windows antivirus pro & home antivirus 2010 REMOVAL

My computer have been infected with 2 viruses, I tried to do my best but did not worked. I stopped the pup ups and tried to run Malwarebytes Anti-Malware but it does not work. I think that the viruses are blocking it. I uninstalled it many time and reinstalled it again and again, but the Malwarebytes Anti-Malware does not work. I downloaded a antivirus called ESET NOD32 and is scanning my computer now, i do not now if this will work. PLEASE I NEED HELP!!!!!!!

Hello rocio25,

Welcome to Geek Police, my name is Origin and I will be helping you today. Please keep the following in mind:

• If you do not get a reply from me or another helper within 2 days, please reply to your topic with the phrase BUMP
  
• If you have any cracked/pirated software in your computer delete them or we will not help you.
  
• Only follow advise from Geek Police Staff and not a regular member.
  
• Do NOT run any tool without Geek Police supervision as it could hinder your system useless.
  

Please download the current version of HijackThis from HERE

• Double click and run the installer.
  
• It will install to C:\Program Files\Trend Micro\HijackThis\hijackthis.exe
  
• After installing, you should get the user agreement, press accept and Hijack This will run.
  
• Select Do a system scan and save a log file. This will open a notepad file of everything Hijack This found, copy and paste it back here.
  

I tried to run the HijackThis and in the middle of the scan process it just disappear from the screen. I do not know if finished the scan and made the report. What Should I do now?

Also, when I tried to open the HijackThis file again a have a message: "Windows cannot access the specified device, path or file. You may not have the appropiate permissions to access the item."

I follow your instructions and here is the report: the report is to big that i have to send it in two part.

DDS (Ver_09-07-30.01) - NTFSx86
Run by Rocio at 8:57:06.37 on Tue 08/04/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3062.2430 [GMT -4:00]

AV: ESET Smart Security 4.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AhnLab\Smart Update Utility\AhnSDsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\OPHALDCS.EXE
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\WINDOWS\system32\hasplms.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Onyx\AutoUpdate\OnxUpdtService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Canon\Memory Card Utility\iP6700D\PDUiP6700DMon.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\Canon\GAROStatusMonitor\cnwida.exe
C:\Program Files\Software602\Print2PDF\PrnPack.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Pitney Bowes\mailstation 2\mailstationAssistant.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\braviax.exe
C:\Program Files\AhnLab\Smart Update Utility\AhnSD.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Okidata\OKI LPR Utility\okilpr.exe
C:\DOCUME~1\Rocio\LOCALS~1\Temp\JobMonitor\JobMonitor.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Microsoft\Office Live\OfficeLiveSignIn.exe
C:\Documents and Settings\Rocio\Desktop\dds.pif

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uStart Page = hxxp://www.google.com
mDefault_Search_URL = hxxp://www.google.com/ie
mSearch Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uSearchAssistant = hxxp://www.google.com
mSearchAssistant = hxxp://www.google.com
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
uRun: [EFI Job Monitor] c:\windows\system32\rundll32.exe c:\windows\system32\spool\drivers\w32x86\3\efjm.dll,run
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\Iaanotif.exe
mRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exe
mRun: [RealTray] c:\program files\real\realplayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [PDUiP6700DMon] c:\program files\canon\memory card utility\ip6700d\PDUiP6700DMon.exe
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [CnwiDeviceAgent] c:\program files\canon\garostatusmonitor\cnwida.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [PrintPack dispatcher] "c:\program files\software602\print2pdf\PrnPack.exe" /server
mRun: [Mailstation Assistant] c:\program files\pitney bowes\mailstation 2\mailstationAssistant minimize
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [OpwareSE4] "c:\program files\scansoft\omnipagese4.0\OpwareSE4.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [braviax] braviax.exe
mRun: [AHNSD] "c:\program files\ahnlab\smart update utility\AhnSD.exe"
mRun: [egui] "c:\program files\eset\eset smart security\egui.exe" /hide /waitservice
mRun: [Home Antivirus 2010] "c:\program files\homeantivirus2010\HomeAntivirus2010.exe" /hide
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\garost~1.lnk - c:\program files\canon\garostatusmonitor\cnwism.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logoca~1.lnk - c:\program files\gretagmacbeth\i1\eye-one match 3\calibrationloader\CalibrationLoader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\okilpr~1.lnk - c:\program files\okidata\oki lpr utility\okilpr.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\profil~1.lnk - c:\program files\gretagmacbeth\i1\eye-one match 3\ProfileReminder.exe
uPolicies-explorer: ForceClassicControlPanel = 1 (0x1)
uPolicies-system: EnableProfileQuota = 1 (0x1)
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {5B7027AD-AA6D-40df-8F56-9560F277D2A5} - {E4ABF418-CB30-470C-BFF7-674AC0FC564F} - c:\program files\software602\print2pdf\Print602.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
Trusted Zone: yahoo.com\www
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase1140.cab
DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - hxxps://webdl.symantec.com/activex/symdlmgr.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1227885096328
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {C854C4D1-ED53-4B1F-AA45-783B3CF3315C} - hxxp://program.webhard.co.kr/Plus/active_upload2/DacomUpload.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://colormanagement.webex.com/client/T26L/nbr/ieatgpc.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: GoToAssist - c:\program files\citrix\gotoassist\480\G2AWinLogon.dll
Notify: igfxcui - igfxdev.dll

The Second part of the report is:

============= SERVICES / DRIVERS ===============

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009-5-14 107256]
R2 AhnLab Task Scheduler;AhnLab Task Scheduler;c:\program files\ahnlab\smart update utility\AhnSDsv.exe [2009-8-1 169664]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\CCSVCHST.EXE [2008-2-18 149352]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\CCSVCHST.EXE [2008-2-18 149352]
R2 ekrn;ESET Service;c:\program files\eset\eset smart security\ekrn.exe [2009-5-14 731840]
R2 hasplms;HASP License Manager;c:\windows\system32\hasplms.exe -run --> c:\windows\system32\hasplms.exe -run [?]
R2 OnyxUpdaterService;Onyx Updater;c:\onyx\autoupdate\OnxUpdtService.exe [2007-8-24 33280]
R2 PDIHWCTL;PDIHWCTL;c:\windows\system32\drivers\pdihwctl.sys [2008-4-11 14416]
S2 ccProxy;Symantec Network Proxy;c:\program files\common files\symantec shared\ccProxy.exe [2008-2-18 214888]
S2 Par1284;Par1284;c:\program files\flexisign-pro 7.0v2\program\Par1284.sys [2007-8-9 53344]
S3 DM150Drv;DM150Drv;c:\windows\system32\drivers\DM150Drv.sys [2008-11-7 20600]
S3 EyeOneDp;EyeOneDp;c:\windows\system32\drivers\EyeOneDp.sys [2003-2-17 44344]
S3 i1;eye-one;c:\windows\system32\drivers\i1.sys [2003-1-16 26045]
S3 yeddef;YEDDEF driver;c:\windows\system32\drivers\yeddef.sys --> c:\windows\system32\drivers\yeddef.sys [?]

=============== Created Last 30 ================

2009-08-03 10:50 --d----- c:\program files\HomeAntivirus2010
2009-08-03 10:29 19,978 a------- c:\program files\common files\qimup.exe
2009-08-03 10:29 19,795 a------- c:\program files\common files\oqitivogew.dll
2009-08-03 10:29 18,742 a------- c:\docume~1\alluse~1\applic~1\ytetyfuboz.vbs
2009-08-03 10:29 18,493 a------- c:\docume~1\alluse~1\applic~1\owagewupec.pif
2009-08-03 10:29 18,474 a------- c:\docume~1\alluse~1\applic~1\baweh.pif
2009-08-03 10:29 16,999 a------- c:\docume~1\alluse~1\applic~1\yxolu.dll
2009-08-03 10:29 11,632 a------- c:\docume~1\rocio\applic~1\zyvel.sys
2009-08-03 10:29 10,781 a------- c:\windows\axuxiq.bat
2009-08-03 08:41 18,880 a------- c:\docume~1\alluse~1\applic~1\rotimaje.pif
2009-08-03 08:41 11,073 a------- c:\windows\system32\jyfaxe.ban
2009-08-03 08:41 10,323 a------- c:\windows\nuperyvy.dll
2009-08-03 08:41 19,723 a------- c:\docume~1\rocio\applic~1\ytenuj.dat
2009-08-03 08:41 15,552 a------- c:\windows\cacegyna.dll
2009-08-03 08:41 15,098 a------- c:\windows\sybu.lib
2009-08-03 08:41 14,900 a------- c:\windows\adezenuto.db
2009-08-03 08:41 11,595 a------- c:\docume~1\alluse~1\applic~1\vytyx.bat
2009-08-03 08:41 11,461 a------- c:\windows\system32\azymydo.reg
2009-08-03 08:41 10,086 a------- c:\windows\zawe.dll
2009-08-02 08:58 19,443 a------- c:\windows\system32\jecu.bat
2009-08-02 08:58 18,365 a------- c:\program files\common files\zeba.sys
2009-08-02 08:58 16,241 a------- c:\docume~1\alluse~1\applic~1\nejyfazado.scr
2009-08-02 08:58 16,036 a------- c:\windows\system32\zudi.vbs
2009-08-02 08:58 12,402 a------- c:\windows\rufofukuhi.dll
2009-08-02 08:58 11,570 a------- c:\windows\system32\imowizo.inf
2009-08-02 08:58 11,399 a------- c:\windows\system32\punece.scr
2009-08-02 08:58 11,376 a------- c:\windows\cydule.sys
2009-08-02 08:58 11,199 a------- c:\windows\system32\polybafos._sy
2009-08-02 08:58 10,065 a------- c:\program files\common files\sorylawa.dll
2009-08-01 10:51 --d----- c:\docume~1\rocio\applic~1\ESET
2009-08-01 10:50 --d----- c:\program files\ESET
2009-08-01 10:12 19,839 a------- c:\windows\system32\sudypy.bat
2009-08-01 10:12 19,785 a------- c:\windows\system32\kesuk.ban
2009-08-01 10:12 18,418 a------- c:\windows\ywodi.pif
2009-08-01 10:12 17,126 a------- c:\windows\syguki.pif
2009-08-01 10:12 15,956 a------- c:\windows\jiqowomyki.com
2009-08-01 10:12 15,856 a------- c:\docume~1\rocio\applic~1\bimynano.com
2009-08-01 10:12 14,930 a------- c:\windows\gynupasiq.sys
2009-08-01 10:12 14,032 a------- c:\windows\ecenuqaje.vbs
2009-08-01 10:12 13,653 a------- c:\windows\xironyg.dat
2009-08-01 10:12 11,417 a------- c:\windows\naduvihe.lib
2009-08-01 10:12 10,772 a------- c:\windows\uvibiwe.db
2009-07-31 17:02 4,614 a------- c:\windows\system32\tmp.reg
2009-07-31 16:59 --d----- c:\windows\pss
2009-07-31 14:57 18,471 a------- c:\program files\common files\hodyjez.bin
2009-07-31 14:57 17,317 a------- c:\docume~1\alluse~1\applic~1\umyhytahyh.pif
2009-07-31 14:57 16,088 a------- c:\windows\ikifibydy.reg
2009-07-31 14:57 15,709 a------- c:\program files\common files\enyxiqu.bin
2009-07-31 14:57 15,480 a------- c:\docume~1\alluse~1\applic~1\ulegajevat.vbs
2009-07-31 14:57 15,457 a------- c:\docume~1\rocio\applic~1\pohifawuk.com
2009-07-31 14:57 15,242 a------- c:\windows\ykowuta._dl
2009-07-31 14:57 15,085 a------- c:\windows\iqywepej.pif
2009-07-31 14:57 13,365 a------- c:\windows\rozomanym._dl
2009-07-31 14:57 12,902 a------- c:\docume~1\rocio\applic~1\iviva.sys
2009-07-31 14:57 10,351 a------- c:\program files\common files\abaroqydes.com
2009-07-31 14:57 10,044 a------- c:\windows\izamebys.sys
2009-07-31 14:57 19,878 a------- c:\windows\aqun.sys
2009-07-31 14:57 18,161 a------- c:\program files\common files\fine.pif
2009-07-31 14:57 18,030 a------- c:\windows\ykyqikyhog.reg
2009-07-31 14:57 12,865 a------- c:\windows\system32\ryfemuze.lib
2009-07-31 14:57 12,738 a------- c:\windows\hybymagapa.lib
2009-07-31 14:57 12,262 a------- c:\docume~1\alluse~1\applic~1\pajutolyt.scr
2009-07-31 14:57 10,031 a------- c:\windows\iwivic.lib
2009-07-31 14:46 185,405 a------- c:\windows\system32\wisdstr.exe
2009-07-31 14:43 9 a------- c:\windows\system32\bennuar.old
2009-07-31 14:43 827,392 a------- c:\windows\system32\dddesot.dll
2009-07-31 14:43 176,128 a------- c:\windows\svchast.exe
2009-07-31 14:43 65,536 a------- c:\windows\system32\desot.exe
2009-07-31 14:43 88 a------- c:\windows\system32\sonhelp.htm
2009-07-31 14:43 64 a------- c:\windows\ppp4.dat
2009-07-31 14:43 36 a------- c:\windows\system32\sysnet.dat
2009-07-31 14:43 2 a------- c:\windows\ppp3.dat
2009-07-31 14:41 9,216 a------- c:\windows\braviax.exe
2009-07-31 14:39 24,576 a------- c:\windows\system32\tapi.nfo
2009-07-31 14:39 46 a------- C:\p2hhr.bat
2009-07-31 14:38 69,640 a------- C:\abgcty.exe
2009-07-31 14:38 15,000 a------- c:\windows\system32\ghaf8jkdfd.dll
2009-07-31 14:38 12,288 a------- C:\jeooxqma.exe
2009-07-31 14:38 22,016 a------- C:\cpakfja.exe
2009-07-31 14:38 19,456 a------- C:\njeoahhq.exe
2009-07-31 14:38 10,240 a------- C:\phdtsk.exe
2009-07-22 08:55 410,984 a------- c:\windows\system32\deploytk.dll
2009-07-22 08:55 73,728 a------- c:\windows\system32\javacpl.cpl
2009-07-06 11:42 --d----- c:\program files\Trend Micro

==================== Find3M ====================

2009-08-01 10:12 18,848 a------- c:\program files\common files\sogety.inf
2009-07-31 14:57 10,494 a------- c:\program files\common files\umutud.db
2009-07-19 18:48 11,067,392 -------- c:\windows\system32\dllcache\ieframe.dll
2009-07-19 09:18 5,937,152 -------- c:\windows\system32\dllcache\mshtml.dll
2009-07-03 13:09 915,456 a------- c:\windows\system32\wininet.dll
2009-07-03 13:09 915,456 -------- c:\windows\system32\dllcache\wininet.dll
2009-07-03 13:09 12,800 -------- c:\windows\system32\dllcache\xpshims.dll
2009-07-03 13:09 206,848 a------- c:\windows\system32\dllcache\occache.dll
2009-07-03 13:09 1,208,832 -------- c:\windows\system32\dllcache\urlmon.dll
2009-07-03 13:09 594,432 a------- c:\windows\system32\dllcache\msfeeds.dll
2009-07-03 13:09 55,296 a------- c:\windows\system32\dllcache\msfeedsbs.dll
2009-07-03 13:09 1,985,536 -------- c:\windows\system32\dllcache\iertutil.dll
2009-07-03 13:09 25,600 -------- c:\windows\system32\dllcache\jsproxy.dll
2009-07-03 13:09 184,320 a------- c:\windows\system32\dllcache\iepeers.dll
2009-07-03 13:09 246,272 -------- c:\windows\system32\dllcache\ieproxy.dll
2009-07-03 13:09 386,048 -------- c:\windows\system32\dllcache\iedkcs32.dll
2009-07-03 07:01 173,056 -------- c:\windows\system32\dllcache\ie4uinit.exe
2009-06-18 08:15 964 a------- c:\docume~1\rocio\applic~1\wklnhst.dat
2009-06-16 10:36 119,808 a------- c:\windows\system32\t2embed.dll
2009-06-16 10:36 81,920 a------- c:\windows\system32\fontsub.dll
2009-06-16 10:36 119,808 -------- c:\windows\system32\dllcache\t2embed.dll
2009-06-16 10:36 81,920 -------- c:\windows\system32\dllcache\fontsub.dll
2009-06-03 15:09 1,291,264 a------- c:\windows\system32\quartz.dll
2009-06-03 15:09 1,291,264 -------- c:\windows\system32\dllcache\quartz.dll
2009-06-02 11:17 75,776 a------- c:\windows\system32\WS2Fix.exe
2009-06-02 06:12 102,912 -------- c:\windows\system32\dllcache\iecompat.dll
2009-05-07 11:32 345,600 a------- c:\windows\system32\localspl.dll
2009-05-07 11:32 345,600 -------- c:\windows\system32\dllcache\localspl.dll
2009-01-02 15:54 21,747,397 a------- c:\program files\sw65demo.exe
2008-04-11 09:36 108 a------- c:\program files\INSTALL.LOG
2008-03-31 10:03 61,224 a------- c:\documents and settings\rocio\GoToAssistDownloadHelper.exe

============= FINISH: 8:57:21.26 ===============

Good morning,
I am not sure if I am posting in the correct place - my apologies if I did not. I have this windows antivirus pro on my computer - it has frozen everything and I am surprised I could even get my e-mail open. I have dowloaded antibytes malware a couple of weeks ago to get rid of windows personal antivirus and it worked but now I cannot open it. I tried downloading HiJack this so I could send you a log but my computer is blocking access. Can you help?

you posted your problem in the wrong place. You have to open a new account first, then go to spyware, virus forum and open a new topic and place your problem there.

Hello.

• Download combofix from here
  Link 1
  Link 2
  
  1. If you are using Firefox, make sure that your download settings are as follows:
  
  * Tools->Options->Main tab
  * Set to "Always ask me where to Save the files".
  
  2. During the download, rename Combofix to Combo-Fix as follows:
  
  
  
  
  
  3. It is important you rename Combofix during the download, but not after.
  4. Please do not rename Combofix to other names, but only to the one indicated.
  5. Close any open browsers.
  6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  
  
• We need to disable your local AV (Anti-virus) before running Combofix.
  
• See HERE for how to disable your AV. (ESET NOD32)
  
• Double click on ComboFix.exe.
  
• Follow the prompts. NOTE:
  
• ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
  ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***
  
  **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.
  
  
  
• The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.
  
  
  
  
• Allow ComboFix to download the Recovery Console.
  
• Accept the End-User License Agreement.
  
• The Recovery Console will be installed.
  
• You will then get this next prompt that asks if you want to continue the malware scan, select yes
  
  
  
  
• Allow combofix to run
  
• Post C:\combofix.txt back here.
  
  Note:
  Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
  

I have done what you told me, I have a report, What do you want me to do with it? It is all over? the inernet explorer icon is not working, I have to use Mozilla firefox.

should I install the Malwarebytes AntiMalware and run it? What Shouls I do?

Post the report here please.

The report is to big therefore I have to send it in two parts, here is the first part:

ComboFix 09-08-04.01 - Rocio 08/04/2009 16:03.1.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3062.2340 [GMT -4:00]
Running from: c:\documents and settings\Rocio\Desktop\Combo-Fix.exe
AV: ESET Smart Security 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
AV: Windows Live OneCare *On-access scanning disabled* (Updated) {427ADFC3-B354-4A51-BE34-A9D4218E45C4}
FW: ESET Personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
FW: Windows Live OneCare Firewall *disabled* {A3899D22-27E6-4A7E-AE4E-2C106646DAAB}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Rocio\Local Settings\Temporary Internet Files\asikuzexit.bat
c:\documents and settings\Rocio\Local Settings\Temporary Internet Files\avon.db
c:\documents and settings\Rocio\Local Settings\Temporary Internet Files\divano.dl
c:\documents and settings\Rocio\Local Settings\Temporary Internet Files\fasogogo.bin
c:\documents and settings\Rocio\Local Settings\Temporary Internet Files\oxisu.dll
c:\documents and settings\Rocio\Local Settings\Temporary Internet Files\paqypi.exe
c:\documents and settings\Rocio\Local Settings\Temporary Internet Files\rirotili.pif
c:\documents and settings\Rocio\Local Settings\Temporary Internet Files\teqewep.bin
c:\documents and settings\Rocio\Local Settings\Temporary Internet Files\texanemeh.dat
c:\documents and settings\Rocio\Local Settings\Temporary Internet Files\ucukyriw.vbs
c:\documents and settings\Rocio\Local Settings\Temporary Internet Files\uwip.scr
c:\documents and settings\Rocio\Local Settings\Temporary Internet Files\ykyvuzima.scr
c:\documents and settings\Rocio\Local Settings\Temporary Internet Files\zexozato.dll
C:\p2hhr.bat
C:\phdtsk.exe
c:\program files\INSTALL.LOG
c:\program files\Microsoft Office\WINWORD.EXE
c:\windows\braviax.exe
c:\windows\Installer\31bf4f.msi
c:\windows\Installer\3a21477.msp
c:\windows\Installer\3a21478.msp
c:\windows\Installer\3a21479.msp
c:\windows\Installer\3a2147a.msp
c:\windows\Installer\3a2147b.msp
c:\windows\Installer\3a2147c.msp
c:\windows\Installer\3a2147d.msp
c:\windows\Installer\3a2147e.msp
c:\windows\Installer\3a2147f.msp
c:\windows\Installer\8c849a6.msp
c:\windows\Installer\8c849a7.msp
c:\windows\Installer\8c849a8.msp
c:\windows\Installer\8c849a9.msp
c:\windows\Installer\8c849aa.msp
c:\windows\Installer\8c849ab.msp
c:\windows\Installer\8c849ac.msp
c:\windows\Installer\8c849ad.msp
c:\windows\Installer\8c849ae.msp
c:\windows\Installer\b9018.msp
c:\windows\Installer\b9020.msp
c:\windows\system32\404Fix.exe
c:\windows\system32\Agent.OMZ.Fix.exe
c:\windows\system32\drivers\xidbbfyz.sys
c:\windows\system32\dumphive.exe
c:\windows\system32\ghaf8jkdfd.dll
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\o4Patch.exe
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\wisdstr.exe
c:\windows\system32\WS2Fix.exe

c:\windows\system32\proquota.exe was missing
Restored copy from - c:\windows\ServicePackFiles\i386\proquota.exe

Infected copy of c:\windows\system32\netlogon.dll was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\netlogon.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}
-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226EE}


((((((((((((((((((((((((( Files Created from 2009-07-04 to 2009-08-04 )))))))))))))))))))))))))))))))
.

2009-08-04 20:06 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\proquota.exe
2009-08-04 16:03 . 2009-08-04 16:06 626720 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-08-04 15:14 . 2009-08-04 16:54 -------- d-----w- c:\program files\Microsoft Windows OneCare Live
2009-08-04 14:43 . 2009-08-04 14:43 12212 ----a-w- c:\documents and settings\Rocio\Local Settings\Application Data\qijur.bin
2009-08-04 14:43 . 2009-08-04 14:43 10093 ----a-w- c:\windows\system32\akeveloh.bin
2009-08-04 14:23 . 2009-08-04 14:23 -------- d-----w- c:\documents and settings\Rocio\Local Settings\Application Data\Mozilla
2009-08-04 14:22 . 2009-08-04 16:54 -------- d-----w- c:\program files\Mozilla Firefox(2)
2009-08-03 14:44 . 2009-08-03 14:44 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Google
2009-08-03 14:44 . 2009-08-03 14:44 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150060}
2009-08-03 14:04 . 2007-08-04 04:34 35720 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-03 14:04 . 2007-08-04 04:23 -------- d-----w- c:\documents and settings\Administrator\Application Data\GTek
2009-08-03 14:04 . 2009-08-03 14:43 -------- d-----w- c:\documents and settings\Administrator
2009-08-03 13:29 . 2009-08-03 14:43 -------- d-----w- c:\program files\Windows Live Safety Center
2009-08-03 12:41 . 2009-08-03 12:41 18880 ----a-w- c:\documents and settings\All Users\Application Data\rotimaje.pif
2009-08-03 12:41 . 2009-08-03 12:41 16418 ----a-w- c:\documents and settings\Rocio\Local Settings\Application Data\lyvohac.reg
2009-08-03 12:41 . 2009-08-03 12:41 10323 ----a-w- c:\windows\nuperyvy.dll
2009-08-03 12:41 . 2009-08-03 12:41 15552 ----a-w- c:\windows\cacegyna.dll
2009-08-03 12:41 . 2009-08-03 12:41 11595 ----a-w- c:\documents and settings\All Users\Application Data\vytyx.bat
2009-08-03 12:41 . 2009-08-03 12:41 11461 ----a-w- c:\windows\system32\azymydo.reg
2009-08-03 12:41 . 2009-08-03 12:41 10086 ----a-w- c:\windows\zawe.dll
2009-08-02 12:58 . 2009-08-02 12:58 19443 ----a-w- c:\windows\system32\jecu.bat
2009-08-02 12:58 . 2009-08-02 12:58 18365 ----a-w- c:\program files\Common Files\zeba.sys
2009-08-02 12:58 . 2009-08-02 12:58 16241 ----a-w- c:\documents and settings\All Users\Application Data\nejyfazado.scr
2009-08-02 12:58 . 2009-08-02 12:58 16036 ----a-w- c:\windows\system32\zudi.vbs
2009-08-02 12:58 . 2009-08-02 12:58 13068 ----a-w- c:\documents and settings\Rocio\Local Settings\Application Data\pogosinoc.bat
2009-08-02 12:58 . 2009-08-02 12:58 12402 ----a-w- c:\windows\rufofukuhi.dll
2009-08-02 12:58 . 2009-08-02 12:58 11399 ----a-w- c:\windows\system32\punece.scr
2009-08-02 12:58 . 2009-08-02 12:58 11376 ----a-w- c:\windows\cydule.sys
2009-08-02 12:58 . 2009-08-02 12:58 10065 ----a-w- c:\program files\Common Files\sorylawa.dll
2009-08-01 15:54 . 2009-08-01 15:54 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ESET
2009-08-01 15:27 . 2009-08-01 15:27 -------- d-----w- c:\documents and settings\Rocio\Local Settings\Application Data\ESET
2009-08-01 14:51 . 2009-08-01 14:51 -------- d-----w- c:\documents and settings\Rocio\Application Data\ESET
2009-08-01 14:50 . 2009-08-01 14:50 -------- d-----w- c:\program files\ESET
2009-08-01 14:50 . 2009-08-01 14:50 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2009-08-01 14:12 . 2009-08-01 14:12 19839 ----a-w- c:\windows\system32\sudypy.bat
2009-08-01 14:12 . 2009-08-01 14:12 18418 ----a-w- c:\windows\ywodi.pif
2009-08-01 14:12 . 2009-08-01 14:12 17126 ----a-w- c:\windows\syguki.pif
2009-08-01 14:12 . 2009-08-01 14:12 15956 ----a-w- c:\windows\jiqowomyki.com
2009-08-01 14:12 . 2009-08-01 14:12 15856 ----a-w- c:\documents and settings\Rocio\Application Data\bimynano.com
2009-08-01 14:12 . 2009-08-01 14:12 14930 ----a-w- c:\windows\gynupasiq.sys
2009-08-01 14:12 . 2009-08-01 14:12 14032 ----a-w- c:\windows\ecenuqaje.vbs
2009-08-01 14:12 . 2009-08-01 14:12 13653 ----a-w- c:\windows\xironyg.dat
2009-07-31 18:43 . 2009-07-31 19:06 65536 ----a-w- c:\windows\system32\desot.exe
2009-07-31 18:43 . 2009-07-31 19:06 64 ----a-w- c:\windows\ppp4.dat
2009-07-31 18:43 . 2009-07-31 19:06 2 ----a-w- c:\windows\ppp3.dat
2009-07-31 18:43 . 2009-07-31 19:04 827392 ----a-w- c:\windows\system32\dddesot.dll
2009-07-31 18:43 . 2009-07-31 18:43 36 ----a-w- c:\windows\system32\sysnet.dat
2009-07-31 18:43 . 2009-07-31 18:43 176128 ----a-w- c:\windows\svchast.exe
2009-07-31 18:38 . 2009-07-31 18:38 69640 ----a-w- C:\abgcty.exe
2009-07-31 18:38 . 2009-07-31 18:38 12288 ----a-w- C:\jeooxqma.exe
2009-07-31 18:38 . 2009-07-31 18:38 22016 ----a-w- C:\cpakfja.exe
2009-07-31 18:38 . 2009-07-31 18:38 19456 ----a-w- C:\njeoahhq.exe
2009-07-22 12:55 . 2009-07-22 12:55 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-07-22 12:51 . 2009-07-22 12:51 152576 ----a-w- c:\documents and settings\Rocio\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-07-06 15:42 . 2009-08-03 12:45 -------- d-----w- c:\program files\Trend Micro

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-04 20:06 . 2004-08-10 16:51 407040 ----a-w- c:\windows\system32\netlogon.dll
2009-08-04 20:00 . 2008-08-31 14:32 -------- d-----w- c:\documents and settings\Rocio\Application Data\skypePM
2009-08-04 19:42 . 2008-08-31 14:29 -------- d-----w- c:\documents and settings\Rocio\Application Data\Skype
2009-08-04 16:06 . 2009-08-04 16:03 8420 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-08-04 15:18 . 2009-04-16 12:47 -------- d-----w- c:\program files\AhnLab
2009-08-03 14:43 . 2009-06-10 16:13 -------- d-----w- c:\program files\Microsoft Silverlight
2009-08-03 12:41 . 2009-08-03 12:41 19723 ----a-w- c:\documents and settings\Rocio\Application Data\ytenuj.dat
2009-08-01 14:12 . 2009-08-01 14:12 18848 ----a-w- c:\program files\Common Files\sogety.inf
2009-07-22 12:55 . 2007-08-04 04:18 -------- d-----w- c:\program files\Java
2009-07-07 14:32 . 2009-07-01 18:30 -------- d-----w- c:\program files\drv
2009-07-07 13:50 . 2007-08-04 04:26 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-07-07 13:33 . 2008-04-11 14:13 -------- d-----w- c:\program files\Norton 360
2009-07-07 13:32 . 2008-04-11 14:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-07-03 17:09 . 2004-08-10 16:51 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-02 13:06 . 2007-08-09 14:11 685400 ----a-w- c:\documents and settings\Louis\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-01 19:56 . 2009-07-01 19:56 -------- d-----w- c:\documents and settings\Rocio\Application Data\Malwarebytes
2009-07-01 19:56 . 2009-07-01 19:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-06-30 14:36 . 2009-05-26 13:05 -------- d-----w- c:\documents and settings\Rocio\Application Data\BitZipper
2009-06-26 18:58 . 2009-06-26 18:58 -------- d-----w- c:\documents and settings\Rocio\Application Data\rfeshmqh
2009-06-22 15:51 . 2009-06-22 15:51 -------- d-----w- c:\documents and settings\NetworkService\Application Data\rfeshmqh
2009-06-18 15:05 . 2009-06-18 15:05 -------- d-----w- c:\program files\Art Explosion
2009-06-18 15:05 . 2007-08-04 04:22 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-18 12:15 . 2007-10-09 14:13 964 ----a-w- c:\documents and settings\Rocio\Application Data\wklnhst.dat
2009-06-16 14:36 . 2004-08-10 16:51 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:36 . 2004-08-10 16:51 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-10 21:20 . 2007-08-04 04:31 -------- d-----w- c:\program files\Microsoft Works
2009-06-10 17:56 . 2008-01-14 17:59 -------- d-----w- c:\program files\Full Tilt Poker
2009-06-10 17:11 . 2007-08-09 15:23 -------- d-----w- c:\program files\Common Files\PDFView
2009-06-10 17:11 . 2009-06-10 17:11 -------- d-----w- c:\program files\NewSoft
2009-06-10 17:10 . 2009-06-10 17:10 -------- d-----w- c:\documents and settings\Rocio\Application Data\ScanSoft
2009-06-10 17:10 . 2007-08-09 15:21 -------- d-----w- c:\documents and settings\All Users\Application Data\ScanSoft
2009-06-10 17:10 . 2009-06-10 17:10 -------- d-----w- c:\program files\Common Files\ScanSoft Shared
2009-06-10 17:09 . 2009-06-10 17:09 -------- d-----w- c:\program files\ScanSoft
2009-06-10 17:06 . 2009-06-10 17:06 -------- d-----w- c:\program files\ArcSoft
2009-06-10 17:05 . 2007-08-09 14:27 -------- d-----w- c:\program files\Canon
2009-06-10 16:45 . 2008-03-04 20:43 -------- d-----w- c:\documents and settings\Rocio\Application Data\NewSoft
2009-06-10 16:36 . 2009-06-10 16:09 -------- d-----w- c:\program files\Windows Live
2009-06-10 16:24 . 2007-08-10 13:32 685400 ----a-w- c:\documents and settings\Rocio\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-10 16:12 . 2009-06-10 16:10 -------- d-----w- c:\program files\Microsoft
2009-06-10 16:12 . 2009-06-10 16:12 -------- d-----w- c:\program files\Microsoft Office Outlook Connector
2009-06-10 16:10 . 2009-06-10 16:10 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-06-10 16:04 . 2009-06-10 16:04 -------- d-----w- c:\program files\Common Files\Windows Live
2009-06-10 14:49 . 2008-03-31 19:14 -------- d-----w- c:\program files\SmartFTP Client 3.0 Setup Files
2009-06-03 19:09 . 2004-08-10 16:51 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-05-14 19:49 . 2009-05-14 19:49 55768 ----a-w- c:\windows\system32\drivers\epfwtdi.sys
2009-05-14 19:49 . 2009-05-14 19:49 33096 ----a-w- c:\windows\system32\drivers\epfwndis.sys
2009-05-14 19:49 . 2009-05-14 19:49 133000 ----a-w- c:\windows\system32\drivers\epfw.sys
2009-05-14 19:47 . 2009-05-14 19:47 107256 ----a-w- c:\windows\system32\drivers\ehdrv.sys
2009-05-14 19:41 . 2009-05-14 19:41 114472 ----a-w- c:\windows\system32\drivers\eamon.sys
2009-05-07 15:32 . 2004-08-10 16:51 345600 ----a-w- c:\windows\system32\localspl.dll
2009-01-02 19:54 . 2009-01-02 19:54 21747397 ----a-w- c:\program files\sw65demo.exe
2009-07-30 11:26 . 2009-08-04 18:13 137208 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
.

This is the second part of the report:

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2007-05-02 198704]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-08-11 21741864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Mailstation Assistant"="c:\program files\Pitney Bowes\mailstation 2\mailstationAssistant minimize" [X]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-07-21 98304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-07-21 86016]
"Persistence"="c:\windows\system32\igfxpers.exe" [2006-07-21 81920]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-07-06 151552]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2007-08-04 26112]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-12-11 286720]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"PDUiP6700DMon"="c:\program files\Canon\Memory Card Utility\iP6700D\PDUiP6700DMon.exe" [2006-03-16 61440]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2006-03-22 1191936]
"CnwiDeviceAgent"="c:\program files\Canon\GAROStatusMonitor\cnwida.exe" [2006-07-27 65536]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"PrintPack dispatcher"="c:\program files\Software602\Print2PDF\PrnPack.exe" [2007-11-23 73728]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-30 155648]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-03-21 69632]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-22 148888]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2006-07-24 282624]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
GARO Status Monitor.lnk - c:\program files\Canon\GAROStatusMonitor\cnwism.exe [2007-8-10 348160]
Logo Calibration Loader.lnk - c:\program files\GretagMacbeth\i1\Eye-One Match 3\CalibrationLoader\CalibrationLoader.exe [2005-2-2 708608]
OKI LPR Utility.lnk - c:\program files\Okidata\OKI LPR Utility\okilpr.exe [2009-2-12 151552]
ProfileReminder.lnk - c:\program files\GretagMacbeth\i1\Eye-One Match 3\ProfileReminder.exe [2005-2-2 954368]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2007-11-27 20:13 10792 ----a-w- c:\program files\Citrix\GoToAssist\480\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\OneCareMP]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Canon\\imagePROGRAF Device Setup Utility\\cnwids.exe"=
"c:\\Program Files\\Canon\\GAROStatusMonitor\\cnwism.exe"=
"c:\\Program Files\\Canon\\GAROStatusMonitor\\cnwida.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Rosetta Stone\\Rosetta Stone V3 DEMO\\RosettaStoneVersion3.exe"=
"c:\\Program Files\\Rosetta Stone\\Rosetta Stone V3 DEMO\\support\\bin\\RosettaStoneLtdServices.exe"=
"c:\\Program Files\\SmartFTP Client\\SmartFTP.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1947:TCP"= 1947:TCP:HASP SRM
"1947:UDP"= 1947:UDP:HASP SRM
""=
"8085:TCP"= 8085:TCP:drv

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [5/14/2009 3:47 PM 107256]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [5/14/2009 3:47 PM 731840]
R2 hasplms;HASP License Manager;c:\windows\system32\hasplms.exe -run --> c:\windows\system32\hasplms.exe -run [?]
R2 OnyxUpdaterService;Onyx Updater;c:\onyx\AutoUpdate\OnxUpdtService.exe [8/24/2007 11:18 AM 33280]
R2 PDIHWCTL;PDIHWCTL;c:\windows\system32\drivers\pdihwctl.sys [4/11/2008 8:37 AM 14416]
S1 is-HVF13drv;is-HVF13drv;c:\windows\system32\DRIVERS\90736237.sys --> c:\windows\system32\DRIVERS\90736237.sys [?]
S1 is-N9611drv;is-N9611drv;c:\windows\system32\DRIVERS\92592820.sys --> c:\windows\system32\DRIVERS\92592820.sys [?]
S1 is-UC7V3drv;is-UC7V3drv;c:\windows\system32\DRIVERS\30970194.sys --> c:\windows\system32\DRIVERS\30970194.sys [?]
S2 OcHealthMon;Windows Live OneCare Health Monitor;"c:\program files\Microsoft Windows OneCare Live\OcHealthMon.exe" --> c:\program files\Microsoft Windows OneCare Live\OcHealthMon.exe [?]
S3 DM150Drv;DM150Drv;c:\windows\system32\drivers\DM150Drv.sys [11/7/2008 12:36 PM 20600]
S3 EyeOneDp;EyeOneDp;c:\windows\system32\drivers\EyeOneDp.sys [2/17/2003 4:24 PM 44344]
S3 FLDNRUYYPGBPE;FLDNRUYYPGBPE;c:\docume~1\Rocio\LOCALS~1\Temp\FLDNRUYYPGBPE.exe --> c:\docume~1\Rocio\LOCALS~1\Temp\FLDNRUYYPGBPE.exe [?]
S3 i1;eye-one;c:\windows\system32\drivers\i1.sys [1/16/2003 2:46 PM 26045]
S3 KLWCEKNLF;KLWCEKNLF;c:\docume~1\Rocio\LOCALS~1\Temp\KLWCEKNLF.exe --> c:\docume~1\Rocio\LOCALS~1\Temp\KLWCEKNLF.exe [?]
S3 KN;KN;c:\docume~1\Rocio\LOCALS~1\Temp\KN.exe --> c:\docume~1\Rocio\LOCALS~1\Temp\KN.exe [?]
S3 yeddef;YEDDEF driver;c:\windows\system32\Drivers\yeddef.sys --> c:\windows\system32\Drivers\yeddef.sys [?]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
rvprkney

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)
HKLM-Run-OneCareUI - c:\program files\Microsoft Windows OneCare Live\winssnotify.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
IE: {{5B7027AD-AA6D-40df-8F56-9560F277D2A5} - {E4ABF418-CB30-470C-BFF7-674AC0FC564F} - c:\program files\Software602\Print2PDF\Print602.dll
Trusted Zone: yahoo.com\www
DPF: {C854C4D1-ED53-4B1F-AA45-783B3CF3315C} - hxxp://program.webhard.co.kr/Plus/active_upload2/DacomUpload.cab
FF - ProfilePath - c:\documents and settings\Rocio\Application Data\Mozilla\Firefox\Profiles\9pzenvw1.default\
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-04 16:08
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1064)
c:\program files\Citrix\GoToAssist\480\G2AWinLogon.dll

- - - - - - - > 'explorer.exe'(3224)
c:\windows\system32\WININET.dll
c:\program files\ScanSoft\OmniPageSE4.0\OpHookSE4.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Symantec Shared\CCSVCHST.EXE
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\spool\drivers\w32x86\3\OPHALDCS.EXE
c:\windows\system32\hasplms.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Pitney Bowes\mailstation 2\mailstationAssistant.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Completion time: 2009-08-04 16:13 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-04 20:13

Pre-Run: 163,002,667,008 bytes free
Post-Run: 163,818,901,504 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

381 --- E O F --- 2009-07-31 21:22