[SOLVED] Antispyware 2009 and popups coming back after format/reinstall

[BEN6732]

Hello. Last week I foolishly went to a popular torrent site and was hit with MS Antispyware 2009. I've seen it before and know how invasive it is, so I decided to format C/reinstall windows to wipe it out. I tried this a few times and it still comes back. It must have made it onto one of my other drives. I use this computer as my "work" computer. I record bands/artists for a living and as this is my primary DAW, there are lots of drives attached that it could have made it onto. After stumbling upon this forum, I tried a number of the tools used here. I now know that this was a mistake and I should have posted and left this to the experts. If it prevents me from getting help, I fully understand and comply by your rules. I tried Malwarebytes, Spybot, Avira, Hijackthis, and even Combofix with no luck. Those have eliminated the redirects, background changes, and warnings, though I'm still getting popups. I also ran the Kaspersky online scan last night, which took 7 hours and found only one infection. It found "start.exe" on my Ipod (drive J:). However it did not give an option for deleting it and I cannot locate it with Windows explorer. The popups sometimes contain info about my google searches. I still plan on reformatting my system drive when the infection is cleaned so that I can make a clean restore disk in the event this ever happens again. It shouldn't, I'm never running torrent software on my work computer again! In fact I think it should stay offline all together.

Thanks in advance!
Ben



DDS (Ver_09-02-01.01) - NTFSx86
Run by Ben at 13:14:44.70 on Wed 03/11/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3583.3229 [GMT -4:00]

AV: Avira AntiVir PersonalEdition *On-access scanning enabled* (Outdated)

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe
C:\Program Files\ASUS\AI Suite\AiGear3\CpuPowerMonitor.exe
C:\Program Files\ASUS\AI Suite\EnergySaving\PwSave.exe
C:\Program Files\Mediafour\MacDrive 7\MacDriveD.exe
C:\Program Files\ASUS\AASP\1.00.59\aaCenter.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Digidesign\Drivers\MMERefresh.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Mediafour\MacDrive 7\MacDriveServiceD.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Documents and Settings\Ben\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank
mStart Page = about:blank
BHO: MessengerUpdate Class: {5948a52a-ba3a-49a8-bcaf-d578502bda9d} - c:\documents and settings\ben\application data\messenger\drivers\MsgUpdate.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [IgfxSys] rundll32.exe "c:\documents and settings\ben\application data\messenger\drivers\IgfxSys.dll",StartProtector
uRun: [Uniblue RegistryBooster 2009] c:\program files\uniblue\registrybooster\RegistryBooster.exe /S
mRun: [Ai Nap] "c:\program files\asus\ai suite\ainap\AiNap.exe"
mRun: [CPU Power Monitor] "c:\program files\asus\ai suite\aigear3\CpuPowerMonitor.exe"
mRun: [Cpu Level Up help] c:\program files\asus\ai suite\CpuLevelUpHelp.exe
mRun: [ASUS Energy Saving] "c:\program files\asus\ai suite\energysaving\PwSave.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [DigidesignMMERefresh] c:\program files\digidesign\drivers\MMERefresh.exe
mRun: [MacDrive application for Digidesign] "c:\program files\mediafour\macdrive 7\MacDriveD.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [avgnt] "c:\program files\avira\antivir personaledition classic\avgnt.exe" /min
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1236269094971
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://dl8-cdn-01.sun.com/s/ESD7/JSCDL/jdk/6u12-b04/jinstall-6u12-windows-i586-jc.cab?e=1236742626077&h=c0bac4613236d50ddfb99c8eeb8ca626/&filename=jinstall-6u12-windows-i586-jc.cab
DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Notify: AtiExtEvent - Ati2evxx.dll

============= SERVICES / DRIVERS ===============

R0 MDFSYSNT;MacDrive file system driver;c:\windows\system32\drivers\MDFSYSNT.SYS [2008-7-22 288768]
R0 MDPMGRNT;MacDrive partition driver;c:\windows\system32\drivers\MDPMGRNT.SYS [2007-2-28 19072]
R0 mv61xx;mv61xx;c:\windows\system32\drivers\mv61xx.sys [2008-6-10 150568]
R1 avgio;avgio;c:\program files\avira\antivir personaledition classic\avgio.sys [2009-3-11 11840]
R2 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Scheduler;c:\program files\avira\antivir personaledition classic\sched.exe [2009-3-11 68865]
R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard;c:\program files\avira\antivir personaledition classic\avguard.exe [2009-3-11 151297]
R2 DigiNet;Digidesign Ethernet Support;c:\windows\system32\drivers\diginet.sys [2009-3-5 16400]
R2 MacDriveServiceD;MacDrive service for Digidesign;c:\program files\mediafour\macdrive 7\MacDriveServiceD.exe [2008-9-18 152064]
R3 avgntflt;avgntflt;c:\program files\avira\antivir personaledition classic\avgntflt.sys [2009-3-11 52032]
R3 echo24;Echo24 Service;c:\windows\system32\drivers\echo24.sys [2009-3-5 557056]
R3 iLokDrvr;iLok;c:\windows\system32\drivers\iLokDrvr.sys [2008-9-8 54256]
S3 command8;Command|8 Driver;c:\windows\system32\drivers\c8usb_vistacomp.sys [2009-3-5 21520]
S3 dalwdmservice;dal service;c:\windows\system32\drivers\Dalwdm.sys [2009-3-5 97808]

=============== Created Last 30 ================

2009-03-11 13:13 <DIR> --d----- c:\program files\Avira
2009-03-11 13:13 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Avira
2009-03-11 13:04 1,181,022 a------- c:\windows\system32\TmpA45830671
2009-03-11 12:44 <DIR> --d----- c:\docume~1\ben\applic~1\Uniblue
2009-03-10 23:57 <DIR> --d----- C:\VundoFix Backups
2009-03-10 23:35 410,984 a------- c:\windows\system32\deploytk.dll
2009-03-10 23:35 73,728 a------- c:\windows\system32\javacpl.cpl
2009-03-10 13:17 <DIR> -cd----- c:\docume~1\alluse~1\applic~1\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-03-09 23:22 <DIR> --d----- c:\docume~1\ben\applic~1\Messenger
2009-03-09 23:22 <DIR> --d----- c:\windows\system32\Et
2009-03-09 23:22 <DIR> --d----- c:\windows\system32\cm5
2009-03-09 23:22 <DIR> --d----- c:\windows\system32\bh3
2009-03-09 23:22 <DIR> --d----- c:\windows\system32\aNI02
2009-03-09 23:22 <DIR> --d----- c:\temp\atmp8
2009-03-09 23:22 <DIR> --d----- C:\Temp
2009-03-08 02:11 1,870,336 a------- c:\windows\system32\bconvert.dll
2009-03-08 02:11 <DIR> --d----- c:\program files\Native Instruments
2009-03-08 02:02 107,368 a------- c:\windows\system32\GEARAspi.dll
2009-03-08 02:02 15,464 a------- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-03-08 02:02 <DIR> --d----- c:\program files\iPod
2009-03-08 02:02 <DIR> --d----- c:\program files\iTunes
2009-03-08 02:02 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-03-08 02:02 <DIR> --d----- c:\program files\Bonjour
2009-03-08 02:02 32,000 a------- c:\windows\system32\drivers\usbaapl.sys
2009-03-08 01:57 1,777,664 a------- c:\windows\system32\gdiplus.dll
2009-03-06 02:43 <DIR> --d----- c:\program files\VideoLAN
2009-03-05 13:54 48 a------- c:\windows\system32\w3data.vss
2009-03-05 13:54 48 a------- c:\windows\msocreg32.dat
2009-03-05 13:54 189 a------- c:\windows\system32\.MySCMServerInfo
2009-03-05 13:52 <DIR> --d----- c:\docume~1\alluse~1\applic~1\IK Multimedia
2009-03-05 13:52 <DIR> --d----- c:\program files\IK Multimedia
2009-03-05 13:49 <DIR> --d----- c:\program files\iZotope
2009-03-05 13:49 <DIR> --d----- c:\program files\common files\iZotope
2009-03-05 13:46 <DIR> --d----- c:\program files\Antares Audio Technologies
2009-03-05 13:46 <DIR> --d----- c:\docume~1\ben\applic~1\Antares
2009-03-05 13:13 8 a------- c:\windows\system32\mswin32.ocx
2009-03-05 13:12 <DIR> --d----- c:\docume~1\ben\applic~1\Waves Audio
2009-03-05 13:06 737,280 a------- c:\windows\iun6002.exe
2009-03-05 13:06 <DIR> --d----- c:\program files\Drumagog40
2009-03-05 13:05 <DIR> --d----- c:\program files\Massey
2009-03-05 13:00 <DIR> --d----- c:\program files\VSTPlugIns
2009-03-05 13:00 7,744 a------- c:\windows\system32\HookDll.dll
2009-03-05 13:00 <DIR> --d----- c:\program files\Waves
2009-03-05 12:59 <DIR> --d----- c:\program files\common files\Trillium Lane
2009-03-05 12:52 <DIR> --d----- c:\docume~1\ben\applic~1\Digidesign
2009-03-05 12:52 <DIR> --d----- c:\docume~1\ben\applic~1\Trillium Lane
2009-03-05 12:51 <DIR> --d----- C:\Digidesign Databases
2009-03-05 12:50 <DIR> --d----- c:\program files\common files\PACE Anti-Piracy
2009-03-05 12:50 <DIR> --d----- c:\docume~1\ben\applic~1\PACE Anti-Piracy
2009-03-05 12:50 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PACE Anti-Piracy
2009-03-05 12:48 <DIR> --d----- c:\program files\common files\Mediafour
2009-03-05 12:48 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Mediafour
2009-03-05 12:48 <DIR> --d----- c:\program files\Mediafour
2009-03-05 12:48 21,520 a------- c:\windows\system32\drivers\c8usb_vistacomp.sys
2009-03-05 12:48 <DIR> --d----- c:\docume~1\ben\applic~1\Structure
2009-03-05 12:46 <DIR> --d----- c:\program files\InterLok
2009-03-05 12:44 <DIR> --d----- c:\program files\Digidesign
2009-03-05 12:44 <DIR> --d----- c:\program files\common files\Digidesign
2009-03-05 12:43 <DIR> --d----- c:\program files\FXpansion
2009-03-05 12:25 333,952 -c------ c:\windows\system32\dllcache\srv.sys
2009-03-05 12:24 455,296 -c------ c:\windows\system32\dllcache\mrxsmb.sys
2009-03-05 12:24 1,106,944 -c------ c:\windows\system32\dllcache\msxml3.dll
2009-03-05 12:24 337,408 -c------ c:\windows\system32\dllcache\netapi32.dll
2009-03-05 12:24 2,189,184 -c------ c:\windows\system32\dllcache\ntoskrnl.exe
2009-03-05 12:24 2,145,280 -c------ c:\windows\system32\dllcache\ntkrnlmp.exe
2009-03-05 12:24 2,066,048 -c------ c:\windows\system32\dllcache\ntkrnlpa.exe
2009-03-05 12:24 2,023,936 -c------ c:\windows\system32\dllcache\ntkrpamp.exe
2009-03-05 12:24 1,846,400 -c------ c:\windows\system32\dllcache\win32k.sys
2009-03-05 12:24 331,776 -c------ c:\windows\system32\dllcache\msadce.dll
2009-03-05 12:23 691,712 -c------ c:\windows\system32\dllcache\inetcomm.dll
2009-03-05 12:23 272,128 -c------ c:\windows\system32\dllcache\bthport.sys
2009-03-05 12:23 203,136 -c------ c:\windows\system32\dllcache\rmcast.sys
2009-03-05 12:17 <DIR> --d----- c:\windows\system32\scripting
2009-03-05 12:17 <DIR> --d----- c:\windows\l2schemas
2009-03-05 12:17 <DIR> --d----- c:\windows\system32\en
2009-03-05 12:17 <DIR> --d----- c:\windows\system32\bits
2009-03-05 12:16 <DIR> --d----- c:\windows\ServicePackFiles
2009-03-05 12:15 <DIR> --d----- c:\windows\network diagnostic
2009-03-05 12:14 <DIR> --d----- c:\windows\EHome
2009-03-05 12:08 <DIR> --d----- c:\windows\system32\PreInstall
2009-03-05 12:08 26,488 a------- c:\windows\system32\spupdsvc.exe
2009-03-05 12:08 <DIR> --d-h--- c:\windows\$hf_mig$
2009-03-05 12:05 31,768 a------- c:\windows\system32\wucltui.dll.mui
2009-03-05 12:05 23,576 a------- c:\windows\system32\wuaucpl.cpl.mui
2009-03-05 12:05 18,456 a------- c:\windows\system32\wuaueng.dll.mui
2009-03-05 12:05 23,576 a------- c:\windows\system32\wuapi.dll.mui
2009-03-05 12:05 <DIR> --d----- c:\windows\system32\SoftwareDistribution
2009-03-05 12:04 <DIR> --dsh--- c:\documents and settings\ben\UserData
2009-03-05 12:04 13,646 a------- c:\windows\system32\wpa.bak
2009-03-05 12:00 557,056 a------- c:\windows\system32\drivers\echo24.sys
2009-03-05 12:00 <DIR> --d----- c:\program files\Echo Digital Audio
2009-03-05 11:59 24,576 a------- c:\windows\system32\AsIO.dll
2009-03-05 11:59 12,400 a------- c:\windows\system32\drivers\AsIO.sys
2009-03-05 11:59 11,832 a------- c:\windows\system32\drivers\AsInsHelp64.sys
2009-03-05 11:59 10,216 a------- c:\windows\system32\drivers\AsInsHelp32.sys
2009-03-05 11:59 <DIR> --d----- c:\program files\ASUS
2009-03-05 11:56 <DIR> --d----- c:\windows\system32\drivers\system32
2009-03-05 11:56 <DIR> --d----- c:\windows\system32\drivers\INF
2009-03-05 11:55 <DIR> --d----- C:\Intel
2009-03-05 11:49 0 a------- c:\windows\ativpsrm.bin
2009-03-05 11:48 593,920 -------- c:\windows\system32\ati2sgag.exe
2009-03-05 11:48 <DIR> --d----- C:\ATI
2009-03-05 11:46 <DIR> --d----- c:\windows\system32\ReinstallBackups
2009-03-05 11:45 <DIR> --d----- c:\program files\Marvell
2009-03-05 11:44 <DIR> --d----- c:\docume~1\ben\applic~1\TMP
2009-03-05 02:16 <DIR> --d----- c:\docume~1\ben\applic~1\Malwarebytes
2009-03-05 02:16 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-03-05 02:01 <DIR> --d----- c:\documents and settings\Ben
2009-03-05 02:00 <DIR> --ds---- c:\windows\system32\Microsoft
2009-03-05 02:00 8,192 a------- c:\windows\REGLOCS.OLD
2009-03-05 01:58 175,104 ac------ c:\windows\system32\dllcache\pintlcsa.dll
2009-03-05 01:57 <DIR> --dsh--- c:\documents and settings\all users\DRM
2009-03-05 01:57 <DIR> a-d-h--- c:\program files\WindowsUpdate
2009-03-05 01:56 <DIR> --d----- c:\program files\common files\MSSoap
2009-03-05 01:55 <DIR> --d----- c:\program files\Online Services
2009-03-05 01:55 <DIR> --d----- c:\program files\Messenger
2009-03-05 01:55 <DIR> --d----- c:\program files\MSN Gaming Zone
2009-03-05 01:54 <DIR> --d----- c:\program files\Windows NT
2009-03-04 20:49 <DIR> --d----- c:\program files\common files\ODBC
2009-03-04 20:49 <DIR> --d----- c:\program files\common files\SpeechEngines
2009-03-04 20:49 <DIR> --d--r-- c:\documents and settings\all users\Documents

==================== Find3M ====================

2009-03-05 12:46 54,256 a------- c:\windows\system32\drivers\iLokDrvr.sys
2009-03-05 12:18 76,487 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-03-05 01:56 21,640 a------- c:\windows\system32\emptyregdb.dat
2009-02-04 03:27 3,488,768 a------- c:\windows\system32\drivers\ati2mtag.sys
2009-02-04 01:57 11,702,272 a------- c:\windows\system32\atioglxx.dll
2009-02-04 01:03 290,816 a------- c:\windows\system32\atiok3x2.dll
2009-02-04 00:56 442,368 a------- c:\windows\system32\ATIDEMGX.dll
2009-02-04 00:55 324,096 a------- c:\windows\system32\ati2dvag.dll
2009-02-04 00:44 196,608 a------- c:\windows\system32\atipdlxx.dll
2009-02-04 00:44 155,648 a------- c:\windows\system32\Oemdspif.dll
2009-02-04 00:43 26,112 a------- c:\windows\system32\Ati2mdxx.exe
2009-02-04 00:43 43,520 a------- c:\windows\system32\ati2edxx.dll
2009-02-04 00:43 155,648 a------- c:\windows\system32\ati2evxx.dll
2009-02-04 00:41 602,112 a------- c:\windows\system32\ati2evxx.exe
2009-02-04 00:40 53,248 a------- c:\windows\system32\ATIDDC.DLL
2009-02-04 00:30 3,884,768 a------- c:\windows\system32\ati3duag.dll
2009-02-04 00:14 2,645,504 a------- c:\windows\system32\ativvaxx.dll
2009-02-04 00:13 3,107,788 a------- c:\windows\system32\ativva5x.dat
2009-02-04 00:13 887,724 a------- c:\windows\system32\ativva6x.dat
2009-02-03 23:58 49,664 a------- c:\windows\system32\amdpcom32.dll
2009-02-03 23:54 471,040 a------- c:\windows\system32\atikvmag.dll
2009-02-03 23:53 122,880 a------- c:\windows\system32\atiadlxx.dll
2009-02-03 23:52 17,408 a------- c:\windows\system32\atitvo32.dll
2009-02-03 23:52 53,248 a------- c:\windows\system32\drivers\ati2erec.dll
2009-02-03 23:46 626,688 a------- c:\windows\system32\ati2cqag.dll
2009-02-03 23:44 307,200 a------- c:\windows\system32\atiiiexx.dll
2009-02-03 22:43 45,056 a------- c:\windows\system32\aticalrt.dll
2009-02-03 22:42 45,056 a------- c:\windows\system32\aticalcl.dll
2009-02-03 22:40 3,244,032 a------- c:\windows\system32\aticaldd.dll
2008-12-20 19:15 826,368 a------- c:\windows\system32\wininet.dll
2006-06-23 18:48 32,768 a------- c:\windows\inf\UpdateUSB.exe

============= FINISH: 13:14:54.00 ===============

[Ried]

Hello BEN6732,

I see this thread has been marked as solved, yet there is no follow up post. Do you still require assistance?

[BEN6732]

Thanks for getting back to me. Since I posted I tried a few more things to rid my PC of the virus. It seems good, but I'm not entirely sure that it has been removed. I would like to post new reports to have them looked over. However, I am currently away at school and the computer. I will be back in just over a week and can post at that time.

Thanks again,
Ben

[Ried]

That's a good idea, Ben. I'll leave this thread open and remain subscribed.

[BEN6732]

Hello Reid! I'm back at home and have a new post for you. It seems to be acting ok, but I'd still like you to check it out. Thanks for your help!


DDS (Ver_09-02-01.01) - NTFSx86
Run by Ben at 12:33:58.70 on Thu 04/02/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3583.3132 [GMT -4:00]

AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe
C:\Program Files\ASUS\AI Suite\AiGear3\CpuPowerMonitor.exe
C:\Program Files\ASUS\AI Suite\EnergySaving\PwSave.exe
C:\Program Files\Mediafour\MacDrive 7\MacDriveD.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ASUS\AASP\1.00.59\aaCenter.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Digidesign\Drivers\MMERefresh.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Mediafour\MacDrive 7\MacDriveServiceD.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\iTunes\iTunes.exe
C:\Documents and Settings\Ben\Desktop\PT 8 Horizontal Scroll Fix 1.0.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\Ben\Desktop\dds.scr

============== Pseudo HJT Report ===============

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky anti-virus 2009\ievkbd.dll
BHO: MessengerUpdate Class: {5948a52a-ba3a-49a8-bcaf-d578502bda9d} - c:\documents and settings\ben\application data\messenger\drivers\MsgUpdate.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [Ai Nap] "c:\program files\asus\ai suite\ainap\AiNap.exe"
mRun: [CPU Power Monitor] "c:\program files\asus\ai suite\aigear3\CpuPowerMonitor.exe"
mRun: [Cpu Level Up help] c:\program files\asus\ai suite\CpuLevelUpHelp.exe
mRun: [ASUS Energy Saving] "c:\program files\asus\ai suite\energysaving\PwSave.exe"
mRun: [DigidesignMMERefresh] c:\program files\digidesign\drivers\MMERefresh.exe
mRun: [MacDrive application for Digidesign] "c:\program files\mediafour\macdrive 7\MacDriveD.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky anti-virus 2009\avp.exe"
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - {85E0B171-04FA-11D1-B7DA-00A0C90348D6} - c:\program files\kaspersky lab\kaspersky anti-virus 2009\SCIEPlgn.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1236269094971
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://dl8-cdn-01.sun.com/s/ESD7/JSCDL/jdk/6u12-b04/jinstall-6u12-windows-i586-jc.cab?e=1236742626077&h=c0bac4613236d50ddfb99c8eeb8ca626/&filename=jinstall-6u12-windows-i586-jc.cab
DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Notify: AtiExtEvent - Ati2evxx.dll
Notify: klogon - c:\windows\system32\klogon.dll
AppInit_DLLs: c:\progra~1\kasper~1\kasper~1\mzvkbd.dll,c:\progra~1\kasper~1\kasper~1\mzvkbd3.dll

============= SERVICES / DRIVERS ===============

R0 kl1;Kl1;c:\windows\system32\drivers\kl1.sys [2008-7-21 121872]
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-1-29 33808]
R0 MDFSYSNT;MacDrive file system driver;c:\windows\system32\drivers\MDFSYSNT.SYS [2008-7-22 288768]
R0 MDPMGRNT;MacDrive partition driver;c:\windows\system32\drivers\MDPMGRNT.SYS [2007-2-28 19072]
R0 mv61xx;mv61xx;c:\windows\system32\drivers\mv61xx.sys [2008-6-10 150568]
R1 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2009-3-13 226832]
R2 DigiNet;Digidesign Ethernet Support;c:\windows\system32\drivers\diginet.sys [2009-3-5 16400]
R2 MacDriveServiceD;MacDrive service for Digidesign;c:\program files\mediafour\macdrive 7\MacDriveServiceD.exe [2008-9-18 152064]
R3 command8;Command|8 Driver;c:\windows\system32\drivers\c8usb_vistacomp.sys [2009-3-5 21520]
R3 dalwdmservice;dal service;c:\windows\system32\drivers\Dalwdm.sys [2009-3-5 97808]
R3 echo24;Echo24 Service;c:\windows\system32\drivers\echo24.sys [2009-3-5 557056]
R3 iLokDrvr;iLok;c:\windows\system32\drivers\iLokDrvr.sys [2008-9-8 54256]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2008-4-30 24592]
S2 AVP;Kaspersky Anti-Virus;c:\program files\kaspersky lab\kaspersky anti-virus 2009\avp.exe [2008-11-11 206088]

=============== Created Last 30 ================

2009-03-31 14:26 204,288 a------- c:\windows\system32\M-AudioTaskBarIcon.exe
2009-03-31 14:26 424,456 a------- c:\windows\system32\ma_cmidn.dll
2009-03-31 14:26 82,944 a------- c:\windows\system32\USBMN1X1.DLL
2009-03-31 14:26 31,752 a------- c:\windows\system32\drivers\ma_cmidi.sys
2009-03-31 14:26 22,208 a------- c:\windows\system32\drivers\USBMN1X1.SYS
2009-03-31 14:26 20,168 a------- c:\windows\system32\drivers\usb11ldr.sys
2009-03-31 14:26 <DIR> --d----- c:\program files\M-Audio
2009-03-16 22:45 <DIR> --d----- c:\docume~1\ben\applic~1\foobar2000
2009-03-16 22:45 <DIR> --d----- c:\program files\foobar2000
2009-03-16 22:13 69 a------- c:\windows\NeroDigital.ini
2009-03-15 12:23 125,184 -------- c:\windows\system32\drivers\imagesrv.sys
2009-03-15 12:23 5,504 -------- c:\windows\system32\drivers\imagedrv.sys
2009-03-15 12:23 155,648 a------- c:\windows\system32\NeroCheck.exe
2009-03-15 12:23 106,496 a------- c:\windows\system32\TwnLib20.dll
2009-03-15 12:23 1,568,768 -------- c:\windows\system32\ImagX7.dll
2009-03-15 12:23 476,320 -------- c:\windows\system32\ImagXpr7.dll
2009-03-15 12:23 471,040 -------- c:\windows\system32\ImagXRA7.dll
2009-03-15 12:23 262,144 -------- c:\windows\system32\ImagXR7.dll
2009-03-13 11:07 101,287 a------- c:\windows\system32\drivers\klin.dat
2009-03-13 11:07 89,601 a------- c:\windows\system32\drivers\klick.dat
2009-03-13 11:07 27,188,256 a--sh--- c:\windows\system32\drivers\fidbox.dat
2009-03-13 11:07 217,680 a--sh--- c:\windows\system32\drivers\fidbox.idx
2009-03-13 11:07 180,256 a--sh--- c:\windows\system32\drivers\fidbox2.dat
2009-03-13 11:07 2,744 a--sh--- c:\windows\system32\drivers\fidbox2.idx
2009-03-13 11:07 <DIR> --d----- c:\program files\Kaspersky Lab
2009-03-13 11:07 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Kaspersky Lab
2009-03-13 11:02 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Kaspersky Lab Setup Files
2009-03-13 10:57 <DIR> --d----- c:\program files\gBurner
2009-03-11 13:13 <DIR> --d----- c:\program files\Avira
2009-03-11 13:13 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Avira
2009-03-11 13:04 1,181,022 a------- c:\windows\system32\TmpA45830671
2009-03-11 12:44 <DIR> --d----- c:\docume~1\ben\applic~1\Uniblue
2009-03-10 23:57 <DIR> --d----- C:\VundoFix Backups
2009-03-10 23:35 410,984 a------- c:\windows\system32\deploytk.dll
2009-03-10 23:35 73,728 a------- c:\windows\system32\javacpl.cpl
2009-03-10 13:17 <DIR> -cd----- c:\docume~1\alluse~1\applic~1\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-03-09 23:22 <DIR> --d----- c:\docume~1\ben\applic~1\Messenger
2009-03-09 23:22 <DIR> --d----- c:\windows\system32\Et
2009-03-09 23:22 <DIR> --d----- c:\windows\system32\cm5
2009-03-09 23:22 <DIR> --d----- c:\windows\system32\bh3
2009-03-09 23:22 <DIR> --d----- c:\windows\system32\aNI02
2009-03-09 23:22 <DIR> --d----- C:\Temp
2009-03-08 02:11 1,870,336 a------- c:\windows\system32\bconvert.dll
2009-03-08 02:11 <DIR> --d----- c:\program files\Native Instruments
2009-03-08 02:02 107,368 a------- c:\windows\system32\GEARAspi.dll
2009-03-08 02:02 15,464 a------- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-03-08 02:02 <DIR> --d----- c:\program files\iPod
2009-03-08 02:02 <DIR> --d----- c:\program files\iTunes
2009-03-08 02:02 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-03-08 02:02 <DIR> --d----- c:\program files\Bonjour
2009-03-08 02:02 32,000 a------- c:\windows\system32\drivers\usbaapl.sys
2009-03-08 01:57 1,777,664 a------- c:\windows\system32\gdiplus.dll
2009-03-06 02:43 <DIR> --d----- c:\program files\VideoLAN
2009-03-05 13:54 48 a------- c:\windows\system32\w3data.vss
2009-03-05 13:54 48 a------- c:\windows\msocreg32.dat
2009-03-05 13:54 189 a------- c:\windows\system32\.MySCMServerInfo
2009-03-05 13:52 <DIR> --d----- c:\docume~1\alluse~1\applic~1\IK Multimedia
2009-03-05 13:52 <DIR> --d----- c:\program files\IK Multimedia
2009-03-05 13:49 <DIR> --d----- c:\program files\iZotope
2009-03-05 13:49 <DIR> --d----- c:\program files\common files\iZotope
2009-03-05 13:46 <DIR> --d----- c:\program files\Antares Audio Technologies
2009-03-05 13:46 <DIR> --d----- c:\docume~1\ben\applic~1\Antares
2009-03-05 13:13 8 a------- c:\windows\system32\mswin32.ocx
2009-03-05 13:12 <DIR> --d----- c:\docume~1\ben\applic~1\Waves Audio
2009-03-05 13:06 737,280 a------- c:\windows\iun6002.exe
2009-03-05 13:06 <DIR> --d----- c:\program files\Drumagog40
2009-03-05 13:05 <DIR> --d----- c:\program files\Massey
2009-03-05 13:00 <DIR> --d----- c:\program files\VSTPlugIns
2009-03-05 13:00 7,744 a------- c:\windows\system32\HookDll.dll
2009-03-05 13:00 <DIR> --d----- c:\program files\Waves
2009-03-05 12:59 <DIR> --d----- c:\program files\common files\Trillium Lane
2009-03-05 12:52 <DIR> --d----- c:\docume~1\ben\applic~1\Digidesign
2009-03-05 12:52 <DIR> --d----- c:\docume~1\ben\applic~1\Trillium Lane
2009-03-05 12:51 <DIR> --d----- C:\Digidesign Databases
2009-03-05 12:50 <DIR> --d----- c:\program files\common files\PACE Anti-Piracy
2009-03-05 12:50 <DIR> --d----- c:\docume~1\ben\applic~1\PACE Anti-Piracy
2009-03-05 12:50 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PACE Anti-Piracy
2009-03-05 12:48 <DIR> --d----- c:\program files\common files\Mediafour
2009-03-05 12:48 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Mediafour
2009-03-05 12:48 <DIR> --d----- c:\program files\Mediafour
2009-03-05 12:48 21,520 a------- c:\windows\system32\drivers\c8usb_vistacomp.sys
2009-03-05 12:48 <DIR> --d----- c:\docume~1\ben\applic~1\Structure
2009-03-05 12:46 <DIR> --d----- c:\program files\InterLok
2009-03-05 12:44 <DIR> --d----- c:\program files\Digidesign
2009-03-05 12:44 <DIR> --d----- c:\program files\common files\Digidesign
2009-03-05 12:43 <DIR> --d----- c:\program files\FXpansion
2009-03-05 12:25 333,952 -c------ c:\windows\system32\dllcache\srv.sys
2009-03-05 12:24 455,296 -c------ c:\windows\system32\dllcache\mrxsmb.sys
2009-03-05 12:24 1,106,944 -c------ c:\windows\system32\dllcache\msxml3.dll
2009-03-05 12:24 337,408 -c------ c:\windows\system32\dllcache\netapi32.dll
2009-03-05 12:24 2,189,184 -c------ c:\windows\system32\dllcache\ntoskrnl.exe
2009-03-05 12:24 2,145,280 -c------ c:\windows\system32\dllcache\ntkrnlmp.exe
2009-03-05 12:24 2,066,048 -c------ c:\windows\system32\dllcache\ntkrnlpa.exe
2009-03-05 12:24 2,023,936 -c------ c:\windows\system32\dllcache\ntkrpamp.exe
2009-03-05 12:24 1,846,784 -c------ c:\windows\system32\dllcache\win32k.sys
2009-03-05 12:24 331,776 -c------ c:\windows\system32\dllcache\msadce.dll
2009-03-05 12:23 691,712 -c------ c:\windows\system32\dllcache\inetcomm.dll
2009-03-05 12:23 272,128 -c------ c:\windows\system32\dllcache\bthport.sys
2009-03-05 12:23 203,136 -c------ c:\windows\system32\dllcache\rmcast.sys
2009-03-05 12:17 <DIR> --d----- c:\windows\system32\scripting
2009-03-05 12:17 <DIR> --d----- c:\windows\l2schemas
2009-03-05 12:17 <DIR> --d----- c:\windows\system32\en
2009-03-05 12:17 <DIR> --d----- c:\windows\system32\bits
2009-03-05 12:16 <DIR> --d----- c:\windows\ServicePackFiles
2009-03-05 12:15 <DIR> --d----- c:\windows\network diagnostic
2009-03-05 12:14 <DIR> --d----- c:\windows\EHome
2009-03-05 12:08 <DIR> --d----- c:\windows\system32\PreInstall
2009-03-05 12:08 26,488 a------- c:\windows\system32\spupdsvc.exe
2009-03-05 12:08 <DIR> --d-h--- c:\windows\$hf_mig$
2009-03-05 12:05 31,768 a------- c:\windows\system32\wucltui.dll.mui
2009-03-05 12:05 23,576 a------- c:\windows\system32\wuaucpl.cpl.mui
2009-03-05 12:05 18,456 a------- c:\windows\system32\wuaueng.dll.mui
2009-03-05 12:05 23,576 a------- c:\windows\system32\wuapi.dll.mui
2009-03-05 12:05 <DIR> --d----- c:\windows\system32\SoftwareDistribution
2009-03-05 12:04 <DIR> --dsh--- c:\documents and settings\ben\UserData
2009-03-05 12:04 13,646 a------- c:\windows\system32\wpa.bak
2009-03-05 12:00 557,056 a------- c:\windows\system32\drivers\echo24.sys
2009-03-05 12:00 <DIR> --d----- c:\program files\Echo Digital Audio
2009-03-05 11:59 24,576 a------- c:\windows\system32\AsIO.dll
2009-03-05 11:59 12,400 a------- c:\windows\system32\drivers\AsIO.sys
2009-03-05 11:59 11,832 a------- c:\windows\system32\drivers\AsInsHelp64.sys
2009-03-05 11:59 10,216 a------- c:\windows\system32\drivers\AsInsHelp32.sys
2009-03-05 11:59 <DIR> --d----- c:\program files\ASUS
2009-03-05 11:56 <DIR> --d----- c:\windows\system32\drivers\system32
2009-03-05 11:56 <DIR> --d----- c:\windows\system32\drivers\INF
2009-03-05 11:55 <DIR> --d----- C:\Intel
2009-03-05 11:49 0 a------- c:\windows\ativpsrm.bin
2009-03-05 11:48 593,920 -------- c:\windows\system32\ati2sgag.exe
2009-03-05 11:48 <DIR> --d----- C:\ATI
2009-03-05 11:46 <DIR> --d----- c:\windows\system32\ReinstallBackups
2009-03-05 11:45 <DIR> --d----- c:\program files\Marvell
2009-03-05 11:44 <DIR> --d----- c:\docume~1\ben\applic~1\TMP
2009-03-05 02:16 <DIR> --d----- c:\docume~1\ben\applic~1\Malwarebytes
2009-03-05 02:16 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-03-05 02:01 <DIR> --d----- c:\documents and settings\Ben
2009-03-05 02:00 <DIR> --ds---- c:\windows\system32\Microsoft
2009-03-05 02:00 8,192 a------- c:\windows\REGLOCS.OLD
2009-03-05 01:58 175,104 ac------ c:\windows\system32\dllcache\pintlcsa.dll
2009-03-05 01:57 <DIR> --dsh--- c:\documents and settings\all users\DRM
2009-03-05 01:57 <DIR> a-d-h--- c:\program files\WindowsUpdate
2009-03-05 01:56 <DIR> --d----- c:\program files\common files\MSSoap
2009-03-05 01:55 <DIR> --d----- c:\program files\Online Services
2009-03-05 01:55 <DIR> --d----- c:\program files\Messenger
2009-03-05 01:55 <DIR> --d----- c:\program files\MSN Gaming Zone
2009-03-05 01:54 <DIR> --d----- c:\program files\Windows NT
2009-03-04 20:49 <DIR> --d----- c:\program files\common files\ODBC
2009-03-04 20:49 <DIR> --d----- c:\program files\common files\SpeechEngines
2009-03-04 20:49 <DIR> --d--r-- c:\documents and settings\all users\Documents

==================== Find3M ====================

2009-03-13 11:16 33,808 a------- c:\windows\system32\drivers\klbg.sys
2009-03-05 12:46 54,256 a------- c:\windows\system32\drivers\iLokDrvr.sys
2009-03-05 12:18 76,487 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-03-05 01:56 21,640 a------- c:\windows\system32\emptyregdb.dat
2009-02-09 07:13 1,846,784 a------- c:\windows\system32\win32k.sys
2009-02-04 03:27 3,488,768 a------- c:\windows\system32\drivers\ati2mtag.sys
2009-02-04 01:57 11,702,272 a------- c:\windows\system32\atioglxx.dll
2009-02-04 01:03 290,816 a------- c:\windows\system32\atiok3x2.dll
2009-02-04 00:56 442,368 a------- c:\windows\system32\ATIDEMGX.dll
2009-02-04 00:55 324,096 a------- c:\windows\system32\ati2dvag.dll
2009-02-04 00:44 196,608 a------- c:\windows\system32\atipdlxx.dll
2009-02-04 00:44 155,648 a------- c:\windows\system32\Oemdspif.dll
2009-02-04 00:43 26,112 a------- c:\windows\system32\Ati2mdxx.exe
2009-02-04 00:43 43,520 a------- c:\windows\system32\ati2edxx.dll
2009-02-04 00:43 155,648 a------- c:\windows\system32\ati2evxx.dll
2009-02-04 00:41 602,112 a------- c:\windows\system32\ati2evxx.exe
2009-02-04 00:40 53,248 a------- c:\windows\system32\ATIDDC.DLL
2009-02-04 00:30 3,884,768 a------- c:\windows\system32\ati3duag.dll
2009-02-04 00:14 2,645,504 a------- c:\windows\system32\ativvaxx.dll
2009-02-04 00:13 3,107,788 a------- c:\windows\system32\ativva5x.dat
2009-02-04 00:13 887,724 a------- c:\windows\system32\ativva6x.dat
2009-02-03 23:58 49,664 a------- c:\windows\system32\amdpcom32.dll
2009-02-03 23:54 471,040 a------- c:\windows\system32\atikvmag.dll
2009-02-03 23:53 122,880 a------- c:\windows\system32\atiadlxx.dll
2009-02-03 23:52 17,408 a------- c:\windows\system32\atitvo32.dll
2009-02-03 23:52 53,248 a------- c:\windows\system32\drivers\ati2erec.dll
2009-02-03 23:46 626,688 a------- c:\windows\system32\ati2cqag.dll
2009-02-03 23:44 307,200 a------- c:\windows\system32\atiiiexx.dll
2009-02-03 22:43 45,056 a------- c:\windows\system32\aticalrt.dll
2009-02-03 22:42 45,056 a------- c:\windows\system32\aticalcl.dll
2009-02-03 22:40 3,244,032 a------- c:\windows\system32\aticaldd.dll
2006-06-23 18:48 32,768 a------- c:\windows\inf\UpdateUSB.exe

============= FINISH: 12:34:23.45 ===============

[Ried]

Welcome back BEN6732.

Delete these folders:

c:\windows\system32\aNI02
c:\windows\system32\bh3
c:\windows\system32\cm5
c:\windows\system32\Et

If they give you any trouble, delete the files within them first, but I have a feeling the vundo files they would contain, are already gone.

===============================

Let's just get an online scan to search for any remnants. It can take some time, so please be patient and allow it to run it's full course:

**Vista users - right click on the IE icon and run as administrator

Using Internet Explorer or Firefox, visit http://www.kaspersky.com/kos/eng/par...avwebscan.html

1. Click Accept, when prompted to download and install the program files and database of malware definitions.


2. To optimize scanning time and produce a more sensible report for review:

• Close any open programs
  
• Turn off the real time scanner of any existing antivirus program while performing the online scan

3. Click Run at the Security prompt. The program will then begin downloading and installing and will also update the database. Please be patient as this can take several minutes.

• Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
• Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
• Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
• Click View scan report at the bottom.
  
  
  
  
• Click the Save as Text button to save the file to your desktop so that you may post it in your next reply

[BEN6732]

Hello Ried! I finally have the Kaspersky Online Scan results for you. I first deleted the folders as instructed. The last folder did contain an .exe, but I was able to delete it without a problem. Here all the results of the scan:
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Monday, April 6, 2009
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Monday, April 06, 2009 07:00:22
Records in database: 2016946
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\

Scan statistics:
Files scanned: 1202779
Threat name: 2
Infected objects: 4
Suspicious objects: 0
Duration of the scan: 08:37:05


File name / Threat name / Threats count
C:\Documents and Settings\Ben\Application Data\Messenger\Drivers\Aud32\msgasst.dll Infected: not-a-virus:AdWare.Win32.Agent.lzc 1
C:\Documents and Settings\Ben\Application Data\Messenger\Drivers\MsgUpdate.dll Infected: not-a-virus:AdWare.Win32.Agent.lzq 1
C:\Documents and Settings\Ben\Application Data\Messenger\Sys\mu.dll Infected: not-a-virus:AdWare.Win32.Agent.lzq 1
C:\Program Files\HijackThis\backups\backup-20090311-001115-305.dll Infected: not-a-virus:AdWare.Win32.Agent.lzq 1

The selected area was scanned.

[Ried]

Hello BEN6732,

Using 'My Computer', navigate to and delete the following Folder and File :

C:\Documents and Settings\Ben\Application Data\Messenger
C:\Program Files\HijackThis\backups\backup-20090311-001115-305.dll

==============================

Your logs are clean. If there aren't any more problems, please continue with these final instructions and helpful links:

The following procedure will implement some cleanup procedures. It will also reset your System Restore by flushing out previous restore points (which contain the infections) and create a new restore point.


Click Start > Run and copy/paste, or type the following bolded text into the Run box and click OK:

ComboFix /u

--------------------------------------------------------------------

To help protect your computer in the future I recommend that you get the following free programs if you do not already have them:

McAfee Site Advisor--free version. The folks there check out websites and based on their findings, rate it as Safe, Unknown, Caution, or Bad.

SpywareBlaster 4.0 to help prevent spyware from installing in the first place. Install & update SpywareBlaster with the latest definitions. After you have updated, click the button - enable protection for all unprotected items.

• It will block any bad ActiveX from running in Internet Explorer and Firefox if it's listed in their database (which you should update frequently). To view their database and list of restricted sites, launch the program and click on each of the tabs on the main display page.

Update, and scan with your onboard Anti Malware and Anti Virus programs regularly. Without regular updates you will not be protected when new malicious programs are released.


Scan here http://secunia.com/software_inspector/ for out of date & vulnerable common applications on your computer


In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at these well written articles:

PC Safety and Security--What Do I Need?
Think Prevention


**Be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use, but often have malware in them.

-----------------------------------------------------

Follow the list above and the potential for infection will reduce dramatically.

**Kindly respond one more time and let me know if we may consider this thread resolved.

[BEN6732]

Thank you so much for your help! You may consider this thread resolved. Case closed! I did pick up a copy of McAfee AntiVirus in the mean time. Would you recommend using this over Spyware Blaster?

[Ried]

You're welcome, Ben.

Yes, use McAfee Anti Virus, but use it in conjunction with Spyware Blaster. One is an anti virus, the other is an anti malware program.