Solved Need to make sure all trojans and malware are off of my computer

ok, i'm going to assume this is gonna take a while... will post log in morning. Thanks for sticking this out with me.

 

awesome...I'll post in the morning and then I'll be back on tomorrow night...have to work late. Thanks again!

 

eset log

ESETSmartInstaller@High as downloader log:
Can not open wininet.dllESETSmartInstaller@High as downloader log:
Can not open wininet.dllESETSmartInstaller@High as downloader log:
Can not open wininet.dllESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=23069d53f1fabf4491129538ce128076
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-01-27 08:25:23
# local_time=2010-01-27 01:25:23 (-0700, Mountain Standard Time)
# country= "United States "
# lang=1033
# osver=5.1.2600 NT Service Pack 1
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1797 16775165 100 94 139695 36284235 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=95386
# found=15
# cleaned=15
# scan_time=4205
C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\Quarantine\Quarantine\ppq2D.tmp\bar\1.bin\F3HTTPCT.DLL Win32/Toolbar.MyWebSearch application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\Quarantine\Quarantine\ppq2D.tmp\bar\1.bin\F3PSSAVR.SCR Win32/Toolbar.MyWebSearch application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\Quarantine\Quarantine\ppq2D.tmp\bar\1.bin\M3FFXTBR.JAR Win32/Toolbar.MyWebSearch application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\Quarantine\Quarantine\ppq2D.tmp\bar\1.bin\M3IDLE.DLL Win32/Toolbar.MyWebSearch application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\Quarantine\Quarantine\ppq2D.tmp\bar\1.bin\M3SKPLAY.EXE Win32/Toolbar.MyWebSearch application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\Quarantine\Quarantine\ppq36.tmp\bar\1.bin\F3SCRCTR.DLL Win32/Toolbar.MyWebSearch application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\Quarantine\Quarantine\ppq36.tmp\bar\1.bin\M3FFXTBR.JAR Win32/Toolbar.MyWebSearch application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\Quarantine\Quarantine\ppq36.tmp\bar\1.bin\M3IDLE.DLL Win32/Toolbar.MyWebSearch application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\Quarantine\Quarantine\ppq36.tmp\bar\1.bin\M3SKPLAY.EXE Win32/Toolbar.MyWebSearch application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\Quarantine\Quarantine\ppq5A.tmp\bar\1.bin\M3FFXTBR.JAR Win32/Toolbar.MyWebSearch application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\Quarantine\Quarantine\ppq5A.tmp\bar\1.bin\M3IDLE.DLL Win32/Toolbar.MyWebSearch application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\Quarantine\Quarantine\ppq5A.tmp\bar\1.bin\M3SKPLAY.EXE Win32/Toolbar.MyWebSearch application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\Quarantine\Quarantine\ppq5A.tmp\bar\1.bin\MWSOEPLG.DLL Win32/Toolbar.MyWebSearch application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\David\My Documents\Downloads\unlocker1.8.8.exe Win32/Adware.ADON application (deleted - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\info.tmp a variant of Win32/Bamital.H trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

 

just so ya know, I'm running Super right now...about 30 minutes in...

 

holy cow! almost 2 hours in and still going....starting to think I have too much stuff on my computer! hehehehe...

 

Super log from 1-28-10

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 01/28/2010 at 01:45 AM

Application Version : 4.33.1000

Core Rules Database Version : 4526
Trace Rules Database Version: 2338

Scan type : Complete Scan
Total Scan Time : 03:37:50

Memory items scanned : 197
Memory threats detected : 0
Registry items scanned : 6132
Registry threats detected : 0
File items scanned : 79292
File threats detected : 15

Adware.MyWebSearch/FunWebProducts
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\AUTHENTIUM\CURTAINS150\QUARANTINE\QUARANTINE\PPQ2D.TMP\BAR\1.BIN\F3CJPEG.DLL
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\AUTHENTIUM\CURTAINS150\QUARANTINE\QUARANTINE\PPQ2D.TMP\BAR\1.BIN\F3HISTSW.DLL
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\AUTHENTIUM\CURTAINS150\QUARANTINE\QUARANTINE\PPQ2D.TMP\BAR\1.BIN\F3SCHMON.EXE
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\AUTHENTIUM\CURTAINS150\QUARANTINE\QUARANTINE\PPQ6.TMP\INSTALLR\2.BIN\F3EZSETP.DLL

Adware.MyWebSearch
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\AUTHENTIUM\CURTAINS150\QUARANTINE\QUARANTINE\PPQ2D.TMP\BAR\1.BIN\M3OUTLCN.DLL
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\AUTHENTIUM\CURTAINS150\QUARANTINE\QUARANTINE\PPQ2D.TMP\BAR\1.BIN\MWSOEMON.EXE
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\AUTHENTIUM\CURTAINS150\QUARANTINE\QUARANTINE\PPQ36.TMP\BAR\1.BIN\M3HTML.DLL
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\AUTHENTIUM\CURTAINS150\QUARANTINE\QUARANTINE\PPQ36.TMP\BAR\1.BIN\M3OUTLCN.DLL
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\AUTHENTIUM\CURTAINS150\QUARANTINE\QUARANTINE\PPQ36.TMP\BAR\1.BIN\M3PLUGIN.DLL
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\AUTHENTIUM\CURTAINS150\QUARANTINE\QUARANTINE\PPQ36.TMP\BAR\1.BIN\MWSOEMON.EXE
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\AUTHENTIUM\CURTAINS150\QUARANTINE\QUARANTINE\PPQ36.TMP\BAR\1.BIN\NPMYWEBS.DLL
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\AUTHENTIUM\CURTAINS150\QUARANTINE\QUARANTINE\PPQ5A.TMP\BAR\1.BIN\M3HTML.DLL
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\AUTHENTIUM\CURTAINS150\QUARANTINE\QUARANTINE\PPQ5A.TMP\BAR\1.BIN\M3OUTLCN.DLL
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\AUTHENTIUM\CURTAINS150\QUARANTINE\QUARANTINE\PPQ5A.TMP\BAR\1.BIN\MWSOEMON.EXE
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\AUTHENTIUM\CURTAINS150\QUARANTINE\QUARANTINE\PPQ5A.TMP\SRCHASTT\1.BIN\MWSSRCAS.DLL

 

Super log from 1-27-10

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 01/27/2010 at 10:06 PM

Application Version : 4.33.1000

Core Rules Database Version : 4526
Trace Rules Database Version: 2338

Scan type : Complete Scan
Total Scan Time : 00:00:53

Memory items scanned : 196
Memory threats detected : 0
Registry items scanned : 226
Registry threats detected : 0
File items scanned : 0
File threats detected : 0

 

malware bytes log

Malwarebytes' Anti-Malware 1.44
Database version: 3655
Windows 5.1.2600 Service Pack 1
Internet Explorer 6.0.2800.1106

1/28/2010 11:29:55 PM
mbam-log-2010-01-28 (23-29-55).txt

Scan type: Full Scan (C:\|)
Objects scanned: 221512
Time elapsed: 38 minute(s), 49 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 13
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 23

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{a6573479-9075-4a65-98a6-19fd29cf7374} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{a6573479-9075-4a65-98a6-19fd29cf7374} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Servises (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\system32\AUserinit.exe (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\Common Files\PersonalSecUninstall (Rogue.PersonalSecurity) -> Quarantined and deleted successfully.

Files Infected:
C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\Quarantine\Quarantine\ppq2D.tmp\bar\1.bin\F3RESTUB.DLL (Adware.MyWeb.FunWeb) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F812528C-C033-4929-8CC2-78A711D9062F}\RP1\A0000011.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F812528C-C033-4929-8CC2-78A711D9062F}\RP1\A0000012.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F812528C-C033-4929-8CC2-78A711D9062F}\RP1\A0000014.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F812528C-C033-4929-8CC2-78A711D9062F}\RP1\A0000015.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F812528C-C033-4929-8CC2-78A711D9062F}\RP1\A0000016.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F812528C-C033-4929-8CC2-78A711D9062F}\RP1\A0000017.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F812528C-C033-4929-8CC2-78A711D9062F}\RP1\A0000018.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F812528C-C033-4929-8CC2-78A711D9062F}\RP2\A0000038.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F812528C-C033-4929-8CC2-78A711D9062F}\RP2\A0000029.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F812528C-C033-4929-8CC2-78A711D9062F}\RP2\A0000031.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F812528C-C033-4929-8CC2-78A711D9062F}\RP2\A0000032.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F812528C-C033-4929-8CC2-78A711D9062F}\RP2\A0000033.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F812528C-C033-4929-8CC2-78A711D9062F}\RP2\A0000034.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F812528C-C033-4929-8CC2-78A711D9062F}\RP2\A0000035.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F812528C-C033-4929-8CC2-78A711D9062F}\RP2\A0000036.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F812528C-C033-4929-8CC2-78A711D9062F}\RP2\A0000037.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F812528C-C033-4929-8CC2-78A711D9062F}\RP2\A0000039.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F812528C-C033-4929-8CC2-78A711D9062F}\RP2\A0000040.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F812528C-C033-4929-8CC2-78A711D9062F}\RP2\A0000041.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\Common Files\PersonalSecUninstall\Uninstall.lnk (Rogue.PersonalSecurity) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\AUserinit.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\David\Application Data\Microsoft\Internet Explorer\Quick Launch\PersonalSec.lnk (Rogue.PersonalSecurity) -> Quarantined and deleted successfully.

 

gmer log

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-01-29 11:02:28
Windows 5.1.2600 Service Pack 1
Running: i4lmog5c.exe; Driver: C:\DOCUME~1\Amanda\LOCALS~1\Temp\kgldqpow.sys


---- System - GMER 1.0.15 ----

SSDT F7A8AE96 ZwCreateKey
SSDT F7A8AE8C ZwCreateThread
SSDT F7A8AE9B ZwDeleteKey
SSDT F7A8AEA5 ZwDeleteValueKey
SSDT F7A8AEAA ZwLoadKey
SSDT F7A8AE78 ZwOpenProcess
SSDT F7A8AE7D ZwOpenThread
SSDT F7A8AEB4 ZwReplaceKey
SSDT F7A8AEAF ZwRestoreKey
SSDT F7A8AEA0 ZwSetValueKey
SSDT F7A8AE87 ZwTerminateProcess

Code \SystemRoot\System32\DRIVERS\css-dvp.sys (Dynamic Virus Protection/Command Software Systems, Inc.) ZwClose [0xB94351CF]
Code \SystemRoot\System32\DRIVERS\css-dvp.sys (Dynamic Virus Protection/Command Software Systems, Inc.) ZwCreateSection [0xB943543A]
Code \SystemRoot\System32\DRIVERS\css-dvp.sys (Dynamic Virus Protection/Command Software Systems, Inc.) ZwSetInformationFile [0xB9434916]
Code \SystemRoot\System32\DRIVERS\css-dvp.sys (Dynamic Virus Protection/Command Software Systems, Inc.) ZwWriteFile [0xB9434562]
Code \SystemRoot\System32\DRIVERS\css-dvp.sys (Dynamic Virus Protection/Command Software Systems, Inc.) IoCreateFile
Code \SystemRoot\System32\DRIVERS\css-dvp.sys (Dynamic Virus Protection/Command Software Systems, Inc.) NtClose
Code \SystemRoot\System32\DRIVERS\css-dvp.sys (Dynamic Virus Protection/Command Software Systems, Inc.) NtCreateSection
Code \SystemRoot\System32\DRIVERS\css-dvp.sys (Dynamic Virus Protection/Command Software Systems, Inc.) NtSetInformationFile
Code \SystemRoot\System32\DRIVERS\css-dvp.sys (Dynamic Virus Protection/Command Software Systems, Inc.) NtWriteFile

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!KeInitializeInterrupt + B67 804DA23C 1 Byte [06]
.text ntoskrnl.exe!KeI386Call16BitCStyleFunction + 1B0 8050262C 4 Bytes [96, AE, A8, F7] {XCHG ESI, EAX; SCASB ; TEST AL, 0xf7}
.text ntoskrnl.exe!KeI386Call16BitCStyleFunction + 1E0 8050265C 4 Bytes [8C, AE, A8, F7]
.text ntoskrnl.exe!KeI386Call16BitCStyleFunction + 208 80502684 4 Bytes [9B, AE, A8, F7] {WAIT ; SCASB ; TEST AL, 0xf7}
.text ntoskrnl.exe!KeI386Call16BitCStyleFunction + 210 8050268C 4 Bytes [A5, AE, A8, F7] {MOVSD ; SCASB ; TEST AL, 0xf7}
.text ntoskrnl.exe!KeI386Call16BitCStyleFunction + 294 80502710 4 Bytes [AA, AE, A8, F7] {STOSB ; SCASB ; TEST AL, 0xf7}
.text ...
PAGE ntoskrnl.exe!NtCreateSection 8057FB92 7 Bytes JMP B943543E \SystemRoot\System32\DRIVERS\css-dvp.sys (Dynamic Virus Protection/Command Software Systems, Inc.)
PAGE ntoskrnl.exe!NtClose 80581355 6 Bytes JMP B94351D3 \SystemRoot\System32\DRIVERS\css-dvp.sys (Dynamic Virus Protection/Command Software Systems, Inc.)
PAGE ntoskrnl.exe!IoCreateFile 80583218 5 Bytes JMP B9434155 \SystemRoot\System32\DRIVERS\css-dvp.sys (Dynamic Virus Protection/Command Software Systems, Inc.)
PAGE ntoskrnl.exe!NtWriteFile 8058DC04 4 Bytes JMP B9434566 \SystemRoot\System32\DRIVERS\css-dvp.sys (Dynamic Virus Protection/Command Software Systems, Inc.)
PAGE ntoskrnl.exe!NtWriteFile + 5 8058DC09 2 Bytes JMP E8909038
PAGE ntoskrnl.exe!NtSetInformationFile 80592589 1 Byte [E9]
PAGE ntoskrnl.exe!NtSetInformationFile 80592589 5 Bytes JMP B943491A \SystemRoot\System32\DRIVERS\css-dvp.sys (Dynamic Virus Protection/Command Software Systems, Inc.)
? iscqh.sys The system cannot find the file specified. !
PAGE Fastfat.SYS B940390C 7 Bytes JMP B9435A22 \SystemRoot\System32\DRIVERS\css-dvp.sys (Dynamic Virus Protection/Command Software Systems, Inc.)

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\System32\WgaTray.exe[1872] WININET.dll!InternetErrorDlg 76264703 6 Bytes JMP 0101211B C:\WINDOWS\System32\WgaTray.exe (Windows Genuine Advantage Notification/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Tcp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

 

hijackthis log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:03:35 AM, on 1/29/2010
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\WgaTray.exe
C:\WINDOWS\System32\NVATray.exe
C:\WINDOWS\Dit.exe
C:\Program Files\Windows Live\Family Safety\fsui.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Documents and Settings\Amanda\My Documents\RCA Detective\RCADetective.exe
C:\WINDOWS\DitExp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NVIDIA nForce APU1 Utilities] NVATray.exe
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fsui.exe" -autorun
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe "
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Startup: RCA Detective.lnk = C:\Documents and Settings\Amanda\My Documents\RCA Detective\RCADetective.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Search - ?p=ZJxdm128YYUS
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1127253496125
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1131427458859
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_1/axofupld.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} - http://a19.g.akamai.net/7/19/7125/4056/ftp.coupons.com/r3302/cpbrkpie.cab
O16 - DPF: {9BFC2253-B9D9-477E-9488-CA450232620D} (BinAg1 Class) - https://fastconnectkitsetup.cox.net/wizlet/CoxNA/static/controls/WebflowActiveX.CAB
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://download.games.yahoo.com/games/web_games/popcap/bejeweled2/popcaploader_v6.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: Roxio UPnP Renderer 9 - Unknown owner - C:\Program Files\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe (file missing)
O23 - Service: Roxio Upnp Server 9 - Unknown owner - C:\Program Files\Common Files\Sonic Shared\RoxioUpnpService9.exe (file missing)
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
O23 - Service: RoxMediaDB9 - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe (file missing)
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe (file missing)
O23 - Service: stllssvr - Unknown owner - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing)

--
End of file - 11248 bytes

 

ok, finished all of the scans...just let me know what to do next...thanks again!

 

kaspersky scan log

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Saturday, January 30, 2010
Operating system: Microsoft Windows XP Home Edition Service Pack 1 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Friday, January 29, 2010 20:00:04
Records in database: 3384767
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\

Scan statistics:
Objects scanned: 92958
Threats found: 1
Infected objects found: 1
Suspicious objects found: 0
Scan duration: 02:20:45


File name / Threat / Threats count
C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\Quarantine\Quarantine\ppq2D.tmp\bar\1.bin\F3WPHOOK.DLL Infected: not-a-virus:Monitor.Win32.Agent.c 1

Selected area has been scanned.

 

i know this sounds silly, but under all users, ther is no application data folder...how else can i find it, i tried searching also, still no luck