svchost.exe

I know your are supposed to have around 5 of these processes, bur I have a couple more. I have run a svchost analyser, maybe not the most acurate tool, but It reports back that two of these don't belong to windows, and there is an error reading these two.

It says run again as administrator, even though I am. I do get crashes sometime on reboot/boot up, and it takes 2-3 attempts to load properl. Often it seems as if something is heavily acessing the drive, even though no programs are running.
Apart from this, I don't seem to have any problems, just the high processor usage..

Any help would be appreciated

Regards

Dave

Please download the current version of HijackThis from HERE

• Double click and run the installer.
  
• It will install to C:\Program Files\Trend Micro\HijackThis\hijackthis.exe
  
• After installing, you should get the user agreement, press accept and Hijack This will run.
  
• Select Do a system scan and save a log file. This will open a notepad file of everything Hijack This found, copy and paste it back here.
  

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:29:04, on 19/06/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\S24EvMon.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\system32\1XConfig.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Farstone\HackerSmacker\FWMain.exe
C:\Program Files\STOPzilla!\STOPzilla.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\UnHackMe\hackmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\Uniblue\RegistryBooster2\RegistryBooster.exe
C:\WINDOWS\system32\RegSrvc.exe
C:\Program Files\Orbitdownloader\orbitdm.exe
C:\Program Files\Sandboxie\SbieSvc.exe
C:\Program Files\Orbitdownloader\orbitnet.exe
C:\Program Files\Farstone\HackerSmacker\FWCOM.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Documents and Settings\Voodoo\Desktop\MalwareAndSpyware\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.rd.yahoo.com/customize/ycomp/defaults/sb/*http://uk.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.rd.yahoo.com/customize/ycomp/defaults/sp/*http://uk.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.com/customize/ycomp/defaults/su/*http://uk.yahoo.com
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: SITEguard BHO - {1827766B-9F49-4854-8034-F6EE26FCB1EC} - C:\Program Files\STOPzilla!\SZSG.dll
O2 - BHO: QFX Software KeyScrambler - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Ask.com Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Farstone Webflt1 - {F0CABD54-804C-452A-AAA0-C8264997FC6D} - C:\Program Files\Farstone\HackerSmacker\webflt.DLL
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll
O3 - Toolbar: STOPzilla - {98828DED-A591-462F-83BA-D2F62A68B8B8} - C:\Program Files\STOPzilla!\SZSG.dll
O3 - Toolbar: Ask.com Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [HS3_AutoRun] C:\Program Files\Farstone\HackerSmacker\FWMain.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [UnHackMe Monitor] C:\Program Files\UnHackMe\hackmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Uniblue Registry Booster2] C:\Program Files\Uniblue\RegistryBooster2\RegistryBooster.exe /S
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: MemTurbo.lnk = C:\Program Files\Memturbo 4\MemTurbo.exe
O4 - Global Startup: Orbit.lnk = C:\Program Files\Orbitdownloader\orbitdm.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Dell\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O9 - Extra 'Tools' menuitem: &KeyScrambler... - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: FWCOM - FarStone Technology Inc. - C:\Program Files\Farstone\HackerSmacker\FWCOM.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: M-Audio Series II MIDI Installer (MA_CMIDI_InstallerService) - Unknown owner - C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\system32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\system32\S24EvMon.exe
O23 - Service: Sandboxie Service (SbieSvc) - tzuk - C:\Program Files\Sandboxie\SbieSvc.exe
O23 - Service: STOPzilla Service (szserver) - iS3, Inc. - C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe

--
End of file - 8978 bytes

• Open HijackThis.
  
• Choose "Do a system scan only"
  
• Check the boxes in front of these lines:
  
  
  O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
  O2 - BHO: Ask.com Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
  O3 - Toolbar: Ask.com Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
  
  
  
  
• Press "Fix Checked"
  
• Close Hijack This.
  

Please download and run this tool.

Download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

Post the contents of the MBAM Log.

Malwarebytes' Anti-Malware 1.38
Database version: 2297
Windows 5.1.2600 Service Pack 3

19/06/2009 18:42:49
mbam-log-2009-06-19 (18-42-49).txt

Scan type: Full Scan (C:\|)
Objects scanned: 138459
Time elapsed: 45 minute(s), 33 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Hello.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

Ask Toolbar

Next,

• Please download DDS by sUBs to your Desktop (Important!!) from one of these locations:
  Link 1
  Link 2
  
• Double click DDS.scr to run.
  
• When complete, two logs will open. Save both of the report to your Desktop.
  
• Copy and paste DDS.txt back here, I don't need to see attach.txt.
  

DDS (Ver_09-05-14.01) - NTFSx86
Run by Voodoo at 18:56:59.62 on 19/06/2009
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.456 [GMT 1:00]

AV: ESET Smart Security 4.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\S24EvMon.exe
svchost.exe
C:\WINDOWS\system32\ZCfgSvc.exe
svchost.exe
C:\WINDOWS\system32\1XConfig.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Farstone\HackerSmacker\FWMain.exe
C:\Program Files\STOPzilla!\STOPzilla.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\UnHackMe\hackmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\Uniblue\RegistryBooster2\RegistryBooster.exe
C:\WINDOWS\system32\RegSrvc.exe
C:\Program Files\Orbitdownloader\orbitdm.exe
C:\Program Files\Sandboxie\SbieSvc.exe
C:\Program Files\Orbitdownloader\orbitnet.exe
C:\Program Files\Farstone\HackerSmacker\FWCOM.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\msiexec.exe
C:\Documents and Settings\Voodoo\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = www.google.com
uSearch Page = hxxp://uk.rd.yahoo.com/customize/ycomp/defaults/sp/*http://uk.yahoo.com
uSearch Bar = hxxp://uk.rd.yahoo.com/customize/ycomp/defaults/sb/*http://uk.yahoo.com/search/ie.html
uSearchURL,(Default) = hxxp://uk.rd.yahoo.com/customize/ycomp/defaults/su/*http://uk.yahoo.com
BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - c:\program files\orbitdownloader\orbitcth.dll
BHO: ZILLAbar Browser Helper Object: {1827766b-9f49-4854-8034-f6ee26fcb1ec} - c:\program files\stopzilla!\SZSG.dll
BHO: CKeyScramblerBHO Object: {2b9f5787-88a5-4945-90e7-c4b18563bc5e} - c:\program files\keyscrambler\KeyScramblerIE.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: STOPzilla Browser Helper Object: {e3215f20-3212-11d6-9f8b-00d0b743919d} - c:\program files\stopzilla!\SZIEBHO.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: HookIe Class: {f0cabd54-804c-452a-aaa0-c8264997fc6d} - c:\program files\farstone\hackersmacker\webflt.DLL
TB: Grab Pro: {c55bbcd6-41ad-48ad-9953-3609c48eacc7} - c:\program files\orbitdownloader\GrabPro.dll
TB: STOPzilla: {98828ded-a591-462f-83ba-d2f62a68b8b8} - c:\program files\stopzilla!\SZSG.dll
TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [UnHackMe Monitor] c:\program files\unhackme\hackmon.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Uniblue Registry Booster2] c:\program files\uniblue\registrybooster2\RegistryBooster.exe /S
mRun: [PRONoMgr.exe] c:\program files\intel\ncs\proset\PRONoMgr.exe
mRun: [ATIModeChange] Ati2mdxx.exe
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [H2O] c:\program files\syncrosoft\pos\h2o\cledx.exe
mRun: [Logitech Utility] Logi_MwX.Exe
mRun: [egui] "c:\program files\eset\eset smart security\egui.exe" /hide /waitservice
mRun: [HS3_AutoRun] c:\program files\farstone\hackersmacker\FWMain.exe
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\voodoo\startm~1\programs\startup\memturbo.lnk - c:\program files\memturbo 4\MemTurbo.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\orbit.lnk - c:\program files\orbitdownloader\orbitdm.exe
IE: &Download by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/202
IE: Send To &Bluetooth - c:\program files\dell\bluetooth software\btsendto_ie_ctx.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - {B745F984-EF2E-40D6-A9AC-D8CED7230E61} - c:\program files\keyscrambler\KeyScramblerIE.dll
LSP: c:\program files\common files\is3\anti-spyware\iS3lsp.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: Sebring - c:\windows\system32\LgNotify.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\voodoo\applic~1\mozilla\firefox\profiles\55x8pt7q.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://uk.search.yahoo.com/search?ei=UTF-8&fr=ytff-ytbm&p=
FF - component: c:\documents and settings\voodoo\application data\mozilla\firefox\profiles\55x8pt7q.default\extensions\keyscrambler@qfx.software.corporation\components\KeyScramblerIE.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\veetle\player\npvlc.dll
FF - plugin: c:\program files\veetle\plugins\npVeetle.dll

============= SERVICES / DRIVERS ===============

R0 szkg5;szkg;c:\windows\system32\drivers\SZKG.sys [2009-3-12 54656]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009-2-6 106208]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-4-28 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-4-28 72944]
R2 ekrn;ESET Service;c:\program files\eset\eset smart security\ekrn.exe [2009-2-6 727720]
R2 fsnet;fsnet;c:\windows\system32\drivers\fsnet.sys [2009-3-23 18882]
R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [2009-3-13 33792]
R3 FWCOM;FWCOM;c:\program files\farstone\hackersmacker\FWCOM.exe [2005-7-18 69632]
R3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [2009-3-13 113896]
R3 SbieDrv;SbieDrv;c:\program files\sandboxie\SbieDrv.sys [2009-1-5 103936]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-4-28 7408]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [2009-4-6 23064]

=============== Created Last 30 ================

2009-06-19 17:01 17 a------- c:\windows\system32\Partizan.RRI
2009-06-19 17:01 1,360 a------- c:\windows\system32\drivers\kgpcpy.cfg
2009-06-19 16:46 3,840 a------- c:\windows\DellBIOS.Sys
2009-06-19 16:40 --d----- c:\docume~1\voodoo\applic~1\Canneverbe_Limited
2009-06-19 11:15 116,224 ac------ c:\windows\system32\dllcache\xrxwiadr.dll
2009-06-19 11:15 23,040 ac------ c:\windows\system32\dllcache\xrxwbtmp.dll
2009-06-19 11:15 27,648 ac------ c:\windows\system32\dllcache\xrxftplt.exe
2009-06-19 11:15 18,944 ac------ c:\windows\system32\dllcache\xrxscnui.dll
2009-06-19 11:15 4,608 ac------ c:\windows\system32\dllcache\xrxflnch.exe
2009-06-19 11:15 99,865 ac------ c:\windows\system32\dllcache\xlog.exe
2009-06-19 11:15 28,288 ac------ c:\windows\system32\dllcache\xjis.nls
2009-06-19 11:15 16,970 ac------ c:\windows\system32\dllcache\xem336n5.sys
2009-06-19 11:15 19,455 ac------ c:\windows\system32\dllcache\wvchntxx.sys
2009-06-19 11:15 19,200 ac------ c:\windows\system32\dllcache\wstcodec.sys
2009-06-19 11:15 12,063 ac------ c:\windows\system32\dllcache\wsiintxx.sys
2009-06-19 11:15 8,192 ac------ c:\windows\system32\dllcache\wshirda.dll
2009-06-19 11:13 793,598 ac------ c:\windows\system32\dllcache\usr1806.sys
2009-06-19 11:12 15,232 ac------ c:\windows\system32\dllcache\streamip.sys
2009-06-19 11:11 6,784 ac------ c:\windows\system32\dllcache\serscan.sys
2009-06-19 11:10 6,016 ac------ c:\windows\system32\dllcache\qic157.sys
2009-06-19 11:09 51,552 ac------ c:\windows\system32\dllcache\ntgrip.sys
2009-06-19 11:08 35,200 ac------ c:\windows\system32\dllcache\msgame.sys
2009-06-19 11:07 15,744 ac------ c:\windows\system32\dllcache\lit220p.sys
2009-06-19 11:06 372,824 ac------ c:\windows\system32\dllcache\iconf32.dll
2009-06-19 11:05 488,383 ac------ c:\windows\system32\dllcache\hsf_v124.sys
2009-06-19 11:04 45,568 ac------ c:\windows\system32\dllcache\esunib.dll
2009-06-19 11:03 91,305 ac------ c:\windows\system32\dllcache\dimaint.sys
2009-06-19 11:02 8,192 ac------ c:\windows\system32\dllcache\changer.sys
2009-06-19 11:01 19,456 ac------ c:\windows\system32\dllcache\brbidiif.dll
2009-06-19 11:00 101,888 ac------ c:\windows\system32\dllcache\adpu160m.sys
2009-06-18 21:29 --d----- c:\documents and settings\voodoo\TruePianos Settings
2009-06-18 21:23 --d----- c:\program files\TruePianos
2009-06-18 21:19 --d----- C:\ftpiano
2009-06-16 23:13 --d----- c:\program files\Image-Line
2009-06-11 18:16 --d----- c:\docume~1\voodoo\applic~1\Camfrog
2009-06-11 18:15 --d----- c:\program files\Camfrog
2009-06-09 11:50 1,089,593 -c------ c:\windows\system32\dllcache\ntprint.cat
2009-06-08 22:04 --d----- c:\windows\system32\XPSViewer
2009-06-08 21:50 --d----- c:\program files\Windows Installer Clean Up
2009-06-08 21:50 --d----- c:\program files\MSECACHE
2009-06-05 14:41 -cd-h--- c:\docume~1\alluse~1\applic~1\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}
2009-06-05 14:35 --d----- C:\3161432186f4eb38c1d7
2009-06-05 14:34 --d----- c:\windows\SxsCaPendDel
2009-06-05 14:25 --d-hr-- C:\AHCache
2009-06-05 12:56 --d----- c:\docume~1\voodoo\applic~1\Uniblue
2009-06-05 12:56 --d----- c:\program files\Uniblue
2009-06-01 12:04 --d----- c:\program files\Intelore
2009-05-31 20:36 --d----- C:\Archivos de programa
2009-05-28 15:20 --d----- c:\docume~1\voodoo\applic~1\Screaming Bee
2009-05-27 21:56 32,128 ac------ c:\windows\system32\dllcache\usbccgp.sys
2009-05-27 21:56 32,128 a------- c:\windows\system32\drivers\usbccgp.sys
2009-05-23 23:00 --d----- c:\program files\Novel Games
2009-05-23 16:07 --d----- c:\program files\pool
2009-05-23 15:27 --d----- c:\program files\common files\DirectX
2009-05-23 15:25 --d----- c:\program files\Billiard Deluxe
2009-05-23 15:23 --d----- c:\program files\pool paradise
2009-05-23 14:59 --d----- C:\BitRecorder
2009-05-23 14:51 --d----- c:\program files\StreamingStar

==================== Find3M ====================

2009-06-19 18:56 19,456 a------- c:\windows\system32\Partizan.exe
2009-06-17 11:27 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-17 11:27 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-06-12 16:56 3,580 a------- c:\windows\system32\d3d9caps.dat
2009-05-08 16:26 4,096 a------- c:\windows\d3dx.dat
2009-05-08 16:26 360,580 a------- c:\windows\eSellerateEngine.dll
2009-05-07 16:32 345,600 a------- c:\windows\system32\localspl.dll
2009-04-29 05:46 666,624 a------- c:\windows\system32\wininet.dll
2009-04-29 05:46 81,920 -------- c:\windows\system32\ieencode.dll
2009-04-17 13:26 1,847,168 a------- c:\windows\system32\win32k.sys
2009-04-15 15:51 585,216 a------- c:\windows\system32\rpcrt4.dll
2009-03-31 14:57 17,408 a----r-- c:\windows\system32\SZIO5.dll
2009-03-31 14:56 294,912 a----r-- c:\windows\system32\SZBase5.dll
2009-03-31 14:55 540,672 a----r-- c:\windows\system32\SZComp5.dll
2009-03-27 10:56 126,976 a----r-- c:\windows\system32\IS3HTUI5.dll
2009-03-27 10:55 393,216 a----r-- c:\windows\system32\IS3DBA5.dll
2009-03-27 10:55 372,736 a----r-- c:\windows\system32\IS3UI5.dll
2009-03-27 10:55 61,440 a----r-- c:\windows\system32\IS3Hks5.dll
2009-03-27 10:54 23,040 a----r-- c:\windows\system32\IS3XDat5.dll
2009-03-27 10:54 221,184 a----r-- c:\windows\system32\IS3Win325.dll
2009-03-27 10:54 94,208 a----r-- c:\windows\system32\IS3Inet5.dll
2009-03-27 10:53 90,112 a----r-- c:\windows\system32\IS3Svc5.dll
2009-03-27 10:50 716,800 a----r-- c:\windows\system32\IS3Base5.dll

============= FINISH: 18:57:27.88 ===============

• Download combofix from here
  Link 1
  Link 2
  

1. If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

2. During the download, rename Combofix to Combo-Fix as follows:





3. It is important you rename Combofix during the download, but not after.
4. Please do not rename Combofix to other names, but only to the one indicated.
5. Close any open browsers.
6. We need to disable your local AV (Anti-virus) before running Combofix.

• See HERE for how to disable your AV. (Mcafee)
  
• Double click on ComboFix.exe.
  
• Follow the prompts. NOTE:
  
• ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
  ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***
  
• Allow combofix to run
  
• Post C:\combofix.txt back here.
  
  Note:
  Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
  

ComboFix 09-06-19.01 - Voodoo 20/06/2009 16:33.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.639 [GMT 1:00]
Running from: c:\documents and settings\Voodoo\Desktop\Combo-Fix.exe
AV: ESET Smart Security 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\downloads\cshtr\Desktop_.ini
c:\windows\system32\msvcsv60.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF


((((((((((((((((((((((((( Files Created from 2009-05-20 to 2009-06-20 )))))))))))))))))))))))))))))))
.

2009-06-19 15:46 . 2009-06-19 15:46 3840 ----a-w- c:\windows\DellBIOS.Sys
2009-06-19 15:40 . 2009-06-19 15:40 -------- d-----w- c:\documents and settings\Voodoo\Application Data\Canneverbe_Limited
2009-06-19 15:18 . 2009-06-19 15:18 -------- d-----w- c:\program files\CDBurnerXP
2009-06-19 10:15 . 2008-04-14 04:42 116224 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2009-06-19 10:15 . 2001-08-17 21:36 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2009-06-19 10:15 . 2008-04-14 04:42 18944 -c--a-w- c:\windows\system32\dllcache\xrxscnui.dll
2009-06-19 10:15 . 2001-08-17 21:37 4608 -c--a-w- c:\windows\system32\dllcache\xrxflnch.exe
2009-06-19 10:15 . 2001-08-17 21:37 27648 -c--a-w- c:\windows\system32\dllcache\xrxftplt.exe
2009-06-19 10:15 . 2001-08-17 21:37 99865 -c--a-w- c:\windows\system32\dllcache\xlog.exe
2009-06-19 10:15 . 2001-08-17 11:11 16970 -c--a-w- c:\windows\system32\dllcache\xem336n5.sys
2009-06-19 10:15 . 2008-04-13 21:04 19455 -c--a-w- c:\windows\system32\dllcache\wvchntxx.sys
2009-06-19 10:15 . 2008-04-13 23:16 19200 -c--a-w- c:\windows\system32\dllcache\wstcodec.sys
2009-06-19 10:15 . 2008-04-13 21:04 12063 -c--a-w- c:\windows\system32\dllcache\wsiintxx.sys
2009-06-19 10:15 . 2008-04-14 04:42 8192 -c--a-w- c:\windows\system32\dllcache\wshirda.dll
2009-06-19 10:13 . 2001-08-17 12:28 793598 -c--a-w- c:\windows\system32\dllcache\usr1806.sys
2009-06-19 10:12 . 2008-04-13 23:16 15232 -c--a-w- c:\windows\system32\dllcache\streamip.sys
2009-06-19 10:11 . 2001-08-17 12:53 6784 -c--a-w- c:\windows\system32\dllcache\serscan.sys
2009-06-19 10:10 . 2008-04-13 23:10 6016 -c--a-w- c:\windows\system32\dllcache\qic157.sys
2009-06-19 10:09 . 2001-08-17 11:49 51552 -c--a-w- c:\windows\system32\dllcache\ntgrip.sys
2009-06-19 10:08 . 2001-08-17 13:02 35200 -c--a-w- c:\windows\system32\dllcache\msgame.sys
2009-06-19 10:07 . 2001-08-17 12:51 15744 -c--a-w- c:\windows\system32\dllcache\lit220p.sys
2009-06-19 10:06 . 2001-08-17 21:36 372824 -c--a-w- c:\windows\system32\dllcache\iconf32.dll
2009-06-19 10:05 . 2001-08-17 12:28 488383 -c--a-w- c:\windows\system32\dllcache\hsf_v124.sys
2009-06-19 10:04 . 2001-08-17 21:36 45568 -c--a-w- c:\windows\system32\dllcache\esunib.dll
2009-06-19 10:03 . 2001-08-17 11:13 91305 -c--a-w- c:\windows\system32\dllcache\dimaint.sys
2009-06-19 10:02 . 2008-04-13 23:11 8192 -c--a-w- c:\windows\system32\dllcache\changer.sys
2009-06-19 10:01 . 2001-08-17 21:36 9728 -c--a-w- c:\windows\system32\dllcache\brcoinst.dll
2009-06-19 10:00 . 2001-08-17 13:07 101888 -c--a-w- c:\windows\system32\dllcache\adpu160m.sys
2009-06-18 20:29 . 2009-06-18 20:30 -------- d-----w- c:\documents and settings\Voodoo\TruePianos Settings
2009-06-18 20:23 . 2009-06-18 20:23 -------- d-----w- c:\program files\TruePianos
2009-06-18 20:19 . 2009-06-18 20:20 -------- d-----w- C:\ftpiano
2009-06-16 22:13 . 2009-06-16 22:13 -------- d-----w- c:\program files\Image-Line
2009-06-11 17:16 . 2009-06-11 17:16 -------- d-----w- c:\documents and settings\Voodoo\Application Data\Camfrog
2009-06-11 17:15 . 2009-06-11 17:15 -------- d-----w- c:\program files\Camfrog
2009-06-08 22:19 . 2009-06-08 22:19 -------- d-----w- c:\documents and settings\Voodoo\Local Settings\Application Data\Help
2009-06-08 21:44 . 2009-06-16 00:03 1009352 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-06-08 21:22 . 2008-10-26 05:02 2835262 -c--a-w- c:\documents and settings\All Users\Application Data\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}\SpeedUpMyPC.exe
2009-06-08 21:22 . 2008-10-29 09:43 771360 -c--a-w- c:\documents and settings\All Users\Application Data\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}\Uniblue SpeedUpMyPc 4\23A3CF01\CACB8439\UBSysMan.dll
2009-06-08 21:22 . 2008-10-29 09:43 614688 -c--a-w- c:\documents and settings\All Users\Application Data\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}\Uniblue SpeedUpMyPc 4\EA1A1734\CACB8439\Launcher.exe
2009-06-08 21:22 . 2008-10-29 09:43 54608 -c--a-w- c:\documents and settings\All Users\Application Data\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}\Uniblue SpeedUpMyPc 4\13A9C5E5\CACB8439\Interop.IWshRuntimeLibrary.dll
2009-06-08 21:22 . 2008-10-29 09:43 381216 -c--a-w- c:\documents and settings\All Users\Application Data\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}\Uniblue SpeedUpMyPc 4\1F13E51E\CACB8439\AvalonCommon.dll
2009-06-05 13:35 . 2009-06-05 13:36 -------- d-----w- C:\3161432186f4eb38c1d7
2009-06-05 13:34 . 2009-06-05 14:14 -------- d-----w- c:\windows\SxsCaPendDel
2009-06-05 13:25 . 2009-06-05 13:25 -------- d--h--r- C:\AHCache
2009-06-05 11:56 . 2009-06-08 21:22 -------- d-----w- c:\documents and settings\Voodoo\Application Data\Uniblue
2009-06-05 11:56 . 2009-06-08 21:22 -------- d-----w- c:\program files\Uniblue
2009-06-01 11:04 . 2009-06-01 11:04 -------- d-----w- c:\program files\Intelore
2009-05-31 19:36 . 2009-05-31 19:36 -------- d-----w- C:\Archivos de programa
2009-05-28 14:20 . 2009-05-28 14:20 -------- d-----w- c:\documents and settings\Voodoo\Application Data\Screaming Bee
2009-05-27 20:56 . 2008-04-13 23:15 32128 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys
2009-05-27 20:56 . 2008-04-13 23:15 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2009-05-25 13:17 . 2009-05-25 13:17 -------- d-----w- c:\program files\Microsoft Silverlight
2009-05-25 01:03 . 2009-05-25 01:03 -------- d-----w- c:\program files\Recuva
2009-05-23 22:00 . 2009-05-23 22:00 -------- d-----w- c:\program files\Novel Games
2009-05-23 15:07 . 2009-05-23 15:08 -------- d-----w- c:\program files\pool
2009-05-23 14:27 . 2009-05-23 14:27 -------- d-----w- c:\program files\Common Files\DirectX
2009-05-23 14:25 . 2009-06-08 12:01 -------- d-----w- c:\program files\Billiard Deluxe
2009-05-23 14:23 . 2009-05-23 14:23 -------- d-----w- c:\program files\pool paradise
2009-05-23 13:59 . 2009-05-23 14:01 -------- d-----w- C:\BitRecorder
2009-05-23 13:51 . 2009-05-23 13:51 -------- d-----w- c:\program files\StreamingStar

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-20 15:38 . 2009-03-23 16:43 19456 ----a-w- c:\windows\system32\Partizan.exe
2009-06-20 15:37 . 2009-03-13 18:44 -------- d-----w- c:\documents and settings\Voodoo\Application Data\Orbit
2009-06-20 15:36 . 2009-06-20 15:36 240 ----a-w- c:\windows\system32\drivers\kgpcpy.cfg
2009-06-20 15:36 . 2009-04-14 22:01 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla!
2009-06-19 16:55 . 2009-03-13 16:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-19 16:54 . 2009-03-13 16:27 3561743 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-06-19 16:20 . 2009-03-14 14:10 -------- d-----w- c:\program files\XYplorer
2009-06-18 20:18 . 2009-03-19 20:32 -------- d-----w- c:\program files\Vstplugins
2009-06-17 23:52 . 2009-03-14 14:22 -------- d-----w- c:\documents and settings\Voodoo\Application Data\foobar2000
2009-06-17 12:48 . 2009-03-14 12:30 32 ----a-w- c:\windows\msocreg32.dat
2009-06-17 10:27 . 2009-03-13 16:21 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-17 10:27 . 2009-03-13 16:21 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-12 15:56 . 2009-05-10 17:27 3580 ----a-w- c:\windows\system32\d3d9caps.dat
2009-06-10 18:05 . 2009-03-13 18:44 -------- d-----w- c:\program files\Orbitdownloader
2009-06-08 21:28 . 2009-05-11 11:36 -------- d-----w- c:\documents and settings\Voodoo\Application Data\uTorrent
2009-06-08 21:22 . 2009-06-05 13:41 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}
2009-06-08 21:21 . 2009-03-13 14:44 35000 ----a-w- c:\documents and settings\Voodoo\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-08 21:04 . 2009-06-08 21:04 -------- d-----w- c:\program files\MSBuild
2009-06-08 21:04 . 2009-06-08 21:04 -------- d-----w- c:\program files\Reference Assemblies
2009-06-08 20:50 . 2009-06-08 20:50 3584 ----a-r- c:\documents and settings\Voodoo\Application Data\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe
2009-06-08 20:50 . 2009-06-08 20:50 -------- d-----w- c:\program files\Windows Installer Clean Up
2009-06-08 20:50 . 2009-06-08 20:50 -------- d-----w- c:\program files\MSECACHE
2009-06-08 12:03 . 2009-05-14 00:31 -------- d-----w- c:\program files\Dreamworld's Open - Mini Golf
2009-06-06 10:43 . 2009-03-13 16:27 117760 ----a-w- c:\documents and settings\Voodoo\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-06-06 10:41 . 2009-03-13 15:13 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-06-05 11:44 . 2009-03-22 22:11 -------- d-----w- c:\program files\Neuro-Programmer 2 Professional
2009-06-05 11:43 . 2009-03-22 22:15 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-06-04 11:55 . 2009-03-22 19:27 -------- d-----w- c:\documents and settings\Voodoo\Application Data\Skype
2009-05-31 19:38 . 2009-03-22 15:20 -------- d-----w- c:\program files\UlisesSoft
2009-05-19 15:56 . 2009-04-14 22:02 -------- d-----w- c:\documents and settings\All Users\Application Data\SITEguard
2009-05-18 23:44 . 2009-05-18 23:44 -------- d-----w- c:\program files\mu-tech
2009-05-17 11:30 . 2009-05-08 16:01 -------- d-----w- c:\documents and settings\Voodoo\Application Data\ForgottenRiddles2
2009-05-16 16:08 . 2009-05-16 16:08 -------- d-----w- c:\documents and settings\All Users\Application Data\MinigolfAdventures
2009-05-16 16:07 . 2009-05-16 16:07 -------- d-----w- c:\documents and settings\All Users\Application Data\InstallShield
2009-05-16 16:06 . 2009-03-13 14:50 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-05-16 16:06 . 2009-03-13 14:50 -------- d-----w- c:\program files\Common Files\InstallShield
2009-05-16 16:06 . 2009-05-16 16:06 -------- d-----w- c:\program files\Sierra Online
2009-05-13 14:04 . 2009-05-09 14:16 -------- d-----w- c:\program files\Flash Movie Player
2009-05-11 11:36 . 2009-05-11 11:36 -------- d-----w- c:\program files\uTorrent
2009-05-11 11:33 . 2009-05-11 11:11 -------- d-----w- c:\documents and settings\Voodoo\Application Data\Azureus
2009-05-11 11:11 . 2009-05-11 11:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Azureus
2009-05-09 14:51 . 2009-05-09 14:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Trymedia
2009-05-09 14:49 . 2009-05-09 14:49 -------- d-----w- c:\program files\Steveredrum
2009-05-08 16:00 . 2009-05-08 16:00 -------- d-----w- c:\program files\Games
2009-05-08 15:26 . 2009-05-08 15:26 4096 ----a-w- c:\windows\d3dx.dat
2009-05-08 15:26 . 2009-05-08 15:26 360580 ----a-w- c:\windows\eSellerateEngine.dll
2009-05-08 15:14 . 2009-05-08 15:14 -------- d-----w- c:\program files\Absolutist.com
2009-05-08 15:10 . 2009-05-08 15:10 -------- d-----w- c:\program files\FLVPlayer4Free
2009-05-08 15:06 . 2009-05-08 15:06 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-05-08 15:00 . 2009-04-28 23:30 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2009-05-07 15:32 . 2003-07-16 16:26 345600 ----a-w- c:\windows\system32\localspl.dll
2009-04-29 04:46 . 2003-07-16 16:45 666624 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:46 . 2009-03-13 14:38 81920 ------w- c:\windows\system32\ieencode.dll
2009-04-28 23:32 . 2009-04-05 12:10 -------- d-----w- c:\documents and settings\Voodoo\Application Data\DAEMON Tools Lite
2009-04-28 23:32 . 2009-04-28 23:32 -------- d-----w- c:\documents and settings\Voodoo\Application Data\DAEMON Tools Pro
2009-04-28 23:32 . 2009-04-28 23:32 -------- d-----w- c:\documents and settings\Voodoo\Application Data\DAEMON Tools
2009-04-28 23:31 . 2009-04-28 23:31 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2009-04-28 23:31 . 2009-04-28 23:30 -------- d-----w- c:\program files\DAEMON Tools Lite
2009-04-24 11:37 . 2009-04-23 21:31 -------- d-----w- c:\documents and settings\Voodoo\Application Data\dvdcss
2009-04-23 11:22 . 2009-04-23 11:22 -------- d-----w- c:\program files\WordWeb
2009-04-17 12:26 . 2003-07-16 16:45 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:51 . 2002-11-07 17:47 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-09 09:32 . 2009-04-09 09:32 152576 ----a-w- c:\documents and settings\Voodoo\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-04-06 12:19 . 2009-04-06 12:19 23064 ----a-w- c:\windows\system32\drivers\ScreamingBAudio.sys
2009-04-05 12:10 . 2009-04-05 12:10 717296 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-03-31 13:57 . 2009-03-31 13:57 17408 ----a-r- c:\windows\system32\SZIO5.dll
2009-03-31 13:56 . 2009-03-31 13:56 294912 ----a-r- c:\windows\system32\SZBase5.dll
2009-03-31 13:55 . 2009-03-31 13:55 540672 ----a-r- c:\windows\system32\SZComp5.dll
2009-03-27 09:56 . 2009-03-27 09:56 126976 ----a-r- c:\windows\system32\IS3HTUI5.dll
2009-03-27 09:55 . 2009-03-27 09:55 393216 ----a-r- c:\windows\system32\IS3DBA5.dll
2009-03-27 09:55 . 2009-03-27 09:55 372736 ----a-r- c:\windows\system32\IS3UI5.dll
2009-03-27 09:55 . 2009-03-27 09:55 61440 ----a-r- c:\windows\system32\IS3Hks5.dll
2009-03-27 09:54 . 2009-03-27 09:54 23040 ----a-r- c:\windows\system32\IS3XDat5.dll
2009-03-27 09:54 . 2009-03-27 09:54 221184 ----a-r- c:\windows\system32\IS3Win325.dll
2009-03-27 09:54 . 2009-03-27 09:54 94208 ----a-r- c:\windows\system32\IS3Inet5.dll
2009-03-27 09:53 . 2009-03-27 09:53 90112 ----a-r- c:\windows\system32\IS3Svc5.dll
2009-03-27 09:50 . 2009-03-27 09:50 716800 ----a-r- c:\windows\system32\IS3Base5.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"UnHackMe Monitor"="c:\program files\UnHackMe\hackmon.exe" [2006-05-11 227328]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"Uniblue Registry Booster2"="c:\program files\Uniblue\RegistryBooster2\RegistryBooster.exe" [2007-04-13 1848864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PRONoMgr.exe"="c:\program files\Intel\NCS\PROSet\PRONoMgr.exe" [2003-05-28 86016]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-07-29 335872]
"H2O"="c:\program files\SyncroSoft\Pos\H2O\cledx.exe" [2005-05-11 200069]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-02-06 2021400]
"HS3_AutoRun"="c:\program files\Farstone\HackerSmacker\FWMain.exe" [2005-07-23 323584]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"ATIModeChange"="Ati2mdxx.exe" - c:\windows\system32\Ati2mdxx.exe [2001-09-04 28672]
"Logitech Utility"="Logi_MwX.Exe" - c:\windows\LOGI_MWX.EXE [2003-12-17 19968]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Voodoo\Start Menu\Programs\Startup\
MemTurbo.lnk - c:\program files\Memturbo 4\MemTurbo.exe [2009-3-29 2314752]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Orbit.lnk - c:\program files\Orbitdownloader\orbitdm.exe [2009-3-13 1719496]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 11:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Sebring]
2003-06-20 07:03 110592 ----a-w- c:\windows\system32\LgNotify.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ Partizan\0autocheck autochk *\0

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BTTray.lnk]
backup=c:\windows\pss\BTTray.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Orbit.lnk]
backup=c:\windows\pss\Orbit.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Voodoo^Start Menu^Programs^Startup^MemTurbo.lnk]
backup=c:\windows\pss\MemTurbo.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Voodoo^Start Menu^Programs^Startup^WordWeb.lnk]
backup=c:\windows\pss\WordWeb.lnkStartup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitdm.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Spotify\\spotify.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Camfrog\\Camfrog Video Chat\\Camfrog Video Chat.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=

R0 szkg5;szkg;c:\windows\system32\drivers\SZKG.sys [12/03/2009 12:18 54656]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [06/02/2009 15:23 106208]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [28/04/2009 11:33 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [28/04/2009 11:33 72944]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [06/02/2009 15:23 727720]
R2 fsnet;fsnet;c:\windows\system32\drivers\fsnet.sys [23/03/2009 17:59 18882]
R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [13/03/2009 21:31 33792]
R3 FWCOM;FWCOM;c:\program files\Farstone\HackerSmacker\FWCOM.exe [18/07/2005 19:27 69632]
R3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [13/03/2009 20:51 113896]
R3 SbieDrv;SbieDrv;c:\program files\Sandboxie\SbieDrv.sys [05/01/2009 15:39 103936]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [28/04/2009 11:33 7408]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [06/04/2009 13:19 23064]

--- Other Services/Drivers In Memory ---

*Deregistered* - UnHackMeDrv
.
Contents of the 'Scheduled Tasks' folder

2009-06-08 c:\windows\Tasks\SmartDefrag.job
- c:\program files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2009-03-13 18:15]

2009-06-20 c:\windows\Tasks\WECPUpdate.job
- c:\program files\Essentials Codec Pack\WECPUpdate.exe [2009-02-25 14:28]
.
.
------- Supplementary Scan -------
.
uStart Page = www.google.com
uSearchURL,(Default) = hxxp://uk.rd.yahoo.com/customize/ycomp/defaults/su/*http://uk.yahoo.com
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: Send To &Bluetooth - c:\program files\Dell\Bluetooth Software\btsendto_ie_ctx.htm
LSP: c:\program files\Common Files\iS3\Anti-Spyware\iS3lsp.dll
FF - ProfilePath -
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-20 16:37
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1644491937-1580818891-1343024091-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{F7EDF9E3-95EB-FA8E-D180-702F5DA82676}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"jalmdpclibeleejljnhi"=hex:6a,61,6c,70,70,68,70,6f,64,63,70,6b,69,66,6f,6a,6e,
61,6f,63,00,30
"jalmdpmkpekocelcdapo"=hex:68,62,6e,70,68,6e,6c,64,6b,6a,6b,62,6b,65,68,6c,68,
6e,65,70,65,6c,69,63,6a,65,6b,68,6f,6d,63,62,62,62,62,62,6a,6c,6b,65,6d,63,\

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•A~*]
"AB141C35E9F4BF344B9FC010BB17F68A"="02:\\Software\\Adobe\\FeatureSubscriptions\\DVAAdobeDocMeta\\{53C141BA-4F9E-43FB-B4F9-0C01BB716FA8}\\Registered"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1008)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\LgNotify.dll

- - - - - - - > 'lsass.exe'(1064)
c:\program files\Common Files\iS3\Anti-Spyware\iS3lsp.dll

- - - - - - - > 'explorer.exe'(3172)
c:\program files\Logitech\MouseWare\System\LgWndHk.dll
c:\program files\Common Files\Logitech\Scrolling\LgMsgHk.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\S24EvMon.exe
c:\windows\system32\ZCfgSvc.exe
c:\windows\system32\1XConfig.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe
c:\program files\Logitech\MouseWare\system\EM_EXEC.EXE
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\windows\system32\RegSrvc.exe
c:\program files\Sandboxie\SbieSvc.exe
c:\windows\system32\scardsvr.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Orbitdownloader\orbitnet.exe
.
**************************************************************************
.
Completion time: 2009-06-20 16:40 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-20 15:40

Pre-Run: 17,632,178,176 bytes free
Post-Run: 18,063,032,320 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

312 --- E O F --- 2009-06-09 14:33

Now open a new notepad file.
Input this into the notepad file:

RegNull::
[HKEY_USERS\S-1-5-21-1644491937-1580818891-1343024091-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{F7EDF9E3-95EB-FA8E-D180-702F5DA82676}*]

Save this as CFScript.txt, save it to your desktop also.
Then drag and drop CFScript.txt into combofix as seen below:


This will open combofix again, agree to it's terms and allow it to run.
It may want to reboot after it's done. (It will warn you if it wants to)
Post the resulting log back here.

Before I do this, shall I disable my firewalls and Ant Virus'es

Regards

Hello.
The last Combofix log shows NOD32 was disabled when run, so yes, keep it disabled.

009 2:21.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.652 [GMT 1:00]
Running from: c:\documents and settings\Voodoo\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\Voodoo\Desktop\CFScript.txt
AV: ESET Smart Security 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2009-05-21 to 2009-06-21 )))))))))))))))))))))))))))))))
.

2009-06-19 15:46 . 2009-06-19 15:46 3840 ----a-w- c:\windows\DellBIOS.Sys
2009-06-19 15:40 . 2009-06-19 15:40 -------- d-----w- c:\documents and settings\Voodoo\Application Data\Canneverbe_Limited
2009-06-19 15:18 . 2009-06-19 15:18 -------- d-----w- c:\program files\CDBurnerXP
2009-06-19 10:15 . 2008-04-14 04:42 116224 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2009-06-19 10:15 . 2001-08-17 21:36 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2009-06-19 10:15 . 2008-04-14 04:42 18944 -c--a-w- c:\windows\system32\dllcache\xrxscnui.dll
2009-06-19 10:15 . 2001-08-17 21:37 4608 -c--a-w- c:\windows\system32\dllcache\xrxflnch.exe
2009-06-19 10:15 . 2001-08-17 21:37 27648 -c--a-w- c:\windows\system32\dllcache\xrxftplt.exe
2009-06-19 10:15 . 2001-08-17 21:37 99865 -c--a-w- c:\windows\system32\dllcache\xlog.exe
2009-06-19 10:15 . 2001-08-17 11:11 16970 -c--a-w- c:\windows\system32\dllcache\xem336n5.sys
2009-06-19 10:15 . 2008-04-13 21:04 19455 -c--a-w- c:\windows\system32\dllcache\wvchntxx.sys
2009-06-19 10:15 . 2008-04-13 23:16 19200 -c--a-w- c:\windows\system32\dllcache\wstcodec.sys
2009-06-19 10:15 . 2008-04-13 21:04 12063 -c--a-w- c:\windows\system32\dllcache\wsiintxx.sys
2009-06-19 10:15 . 2008-04-14 04:42 8192 -c--a-w- c:\windows\system32\dllcache\wshirda.dll
2009-06-19 10:13 . 2001-08-17 12:28 793598 -c--a-w- c:\windows\system32\dllcache\usr1806.sys
2009-06-19 10:12 . 2008-04-13 23:16 15232 -c--a-w- c:\windows\system32\dllcache\streamip.sys
2009-06-19 10:11 . 2001-08-17 12:53 6784 -c--a-w- c:\windows\system32\dllcache\serscan.sys
2009-06-19 10:10 . 2008-04-13 23:10 6016 -c--a-w- c:\windows\system32\dllcache\qic157.sys
2009-06-19 10:09 . 2001-08-17 11:49 51552 -c--a-w- c:\windows\system32\dllcache\ntgrip.sys
2009-06-19 10:08 . 2001-08-17 13:02 35200 -c--a-w- c:\windows\system32\dllcache\msgame.sys
2009-06-19 10:07 . 2001-08-17 12:51 15744 -c--a-w- c:\windows\system32\dllcache\lit220p.sys
2009-06-19 10:06 . 2001-08-17 21:36 372824 -c--a-w- c:\windows\system32\dllcache\iconf32.dll
2009-06-19 10:05 . 2001-08-17 12:28 488383 -c--a-w- c:\windows\system32\dllcache\hsf_v124.sys
2009-06-19 10:04 . 2001-08-17 21:36 45568 -c--a-w- c:\windows\system32\dllcache\esunib.dll
2009-06-19 10:03 . 2001-08-17 11:13 91305 -c--a-w- c:\windows\system32\dllcache\dimaint.sys
2009-06-19 10:02 . 2008-04-13 23:11 8192 -c--a-w- c:\windows\system32\dllcache\changer.sys
2009-06-19 10:01 . 2001-08-17 21:36 9728 -c--a-w- c:\windows\system32\dllcache\brcoinst.dll
2009-06-19 10:00 . 2001-08-17 13:07 101888 -c--a-w- c:\windows\system32\dllcache\adpu160m.sys
2009-06-18 20:29 . 2009-06-18 20:30 -------- d-----w- c:\documents and settings\Voodoo\TruePianos Settings
2009-06-18 20:23 . 2009-06-18 20:23 -------- d-----w- c:\program files\TruePianos
2009-06-18 20:19 . 2009-06-18 20:20 -------- d-----w- C:\ftpiano
2009-06-16 22:13 . 2009-06-16 22:13 -------- d-----w- c:\program files\Image-Line
2009-06-11 17:16 . 2009-06-11 17:16 -------- d-----w- c:\documents and settings\Voodoo\Application Data\Camfrog
2009-06-11 17:15 . 2009-06-11 17:15 -------- d-----w- c:\program files\Camfrog
2009-06-08 22:19 . 2009-06-08 22:19 -------- d-----w- c:\documents and settings\Voodoo\Local Settings\Application Data\Help
2009-06-08 21:44 . 2009-06-16 00:03 1009352 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-06-08 21:22 . 2008-10-26 05:02 2835262 -c--a-w- c:\documents and settings\All Users\Application Data\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}\SpeedUpMyPC.exe
2009-06-08 21:22 . 2008-10-29 09:43 771360 -c--a-w- c:\documents and settings\All Users\Application Data\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}\Uniblue SpeedUpMyPc 4\23A3CF01\CACB8439\UBSysMan.dll
2009-06-08 21:22 . 2008-10-29 09:43 614688 -c--a-w- c:\documents and settings\All Users\Application Data\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}\Uniblue SpeedUpMyPc 4\EA1A1734\CACB8439\Launcher.exe
2009-06-08 21:22 . 2008-10-29 09:43 54608 -c--a-w- c:\documents and settings\All Users\Application Data\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}\Uniblue SpeedUpMyPc 4\13A9C5E5\CACB8439\Interop.IWshRuntimeLibrary.dll
2009-06-08 21:22 . 2008-10-29 09:43 381216 -c--a-w- c:\documents and settings\All Users\Application Data\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}\Uniblue SpeedUpMyPc 4\1F13E51E\CACB8439\AvalonCommon.dll
2009-06-05 13:35 . 2009-06-05 13:36 -------- d-----w- C:\3161432186f4eb38c1d7
2009-06-05 13:34 . 2009-06-05 14:14 -------- d-----w- c:\windows\SxsCaPendDel
2009-06-05 13:25 . 2009-06-05 13:25 -------- d--h--r- C:\AHCache
2009-06-05 11:56 . 2009-06-08 21:22 -------- d-----w- c:\documents and settings\Voodoo\Application Data\Uniblue
2009-06-05 11:56 . 2009-06-08 21:22 -------- d-----w- c:\program files\Uniblue
2009-06-01 11:04 . 2009-06-01 11:04 -------- d-----w- c:\program files\Intelore
2009-05-31 19:36 . 2009-05-31 19:36 -------- d-----w- C:\Archivos de programa
2009-05-28 14:20 . 2009-05-28 14:20 -------- d-----w- c:\documents and settings\Voodoo\Application Data\Screaming Bee
2009-05-27 20:56 . 2008-04-13 23:15 32128 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys
2009-05-27 20:56 . 2008-04-13 23:15 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2009-05-25 13:17 . 2009-05-25 13:17 -------- d-----w- c:\program files\Microsoft Silverlight
2009-05-25 01:03 . 2009-05-25 01:03 -------- d-----w- c:\program files\Recuva
2009-05-23 22:00 . 2009-05-23 22:00 -------- d-----w- c:\program files\Novel Games
2009-05-23 15:07 . 2009-05-23 15:08 -------- d-----w- c:\program files\pool
2009-05-23 14:27 . 2009-05-23 14:27 -------- d-----w- c:\program files\Common Files\DirectX
2009-05-23 14:25 . 2009-06-08 12:01 -------- d-----w- c:\program files\Billiard Deluxe
2009-05-23 14:23 . 2009-05-23 14:23 -------- d-----w- c:\program files\pool paradise
2009-05-23 13:59 . 2009-05-23 14:01 -------- d-----w- C:\BitRecorder
2009-05-23 13:51 . 2009-05-23 13:51 -------- d-----w- c:\program files\StreamingStar

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-21 01:18 . 2009-03-23 16:43 19456 ----a-w- c:\windows\system32\Partizan.exe
2009-06-20 15:37 . 2009-03-13 18:44 -------- d-----w- c:\documents and settings\Voodoo\Application Data\Orbit
2009-06-20 15:36 . 2009-06-20 15:36 240 ----a-w- c:\windows\system32\drivers\kgpcpy.cfg
2009-06-20 15:36 . 2009-04-14 22:01 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla!
2009-06-19 16:55 . 2009-03-13 16:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-19 16:54 . 2009-03-13 16:27 3561743 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-06-19 16:20 . 2009-03-14 14:10 -------- d-----w- c:\program files\XYplorer
2009-06-18 20:18 . 2009-03-19 20:32 -------- d-----w- c:\program files\Vstplugins
2009-06-17 23:52 . 2009-03-14 14:22 -------- d-----w- c:\documents and settings\Voodoo\Application Data\foobar2000
2009-06-17 12:48 . 2009-03-14 12:30 32 ----a-w- c:\windows\msocreg32.dat
2009-06-17 10:27 . 2009-03-13 16:21 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-17 10:27 . 2009-03-13 16:21 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-12 15:56 . 2009-05-10 17:27 3580 ----a-w- c:\windows\system32\d3d9caps.dat
2009-06-10 18:05 . 2009-03-13 18:44 -------- d-----w- c:\program files\Orbitdownloader
2009-06-08 21:28 . 2009-05-11 11:36 -------- d-----w- c:\documents and settings\Voodoo\Application Data\uTorrent
2009-06-08 21:22 . 2009-06-05 13:41 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}
2009-06-08 21:21 . 2009-03-13 14:44 35000 ----a-w- c:\documents and settings\Voodoo\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-08 21:04 . 2009-06-08 21:04 -------- d-----w- c:\program files\MSBuild
2009-06-08 21:04 . 2009-06-08 21:04 -------- d-----w- c:\program files\Reference Assemblies
2009-06-08 20:50 . 2009-06-08 20:50 3584 ----a-r- c:\documents and settings\Voodoo\Application Data\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe
2009-06-08 20:50 . 2009-06-08 20:50 -------- d-----w- c:\program files\Windows Installer Clean Up
2009-06-08 20:50 . 2009-06-08 20:50 -------- d-----w- c:\program files\MSECACHE
2009-06-08 12:03 . 2009-05-14 00:31 -------- d-----w- c:\program files\Dreamworld's Open - Mini Golf
2009-06-06 10:43 . 2009-03-13 16:27 117760 ----a-w- c:\documents and settings\Voodoo\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-06-06 10:41 . 2009-03-13 15:13 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-06-05 11:44 . 2009-03-22 22:11 -------- d-----w- c:\program files\Neuro-Programmer 2 Professional
2009-06-05 11:43 . 2009-03-22 22:15 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-06-04 11:55 . 2009-03-22 19:27 -------- d-----w- c:\documents and settings\Voodoo\Application Data\Skype
2009-05-31 19:38 . 2009-03-22 15:20 -------- d-----w- c:\program files\UlisesSoft
2009-05-19 15:56 . 2009-04-14 22:02 -------- d-----w- c:\documents and settings\All Users\Application Data\SITEguard
2009-05-18 23:44 . 2009-05-18 23:44 -------- d-----w- c:\program files\mu-tech
2009-05-17 11:30 . 2009-05-08 16:01 -------- d-----w- c:\documents and settings\Voodoo\Application Data\ForgottenRiddles2
2009-05-16 16:08 . 2009-05-16 16:08 -------- d-----w- c:\documents and settings\All Users\Application Data\MinigolfAdventures
2009-05-16 16:07 . 2009-05-16 16:07 -------- d-----w- c:\documents and settings\All Users\Application Data\InstallShield
2009-05-16 16:06 . 2009-03-13 14:50 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-05-16 16:06 . 2009-03-13 14:50 -------- d-----w- c:\program files\Common Files\InstallShield
2009-05-16 16:06 . 2009-05-16 16:06 -------- d-----w- c:\program files\Sierra Online
2009-05-13 14:04 . 2009-05-09 14:16 -------- d-----w- c:\program files\Flash Movie Player
2009-05-11 11:36 . 2009-05-11 11:36 -------- d-----w- c:\program files\uTorrent
2009-05-11 11:33 . 2009-05-11 11:11 -------- d-----w- c:\documents and settings\Voodoo\Application Data\Azureus
2009-05-11 11:11 . 2009-05-11 11:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Azureus
2009-05-09 14:51 . 2009-05-09 14:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Trymedia
2009-05-09 14:49 . 2009-05-09 14:49 -------- d-----w- c:\program files\Steveredrum
2009-05-08 16:00 . 2009-05-08 16:00 -------- d-----w- c:\program files\Games
2009-05-08 15:26 . 2009-05-08 15:26 4096 ----a-w- c:\windows\d3dx.dat
2009-05-08 15:26 . 2009-05-08 15:26 360580 ----a-w- c:\windows\eSellerateEngine.dll
2009-05-08 15:14 . 2009-05-08 15:14 -------- d-----w- c:\program files\Absolutist.com
2009-05-08 15:10 . 2009-05-08 15:10 -------- d-----w- c:\program files\FLVPlayer4Free
2009-05-08 15:06 . 2009-05-08 15:06 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-05-08 15:00 . 2009-04-28 23:30 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2009-05-07 15:32 . 2003-07-16 16:26 345600 ----a-w- c:\windows\system32\localspl.dll
2009-04-29 04:46 . 2003-07-16 16:45 666624 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:46 . 2009-03-13 14:38 81920 ------w- c:\windows\system32\ieencode.dll
2009-04-28 23:32 . 2009-04-05 12:10 -------- d-----w- c:\documents and settings\Voodoo\Application Data\DAEMON Tools Lite
2009-04-28 23:32 . 2009-04-28 23:32 -------- d-----w- c:\documents and settings\Voodoo\Application Data\DAEMON Tools Pro
2009-04-28 23:32 . 2009-04-28 23:32 -------- d-----w- c:\documents and settings\Voodoo\Application Data\DAEMON Tools
2009-04-28 23:31 . 2009-04-28 23:31 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2009-04-28 23:31 . 2009-04-28 23:30 -------- d-----w- c:\program files\DAEMON Tools Lite
2009-04-24 11:37 . 2009-04-23 21:31 -------- d-----w- c:\documents and settings\Voodoo\Application Data\dvdcss
2009-04-23 11:22 . 2009-04-23 11:22 -------- d-----w- c:\program files\WordWeb
2009-04-17 12:26 . 2003-07-16 16:45 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:51 . 2002-11-07 17:47 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-09 09:32 . 2009-04-09 09:32 152576 ----a-w- c:\documents and settings\Voodoo\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-04-06 12:19 . 2009-04-06 12:19 23064 ----a-w- c:\windows\system32\drivers\ScreamingBAudio.sys
2009-04-05 12:10 . 2009-04-05 12:10 717296 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-03-31 13:57 . 2009-03-31 13:57 17408 ----a-r- c:\windows\system32\SZIO5.dll
2009-03-31 13:56 . 2009-03-31 13:56 294912 ----a-r- c:\windows\system32\SZBase5.dll
2009-03-31 13:55 . 2009-03-31 13:55 540672 ----a-r- c:\windows\system32\SZComp5.dll
2009-03-27 09:56 . 2009-03-27 09:56 126976 ----a-r- c:\windows\system32\IS3HTUI5.dll
2009-03-27 09:55 . 2009-03-27 09:55 393216 ----a-r- c:\windows\system32\IS3DBA5.dll
2009-03-27 09:55 . 2009-03-27 09:55 372736 ----a-r- c:\windows\system32\IS3UI5.dll
2009-03-27 09:55 . 2009-03-27 09:55 61440 ----a-r- c:\windows\system32\IS3Hks5.dll
2009-03-27 09:54 . 2009-03-27 09:54 23040 ----a-r- c:\windows\system32\IS3XDat5.dll
2009-03-27 09:54 . 2009-03-27 09:54 221184 ----a-r- c:\windows\system32\IS3Win325.dll
2009-03-27 09:54 . 2009-03-27 09:54 94208 ----a-r- c:\windows\system32\IS3Inet5.dll
2009-03-27 09:53 . 2009-03-27 09:53 90112 ----a-r- c:\windows\system32\IS3Svc5.dll
2009-03-27 09:50 . 2009-03-27 09:50 716800 ----a-r- c:\windows\system32\IS3Base5.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"UnHackMe Monitor"="c:\program files\UnHackMe\hackmon.exe" [2006-05-11 227328]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"Uniblue Registry Booster2"="c:\program files\Uniblue\RegistryBooster2\RegistryBooster.exe" [2007-04-13 1848864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PRONoMgr.exe"="c:\program files\Intel\NCS\PROSet\PRONoMgr.exe" [2003-05-28 86016]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-07-29 335872]
"H2O"="c:\program files\SyncroSoft\Pos\H2O\cledx.exe" [2005-05-11 200069]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-02-06 2021400]
"HS3_AutoRun"="c:\program files\Farstone\HackerSmacker\FWMain.exe" [2005-07-23 323584]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"ATIModeChange"="Ati2mdxx.exe" - c:\windows\system32\Ati2mdxx.exe [2001-09-04 28672]
"Logitech Utility"="Logi_MwX.Exe" - c:\windows\LOGI_MWX.EXE [2003-12-17 19968]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Voodoo\Start Menu\Programs\Startup\
MemTurbo.lnk - c:\program files\Memturbo 4\MemTurbo.exe [2009-3-29 2314752]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Orbit.lnk - c:\program files\Orbitdownloader\orbitdm.exe [2009-3-13 1719496]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 11:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Sebring]
2003-06-20 07:03 110592 ----a-w- c:\windows\system32\LgNotify.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ Partizan\0autocheck autochk *

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BTTray.lnk]
backup=c:\windows\pss\BTTray.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Orbit.lnk]
backup=c:\windows\pss\Orbit.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Voodoo^Start Menu^Programs^Startup^MemTurbo.lnk]
backup=c:\windows\pss\MemTurbo.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Voodoo^Start Menu^Programs^Startup^WordWeb.lnk]
backup=c:\windows\pss\WordWeb.lnkStartup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitdm.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Spotify\\spotify.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Camfrog\\Camfrog Video Chat\\Camfrog Video Chat.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=

R0 szkg5;szkg;c:\windows\system32\drivers\SZKG.sys [12/03/2009 12:18 54656]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [06/02/2009 15:23 106208]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [28/04/2009 11:33 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [28/04/2009 11:33 72944]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [06/02/2009 15:23 727720]
R2 fsnet;fsnet;c:\windows\system32\drivers\fsnet.sys [23/03/2009 17:59 18882]
R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [13/03/2009 21:31 33792]
R3 FWCOM;FWCOM;c:\program files\Farstone\HackerSmacker\FWCOM.exe [18/07/2005 19:27 69632]
R3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [13/03/2009 20:51 113896]
R3 SbieDrv;SbieDrv;c:\program files\Sandboxie\SbieDrv.sys [05/01/2009 15:39 103936]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [28/04/2009 11:33 7408]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [06/04/2009 13:19 23064]

--- Other Services/Drivers In Memory ---

*Deregistered* - UnHackMeDrv
.
Contents of the 'Scheduled Tasks' folder

2009-06-20 c:\windows\Tasks\WECPUpdate.job
- c:\program files\Essentials Codec Pack\WECPUpdate.exe [2009-02-25 14:28]
.
.
------- Supplementary Scan -------
.
uStart Page = www.google.com
uSearchURL,(Default) = hxxp://uk.rd.yahoo.com/customize/ycomp/defaults/su/*http://uk.yahoo.com
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: Send To &Bluetooth - c:\program files\Dell\Bluetooth Software\btsendto_ie_ctx.htm
LSP: c:\program files\Common Files\iS3\Anti-Spyware\iS3lsp.dll
FF - ProfilePath -
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-21 02:24
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•A~*]
"AB141C35E9F4BF344B9FC010BB17F68A"="02:\\Software\\Adobe\\FeatureSubscriptions\\DVAAdobeDocMeta\\{53C141BA-4F9E-43FB-B4F9-0C01BB716FA8}\\Registered"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1008)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\LgNotify.dll

- - - - - - - > 'lsass.exe'(1064)
c:\program files\Common Files\iS3\Anti-Spyware\iS3lsp.dll

- - - - - - - > 'explorer.exe'(1272)
c:\program files\Logitech\MouseWare\System\LgWndHk.dll
c:\program files\Common Files\Logitech\Scrolling\LgMsgHk.dll
.
Completion time: 2009-06-21 2:25
ComboFix-quarantined-files.txt 2009-06-21 01:25
ComboFix2.txt 2009-06-20 15:40

Pre-Run: 17,994,911,744 bytes free
Post-Run: 17,982,459,904 bytes free

272 --- E O F --- 2009-06-09 14:33

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /u



This will also reset your restore points.

How is the machine running now?

Hi

I hve tried this, but I get the windows can not find combofix error message.
I've also tried it with the dash in too. It is still on my desktop though.

Regards

Please delete it manually with Right Click-->Delete

How is the computer running?

I hve done that.. Do I not still need to follow the last step from Belahzur?

The computer seems to boot faster, I'll run it over the day and see if how things run, and will post back.

Out of interest, what problems, major/minor did you come across?

Regards

No that last step deleted ComboFix which you have already done. The computer just had a couple of malicious files and one drive that caused it to slow down.



Below I have included a number of recommendations for how to protect your computer in order to prevent future malware infections. Please take these recommendations seriously; these few simple steps can stave off the vast majority of spyware problems. As happy as we are to help you, for your sake we would rather not have repeat customers.

1) Please navigate to http://windowsupdate.microsoft.com and download all the "critical updates" for Windows. This can patch many of the security holes through which attackers can gain access to your computer.

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates , or get into the habit of checking for Windows updates regularly. I cannot stress enough how important this is.

2) In order to protect yourself against spyware, you should consider installing and running the following free programs:

Ad-Aware SE
A tutorial on using Ad-Aware to remove spyware from your computer may be found here.

Spybot-Search & Destroy
A tutorial on using Spybot to remove spyware from your computer may be found here. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features.

SpywareBlaster
A tutorial on using SpywareBlaster to prevent spyware from ever installing on your computer may be found here.

SpywareGuard
A tutorial on using SpywareGuard for realtime protection against spyware and hijackers may be found here.

Make sure to keep these programs up-to-date and to run them regularly, as this can prevent a great deal of spyware hassle.

3) Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in popup blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from here:
http://www.mozilla.org/products/firefox/
I also recommand the following add-ons for Firefox, they will help keep you safe from malicious scripts or activeX exploits.
https://addons.mozilla.org/en-US/firefox/addon/722
https://addons.mozilla.org/en-US/firefox/addon/1865
https://addons.mozilla.org/en-US/firefox/addon/433

4) Also make sure to run your antivirus software regularly, and to keep it up-to-date.

To help you keep your software updated, please considering using this free software program that will check for program updates.
Update Checker

5) Finally, consider maintaining a firewall. Some good free firewalls are Kerio, or
Outpost
A tutorial on understanding and using firewalls may be found here.

Please also read Tony Klein's excellent article: How I got Infected in the First Place

If you would take a moment to fill out our feedback form, we would appreciate it.
The link can be found here.

Hopefully this should take care of your problems! Good luck.

It seems to load faster, but are about 20 instances of catchme files picked up as trojans in the registry keys.
Theres also a catchme.sys in the temp folder.

Also theres strange entries called system policies, under the hi-jacker category.

Are these from combofix? As they wern't there before.

I did this particular scan with Stopzilla after a reboot..

Regards

STOPZilla finds catchme? just ignore it then, false positive. Catchme is a userland rootkit scanner.

Well after giving my computer a couple of days, It has crashed 5 times, 4 of which when I was in firefox, the computer just literally freezes, no mouse movement or keyboard function. I have to switch off and reboot..

Don't know if it's realated to the last problem or not.

Any ideas?

Regards