Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:49:25 AM, on 7/5/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Systweak\Advanced Vista Optimizer 2009\AVODefragService32.exe
C:\Program Files\Browser Defender\BDTUpdateService.exe
C:\Program Files\Prevx\prevx.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Windows\system32\lxbxcoms.exe
C:\Program Files\MozyHome\mozybackup.exe
C:\Program Files\PCPitstop\PCPitstopScheduleService.exe
C:\Windows\system32\svchost.exe
C:\Program Files\PC Tools Internet Security\pctsAuxs.exe
C:\Program Files\PC Tools Internet Security\pctsSvc.exe
C:\Program Files\MozyHome\mozybackup.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe
C:\PROGRA~1\Avanquest\SystemSuite\MXTask.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Prevx\prevx.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\MozyHome\mozybackup.exe
C:\Program Files\Ad Muncher\AdMunch.exe
C:\Windows\System32\rundll32.exe
C:\PROGRA~1\Avanquest\SystemSuite\mxtask2.exe
C:\Program Files\Lexmark 7100 Series\lxbxmon.exe
C:\Program Files\Lexmark 7100 Series\ezprint.exe
C:\Program Files\PC Tools Internet Security\pctsTray.exe
C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
C:\Program Files\TweakNow PowerPack 2009\Module32\RAM2_XP.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Eraser\Eraser.exe
C:\Program Files\Xmarks\IE Extension\xmarkssync.exe
C:\Program Files\EULAlyzer\eulawatch.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Zinio\ZinioReader.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\MozyHome\mozystat.exe
C:\Program Files\TechSmith\Snagit 9\Snagit32.exe
C:\Program Files\EULAlyzer\eulawatch.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Program Files\PC Tools Internet Security\TFEngine\TFService.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\ehome\ehsched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\TechSmith\Snagit 9\TSCHelp.exe
C:\Program Files\TechSmith\Snagit 9\SnagPriv.exe
C:\Program Files\TechSmith\Snagit 9\snagiteditor.exe
C:\Program Files\AntiLogger\AntiLogger.exe
C:\Program Files\Windows Live\Mail\wlmail.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
D:\Downloads\RunScanner\runscanner\RunScanner.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\Snagit 9\SnagitBHO.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Browser Defender\PCTBrowserDefender.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\Avanquest\SystemSuite\LinkScannerIE.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Data Vault - {8373ADC0-6330-11DD-9D77-22C856D89593} - C:\Program Files\Avanquest\SystemSuite\IE_ContextMenu_Vault.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FoxmarksDLLBHO - {A2A71ABA-3939-43B2-BD8F-8C1767EF9020} - C:\Program Files\Xmarks\IE Extension\foxmarksdll.dll
O2 - BHO: WOT Helper - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll
O2 - BHO: NitroPDFBHO Class - {CF070CB8-F02F-4af4-A7B7-8D45CAD4BB54} - C:\Program Files\Nitro PDF\PDF Download\NitroPDF.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\Snagit 9\SnagitIEAddin.dll
O3 - Toolbar: Browser Defender Toolbar - {23B0D39A-E245-41B7-BF86-1238CF62625E} - C:\Program Files\Browser Defender\PCTBrowserDefender.dll
O3 - Toolbar: WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll
O4 - HKLM\..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Ad Muncher] "C:\Program Files\Ad Muncher\AdMunch.exe" /bt
O4 - HKLM\..\Run: [LXBXCATS] rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\LXBXtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [lxbxmon.exe] "C:\Program Files\Lexmark 7100 Series\lxbxmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 7100 Series\ezprint.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\PC Tools Internet Security\pctsTray.exe"
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [AntiLogger] "C:\Program Files\AntiLogger\AntiLogger.exe" /minimized
O4 - HKLM\..\Run: [RAM Idle Professional] C:\Program Files\TweakNow PowerPack 2009\Module32\RAM2_XP.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Eraser] C:\Program Files\Eraser\Eraser.exe -hide
O4 - HKCU\..\Run: [Xmarks] C:\Program Files\Xmarks\IE Extension\xmarkssync.exe -q
O4 - HKCU\..\Run: [EULA-Watch] "C:\Program Files\EULAlyzer\eulawatch.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Zinio DLM] C:\Program Files\Zinio\ZinioReader.exe /autostart
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: MozyHome Status.lnk = C:\Program Files\MozyHome\mozystat.exe
O4 - Global Startup: Snagit 9.lnk = C:\Program Files\TechSmith\Snagit 9\Snagit32.exe
O8 - Extra context menu item: Block frame with Ad Muncher - http://www.admuncher.com/request_will_be_i...d=menu_ie_frame
O8 - Extra context menu item: Block image with Ad Muncher - http://www.admuncher.com/request_will_be_i...d=menu_ie_image
O8 - Extra context menu item: Block link with Ad Muncher - http://www.admuncher.com/request_will_be_i...id=menu_ie_link
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Don't filter page with Ad Muncher - http://www.admuncher.com/request_will_be_i...menu_ie_exclude
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Report page to the Ad Muncher developers - http://www.admuncher.com/request_will_be_i...=menu_ie_report
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Save Page As PDF ... - file://C:\Program Files\Nitro PDF\PDF Download\nitroweb.htm
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {638F11AA-DF27-433b-BA2E-7281CE561D71} - C:\Program Files\Xmarks\IE Extension\foxmarksdll.dll (HKCU)
O9 - Extra 'Tools' menuitem: Xmarks for IE... - {638F11AA-DF27-433b-BA2E-7281CE561D71} - C:\Program Files\Xmarks\IE Extension\foxmarksdll.dll (HKCU)
O9 - Extra button: PDF Download - {F1C0FD6C-A6A0-49a7-A932-71A56461867F} - C:\Program Files\Nitro PDF\PDF Download\NitroPDF.dll (HKCU)
O13 - Gopher Prefix:
O16 - DPF: {A0CC33E0-9DF0-4361-A94D-E55C4008788F} (BiosAgentPlus ActiveX Control) - http://biosagentplus.com/files/biosagentplus.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{472C0B71-42BA-475D-9E64-F87E36A011F8}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS1\Services\Tcpip\..\{472C0B71-42BA-475D-9E64-F87E36A011F8}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS2\Services\Tcpip\..\{472C0B71-42BA-475D-9E64-F87E36A011F8}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS3\Services\Tcpip\..\{472C0B71-42BA-475D-9E64-F87E36A011F8}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS4\Services\Tcpip\..\{472C0B71-42BA-475D-9E64-F87E36A011F8}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS5\Services\Tcpip\..\{472C0B71-42BA-475D-9E64-F87E36A011F8}: NameServer = 208.67.222.222,208.67.220.220
O18 - Protocol: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Windows\
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: AVO2009 Defrag - Systweak Inc. - C:\Program Files\Systweak\Advanced Vista Optimizer 2009\AVODefragService32.exe
O23 - Service: Browser Defender Update Service - Threat Expert Ltd. - C:\Program Files\Browser Defender\BDTUpdateService.exe
O23 - Service: CSIScanner - Prevx - C:\Program Files\Prevx\prevx.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: lxbx_device - - C:\Windows\system32\lxbxcoms.exe
O23 - Service: MozyHome Backup Service (mozybackup) - Mozy, Inc. - C:\Program Files\MozyHome\mozybackup.exe
O23 - Service: PCPitstop Scheduling - PC Pitstop LLC - C:\Program Files\PCPitstop\PCPitstopScheduleService.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\PC Tools Internet Security\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\PC Tools Internet Security\pctsSvc.exe
O23 - Service: SystemSuite Task Manager - Avanquest North America, Inc. - C:\PROGRA~1\Avanquest\SystemSuite\MXTask.exe
O23 - Service: ThreatFire - PC Tools - C:\Program Files\PC Tools Internet Security\TFEngine\TFService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 15444 bytes

Do you mind telling us what issues you're having?

Just want to make sur I'm safe. Also, Diskeeper Professional 2009 isn't running it's Boot-Time Defragmentatiion of pagefile, etc.. , even though it's setup to. Something about DKboot missing in registry.

The issues with your computer that you list, doesn't appear to be related to Malware/Spyware/Virus but we can have a look.

Stay with this topic until I give you the all clean post.

You might want to print these instructions out.

1. These tools MUST be run from the executable. (.exe)
2. With Admin Rights (Right click, choose "Run as Administrator")

Please do not delete anything unless instructed to.


Please download ATF Cleaner by Atribune.
Download - ATF Cleaner»
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All

Click the Empty Selected button.

(If you use FireFox or the Opera browser
To keep saved passwords, click No at the prompt.)

It's normal after running ATF cleaner that the PC will be slower to boot the first time or two.

Next:

Please download Malwarebytes' Anti-Malware to your desktop.

• Double-click mbam-setup.exe and follow the prompts to install the program.
• At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select Perform quick scan, then click Scan.
  
• When the scan is complete, click OK, then Show Results to view the results.
• Be sure that everything is checked, and click Remove Selected .
• When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
• Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.

Also "copy/paste" a new HijackThis log file into this thread.

Also please describe how your computer behaves at the moment.


Please don't attach the scans / logs, use "copy/paste". .

Here are the MalwareBytes & HijackThis! log files. Now, if if I type on the number keys on the right side of keyboard nothing appears on screen. This happens even thMalwarebytes' Anti-Malware 1.38
Database version: 2402
Windows 6.0.6002 Service Pack 2

7/9/2009 11:52:35 PM
mbam-log-2009-07-09 (23-52-35).txt

Scan type: Quick Scan
Objects scanned: 77685
Time elapsed: 4 minute(s), 38 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:ough the NumLock key light is on,.

Malwarebytes' Anti-Malware 1.38
Database version: 2402
Windows 6.0.6002 Service Pack 2

7/9/2009 11:52:35 PM
mbam-log-2009-07-09 (23-52-35).txt

Scan type: Quick Scan
Objects scanned: 77685
Time elapsed: 4 minute(s), 38 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:

Malwarebytes' Anti-Malware 1.38
Database version: 2402
Windows 6.0.6002 Service Pack 2

7/9/2009 11:52:35 PM
mbam-log-2009-07-09 (23-52-35).txt

Scan type: Quick Scan
Objects scanned: 77685
Time elapsed: 4 minute(s), 38 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:

Heres the HijackThis! log. I forgot to upload it.

Download ComboFix

* IMPORTANT !!! Save ComboFix.exe to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : Protective Programs
  
  
• Double click on ComboFix.exe & follow the prompts.
  
  Note: Combofix will run without the Recovery Console installed.
  
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.





Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:




Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
"copy/paste" a new HijackThis log file into this thread as well.

Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Give it atleast 20-30 minutes to finish if needed.

Please don't attach the scans / logs, use "copy/paste".

Also please describe how your computer behaves at the moment.

ComboFix 09-07-09.08 - Keith 07/10/2009 20:23.1.1 - NTFSx86 NETWORK
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.1.1033.18.1534.1074 [GMT -4:00]
Running from: d:\downloads\ComboFix\ComboFix.exe
AV: Prevx 3.0 *On-access scanning enabled* (Updated) {D486329C-1488-4CEB-9CC8-D662B732D901}
SP: Prevx 3.0 *enabled* (Updated) {D486329C-1488-4CEB-9CC8-D662B732D902}
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\progra~2\Microsoft\Network\Downloader\qmgr0.dat
c:\progra~2\Microsoft\Network\Downloader\qmgr1.dat
c:\windows\Installer\1ac43cc.msi
c:\windows\system32\ATIODCLI.exe
c:\windows\system32\ATIODE.exe
D:\install.exe

----- BITS: Possible infected sites -----

hxxp://stats.windowsadvisor.pchealth.live.net
hxxp://downloads.diskeeper.com
.
((((((((((((((((((((((((( Files Created from 2009-06-11 to 2009-07-11 )))))))))))))))))))))))))))))))
.

2009-07-10 08:07 . 2009-07-10 21:22 -------- d-----w- c:\program files\WinUtilities
2009-07-09 18:45 . 2004-08-11 01:35 4142592 ----a-w- c:\windows\system32\qtintf.dll
2009-07-09 18:44 . 2009-07-09 18:44 -------- d-----w- c:\program files\APC
2009-07-09 15:11 . 2009-07-09 15:16 -------- d-----w- c:\progra~2\OpenDNS Updater
2009-07-09 15:11 . 2009-07-09 15:11 -------- d-----w- c:\program files\OpenDNS Updater
2009-07-09 11:13 . 2009-07-09 11:13 -------- d-sh--w- C:\Diskeeper
2009-07-09 10:51 . 2009-07-09 10:51 -------- d-----w- c:\program files\Common Files\Diskeeper Corporation
2009-07-09 10:51 . 2009-07-09 10:51 -------- d-----w- c:\progra~2\Diskeeper Corporation
2009-07-09 10:51 . 2009-07-09 10:51 -------- d-----w- c:\program files\Diskeeper Corporation
2009-07-09 09:30 . 2009-02-12 09:35 38208 ----a-w- c:\users\Keith\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-07-09 09:30 . 2009-07-09 09:30 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-07-09 09:27 . 2009-07-09 11:05 -------- d-----w- c:\progra~2\NOS
2009-07-09 09:27 . 2009-07-09 11:05 -------- d-----w- c:\program files\NOS
2009-07-09 09:20 . 2009-07-09 09:20 -------- d-----w- c:\users\Keith\AppData\Local\Microsoft_Research
2009-07-09 02:43 . 2009-07-09 02:43 -------- d-----w- c:\program files\Recover Files
2009-07-09 02:42 . 2009-07-09 02:52 -------- d-----w- c:\progra~2\SystemExplorer
2009-07-09 02:42 . 2009-07-09 02:42 -------- d-----w- c:\program files\System Explorer
2009-07-08 04:45 . 2009-07-08 04:45 -------- d-----w- c:\users\Keith\AppData\Local\Microsoft Corporation
2009-07-08 04:44 . 2009-07-08 04:44 -------- d-----w- c:\program files\Microsoft Windows 7 Upgrade Advisor
2009-07-07 21:12 . 2009-07-08 00:56 -------- d-----w- c:\program files\Solway's Internet TV and Radio
2009-07-07 21:12 . 2009-07-07 21:12 -------- d-----w- c:\users\Keith\AppData\Roaming\SolwaySoftware
2009-07-05 15:19 . 2009-07-05 15:19 -------- d-----w- c:\users\Keith\AppData\Local\Runscanner.net
2009-07-05 10:37 . 2009-05-01 20:17 77824 ----a-w- c:\users\Keith\AppData\Roaming\Mozilla\Firefox\Profiles\qu7sbl4y.default\extensions\lazarus@interclue.com\platform\WINNT_x86-msvc\components\WeaveCrypto.dll
2009-07-04 02:53 . 2008-01-25 23:48 38400 ----a-w- c:\windows\system32\NvRCoEsm.dll
2009-07-04 02:53 . 2008-01-25 23:48 38400 ----a-w- c:\windows\system32\NvRCoEs.dll
2009-07-04 02:53 . 2008-01-25 23:48 37888 ----a-w- c:\windows\system32\NvRCoFi.dll
2009-07-04 02:53 . 2008-01-25 23:48 37376 ----a-w- c:\windows\system32\NvRCoENU.dll
2009-07-04 02:53 . 2008-01-25 23:48 38400 ----a-w- c:\windows\system32\NvRCoEl.dll
2009-07-04 02:53 . 2008-01-25 23:48 37376 ----a-w- c:\windows\system32\NvRCoEng.dll
2009-07-04 02:53 . 2008-01-25 23:48 360448 ----a-w- c:\windows\system32\nvraiins.dll
2009-07-04 02:53 . 2008-01-25 23:48 360448 ----a-w- c:\windows\system32\nvraidco.dll
2009-07-04 02:53 . 2008-01-25 23:48 37888 ----a-w- c:\windows\system32\NvRCoDe.dll
2009-07-04 02:53 . 2008-01-25 23:48 37888 ----a-w- c:\windows\system32\NvRCoDa.dll
2009-07-04 02:53 . 2008-01-25 23:48 37376 ----a-w- c:\windows\system32\NvRCoCs.dll
2009-07-04 02:53 . 2008-01-25 23:48 37376 ----a-w- c:\windows\system32\NvRCoAr.dll
2009-07-04 02:06 . 2009-07-04 02:06 23600 ----a-w- c:\windows\system32\drivers\TVICHW32.SYS
2009-07-03 19:08 . 2009-07-03 19:08 6143072 ----a-w- c:\users\Keith\AppData\Roaming\Systweak\AdvancedVistaOptimizer2009\avosetup.exe
2009-07-03 19:07 . 2009-07-03 19:07 373816 ----a-w- c:\users\Keith\AppData\Roaming\Systweak\AdvancedVistaOptimizer2009\productSetup_Setup_7_3_2009.exe
2009-07-03 17:53 . 2009-07-03 18:19 164880 ---ha-w- c:\users\Keith\AppData\Roaming\Microsoft\Virtual PC\VPCKeyboard.dll
2009-07-03 17:50 . 2009-07-03 17:50 -------- d-----w- c:\program files\Microsoft Virtual PC
2009-07-03 17:31 . 2009-07-03 17:32 -------- d-----w- c:\program files\SpeedFan
2009-07-03 10:23 . 2009-07-03 10:23 -------- d-----w- c:\program files\Systweak
2009-07-03 09:25 . 2009-07-03 10:23 -------- d-----w- c:\users\Keith\AppData\Roaming\Systweak
2009-07-03 03:44 . 2009-07-03 03:44 -------- d-----w- c:\users\Keith\AppData\Roaming\OpenWith.org Cache
2009-07-03 02:37 . 2009-07-03 02:37 -------- dc----w- c:\windows\system32\DRVSTORE
2009-07-03 02:37 . 2009-06-24 19:03 54776 ----a-w- c:\windows\system32\drivers\mozy.sys
2009-07-03 02:37 . 2009-07-03 02:37 -------- d-----w- c:\program files\MozyHome
2009-07-02 21:31 . 2009-07-02 21:59 -------- d-----w- c:\program files\TweakNow PowerPack 2009
2009-07-02 21:31 . 2009-07-02 21:31 -------- d-----w- c:\users\Keith\AppData\Roaming\TweakNow PowerPack 2009
2009-07-02 18:59 . 2009-07-02 18:59 -------- d-----w- c:\users\Keith\AppData\Roaming\FileZilla
2009-07-02 18:58 . 2009-07-02 18:58 -------- d-----w- c:\program files\FileZilla FTP Client
2009-06-29 20:01 . 2009-06-29 20:01 -------- dc-h--w- c:\progra~2\{1C635098-F46B-4E7D-B4EE-924D770EFA11}
2009-06-29 01:52 . 2009-06-29 01:56 -------- d-----w- c:\users\Keith\AppData\Local\Deployment
2009-06-29 01:52 . 2009-06-29 01:52 -------- d-----w- c:\users\Keith\AppData\Local\Apps
2009-06-26 18:52 . 2009-07-02 06:46 -------- d-----w- c:\program files\Yahoo!
2009-06-25 05:13 . 2009-07-03 18:47 680 ----a-w- c:\users\Keith\AppData\Local\d3d9caps.dat
2009-06-24 22:11 . 2009-06-24 22:11 -------- d-----w- c:\program files\Secunia
2009-06-24 07:38 . 2009-06-24 07:41 -------- d-----w- c:\program files\Windows Live Safety Center
2009-06-24 07:26 . 2009-06-24 07:26 -------- d-----w- c:\users\Keith\Tracing
2009-06-24 04:10 . 2009-06-24 04:14 -------- d-----w- c:\windows\$regcmp$
2009-06-23 06:33 . 2009-06-23 06:33 -------- d-----w- c:\users\Keith\.bh_gui
2009-06-23 05:53 . 2009-06-23 05:53 -------- d-----w- c:\program files\Safer Networking
2009-06-23 05:17 . 2009-06-23 08:22 -------- d-----w- c:\users\Keith\AppData\Roaming\SRI
2009-06-22 05:43 . 2002-01-05 19:37 344064 ----a-w- c:\windows\system32\msvcr70.dll
2009-06-22 05:43 . 2009-06-22 05:43 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2009-06-22 05:43 . 2009-06-22 05:43 -------- d-----w- c:\program files\DVDVideoSoft
2009-06-22 02:29 . 2009-06-22 02:29 -------- d-----w- c:\program files\DiskCheckup
2009-06-22 02:28 . 2009-06-22 02:28 -------- d-----w- c:\program files\Western Digital
2009-06-21 23:45 . 2009-06-21 23:46 -------- d-----w- c:\users\Keith\AppData\Local\ApplicationHistory
2009-06-21 23:32 . 2009-06-21 23:32 -------- d-----w- c:\windows\system32\URTTEMP
2009-06-21 23:28 . 2009-06-21 23:28 -------- d-----w- c:\program files\Microsoft Research
2009-06-21 22:25 . 2009-06-21 22:59 -------- d-----w- c:\users\Keith\AppData\Roaming\IObit
2009-06-21 22:25 . 2009-06-21 22:25 -------- d-----w- c:\program files\IObit
2009-06-21 22:16 . 2009-06-21 22:16 -------- d-----w- c:\program files\uTorrent
2009-06-21 22:15 . 2009-07-03 19:02 -------- d-----w- c:\users\Keith\AppData\Roaming\uTorrent
2009-06-21 22:13 . 2009-06-21 22:13 -------- d-----w- c:\program files\HandBrake
2009-06-21 22:09 . 2009-06-21 22:09 -------- d-----w- c:\users\Keith\AppData\Roaming\aignes
2009-06-21 22:04 . 2009-06-21 22:05 -------- d-----w- c:\program files\AM-DeadLink
2009-06-20 22:02 . 2009-06-20 22:30 -------- d-----w- c:\users\Keith\AppData\Roaming\RevoluTV
2009-06-20 22:02 . 2009-06-20 22:02 -------- d-----w- c:\program files\RevoluTV
2009-06-20 02:59 . 2009-06-20 03:02 -------- d-----w- c:\windows\Symbols
2009-06-20 02:57 . 2009-06-20 02:57 -------- d-----w- c:\program files\Debugging Tools for Windows (x86)
2009-06-19 23:51 . 2009-06-19 23:51 319488 ----a-w- c:\windows\HideWin.exe
2009-06-19 23:49 . 2009-06-19 23:49 -------- d-----w- c:\program files\Digital Media Reader
2009-06-19 23:49 . 2009-06-19 23:49 -------- d-----w- c:\windows\Downloaded Installations
2009-06-19 23:48 . 2009-06-22 02:27 -------- d-----w- c:\program files\Common Files\InstallShield
2009-06-19 23:47 . 2009-06-19 23:47 -------- d-----w- C:\cabs
2009-06-19 23:34 . 2009-07-04 02:55 -------- d-----w- c:\users\Keith\AppData\Local\eSupport.com
2009-06-19 23:12 . 2009-06-22 02:52 -------- d-----w- c:\users\Keith\AppData\Roaming\ImgBurn
2009-06-19 16:49 . 2008-12-04 05:25 120832 ----a-w- c:\users\Keith\AppData\Roaming\Mozilla\Firefox\Profiles\qu7sbl4y.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}\plugins\npietab.dll
2009-06-19 16:44 . 2009-07-07 03:08 188501 ----a-w- c:\users\Keith\AppData\Roaming\ContentGuard\CGGuard2.dll
2009-06-19 16:44 . 2009-06-30 21:27 -------- d-----w- c:\users\Keith\AppData\Roaming\ContentGuard
2009-06-19 16:41 . 2009-06-19 16:41 -------- d-----w- c:\program files\Common Files\Zinio
2009-06-19 16:41 . 2009-06-19 16:41 -------- d-----w- c:\program files\Zinio
2009-06-19 16:20 . 2009-06-19 16:20 10134 ----a-r- c:\users\Keith\AppData\Roaming\Microsoft\Installer\{1BCEAE15-9830-4DCF-BA5C-113EBC8F26D9}\ARPPRODUCTICON.exe
2009-06-19 07:40 . 2009-06-30 09:46 -------- d-----w- c:\users\Keith\AppData\Local\Microsoft Games
2009-06-19 05:07 . 2009-07-07 23:06 -------- d-----w- c:\users\Keith\SecurityScans
2009-06-19 05:02 . 2009-06-19 05:02 -------- d-----w- c:\program files\WOT
2009-06-19 04:22 . 2009-06-19 04:22 -------- d-----w- c:\program files\Nitro PDF
2009-06-19 04:17 . 2009-06-19 04:17 -------- d-----w- c:\users\Keith\AppData\Local\Opera
2009-06-19 02:35 . 2009-06-19 02:35 -------- d-----w- c:\users\Keith\AppData\Roaming\Javacool Software
2009-06-18 21:03 . 2009-06-18 21:03 -------- d-----w- c:\program files\Update Notifier
2009-06-18 21:03 . 2009-07-09 17:34 -------- d-----w- c:\users\Keith\AppData\Roaming\cspa
2009-06-18 04:44 . 2009-06-18 04:44 -------- d-----w- c:\users\Keith\AppData\Roaming\Ashampoo
2009-06-18 04:42 . 2009-06-18 04:42 -------- d-----w- c:\program files\Ashampoo
2009-06-18 04:39 . 2009-07-09 00:56 1 ----a-w- c:\users\Keith\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-06-18 04:37 . 2009-06-18 04:37 -------- d-----w- c:\users\Keith\AppData\Roaming\OpenOffice.org
2009-06-18 04:23 . 2009-07-10 02:09 27656 ----a-w- c:\windows\system32\drivers\pxsec.sys
2009-06-18 04:23 . 2009-07-10 02:09 22024 ----a-w- c:\windows\system32\drivers\pxscan.sys
2009-06-18 04:23 . 2009-06-18 04:23 -------- d-----w- c:\program files\Prevx
2009-06-18 04:23 . 2009-07-10 09:46 -------- d-----w- c:\progra~2\PrevxCSI
2009-06-18 03:59 . 2009-06-18 03:59 -------- d-----w- c:\program files\EULAlyzer
2009-06-18 03:27 . 2009-06-29 20:01 27612 ----a-w- c:\windows\syscall.dat
2009-06-18 03:27 . 2009-06-29 20:00 -------- d-----w- c:\program files\AntiLogger
2009-06-18 01:23 . 2009-06-18 01:23 -------- d-----w- c:\users\Keith\AppData\Roaming\WinPatrol
2009-06-18 01:23 . 2006-09-18 21:43 10 ----a-w- c:\users\Keith\AppData\Roaming\WinPatrol\Config.sys
2009-06-18 01:23 . 2006-09-18 21:43 24 ----a-w- c:\users\Keith\AppData\Roaming\WinPatrol\Autoexec.bat
2009-06-18 01:22 . 2009-06-18 01:22 -------- d-----w- c:\program files\BillP Studios
2009-06-18 00:28 . 2009-06-18 00:28 -------- d-----w- c:\program files\MSXML 4.0
2009-06-18 00:22 . 2009-06-18 00:22 -------- d-----w- c:\program files\Belarc
2009-06-17 23:53 . 2009-06-17 23:53 -------- d-----w- c:\users\Keith\AppData\Roaming\PCToolsFirewallPlus
2009-06-17 23:53 . 2009-06-17 23:53 -------- d-----w- c:\users\Keith\AppData\Roaming\PCToolsSpamMonitorPlus
2009-06-17 23:45 . 2009-06-17 23:45 -------- d-----w- c:\users\Keith\AppData\Local\Mozilla
2009-06-17 23:42 . 2009-06-17 23:42 -------- d-----w- c:\users\Keith\AppData\Local\Threat Expert
2009-06-17 23:42 . 2009-06-18 01:19 -------- d-----w- c:\program files\Browser Defender

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-17 20:42 . 2009-06-17 20:40 -------- d-----w- c:\program files\Lexmark 7100 Series
2009-06-17 17:54 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Calendar
2009-06-17 17:54 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Sidebar
2009-06-17 17:54 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Journal
2009-06-17 17:54 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Collaboration
2009-06-17 17:54 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-06-17 17:54 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Photo Gallery
2009-06-17 17:54 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Defender
2009-06-17 17:54 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-06-17 10:45 . 2006-11-02 12:35 -------- d-----w- c:\program files\Microsoft Games
2009-06-17 07:21 . 2009-06-17 07:21 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2009-05-16 04:01 . 2009-06-17 11:14 4933632 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2009-05-16 03:24 . 2009-06-17 11:14 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
2009-05-16 03:24 . 2009-06-17 11:14 335872 ----a-w- c:\windows\system32\atieclxx.exe
2009-05-16 03:23 . 2009-06-17 11:14 176128 ----a-w- c:\windows\system32\atiesrxx.exe
2009-05-16 03:22 . 2009-06-17 11:14 159744 ----a-w- c:\windows\system32\atitmmxx.dll
2009-05-16 03:22 . 2009-06-17 11:14 356352 ----a-w- c:\windows\system32\atipdlxx.dll
2009-05-16 03:22 . 2009-06-17 11:14 278528 ----a-w- c:\windows\system32\Oemdspif.dll
2009-05-16 03:22 . 2009-06-17 11:14 11776 ----a-w- c:\windows\system32\atimuixx.dll
2009-05-16 03:22 . 2009-06-17 11:14 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2009-05-16 03:19 . 2009-06-17 11:14 2411008 ----a-w- c:\windows\system32\atidxx32.dll
2009-05-16 03:08 . 2009-06-17 11:14 3064832 ----a-w- c:\windows\system32\atiumdag.dll
2009-05-16 02:53 . 2009-06-17 11:14 2847744 ----a-w- c:\windows\system32\atiumdva.dll
2009-05-16 02:42 . 2009-06-17 11:14 51712 ----a-w- c:\windows\system32\atimpc32.dll
2009-05-16 02:42 . 2009-06-17 11:14 51712 ----a-w- c:\windows\system32\amdpcom32.dll
2009-05-16 02:41 . 2009-06-17 11:14 172032 ----a-w- c:\windows\system32\atiadlxx.dll
2009-05-16 02:40 . 2009-06-17 11:14 11376640 ----a-w- c:\windows\system32\atioglxx.dll
2009-05-16 02:27 . 2009-06-17 11:14 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2009-05-16 02:00 . 2009-06-17 11:14 53248 ----a-w- c:\windows\system32\aticalrt.dll
2009-05-16 02:00 . 2009-06-17 11:14 53248 ----a-w- c:\windows\system32\aticalcl.dll
2009-05-16 01:59 . 2009-06-17 11:14 3174400 ----a-w- c:\windows\system32\aticaldd.dll
2009-05-05 19:33 . 2009-06-17 11:14 118784 ----a-w- c:\windows\system32\atibtmon.exe
2009-04-28 09:47 . 2009-04-28 09:47 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-04-28 09:47 . 2009-04-28 09:47 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-04-24 05:43 . 2009-06-17 11:14 95544 ----a-w- c:\windows\system32\drivers\AtiHdmi.sys
2009-04-23 19:04 . 2009-06-17 11:14 189051 ----a-w- c:\windows\system32\atiicdxx.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy2]
@="{747E722C-CB46-4a9d-BDFE-192AAD5099B1}"
[HKEY_CLASSES_ROOT\CLSID\{747E722C-CB46-4a9d-BDFE-192AAD5099B1}]
2009-06-24 19:03 2835256 ----a-w- c:\program files\MozyHome\mozyshell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy3]
@="{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}"
[HKEY_CLASSES_ROOT\CLSID\{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}]
2009-06-24 19:03 2835256 ----a-w- c:\program files\MozyHome\mozyshell.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"Eraser"="c:\program files\Eraser\Eraser.exe" [2007-12-22 916240]
"Xmarks"="c:\program files\Xmarks\IE Extension\xmarkssync.exe" [2009-05-08 1003520]
"EULA-Watch"="c:\program files\EULAlyzer\eulawatch.exe" [2009-01-04 1091080]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-07-03 135680]
"Zinio DLM"="c:\program files\Zinio\ZinioReader.exe" [2008-10-29 2699334]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"Ad Muncher"="c:\program files\Ad Muncher\AdMunch.exe" [2009-06-17 779776]
"LXBXCATS"="c:\windows\system32\spool\DRIVERS\W32X86\3\LXBXtime.dll" [2007-02-22 73728]
"lxbxmon.exe"="c:\program files\Lexmark 7100 Series\lxbxmon.exe" [2007-05-11 205744]
"EzPrint"="c:\program files\Lexmark 7100 Series\ezprint.exe" [2007-05-11 103344]
"ISTray"="c:\program files\PC Tools Internet Security\pctsTray.exe" [2008-12-08 1173416]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2009-06-01 341312]
"AntiLogger"="c:\program files\AntiLogger\AntiLogger.exe" [2009-06-29 2390384]
"PrevxCSI"="c:\program files\Prevx\prevx.exe" [2009-06-18 4368952]
"WinUtilities Quick Launcher"="c:\program files\WinUtilities\WO.exe" [2009-06-16 2359296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]

c:\progra~2\MICROS~1\Windows\STARTM~1\Programs\Startup\
APC UPS Status.lnk - c:\program files\APC\APC PowerChute Personal Edition\Display.exe [2009-7-9 267520]
Snagit 9.lnk - c:\program files\TechSmith\Snagit 9\Snagit32.exe [2009-4-17 7226184]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(:98,90,cc,0c,75,ef,c9,01

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{D79C3DD9-B6CF-4F84-AE50-3EE91EBF4B5B}"= UDP:c:\windows\System32\lxbxcoms.exe:Lexmark Communications System
"{48A7B497-94AB-4EB7-B6CE-75D42C61734F}"= TCP:c:\windows\System32\lxbxcoms.exe:Lexmark Communications System
"{8EA3588D-E3CB-48BA-82BA-B3E204DC62E3}"= UDP:c:\windows\System32\spool\drivers\w32x86\3\lxbxpswx.exe:Printer Status Window
"{7E9821EF-F2FE-4755-88B5-918970A6A903}"= TCP:c:\windows\System32\spool\drivers\w32x86\3\lxbxpswx.exe:Printer Status Window
"{AA824B10-E65B-4405-BC7C-D35BF513585A}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
"{03455F07-145F-4E1F-B4A9-626DC695B3B3}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{BEAA8514-370B-434D-A043-E0A16ACFC425}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
"DoNotAllowExceptions"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R0 PCTCore;PCTools KDS;c:\windows\System32\drivers\PCTCore.sys [6/17/2009 7:42 PM 130936]
R0 pxscan;pxscan;c:\windows\System32\drivers\pxscan.sys [6/18/2009 12:23 AM 22024]
R0 pxsec;pxsec;c:\windows\System32\drivers\pxsec.sys [6/18/2009 12:23 AM 27656]
R0 TfFsMon;TfFsMon;c:\windows\System32\drivers\TfFsMon.sys [6/17/2009 7:41 PM 51488]
R0 TfSysMon;TfSysMon;c:\windows\System32\drivers\TfSysMon.sys [6/17/2009 7:41 PM 39200]
R1 pctgntdi;pctgntdi;c:\windows\System32\drivers\pctgntdi.sys [6/17/2009 7:42 PM 159600]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\PC Tools Internet Security\pctsAuxs.exe [6/17/2009 7:41 PM 348752]
S1 AntiLog32;AntiLog32;c:\program files\AntiLogger\AntiLog32.sys [6/29/2009 4:02 AM 116080]
S1 mozyFilter;mozyFilter;c:\windows\System32\drivers\mozy.sys [7/2/2009 10:37 PM 54776]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\System32\atiesrxx.exe [6/17/2009 7:14 AM 176128]
S2 AVO2009 Defrag;AVO2009 Defrag;c:\program files\Systweak\Advanced Vista Optimizer 2009\AVODefragService32.exe [7/3/2009 6:23 AM 398056]
S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Browser Defender\BDTUpdateService.exe [6/17/2009 7:42 PM 108416]
S2 CSIScanner;CSIScanner;c:\program files\Prevx\prevx.exe [6/18/2009 12:23 AM 4368952]
S2 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files\PCPitstop\PCPitstopScheduleService.exe [6/17/2009 4:31 PM 90352]
S2 PCTAppEvent;PCTAppEvent Driver;c:\windows\System32\drivers\PCTAppEvent.sys [6/17/2009 7:42 PM 73840]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [6/17/2009 12:08 AM 1153368]
S3 AtiHdmiService;ATI Function Driver for HDMI Service;c:\windows\System32\drivers\AtiHdmi.sys [6/17/2009 7:14 AM 95544]
S3 pctplfw;pctplfw;c:\windows\System32\drivers\pctplfw.sys [6/17/2009 7:41 PM 95656]
S3 pctplsg;pctplsg;c:\windows\System32\drivers\pctplsg.sys [6/17/2009 7:41 PM 64424]
S3 PSI;PSI;c:\windows\System32\drivers\psi_mf.sys [6/17/2009 8:20 AM 12648]
S3 TfNetMon;TfNetMon;c:\windows\System32\drivers\TfNetMon.sys [6/17/2009 7:41 PM 33056]
S3 ThreatFire;ThreatFire;c:\program files\PC Tools Internet Security\TFEngine\TFService.exe service --> c:\program files\PC Tools Internet Security\TFEngine\TFService.exe service [?]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - ECACHE

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}]
%SystemRoot%\system32\soundschemes.exe /AddRegistration

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B3688A53-AB2A-4b1d-8CEF-8F93D8C51C24}]
%SystemRoot%\system32\soundschemes2.exe /AddRegistration
.
- - - - ORPHANS REMOVED - - - -

HKLM-RunOnce-<NO NAME> - (no file)
ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file)
Notify-!SASWinLogon - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bing.com
IE: Block frame with Ad Muncher - http://www.admuncher.com/request_will_be_i...d=menu_ie_frame
IE: Block image with Ad Muncher - http://www.admuncher.com/request_will_be_i...d=menu_ie_image
IE: Block link with Ad Muncher - http://www.admuncher.com/request_will_be_i...id=menu_ie_link
IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: Don't filter page with Ad Muncher - http://www.admuncher.com/request_will_be_i...menu_ie_exclude
IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: Report page to the Ad Muncher developers - http://www.admuncher.com/request_will_be_i...=menu_ie_report
IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: Save Page As PDF ... - file://c:\program files\Nitro PDF\PDF Download\nitroweb.htm
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
TCP: {472C0B71-42BA-475D-9E64-F87E36A011F8} = 208.67.222.222,208.67.220.220
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
FF - ProfilePath - c:\users\Keith\AppData\Roaming\Mozilla\Firefox\Profiles\qu7sbl4y.default\
FF - prefs.js: browser.search.selectedEngine - Surf Canyon
FF - component: c:\program files\Siber Systems\AI RoboForm\Firefox\components\rfproxy_31.dll
FF - component: c:\users\Keith\AppData\Roaming\Mozilla\Firefox\Profiles\qu7sbl4y.default\extensions\lazarus@interclue.com\platform\WINNT_x86-msvc\components\WeaveCrypto.dll
FF - plugin: c:\program files\OpenOffice.org 3\program\npsoplugin.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\Keith\AppData\Local\HuluDesktop\instances\0.9.6.1\npHDPlg.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - fales
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-10 20:29
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-167004379-2929657626-874284640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\L*i*n*k*s* \Smart Bookmarks]
"Order"=hex:08,00,00,00,02,00,00,00,0c,00,00,00,01,00,00,00,00,00,00,00

[HKEY_USERS\S-1-5-21-167004379-2929657626-874284640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\L*i*n*k*s*  \Smart Bookmarks]
"Order"=hex:08,00,00,00,02,00,00,00,0c,00,00,00,01,00,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(1572)
c:\program files\MozyHome\mozyshell.dll
.
Completion time: 2009-07-11 20:31
ComboFix-quarantined-files.txt 2009-07-11 00:31

Pre-Run: 55,280,484,352 bytes free
Post-Run: 69,319,561,216 bytes free

Current=1 Default=1 Failed=0 LastKnownGood=5 Sets=1,2,3,4,5
413 --- E O F --- 2009-07-09 16:20

Copy/paste the text in the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Take your mouse, and place your cursor at the beginning of the text in the box below, then click and hold the left mouse button, while pulling your mouse over the text. This should highlight the text. Now release the left mouse button. Now, with the cursor over the highlighted text, right click the mouse for options, and select 'copy'. Now over the empty Notepad box, right click your mouse again, and select 'paste' and you will have copied and pasted the text.



Save this file to your desktop, Save this as "CFScript"

Here's how to do that:
1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...




Drag CFScript.txt into ComboFix.exe

Then post the results log and a new HijackThis log.


Also please describe how your computer behaves at the moment.

Due to inactivity this topic will be closed.
If you need help please start a new thread and post a new HJT log