WiredWX Hobby Weather ToolsLog in

 


descriptionC:\combofix.txt EmptyC:combofix.txt

more_horiz
ComboFix 09-06-26.02 - Lisette Guido 06/26/2009 19:30.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.523 [GMT -7:00]
Running from: c:\documents and settings\Lisette Guido\Desktop\Combo-Fix.exe
AV: Lavasoft Ad-Watch Live! Anti-Virus *On-access scanning disabled* (Updated) {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Administrator\Application Data\install.dat
c:\documents and settings\All Users\Application Data\N1
c:\documents and settings\Lisette Guido\Application Data\install.dat
c:\windows\1025w9rm5z.bin
c:\windows\10492no9-a5virus7a9z.cpl
c:\windows\1050thiefz9759.dll
c:\windows\110699zy555.ocx
c:\windows\11477not-azvirus595.cpl
c:\windows\12065v9ru5zd1.ocx
c:\windows\12559wozm589.dll
c:\windows\12939par5e966z.ocx
c:\windows\12z0thre9t15728.exe
c:\windows\13000not-5zviru93c5.exe
c:\windows\13004not-a-vz9us759.cpl
c:\windows\13ez5ackd9or31.exe
c:\windows\1438zs9y654.exe
c:\windows\14857hacktzo569c9.dll
c:\windows\15080s59bbz.ocx
c:\windows\15246notza-9irus135.bin
c:\windows\1545not-a-vi9us4z0.ocx
c:\windows\1545sp957az.exe
c:\windows\1545zir6959.cpl
c:\windows\1565z5ot-a-virus1729.exe
c:\windows\15908w9rm1z95.dll
c:\windows\15995szy172.dll
c:\windows\1599zworm76.exe
c:\windows\159fzpyware2359.exe
c:\windows\15a3dow9zoader5142.exe
c:\windows\15z32not-a-virus50b9.exe
c:\windows\1632zspa5bot955.dll
c:\windows\168z65py409.ocx
c:\windows\169309iru5z6.cpl
c:\windows\16z5hacktoo9a2.exe
c:\windows\16zadownloader12759.dll
c:\windows\1706th5eatz9949.ocx
c:\windows\17556w59m349z.exe
c:\windows\17975sp5mbzt705.dll
c:\windows\1808zvi9us62b5.exe
c:\windows\180dth59at2z44.dll
c:\windows\18230tr9z552.bin
c:\windows\1824zs9y55f5.bin
c:\windows\1853195ruz90.bin
c:\windows\185595izf2736.bin
c:\windows\190045ormz49.cpl
c:\windows\1902v5rz33.dll
c:\windows\19159not-a-ziru55ca.dll
c:\windows\1931azdwar526829.exe
c:\windows\19391v5rus31bz.bin
c:\windows\195z8spambot991.bin
c:\windows\1976895azbot1b1.ocx
c:\windows\19799not-z5virus543.cpl
c:\windows\19e5azd9are1103.bin
c:\windows\1b65zhr9at12248.bin
c:\windows\1c59stez95433.ocx
c:\windows\1d28tzre5t3439.cpl
c:\windows\1e5bthreat3z795.dll
c:\windows\1e9czparse255.ocx
c:\windows\1eaaba9kdoor20z5.ocx
c:\windows\1f52s9e5l1z50.exe
c:\windows\1f979own5zader265.dll
c:\windows\1fspyware597z.ocx
c:\windows\1z293worm455.bin
c:\windows\1z669py5c2.ocx
c:\windows\1z905virus532.bin
c:\windows\2051sp9rse170z.bin
c:\windows\208es95al1656z.ocx
c:\windows\20907n5t-a-virz92b9.dll
c:\windows\2115z9iru527d.exe
c:\windows\21323zacktool2059.exe
c:\windows\21682zir5s908.ocx
c:\windows\2179vzr1475.bin
c:\windows\218759ackzool7b8.ocx
c:\windows\2196395ojf2z.ocx
c:\windows\21cc95dwarz585.exe
c:\windows\21z095dware2190.bin
c:\windows\222839o5-azvirus88.cpl
c:\windows\22zbt5reat10195.cpl
c:\windows\230ztroj3059.exe
c:\windows\231e9hiez561.cpl
c:\windows\23579wo5m5d0z.cpl
c:\windows\235d9ddware2z35.ocx
c:\windows\235d9ir2z66.bin
c:\windows\23799viruz54a9.ocx
c:\windows\23891virus4z95.dll
c:\windows\2445zro9757.ocx
c:\windows\24799spamb5t69z.bin
c:\windows\24977no9-a-zirus145.ocx
c:\windows\24a4s9arse1z55.dll
c:\windows\2518z5py579.ocx
c:\windows\251av9r156z.exe
c:\windows\252z2s9y6c4.bin
c:\windows\253495zt-a-vi9us7e2.bin
c:\windows\25358vi9uszfe.exe
c:\windows\25538vir9z26.exe
c:\windows\259bthizf9341.dll
c:\windows\25b0spa9sz1955.dll
c:\windows\25c9s9arsez98.exe
c:\windows\25z41vir5s6f29.bin
c:\windows\26351zroj45d9.ocx
c:\windows\26659zorm3749.exe
c:\windows\27107wozm2519.exe
c:\windows\27185viru9515z.exe
c:\windows\27387spz5bot7c9.exe
c:\windows\27493sp5ze.cpl
c:\windows\2770zot-a-vi5us9a5.ocx
c:\windows\27950s9y458z.cpl
c:\windows\28138zpy2559.ocx
c:\windows\28155spamzot95.ocx
c:\windows\28354woz925e.dll
c:\windows\28505virzs6ff9.bin
c:\windows\28572z5rm98.ocx
c:\windows\287z9tr5j27d.bin
c:\windows\29558virus3bz.dll
c:\windows\2956sza5se18859.exe
c:\windows\295asparze399.ocx
c:\windows\2965zv5ru9783.cpl
c:\windows\299945orm2z7.ocx
c:\windows\29999py15z.dll
c:\windows\29bz9parse2259.cpl
c:\windows\2a23v9521z6.bin
c:\windows\2a94spywa5e920z.ocx
c:\windows\2a9aste5l2437z.cpl
c:\windows\2bcfzte5l9181.cpl
c:\windows\2c209hrezt25950.bin
c:\windows\2dea95yware18z.bin
c:\windows\2f5bth9efz984.cpl
c:\windows\300z3no9-a-virus125.cpl
c:\windows\30290ha9ktozl759.cpl
c:\windows\3142z5ot-a9virus360.cpl
c:\windows\315zspam5ot90b.exe
c:\windows\3166spyzar51859.cpl
c:\windows\3179zno9-a-5irus57c.ocx
c:\windows\32518hacktzo9614.dll
c:\windows\32735spy49cz.cpl
c:\windows\3295vz5251.bin
c:\windows\3449addwzre3225.bin
c:\windows\352espazse1409.cpl
c:\windows\35d6addw9re1z90.ocx
c:\windows\35ffste9l53z5.exe
c:\windows\35z5addwa9e1782.bin
c:\windows\36b0st95l3z46.exe
c:\windows\379zsp5rse894.exe
c:\windows\387095arse6z7.dll
c:\windows\3899s9zmb5t2f6.exe
c:\windows\39553spyz80.dll
c:\windows\39faddwz5e1779.dll
c:\windows\3b7fbackdozr13975.cpl
c:\windows\3bz09ackdoor5980.cpl
c:\windows\3c25th5eaz97441.dll
c:\windows\3c4z9teal2450.cpl
c:\windows\3c9cstzal835.ocx
c:\windows\3d52ba59dzor2472.cpl
c:\windows\3dda5hief29z4.ocx
c:\windows\3de5szy9are664.bin
c:\windows\3z910spam5ot9f.cpl
c:\windows\4050downlo5derz899.bin
c:\windows\4099v9r165z.exe
c:\windows\415d5ir7z89.ocx
c:\windows\41fzvir5975.bin
c:\windows\41z35pa9se142.bin
c:\windows\422tzreat12954.dll
c:\windows\4298tro9zea5.bin
c:\windows\438ethi9f8z95.exe
c:\windows\43935hief96z.cpl
c:\windows\43z9addware5121.dll
c:\windows\4475steal19z99.bin
c:\windows\4504spzmbo9406.exe
c:\windows\4511sp9warez060.dll
c:\windows\4545not-z-virus49f9.ocx
c:\windows\457zthi9f2944.bin
c:\windows\459fstezl1002.bin
c:\windows\45azthreat99307.exe
c:\windows\465fdownloadzr55509.dll
c:\windows\474t9iez7765.bin
c:\windows\476b9ddzare855.ocx
c:\windows\488ct5iez2096.cpl
c:\windows\4891spar5e200z.exe
c:\windows\49579iz1191.bin
c:\windows\495bthreat42z5.exe
c:\windows\499as5eal8z.cpl
c:\windows\49d1downlozder1158.exe
c:\windows\4afdbac5door2z19.cpl
c:\windows\4b66spyza9e458.bin
c:\windows\4b68thr9atz757.bin
c:\windows\4c6cdownlo9der583z.cpl
c:\windows\4e2zsp9rse3085.ocx
c:\windows\4e5e9parsz2091.exe
c:\windows\4fb9t9reat15z95.cpl
c:\windows\4z01thre5t2955.cpl
c:\windows\4z04dow5lo9der401.bin
c:\windows\4z1dst9a5430.bin
c:\windows\4zccspa5se998.dll
c:\windows\50z59v9rus241.dll
c:\windows\514s5e9l243z.bin
c:\windows\5155spywaze1129.ocx
c:\windows\516dazd5are2997.dll
c:\windows\51889zirus3c9.bin
c:\windows\51z2sp91ae.bin
c:\windows\521z95yware234.ocx
c:\windows\5227spy9are1752z.bin
c:\windows\5256thrzat52259.cpl
c:\windows\529thief2308z.cpl
c:\windows\53097zacktoo96d8.dll
c:\windows\53750not-azvirus31b9.bin
c:\windows\538d9ir51z3.exe
c:\windows\539z9r5j220.bin
c:\windows\539zs5y9d9.exe
c:\windows\53za9tea5548.ocx
c:\windows\5411w59mzd.dll
c:\windows\54266spy195z.dll
c:\windows\54a6b9ckzoor1115.exe
c:\windows\54aebackdoor6z89.cpl
c:\windows\550zste9l727.ocx
c:\windows\5514zh9ef684.exe
c:\windows\5515hackz9ol41a.cpl
c:\windows\55269py5zf.dll
c:\windows\5539steal156z.cpl
c:\windows\554fthizf19005.exe
c:\windows\558ebac9door540z.cpl
c:\windows\558zwor948e.exe
c:\windows\55zst9al3085.bin
c:\windows\565z9ir292.exe
c:\windows\56ae5d9zare2825.bin
c:\windows\57084spz9d.ocx
c:\windows\570bspywaze1389.exe
c:\windows\57349worm73z.dll
c:\windows\5745zo9-a-virus7c.bin
c:\windows\5746vir1049z.exe
c:\windows\5799sparze1951.dll
c:\windows\57e1doznloader9440.dll
c:\windows\5878zroj298.ocx
c:\windows\5893spazse29185.cpl
c:\windows\59034zroj623.exe
c:\windows\590bazdware2544.exe
c:\windows\59143vi9us79z.dll
c:\windows\592z4spamb9t4d.bin
c:\windows\594zvir2451.bin
c:\windows\5956vizus599.exe
c:\windows\595zhief2350.exe
c:\windows\598cthreat302z3.exe
c:\windows\5992zac5tool5e0.bin
c:\windows\59990tzoj7a4.cpl
c:\windows\59afbackdoor1508z.dll
c:\windows\59b4backd59z2946.ocx
c:\windows\59cbsteaz704.ocx
c:\windows\59d89z5ef783.exe
c:\windows\5a5bthreat9z516.bin
c:\windows\5afado5zloader3469.dll
c:\windows\5afdt5iez2941.exe
c:\windows\5c3zsteal1971.ocx
c:\windows\5cc5zhie91.cpl
c:\windows\5d05spzware9559.exe
c:\windows\5d15addware599z.cpl
c:\windows\5d5dthi9fz00.ocx
c:\windows\5e0csp5rz9159.cpl
c:\windows\5e46tzre9t12045.ocx
c:\windows\5f1fbackdoz92166.exe
c:\windows\5f72azdware3297.ocx
c:\windows\5f9aspywarz579.dll
c:\windows\5ffz9ackdoo5383.cpl
c:\windows\5z35spyware9244.bin
c:\windows\5z48viru93fe.cpl
c:\windows\5z88not-a-virus950.dll
c:\windows\5z908worm9f7.bin
c:\windows\5z978troj6df.bin
c:\windows\5za89hief1317.exe
c:\windows\60b9vir21z5.exe
c:\windows\614ez5ie91723.cpl
c:\windows\6194woz5728.dll
c:\windows\6270t5rza92870.bin
c:\windows\6359spambot2z3.cpl
c:\windows\6499backd5or268z.exe
c:\windows\651as5azse9214.ocx
c:\windows\6561hazktool92d.exe
c:\windows\65b9ad5warez291.bin
c:\windows\6737t9reat3198z5.ocx
c:\windows\6745vi9uzb5.dll
c:\windows\6798th5z9t6943.ocx
c:\windows\67fz5i9951.dll
c:\windows\6821sp5ware92z2.bin
c:\windows\6858zhreat9790.bin
c:\windows\6893b5ckdozr1125.bin
c:\windows\6929vi5uz26e.bin
c:\windows\6954w95m615z.cpl
c:\windows\695eaddware55z.ocx
c:\windows\696zadd9are1509.ocx
c:\windows\6972hzcktool9a5.exe
c:\windows\6ad15pywa9e29z6.dll
c:\windows\6c96steal5041z.dll
c:\windows\6d45b9ckdoor1045z.dll
c:\windows\6ef9thi5f559z.exe
c:\windows\6fa4threaz11595.cpl
c:\windows\6fz9steal1590.ocx
c:\windows\6z78spywa5e1996.dll
c:\windows\7157z9oj7af.ocx
c:\windows\71dbzo9nloader2555.ocx
c:\windows\71f9addwa5z2969.ocx
c:\windows\7224worm9z65.dll
c:\windows\7512azdware2509.ocx
c:\windows\752z9rus64a.dll
c:\windows\754bdo9zloade51024.cpl
c:\windows\755b9teaz30725.cpl
c:\windows\75ddaddware105z9.bin
c:\windows\75sparse1z09.dll
c:\windows\75z4sp5mbot9bb.dll
c:\windows\78f4dzwnl9a5er299.cpl

descriptionC:\combofix.txt EmptyRe: C:\combofix.txt

more_horiz
c:\windows\7935vzr955b.cpl
c:\windows\796add5aze746.cpl
c:\windows\79b2sparsez597.exe
c:\windows\79debaczdoo52609.cpl
c:\windows\7a15szar9e1026.bin
c:\windows\7a25threatz091.dll
c:\windows\7b9fste9l126z5.bin
c:\windows\7c5fthre9t5913z.dll
c:\windows\7c72down5oaze91279.cpl
c:\windows\7d3es95rsz2130.bin
c:\windows\7z34backdoor9765.cpl
c:\windows\7z5spyw95e2605.exe
c:\windows\7zc45ddware2975.cpl
c:\windows\8091tr9j255z.cpl
c:\windows\80995acktozl451.cpl
c:\windows\8354v9rus668z.cpl
c:\windows\83zspars56519.dll
c:\windows\87225ro97z.dll
c:\windows\8798n9t-z5virus4be.bin
c:\windows\8941wozm95.cpl
c:\windows\8bzaddwar92565.dll
c:\windows\9009hacktoolz2b5.dll
c:\windows\91407wor54b8z.ocx
c:\windows\92c2d5wnlozder1859.dll
c:\windows\93z6wor5c2.bin
c:\windows\9404dow5loader165z.bin
c:\windows\9445zpywar569.exe
c:\windows\9450spywarz2132.cpl
c:\windows\94908sp5mbzt5cf.exe
c:\windows\94970s5yzfa.ocx
c:\windows\9509viruz5649.dll
c:\windows\9535vizus2a6.cpl
c:\windows\95688zpambo59c.ocx
c:\windows\95a1spazse3509.cpl
c:\windows\97275roj79dz.bin
c:\windows\9731not-a-viruz2985.exe
c:\windows\974zp53669.cpl
c:\windows\97585zrm694.cpl
c:\windows\9788spz3b5.bin
c:\windows\9945virusz0f.exe
c:\windows\9945z5r254.ocx
c:\windows\995dstzal1810.ocx
c:\windows\9c1at5zeat6960.ocx
c:\windows\9fevi55z7.cpl
c:\windows\9z264spy3bb5.dll
c:\windows\a92th5ef2098z.cpl
c:\windows\a97thiefz3875.dll
c:\windows\b3d59nloadzr2387.bin
c:\windows\b7zadd5are1499.exe
c:\windows\czsteal1597.ocx
c:\windows\d2zow5lo9der1095.cpl
c:\windows\ea2stea53097z.exe
c:\windows\ed8z95rse2487.ocx
c:\windows\ez89ackdoo52316.cpl
c:\windows\f9bsparsez509.exe
c:\windows\fbszeal96995.bin
c:\windows\fddbzckdo59417.ocx
c:\windows\system32\1058zddwar53960.cpl
c:\windows\system32\10895worm6z5.ocx
c:\windows\system32\11624zot-a-viru93585.dll
c:\windows\system32\1168995cktzol418.dll
c:\windows\system32\11875noz-9-virus56.exe
c:\windows\system32\12829wor539z.ocx
c:\windows\system32\13724s9ambot2f5z.ocx
c:\windows\system32\14480spz5bo9362.dll
c:\windows\system32\1451z9irusf5.ocx
c:\windows\system32\14546s9amzot455.cpl
c:\windows\system32\146395izus29e.ocx
c:\windows\system32\1496zpambot55f.dll
c:\windows\system32\1513threzt94881.dll
c:\windows\system32\15145zpy9e5.dll
c:\windows\system32\15525zpambot699.exe
c:\windows\system32\156ead9waze1528.cpl
c:\windows\system32\16427zot-a-vir9s75d5.bin
c:\windows\system32\1696troj59ez.exe
c:\windows\system32\16zbback9o5r191.bin
c:\windows\system32\170as5ez9565.ocx
c:\windows\system32\17239noz-a-virus958.exe
c:\windows\system32\1807spa9s5795z.cpl
c:\windows\system32\181z5spy679.bin
c:\windows\system32\1826zvirus590.dll
c:\windows\system32\185azddwa5e59.exe
c:\windows\system32\188d5p9ware268z.bin
c:\windows\system32\18945hacktoolz21.cpl
c:\windows\system32\19139spy53z.exe
c:\windows\system32\19165s9yzbd.bin
c:\windows\system32\192919ackzool151.dll
c:\windows\system32\19292not-a-virusz59.bin
c:\windows\system32\19357no5za-v9rus219.ocx
c:\windows\system32\19438viruz6d5.bin
c:\windows\system32\19513not-a-vzr9s740.bin
c:\windows\system32\19615viz9s515.ocx
c:\windows\system32\19617not5a-vi9usz4f.cpl
c:\windows\system32\19e6th5zf2991.dll
c:\windows\system32\1a89zackd5or1806.dll
c:\windows\system32\1c3c9ir2z195.ocx
c:\windows\system32\1d49thie525z0.dll
c:\windows\system32\1dz5add59re1448.dll
c:\windows\system32\1fc5t9iez1589.bin
c:\windows\system32\1z15add9are552.dll
c:\windows\system32\1z18s95ware2491.bin
c:\windows\system32\1z312hacktool2895.cpl
c:\windows\system32\1z3345acktool379.cpl
c:\windows\system32\1z407ha9kto5l75a.exe
c:\windows\system32\1z891hackt9ol53d.dll
c:\windows\system32\1z8c9hreat40025.dll
c:\windows\system32\1z98vir8745.dll
c:\windows\system32\202215pz970.cpl
c:\windows\system32\20781not5a-virus19z9.exe
c:\windows\system32\20817not9a5vzrusd2.exe
c:\windows\system32\20954spamb5tzb0.dll
c:\windows\system32\20zfdownloa5er31699.exe
c:\windows\system32\210735a9ktooz43.ocx
c:\windows\system32\21192hacktozl508.bin
c:\windows\system32\21787trzj9015.ocx
c:\windows\system32\219005zambot6ba.cpl
c:\windows\system32\2191zack5ool4e3.exe
c:\windows\system32\219395pzmbot49d.cpl
c:\windows\system32\21976wo5m62cz.bin
c:\windows\system32\21a9tzreat129645.ocx
c:\windows\system32\2219hacktoolz535.dll
c:\windows\system32\2254z9roj21a.dll
c:\windows\system32\2283not-9-vzr5s42f.dll
c:\windows\system32\22931spa5z9t127.bin
c:\windows\system32\229tro5ez.bin
c:\windows\system32\238z59o5m4f1.ocx
c:\windows\system32\23929hack9oolz715.exe
c:\windows\system32\24509vzrus1b5.bin
c:\windows\system32\24586spazbot68c9.exe
c:\windows\system32\25105hac5tool3z9.ocx
c:\windows\system32\2511downloadez2719.bin
c:\windows\system32\25294tz9j4c5.bin
c:\windows\system32\25397hacktool7d9z.bin
c:\windows\system32\255439zoj54.dll
c:\windows\system32\25698z9oj440.dll
c:\windows\system32\25864szy591.dll
c:\windows\system32\25925zorm2a0.bin
c:\windows\system32\25b4spywz9e2558.bin
c:\windows\system32\25czv9r921.ocx
c:\windows\system32\25e9adzware1908.bin
c:\windows\system32\25z30sp9475.dll
c:\windows\system32\261bzte5l959.cpl
c:\windows\system32\26305h95ktooz2b7.dll
c:\windows\system32\263a59dzare1197.cpl
c:\windows\system32\264519ot-a5virzs732.ocx
c:\windows\system32\26559zrm5c.exe
c:\windows\system32\266545pamb9t19z.exe
c:\windows\system32\26779spy5ze5.cpl
c:\windows\system32\26z15v5rus59e9.cpl
c:\windows\system32\276159zoj1ae.exe
c:\windows\system32\28776zi9us25a.ocx
c:\windows\system32\28784spa5b9t1za.exe
c:\windows\system32\28854zro958a.bin
c:\windows\system32\29187vizus50b.cpl
c:\windows\system32\29197vizus445.exe
c:\windows\system32\29227s596za.ocx
c:\windows\system32\2935hazktool561.ocx
c:\windows\system32\294909pa5boz506.bin
c:\windows\system32\294z29ro53c2.bin
c:\windows\system32\296509z5171.exe
c:\windows\system32\2965zroj490.exe
c:\windows\system32\2975threat5191z9.cpl
c:\windows\system32\29965wzrm265.exe
c:\windows\system32\29d85h9ef63z.ocx
c:\windows\system32\29fzdownloader9395.ocx
c:\windows\system32\29z43hackt5ol6c1.cpl
c:\windows\system32\2az4addwa9e29535.bin
c:\windows\system32\2c9cthr5at1z190.exe
c:\windows\system32\2dzcthre9t31573.bin
c:\windows\system32\2eb9zddware1553.exe
c:\windows\system32\2z0espars91755.bin
c:\windows\system32\2z9bspar95509.dll
c:\windows\system32\2zd4thre5t93161.ocx
c:\windows\system32\30013spzmb5t196.ocx
c:\windows\system32\30926not-a-vi5zs2e0.ocx
c:\windows\system32\3099zpy3f85.bin
c:\windows\system32\30f95ddzare2300.dll
c:\windows\system32\31358n9t-azvir5s1fd.dll
c:\windows\system32\319705zy62.exe
c:\windows\system32\31z9ad9ware10955.exe
c:\windows\system32\32397spazbot95.ocx
c:\windows\system32\32542tro97f2z.bin
c:\windows\system32\32616vzr5s590.cpl
c:\windows\system32\32699zr5j107.exe
c:\windows\system32\33899hz5f1615.cpl
c:\windows\system32\33fdspz9se5238.ocx
c:\windows\system32\3475thief9z36.exe
c:\windows\system32\35z0vi9695.dll
c:\windows\system32\35zadd5are719.exe
c:\windows\system32\36f4spy5zre1993.dll
c:\windows\system32\36zabackdoor9555.bin
c:\windows\system32\3723not-a-v95us32z.bin
c:\windows\system32\379no9-azvirus555.cpl
c:\windows\system32\3839ste9z5896.cpl
c:\windows\system32\389fdo5zloader3699.cpl
c:\windows\system32\392steal56z4.exe
c:\windows\system32\39535worm795z.ocx
c:\windows\system32\3957sparsz9826.cpl
c:\windows\system32\39705zpambot753.cpl
c:\windows\system32\39z12troj1fb5.bin
c:\windows\system32\3a1zaddw5re31899.cpl
c:\windows\system32\3a6e5zreat9199.exe
c:\windows\system32\3ae9b5czd9or2927.ocx
c:\windows\system32\3b9bsparz91358.ocx
c:\windows\system32\3bc6dzwn5oader1229.cpl
c:\windows\system32\3be7bzc9door5914.bin
c:\windows\system32\3bz5v9r1043.ocx
c:\windows\system32\3d56downzoa9er1955.exe
c:\windows\system32\3d83a9dw5rz321.dll
c:\windows\system32\3d955oznloader978.exe
c:\windows\system32\3e55threzt324249.dll
c:\windows\system32\3e58zte9l358.dll
c:\windows\system32\3f26azd95re3220.cpl
c:\windows\system32\3f3fdownlozde91375.cpl
c:\windows\system32\3z78not-a-vir5s499.cpl
c:\windows\system32\40119pazse2659.bin
c:\windows\system32\407baczd9or5422.cpl
c:\windows\system32\410caddwzr95982.exe
c:\windows\system32\41195hzef1123.bin
c:\windows\system32\4195zteal940.ocx
c:\windows\system32\4278z9rus6515.ocx
c:\windows\system32\4295bazkd5or203.bin
c:\windows\system32\43cfbackd9or20z5.dll
c:\windows\system32\43f59hief1561z.bin
c:\windows\system32\4430t9z5at14632.exe
c:\windows\system32\44c5do5nlzad9r3276.ocx
c:\windows\system32\453et9iez494.dll
c:\windows\system32\4549troj6b1z.cpl
c:\windows\system32\4563s9yware1249z.cpl
c:\windows\system32\4566thi9z2675.exe
c:\windows\system32\45d4steal1899z.dll
c:\windows\system32\4607spazb5t679.dll
c:\windows\system32\467btzi952388.bin
c:\windows\system32\473cs5arse9z94.exe
c:\windows\system32\4796th9zat126885.dll
c:\windows\system32\488vir5z2779.cpl
c:\windows\system32\48c5backdoo9507z.ocx
c:\windows\system32\4aa9addwzr59003.dll
c:\windows\system32\4c7csp9warz935.ocx
c:\windows\system32\4d4ba9zdoor1550.ocx
c:\windows\system32\4d51vir29z.ocx
c:\windows\system32\4d8e5pzr9e218.bin
c:\windows\system32\4daf5pyware921z.exe
c:\windows\system32\4f0bt59zat11617.exe
c:\windows\system32\4zbddownloa5er1930.dll
c:\windows\system32\4zc9teal18875.exe
c:\windows\system32\4ze5th9eat24288.dll
c:\windows\system32\5004doznl9ader113.dll
c:\windows\system32\5059r9z3.cpl
c:\windows\system32\50889wormz9.exe
c:\windows\system32\509zsp5rse9623.ocx
c:\windows\system32\50f9thrzat15997.dll
c:\windows\system32\51519trojzfc.dll
c:\windows\system32\519zthief557.bin
c:\windows\system32\52326worm493z.exe
c:\windows\system32\524h5zkt9ol62a.dll
c:\windows\system32\532t59eat2z770.exe
c:\windows\system32\53599worm56fz.bin
c:\windows\system32\539fsp5rze6229.bin
c:\windows\system32\53d2v9z2559.exe
c:\windows\system32\53d5sparz92985.exe
c:\windows\system32\5459sp9mboz6cd.ocx
c:\windows\system32\5549spy7z39.exe
c:\windows\system32\557dowzloa9er2095.bin
c:\windows\system32\5594steal13z3.dll
c:\windows\system32\55f4download9r25z4.bin
c:\windows\system32\562spam9ot56cz.dll
c:\windows\system32\563z19py5be.bin
c:\windows\system32\56505pyz91.ocx
c:\windows\system32\56599pamzote2.bin
c:\windows\system32\5672ha9ktoolz5.ocx
c:\windows\system32\56d9addza9e5725.dll
c:\windows\system32\5754vzrus594.dll
c:\windows\system32\5819troj7cz.dll
c:\windows\system32\5842hacktzo97995.bin
c:\windows\system32\58699t5zl451.cpl
c:\windows\system32\587fdownloade9z795.ocx
c:\windows\system32\590zsteal541.exe
c:\windows\system32\592evir265z9.dll
c:\windows\system32\59999z5659.cpl
c:\windows\system32\59f8s9arse60z.dll
c:\windows\system32\5a48backzo9r1126.bin
c:\windows\system32\5a97s5zal535.dll
c:\windows\system32\5b76bz9kdoor1946.dll
c:\windows\system32\5bc5threat59098z.dll
c:\windows\system32\5c52stzal1569.ocx
c:\windows\system32\5c655zarse27559.bin
c:\windows\system32\5c66zd5ware389.dll
c:\windows\system32\5c76st9zl1679.dll
c:\windows\system32\5d17ad95zre286.exe
c:\windows\system32\5d539ir2z21.cpl
c:\windows\system32\5d5aspywa5e299z.dll
c:\windows\system32\5devzr1892.dll
c:\windows\system32\5e0zthief10659.exe
c:\windows\system32\5e96thrzat50157.cpl
c:\windows\system32\5z1aspar9e2517.bin
c:\windows\system32\5z57steal2095.ocx
c:\windows\system32\5za1spy9ar52056.ocx
c:\windows\system32\6114addwzre97795.ocx
c:\windows\system32\626ddownloa5er96z.bin
c:\windows\system32\6349z5ktool462.cpl
c:\windows\system32\6491zhief15489.exe
c:\windows\system32\64ezvi95879.dll
c:\windows\system32\65b55oznloader9309.exe
c:\windows\system32\65czvir496.dll
c:\windows\system32\65fzspyware9615.cpl
c:\windows\system32\6959addwarez060.bin
c:\windows\system32\695ethreat2379z.cpl
c:\windows\system32\6986z5ief2668.cpl
c:\windows\system32\6995addwarz575.ocx
c:\windows\system32\6998za5ktoo96cd.exe
c:\windows\system32\69a1addza5e2813.exe
c:\windows\system32\69b8sz5war93255.cpl
c:\windows\system32\69cdspyw5re1617z.bin
c:\windows\system32\6c90b5ckdoor2z19.ocx
c:\windows\system32\6c97vir1z5.ocx
c:\windows\system32\6z67v9r556.ocx
c:\windows\system32\7151downloadzr9529.cpl
c:\windows\system32\71c995z100.exe
c:\windows\system32\71z9addwar53215.cpl
c:\windows\system32\71zcsteal18259.cpl
c:\windows\system32\724dthiez659.dll
c:\windows\system32\7259zi535.cpl
c:\windows\system32\7299not-a-virus654z.ocx
c:\windows\system32\73d8spz9are1554.ocx
c:\windows\system32\74c1d9wnl5ader7z3.ocx
c:\windows\system32\7559thre9z17483.cpl
c:\windows\system32\7563szywa9e2550.cpl
c:\windows\system32\75d4tzief1298.exe
c:\windows\system32\75ecdownloadez1599.ocx
c:\windows\system32\785spamb9t1d4z.cpl
c:\windows\system32\7879v5r526z.cpl
c:\windows\system32\7882zp5mbot984.exe
c:\windows\system32\78bzs5eal2296.dll
c:\windows\system32\795caddw9ze2500.ocx
c:\windows\system32\79bfaddwar521z1.exe
c:\windows\system32\7cz8downlo5d9r314.cpl
c:\windows\system32\7d4abackdoor58z9.bin
c:\windows\system32\7d56th5zf1699.ocx
c:\windows\system32\7dz4vir9395.bin
c:\windows\system32\7e6dspar9ez591.bin

descriptionC:\combofix.txt EmptyRe: C:\combofix.txt

more_horiz
c:\windows\system32\7f9aspars5113z.bin
c:\windows\system32\7z97s95al236.ocx
c:\windows\system32\7zaf5teal1649.ocx
c:\windows\system32\806z5py91e.exe
c:\windows\system32\8914spy5e5z.cpl
c:\windows\system32\8bdo5nlzader9826.exe
c:\windows\system32\90018troj5ez.cpl
c:\windows\system32\9197z9y1a85.exe
c:\windows\system32\91e9teal537z.cpl
c:\windows\system32\93b5stezl1646.ocx
c:\windows\system32\950z1virus408.cpl
c:\windows\system32\951zvirus105.dll
c:\windows\system32\9520steaz1249.exe
c:\windows\system32\95409spz5d9.bin
c:\windows\system32\95592troj7z55.ocx
c:\windows\system32\9583viz1741.bin
c:\windows\system32\9597downzoade5664.dll
c:\windows\system32\95z1st5al1247.dll
c:\windows\system32\96849pamzot7b65.exe
c:\windows\system32\96dc5zr2061.exe
c:\windows\system32\9760wz5m639.cpl
c:\windows\system32\97z9vi51977.dll
c:\windows\system32\982abz5kdoor533.bin
c:\windows\system32\98951spy654z.exe
c:\windows\system32\989fdownloaze53262.bin
c:\windows\system32\9986spy45z9.bin
c:\windows\system32\998935zoj4f3.exe
c:\windows\system32\999pars512z8.cpl
c:\windows\system32\9az85hreat22916.ocx
c:\windows\system32\9ba5s5arse9z0.bin
c:\windows\system32\9bbackdoor57z4.exe
c:\windows\system32\9c76addwar5z838.bin
c:\windows\system32\9db4s5ywzre3165.dll
c:\windows\system32\9e5f5hzef377.ocx
c:\windows\system32\9f5dstzal50.ocx
c:\windows\system32\9f725teal319z.bin
c:\windows\system32\9fefsz5ware2608.cpl
c:\windows\system32\9z527v5rus2b9.bin
c:\windows\system32\a87zpyw5re2179.exe
c:\windows\system32\a93szea52749.bin
c:\windows\system32\af3do59loadez584.cpl
c:\windows\system32\af5zir910.ocx
c:\windows\system32\AutoRun.inf
c:\windows\system32\b54vzr31149.exe
c:\windows\system32\bdthzeat5179.bin
c:\windows\system32\c00spyw9rz1537.exe
c:\windows\system32\c9aspywa5e2924z.bin
c:\windows\system32\cb9szy5a9e1972.dll
c:\windows\system32\config\system~1\applic~1\install.dat
c:\windows\system32\config\systemprofile\Application Data\install.dat
c:\windows\system32\d9fzparse25955.cpl
c:\windows\system32\drivers\MSIVXjmrhkalchhojkvqlklgkbtxjekxcscwt.sys
c:\windows\system32\fedthzef9547.dll
c:\windows\system32\MSIVXcount
c:\windows\system32\MSIVXruffwpuuityofepqenpwpuagobuuppkf.dll
c:\windows\system32\MSIVXysvlrxunkafyqyjjinhgeadtrcdwxydl.dll
c:\windows\system32\setup2.exe
c:\windows\system32\z0090worm7c85.bin
c:\windows\system32\z0262s5ambot5e99.cpl
c:\windows\system32\z1902not-a95irus5a1.ocx
c:\windows\system32\z1928spa5b9t94.cpl
c:\windows\system32\z2599virus700.bin
c:\windows\system32\z3424t9oj655.exe
c:\windows\system32\z497s5y349.exe
c:\windows\system32\z5b9spyware2356.exe
c:\windows\system32\z5bbvir52079.dll
c:\windows\system32\z692spa9botd5.exe
c:\windows\system32\z7348spy99c5.dll
c:\windows\system32\z859sp5d9.dll
c:\windows\system32\z9285tr5j9d1.dll
c:\windows\system32\z9291s5y484.exe
c:\windows\system32\z9aethre5t17235.exe
c:\windows\system32\zd4vir9152.dll
c:\windows\system32\zf35addwar52399.dll
c:\windows\Tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job
c:\windows\z059reat28099.cpl
c:\windows\z279spars93245.ocx
c:\windows\z59fbackdoor3149.cpl
c:\windows\z5e1th9ef1883.bin
c:\windows\z6359no9-a-virus5d3.bin
c:\windows\z7a3sp5ware29059.exe
c:\windows\z7ac5own9oader791.dll
c:\windows\z804b5ckd9or1915.bin
c:\windows\z95005o9m94.ocx
c:\windows\z951troj705.ocx
c:\windows\z956thie95468.cpl
c:\windows\z9608spa5bot7739.cpl
c:\windows\zd49down9oade5660.exe
c:\windows\ze99backd59r1149.ocx
c:\windows\zea9stea5828.ocx
c:\windows\zf5vir1593.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_MSIVXserv.sys


((((((((((((((((((((((((( Files Created from 2009-05-27 to 2009-06-27 )))))))))))))))))))))))))))))))
.

2009-06-27 01:18 . 2009-06-17 18:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-27 01:17 . 2009-06-27 01:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-06-27 01:17 . 2009-06-17 18:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-27 01:17 . 2009-06-27 01:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-26 23:27 . 2009-06-26 23:27 152576 ----a-w- c:\documents and settings\Lisette Guido\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
2009-06-26 01:32 . 2009-06-26 01:32 86016 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
2009-06-25 23:28 . 2009-06-25 23:28 152576 ----a-w- c:\documents and settings\Lisette Guido\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-06-25 22:32 . 2009-06-25 22:32 4251 ----a-w- c:\windows\system32\1594ztroj7.bin
2009-06-11 22:27 . 2009-06-11 22:27 -------- d-----w- c:\program files\7-Zip
2009-06-10 21:56 . 2009-04-30 21:22 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-06-10 21:56 . 2009-04-30 21:22 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-06-10 21:56 . 2009-04-30 21:22 1985024 -c----w- c:\windows\system32\dllcache\iertutil.dll
2009-06-10 21:56 . 2009-04-30 21:22 11064832 -c----w- c:\windows\system32\dllcache\ieframe.dll
2009-06-06 04:45 . 2009-06-06 04:58 -------- d-----w- c:\documents and settings\Lisette Guido\Application Data\GetRightToGo
2009-06-06 04:39 . 2009-06-06 04:39 -------- d-----w- c:\program files\MSECache
2009-06-06 03:00 . 2009-06-06 03:00 -------- d-----w- C:\f7d896fcb69750e6fc87aa362709c39a
2009-06-06 03:00 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-06-06 03:00 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-06-06 03:00 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2009-06-06 03:00 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-06-02 17:04 . 2009-06-02 17:04 -------- d-----w- c:\program files\iPod
2009-06-02 17:03 . 2009-06-02 17:04 -------- d-----w- c:\program files\iTunes
2009-06-02 17:00 . 2009-06-02 17:01 -------- d-----w- c:\program files\QuickTime
2009-06-02 16:55 . 2009-06-02 16:55 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-27 02:29 . 2009-03-26 18:21 17408 ----a-w- c:\windows\system32\rpcnetp.exe
2009-06-27 02:29 . 2009-03-24 23:16 56680 ----a-w- c:\windows\system32\rpcnet.dll
2009-06-27 02:27 . 2009-03-30 01:27 -------- d-----w- c:\documents and settings\Lisette Guido\Application Data\DNA
2009-06-27 00:21 . 2009-03-30 01:27 -------- d-----w- c:\program files\DNA
2009-06-26 23:29 . 2009-03-06 23:10 -------- d-----w- c:\program files\Java
2009-06-26 20:25 . 2009-03-23 19:14 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-06-26 08:34 . 2009-03-24 23:42 -------- d-----w- c:\documents and settings\Lisette Guido\Application Data\LimeWire
2009-06-26 04:36 . 2009-03-23 19:14 -------- d-----w- c:\program files\NOS
2009-06-24 21:01 . 2009-04-28 17:37 -------- d-----w- c:\documents and settings\Lisette Guido\Application Data\gtk-2.0
2009-06-24 00:30 . 2009-03-26 18:22 17408 ----a-w- c:\windows\system32\rpcnetp.dll
2009-06-24 00:17 . 2009-04-03 08:01 -------- d-----w- c:\program files\DivX
2009-06-24 00:00 . 2009-05-22 00:24 -------- d-----w- c:\documents and settings\Lisette Guido\Application Data\Skype
2009-06-23 23:00 . 2009-05-22 00:27 -------- d-----w- c:\documents and settings\Lisette Guido\Application Data\skypePM
2009-06-23 20:23 . 2009-03-23 18:47 848 --sha-w- c:\windows\system32\KGyGaAvL.sys
2009-06-19 21:31 . 2009-04-03 21:43 -------- d-----w- c:\program files\Google
2009-06-15 06:33 . 2009-03-23 20:16 -------- d-----w- c:\documents and settings\Lisette Guido\Application Data\Apple Computer
2009-06-14 21:49 . 2009-03-27 02:50 -------- d-----w- c:\documents and settings\Lisette Guido\Application Data\Move Networks
2009-06-11 18:06 . 2009-03-06 23:10 -------- d-----w- c:\program files\Windows Desktop Search
2009-06-11 10:04 . 2009-03-06 23:20 -------- d-----w- c:\program files\Microsoft Works
2009-06-08 18:36 . 2009-03-23 22:06 -------- d-----w- c:\program files\MSN Messenger
2009-06-08 18:20 . 2009-03-24 03:03 -------- d-----w- c:\program files\Windows Live
2009-06-06 04:06 . 2009-03-23 18:48 34000 ----a-w- c:\documents and settings\Lisette Guido\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-06 03:01 . 2009-03-28 16:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-06-02 17:03 . 2009-03-23 20:07 -------- d-----w- c:\program files\Common Files\Apple
2009-05-27 22:18 . 2009-05-27 22:13 121299 ----a-w- c:\windows\hpoins15.dat
2009-05-27 22:17 . 2009-05-27 22:17 -------- d-----w- c:\program files\Hewlett-Packard
2009-05-27 22:16 . 2009-05-27 22:16 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
2009-05-27 22:15 . 2009-05-27 22:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Hewlett-Packard
2009-05-27 22:14 . 2009-05-27 22:14 -------- d-----w- c:\program files\HP
2009-05-26 20:10 . 2009-05-26 20:10 15688 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe
2009-05-26 20:10 . 2009-03-28 22:34 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-05-26 20:10 . 2009-05-26 20:10 83808 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\ShellExt.dll
2009-05-26 20:09 . 2009-05-26 20:09 212848 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\RPAPI.dll
2009-05-26 20:09 . 2009-05-26 20:09 40288 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\PrivacyClean.dll
2009-05-25 07:24 . 2008-05-27 04:18 350208 ------w- c:\windows\system32\mssph.dll
2009-05-22 07:54 . 2009-03-24 23:16 56680 ----a-w- c:\windows\system32\rpcnet.exe
2009-05-22 00:27 . 2009-05-22 00:27 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-05-22 00:23 . 2009-05-22 00:23 -------- d-----r- c:\program files\Skype
2009-05-22 00:23 . 2009-05-22 00:23 -------- d-----w- c:\program files\Common Files\Skype
2009-05-22 00:23 . 2009-05-22 00:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2009-05-21 18:33 . 2009-03-06 23:11 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-05-15 23:30 . 2009-05-15 23:30 552 ----a-w- c:\windows\system32\d3d8caps.dat
2009-05-13 05:15 . 2008-04-25 20:33 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-12 22:12 . 2008-04-26 01:54 26144 ----a-w- c:\windows\system32\spupdsvc.exe
2009-05-07 15:32 . 2008-04-25 20:33 345600 ----a-w- c:\windows\system32\localspl.dll
2009-04-30 23:55 . 2009-03-06 23:15 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-04-29 15:25 . 2009-04-29 15:25 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-04-29 01:09 . 2009-03-24 07:05 446 ----a-w- c:\documents and settings\Lisette Guido\Application Data\wklnhst.dat
2009-04-28 17:27 . 2009-04-28 17:27 -------- d-----w- c:\program files\GIMP-2.0
2009-04-21 20:10 . 2009-04-21 20:10 64160 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\32\lbd.sys
2009-04-21 20:10 . 2009-03-28 20:09 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-04-17 12:26 . 2008-04-25 20:33 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:51 . 2008-04-25 20:33 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2009-05-01 21:02 . 2009-02-24 19:34 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-02-24 19:34 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2009-03-06 23:23 . 2009-03-06 23:23 75 --sh--r- c:\windows\CT4CET.bin
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-09-09 06:08 279944 ----a-w- c:\program files\AskBarDis\bar\bin\askBar6.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-03-30 321344]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]

descriptionC:\combofix.txt EmptyRe: C:\combofix.txt

more_horiz
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2009-02-11 416768]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-12-24 137752]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-12-24 354840]
"PersistenceThread"="c:\windows\system32\PersistenceThread.exe" [2008-12-24 92696]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2009-01-06 2289664]
"BTMeter"="c:\program files\Battery Meter\BTMeter.exe" [2008-11-05 623912]
"WSED"="c:\program files\WSED\WSED.exe" [2008-12-12 238888]
"PCMAgent"="c:\program files\Dell\Media Experience\PCMAgent.exe" [2008-12-11 148776]
"CLMLServer"="c:\program files\Dell\Media Experience\Kernel\CLML\CLMLSvc.exe" [2008-12-11 202024]
"PlayMovie"="c:\program files\Dell\PlayMovie\PMVService.exe" [2008-12-11 177384]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-06-17 518488]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-27 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-05-30 292136]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-21 148888]
"Corel Photo Downloader"="c:\program files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" [2007-08-16 531272]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2008-12-23 18063872]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2009-03-06 23:20 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Dell Video Chat\\DellVideoChat.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4

R0 EMSC;COMPAL Embedded System Control;c:\windows\system32\drivers\EMSC.sys [3/6/2009 4:14 PM 14248]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [3/28/2009 1:09 PM 64160]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [3/9/2009 12:06 PM 1003344]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\drivers\CtClsFlt.sys [3/6/2009 4:22 PM 135936]
R3 igd;igd;c:\windows\system32\drivers\igxpmp32.sys [3/6/2009 5:55 PM 5088416]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [3/6/2009 5:55 PM 110080]
R3 Ktp;Elantech Smart-Pad;c:\windows\system32\drivers\ETD.sys [3/6/2009 5:55 PM 83456]
R3 OA012Afx;Provides a software interface to control audio effects of OA012 camera.;c:\windows\system32\drivers\OA012Afx.sys [3/6/2009 5:55 PM 148056]
R3 OA012Ufd;Creative Camera OA012 Upper Filter Driver;c:\windows\system32\drivers\OA012Ufd.sys [3/6/2009 5:55 PM 133472]
R3 OA012Vid;Creative Camera OA012 Function Driver;c:\windows\system32\drivers\OA012Vid.sys [3/6/2009 5:55 PM 271328]
R3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RTS5121.sys [3/6/2009 5:55 PM 157696]
S2 gupdate1c9b4a5517da6c4;Google Update Service (gupdate1c9b4a5517da6c4);c:\program files\Google\Update\GoogleUpdate.exe [4/3/2009 2:43 PM 133104]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe --> c:\program files\NOS\bin\getPlus_HelperSvc.exe [?]
S3 PCD5SRVC{3F6A8B78-EC003E00-05040000};PCD5SRVC{3F6A8B78-EC003E00-05040000} - PCDR Kernel Mode Service Helper Driver;c:\progra~1\DELLSU~1\HWDiag\bin\PCD5SRVC.pkms [7/25/2008 4:05 PM 22240]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-06-26 c:\windows\Tasks\Ad-Aware Update (Daily).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 20:09]

2009-06-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 20:34]

2009-06-27 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-03 21:43]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-AdobeBridge - (no file)
HKLM-Run-LoJackForLaptops - c:\program files\LFLInstall\InstallManager.exe
HKLM-Run-ISTray - c:\program files\Spyware Doctor\pctsTray.exe
HKLM-Run-lavasoftMonitor - c:\progra~1\Lavasoft\PERSON~1\op_mon.exe
HKLM-Run-lavasoftFeedBack - c:\program files\Lavasoft\Personal Firewall\feedback.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com/
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = 127.0.0.1:8100
uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101664&gct=&gc=1&q=%s
FF - ProfilePath - c:\documents and settings\Lisette Guido\Application Data\Mozilla\Firefox\Profiles\menmpiwg.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - component: c:\program files\Google\Google Gears\Firefox\components\gears.dll
FF - plugin: c:\program files\Google\Update\1.2.145.5\npGoogleOneClick8.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-26 19:45
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCD5SRVC{3F6A8B78-EC003E00-05040000}]
"ImagePath"="\??\c:\progra~1\DELLSU~1\HWDiag\bin\PCD5SRVC.pkms"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(688)
c:\program files\Citrix\GoToAssist\514\G2AWinLogon.dll
.
Completion time: 2009-06-27 19:48
ComboFix-quarantined-files.txt 2009-06-27 02:48

Pre-Run: 96,636,452,864 bytes free
Post-Run: 98,106,036,224 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

968 --- E O F --- 2009-06-11 10:04

descriptionC:\combofix.txt EmptyRe: C:\combofix.txt

more_horiz
Hello.

I see that you are running Limewire.
P2P(Peer to peer) applications are designed to help you easily share and distribute files between you and a group of people. But they can also be used to distribute malware, and thus are not considered safe.
The removal of these programs is optional, but highly recommended.

If Limewire is not removed, then I won't help you.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

    Ask Toolbar
    BitTorrent
    Limewire


Now open a new notepad file.
Input this into the notepad file:

File::
c:\windows\system32\1594ztroj7.bin

Folder::
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
c:\Program Files\DNA
c:\Program Files\LimeWire

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\LimeWire\\LimeWire.exe"=-
"c:\\Program Files\\DNA\\btdna.exe"=-

DDS::
uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101664&gct=&gc=1&q=%s


Save this as CFScript.txt, save it to your desktop also.
Then drag and drop CFScript.txt into combofix as seen below:
C:\combofix.txt Sfxdaw

This will open combofix again, agree to it's terms and allow it to run.
It may want to reboot after it's done. (It will warn you if it wants to)
Post the resulting log back here.

descriptionC:\combofix.txt EmptyRe: C:\combofix.txt

more_horiz
I couldt locate BitTorrent so it couldnt be deleted
but i did remove everything else

here is the remaining log

ComboFix 09-06-26.02 - Lisette Guido 06/27/2009 12:07.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.454 [GMT -7:00]
Running from: c:\documents and settings\Lisette Guido\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\Lisette Guido\Desktop\CFScript.txt
AV: Lavasoft Ad-Watch Live! Anti-Virus *On-access scanning disabled* (Updated) {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
* Created a new restore point

FILE ::
"c:\windows\system32\1594ztroj7.bin"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\DNA
c:\program files\DNA\btdna.exe
c:\program files\DNA\DNAcpl.cpl
c:\program files\DNA\plugins\npbtdna.dll
c:\program files\LimeWire
c:\program files\LimeWire\commons-net.jar.tmp
c:\program files\LimeWire\dnsjava.jar.tmp
c:\program files\LimeWire\forms.jar.tmp
c:\program files\LimeWire\foxtrot.jar.tmp
c:\program files\LimeWire\guice-1.0.jar.tmp
c:\program files\LimeWire\httpclient-4.0-alpha5-20080522.192134-5.jar.tmp
c:\program files\LimeWire\httpcore-4.0-beta2-20080510.140437-10.jar.tmp
c:\program files\LimeWire\httpcore-nio-4.0-beta2-20080510.140437-10.jar.tmp
c:\program files\LimeWire\lib\UnpackedJars.7z
c:\program files\LimeWire\looks.jar.tmp
c:\program files\LimeWire\ProgressTabs.jar.tmp
c:\program files\LimeWire\swt.jar.tmp
c:\program files\LimeWire\themes.jar.tmp
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\chrome\content\ffjcext\ffjcext.js
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\chrome\content\ffjcext\ffjcext.xul
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext\ffjcext.dtd
c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\install.rdf
c:\windows\system32\1594ztroj7.bin

.
((((((((((((((((((((((((( Files Created from 2009-05-27 to 2009-06-27 )))))))))))))))))))))))))))))))
.

2009-06-27 03:10 . 2009-06-27 03:10 -------- d-----w- c:\documents and settings\Lisette Guido\Application Data\Malwarebytes
2009-06-27 02:47 . 2009-06-27 02:47 -------- dc----w- c:\windows\system32\dllcache\cache
2009-06-27 01:17 . 2009-06-27 03:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-26 23:27 . 2009-06-26 23:27 152576 ----a-w- c:\documents and settings\Lisette Guido\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
2009-06-26 01:32 . 2009-06-26 01:32 86016 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
2009-06-25 23:28 . 2009-06-25 23:28 152576 ----a-w- c:\documents and settings\Lisette Guido\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-06-11 22:27 . 2009-06-11 22:27 -------- d-----w- c:\program files\7-Zip
2009-06-10 21:56 . 2009-04-30 21:22 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-06-10 21:56 . 2009-04-30 21:22 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-06-10 21:56 . 2009-04-30 21:22 1985024 -c----w- c:\windows\system32\dllcache\iertutil.dll
2009-06-10 21:56 . 2009-04-30 21:22 11064832 -c----w- c:\windows\system32\dllcache\ieframe.dll
2009-06-06 04:45 . 2009-06-06 04:58 -------- d-----w- c:\documents and settings\Lisette Guido\Application Data\GetRightToGo
2009-06-06 04:39 . 2009-06-06 04:39 -------- d-----w- c:\program files\MSECache
2009-06-06 03:00 . 2009-06-06 03:00 -------- d-----w- C:\f7d896fcb69750e6fc87aa362709c39a
2009-06-06 03:00 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-06-06 03:00 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-06-06 03:00 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2009-06-06 03:00 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-06-02 17:04 . 2009-06-02 17:04 -------- d-----w- c:\program files\iPod
2009-06-02 17:03 . 2009-06-02 17:04 -------- d-----w- c:\program files\iTunes
2009-06-02 17:00 . 2009-06-02 17:01 -------- d-----w- c:\program files\QuickTime
2009-06-02 16:55 . 2009-06-02 16:55 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-27 18:59 . 2009-03-26 21:50 -------- d-----w- c:\program files\Yahoo!
2009-06-27 02:29 . 2009-03-26 18:21 17408 ----a-w- c:\windows\system32\rpcnetp.exe
2009-06-27 02:29 . 2009-03-24 23:16 56680 ----a-w- c:\windows\system32\rpcnet.dll
2009-06-27 02:27 . 2009-03-30 01:27 -------- d-----w- c:\documents and settings\Lisette Guido\Application Data\DNA
2009-06-26 23:29 . 2009-03-06 23:10 -------- d-----w- c:\program files\Java
2009-06-26 20:25 . 2009-03-23 19:14 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-06-26 08:34 . 2009-03-24 23:42 -------- d-----w- c:\documents and settings\Lisette Guido\Application Data\LimeWire
2009-06-26 04:36 . 2009-03-23 19:14 -------- d-----w- c:\program files\NOS
2009-06-24 21:01 . 2009-04-28 17:37 -------- d-----w- c:\documents and settings\Lisette Guido\Application Data\gtk-2.0
2009-06-24 00:30 . 2009-03-26 18:22 17408 ----a-w- c:\windows\system32\rpcnetp.dll
2009-06-24 00:17 . 2009-04-03 08:01 -------- d-----w- c:\program files\DivX
2009-06-24 00:00 . 2009-05-22 00:24 -------- d-----w- c:\documents and settings\Lisette Guido\Application Data\Skype
2009-06-23 23:00 . 2009-05-22 00:27 -------- d-----w- c:\documents and settings\Lisette Guido\Application Data\skypePM
2009-06-23 20:23 . 2009-03-23 18:47 848 --sha-w- c:\windows\system32\KGyGaAvL.sys
2009-06-19 21:31 . 2009-04-03 21:43 -------- d-----w- c:\program files\Google
2009-06-15 06:33 . 2009-03-23 20:16 -------- d-----w- c:\documents and settings\Lisette Guido\Application Data\Apple Computer
2009-06-14 21:49 . 2009-03-27 02:50 -------- d-----w- c:\documents and settings\Lisette Guido\Application Data\Move Networks
2009-06-11 18:06 . 2009-03-06 23:10 -------- d-----w- c:\program files\Windows Desktop Search
2009-06-11 10:04 . 2009-03-06 23:20 -------- d-----w- c:\program files\Microsoft Works
2009-06-08 18:36 . 2009-03-23 22:06 -------- d-----w- c:\program files\MSN Messenger
2009-06-08 18:20 . 2009-03-24 03:03 -------- d-----w- c:\program files\Windows Live
2009-06-06 04:06 . 2009-03-23 18:48 34000 ----a-w- c:\documents and settings\Lisette Guido\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-06 03:01 . 2009-03-28 16:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-06-02 17:03 . 2009-03-23 20:07 -------- d-----w- c:\program files\Common Files\Apple
2009-05-27 22:18 . 2009-05-27 22:13 121299 ----a-w- c:\windows\hpoins15.dat
2009-05-27 22:17 . 2009-05-27 22:17 -------- d-----w- c:\program files\Hewlett-Packard
2009-05-27 22:16 . 2009-05-27 22:16 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
2009-05-27 22:15 . 2009-05-27 22:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Hewlett-Packard
2009-05-27 22:14 . 2009-05-27 22:14 -------- d-----w- c:\program files\HP
2009-05-26 20:10 . 2009-05-26 20:10 15688 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe
2009-05-26 20:10 . 2009-03-28 22:34 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-05-26 20:10 . 2009-05-26 20:10 83808 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\ShellExt.dll
2009-05-26 20:09 . 2009-05-26 20:09 212848 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\RPAPI.dll
2009-05-26 20:09 . 2009-05-26 20:09 40288 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\PrivacyClean.dll
2009-05-25 07:24 . 2008-05-27 04:18 350208 ------w- c:\windows\system32\mssph.dll
2009-05-22 07:54 . 2009-03-24 23:16 56680 ----a-w- c:\windows\system32\rpcnet.exe
2009-05-22 00:27 . 2009-05-22 00:27 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-05-22 00:23 . 2009-05-22 00:23 -------- d-----r- c:\program files\Skype
2009-05-22 00:23 . 2009-05-22 00:23 -------- d-----w- c:\program files\Common Files\Skype
2009-05-22 00:23 . 2009-05-22 00:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2009-05-21 18:33 . 2009-03-06 23:11 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-05-15 23:30 . 2009-05-15 23:30 552 ----a-w- c:\windows\system32\d3d8caps.dat
2009-05-13 05:15 . 2008-04-25 20:33 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-12 22:12 . 2008-04-26 01:54 26144 ----a-w- c:\windows\system32\spupdsvc.exe
2009-05-07 15:32 . 2008-04-25 20:33 345600 ----a-w- c:\windows\system32\localspl.dll
2009-04-30 23:55 . 2009-03-06 23:15 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-04-29 15:25 . 2009-04-29 15:25 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-04-29 01:09 . 2009-03-24 07:05 446 ----a-w- c:\documents and settings\Lisette Guido\Application Data\wklnhst.dat
2009-04-21 20:10 . 2009-04-21 20:10 64160 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\32\lbd.sys
2009-04-21 20:10 . 2009-03-28 20:09 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-04-17 12:26 . 2008-04-25 20:33 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:51 . 2008-04-25 20:33 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2009-05-01 21:02 . 2009-02-24 19:34 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-02-24 19:34 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2009-03-06 23:23 . 2009-03-06 23:23 75 --sh--r- c:\windows\CT4CET.bin
.

descriptionC:\combofix.txt EmptyRe: C:\combofix.txt

more_horiz
((((((((((((((((((((((((((((( SnapShot@2009-06-27_02.47.03 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-06-27 02:47 . 2008-10-16 22:09 51224 c:\windows\system32\dllcache\cache\wuauclt.exe
+ 2009-06-27 02:47 . 2008-04-14 12:00 82432 c:\windows\system32\dllcache\cache\ws2_32.dll
+ 2009-06-27 02:47 . 2008-04-14 12:00 26112 c:\windows\system32\dllcache\cache\userinit.exe
+ 2009-06-27 02:47 . 2008-04-14 12:00 14336 c:\windows\system32\dllcache\cache\svchost.exe
+ 2009-06-27 02:47 . 2008-04-14 12:00 57856 c:\windows\system32\dllcache\cache\spoolsv.exe
+ 2009-06-27 02:47 . 2008-04-14 12:00 17408 c:\windows\system32\dllcache\cache\powrprof.dll
+ 2009-06-27 02:47 . 2008-04-14 12:00 13312 c:\windows\system32\dllcache\cache\lsass.exe
+ 2009-06-27 02:47 . 2008-04-14 12:09 24576 c:\windows\system32\dllcache\cache\kbdclass.sys
+ 2009-06-27 02:47 . 2008-04-14 12:00 36608 c:\windows\system32\dllcache\cache\ip6fw.sys
+ 2009-06-27 02:47 . 2008-04-14 12:00 15360 c:\windows\system32\dllcache\cache\ctfmon.exe
+ 2009-06-27 02:47 . 2008-04-14 12:00 507904 c:\windows\system32\dllcache\cache\winlogon.exe
+ 2009-06-27 02:47 . 2009-05-13 05:15 915456 c:\windows\system32\dllcache\cache\wininet.dll
+ 2009-06-27 02:47 . 2008-04-14 12:00 578560 c:\windows\system32\dllcache\cache\user32.dll
+ 2009-06-27 02:47 . 2008-04-14 12:00 295424 c:\windows\system32\dllcache\cache\termsrv.dll
+ 2009-06-27 02:47 . 2008-06-20 11:51 361600 c:\windows\system32\dllcache\cache\tcpip.sys
+ 2009-06-27 02:47 . 2009-02-06 11:11 110592 c:\windows\system32\dllcache\cache\services.exe
+ 2009-06-27 02:47 . 2008-04-14 12:00 182656 c:\windows\system32\dllcache\cache\ndis.sys
+ 2009-06-27 02:47 . 2009-03-21 14:06 989696 c:\windows\system32\dllcache\cache\kernel32.dll
+ 2009-06-27 02:47 . 2008-04-14 12:00 110080 c:\windows\system32\dllcache\cache\imm32.dll
+ 2009-06-27 02:47 . 2008-04-14 12:00 1614848 c:\windows\system32\dllcache\cache\sfcfiles.dll
+ 2009-06-27 02:47 . 2009-02-06 11:06 2145280 c:\windows\system32\dllcache\cache\ntoskrnl.exe
+ 2009-06-27 02:47 . 2009-02-06 10:32 2023936 c:\windows\system32\dllcache\cache\ntkrnlpa.exe
+ 2009-06-27 02:47 . 2008-04-14 12:00 1033728 c:\windows\system32\dllcache\cache\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2009-02-11 416768]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-12-24 137752]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-12-24 354840]
"PersistenceThread"="c:\windows\system32\PersistenceThread.exe" [2008-12-24 92696]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2009-01-06 2289664]
"BTMeter"="c:\program files\Battery Meter\BTMeter.exe" [2008-11-05 623912]
"WSED"="c:\program files\WSED\WSED.exe" [2008-12-12 238888]
"PCMAgent"="c:\program files\Dell\Media Experience\PCMAgent.exe" [2008-12-11 148776]
"CLMLServer"="c:\program files\Dell\Media Experience\Kernel\CLML\CLMLSvc.exe" [2008-12-11 202024]
"PlayMovie"="c:\program files\Dell\PlayMovie\PMVService.exe" [2008-12-11 177384]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-06-17 518488]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-27 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-05-30 292136]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-21 148888]
"Corel Photo Downloader"="c:\program files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" [2007-08-16 531272]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2008-12-23 18063872]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2009-03-06 23:20 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Dell Video Chat\\DellVideoChat.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4

R0 EMSC;COMPAL Embedded System Control;c:\windows\system32\drivers\EMSC.sys [3/6/2009 4:14 PM 14248]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [3/28/2009 1:09 PM 64160]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\drivers\CtClsFlt.sys [3/6/2009 4:22 PM 135936]
R3 igd;igd;c:\windows\system32\drivers\igxpmp32.sys [3/6/2009 5:55 PM 5088416]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [3/6/2009 5:55 PM 110080]
R3 Ktp;Elantech Smart-Pad;c:\windows\system32\drivers\ETD.sys [3/6/2009 5:55 PM 83456]
R3 OA012Afx;Provides a software interface to control audio effects of OA012 camera.;c:\windows\system32\drivers\OA012Afx.sys [3/6/2009 5:55 PM 148056]
R3 OA012Ufd;Creative Camera OA012 Upper Filter Driver;c:\windows\system32\drivers\OA012Ufd.sys [3/6/2009 5:55 PM 133472]
R3 OA012Vid;Creative Camera OA012 Function Driver;c:\windows\system32\drivers\OA012Vid.sys [3/6/2009 5:55 PM 271328]
R3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RTS5121.sys [3/6/2009 5:55 PM 157696]
S2 gupdate1c9b4a5517da6c4;Google Update Service (gupdate1c9b4a5517da6c4);c:\program files\Google\Update\GoogleUpdate.exe [4/3/2009 2:43 PM 133104]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe --> c:\program files\NOS\bin\getPlus_HelperSvc.exe [?]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [3/9/2009 12:06 PM 1003344]
S3 PCD5SRVC{3F6A8B78-EC003E00-05040000};PCD5SRVC{3F6A8B78-EC003E00-05040000} - PCDR Kernel Mode Service Helper Driver;c:\progra~1\DELLSU~1\HWDiag\bin\PCD5SRVC.pkms [7/25/2008 4:05 PM 22240]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-06-26 c:\windows\Tasks\Ad-Aware Update (Daily).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 20:09]

2009-06-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 20:34]

2009-06-27 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-03 21:43]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-BitTorrent DNA - c:\program files\DNA\btdna.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com/
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = 127.0.0.1:8100
uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101664&gct=&gc=1&q=%s
FF - ProfilePath - c:\documents and settings\Lisette Guido\Application Data\Mozilla\Firefox\Profiles\menmpiwg.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - component: c:\program files\Google\Google Gears\Firefox\components\gears.dll
FF - plugin: c:\program files\Google\Update\1.2.145.5\npGoogleOneClick8.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-27 12:12
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCD5SRVC{3F6A8B78-EC003E00-05040000}]
"ImagePath"="\??\c:\progra~1\DELLSU~1\HWDiag\bin\PCD5SRVC.pkms"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(688)
c:\program files\Citrix\GoToAssist\514\G2AWinLogon.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
c:\windows\System32\BCMLogon.dll
.
Completion time: 2009-06-27 12:14
ComboFix-quarantined-files.txt 2009-06-27 19:14
ComboFix2.txt 2009-06-27 02:48

Pre-Run: 98,110,226,432 bytes free
Post-Run: 98,131,816,448 bytes free

274 --- E O F --- 2009-06-11 10:04

descriptionC:\combofix.txt EmptyRe: C:\combofix.txt

more_horiz
Hello.
Please post a new Hijack This log now.

descriptionC:\combofix.txt EmptyRe: C:\combofix.txt

more_horiz
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:56:08 PM, on 6/27/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\rpcnet.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Documents and Settings\Lisette Guido\Desktop\Hijack(GP)This.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=101664&gct=&gc=1&q=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://toolbar.ask.com/toolbarv/askRedirect?o=101664&gct=&gc=1&q=%s
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8100
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.23.0\gears.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [PersistenceThread] C:\WINDOWS\system32\PersistenceThread.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [BTMeter] C:\Program Files\Battery Meter\BTMeter.exe
O4 - HKLM\..\Run: [WSED] C:\Program Files\WSED\WSED.exe
O4 - HKLM\..\Run: [PCMAgent] "C:\Program Files\Dell\Media Experience\PCMAgent.exe"
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\Dell\Media Experience\Kernel\CLML\CLMLSvc.exe"
O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Dell\PlayMovie\PMVService.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Corel Photo Downloader] "C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.23.0\gears.dll
O9 - Extra 'Tools' menuitem: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.23.0\gears.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: getPlus(R) Helper - Unknown owner - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe (file missing)
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Google Update Service (gupdate1c9b4a5517da6c4) (gupdate1c9b4a5517da6c4) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Remote Procedure Call (RPC) Net (rpcnet) - Absolute Software Corp. - C:\WINDOWS\system32\rpcnet.exe
O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 7881 bytes

descriptionC:\combofix.txt EmptyRe: C:\combofix.txt

more_horiz
Hello.

  • Open HijackThis.
  • Choose "Do a system scan only"
  • Check the boxes in front of these lines:


    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://toolbar.ask.com/toolbarv/askRedirect?o=101664&gct=&gc=1&q=%s


  • Press "Fix Checked"
  • Close Hijack This.

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /u

C:\combofix.txt CF_Cleanup

This will also reset your restore points.

How is the machine running now?

descriptionC:\combofix.txt EmptyRe: C:\combofix.txt

more_horiz
thank you so much
my computer is running good Big Grin

descriptionC:\combofix.txt EmptyRe: C:\combofix.txt

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum