Is it a Virus?

Well, on my computer, I think it has a virus, I don't know how, nor how long it's been on it. But, I NEED it to be rid of! I'm almost 100% sure that there is a virus. I have advanced system care, malwarebytes, and Hijack this (Only Hijack this because of the geek polices mods told me to download it for another virus I had...) I've used both Malwarebytes and ASC, but neither of them say I have a virus, (even though when I clean with ASC, it says trojan downloader, or something like that, so I'm freaking out about it.) I would like to know how to get the "Virus" off of my computer, if I acutally have it... I think I do, because my computer is exceptionally slow at the moment... So, I hope someone can help me please!

Please download the current version of HijackThis from HERE

• Double click and run the installer.
  
• It will install to C:\Program Files\Trend Micro\HijackThis\hijackthis.exe
  
• After installing, you should get the user agreement, press accept and Hijack This will run.
  
• Select Do a system scan and save a log file. This will open a notepad file of everything Hijack This found, copy and paste it back here.
  

Here is the info:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:16:04 PM, on 10/17/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16915)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\StartupMonitor.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ps2.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mozilla Firefox 3.1 Beta 3\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us7.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Run StartupMonitor] StartupMonitor.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [SmartRAM] "C:\Program Files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe" /m
O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - https://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 6529 bytes

Also, if you do respond, may I end the pages of hijack this? Or should I keep them up and running?

Hello.
Keep it open for now, cause were gonna need it to fix a few things.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

Viewpoint Toolbar

Next,

• Open HijackThis
  
• Choose "Do a system scan only"
  
• Check the boxes in front of these lines:
  
  
  O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
  O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - (no file)
  O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll (file missing)O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
  O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
  
  
  
  
• Press "Fix Checked"
  
• Close Hijack This.
  

Does ASC say where this trojan.downloader is?

Ok, 4 things:
1, I didn't have the 03 toolbar thing after I deleted the viewpoint toolbar
2, I accidentally did close them, but it was about an hour ago...
3, it told me i was deleting a BHO file, so I didn't know what to do, but I deleted them,
4, The ASC was doing a check that I issued, and during the sweep, it said somewhere, trojan downloader or something like that, it was quick, but I did see it.

Hi.

Did ASC actually say where it is on the machine? file path?

Well, no, I couldn't see it in time, because it was too fast to check, but, I did manage to get this out of it:
Trojan-downloader.win


It was on the spyware removal on the maintain windows section.

So, also, I'd like to know if any of those questions I asked were important or not... Just in case.

Yeah, they are important, every detail you can give me helps.
Guess we'll have to track it down with tools.

• Please download DDS by sUBs to your Desktop (Important!!) from one of these locations:
  Link 1
  Link 2
  
• Double click DDS.scr to run.
  
• When complete, two logs will open. Save both of the report to your Desktop.
  
• Copy and paste DDS.txt back here, I don't need to see attach.txt just yet.
  

Well, here is the DDS from the note pad.

DDS (Ver_09-10-13.01) - NTFSx86
Run by Owner at 14:49:34.00 on Sun 10/18/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_16
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1529 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\StartupMonitor.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ps2.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Mozilla Firefox 3.1 Beta 3\firefox.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\Documents and Settings\Owner\My Documents\Downloads\dds(2).scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://srch-us7.hpwis.com/
uInternet Settings,ProxyOverride = 127.0.0.1;localhost
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: AIM Search: {40d41a8b-d79b-43d7-99a7-9ee0f344c385} -
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File
EB: {8F4902B6-6C04-4ade-8052-AA58578A21BD} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [NVIDIA nTune] "c:\program files\nvidia corporation\ntune\nTuneCmd.exe" clear
uRun: [SmartRAM] "c:\program files\iobit\advanced systemcare 3\Sup_SmartRAM.exe" /m
uRun: [Advanced SystemCare 3] "c:\program files\iobit\advanced systemcare 3\AWC.exe" /startup
mRun: [hpsysdrv] c:\windows\system\hpsysdrv.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [AlcxMonitor] ALCXMNTR.EXE
mRun: [KBD] c:\hp\kbd\KBD.EXE
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [Run StartupMonitor] StartupMonitor.exe
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [PS2] c:\windows\system32\ps2.exe
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
IE: &AIM Search - c:\program files\aim toolbar\AIMBar.dll/aimsearch.htm
IE: Add to Anti-Banner - c:\program files\kaspersky lab\kaspersky internet security 7.0\ie_banner_deny.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photo.walgreens.com/WalgreensActivia.cab
DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/flash/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Handler: ms-its50 - {F8606A00-F5CF-11D1-B6BB-0000F80149F6} - c:\program files\common files\microsoft shared\information retrieval\itss50.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxsrvc.dll
Notify: WB - c:\progra~1\object~1\window~1\fastload.dll
Notify: WRNotifier - WRLogonNTF.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\6qhi1fwt.default\
FF - plugin: c:\documents and settings\all users\application data\nexonus\ngm\npNxGameUS.dll
FF - plugin: c:\progra~1\sonyon~1\npsoe.dll
FF - plugin: c:\program files\quicktime\plugins\npqtplugin8.dll
FF - hȋdden: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - hȋdden: Java Console: No Registry Reference - c:\program files\mozilla firefox 3.1 beta 3\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - hȋdden: Java Console: No Registry Reference - c:\program files\mozilla firefox 3.1 beta 3\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - hȋdden: Java Console: No Registry Reference - c:\program files\mozilla firefox 3.1 beta 3\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - hȋdden: Java Console: No Registry Reference - c:\program files\mozilla firefox 3.1 beta 3\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - fales
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
c:\program files\mozilla firefox 3.1 beta 3\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-3-14 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-3-14 108552]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-3-14 297752]
R2 IOPort;IOPort;c:\windows\system32\drivers\IOPORT.SYS [1998-11-27 6144]
S2 mrtRate;mrtRate; [x]
S3 DAEMONIO;DAEMONIO;c:\windows\system32\drivers\DAEMONIO.SYS [2009-3-29 5152]

=============== Created Last 30 ================

2009-10-14 23:16 54,156 a---h--- c:\windows\QTFont.qfn
2009-10-14 23:16 1,409 a------- c:\windows\QTFont.for
2009-10-13 22:55 --d----- C:\6a959920d516710d962511
2009-10-13 18:50 --d----- c:\program files\SystemRequirementsLab
2009-09-19 02:17 45 a------- c:\documents and settings\owner\jagex_runescape_preferences2.dat

==================== Find3M ====================

2009-09-19 02:38 37 a------- c:\documents and settings\owner\jagex_runescape_preferences.dat
2009-09-11 09:18 136,192 a------- c:\windows\system32\msv1_0.dll
2009-09-04 16:03 58,880 a------- c:\windows\system32\msasn1.dll
2009-08-29 02:36 832,512 a------- c:\windows\system32\wininet.dll
2009-08-29 02:36 78,336 a------- c:\windows\system32\ieencode.dll
2009-08-29 02:36 17,408 a------- c:\windows\system32\corpol.dll
2009-08-26 03:00 247,326 a------- c:\windows\system32\strmdll.dll
2009-08-18 20:31 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-08-12 19:00 108,474 a------- c:\windows\system32\vsfoceowntilti.dat
2009-08-07 12:32 26,171,928 a------- c:\program files\sdsetup.exe
2009-08-06 19:23 274,288 a------- c:\windows\system32\mucltui.dll
2009-08-06 19:23 215,920 a------- c:\windows\system32\muweb.dll
2009-08-05 04:01 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-08-04 10:13 2,145,280 a------- c:\windows\system32\ntoskrnl.exe
2009-08-04 09:20 2,023,936 a------- c:\windows\system32\ntkrnlpa.exe
2009-07-31 15:23 411,368 a------- c:\windows\system32\deploytk.dll
2009-06-26 20:03 25,001,480 a------- c:\program files\NetFx20SP2_x86.exe
2009-06-26 19:39 7,885,912 a------- c:\program files\asc-setup.exe
2009-04-10 09:38 173,748 a------- c:\program files\RealTempBeta.zip
2009-04-10 09:36 150,817 a------- c:\program files\CoreTemp.zip
2009-04-10 09:09 162,440 a------- c:\program files\SoftKeyRevealer.zip
2009-04-10 09:02 1,839,856 a------- c:\program files\installspeedfan437.exe
2009-04-01 12:59 9,489 a------- c:\program files\ReadMe.txt
2009-04-01 12:27 2,023,424 a------- c:\program files\SoftKeyRevealer.exe
2009-03-29 07:28 252 a------- c:\program files\ProduKey.cfg
2009-03-29 07:15 863,499 a------- c:\program files\setupDTM.zip
2009-03-16 20:51 607,640 a------- c:\program files\jre-6u12-windows-i586-p-iftw.exe
2009-03-15 15:09 2,565,056 a------- c:\program files\DefragSetup.exe
2009-03-15 14:54 137,728 a------- c:\program files\clickme.exe
2009-03-15 14:40 4,474,469 a------- c:\program files\quickzip.exe
2009-03-15 14:32 1,508,352 a------- c:\program files\CM-MeltDown.exe
2009-03-15 14:29 1,476,801 a------- c:\program files\CM-MeltDown.zip
2009-03-15 10:17 43,265,912 a------- c:\program files\5.05.54.00_ntune_winxp_international.exe
2009-03-15 09:38 80,756,000 a------- c:\program files\182.08_geforce_winxp_32bit_english_whql.exe
2009-03-15 03:40 25,740,144 a------- c:\program files\wmp11-windowsxp-x86-enu.exe
2009-03-15 03:31 4,909,440 a------- c:\program files\Silverlight.2.0.exe
2009-03-15 03:03 16,939,888 a------- c:\program files\IE8-WindowsXP-x86-ENU.exe
2009-03-15 02:25 15,452,536 a------- c:\program files\IE7-WindowsXP-x86-enu.exe
2009-03-15 00:17 7,918,360 a------- c:\program files\Firefox Setup 3.1 Beta 3.exe
2009-03-14 23:46 2,876,720 a------- c:\program files\mbam-setup.exe
2009-03-14 23:40 62,270,256 a------- c:\program files\avg_free_stf_en_85_278a1439.exe
2009-02-13 20:00 14,957 a------- c:\program files\cpuz-readme.txt
2009-02-13 19:56 1,527,808 a------- c:\program files\cpuz.exe
2008-10-15 21:12 180 a------- c:\program files\cpuz.ini
2008-08-23 12:50 69,312 a------- c:\program files\WinRing0x64.dll
2008-08-23 12:49 72,896 a------- c:\program files\WinRing0.dll
2008-07-26 22:30 14,544 a------- c:\program files\WinRing0x64.sys
2008-07-26 22:30 14,416 a------- c:\program files\WinRing0.sys
2008-03-23 18:03 640 a------- c:\program files\SoftKeyRevealer.exe.manifest
2008-01-02 11:42 1,274 a------- c:\program files\COPYRIGHT.txt
2007-11-06 04:02 14,696 a------- c:\program files\ProduKey.chm
2007-11-06 03:20 29,696 a------- c:\program files\ProduKey.exe
2000-05-20 21:03 128,512 a------- c:\program files\StartupMonitor.msi

============= FINISH: 14:50:25.53 ===============


I also would like to know when I could add the attach, because it just stays on my desktop until one of you tell me to use it.

Hello.
Attach.txt doesn't really help me in finding out if there is indeed malware on the machine, it just shows me a few extra things.

The log looks good, aside from there is a lot of exe/zip files in Program Files folder, any of which could be infected if it didn't come from a legit website.

Firefox could use updating from an old beta version to 3.5.3.

So.... that means..... No virus, or what? Kinda doesn't give me a full answer... But it sounded good! (Plus, I didn't really know what you mean about the files, but, if I knew, I'd try it myself! But you guys are better!)

I'll try and explain it. If you look at the bottom bit of your DDS log, see where it shows all them C:\Program Files\xxx.exe or xxx.zip? do you know what they are/where they came from?

Please download Firefox 3.5.3 and install it. It will install over version 3.1 beta you currently have installed, so you won't lose any bookmarked websites.

Ok, I just installed the newest Firefox, and I'm really sorry, but I have no clue what those files are or where they came from, I'm not really good at recognizing stuff on computers... So, I'd like to know what I should do, and if my computer isn't as good as it should be.

Also, I have another question, since another firefox icon is showing up on my screen, should I delete my firefox 3.1 beta?

Yes.

Please download the OTMoveIt by OldTimer.

• Save it to your desktop.
  
• Please double-click OTM.exe to run it.
  
• Copy the bolded text below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  
  :files
  C:\Program Files\*.exe
  C:\Program Files\*.zip
  C:\Program Files\*.cfg
  C:\Program Files\*.txt
  C:\Program Files\*.chm
  C:\Program Files\*.msi
  C:\Program Files\*.sys
  C:\Program Files\*.dll
  C:\Program Files\*.ini
  
  
  
• Return to OTMoveIt, right click in the "Paste instructions for items to be Moved" window (under the light blue bar) and choose Paste.
  
• Click the red Moveit! button.
  
• Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  
• Close OTMoveIt
  

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Please post the OTMoveIt log.

One last thing, I save the attach and dds to my file, so may I delete them now?

Yes.

Well, I really don't know what you mean by the clipboard, but here are the results.


========== FILES ==========
C:\Program Files\182.08_geforce_winxp_32bit_english_whql.exe moved successfully.
C:\Program Files\5.05.54.00_ntune_winxp_international.exe moved successfully.
C:\Program Files\asc-setup.exe moved successfully.
C:\Program Files\avg_free_stf_en_85_278a1439.exe moved successfully.
C:\Program Files\clickme.exe moved successfully.
C:\Program Files\CM-MeltDown.exe moved successfully.
C:\Program Files\cpuz.exe moved successfully.
C:\Program Files\DefragSetup.exe moved successfully.
C:\Program Files\Firefox Setup 3.1 Beta 3.exe moved successfully.
C:\Program Files\IE7-WindowsXP-x86-enu.exe moved successfully.
C:\Program Files\IE8-WindowsXP-x86-ENU.exe moved successfully.
C:\Program Files\installspeedfan437.exe moved successfully.
C:\Program Files\jre-6u12-windows-i586-p-iftw.exe moved successfully.
C:\Program Files\mbam-setup.exe moved successfully.
C:\Program Files\NetFx20SP2_x86.exe moved successfully.
C:\Program Files\ProduKey.exe moved successfully.
C:\Program Files\quickzip.exe moved successfully.
C:\Program Files\sdsetup.exe moved successfully.
C:\Program Files\Silverlight.2.0.exe moved successfully.
C:\Program Files\SoftKeyRevealer.exe moved successfully.
C:\Program Files\wmp11-windowsxp-x86-enu.exe moved successfully.
C:\Program Files\CM-MeltDown.zip moved successfully.
C:\Program Files\CoreTemp.zip moved successfully.
C:\Program Files\RealTempBeta.zip moved successfully.
C:\Program Files\setupDTM.zip moved successfully.
C:\Program Files\SoftKeyRevealer.zip moved successfully.
C:\Program Files\ProduKey.cfg moved successfully.
C:\Program Files\COPYRIGHT.txt moved successfully.
C:\Program Files\cpuz-readme.txt moved successfully.
C:\Program Files\ReadMe.txt moved successfully.
C:\Program Files\ProduKey.chm moved successfully.
C:\Program Files\StartupMonitor.msi moved successfully.
C:\Program Files\WinRing0.sys moved successfully.
C:\Program Files\WinRing0x64.sys moved successfully.
DllUnregisterServer procedure not found in C:\Program Files\WinRing0.dll
C:\Program Files\WinRing0.dll NOT unregistered.
C:\Program Files\WinRing0.dll moved successfully.
LoadLibrary failed for C:\Program Files\WinRing0x64.dll
C:\Program Files\WinRing0x64.dll NOT unregistered.
C:\Program Files\WinRing0x64.dll moved successfully.
C:\Program Files\cpuz.ini moved successfully.

OTM by OldTimer - Version 3.0.0.6 log created on 10192009_164609


Also, I don't mean to be pushy, but I really need this to get done soon, or at least know if my computer doesn't have a virus, because of something that just happened today, I don't mind if it doesn't happen, but I just hope it could hurry up. (I'm sorry if I'm being pushy!)

Also, apparently, I'm in a completely different timezone, like 12 hours apart, so, I guess that's one of the reasons it's so slow...

Please download ComboFix from BleepingComputer.com

Rename ComboFix.exe to commy.exe before you save it to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
  
• Click Start>Run then copy paste the following command into the Run box & click OK "%userprofile%\desktop\commy.exe" /stepdel
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console

Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

• Click on Yes, to continue scanning for malware.
  
• When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.
  

I would also like to see a list of installed programs, so please do this:
Click Start > Run then copy/paste the following single-line command into the Run box and click OK:

C:\Qoobox\Add-Remove Programs.txt

In your next reply, please include the ComboFix log and the Add-Remove Programs log.

There is just one thing, why is it that you posted the same thing on both of my forums? Because it is real important? (I'm terribly sorry, but I'm doing this tomorrow, because it's kinda late, I'm sorry...)

Actually, I never realized that. No big deal. The other topic is in the trash. This one needs continued. Read this topic: http://www.geekpolice.net/virus-spyware-malware-removal-f11/no-reply-for-2-days-t5764.htm

Ok, that kinda confused me, so I now have these questions:
1: Why is it locked?
2: Is the end task bar thing important?
3: I'll try to do the stuff today since it long weekend.
4:Like I said is there a virus or not?
5: The only reason I did this was so that I could check if I had a virus that could interfere with a friend of mine upgrading my video card and CPU so I could play a game...And...So far, there really hasn't been a real, "Yes, you have one, or, No, u don't." So I'm just saying, but so far, thanks for all of the help!

Hi

I cannot really tell if it is a virus, but please post the ComboFix log and we can find out.

One more thing, even though you said to drop it, should I still go into safe mode for this?

If you can do it in Normal Mode, please do. If it will not functions, then Safe Mode is suggested. Do you need help booting in to Safe Mode? Any more questions, please ask.

No, I think that I can get into safe mode easily enough, but the part I'm bugged about is to delete my anti virus and anti spyware stuff, kinda makes me feel like it could get worse, (Plus, kinda don't know how!)
Oh man, I'm really sorry if this is bugging you that I really am not doing this right now and that I stink at this.....

I just said to disable it temporarily. You will have to so the proper tools can work to remove the threats on the computer.