I have a PC that is so slow. Help Me, Mr Wizard!

[Marcos]

HI

Well, ran MBAM, Avri and some others and then the HiJackThis. So here are my 2 logs. Thanks for help.

Malwarebytes' Anti-Malware 1.32

Database version: 1647

Windows 5.1.2600 Service Pack 3

1/14/2009 7:09:29 AM

mbam-log-2009-01-14 (07-09-28).txt

Scan type: Quick Scan

Objects scanned: 75856

Time elapsed: 21 minute(s), 30 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 12:04:47 PM, on 1/14/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\WINDOWS\system32\bgsvcgen.exe

C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe

C:\Program Files\IMSafer\bin\imslive.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxddserv.exe

C:\WINDOWS\system32\lxddcoms.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Viewpoint\Common\ViewpointService.exe

C:\WINDOWS\wanmpsvc.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\ALCXMNTR.EXE

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\WINDOWS\system32\VTTimer.exe

C:\WINDOWS\AGRSMMSG.exe

C:\Program Files\Lexmark 2500 Series\lxddamon.exe

C:\Program Files\Nova Development\Photo Explosion 3.0 SE\calcheck.exe

C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

C:\Program Files\Common Files\AOL\1227144406\ee\AOLSoftware.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\Program Files\COMODO\SafeSurf\cssurf.exe

C:\Program Files\COMODO\COMODO Internet Security\cfp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\AnalogX\MaxMem\maxmem.exe

C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\Program Files\Mozilla Firefox\firefox.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll (file missing)

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll (file missing)

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll (file missing)

O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll

O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll

O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN

O4 - HKLM\..\Run: [lxddmon.exe] "C:\Program Files\Lexmark 2500 Series\lxddmon.exe"

O4 - HKLM\..\Run: [lxddamon] "C:\Program Files\Lexmark 2500 Series\lxddamon.exe"

O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s

O4 - HKLM\..\Run: [PhotoExplosionCalCheck] C:\Program Files\Nova Development\Photo Explosion 3.0 SE\calcheck.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1227144406\ee\AOLSoftware.exe

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [COMODO SafeSurf] "C:\Program Files\COMODO\SafeSurf\cssurf.exe" -s

O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')

O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\Palm\Hotsync.exe

O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html

O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O15 - Trusted Zone: http://toolbar.imageshack.us

O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://echat.bellsouth.net/sdccommon/download/tgctlcm.cab

O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab

O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://www.lizardtech.com/download/files/w...ntrol_sp_SP.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by118w.bay118.mail.live.com/mail/re...es/MsnPUpld.cab

O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://static.slide.com/uploader/SlideImageUploader.cab

O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Facebo...toUploader2.cab

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase8300.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1168558700718

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab

O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll C:\WINDOWS\system32\cssdll32.dll

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe

O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe

O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: IMSafer Live (ImSaferLive) - Crisp Thinking - C:\Program Files\IMSafer\bin\imslive.exe

O23 - Service: IMSafer (ImSaferService) - Crisp Thinking - C:\Program Files\IMSafer\bin\imsc.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: lxddCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxddserv.exe

O23 - Service: lxdd_device - - C:\WINDOWS\system32\lxddcoms.exe

O23 - Service: McAfee Scanner (McODS) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe (file missing)

O23 - Service: McAfee Proxy Service (McProxy) - Unknown owner - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (file missing)

O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\McShield.exe

O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - Unknown owner - C:\Program Files\McAfee\MPF\MPFSrv.exe (file missing)

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--

End of file - 12684 bytes

Is he going to live Doctor?

Thanks again for all your help! Marcos

[Tigger93]

Download ComboFix from one of the locations below, and save it to your Desktop.

Link 1

Link 2

Link 3

Double click combofix.exe and follow the prompts. Please, never rename Combofix unless instructed.

When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply

Note: Do not mouseclick combofix's window while its running. That may cause it to stall

[Marcos]

Hello

I don't see no log from combofix, and I have to click on screen because comodo keeps finding virus whenever i run combofix.

Marcos

[Tigger93]

Disable Comodo then run it.

[Marcos]

Hello!

Ok I disabled comodo and ran combofix, then an error pops up Titled 32788R22FWJFW\hidec.exe

Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item.

So I press OK, the the comodo screen comes up with the Disable all protection radio button highlighted and the Enable all protection with the exception radio button, not highlighted. So I close that window and nothing else happens.

Marcos

[Tigger93]

download OTScanIt2.exe to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt2 on your desktop.

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.

• Close ALL OTHER PROGRAMS.
  
• Open the OTScanIt2 folder and double-click on OTScanIt2.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).
  
• Click the Scan All Users checkbox on the toolbar.
  
• Do not change any other settings.
  
• Now click the Run Scan button on the toolbar.
  
• Let it run unhindered until it finishes.
  
• When the scan is complete Notepad will open with the report file loaded in it.
  
• Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
  
• Close Notepad (saving the change if necessry).
  

Use the Add Reply button and Attach the scan back here (do not copy/paste it as it will be too big to fit into the post). It will be located in the OTScanIt2 folder and named OTScanIt.txt.

I will review it when it comes in.

[Marcos]

Hello

When you say close all other programs, I taking that means to close all the items in my task bar too, correct!

Marcos

[Tigger93]

Not need to worry about closing any programs.

[Marcos]

Ok here is the OTScanIt2 attachment

I'll be here. and thanks!

Marcos

OTScanIt.Txt

OTScanIt.Txt

[Marcos]

Here is an updated MBAM.

Malwarebytes' Anti-Malware 1.32

Database version: 1653

Windows 5.1.2600 Service Pack 3

1/14/2009 4:08:51 PM

mbam-log-2009-01-14 (16-08-51).txt

Scan type: Quick Scan

Objects scanned: 75463

Time elapsed: 15 minute(s), 14 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

[Marcos]

and here is an updated HiJackThis log

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 4:12:34 PM, on 1/14/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\ALCXMNTR.EXE

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\WINDOWS\system32\VTTimer.exe

C:\WINDOWS\AGRSMMSG.exe

C:\Program Files\Nova Development\Photo Explosion 3.0 SE\calcheck.exe

C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

C:\Program Files\Common Files\AOL\1227144406\ee\AOLSoftware.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe

C:\Program Files\IMSafer\bin\imslive.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\wanmpsvc.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll (file missing)

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll (file missing)

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll (file missing)

O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll

O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN

O4 - HKLM\..\Run: [PhotoExplosionCalCheck] C:\Program Files\Nova Development\Photo Explosion 3.0 SE\calcheck.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1227144406\ee\AOLSoftware.exe

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [COMODO SafeSurf] "C:\Program Files\COMODO\SafeSurf\cssurf.exe" -s

O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')

O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\Palm\Hotsync.exe

O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O15 - Trusted Zone: http://toolbar.imageshack.us

O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://echat.bellsouth.net/sdccommon/download/tgctlcm.cab

O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab

O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://www.lizardtech.com/download/files/w...ntrol_sp_SP.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by118w.bay118.mail.live.com/mail/re...es/MsnPUpld.cab

O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://static.slide.com/uploader/SlideImageUploader.cab

O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Facebo...toUploader2.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1168558700718

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe

O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe

O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: IMSafer Live (ImSaferLive) - Crisp Thinking - C:\Program Files\IMSafer\bin\imslive.exe

O23 - Service: IMSafer (ImSaferService) - Crisp Thinking - C:\Program Files\IMSafer\bin\imsc.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: McAfee Scanner (McODS) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe (file missing)

O23 - Service: McAfee Proxy Service (McProxy) - Unknown owner - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (file missing)

O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\McShield.exe

O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - Unknown owner - C:\Program Files\McAfee\MPF\MPFSrv.exe (file missing)

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--

End of file - 10692 bytes

[Tigger93]

Paste this into the fix box:

[Kill Explorer][Processes - Safe List]YN -> alcxmntr.exe -> %SystemRoot%\ALCXMNTR.EXE[Win32 Services - Safe List]YN -> (gusvc) Google Updater Service [Win32_Own | On_Demand | Stopped] -> [Registry - Safe List]< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\YN -> {02478D38-C3F9-4efb-9B51-7695ECA05670} [HKLM] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]YN -> WebBrowser\\"{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}" [HKLM] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]YN -> WebBrowser\\"{1017A80C-6F09-4548-A84D-EDD6AC9525F0}" [HKLM] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]YN -> WebBrowser\\"{A057A204-BACC-4D26-9990-79A187E2698E}" [HKLM] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]YN -> WebBrowser\\"{C17590D2-ECB4-4B15-8820-F58798DCC118}" [HKLM] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]< Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-839522115-706699826-682003330-1003\] > -> HKEY_USERS\S-1-5-21-839522115-706699826-682003330-1003\Software\Microsoft\Internet Explorer\Toolbar\YN -> WebBrowser\\"{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}" [HKLM] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]YN -> WebBrowser\\"{1017A80C-6F09-4548-A84D-EDD6AC9525F0}" [HKLM] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]YN -> WebBrowser\\"{A057A204-BACC-4D26-9990-79A187E2698E}" [HKLM] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]YN -> WebBrowser\\"{C17590D2-ECB4-4B15-8820-F58798DCC118}" [HKLM] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunYN -> "AlcxMonitor" -> %SystemRoot%\ALCXMNTR.EXE [ALCXMNTR.EXE]< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ListYN -> "C:\Documents and Settings\Alicea\Local Settings\Temp\WZSE0.TMP\SymNRT.exe" -> C:\Documents and Settings\Alicea\Local Settings\Temp\WZSE0.TMP\SymNRT.exe [C:\Documents and Settings\Alicea\Local Settings\Temp\WZSE0.TMP\SymNRT.exe:*:Enabled:Norton Removal Tool][Files/Folders - Created Within 30 Days]NY -> 2 C:\*.tmp files -> C:\*.tmpNY -> 1 C:\Documents and Settings\Alicea\My Documents\*.tmp files -> C:\Documents and Settings\Alicea\My Documents\*.tmpNY -> CF14377.exe -> %SystemRoot%\System32\CF14377.exeNY -> cmd.execf -> %SystemRoot%\System32\cmd.execfNY -> 32788R22FWJFW -> %SystemDrive%\32788R22FWJFWNY -> CF13701.exe -> %SystemRoot%\System32\CF13701.exeNY -> CF13697.exe -> %SystemRoot%\System32\CF13697.exeNY -> 32788R22FWJFW.1.tmp -> %SystemDrive%\32788R22FWJFW.1.tmpNY -> Start_.cmd -> %SystemDrive%\Start_.cmdNY -> CF10102.exe -> %SystemRoot%\System32\CF10102.exeNY -> CF10109.exe -> %SystemRoot%\System32\CF10109.exeNY -> 32788R22FWJFW.0.tmp -> %SystemDrive%\32788R22FWJFW.0.tmpNY -> ComboFix.exe -> %UserProfile%\Desktop\ComboFix.exeNY -> cssdll32.dll -> %SystemRoot%\System32\cssdll32.dll[Files/Folders - Modified Within 30 Days]NY -> 2 C:\*.tmp files -> C:\*.tmpNY -> 6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmpNY -> 4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmpNY -> 1 C:\Documents and Settings\Alicea\My Documents\*.tmp files -> C:\Documents and Settings\Alicea\My Documents\*.tmpNY -> 4 C:\Documents and Settings\Alicea\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Alicea\Local Settings\Temp\*.tmpNY -> Start_.cmd -> %SystemDrive%\Start_.cmdNY -> cmd.execf -> %SystemRoot%\System32\cmd.execfNY -> CF14377.exe -> %SystemRoot%\System32\CF14377.exeNY -> cmd.execf -> %UserProfile%\Local Settings\Temp\cmd.execfNY -> CF13701.exe -> %SystemRoot%\System32\CF13701.exeNY -> CF13697.exe -> %SystemRoot%\System32\CF13697.exeNY -> CF10109.exe -> %SystemRoot%\System32\CF10109.exeNY -> CF10102.exe -> %SystemRoot%\System32\CF10102.exeNY -> cssdll32.dll -> %SystemRoot%\System32\cssdll32.dllNY -> vmpremov.exe -> %UserProfile%\Local Settings\Temp\vmpremov.exe[Alternate Data Streams]NY -> @Alternate Data Stream - 0 bytes -> %UserProfile%\My Documents\Thumbs.db:encryptable[Purity][Empty Temp Folders][start Explorer]

Then run the fix. Please post the log it produces.

[Marcos]

Hello

I tried to run another combofix, but again the same error message popped up, titled

32788R22FWJFW\hide.exe Windows cannot access the specified device, path or file. You may not have the appropriate permissions to access the item.

Thanks Marcos

[Marcos]

Hello

Sorry, but which fix box do I paste that into, sorry for the questions.

Marcos

[Tigger93]

The box that says "paste fix here".

[Marcos]

Douhh, I'm an idiot, I didn't see the box before.

Process Explorer.EXE killed successfully!

[Processes - Safe List]

Process alcxmntr.exe killed successfully!

[Win32 Services - Safe List]

Service gusvc stopped successfully!

[Registry - Safe List]

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\WebBrowser\\"{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}"\ not found.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\WebBrowser\\"{1017A80C-6F09-4548-A84D-EDD6AC9525F0}"\ not found.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\WebBrowser\\"{A057A204-BACC-4D26-9990-79A187E2698E}"\ not found.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\WebBrowser\\"{C17590D2-ECB4-4B15-8820-F58798DCC118}"\ not found.

Registry value HKEY_USERS\S-1-5-21-839522115-706699826-682003330-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}\ not found.

Registry value HKEY_USERS\S-1-5-21-839522115-706699826-682003330-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{1017A80C-6F09-4548-A84D-EDD6AC9525F0} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1017A80C-6F09-4548-A84D-EDD6AC9525F0}\ not found.

Registry value HKEY_USERS\S-1-5-21-839522115-706699826-682003330-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{A057A204-BACC-4D26-9990-79A187E2698E} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}\ not found.

Registry value HKEY_USERS\S-1-5-21-839522115-706699826-682003330-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C17590D2-ECB4-4B15-8820-F58798DCC118} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C17590D2-ECB4-4B15-8820-F58798DCC118}\ not found.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\AlcxMonitor deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\Alicea\Local Settings\Temp\WZSE0.TMP\SymNRT.exe deleted successfully.

[Files/Folders - Created Within 30 Days]

C:\32788R22FWJFW.0.tmp\N_ folder deleted successfully.

File delete failed. C:\32788R22FWJFW.0.tmp\hidec.exe scheduled to be deleted on reboot.

File delete failed. C:\32788R22FWJFW.0.tmp\psexec.cfexe scheduled to be deleted on reboot.

File delete failed. C:\32788R22FWJFW.1.tmp\hidec.exe scheduled to be deleted on reboot.

File delete failed. C:\32788R22FWJFW.1.tmp\psexec.cfexe scheduled to be deleted on reboot.

C:\32788R22FWJFW.2.tmp\N_ folder deleted successfully.

File delete failed. C:\32788R22FWJFW.2.tmp\hidec.exe scheduled to be deleted on reboot.

File delete failed. C:\32788R22FWJFW.2.tmp\psexec.cfexe scheduled to be deleted on reboot.

C:\WINDOWS\System32\CF14377.exe moved successfully.

C:\WINDOWS\System32\cmd.execf moved successfully.

C:\32788R22FWJFW\N_ folder moved successfully.

C:\32788R22FWJFW folder moved successfully.

C:\WINDOWS\System32\CF13701.exe moved successfully.

C:\WINDOWS\System32\CF13697.exe moved successfully.

C:\32788R22FWJFW.1.tmp folder moved successfully.

C:\Start_.cmd moved successfully.

C:\WINDOWS\System32\CF10102.exe moved successfully.

C:\WINDOWS\System32\CF10109.exe moved successfully.

C:\32788R22FWJFW.0.tmp folder moved successfully.

C:\Documents and Settings\Alicea\Desktop\ComboFix.exe moved successfully.

C:\WINDOWS\System32\cssdll32.dll moved successfully.

[Files/Folders - Modified Within 30 Days]

File delete failed. C:\32788R22FWJFW.2.tmp\hidec.exe scheduled to be deleted on reboot.

File delete failed. C:\32788R22FWJFW.2.tmp\psexec.cfexe scheduled to be deleted on reboot.

C:\Documents and Settings\Alicea\Local Settings\Temp\WZSE0.TMP folder deleted successfully.

File C:\Start_.cmd not found!

File C:\WINDOWS\System32\cmd.execf not found!

File C:\WINDOWS\System32\CF14377.exe not found!

C:\Documents and Settings\Alicea\Local Settings\Temp\cmd.execf moved successfully.

File C:\WINDOWS\System32\CF13701.exe not found!

File C:\WINDOWS\System32\CF13697.exe not found!

File C:\WINDOWS\System32\CF10109.exe not found!

File C:\WINDOWS\System32\CF10102.exe not found!

File C:\WINDOWS\System32\cssdll32.dll not found!

C:\Documents and Settings\Alicea\Local Settings\Temp\vmpremov.exe moved successfully.

[Alternate Data Streams]

ADS C:\Documents and Settings\Alicea\My Documents\Thumbs.db:encryptable deleted successfully.

[Purity]

Purity scan complete.

[Empty Temp Folders]

User's Temp folder emptied.

User's Temporary Internet Files folder emptied.

User's Internet Explorer cache folder emptied.

Local Service Temp folder emptied.

Local Service Temporary Internet Files folder emptied.

File delete failed. C:\WINDOWS\temp\sqlite_d0fFL4ylILB1Jla scheduled to be deleted on reboot.

Windows Temp folder emptied.

Java cache emptied.

FireFox cache emptied.

RecycleBin -> emptied.

Explorer started successfully

< End of fix log >

OTScanIt2 by OldTimer - Version 1.0.6.2 fix logfile created on 01142009_164131

Files moved on Reboot...

File C:\32788R22FWJFW.0.tmp\hidec.exe not found!

File C:\32788R22FWJFW.0.tmp\psexec.cfexe not found!

File C:\32788R22FWJFW.0.tmp not found!

File C:\32788R22FWJFW.1.tmp\hidec.exe not found!

File C:\32788R22FWJFW.1.tmp\psexec.cfexe not found!

File C:\32788R22FWJFW.1.tmp not found!

C:\32788R22FWJFW.2.tmp\hidec.exe moved successfully.

C:\32788R22FWJFW.2.tmp\psexec.cfexe moved successfully.

C:\32788R22FWJFW.2.tmp folder moved successfully.

File C:\WINDOWS\temp\sqlite_d0fFL4ylILB1Jla not found!

Registry entries deleted on Reboot...

Thanks Marcos

[Tigger93]

Please download a new copy of Combofix and see if it will run.

[Marcos]

Hi

Combofix can now run and here is the combofix and hijackthis log.

ComboFix 09-01-13.04 - Alicea 2009-01-14 23:00:38.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.191.30 [GMT -6:00]

Running from: c:\documents and settings\Alicea\Desktop\ComboFix.exe

AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated)

* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\Alicea\Favorites\Download programs.url

c:\documents and settings\Alicea\Favorites\Games.url

c:\documents and settings\Alicea\Favorites\Translator.url

c:\documents and settings\Alicea\Favorites\Videos.url

c:\documents and settings\Alicea\Start Menu\Programs\Download programs.url

c:\documents and settings\Alicea\Start Menu\Programs\Games.url

c:\documents and settings\Alicea\Start Menu\Programs\Translator.url

c:\documents and settings\Alicea\Start Menu\Programs\Videos.url

c:\documents and settings\jorge\Application Data\FunWebProducts

c:\documents and settings\jorge\Application Data\FunWebProducts\Data\jorge\avatar.dat

c:\documents and settings\jorge\Application Data\FunWebProducts\Data\jorge\register.dat

.

((((((((((((((((((((((((( Files Created from 2008-12-15 to 2009-01-15 )))))))))))))))))))))))))))))))

.

2009-01-14 23:08 . 2009-01-14 23:08 101,136 --a------ c:\windows\system32\WPRO_40_755woem.tmp

2009-01-14 22:56 . 2009-01-14 22:57 <DIR> d-------- C:\32788R22FWJFW

2009-01-14 22:31 . 2009-01-14 22:31 <DIR> d-------- c:\program files\CCleaner

2009-01-14 20:38 . 2009-01-14 20:38 <DIR> d-------- c:\program files\Avira

2009-01-14 20:38 . 2009-01-14 20:38 <DIR> d-------- c:\documents and settings\All Users\Application Data\Avira

2009-01-14 20:09 . 2009-01-14 20:41 <DIR> d-------- c:\program files\IObit

2009-01-14 20:09 . 2009-01-14 20:41 <DIR> d-------- c:\documents and settings\Alicea\Application Data\IObit

2009-01-14 19:48 . 2009-01-14 19:48 3,580 --a------ c:\windows\system32\PerfStringBackup.TMP

2009-01-14 16:41 . 2009-01-14 16:41 <DIR> d-------- C:\_OTScanIt

2009-01-14 14:25 . 2009-01-14 14:25 <DIR> d-------- c:\documents and settings\All Users\Application Data\NortonInstaller

2009-01-13 22:45 . 2009-01-14 22:07 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft

2009-01-13 21:23 . 2009-01-14 12:27 <DIR> d-------- c:\program files\Spybot - Search & Destroy

2009-01-13 21:23 . 2009-01-14 22:33 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2009-01-13 12:29 . 2009-01-13 12:29 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com

2009-01-13 12:24 . 2009-01-13 12:25 <DIR> d-------- c:\program files\SUPERAntiSpyware

2009-01-13 12:24 . 2009-01-13 12:24 <DIR> d-------- c:\documents and settings\Alicea\Application Data\SUPERAntiSpyware.com

2009-01-13 12:23 . 2009-01-14 22:07 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard

2009-01-13 12:22 . 2009-01-13 12:22 <DIR> d-------- c:\program files\Trend Micro

2009-01-13 11:37 . 2009-01-14 18:53 <DIR> d-------- c:\documents and settings\All Users\Application Data\_comodo_

2009-01-12 21:00 . 2009-01-12 21:00 <DIR> d-------- c:\program files\AskBarDis

2009-01-12 20:57 . 2009-01-14 19:02 <DIR> d-------- c:\program files\COMODO

2009-01-12 20:57 . 2009-01-14 19:02 <DIR> d-------- c:\documents and settings\All Users\Application Data\comodo

2009-01-12 19:13 . 2009-01-12 19:13 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware

2009-01-12 19:13 . 2009-01-12 19:13 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes

2009-01-12 19:13 . 2009-01-12 19:13 <DIR> d-------- c:\documents and settings\Alicea\Application Data\Malwarebytes

2009-01-12 19:13 . 2009-01-04 18:38 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys

2009-01-12 19:13 . 2009-01-04 18:38 15,504 --a------ c:\windows\system32\drivers\mbam.sys

2009-01-12 18:05 . 2009-01-12 18:05 <DIR> d-------- c:\program files\AnalogX

2009-01-06 12:59 . 2008-04-17 13:12 107,368 --a------ c:\windows\system32\GEARAspi.dll

2009-01-06 12:59 . 2008-04-17 13:12 15,464 --a------ c:\windows\system32\drivers\GEARAspiWDM.sys

2009-01-06 12:58 . 2009-01-06 12:58 <DIR> d-------- c:\program files\iTunes

2009-01-06 12:58 . 2009-01-06 12:58 <DIR> d-------- c:\program files\iPod

2009-01-06 12:58 . 2009-01-06 12:58 <DIR> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}

2009-01-06 12:52 . 2009-01-06 12:52 <DIR> d-------- c:\program files\Apple Software Update

2009-01-06 12:51 . 2008-11-07 14:23 32,000 --a------ c:\windows\system32\drivers\usbaapl.sys

2009-01-06 12:50 . 2009-01-06 12:50 <DIR> d-------- c:\program files\Common Files\Apple

2009-01-06 12:50 . 2009-01-06 12:50 <DIR> d-------- c:\documents and settings\All Users\Application Data\Apple

2009-01-03 01:58 . 2009-01-04 12:14 6,815 --a------ c:\windows\system32\Config.MPF

2009-01-03 01:08 . 2007-11-22 06:44 33,832 --a------ c:\windows\system32\drivers\mferkdk.sys

2009-01-03 01:07 . 2007-07-13 06:20 113,952 --a------ c:\windows\system32\drivers\Mpfp.sys

2009-01-03 01:01 . 2009-01-12 18:54 <DIR> d-------- c:\program files\Common Files\McAfee

2009-01-03 01:00 . 2009-01-12 18:54 <DIR> d-------- c:\program files\McAfee

2009-01-02 17:07 . 2009-01-02 17:13 <DIR> d-------- c:\documents and settings\Alicea\Application Data\LimeWire

2009-01-02 17:06 . 2009-01-03 09:17 <DIR> d-------- c:\program files\LimeWire

2008-12-29 17:43 . 2008-12-29 17:43 <DIR> d-------- c:\program files\Unity

2008-12-29 14:22 . 2008-12-29 14:22 <DIR> d-------- c:\documents and settings\All Users\Application Data\Blizzard

2008-12-29 14:15 . 2008-12-29 14:15 <DIR> d-------- c:\program files\Common Files\Blizzard Entertainment

2008-12-29 11:54 . 2001-08-17 13:48 12,160 --a------ c:\windows\system32\drivers\mouhid.sys

2008-12-29 11:54 . 2001-08-17 13:48 12,160 --a--c--- c:\windows\system32\dllcache\mouhid.sys

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-01-14 21:06 --------- d-----w c:\documents and settings\All Users\Application Data\Viewpoint

2009-01-14 20:39 --------- d-----w c:\program files\Common Files\Symantec Shared

2009-01-14 20:17 --------- d-----w c:\program files\QuickTime

2009-01-14 20:17 --------- d-----w c:\program files\Palm

2009-01-14 20:16 --------- d-----w c:\program files\Java

2009-01-14 20:16 --------- d-----w c:\program files\HP

2009-01-14 20:16 --------- d-----w c:\program files\Google

2009-01-14 20:16 --------- d-----w c:\program files\eMule

2009-01-14 20:16 --------- d-----w c:\program files\DivX

2009-01-14 20:16 --------- d-----w c:\program files\Common Files\Nullsoft

2009-01-14 20:16 --------- d-----w c:\program files\Ahead

2009-01-14 20:08 --------- d-----w c:\program files\Windows Live Safety Center

2009-01-14 20:07 --------- d-----w c:\program files\Windows Live Toolbar

2009-01-13 00:54 --------- d-----w c:\documents and settings\All Users\Application Data\McAfee

2009-01-13 00:49 --------- d-----w c:\documents and settings\All Users\Application Data\avg8

2009-01-12 00:20 --------- d-----w c:\program files\Lx_cats

2009-01-07 18:21 --------- d-----w c:\documents and settings\Alicea\Application Data\Apple Computer

2009-01-06 18:54 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer

2008-12-29 21:19 --------- d--h--w c:\program files\InstallShield Installation Information

2008-12-29 21:19 --------- d-----w c:\program files\SplashData

2008-12-29 21:03 --------- d-----w c:\program files\Common Files\AOL

2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys

2008-11-20 02:16 --------- d-----w c:\documents and settings\All Users\Application Data\AOL

2008-11-20 01:49 --------- d-----w c:\program files\AOL 9.0

2008-11-20 01:46 --------- d-----w c:\documents and settings\Alicea\Application Data\AOL

2008-11-20 01:39 --------- d-----w c:\program files\Common Files\aolshare

2008-11-20 01:22 --------- d-----w c:\documents and settings\All Users\Application Data\AOL Downloads

2008-11-19 13:43 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP

2008-08-30 14:13 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008083020080831\index.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]

2008-08-06 15:20 279944 --a------ c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-08-06 279944]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]

[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"REGSHAVE"="c:\program files\REGSHAVE\REGSHAVE.EXE" [2002-02-04 53248]

"PhotoExplosionCalCheck"="c:\program files\Nova Development\Photo Explosion 3.0 SE\calcheck.exe" [2006-09-20 69632]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]

"HostManager"="c:\program files\Common Files\AOL\1227144406\ee\AOLSoftware.exe" [2006-09-25 50736]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]

"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]

"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 c:\windows\AGRSMMSG.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2006-10-26 434528]

c:\documents and settings\Alicea\Start Menu\Programs\Startup\

MaxMem.lnk - c:\program files\AnalogX\MaxMem\maxmem.exe [2009-01-12 75780]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoPopUpsOnBoot"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2008-12-22 11:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk

backup=c:\windows\pss\America Online 9.0 Tray Icon.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AOL Companion.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\AOL Companion.lnk

backup=c:\windows\pss\AOL Companion.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HotSync Manager.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HotSync Manager.lnk

backup=c:\windows\pss\HotSync Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

--a--c--- 2003-08-04 16:28 49152 c:\program files\HP\HP Software Update\hpwuSchd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]

--a--c--- 2005-01-19 11:45 458752 c:\program files\Logitech\Video\ISStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]

--a------ 2005-01-19 11:39 217088 c:\program files\Logitech\Video\LogiTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

--a------ 2001-07-09 09:50 155648 c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

--a------ 2008-11-04 10:30 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]

--a------ 2007-06-20 16:41 26112 c:\program files\Real\RealPlayer\realplay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=

"c:\\Program Files\\IMSafer\\bin\\imsc.exe"=

"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=

"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=

"c:\\Program Files\\Common Files\\AOL\\1227144406\\ee\\aolsoftware.exe"=

"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=

"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=

"c:\\Program Files\\AOL 9.0\\waol.exe"=

"c:\\Documents and Settings\\Alicea\\My Documents\\My Music\\eMule\\emule.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2008-12-22 8944]

R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2008-12-22 55024]

R3 Eacfilt;Eacfilt Miniport;c:\windows\system32\drivers\eacfilt.sys [2007-08-20 9049]

R3 WPRO_40_755;WinPcap Packet Driver (WPRO_40_755);c:\windows\system32\drivers\WPRO_40_755.sys --> c:\windows\system32\drivers\WPRO_40_755.sys [?]

R4 ImSaferLive;IMSafer Live;c:\program files\IMSafer\bin\imslive.exe [2008-12-19 1881152]

R4 ImSaferService;IMSafer;c:\program files\IMSafer\bin\imsc.exe [2008-12-22 2173504]

S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2008-12-22 7408]

S4 IPSECEXT;Nortel Extranet Access Protocol;c:\windows\system32\drivers\ipsecw2k.sys [2007-08-20 115008]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - WPRO_40_755

.

Contents of the 'Scheduled Tasks' folder

2009-01-06 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2009-01-15 c:\windows\Tasks\SmartDefrag.job

- c:\program files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2009-01-13 16:56]

2009-01-15 c:\windows\Tasks\SmartDefrag.job

- c:\program files\IObit\IObit SmartDefrag\ [2009-01-14 20:09]

.

- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-Adobe Photo Downloader - c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe

MSConfigStartUp-HP Component Manager - c:\program files\HP\hpcoretech\hpcmpmgr.exe

MSConfigStartUp-My Web Search Bar Search Scope Monitor - c:\progra~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe

MSConfigStartUp-MyWebSearch Email Plugin - c:\progra~1\MYWEBS~1\bar\1.bin\mwsoemon.exe

MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre1.6.0_01\bin\jusched.exe

MSConfigStartUp-CTFMON - (no file)

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.rr.com/

uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE: &eBay Search - c:\program files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

Trusted Zone: toolbar.imageshack.us

O16 -: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab

c:\windows\Downloaded Program Files\DirectAnimation Java Classes.osd

O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd

FF - ProfilePath - c:\documents and settings\Alicea\Application Data\Mozilla\Firefox\Profiles\knehypy1.default\

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-01-14 23:09:17

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-839522115-706699826-682003330-1003\Software\Microsoft\SystemCertificates\AddressBook*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1476)

c:\program files\SUPERAntiSpyware\SASWINLO.dll

c:\windows\System32\NavLogon.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe

c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe

c:\program files\Common Files\AOL\ACS\AOLacsd.exe

c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\program files\Common Files\LightScribe\LSSrvc.exe

c:\windows\wanmpsvc.exe

c:\program files\iPod\bin\iPodService.exe

.

**************************************************************************

.

Completion time: 2009-01-14 23:15:09 - machine was rebooted

ComboFix-quarantined-files.txt 2009-01-15 05:15:01

Pre-Run: 17,297,149,952 bytes free

Post-Run: 17,260,998,656 bytes free

258 --- E O F --- 2009-01-14 19:08:12

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 11:20:46 PM, on 1/14/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\WINDOWS\AGRSMMSG.exe

C:\Program Files\Nova Development\Photo Explosion 3.0 SE\calcheck.exe

C:\Program Files\Common Files\AOL\1227144406\ee\AOLSoftware.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\AnalogX\MaxMem\maxmem.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\IMSafer\bin\imslive.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\wanmpsvc.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file)

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)

O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN

O4 - HKLM\..\Run: [PhotoExplosionCalCheck] C:\Program Files\Nova Development\Photo Explosion 3.0 SE\calcheck.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1227144406\ee\AOLSoftware.exe

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')

O4 - Startup: MaxMem.lnk = C:\Program Files\AnalogX\MaxMem\maxmem.exe

O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\Palm\Hotsync.exe

O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O15 - Trusted Zone: http://toolbar.imageshack.us

O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://echat.bellsouth.net/sdccommon/download/tgctlcm.cab

O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab

O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://www.lizardtech.com/download/files/w...ntrol_sp_SP.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by118w.bay118.mail.live.com/mail/re...es/MsnPUpld.cab

O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://static.slide.com/uploader/SlideImageUploader.cab

O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Facebo...toUploader2.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1168558700718

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe

O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: IMSafer Live (ImSaferLive) - Crisp Thinking - C:\Program Files\IMSafer\bin\imslive.exe

O23 - Service: IMSafer (ImSaferService) - Crisp Thinking - C:\Program Files\IMSafer\bin\imsc.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: McAfee Scanner (McODS) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe (file missing)

O23 - Service: McAfee Proxy Service (McProxy) - Unknown owner - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (file missing)

O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\McShield.exe

O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - Unknown owner - C:\Program Files\McAfee\MPF\MPFSrv.exe (file missing)

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--

End of file - 8931 bytes

Going to bed in 30 minutes, then I'll be back in the morning.

thanks Marcos

[Tigger93]

1. Please open Notepad

• Click Start , then Run
• Type notepad .exe in the Run Box.
  

2. Now copy/paste the entire content of the codebox below into the Notepad window:

File::

c:\windows\system32\WPRO_40_755woem.tmp

Folder::

C:\_OTScanIt

Driver::

WPRO_40_755

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

• Combofix.txt
• A new HijackThis log.
  

[Marcos]

Good Morning

Here is my combofix and hijack logs

ComboFix 09-01-13.04 - Alicea 2009-01-15 9:53:27.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.191.13 [GMT -6:00]

Running from: c:\documents and settings\Alicea\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\Alicea\Desktop\CFScript.txt

AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated)

* Created a new restore point

FILE ::

c:\windows\system32\WPRO_40_755woem.tmp

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\_OTScanIt

c:\_otscanit\MovedFiles\01142009_164131.log

c:\_otscanit\MovedFiles\01142009_164131\C_\32788R22FWJFW\023.dat

c:\_otscanit\MovedFiles\01142009_164131\C_\32788R22FWJFW\023v.dat

c:\_otscanit\MovedFiles\01142009_164131\C_\32788R22FWJFW\appinit.bad

c:\_otscanit\MovedFiles\01142009_164131\C_\32788R22FWJFW\Assoc.cmd

c:\_otscanit\MovedFiles\01142009_164131\C_\32788R22FWJFW\av.cmd

c:\_otscanit\MovedFiles\01142009_164131\C_\32788R22FWJFW\av.vbs

c:\_otscanit\MovedFiles\01142009_164131\C_\32788R22FWJFW\badclsid

c:\_otscanit\MovedFiles\01142009_164131\C_\32788R22FWJFW\badclsid.c

c:\_otscanit\MovedFiles\01142009_164131\C_\32788R22FWJFW\BON.cfexe

c:\_otscanit\MovedFiles\01142009_164131\C_\32788R22FWJFW\Boot.bat

c:\_otscanit\MovedFiles\01142009_164131\C_\32788R22FWJFW\BootSect

c:\_otscanit\MovedFiles\01142009_164131\C_\32788R22FWJFW\C.bat

c:\_otscanit\MovedFiles\01142009_164131\C_\32788R22FWJFW\catchme.cfexe

c:\_otscanit\MovedFiles\01142009_164131\C_\32788R22FWJFW\CHCP.bat

c:\_otscanit\MovedFiles\01142009_164131\C_\32788R22FWJFW\clsid.c

c:\_otscanit\MovedFiles\01142009_164131\C_\32788R22FWJFW\Combobatch.bat

c:\_otscanit\MovedFiles\01142009_164131\C_\32788R22FWJFW\ComboFix-Download.cfexe

c:\_otscanit\MovedFiles\01142009_164131\C_\32788R22FWJFW\Creg.dat

c:\_otscanit\MovedFiles\01142009_164131\C_\32788R22FWJFW\CregC.cmd

c:\_otscanit\MovedFiles\01142009_164131\C_\32788R22FWJFW\CregC.dat

c:\_otscanit\MovedFiles\01142009_164131\C_\32788R22FWJFW\CSet.cmd

c:\_otscanit\MovedFiles\01142009_164131\C_\32788R22FWJFW\dd.cfexe

c:\_otscanit\MovedFiles\01142009_164131\C_\32788R22FWJFW\ddsDo.sed

c:\_otscanit\MovedFiles\01142009_164131\C_\32788R22FWJFW\DelClsid.bat

c:\_otscanit\MovedFiles\01142009_164131\C_\32788R22FWJFW\DPF.sed

c:\_otscanit\MovedFiles\01142009_164131\C_\32788R22FWJFW\DPF.str

c:\_otscanit\MovedFiles\01142009_164131\C_\32788R22FWJFW\dumphive.cfexe

c:\_otscanit\MovedFiles\01142009_164131\C_\32788R22FWJFW\embedded.sed

c:\_otscanit\MovedFiles\01142009_164131\C_\32788R22FWJFW\ERDNT.e_e

c:\_otscanit\MovedFiles\01142009_164131\C_\32788R22FWJFW\ERDNTDOS.LOC

c:\_otscanit\MovedFiles\01142009_164131\C_\32788R22FWJFW\ERDNTWIN.LOC

c:\_otscanit\MovedFiles\01142009_164131\C_\32788R22FWJFW\ERUNT.cfexe

c:\_otscanit\MovedFiles\01142009_164131\C_\32788R22FWJFW\ERUNT.LOC

c:\_otscanit\MovedFiles\01142009_164131\C_\32788R22FWJFW\Exe.reg

c:\_otscanit\MovedFiles\01142009_164131\C_\32788R22FWJFW\executables.dat

c:\_otscanit\MovedFiles\01142009_164131\C_\32788R22FWJFW\extract.cfexe

c:\_otscanit\MovedFiles\01142009_164131\C_\32788R22FWJFW\fdsv.cfexe

c:\_otscanit\MovedFiles\01142009_164131\C_\32788R22FWJFW\ffdefstr.dll

c:\_otscanit\MovedFiles\01142009_164131\C_\32788R22FWJFW\fi.cfexe

c:\_otscanit\MovedFiles\01142009_164131\C_\32788R22FWJFW\Fin.dat

c:\_otscanit\MovedFiles\01142009_164131\C_\32788R22FWJFW\FIND3M.bat

c:\_otscanit\MovedFiles\01142009_164131\C_\32788R22FWJFW\FIXLSP.bat

c:\_otscanit\MovedFiles\01142009_164131\C_\32788R22FWJFW\FProps.vbs

c:\_otscanit\MovedFiles\01142009_164131\C_\32788R22FWJFW\grep.cfexe

c:\_otscanit\MovedFiles\01142009_164131\C_\32788R22FWJFW\gsar.cfexe

c:\_otscanit\MovedFiles\01142009_164131\C_\32788R22FWJFW\handle.cfexe

c:\_otscanit\MovedFiles\01142009_164131\C_\32788R22FWJFW\history.bat

c:\_otscanit\MovedFiles\01142009_164131\C_\32788R22FWJFW\image001.gif

c:\_otscanit\MovedFiles\01142009_164131\C_\32788R22FWJFW\katch.cmd

c:\_otscanit\MovedFiles\01142009_164131\C_\32788R22FWJFW\Lang.bat

c:\_otscanit\MovedFiles\01142009_164131\C_\32788R22FWJFW\List-C.bat

c:\_otscanit\MovedFiles\01142009_164131\C_\32788R22FWJFW\lnkread.vbs

c:\_otscanit\MovedFiles\01142009_164131\C_\32788R22FWJFW\LocalService.dat

c:\_otscanit\MovedFiles\01142009_164131\C_\32788R22FWJFW\LocalServiceNetworkRestricted.dat

c:\_otscanit\MovedFiles\01142009_164131\C_\32788R22FWJFW\LocalSystemNetworkRestricted.dat

c:\_otscanit\MovedFiles\01142009_164131\C_\32788R22FWJFW\md5deep.cfexe

c:\_otscanit\MovedFiles\01142009_164131\C_\32788R22FWJFW\moveex.cfexe

c:\_otscanit\MovedFiles\01142009_164131\C_\32788R22FWJFW\MoveIt.bat

c:\_otscanit\MovedFiles\01142009_164131\C_\32788R22FWJFW\mtee.cfexe

c:\_otscanit\MovedFiles\01142009_164131\C_\32788R22FWJFW\mynul

c:\_otscanit\MovedFiles\01142009_164131\C_\32788R22FWJFW\ND_.bat

c:\_otscanit\MovedFiles\01142009_164131\C_\32788R22FWJFW\ndis_combofix.dat

c:\_otscanit\MovedFiles\01142009_164131\C_\32788R22FWJFW\netsvc.bad.dat

c:\_otscanit\MovedFiles\01142009_164131\C_\32788R22FWJFW\netsvc.dat

c:\_otscanit\MovedFiles\01142009_164131\C_\32788R22FWJFW\netsvc.vista.dat

c:\_otscanit\MovedFiles\01142009_164131\C_\32788R22FWJFW\netsvc.xp.dat

c:\_otscanit\MovedFiles\01142009_164131\C_\32788R22FWJFW\NetworkService.dat

c:\_otscanit\MovedFiles\01142009_164131\C_\32788R22FWJFW\NirCmd.cfexe

c:\_otscanit\MovedFiles\01142009_164131\C_\32788R22FWJFW\nircmd.com

c:\_otscanit\MovedFiles\01142009_164131\C_\32788R22FWJFW\NirCmd.inf

c:\_otscanit\MovedFiles\01142009_164131\C_\32788R22FWJFW\NirCmdC.cfexe

c:\_otscanit\MovedFiles\01142009_164131\C_\32788R22FWJFW\NlsLanguageDefault

c:\_otscanit\MovedFiles\01142009_164131\C_\32788R22FWJFW\OSid.vbs

c:\_otscanit\MovedFiles\01142009_164131\C_\32788R22FWJFW\OsVer

c:\_otscanit\MovedFiles\01142009_164131\C_\32788R22FWJFW\Policies.dat

c:\_otscanit\MovedFiles\01142009_164131\C_\32788R22FWJFW\Prep.cmd

c:\_otscanit\MovedFiles\01142009_164131\C_\32788R22FWJFW\Purity.dat

c:\_otscanit\MovedFiles\01142009_164131\C_\32788R22FWJFW\pv.cfexe

c:\_otscanit\MovedFiles\01142009_164131\C_\32788R22FWJFW\RCLink

c:\_otscanit\MovedFiles\01142009_164131\C_\32788R22FWJFW\REGDACL.sed

c:\_otscanit\MovedFiles\01142009_164131\C_\32788R22FWJFW\RegDo.sed

c:\_otscanit\MovedFiles\01142009_164131\C_\32788R22FWJFW\region.dat

c:\_otscanit\MovedFiles\01142009_164131\C_\32788R22FWJFW\restore_pt.vbs

c:\_otscanit\MovedFiles\01142009_164131\C_\32788R22FWJFW\RestoreO4.bat

c:\_otscanit\MovedFiles\01142009_164131\C_\32788R22FWJFW\rogues.dat

c:\_otscanit\MovedFiles\01142009_164131\C_\32788R22FWJFW\run2.sed

c:\_otscanit\MovedFiles\01142009_164131\C_\32788R22FWJFW\safeboot.dat

c:\_otscanit\MovedFiles\01142009_164131\C_\32788R22FWJFW\safeboot.def.dat

c:\_otscanit\MovedFiles\01142009_164131\C_\32788R22FWJFW\safeboot.def.vista.dat

c:\_otscanit\MovedFiles\01142009_164131\C_\32788R22FWJFW\SafeBootRepair.bat

c:\_otscanit\MovedFiles\01142009_164131\C_\32788R22FWJFW\sed.cfexe

c:\_otscanit\MovedFiles\01142009_164131\C_\32788R22FWJFW\setcsum.cfexe

c:\_otscanit\MovedFiles\01142009_164131\C_\32788R22FWJFW\SetEnvmt.bat

c:\_otscanit\MovedFiles\01142009_164131\C_\32788R22FWJFW\setpath.cfexe

c:\_otscanit\MovedFiles\01142009_164131\C_\32788R22FWJFW\SF.cfexe

c:\_otscanit\MovedFiles\01142009_164131\C_\32788R22FWJFW\sfx.cmd

c:\_otscanit\MovedFiles\01142009_164131\C_\32788R22FWJFW\srizbi.md5

c:\_otscanit\MovedFiles\01142009_164131\C_\32788R22FWJFW\svc_wht.dat

c:\_otscanit\MovedFiles\01142009_164131\C_\32788R22FWJFW\SvcDrv.vbs

c:\_otscanit\MovedFiles\01142009_164131\C_\32788R22FWJFW\svchost.dat

c:\_otscanit\MovedFiles\01142009_164131\C_\32788R22FWJFW\svchost.vista.dat

c:\_otscanit\MovedFiles\01142009_164131\C_\32788R22FWJFW\swreg.exe

c:\_otscanit\MovedFiles\01142009_164131\C_\32788R22FWJFW\swsc.cfexe

c:\_otscanit\MovedFiles\01142009_164131\C_\32788R22FWJFW\swxcacls.cfexe

c:\_otscanit\MovedFiles\01142009_164131\C_\32788R22FWJFW\system_ini.dat

c:\_otscanit\MovedFiles\01142009_164131\C_\32788R22FWJFW\tail.cfexe

c:\_otscanit\MovedFiles\01142009_164131\C_\32788R22FWJFW\toolbar.sed

c:\_otscanit\MovedFiles\01142009_164131\C_\32788R22FWJFW\unzip.cfexe

c:\_otscanit\MovedFiles\01142009_164131\C_\32788R22FWJFW\vfind.cfexe

c:\_otscanit\MovedFiles\01142009_164131\C_\32788R22FWJFW\vistareg.dat

c:\_otscanit\MovedFiles\01142009_164131\C_\32788R22FWJFW\w2kreg.dat

c:\_otscanit\MovedFiles\01142009_164131\C_\32788R22FWJFW\whitedirB.dat

c:\_otscanit\MovedFiles\01142009_164131\C_\32788R22FWJFW\WhiteLegacy.dat

c:\_otscanit\MovedFiles\01142009_164131\C_\32788R22FWJFW\WRP.cfexe

c:\_otscanit\MovedFiles\01142009_164131\C_\32788R22FWJFW\xpreg.dat

c:\_otscanit\MovedFiles\01142009_164131\C_\32788R22FWJFW\zDomain.dat

c:\_otscanit\MovedFiles\01142009_164131\C_\32788R22FWJFW\zhsvc.dat

c:\_otscanit\MovedFiles\01142009_164131\C_\32788R22FWJFW\zip.cfexe

c:\_otscanit\MovedFiles\01142009_164131\C_\Start_.cmd

c:\_otscanit\MovedFiles\01142009_164131\C_32788R22FWJFW\N_\10881

c:\_otscanit\MovedFiles\01142009_164131\C_32788R22FWJFW\N_\14342

c:\_otscanit\MovedFiles\01142009_164131\C_32788R22FWJFW\N_\N

c:\_otscanit\MovedFiles\01142009_164131\C_Documents and Settings\Alicea\Desktop\ComboFix.exe

c:\_otscanit\MovedFiles\01142009_164131\C_Documents and Settings\Alicea\Local Settings\Temp\cmd.execf

c:\_otscanit\MovedFiles\01142009_164131\C_Documents and Settings\Alicea\Local Settings\Temp\vmpremov.exe

c:\_otscanit\MovedFiles\01142009_164131\C_WINDOWS\System32\CF10102.exe

c:\_otscanit\MovedFiles\01142009_164131\C_WINDOWS\System32\CF10109.exe

c:\_otscanit\MovedFiles\01142009_164131\C_WINDOWS\System32\CF13697.exe

c:\_otscanit\MovedFiles\01142009_164131\C_WINDOWS\System32\CF13701.exe

c:\_otscanit\MovedFiles\01142009_164131\C_WINDOWS\System32\CF14377.exe

c:\_otscanit\MovedFiles\01142009_164131\C_WINDOWS\System32\cmd.execf

c:\_otscanit\MovedFiles\01142009_164131\C_WINDOWS\System32\cssdll32.dll

c:\windows\system32\WPRO_40_755woem.tmp

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_WPRO_40_755

((((((((((((((((((((((((( Files Created from 2008-12-15 to 2009-01-15 )))))))))))))))))))))))))))))))

.

2009-01-15 09:49 . 2009-01-15 09:49 <DIR> d-------- C:\32788R22FWJFW

2009-01-14 23:55 . 2009-01-14 23:57 <DIR> d-------- c:\program files\SpywareBlaster

2009-01-14 22:31 . 2009-01-14 22:31 <DIR> d-------- c:\program files\CCleaner

2009-01-14 20:38 . 2009-01-14 20:38 <DIR> d-------- c:\program files\Avira

2009-01-14 20:38 . 2009-01-14 20:38 <DIR> d-------- c:\documents and settings\All Users\Application Data\Avira

2009-01-14 20:09 . 2009-01-14 20:41 <DIR> d-------- c:\program files\IObit

2009-01-14 20:09 . 2009-01-14 20:41 <DIR> d-------- c:\documents and settings\Alicea\Application Data\IObit

2009-01-14 19:48 . 2009-01-14 19:48 3,580 --a------ c:\windows\system32\PerfStringBackup.TMP

2009-01-14 14:25 . 2009-01-14 14:25 <DIR> d-------- c:\documents and settings\All Users\Application Data\NortonInstaller

2009-01-13 22:45 . 2009-01-14 22:07 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft

2009-01-13 21:23 . 2009-01-14 12:27 <DIR> d-------- c:\program files\Spybot - Search & Destroy

2009-01-13 21:23 . 2009-01-14 23:58 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2009-01-13 12:29 . 2009-01-13 12:29 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com

2009-01-13 12:24 . 2009-01-13 12:25 <DIR> d-------- c:\program files\SUPERAntiSpyware

2009-01-13 12:24 . 2009-01-13 12:24 <DIR> d-------- c:\documents and settings\Alicea\Application Data\SUPERAntiSpyware.com

2009-01-13 12:23 . 2009-01-14 22:07 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard

2009-01-13 12:22 . 2009-01-13 12:22 <DIR> d-------- c:\program files\Trend Micro

2009-01-13 11:37 . 2009-01-14 18:53 <DIR> d-------- c:\documents and settings\All Users\Application Data\_comodo_

2009-01-12 21:00 . 2009-01-12 21:00 <DIR> d-------- c:\program files\AskBarDis

2009-01-12 20:57 . 2009-01-14 19:02 <DIR> d-------- c:\program files\COMODO

2009-01-12 20:57 . 2009-01-14 19:02 <DIR> d-------- c:\documents and settings\All Users\Application Data\comodo

2009-01-12 19:13 . 2009-01-15 07:52 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware

2009-01-12 19:13 . 2009-01-12 19:13 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes

2009-01-12 19:13 . 2009-01-12 19:13 <DIR> d-------- c:\documents and settings\Alicea\Application Data\Malwarebytes

2009-01-12 19:13 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys

2009-01-12 19:13 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys

2009-01-12 18:05 . 2009-01-12 18:05 <DIR> d-------- c:\program files\AnalogX

2009-01-06 12:59 . 2008-04-17 13:12 107,368 --a------ c:\windows\system32\GEARAspi.dll

2009-01-06 12:59 . 2008-04-17 13:12 15,464 --a------ c:\windows\system32\drivers\GEARAspiWDM.sys

2009-01-06 12:58 . 2009-01-06 12:58 <DIR> d-------- c:\program files\iTunes

2009-01-06 12:58 . 2009-01-06 12:58 <DIR> d-------- c:\program files\iPod

2009-01-06 12:58 . 2009-01-06 12:58 <DIR> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}

2009-01-06 12:52 . 2009-01-06 12:52 <DIR> d-------- c:\program files\Apple Software Update

2009-01-06 12:51 . 2008-11-07 14:23 32,000 --a------ c:\windows\system32\drivers\usbaapl.sys

2009-01-06 12:50 . 2009-01-06 12:50 <DIR> d-------- c:\program files\Common Files\Apple

2009-01-06 12:50 . 2009-01-06 12:50 <DIR> d-------- c:\documents and settings\All Users\Application Data\Apple

2009-01-02 17:07 . 2009-01-02 17:13 <DIR> d-------- c:\documents and settings\Alicea\Application Data\LimeWire

2009-01-02 17:06 . 2009-01-03 09:17 <DIR> d-------- c:\program files\LimeWire

2008-12-29 17:43 . 2008-12-29 17:43 <DIR> d-------- c:\program files\Unity

2008-12-29 14:22 . 2008-12-29 14:22 <DIR> d-------- c:\documents and settings\All Users\Application Data\Blizzard

2008-12-29 14:15 . 2008-12-29 14:15 <DIR> d-------- c:\program files\Common Files\Blizzard Entertainment

2008-12-29 11:54 . 2001-08-17 13:48 12,160 --a------ c:\windows\system32\drivers\mouhid.sys

2008-12-29 11:54 . 2001-08-17 13:48 12,160 --a--c--- c:\windows\system32\dllcache\mouhid.sys

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-01-14 21:06 --------- d-----w c:\documents and settings\All Users\Application Data\Viewpoint

2009-01-14 20:39 --------- d-----w c:\program files\Common Files\Symantec Shared

2009-01-14 20:17 --------- d-----w c:\program files\QuickTime

2009-01-14 20:17 --------- d-----w c:\program files\Palm

2009-01-14 20:16 --------- d-----w c:\program files\Java

2009-01-14 20:16 --------- d-----w c:\program files\HP

2009-01-14 20:16 --------- d-----w c:\program files\Google

2009-01-14 20:16 --------- d-----w c:\program files\eMule

2009-01-14 20:16 --------- d-----w c:\program files\DivX

2009-01-14 20:16 --------- d-----w c:\program files\Common Files\Nullsoft

2009-01-14 20:16 --------- d-----w c:\program files\Ahead

2009-01-14 20:08 --------- d-----w c:\program files\Windows Live Safety Center

2009-01-14 20:07 --------- d-----w c:\program files\Windows Live Toolbar

2009-01-13 00:49 --------- d-----w c:\documents and settings\All Users\Application Data\avg8

2009-01-12 00:20 --------- d-----w c:\program files\Lx_cats

2009-01-07 18:21 --------- d-----w c:\documents and settings\Alicea\Application Data\Apple Computer

2009-01-06 18:54 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer

2008-12-29 21:19 --------- d--h--w c:\program files\InstallShield Installation Information

2008-12-29 21:19 --------- d-----w c:\program files\SplashData

2008-12-29 21:03 --------- d-----w c:\program files\Common Files\AOL

2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys

2008-11-20 02:16 --------- d-----w c:\documents and settings\All Users\Application Data\AOL

2008-11-20 01:49 --------- d-----w c:\program files\AOL 9.0

2008-11-20 01:46 --------- d-----w c:\documents and settings\Alicea\Application Data\AOL

2008-11-20 01:39 --------- d-----w c:\program files\Common Files\aolshare

2008-11-20 01:22 --------- d-----w c:\documents and settings\All Users\Application Data\AOL Downloads

2008-11-19 13:43 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP

2008-08-30 14:13 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008083020080831\index.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]

2008-08-06 15:20 279944 --a------ c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-08-06 279944]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]

[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"REGSHAVE"="c:\program files\REGSHAVE\REGSHAVE.EXE" [2002-02-04 53248]

"PhotoExplosionCalCheck"="c:\program files\Nova Development\Photo Explosion 3.0 SE\calcheck.exe" [2006-09-20 69632]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]

"HostManager"="c:\program files\Common Files\AOL\1227144406\ee\AOLSoftware.exe" [2006-09-25 50736]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]

"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]

"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 c:\windows\AGRSMMSG.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2006-10-26 434528]

c:\documents and settings\Alicea\Start Menu\Programs\Startup\

MaxMem.lnk - c:\program files\AnalogX\MaxMem\maxmem.exe [2009-01-12 75780]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoPopUpsOnBoot"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2008-12-22 11:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk

backup=c:\windows\pss\America Online 9.0 Tray Icon.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AOL Companion.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\AOL Companion.lnk

backup=c:\windows\pss\AOL Companion.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HotSync Manager.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HotSync Manager.lnk

backup=c:\windows\pss\HotSync Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

--a--c--- 2003-08-04 16:28 49152 c:\program files\HP\HP Software Update\hpwuSchd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]

--a--c--- 2005-01-19 11:45 458752 c:\program files\Logitech\Video\ISStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]

--a------ 2005-01-19 11:39 217088 c:\program files\Logitech\Video\LogiTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

--a------ 2001-07-09 09:50 155648 c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

--a------ 2008-11-04 10:30 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]

--a------ 2007-06-20 16:41 26112 c:\program files\Real\RealPlayer\realplay.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=

"c:\\Program Files\\IMSafer\\bin\\imsc.exe"=

"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=

"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=

"c:\\Program Files\\Common Files\\AOL\\1227144406\\ee\\aolsoftware.exe"=

"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=

"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=

"c:\\Program Files\\AOL 9.0\\waol.exe"=

"c:\\Documents and Settings\\Alicea\\My Documents\\My Music\\eMule\\emule.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

R2 ImSaferService;IMSafer;c:\program files\IMSafer\bin\imsc.exe [2008-12-22 2173504]

R2 IPSECEXT;Nortel Extranet Access Protocol;c:\windows\system32\DRIVERS\ipsecw2k.sys [2002-10-11 115008]

R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2008-12-22 7408]

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2008-12-22 8944]

S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2008-12-22 55024]

S2 ImSaferLive;IMSafer Live;c:\program files\IMSafer\bin\imslive.exe [2008-12-19 1881152]

S3 Eacfilt;Eacfilt Miniport;c:\windows\system32\DRIVERS\eacfilt.sys [2002-10-11 9049]

--- Other Services/Drivers In Memory ---

*Deregistered* - AFD

*Deregistered* - ALG

*Deregistered* - AntiVirScheduler

*Deregistered* - AntiVirService

*Deregistered* - Apple Mobile Device

*Deregistered* - Arp1394

*Deregistered* - ASCTRM

*Deregistered* - AudioSrv

*Deregistered* - audstub

*Deregistered* - avgio

*Deregistered* - avgntflt

*Deregistered* - avipbb

*Deregistered* - Beep

*Deregistered* - bgsvcgen

*Deregistered* - Browser

*Deregistered* - Cdfs

*Deregistered* - CryptSvc

*Deregistered* - DcomLaunch

*Deregistered* - Dhcp

*Deregistered* - dmio

*Deregistered* - dmload

*Deregistered* - dmserver

*Deregistered* - Dnscache

*Deregistered* - Eacfilt

*Deregistered* - ERSvc

*Deregistered* - EventSystem

*Deregistered* - FastUserSwitchingCompatibility

*Deregistered* - Fips

*Deregistered* - FltMgr

*Deregistered* - Ftdisk

*Deregistered* - Gpc

*Deregistered* - helpsvc

*Deregistered* - ImapiService

*Deregistered* - ImSaferLive

*Deregistered* - ImSaferService

*Deregistered* - IpNat

*Deregistered* - iPod Service

*Deregistered* - IPSec

*Deregistered* - IPSECSHM

*Deregistered* - KSecDD

*Deregistered* - lanmanserver

*Deregistered* - lanmanworkstation

*Deregistered* - LightScribeService

*Deregistered* - LmHosts

*Deregistered* - mnmdd

*Deregistered* - MountMgr

*Deregistered* - MRxDAV

*Deregistered* - MRxSmb

*Deregistered* - Msfs

*Deregistered* - mssmbios

*Deregistered* - Mup

*Deregistered* - NDIS

*Deregistered* - NdisTapi

*Deregistered* - Ndisuio

*Deregistered* - NdisWan

*Deregistered* - NDProxy

*Deregistered* - NetBIOS

*Deregistered* - NetBT

*Deregistered* - Netman

*Deregistered* - Nla

*Deregistered* - nm

*Deregistered* - Npfs

*Deregistered* - Ntfs

*Deregistered* - Null

*Deregistered* - NWCWorkstation

*Deregistered* - NwlnkNb

*Deregistered* - NwlnkSpx

*Deregistered* - NWRDR

*Deregistered* - PartMgr

*Deregistered* - ParVdm

*Deregistered* - PptpMiniport

*Deregistered* - ProtectedStorage

*Deregistered* - PSched

*Deregistered* - RasAcd

*Deregistered* - Rasl2tp

*Deregistered* - RasMan

*Deregistered* - RasPppoe

*Deregistered* - Raspti

*Deregistered* - Rdbss

*Deregistered* - RDPCDD

*Deregistered* - rdpdr

*Deregistered* - RpcSs

*Deregistered* - SamSs

*Deregistered* - SASDIFSV

*Deregistered* - SASKUTIL

*Deregistered* - Schedule

*Deregistered* - seclogon

*Deregistered* - SENS

*Deregistered* - SharedAccess

*Deregistered* - ShellHWDetection

*Deregistered* - Spooler

*Deregistered* - sr

*Deregistered* - srservice

*Deregistered* - Srv

*Deregistered* - ssmdrv

*Deregistered* - stisvc

*Deregistered* - swenum

*Deregistered* - TapiSrv

*Deregistered* - Tcpip

*Deregistered* - TermDD

*Deregistered* - TermService

*Deregistered* - Themes

*Deregistered* - TrkWks

*Deregistered* - Update

*Deregistered* - VgaSave

*Deregistered* - VolSnap

*Deregistered* - W32Time

*Deregistered* - Wanarp

*Deregistered* - wanatw

*Deregistered* - WANMiniportService

*Deregistered* - WebClient

*Deregistered* - winmgmt

*Deregistered* - wscsvc

*Deregistered* - wuauserv

*Deregistered* - WudfPf

*Deregistered* - WudfSvc

*Deregistered* - WZCSVC

.

Contents of the 'Scheduled Tasks' folder

2009-01-06 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2009-01-15 c:\windows\Tasks\SmartDefrag.job

- c:\program files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2009-01-13 16:56]

2009-01-15 c:\windows\Tasks\SmartDefrag.job

- c:\program files\IObit\IObit SmartDefrag\ [2009-01-14 20:09]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.rr.com/

uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE: &eBay Search - c:\program files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

Trusted Zone: toolbar.imageshack.us

O16 -: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab

c:\windows\Downloaded Program Files\DirectAnimation Java Classes.osd

O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd

FF - ProfilePath - c:\documents and settings\Alicea\Application Data\Mozilla\Firefox\Profiles\knehypy1.default\

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-01-15 10:00:55

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-839522115-706699826-682003330-1003\Software\Microsoft\SystemCertificates\AddressBook*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1472)

c:\program files\SUPERAntiSpyware\SASWINLO.dll

c:\windows\System32\NavLogon.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe

c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe

c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\windows\system32\bgsvcgen.exe

c:\program files\Common Files\LightScribe\LSSrvc.exe

c:\windows\wanmpsvc.exe

c:\program files\iPod\bin\iPodService.exe

.

**************************************************************************

.

Completion time: 2009-01-15 10:15:43 - machine was rebooted

ComboFix-quarantined-files.txt 2009-01-15 16:15:32

ComboFix2.txt 2009-01-15 05:15:11

Pre-Run: 17,237,377,024 bytes free

Post-Run: 17,229,975,552 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

489 --- E O F --- 2009-01-14 19:08:12

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 10:24:20 AM, on 1/15/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\WINDOWS\AGRSMMSG.exe

C:\Program Files\Nova Development\Photo Explosion 3.0 SE\calcheck.exe

C:\Program Files\Common Files\AOL\1227144406\ee\AOLSoftware.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\AnalogX\MaxMem\maxmem.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\WINDOWS\system32\bgsvcgen.exe

C:\Program Files\IMSafer\bin\imslive.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\wanmpsvc.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file)

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)

O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN

O4 - HKLM\..\Run: [PhotoExplosionCalCheck] C:\Program Files\Nova Development\Photo Explosion 3.0 SE\calcheck.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1227144406\ee\AOLSoftware.exe

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')

O4 - Startup: MaxMem.lnk = C:\Program Files\AnalogX\MaxMem\maxmem.exe

O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\Palm\Hotsync.exe

O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O15 - Trusted Zone: http://toolbar.imageshack.us

O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://echat.bellsouth.net/sdccommon/download/tgctlcm.cab

O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab

O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://www.lizardtech.com/download/files/w...ntrol_sp_SP.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by118w.bay118.mail.live.com/mail/re...es/MsnPUpld.cab

O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://static.slide.com/uploader/SlideImageUploader.cab

O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Facebo...toUploader2.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1168558700718

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe

O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: IMSafer Live (ImSaferLive) - Crisp Thinking - C:\Program Files\IMSafer\bin\imslive.exe

O23 - Service: IMSafer (ImSaferService) - Crisp Thinking - C:\Program Files\IMSafer\bin\imsc.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--

End of file - 8257 bytes

Marcos

[Marcos]

I don't think I had all my files unhidden before, so here's another hijackthis

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 11:39:33 AM, on 1/15/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\AGRSMMSG.exe

C:\Program Files\Nova Development\Photo Explosion 3.0 SE\calcheck.exe

C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe

C:\Program Files\Common Files\AOL\1227144406\ee\AOLSoftware.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\AnalogX\MaxMem\maxmem.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\IMSafer\bin\imslive.exe

C:\Program Files\IMSafer\bin\imsc.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\wanmpsvc.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file)

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)

O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN

O4 - HKLM\..\Run: [PhotoExplosionCalCheck] C:\Program Files\Nova Development\Photo Explosion 3.0 SE\calcheck.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1227144406\ee\AOLSoftware.exe

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')

O4 - Startup: MaxMem.lnk = C:\Program Files\AnalogX\MaxMem\maxmem.exe

O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\Palm\Hotsync.exe

O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O15 - Trusted Zone: http://toolbar.imageshack.us

O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://echat.bellsouth.net/sdccommon/download/tgctlcm.cab

O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab

O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://www.lizardtech.com/download/files/w...ntrol_sp_SP.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by118w.bay118.mail.live.com/mail/re...es/MsnPUpld.cab

O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://static.slide.com/uploader/SlideImageUploader.cab

O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Facebo...toUploader2.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1168558700718

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe

O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: IMSafer Live (ImSaferLive) - Crisp Thinking - C:\Program Files\IMSafer\bin\imslive.exe

O23 - Service: IMSafer (ImSaferService) - Crisp Thinking - C:\Program Files\IMSafer\bin\imsc.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--

End of file - 8353 bytes

thanks Marcos

[Tigger93]

Fix these with HJT:

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file)

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)

Otherwise you look clean. Are you still having any problems?

[Marcos]

Problems, no sniff just realized I thought this PC had 1.9 GB of ram which I thought was a wierd number, then I realized it has only 256MB of memory of which

64MB is dedicated to onboard memory, which only leaves 192MB for PC, but it definitely is running MUNCHO much faster now. Muy rapido.

Gracia's Amigo's

Marcos