PLEASE HELP! THIS PROBLEM HAS BEEN GOING ON FOR A MONTH!

In order to see C:\Documents and Settings\Ramirez.BIANCA\Application Data you have to follow the two steps I mentioned for showing hidden files. Please go back and make sure you unhide all hidden folders, then try the second one again.

While you're at it, upload the following folder to Jotti's VirusScan and post the results here:

c:\windows\system32\drivers\qpaz.sys

OK, oops, I thought I had checked it, but hadn't...so this file says:

GENERAL TAB

TYPE: File Folder
LOCATION: C:\Documents and Settings\Ramirez.BIANCA\Applicati
SIZE: 1.03 KB (1,06 bytes)
SIZE ON DISK: 4.00 KB (4,096 bytes)
CONTAINS: 1 Files, 0 Folders
CREATED: Friday, April 10, 2009, 2:41:20 PM

the file it contains says:

GENERAL TAB

TYPE: System File
DESCRIPTION: 0
LOCATION: C:\Documents and Settings\Ramirez.BIANCA\App
SIZE: 1.03KB (1,060 bytes)
SIZE ON DISK: 4.00 KB (4,096 bytes)
CREATED: Friday, April 10, 2009, 2:42:01 PM
MODIFIED: Friday, April 10, 2009, 2:42:01 PM
ACCESSED: Today, May 07, 2009, 9:56:01 PM


ok I went to the site u told me this is the scan on the file above:

Service load:
0% 100%
File: 0
Status:
OK
MD5: 0f0e211e0dde666093e915a3fdf8fee4
Packers detected:
-


Scanner results
Scan taken on 08 May 2009 02:04:27 (GMT)
A-Squared Found nothing
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
Ikarus Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Quick Heal Found nothing
Sophos Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found nothing


Ok, well that's it, let me know what else u need! I have to say this has been one of the most incredible learning experiences I have ever had, and in doing so, I have a few questions, but they can wait until after this is done....THANKS!!!!!:D

OK, then. Go ahead and navigate to those two folders (C:\Program Files\type funk camp and C:\Documents and Settings\Ramirez.BIANCA\Application Data\type funk camp) and right-click-and delete them; qpaz.sys doesn't seem to be a nasty so you may as well let it be for now.

When you're done with that, let's see one more Combofix scan log and then an HJT scan log. Just a few loose ends to tidy up and we should be done.:)

ok, sorry for the delay. Here is the combofix log report:


ComboFix 09-05-13.02 - Ramirez 05/13/2009 19:37.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.382.106 [GMT -4:00]
Running from: c:\documents and settings\Ramirez.BIANCA\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\test.txt
c:\windows\TEMP\logishrd\LVPrcInj01.dll

.
((((((((((((((((((((((((( Files Created from 2009-04-13 to 2009-05-13 )))))))))))))))))))))))))))))))
.

2009-05-13 03:58 . 2009-05-13 03:58 -------- d-----w c:\documents and settings\Ramirez.BIANCA\Application Data\AVS4YOU
2009-05-13 03:58 . 2009-05-13 03:58 -------- d-----w c:\documents and settings\All Users\Application Data\AVS4YOU
2009-05-13 03:57 . 2009-05-13 03:58 -------- d-----w c:\program files\Common Files\AVSMedia
2009-05-13 03:57 . 2009-01-29 00:49 974848 ----a-w c:\windows\system32\mfc70.dll
2009-05-13 03:57 . 2009-01-29 00:49 487424 ----a-w c:\windows\system32\msvcp70.dll
2009-05-13 03:57 . 2009-01-29 00:49 344064 ----a-w c:\windows\system32\msvcr70.dll
2009-05-13 03:57 . 2009-01-29 00:49 1700352 ----a-w c:\windows\system32\GdiPlus.dll
2009-05-13 03:57 . 2009-01-29 00:49 24576 ----a-w c:\windows\system32\msxml3a.dll
2009-05-13 03:57 . 2009-05-13 03:58 -------- d-----w c:\program files\AVS4YOU
2009-05-10 03:37 . 2009-05-10 03:37 -------- d-----w c:\documents and settings\Ramirez.BIANCA\Application Data\MySpace
2009-05-10 03:37 . 2009-05-10 03:37 -------- d-----w c:\program files\MySpace
2009-05-05 07:02 . 2004-08-04 19:00 221184 ----a-w c:\windows\system32\wmpns.dll
2009-04-30 23:43 . 2009-04-30 23:43 -------- d-----w c:\documents and settings\Ramirez.BIANCA\Application Data\Malwarebytes
2009-04-27 09:56 . 2009-04-27 09:56 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-04-27 09:56 . 2009-04-30 22:30 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-27 09:47 . 2009-04-27 09:47 -------- d-----w c:\program files\Trend Micro
2009-04-27 03:47 . 2009-04-27 03:47 -------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-04-26 02:52 . 2009-04-26 02:52 -------- d-----w c:\documents and settings\Ramirez.BIANCA\Application Data\Yahoo!
2009-04-26 02:52 . 2009-04-26 02:52 -------- d-----w c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-04-26 02:52 . 2009-04-26 02:52 -------- d-----w c:\program files\Yahoo!
2009-04-26 02:43 . 2005-08-25 23:18 118784 ----a-w c:\windows\system32\MSSTDFMT.DLL
2009-04-24 03:21 . 2009-04-26 02:19 -------- d-----w c:\program files\Free Window Registry Repair
2009-04-24 03:03 . 2009-04-24 03:03 -------- d-----w c:\documents and settings\Administrator\Local Settings\Application Data\Apple Computer
2009-04-24 03:03 . 2009-04-24 03:03 -------- d-----w c:\documents and settings\Administrator\Application Data\Apple Computer
2009-04-22 03:31 . 2009-05-09 16:34 -------- dc-h--w C:\$AVG8.VAULT$
2009-04-22 03:27 . 2009-05-04 07:47 11952 ----a-w c:\windows\system32\avgrsstx.dll
2009-04-22 03:27 . 2009-05-04 07:47 108552 ----a-w c:\windows\system32\drivers\avgtdix.sys
2009-04-22 03:27 . 2009-05-04 07:47 325896 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-04-22 03:27 . 2009-05-13 21:12 -------- d-----w c:\windows\system32\drivers\Avg
2009-04-22 03:27 . 2009-04-22 03:43 -------- d-----w c:\documents and settings\Ramirez.BIANCA\Application Data\AVGTOOLBAR
2009-04-22 03:27 . 2009-04-22 03:27 -------- d-----w c:\program files\AVG
2009-04-22 03:27 . 2009-05-05 22:46 -------- d-----w c:\documents and settings\All Users\Application Data\avg8

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-13 22:05 . 2009-01-22 00:28 -------- d-----w c:\program files\Safari
2009-04-27 01:58 . 2009-01-22 01:42 664 ----a-w c:\windows\system32\d3d9caps.dat
2009-04-22 03:57 . 2009-04-10 18:40 -------- d-----w c:\program files\Circle Developemnt
2009-04-10 18:40 . 2009-04-10 18:40 -------- d-----w c:\program files\Messenger Plus! Live
2009-04-08 14:50 . 2009-04-08 14:50 -------- d-----w c:\program files\QuickTime
2009-04-05 18:19 . 2009-01-22 10:17 -------- d-----w c:\program files\Windows Live
2009-04-05 18:13 . 2009-04-05 18:13 -------- d-----w c:\program files\Microsoft Sync Framework
2009-04-05 00:17 . 2009-01-22 01:25 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-05 00:17 . 2009-04-05 00:17 -------- d-----w c:\program files\CyberLink
2009-04-03 19:12 . 2009-04-03 19:12 -------- d-----w c:\program files\Venice Mystery
2009-04-03 01:24 . 2009-01-23 00:26 -------- d-----w c:\program files\Common Files\Blizzard Entertainment
2009-04-03 00:32 . 2009-01-23 00:26 -------- d-----w c:\program files\World of Warcraft
2009-04-02 23:13 . 2009-04-02 23:13 -------- d-----w c:\program files\Microsoft Silverlight
2009-04-02 22:56 . 2009-04-02 22:56 -------- d-----w c:\program files\shARES
2009-04-02 22:56 . 2009-04-02 22:56 -------- d-----w c:\program files\Conduit
2009-04-02 22:54 . 2009-03-21 02:11 -------- d-----w c:\program files\DivX
2009-04-02 22:54 . 2009-03-30 21:35 -------- d-----w c:\program files\Chocolatier 2 - Secret Ingredients
2009-04-02 22:52 . 2009-04-02 22:15 -------- d-----w c:\program files\PremierOpinion(2)
2009-03-06 14:44 . 2009-01-22 01:00 283648 ----a-w c:\windows\system32\pdh.dll
2009-02-20 08:30 . 2009-04-02 23:16 81920 ----a-w c:\windows\system32\ieencode.dll
2009-02-20 08:30 . 2009-01-22 01:01 659456 ----a-w c:\windows\system32\wininet.dll
.

------- Sigcheck -------

[-] 2008-04-14 00:12 14336 27C6D03BCDB8CFEB96B716F3D8BE3E18 c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\svchost.exe
[-] 2004-08-04 19:00 14336 8F078AE4ED187AAABC0A305146DE6716 c:\windows\system32\svchost.exe
[-] 2004-08-04 19:00 14336 8F078AE4ED187AAABC0A305146DE6716 c:\windows\system32\dllcache\svchost.exe

[-] 2008-04-14 00:12 82432 2CCC474EB85CEAA3E1FA1726580A3E5A c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\ws2_32.dll
[-] 2004-08-04 19:00 82944 2ED0B7F12A60F90092081C50FA0EC2B2 c:\windows\system32\ws2_32.dll
[-] 2004-08-04 19:00 82944 2ED0B7F12A60F90092081C50FA0EC2B2 c:\windows\system32\dllcache\ws2_32.dll

[-] 2008-04-14 00:12 507904 ED0EF0A136DEC83DF69F04118870003E c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\winlogon.exe
[-] 2004-08-04 19:00 502272 01C3346C241652F43AED8E2149881BFE c:\windows\system32\winlogon.exe
[-] 2004-08-04 19:00 502272 01C3346C241652F43AED8E2149881BFE c:\windows\system32\dllcache\winlogon.exe

[-] 2008-04-13 19:20 182656 1DF7F42665C94B825322FAE71721130D c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\ndis.sys
[-] 2004-08-04 19:00 182912 558635D3AF1C7546D26067D5D9B6959E c:\windows\system32\dllcache\ndis.sys
[-] 2004-08-04 19:00 182912 558635D3AF1C7546D26067D5D9B6959E c:\windows\system32\drivers\ndis.sys

[-] 2008-04-13 18:53 36608 3BB22519A194418D5FEC05D800A19AD0 c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\ip6fw.sys
[-] 2004-08-04 19:00 29056 4448006B6BC60E6C027932CFC38D6855 c:\windows\system32\dllcache\ip6fw.sys
[-] 2004-08-04 19:00 29056 4448006B6BC60E6C027932CFC38D6855 c:\windows\system32\drivers\ip6fw.sys

[-] 2008-04-14 00:12 13312 BF2466B3E18E970D8A976FB95FC1CA85 c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\lsass.exe
[-] 2004-08-04 19:00 13312 84885F9B82F4D55C6146EBF6065D75D2 c:\windows\system32\lsass.exe
[-] 2004-08-04 19:00 13312 84885F9B82F4D55C6146EBF6065D75D2 c:\windows\system32\dllcache\lsass.exe

[-] 2008-04-14 00:12 15360 5F1D5F88303D4A4DBC8E5F97BA967CC3 c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\ctfmon.exe
[-] 2004-08-04 19:00 15360 24232996A38C0B0CF151C2140AE29FC8 c:\windows\system32\ctfmon.exe
[-] 2004-08-04 19:00 15360 24232996A38C0B0CF151C2140AE29FC8 c:\windows\system32\dllcache\ctfmon.exe

[-] 2008-04-14 00:12 26112 A93AEE1928A9D7CE3E16D24EC7380F89 c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\userinit.exe
[-] 2004-08-04 19:00 24576 39B1FFB03C2296323832ACBAE50D2AFF c:\windows\system32\userinit.exe
[-] 2004-08-04 19:00 24576 39B1FFB03C2296323832ACBAE50D2AFF c:\windows\system32\dllcache\userinit.exe

[-] 2008-04-14 00:12 295424 FF3477C03BE7201C294C35F684B3479F c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\termsrv.dll
[-] 2004-08-04 19:00 295424 B60C877D16D9C880B952FDA04ADF16E6 c:\windows\system32\termsrv.dll
[-] 2004-08-04 19:00 295424 B60C877D16D9C880B952FDA04ADF16E6 c:\windows\system32\dllcache\termsrv.dll

[-] 2008-04-14 00:12 17408 50A166237A0FA771261275A405646CC0 c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\powrprof.dll
[-] 2004-08-04 19:00 17408 1B5F6923ABB450692E9FE0672C897AED c:\windows\system32\powrprof.dll
[-] 2004-08-04 19:00 17408 1B5F6923ABB450692E9FE0672C897AED c:\windows\system32\dllcache\powrprof.dll

[-] 2008-04-14 00:11 110080 0DA85218E92526972A821587E6A8BF8F c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\imm32.dll
[-] 2004-08-04 19:00 110080 87CA7CE6469577F059297B9D6556D66D c:\windows\system32\imm32.dll
[-] 2004-08-04 19:00 110080 87CA7CE6469577F059297B9D6556D66D c:\windows\system32\dllcache\imm32.dll

[-] 2008-04-14 00:12 1614848 9DD07AF82244867CA36681EA2D29CE79 c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\sfcfiles.dll
[-] 2004-08-04 19:00 1580544 30A609E00BD1D4FFC49D6B5A432BE7F2 c:\windows\system32\sfcfiles.dll
[-] 2004-08-04 19:00 1580544 30A609E00BD1D4FFC49D6B5A432BE7F2 c:\windows\system32\dllcache\sfcfiles.dll
.
((((((((((((((((((((((((((((( SnapShot_2009-05-05_22.51.56 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-05-13 23:40 . 2009-05-13 23:40 16384 c:\windows\Temp\Perflib_Perfdata_74c.dat
+ 2009-05-13 23:40 . 2009-05-13 23:40 16384 c:\windows\Temp\Perflib_Perfdata_4e0.dat
+ 2009-05-13 05:02 . 2009-05-13 05:02 16384 c:\windows\Temp\Perflib_Perfdata_3f4.dat
+ 2009-05-13 22:06 . 2009-05-13 22:06 307200 c:\windows\Installer\{9C48DCA4-00C2-449C-88D8-B1EE1692B44F}\SafariIco.exe
+ 2009-05-08 01:48 . 2009-05-07 07:16 24699336 c:\windows\system32\MRT.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{9c905b42-976e-43c1-bc30-fc5937017909}"= "c:\program files\shARES\tbshAR.dll" [2008-09-15 1784856]

[HKEY_CLASSES_ROOT\clsid\{9c905b42-976e-43c1-bc30-fc5937017909}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2008-12-12 9555968]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"ares"="c:\program files\Ares\Ares.exe" [2008-12-13 882176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSConfig"="c:\windows\pchealth\helpctr\Binaries\MSCONFIG.EXE" [2004-08-04 158208]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-26 13680640]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2008-12-12 9555968]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-05-04 07:47 11952 ----a-w c:\windows\system32\avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Ramirez.BIANCA^Start Menu^Programs^Startup^ChkDisk.dll]

[HKLM\~\startupfolder\C:^Documents and Settings^Ramirez.BIANCA^Start Menu^Programs^Startup^ChkDisk.lnk]
backup=c:\windows\pss\ChkDisk.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"MyWebSearchService"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Ares Ultra\\Ares Ultra.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-2.3.0.7561-to-2.4.0.8089-enUS-downloader.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [4/21/2009 11:27 PM 325896]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [4/21/2009 11:27 PM 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [4/21/2009 11:27 PM 908568]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [4/21/2009 11:27 PM 298776]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [4/5/2009 2:19 PM 55152]
R2 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [1/14/2009 5:53 PM 226656]
R2 WUSB300NSvc;WUSB300NSvc;c:\program files\Linksys\WUSB300N\WLService.exe [1/22/2009 2:39 AM 53307]
S0 nfcepcb;nfcepcb;c:\windows\system32\drivers\qpaz.sys --> c:\windows\system32\drivers\qpaz.sys [?]
S3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [2/6/2009 6:08 PM 533360]
.
Contents of the 'Scheduled Tasks' folder

2009-05-13 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
.
- - - - ORPHANS REMOVED - - - -

URLSearchHooks-{EEE6C35D-6118-11DC-9C72-001320C79847} - c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.msn.com
mStart Page = hxxp://home.sweetim.com
uInternet Settings,ProxyOverride = *.local
IE: &Search - ?p=ZNman000
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: {4DCA1E08-4147-4A3D-8CA6-E095DF189FAB} - hxxp://games.bigfishgames.com/en_nightshift-legacy-the-jaguars-eye/online/Nightshift2Web.1.0.0.9.cab
DPF: {775879E2-7309-4619-BB02-AADE41F4B690} - hxxp://games.bigfishgames.com/en_dream-chronicles/online/dreamweb.1.0.0.9.cab
DPF: {D40F5876-A494-4124-8161-82625BB28C06} - hxxp://games.bigfishgames.com/en_chocolatier-2-secret-ingredients/online/Chocolatier2Web.1.0.0.10.cab
FF - ProfilePath - c:\documents and settings\Ramirez.BIANCA\Application Data\Mozilla\Firefox\Profiles\nswmlzaa.default\
FF - prefs.js: browser.search.selectedEngine - MySpace.com
FF - prefs.js: keyword.URL - hxxp://searchservice.myspace.com/index.cfm?fuseaction=sitesearch.results&type=Web&orig=IMC-FF&qry=
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-13 19:41
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(7488)
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\snmp.exe
c:\program files\Linksys\WUSB300N\WUSB300N.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-05-13 19:46 - machine was rebooted
ComboFix-quarantined-files.txt 2009-05-13 23:46
ComboFix2.txt 2009-05-05 22:57
ComboFix3.txt 2009-05-04 11:36

Pre-Run: 128,233,406,464 bytes free
Post-Run: 128,327,565,312 bytes free

229 --- E O F --- 2009-05-13 04:06

and here is the hijack this report:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:03:14 PM, on 5/13/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Linksys\WUSB300N\WLService.exe
C:\Program Files\Linksys\WUSB300N\WUSB300N.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Safari\Safari.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: shARES Toolbar - {9c905b42-976e-43c1-bc30-fc5937017909} - C:\Program Files\shARES\tbshAR.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Search - ?p=ZNman000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/Driver...sysreqlab3.cab
O16 - DPF: {4DCA1E08-4147-4A3D-8CA6-E095DF189FAB} (CPlayFirstNightshiftControl Object) - http://games.bigfishgames.com/en_nig...eb.1.0.0.9.cab
O16 - DPF: {775879E2-7309-4619-BB02-AADE41F4B690} (CPlayFirstdreamControl Object) - http://games.bigfishgames.com/en_dre...eb.1.0.0.9.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O16 - DPF: {D40F5876-A494-4124-8161-82625BB28C06} (CPlayFirstChocolatieControl Object) - http://games.bigfishgames.com/en_cho...b.1.0.0.10.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: WUSB300NSvc - Unknown owner - C:\Program Files\Linksys\WUSB300N\WLService.exe

--
End of file - 7706 bytes