lexmark Fax Solutions
Malwarebytes' Anti-Malware
MetaFrame Presentation Server Web Client for Win32
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 3.0 Service Pack 1
Microsoft .NET Framework 3.5
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft IntelliPoint 4.1
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Excel Viewer 2003
Microsoft Office PowerPoint Viewer 2003
Microsoft Office Word Viewer 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Word 2002
Microsoft Works 2003 Setup Launcher
Microsoft Works 7.0
Microsoft Works Suite Add-in for Microsoft Word
Modem Helper
Nero Suite
Panda ActiveScan 2.0
Picasa 2
QuickTime
RapidPlayer v4.0 ActiveX Control
RealPlayer Basic
RTC Client API v1.2 Setup
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 8 (KB917734)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB960715)
Smilebox
SoundMAX
SpotLife
Uninstall Perfect Defender 2009
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB914882)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB923845)
Update for Windows XP (KB925720)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Viewpoint Manager (Remove Only)
Viewpoint Media Player
WebFldrs XP
West at Home Gateway V2
Windows Genuine Advantage Notifications (KB905474)
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Service Pack 2
Wonderland - Secret Worlds
Works Suite OS Pack
XML Paper Specification Shared Components Pack 1.0
Yahoo! Messenger
Yahoo! Music Jukebox
Yahoo! Toolbar

==== Event Viewer Messages From Past Week ========

3/19/2009 5:44:53 PM, error: Service Control Manager [7000] - The lxdiCATSCustConnectService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
3/19/2009 5:44:53 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the lxdiCATSCustConnectService service to connect.
3/19/2009 5:44:53 PM, error: Service Control Manager [7000] - The Bluetooth Port Client Driver service failed to start due to the following error: The system cannot find the file specified.
3/19/2009 5:44:53 PM, error: Service Control Manager [7000] - The Bluetooth Serial Driver service failed to start due to the following error: The system cannot find the file specified.
3/19/2009 5:48:53 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

==== End Of File ===========================

Salibu · 20th March 2009

DDS (Ver_09-03-16.01) - NTFSx86
Run by Owner at 19:11:41.29 on Thu 03/19/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.766.395 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
FW: AVG Firewall *disabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\QuickTime\QTTask.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE
C:\Program Files\dvd43\dvd43_tray.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe
C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe
C:\Program Files\Perfect Defender 2009\pdfndr.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Documents and Settings\Owner\Application Data\Smilebox\SmileboxTray.exe
C:\Program Files\Bonjour\mDNSResponder.exe
svchost.exe
C:\Program Files\IOGEAR\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\lxdicoms.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Java\jre1.6.0_06\bin\jucheck.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Desktop\dds.pif

============== Pseudo HJT Report ===============

uSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/ymj/*http://www.yahoo.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.yahoo.com
uSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/ymj/*http://www.yahoo.com/ext/search/search.html
mDefault_Page_URL = hxxp://www.yahoo.com
mDefault_Search_URL = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/ymj/*http://www.yahoo.com
mSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/ymj/*http://www.yahoo.com
mStart Page = hxxp://www.yahoo.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/ymj/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/ymj/*http://www.yahoo.com
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
mURLSearchHooks: H - No File
mWinlogon: Userinit=c:\windows\system32\Userinit.exe
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {28b85c56-f5c1-ade8-8784-6370e19c9fb1}: {1bf9c91e-0736-4878-8eda-1c5f65c58b82} - c:\windows\system32\nlnqhb.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_06\bin\ssv.dll
BHO: {c2991983-a339-4d7d-bc8f-12d2c1ea5a6d} - c:\windows\system32\madureyu.dll
BHO: &Research: {d263fa6d-84cc-48a8-9af6-c664362b7a5b} - c:\windows\system32\winconfig.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File
TB: {855F3B16-6D32-4FE6-8A56-BBB695989046} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [NBJ] "c:\program files\ahead\nero backitup\NBJ.exe"
uRun: [Yahoo! Pager] "c:\progra~1\yahoo!\messen~1\YAHOOM~1.EXE" -quiet
uRun: [SmileboxTray] "c:\documents and settings\owner\application data\smilebox\SmileboxTray.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [POINTER] point32.exe
mRun: [EPSON Stylus CX3800 Series] c:\windows\system32\spool\drivers\w32x86\3\E_FATIACA.EXE /P26 "EPSON Stylus CX3800 Series" /O6 "USB001" /M "Stylus CX3800"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [dvd43] c:\program files\dvd43\dvd43_tray.exe
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_06\bin\jusched.exe"
mRun: [lxdimon.exe] "c:\program files\lexmark 3500-4500 series\lxdimon.exe"
mRun: [lxdiamon] "c:\program files\lexmark 3500-4500 series\lxdiamon.exe"
mRun: [FaxCenterServer] "c:\program files\\lexmark fax solutions\fm3032.exe" /s
mRun: [Perfect Defender 2009] "c:\program files\perfect defender 2009\pdfndr.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [c80f02db] rundll32.exe "c:\windows\system32\sogibujo.dll",b
mRun: [kazigoheji] Rundll32.exe "c:\windows\system32\woduluju.dll",s
mRun: [CPMcb3c3147] Rundll32.exe "c:\windows\system32\tojijejo.dll",a
dRun: [Picasa Media Detector] c:\program files\picasa2\PicasaMediaDetector.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ymetray.lnk - c:\program files\yahoo!\yahoo! music jukebox\ymetray.exe
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\iogear\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_06\bin\ssv.dll
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: Aces Up! by pogo - hxxp://game1.pogo.com/applet-6.9.0.61/aces/aces-en_US.cab
DPF: Backgammon by pogo - hxxp://game1.pogo.com/applet-6.9.3.29/backgammon/backgammon-en_US.cab
DPF: Blackjack Carnival by pogo - hxxp://game1.pogo.com/applet-6.8.1.38/vbjack2/vbjack2-en_US.cab
DPF: Blooop by pogo - hxxp://game1.pogo.com/applet-6.8.0.32/cascade/cascade-en_US.cab
DPF: Bowling by pogo - hxxp://game1.pogo.com/applet-6.8.4.51/bowling/bowling-en_US.cab
DPF: Canasta by pogo - hxxp://game1.pogo.com/applet-6.8.4.51/canasta/canasta-en_US.cab
DPF: Chess by pogo - hxxp://game1.pogo.com/applet-6.8.0.32/chess2/chess2-en_US.cab
DPF: Cribbage by pogo - hxxp://game1.pogo.com/applet-6.8.0.32/cribbage/cribbage-en_US.cab
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Dominoes by pogo - hxxp://game1.pogo.com/applet-6.7.5.28/domino/domino-en_US.cab
DPF: First Class Solitaire by pogo - hxxp://game1.pogo.com/applet-6.8.1.30/firstclass2/firstclass2-en_US.cab
DPF: Fortune Bingo by pogo - hxxp://game1.pogo.com/applet-6.9.0.43/superbingo/superbingo-en_US.cab
DPF: Harvest Mania by pogo - hxxp://game1.pogo.com/applet-6.7.5.21/harvest/harvest-en_US.cab
DPF: High Stakes Poker by pogo - hxxp://game1.pogo.com/applet-6.8.4.51/drawpoker/drawpoker-en_US.cab
DPF: High Stakes Pool by pogo - hxxp://game1.pogo.com/applet-6.8.4.51/pool2/pool-en_US.cab
DPF: Hog Heaven Slots by pogo - hxxp://game1.pogo.com/applet-6.9.1.38/fancy/fancy-en_US.cab
DPF: Jungle Gin by pogo - hxxp://game1.pogo.com/applet-6.8.0.25/gin2/gin2-en_US.cab
DPF: Lost Temple Poker by pogo - hxxp://game1.pogo.com/applet-6.9.0.43/mhpoker/mhpoker-en_US.cab
DPF: Lottso by pogo - hxxp://game1.pogo.com/applet-6.8.4.51/lottso/lottso-en_US.cab
DPF: Mah Jong Garden by pogo - hxxp://game1.pogo.com/applet-6.7.5.21/mahjong/mahjong-en_US.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: Pai Gow by pogo - hxxp://game1.pogo.com/applet-6.9.0.43/paigow/paigow-en_US.cab
DPF: Payday FreeCell by pogo - hxxp://game1.pogo.com/applet-6.9.0.43/freecell/freecell-en_US.cab
DPF: Penguin Blocks by pogo - hxxp://game1.pogo.com/applet-6.8.0.25/penguins/penguins-en_US.cab
DPF: Poppit by pogo - hxxp://game1.pogo.com/applet-6.9.0.43/poppit2/poppit2-en_US.cab
DPF: Ride The Tide by pogo - hxxp://game1.pogo.com/applet-6.8.4.51/ride/ride-en_US.cab
DPF: Spider Solitaire by pogo - hxxp://game1.pogo.com/applet-6.8.0.32/spider/spider-en_US.cab
DPF: Squelchies by pogo - hxxp://game1.pogo.com/applet-6.8.4.51/squelchies/squelchies-en_US.cab
DPF: Stellar Sweeper by pogo - hxxp://game1.pogo.com/applet-6.8.2.23/sweeper/sweeper-en_US.cab
DPF: Sweet Tooth TM by pogo - hxxp://game1.pogo.com/applet-6.8.3.35/sweettooth/sweettooth-en_US.cab
DPF: Texas Hold'em Poker by pogo - hxxp://game1.pogo.com/applet-6.8.1.30/holdem/holdem-en_US.cab
DPF: Tri-Peaks by pogo - hxxp://game1.pogo.com/applet-6.8.4.51/peaks/peaks-en_US.cab
DPF: Word Craft by pogo - hxxp://game1.pogo.com/applet-6.8.3.35/babble/babble-en_US.cab
DPF: World Class Solitaire by pogo - hxxp://game1.pogo.com/applet-6.9.3.29/worldclass/worldclass-en_US.cab
DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} - hxxp://www.kaspersky.com/kos/eng/partner/us/kavwebscan_unicode.cab
DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} - hxxp://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photos.walmart.com/WalmartActivia.cab
DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} - hxxp://chat.yahoo.com/cab/yacsui.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {A8683C98-5341-421B-B23C-8514C05354F1} - hxxp://photo.walmart.com/photo/uploads/FujifilmUploadClient.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: igfxcui - igfxsrvc.dll
AppInit_DLLs: avgrsstx.dll c:\windows\system32\pewejima.dll nlnqhb.dll c:\windows\system32\tojijejo.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\tojijejo.dll
STS: STS: {ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} - c:\windows\system32\tojijejo.dll
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,
LSA: Notification Packages = scecli c:\windows\system32\pewejima.dll

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-6-19 96520]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-6-19 26184]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2008-6-19 902424]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-6-19 282904]
R2 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-6-19 75272]
R2 lxdi_device;lxdi_device;c:\windows\system32\lxdicoms.exe -service --> c:\windows\system32\lxdicoms.exe -service [?]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-3-12 24652]
S2 lxdiCATSCustConnectService;lxdiCATSCustConnectService;c:\windows\system32\s pool\drivers\w32x86\3\lxdiserv.exe [2008-11-6 99248]
S3 mbr;mbr;\??\c:\docume~1\owner\locals~1\temp\mbr.sys --> c:\docume~1\owner\locals~1\temp\mbr.sys [?]
S3 XIRLINK;IBM PC Camera;c:\windows\system32\drivers\C-itNT.sys [2006-12-4 805808]

============== File Associations ===============

regfile=regedit.exe "%1" %*
scrfile="%1" %*

=============== Created Last 30 ================

==================== Find3M ====================

2008-12-20 18:15 826,368 a------- c:\windows\system32\wininet.dll
2007-01-24 18:43 87,608 a------- c:\docume~1\owner\applic~1\ezpinst.exe
2007-01-24 18:43 47,360 a------- c:\docume~1\owner\applic~1\pcouffin.sys

============= FINISH: 19:12:14.78 ===============

**Aaflac** · 20th March 2009

Please make sure you temporarily disable any security/protection applications as they may interfere with running programs needed to eradicate infections. Check the list in How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs for any programs run.

Next, download ComboFix
Save to the Desktop <<< Important!!

Now, close all open windows
Double-click combofix.exe to run the program
Follow the prompts.
If the option is offered, it is in your best interest to allow the download and install of the Recovery Console when prompted.
When told that the RC is installed correctly, press YES to continue scanning for malware.
ComboFix will run. Please don't click on the window while the program is running, it may cause your system to stall.
CF may reboot the computer and resume running when it restarts.
When finished, a log, ComboFix.txt, is produced.

Please provide the contents of the ComboFix report in your reply.

Salibu · 21st March 2009

omboFix 09-03-19.02 - Owner 2009-03-20 18:21:28.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.766.492 [GMT -5:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
FW: AVG Firewall *disabled*
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Owner\Application Data\Google\T-Scan
c:\documents and settings\Owner\Desktop\A360.lnk
c:\documents and settings\Owner\Start Menu\A360
c:\documents and settings\Owner\Start Menu\A360\A360.lnk
c:\documents and settings\Owner\Start Menu\A360\Help.lnk
c:\documents and settings\Owner\Start Menu\A360\Registration.lnk
c:\program files\A360
c:\program files\Common Files\System\Uninstall
c:\program files\Common Files\System\Uninstall\Uninstall A360.lnk
c:\windows\cdmxtras
c:\windows\cdmxtras\uninst.exe
c:\windows\system32\ayejifus.ini
c:\windows\system32\drivers\fad.sys
c:\windows\system32\dumphive.exe
c:\windows\system32\idisasin.ini
c:\windows\system32\ogegirug.ini
c:\windows\system32\ojubigos.ini
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SYSREST.SYS

((((((((((((((((((((((((( Files Created from 2009-02-20 to 2009-03-20 )))))))))))))))))))))))))))))))
.

No new files created in this timespan

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-19 22:49 --------- d-----w c:\program files\LimeWire
2009-01-29 19:41 --------- d-----w c:\documents and settings\Owner\Application Data\Apple Computer
2009-01-29 19:40 --------- d-----w c:\program files\iTunes
2009-01-29 19:40 --------- d-----w c:\program files\iPod
2009-01-29 19:40 --------- d-----w c:\program files\Common Files\Apple
2009-01-29 19:40 --------- d-----w c:\program files\Bonjour
2009-01-29 19:40 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
2009-01-29 19:40 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-01-29 19:39 --------- d-----w c:\program files\QuickTime
2009-01-29 19:38 --------- d-----w c:\program files\Apple Software Update
2009-01-29 19:38 --------- d-----w c:\documents and settings\All Users\Application Data\Apple
2009-01-23 20:23 --------- d-----w c:\program files\Smilebox
2009-01-23 20:23 --------- d-----w c:\documents and settings\Owner\Application Data\Smilebox
2009-01-23 15:38 --------- d-----w c:\program files\Perfect Defender 2009
2007-01-24 23:43 87,608 ----a-w c:\documents and settings\Owner\Application Data\ezpinst.exe
2007-01-24 23:43 47,360 ----a-w c:\documents and settings\Owner\Application Data\pcouffin.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"NBJ"="c:\program files\Ahead\Nero BackItUp\NBJ.exe" [2005-05-19 1957888]
"Yahoo! Pager"="c:\progra~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" [2007-08-30 4670704]
"SmileboxTray"="c:\documents and settings\Owner\Application Data\Smilebox\SmileboxTray.exe" [2009-01-01 254600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2003-01-13 155648]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2003-01-13 114688]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"EPSON Stylus CX3800 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE" [2005-02-07 98304]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"dvd43"="c:\program files\dvd43\dvd43_tray.exe" [2008-04-09 826880]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-06-19 1177368]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 144784]
"lxdimon.exe"="c:\program files\Lexmark 3500-4500 Series\lxdimon.exe" [2007-07-16 434864]
"lxdiamon"="c:\program files\Lexmark 3500-4500 Series\lxdiamon.exe" [2007-07-16 25264]
"FaxCenterServer"="c:\program files\\Lexmark Fax Solutions\fm3032.exe" [2007-07-16 311984]
"Perfect Defender 2009"="c:\program files\Perfect Defender 2009\pdfndr.exe" [2008-12-10 2994928]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-01-06 290088]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 c:\windows\system32\bthprops.cpl]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2007-09-27 443968]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]
ymetray.lnk - c:\program files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe [2008-02-05 54512]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.D263"= xl_x263dec.dll
"VIDC.YV12"= xl_yv12.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
--a------ 2006-07-05 14:29 26112 c:\program files\Real\RealPlayer\realplay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-08-30 17:43 4670704 c:\program files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\StubInstaller.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Trillian\\trillian.exe"=
"c:\\kav\\kav7\\setup.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe"=
"c:\\WINDOWS\\system32\\lxdicoms.exe"=
"c:\\Program Files\\Lexmark 3500-4500 Series\\lxdiamon.exe"=
"c:\\Program Files\\Lexmark 3500-4500 Series\\App4R.exe"=
"c:\\Program Files\\Abbyy FineReader 6.0 Sprint\\Scan\\ScanMan6.exe"=
"c:\\Program Files\\Lexmark Fax Solutions\\FaxCtr.exe"=
"c:\\Program Files\\Lexmark 3500-4500 Series\\lxdimon.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdipswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxditime.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdijswx.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\taskmgr.exe"=

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-06-19 96520]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-06-19 902424]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-06-19 282904]
R2 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-06-19 75272]
R2 lxdi_device;lxdi_device;c:\windows\system32\lxdicoms.exe -service --> c:\windows\system32\lxdicoms.exe -service [?]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-03-12 24652]
S2 lxdiCATSCustConnectService;lxdiCATSCustConnectService;c:\windows\system32\s pool\drivers\w32x86\3\lxdiserv.exe [2008-11-06 99248]
S3 XIRLINK;IBM PC Camera;c:\windows\system32\drivers\C-itNT.sys [2006-12-04 805808]
.
Contents of the 'Scheduled Tasks' folder

2009-03-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 13:34]
.
- - - - ORPHANS REMOVED - - - -

BHO-{1bf9c91e-0736-4878-8eda-1c5f65c58b82} - c:\windows\system32\nlnqhb.dll
BHO-{c2991983-a339-4d7d-bc8f-12d2c1ea5a6d} - c:\windows\system32\madureyu.dll
HKLM-Run-c80f02db - c:\windows\system32\sogibujo.dll
HKLM-Run-kazigoheji - c:\windows\system32\woduluju.dll
HKLM-Run-CPMcb3c3147 - c:\windows\system32\tojijejo.dll
HKLM-Run-POINTER - point32.exe
MSConfigStartUp-AOL Spyware Protection - c:\progra~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
MSConfigStartUp-AOLDialer - c:\program files\Common Files\AOL\ACS\AOLDial.exe
MSConfigStartUp-HostManager - c:\program files\Common Files\AOL\1152127725\ee\AOLSoftware.exe
MSConfigStartUp-MsnMsgr - c:\program files\MSN Messenger\MsnMsgr.Exe

.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.yahoo.com
mStart Page = hxxp://www.yahoo.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/ymj/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/ymj/*http://www.yahoo.com
DPF: Aces Up! by pogo - hxxp://game1.pogo.com/applet-6.9.0.61/aces/aces-en_US.cab
DPF: Backgammon by pogo - hxxp://game1.pogo.com/applet-6.9.3.29/backgammon/backgammon-en_US.cab
DPF: Blackjack Carnival by pogo - hxxp://game1.pogo.com/applet-6.8.1.38/vbjack2/vbjack2-en_US.cab
DPF: Blooop by pogo - hxxp://game1.pogo.com/applet-6.8.0.32/cascade/cascade-en_US.cab
DPF: Bowling by pogo - hxxp://game1.pogo.com/applet-6.8.4.51/bowling/bowling-en_US.cab
DPF: Canasta by pogo - hxxp://game1.pogo.com/applet-6.8.4.51/canasta/canasta-en_US.cab
DPF: Chess by pogo - hxxp://game1.pogo.com/applet-6.8.0.32/chess2/chess2-en_US.cab
DPF: Cribbage by pogo - hxxp://game1.pogo.com/applet-6.8.0.32/cribbage/cribbage-en_US.cab
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Dominoes by pogo - hxxp://game1.pogo.com/applet-6.7.5.28/domino/domino-en_US.cab
DPF: First Class Solitaire by pogo - hxxp://game1.pogo.com/applet-6.8.1.30/firstclass2/firstclass2-en_US.cab
DPF: Fortune Bingo by pogo - hxxp://game1.pogo.com/applet-6.9.0.43/superbingo/superbingo-en_US.cab
DPF: Harvest Mania by pogo - hxxp://game1.pogo.com/applet-6.7.5.21/harvest/harvest-en_US.cab
DPF: High Stakes Poker by pogo - hxxp://game1.pogo.com/applet-6.8.4.51/drawpoker/drawpoker-en_US.cab
DPF: High Stakes Pool by pogo - hxxp://game1.pogo.com/applet-6.8.4.51/pool2/pool-en_US.cab
DPF: Hog Heaven Slots by pogo - hxxp://game1.pogo.com/applet-6.9.1.38/fancy/fancy-en_US.cab
DPF: Jungle Gin by pogo - hxxp://game1.pogo.com/applet-6.8.0.25/gin2/gin2-en_US.cab
DPF: Lost Temple Poker by pogo - hxxp://game1.pogo.com/applet-6.9.0.43/mhpoker/mhpoker-en_US.cab
DPF: Lottso by pogo - hxxp://game1.pogo.com/applet-6.8.4.51/lottso/lottso-en_US.cab
DPF: Mah Jong Garden by pogo - hxxp://game1.pogo.com/applet-6.7.5.21/mahjong/mahjong-en_US.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: Pai Gow by pogo - hxxp://game1.pogo.com/applet-6.9.0.43/paigow/paigow-en_US.cab
DPF: Payday FreeCell by pogo - hxxp://game1.pogo.com/applet-6.9.0.43/freecell/freecell-en_US.cab
DPF: Penguin Blocks by pogo - hxxp://game1.pogo.com/applet-6.8.0.25/penguins/penguins-en_US.cab
DPF: Poppit by pogo - hxxp://game1.pogo.com/applet-6.9.0.43/poppit2/poppit2-en_US.cab
DPF: Ride The Tide by pogo - hxxp://game1.pogo.com/applet-6.8.4.51/ride/ride-en_US.cab
DPF: Spider Solitaire by pogo - hxxp://game1.pogo.com/applet-6.8.0.32/spider/spider-en_US.cab
DPF: Squelchies by pogo - hxxp://game1.pogo.com/applet-6.8.4.51/squelchies/squelchies-en_US.cab
DPF: Stellar Sweeper by pogo - hxxp://game1.pogo.com/applet-6.8.2.23/sweeper/sweeper-en_US.cab
DPF: Sweet Tooth TM by pogo - hxxp://game1.pogo.com/applet-6.8.3.35/sweettooth/sweettooth-en_US.cab
DPF: Texas Hold'em Poker by pogo - hxxp://game1.pogo.com/applet-6.8.1.30/holdem/holdem-en_US.cab
DPF: Tri-Peaks by pogo - hxxp://game1.pogo.com/applet-6.8.4.51/peaks/peaks-en_US.cab
DPF: Word Craft by pogo - hxxp://game1.pogo.com/applet-6.8.3.35/babble/babble-en_US.cab
DPF: World Class Solitaire by pogo - hxxp://game1.pogo.com/applet-6.9.3.29/worldclass/worldclass-en_US.cab
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-20 18:24:45
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\rundll32.exe
c:\program files\Microsoft Hardware\Mouse\point32.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\progra~1\Yahoo!\MESSEN~1\Ymsgr_tray.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\IOGEAR\Bluetooth Software\bin\btwdins.exe
c:\windows\system32\lxdicoms.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\program files\AVG\AVG8\avgrsx.exe
.
**************************************************************************
.
Completion time: 2009-03-20 18:28:44 - machine was rebooted
ComboFix-quarantined-files.txt 2009-03-20 23:28:18

Pre-Run: 130,085,490,688 bytes free
Post-Run: 130,420,232,192 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

237 --- E O F --- 2009-02-25 09:01:08

**Aaflac** · 22nd March 2009

Please open Notepad (Start > Run > in the Open field type: notepad)
Click: OK

Copy/paste all the text inside the code box below to Notepad:

Code:

Folder:: 
c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
c:\program files\Perfect Defender 2009

Save as CFScript.txt <<< Important!!
Change the Save as type to: All Files
Save it to the Desktop

Now, using the left mouse button, drag the CFScript.txt >>> onto >>> ComboFix.exe, and drop it.
http://img.photobucket.com/albums/v6...FScriptB-4.gif
ComboFix runs a scan, and may reboot when it finishes. This is normal.

CAUTION: Do not mouse-click ComboFix while it is running. It may cause it to stall.

When finished, a log is produced: ComboFix.txt

~~~~
Please provide the contents of the new ComboFix log in your reply.

Salibu · 22nd March 2009

ComboFix 09-03-19.02 - Owner 2009-03-22 11:47:11.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.766.457 [GMT -5:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFScripts.txt
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
FW: AVG Firewall *disabled*
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}\x86\DIFxAPI.dll
c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}\x86\DifXInstall32.exe
c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}\x86\GEARAspiWDM.inf
c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}\x86\gearaspiwdmx86.cat
c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}\x86\x86\GEARAspi.dll
c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}\x86\x86\GEARAspiWDM.sys
c:\program files\Perfect Defender 2009
c:\program files\Perfect Defender 2009\dbbase.div
c:\program files\Perfect Defender 2009\pdfndr.exe

.
((((((((((((((((((((((((( Files Created from 2009-02-22 to 2009-03-22 )))))))))))))))))))))))))))))))
.

No new files created in this timespan

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-19 22:49 --------- d-----w c:\program files\LimeWire
2009-02-09 10:19 1,846,272 ----a-w c:\windows\system32\win32k.sys
2009-01-29 19:41 --------- d-----w c:\documents and settings\Owner\Application Data\Apple Computer
2009-01-29 19:40 --------- d-----w c:\program files\iTunes
2009-01-29 19:40 --------- d-----w c:\program files\iPod
2009-01-29 19:40 --------- d-----w c:\program files\Common Files\Apple
2009-01-29 19:40 --------- d-----w c:\program files\Bonjour
2009-01-29 19:40 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
2009-01-29 19:39 --------- d-----w c:\program files\QuickTime
2009-01-29 19:38 --------- d-----w c:\program files\Apple Software Update
2009-01-29 19:38 --------- d-----w c:\documents and settings\All Users\Application Data\Apple
2009-01-23 20:23 --------- d-----w c:\program files\Smilebox
2009-01-23 20:23 --------- d-----w c:\documents and settings\Owner\Application Data\Smilebox
2007-01-24 23:43 87,608 ----a-w c:\documents and settings\Owner\Application Data\ezpinst.exe
2007-01-24 23:43 47,360 ----a-w c:\documents and settings\Owner\Application Data\pcouffin.sys
.

((((((((((((((((((((((((((((( SnapShot@2009-03-20_18.27.01.15 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-04-25 14:21:15 144,896 -c----w c:\windows\system32\dllcache\schannel.dll
+ 2008-12-05 07:12:45 144,896 -c----w c:\windows\system32\dllcache\schannel.dll
- 2008-09-15 11:57:41 1,846,016 -c----w c:\windows\system32\dllcache\win32k.sys
+ 2009-02-09 10:19:34 1,846,272 -c----w c:\windows\system32\dllcache\win32k.sys
- 2008-10-15 08:09:30 142,832 ----a-w c:\windows\system32\FNTCACHE.DAT
+ 2009-03-22 16:35:33 142,832 ----a-w c:\windows\system32\FNTCACHE.DAT
- 2007-04-25 14:21:15 144,896 ----a-w c:\windows\system32\schannel.dll
+ 2008-12-05 07:12:45 144,896 ----a-w c:\windows\system32\schannel.dll
- 2008-07-09 07:38:24 17,272 ------w c:\windows\system32\spmsg.dll
+ 2007-11-30 11:18:51 17,272 ------w c:\windows\system32\spmsg.dll
- 2006-10-16 21:10:58 23,856 ----a-w c:\windows\system32\spupdsvc.exe
+ 2007-07-27 14:41:38 26,488 ----a-w c:\windows\system32\spupdsvc.exe
- 2007-06-12 04:51:12 10,834,944 ----a-w c:\windows\system32\wmp.dll
+ 2008-11-11 23:34:42 10,838,016 ----a-w c:\windows\system32\wmp.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"NBJ"="c:\program files\Ahead\Nero BackItUp\NBJ.exe" [2005-05-19 1957888]
"Yahoo! Pager"="c:\progra~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" [2007-08-30 4670704]
"SmileboxTray"="c:\documents and settings\Owner\Application Data\Smilebox\SmileboxTray.exe" [2009-01-01 254600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2003-01-13 155648]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2003-01-13 114688]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"EPSON Stylus CX3800 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE" [2005-02-07 98304]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"dvd43"="c:\program files\dvd43\dvd43_tray.exe" [2008-04-09 826880]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-06-19 1177368]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 144784]
"lxdimon.exe"="c:\program files\Lexmark 3500-4500 Series\lxdimon.exe" [2007-07-16 434864]
"lxdiamon"="c:\program files\Lexmark 3500-4500 Series\lxdiamon.exe" [2007-07-16 25264]
"FaxCenterServer"="c:\program files\\Lexmark Fax Solutions\fm3032.exe" [2007-07-16 311984]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-01-06 290088]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 c:\windows\system32\bthprops.cpl]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2007-09-27 443968]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]
ymetray.lnk - c:\program files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe [2008-02-05 54512]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.D263"= xl_x263dec.dll
"VIDC.YV12"= xl_yv12.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
--a------ 2006-07-05 14:29 26112 c:\program files\Real\RealPlayer\realplay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-08-30 17:43 4670704 c:\program files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\StubInstaller.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Trillian\\trillian.exe"=
"c:\\kav\\kav7\\setup.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe"=
"c:\\WINDOWS\\system32\\lxdicoms.exe"=
"c:\\Program Files\\Lexmark 3500-4500 Series\\lxdiamon.exe"=
"c:\\Program Files\\Lexmark 3500-4500 Series\\App4R.exe"=
"c:\\Program Files\\Abbyy FineReader 6.0 Sprint\\Scan\\ScanMan6.exe"=
"c:\\Program Files\\Lexmark Fax Solutions\\FaxCtr.exe"=
"c:\\Program Files\\Lexmark 3500-4500 Series\\lxdimon.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdipswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxditime.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdijswx.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\taskmgr.exe"=

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-06-19 96520]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-06-19 902424]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-06-19 282904]
R2 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-06-19 75272]
R2 lxdi_device;lxdi_device;c:\windows\system32\lxdicoms.exe -service --> c:\windows\system32\lxdicoms.exe -service [?]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-03-12 24652]
S2 lxdiCATSCustConnectService;lxdiCATSCustConnectService;c:\windows\system32\s pool\drivers\w32x86\3\lxdiserv.exe [2008-11-06 99248]
S3 XIRLINK;IBM PC Camera;c:\windows\system32\drivers\C-itNT.sys [2006-12-04 805808]
.
Contents of the 'Scheduled Tasks' folder

2009-03-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 13:34]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-Perfect Defender 2009 - c:\program files\Perfect Defender 2009\pdfndr.exe

.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.yahoo.com
mStart Page = hxxp://www.yahoo.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/ymj/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/ymj/*http://www.yahoo.com
DPF: Aces Up! by pogo - hxxp://game1.pogo.com/applet-6.9.0.61/aces/aces-en_US.cab
DPF: Backgammon by pogo - hxxp://game1.pogo.com/applet-6.9.3.29/backgammon/backgammon-en_US.cab
DPF: Blackjack Carnival by pogo - hxxp://game1.pogo.com/applet-6.8.1.38/vbjack2/vbjack2-en_US.cab
DPF: Blooop by pogo - hxxp://game1.pogo.com/applet-6.8.0.32/cascade/cascade-en_US.cab
DPF: Bowling by pogo - hxxp://game1.pogo.com/applet-6.8.4.51/bowling/bowling-en_US.cab
DPF: Canasta by pogo - hxxp://game1.pogo.com/applet-6.8.4.51/canasta/canasta-en_US.cab
DPF: Chess by pogo - hxxp://game1.pogo.com/applet-6.8.0.32/chess2/chess2-en_US.cab
DPF: Cribbage by pogo - hxxp://game1.pogo.com/applet-6.8.0.32/cribbage/cribbage-en_US.cab
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Dominoes by pogo - hxxp://game1.pogo.com/applet-6.7.5.28/domino/domino-en_US.cab
DPF: First Class Solitaire by pogo - hxxp://game1.pogo.com/applet-6.8.1.30/firstclass2/firstclass2-en_US.cab
DPF: Fortune Bingo by pogo - hxxp://game1.pogo.com/applet-6.9.0.43/superbingo/superbingo-en_US.cab
DPF: Harvest Mania by pogo - hxxp://game1.pogo.com/applet-6.7.5.21/harvest/harvest-en_US.cab
DPF: High Stakes Poker by pogo - hxxp://game1.pogo.com/applet-6.8.4.51/drawpoker/drawpoker-en_US.cab
DPF: High Stakes Pool by pogo - hxxp://game1.pogo.com/applet-6.8.4.51/pool2/pool-en_US.cab
DPF: Hog Heaven Slots by pogo - hxxp://game1.pogo.com/applet-6.9.1.38/fancy/fancy-en_US.cab
DPF: Jungle Gin by pogo - hxxp://game1.pogo.com/applet-6.8.0.25/gin2/gin2-en_US.cab
DPF: Lost Temple Poker by pogo - hxxp://game1.pogo.com/applet-6.9.0.43/mhpoker/mhpoker-en_US.cab
DPF: Lottso by pogo - hxxp://game1.pogo.com/applet-6.8.4.51/lottso/lottso-en_US.cab
DPF: Mah Jong Garden by pogo - hxxp://game1.pogo.com/applet-6.7.5.21/mahjong/mahjong-en_US.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: Pai Gow by pogo - hxxp://game1.pogo.com/applet-6.9.0.43/paigow/paigow-en_US.cab
DPF: Payday FreeCell by pogo - hxxp://game1.pogo.com/applet-6.9.0.43/freecell/freecell-en_US.cab
DPF: Penguin Blocks by pogo - hxxp://game1.pogo.com/applet-6.8.0.25/penguins/penguins-en_US.cab
DPF: Poppit by pogo - hxxp://game1.pogo.com/applet-6.9.0.43/poppit2/poppit2-en_US.cab
DPF: Ride The Tide by pogo - hxxp://game1.pogo.com/applet-6.8.4.51/ride/ride-en_US.cab
DPF: Spider Solitaire by pogo - hxxp://game1.pogo.com/applet-6.8.0.32/spider/spider-en_US.cab
DPF: Squelchies by pogo - hxxp://game1.pogo.com/applet-6.8.4.51/squelchies/squelchies-en_US.cab
DPF: Stellar Sweeper by pogo - hxxp://game1.pogo.com/applet-6.8.2.23/sweeper/sweeper-en_US.cab
DPF: Sweet Tooth TM by pogo - hxxp://game1.pogo.com/applet-6.8.3.35/sweettooth/sweettooth-en_US.cab
DPF: Texas Hold'em Poker by pogo - hxxp://game1.pogo.com/applet-6.8.1.30/holdem/holdem-en_US.cab
DPF: Tri-Peaks by pogo - hxxp://game1.pogo.com/applet-6.8.4.51/peaks/peaks-en_US.cab
DPF: Word Craft by pogo - hxxp://game1.pogo.com/applet-6.8.3.35/babble/babble-en_US.cab
DPF: World Class Solitaire by pogo - hxxp://game1.pogo.com/applet-6.9.3.29/worldclass/worldclass-en_US.cab
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-22 11:49:05
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(488)
c:\windows\system32\avgrsstx.dll
.
Completion time: 2009-03-22 11:50:59
ComboFix-quarantined-files.txt 2009-03-22 16:50:41
ComboFix2.txt 2009-03-20 23:28:46

Pre-Run: 130,319,503,360 bytes free
Post-Run: 130,306,433,024 bytes free

209 --- E O F --- 2009-03-20 23:48:48

**Aaflac** · 23rd March 2009

Are you still having the malware problems you came here with?

Salibu · 26th March 2009

Yes it seems to be working now thank you so much for your time!!

**Aaflac** · 27th March 2009

Let’s see if Kaspersky picks up any infected files. There is no option to clean/disinfect, however, we can analyze the information on the report and determine whether further action is needed.

Please close all windows, and temporarily turn off the real time scanner of your antivirus program.
Then, use Internet Explorer, and do an online scan with Kaspersky WebScanner
Click: Scan Now
Then click: Accept
The program launches and downloads the latest definition files.

Once the files are downloaded, click on: Next
Under select a target to scan, select: My Computer

When the scan is done, any infection is displayed.

Click on: View scan report

To obtain the report:
Click on: Save Report As

Next, in the Save as prompt, Save in area, select: Desktop

In the File name area, use KScan, or something similar

In Save as type, click the drop arrow and select: Text file [*.txt]
Then, click: Save

~~~~
Please provide the contents of the Kaspersky Online Scanner report in your reply.