[Resolved] Computer running slow (addition)

**doctorspirit** · 05-12-2009

Oh, here is my HijackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:57:05 PM, on 12/4/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Yahoo! SearchBar Home Page
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Yahoo! UK & Ireland
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Yahoo! UK & Ireland
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, News, Sport, Music, Movies, Money, Cars, Shopping, Windows Live from MSN UK
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = Yahoo! SearchBar Home Page
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, News, Sport, Music, Movies, Money, Cars, Shopping, Windows Live from MSN UK
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Yahoo! UK & Ireland
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe " -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe " -t (User 'Default user')
O8 - Extra context menu item: &Search -
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} (TTestGenXInstallObject) - http://asp.mathxl.com/wizmodules/tes...enXInstall.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1149206963028
O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) - http://asp.mathxl.com/books/_Players...stallAsst2.cab
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart.com/photo/uploa...loadClient.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...nt/swflash.cab
O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} (Pearson MathXL Player) - http://asp.mathxl.com/books/_Players/MathPlayer.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{070D2696-1D2C-434E-B385-6B1ECA7243DE}: NameServer = 24.93.41.127,24.93.41.128
O17 - HKLM\System\CS2\Services\Tcpip\..\{070D2696-1D2C-434E-B385-6B1ECA7243DE}: NameServer = 24.93.41.127,24.93.41.128
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: wbsys.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

**broni** · 05-12-2009

Print these instructions out.

NOTE. If any of the programs listed below refuse to run, try renaming executive file to something else; for instance, rename hijackthis.exe to scanner.exe

***VERY IMPORTANT! Make sure, you update Superantispyware, and Malwarebytes before running the scans.***

STEP 1. Download SUPERAntiSpyware Free for Home Users:
SUPERAntiSpyware.com | Remove Malware | Remove Spyware - AntiMalware, AntiSpyware, AntiAdware!

* Double-click SUPERAntiSpyware.exe and use the default settings for installation.
* An icon will be created on your desktop. Double-click that icon to launch the program.
* If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here: SUPERAntiSpyware.com - Database Definition Information.)
* Close SUPERAntiSpyware.

PHYSICALLY DISCONNECT FROM THE INTERNET

Restart computer in Safe Mode.
To enter Safe Mode, restart computer, and keep tapping F8 key, until menu appears; select Safe Mode; you'll see "Safe Mode" in all four corners of your screen

* Open SUPERAntiSpyware.
* Click Scan your Computer... button.
* Click Scanning Preferences/Control Center... button.
* Under General and Startup tab, make sure, Start SUPERAntiSpyware when Windows starts option is UN-checked.
* Click the Scanning Control tab.
* Under Scanner Options make sure the following are checked (leave all others unchecked):

Close browsers before scanning.
Terminate memory threats before quarantining.

* Click the Close button to leave the control center screen.
* On the left, make sure you check C:\Fixed Drive.
* On the right, choose Perform Complete Scan.
* Click Next to start the scan. Please be patient while it scans your computer.
* After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click OK.
* Make sure everything has a checkmark next to it and click Next.
* A notification will appear that Quarantine and Removal is Complete. Click OK and then click the Finish button to return to the main menu.
* If asked if you want to reboot, click Yes.
* To retrieve the removal information after reboot, launch SUPERAntispyware again.

Click Preferences, then click the Statistics/Logs tab.
Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
Please copy and paste the Scan Log results in your next reply.

* Click Close to exit the program.
Post SUPERAntiSpyware log.

RECONNECT TO THE INTERNET

RESTART COMPUTER!

STEP 2. Download Malwarebytes' Anti-Malware: Malwarebytes.org to your desktop.
(Malwarebytes is free to use as a manual scanner. Payment is only required if you wish to have it run and update automatically which is not necessary for our purposes)

************************************************** ****************************************
Due to a bug in Malwarebytes, you may see in MBAM's log following entries:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\a tapi (Rootkit)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\a tapi (Rootkit)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\atapi (Rootkit)
DO NOT remove those entries!
If you do, your computer will become UN-bootable.
The issue has been fixed in the latest MBAM update, so, it's EXTREMELY important, you update MBAM before you run it.
************************************************** **************************************

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

RESTART COMPUTER!

STEP 3. Download GMER: GMER - Rootkit Detector and Remover, by clicking on Download EXE button.
Alternative downloads:
- |MG| GMER 1.0.15.15252 Download
- http://www.softpedia.com/get/Interne...ers/GMER.shtml
Double click on downloaded .exe file, select Rootkit tab and click the Scan button.
When scan is completed, click Save button, and save the results as gmer.log
Warning ! Please, do not select the "Show all" checkbox during the scan.
Post the log to your next reply.

RESTART COMPUTER

STEP 4.
Post fresh HijackThis log.
NOTE. If you're using Vista, right click on HijackThis, and click Run as Administrator
Do NOT attempt to "fix" anything!

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

**doctorspirit** · 06-12-2009

Broni,

I have done everything according to your instructions. Following are all of the logs you asked for (in this order: SUPERAntiSpyware, Malwarebytes, GMER, HijackThis).

Thank you for all the help!

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 12/06/2009 at 04:40 AM

Application Version : 4.31.1000

Core Rules Database Version : 4339
Trace Rules Database Version: 2191

Scan type : Complete Scan
Total Scan Time : 07:51:48

Memory items scanned : 231
Memory threats detected : 0
Registry items scanned : 8107
Registry threats detected : 7
File items scanned : 151357
File threats detected : 0

Adware.AdRotator/RightOnz
HKU\S-1-5-21-238397636-2059689480-754597021-1003\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{26E45419-7205-4FAC-BBFE-174BC7337A79}

Rogue.Component/Trace
HKLM\Software\Microsoft\A0329F21
HKLM\Software\Microsoft\A0329F21#a0329f21
HKLM\Software\Microsoft\A0329F21#Version
HKLM\Software\Microsoft\A0329F21#a03232a1
HKLM\Software\Microsoft\A0329F21#a0325b44
HKU\S-1-5-21-238397636-2059689480-754597021-1003\Software\Microsoft\FIAS4057

Malwarebytes' Anti-Malware 1.42
Database version: 3297
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

12/6/2009 1:57:45 PM
mbam-log-2009-12-06 (13-57-45).txt

Scan type: Full Scan (C:\|)
Objects scanned: 271736
Time elapsed: 2 hour(s), 52 minute(s), 29 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 24

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Owner\Desktop\Piracy\Applications & Cracks\Piracy\A-one DVD to iPod Converter with keygen\Keymaker\Keymaker.exe (Malware.Packer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Desktop\Piracy\Games & Cracks\Cracks Only\Chuzzle Deluxe Crack\Chuzzle_Deluxe_1.0_GH_crack.exe (Malware.Packer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Desktop\Piracy\Games & Cracks\Full Version Games\Hidden Object Games\Great Secrets - Da Vinci.exe (Malware.Packer.Krunchy) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Desktop\Piracy\Games & Cracks\Full Version Games\Hidden Object Games\I.Q. - Identity Quest.exe (Malware.Packer.Krunchy) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Desktop\Piracy\Games & Cracks\Full Version Games\Miscellaneous\Home Sweet Home Full.exe (Malware.Packer.Krunchy) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Desktop\Piracy\Games & Cracks\Full Version Games\Miscellaneous\Magic Seeds Full\Magic Seeds.exe (Malware.Packer.Krunchy) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Desktop\Piracy\Games & Cracks\Full Version Games\Miscellaneous\KinderGarten Full\KinderGarten.exe (Malware.Packer.Krunchy) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Desktop\Piracy\Games & Cracks\Full Version Games\Time Management Games\Carrie the Caregiver III - Camp Funshine Full.exe (Malware.Packer.Krunchy) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Desktop\Piracy\Games & Cracks\Full Version Games\Time Management Games\Wedding Dash 2 - Rings Around the World Full.exe (Malware.Packer.Krunchy) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Desktop\Piracy\Games & Cracks\Full Version Games\Time Management Games\Cooking Dash Full.exe (Malware.Packer.Krunchy) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Desktop\Piracy\Games & Cracks\Full Version Games\Time Management Games\Fashion Dash Full.exe (Malware.Packer.Krunchy) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Desktop\Piracy\Games & Cracks\Full Version Games\Time Management Games\Schoolhouse Shuffle Full.exe (Malware.Packer.Krunchy) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Desktop\Piracy\Games & Cracks\Full Version Games\Time Management Games\Pageant Princess Full.exe (Malware.Packer.Krunchy) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Desktop\Piracy\Games & Cracks\Full Version Games\Time Management Games\Coffee Rush Full\Coffee Rush.exe (Malware.Packer.Krunchy) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Desktop\Piracy\Games & Cracks\Full Version Games\Time Management Games\Ice Cream Craze Full\Ice Cream Craze.exe (Malware.Packer.Krunchy) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Desktop\Piracy\Games & Cracks\Full Version Games\Time Management Games\Vogue Tales Full\Vogue Tales ENG.exe (Malware.Packer.Krunchy) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Desktop\Piracy\Games & Cracks\Full Version Games\Time Management Games\Doggie Dash Full\Doggie Dash.exe (Malware.Packer.Krunchy) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Desktop\Piracy\Games & Cracks\Full Version Games\Time Management Games\Jane's Hotel II-Family Hero Full\Jane's Hotel 2 - Family Hero ENG.exe (Malware.Packer.Krunchy) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Desktop\Piracy\Games & Cracks\Full Version Games\Time Management Games\Megastore Madness Full\Megastore Madness.exe (Malware.Packer.Krunchy) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Desktop\Piracy\Games & Cracks\Full Version Games\Time Management Games\Pet Shop Hop Full\Pet Shop Hop.exe (Malware.Packer.Krunchy) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Desktop\Piracy\Games & Cracks\Games + Cracks\On the Rain-Slick Precipice of Darkness Episode One + Crack\On the Rain-Slick Precipice of Darkness - Episode One Crack.exe (Malware.Packer.Krunchy) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Desktop\Piracy\Games & Cracks\Games + Keygens\Bejeweled II Deluxe + Keygen\Bejeweled2Keygen.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Desktop\Piracy\Games & Cracks\Games + Keygens\Iggle Pop + Keygen\IgglePopkeygen.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Desktop\Piracy\Games & Cracks\Games + Keygens\Super Collapse II Platinum + Keygen\RelapsePlatinumkeygen.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

GMER 1.0.15.15252 - http://www.gmer.net
Rootkit scan 2009-12-06 14:37:35
Windows 5.1.2600 Service Pack 3
Running: t08r0t0u.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\kgncqaob.sys

---- Kernel code sections - GMER 1.0.15 ----

? nstcyhaw.sys The system cannot find the file specified. !
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xF6C34360, 0x35483F, 0xE8000020]
init C:\WINDOWS\System32\Drivers\sunkfilt.sys entry point in "init" section [0xF7928300]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[576] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 00]

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)
AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdir.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice \FileSystem\Fastfat \Fat eamon.sys (Amon monitor/ESET)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D 79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D 79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D 79C293C1ED61418462E24595C90D04@ujdew 0xD0 0x0C 0x3A 0xEC ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19 659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19 659239224E364682FA4BAF72C53EA4@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19 659239224E364682FA4BAF72C53EA4@khjeh 0xE7 0xE3 0x11 0xD6 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C2 93C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C2 93C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C2 93C1ED61418462E24595C90D04@ujdew 0xD0 0x0C 0x3A 0xEC ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\196592 39224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\196592 39224E364682FA4BAF72C53EA4@h0 1
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\196592 39224E364682FA4BAF72C53EA4@khjeh 0xE7 0xE3 0x11 0xD6 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C2 93C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C2 93C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C2 93C1ED61418462E24595C90D04@ujdew 0xD0 0x0C 0x3A 0xEC ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\196592 39224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\196592 39224E364682FA4BAF72C53EA4@h0 1
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\196592 39224E364682FA4BAF72C53EA4@khjeh 0xE7 0xE3 0x11 0xD6 ...
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Sys tem
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Sys tem@OOCC06.00.00.01WSSV 93BDA322C6B3740CA904797B34D0728B57B7ED0E4CBD1D7D56 C67448639D33B181485B9A97C0335668BD70042D1E83EA7436 BAEDF60BB08798AF3B5B4F54C1ED9450C96128951070C67078 F41E723AA812748988AA1121F5C973F57AD96DF4593BAC874C 14785712BB577AB07D8A85174E33B46ED81F9ADC52F812838B ED5CE5C60AB125204319A723036390E4331741AE881DA2141A 92017D7B7DC411EF4D35EDE9682BAF642CD0385826DE93CFE4 E3995EA2FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127B ECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BEC C74CA6A0AC4980AC7933FEBC9E127BECC74C9DB7CE019D40AA 5CBA7FD869164D67947B9446969BE230B493E1745316816D83 33FDD4A21B387C133E5AB348F9E7E4592E821F8F6CF62E9D17 F4568013F0F5AE89120B99B2BCDE26BC90F020CB60C1458E8E A17E814E39D44AA64A35C9CBFBA0C91E2A53F2E382FBDF9B6A 0D7BE6015514F633D0337EAEE3328DA97E2ED1DFD626B2A522 8F36ED9E23A5C440976EEF47281D50388B04BF574664663069 A7594CC004FE97EC1EFC9F78793BADE24B2D5AA78705A84D3C 70416E0B81DFDA52F007B269CF89A7EE5E90C489990DD5372E 54E55FF4DC6C691BB88C8213E692BE058A075F44950ED9940B E16B41DA1B4F39FD29F2D4501232EAD4F3F3C6E3D53B46E43E 051B1A217AF62A9BD528571
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Sys tem@OODEFRAG08.00.00.01WORKSTATION 55AAEBB39097C4F109680F787AF67D2699FEBC9E127BECC74C FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFE BC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933FEBC 9E127BECC74C9DB7CE019D40AA5CC038D530D6EB3452F3CEF3 A3BB39F2D6C0A154F9D50570C6ACEF071B9F25907C053BBEBB 86A6AF59445751FCC57C840B057BF137852639A1D0EABED2CB D36B2F332D9A313D2BEBFDA454DDACAC9650504550D01EFEA0 5D366158F678D6E13668C9E12FF51883E4C582249ACD394BAC 4DB1B0DD835E382E32F29BABBDD236DD02E42C24B2C0D546D2 1AAAFAA2C7A19F89CD337961D777AFA8ED98CB7368F903B5EF 639532F30DEE29FED0698FCA676473716E7C57B02B1B108E3A 3890531CFC232EE114E502D870309881C21D47AA6C5DC7FE30 A444E35C42E6ED4A31614FD2CCB40623DF4EAC9135A1AC5877 D6C159FA5007D0B100F7147D5CA4CB93F488C41CECB2BAD9D0 BECC68A7446E71A64383E660A91287657E976525D3FC9A8881 425B164EC7AE9789D1DD0FC23E7F788CF61D9E9199D38BD66E 7F4F778F4D24BA72BA4044295D414E818E0DA174B99F3DF101 07E881E61D20D4353C89AA566AF2AD4C5202B28B820FF356AD E033DC0739685669E1D7B958413DD69F8F69848B34810806FA 2D012492F1754F060FCBAB280347E8319E648F63C916830D5C CBCF46B0C968A655A801657
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af164764 4e76e06692b 0xE2 0x63 0x26 0xF1 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2e cedcc62c59b 0x6A 0x9C 0xD6 0x61 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023 a60d06dd016 0xFF 0x7C 0x85 0xE0 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be0 6337561aa48 0x86 0x8C 0x21 0x01 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d96 86d4b818472 0xF5 0x1D 0x4D 0x73 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b7 4b2b4522f5d 0xDF 0x20 0x58 0x62 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e 232fed27b7b 0x31 0x77 0xE1 0xBA ...
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb 204b76f993d 0x01 0x3A 0x48 0xFC ...
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a 51804d844a3 0xF6 0x0F 0x4E 0x58 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe 080bb27835b 0xB1 0xCD 0x45 0x5A ...
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a 6a021f2e3c6 0xE3 0x0E 0x66 0xD5 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616 fbc86791ec2 0xFA 0xEA 0x66 0x7F ...

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sector 60: copy of MBR

---- EOF - GMER 1.0.15 ----

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:00:21 PM, on 12/6/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe " -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe " -t (User 'Default user')
O8 - Extra context menu item: &Search -
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} (TTestGenXInstallObject) - http://asp.mathxl.com/wizmodules/tes...enXInstall.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1149206963028
O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) - http://asp.mathxl.com/books/_Players...stallAsst2.cab
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart.com/photo/uploa...loadClient.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...nt/swflash.cab
O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} (Pearson MathXL Player) - http://asp.mathxl.com/books/_Players/MathPlayer.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{070D2696-1D2C-434E-B385-6B1ECA7243DE}: NameServer = 24.93.41.127,24.93.41.128
O17 - HKLM\System\CS2\Services\Tcpip\..\{070D2696-1D2C-434E-B385-6B1ECA7243DE}: NameServer = 24.93.41.127,24.93.41.128
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: wbsys.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

--
End of file - 6584 bytes

**broni** · 06-12-2009

Please, post some computer info:
- processor type, amount of RAM (hold Windows logo key, hit Pause/Break key)
- hard drive size/free space (open "My Computer", right click on hard drive letter, click "Properties")

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Please, never rename Combofix unless instructed.
Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

NOTE. If Combofix asks you to install Recovery Console, please allow it.

Close any open browsers.
WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Make sure, you re-enable your security programs, when you're done with Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

**doctorspirit** · 06-12-2009

Broni,

Concerning my PC:

eMachine T3410
AMD Sempron Processor 3400+, 2.01 GHz
1 GB of RAM
HDD C: 144 GB capacity, 121 GB used
HDD F: 114 GB capacity, 58.4 GB used

And following are the logs you requested. Thank you again!

ComboFix 09-12-06.07 - Owner 12/06/2009 16:11.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.894.457 [GMT -6:00]
Running from: c:\documents and settings\Owner\My Documents\Downloads\ComboFix.exe
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
FW: COMODO Firewall Pro *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.
ADS - WINDOWS: deleted 48 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Owner\Application Data\.#
c:\documents and settings\Owner\Application Data\inst.exe
c:\documents and settings\Owner\err.log
c:\documents and settings\Owner\Local Settings\Application Data\{206AF252-AC0B-4753-B360-9A5DDD7A1CEE}
c:\documents and settings\Owner\Local Settings\Application Data\{206AF252-AC0B-4753-B360-9A5DDD7A1CEE}\chrome.manifest
c:\documents and settings\Owner\Local Settings\Application Data\{206AF252-AC0B-4753-B360-9A5DDD7A1CEE}\chrome\content\_cfg.js
c:\documents and settings\Owner\Local Settings\Application Data\{206AF252-AC0B-4753-B360-9A5DDD7A1CEE}\chrome\content\overlay.xul
c:\documents and settings\Owner\Local Settings\Application Data\{206AF252-AC0B-4753-B360-9A5DDD7A1CEE}\install.rdf
c:\documents and settings\Owner\ResErrors.log
c:\windows\desktop
c:\windows\system32\skinboxer43.dll
c:\windows\system32\wiwatati.exe
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2009-11-06 to 2009-12-06 )))))))))))))))))))))))))))))))
.

2009-12-06 01:39 . 2009-12-06 01:39 117760 ----a-w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\ UIREPAIR.DLL
2009-12-06 01:37 . 2009-12-06 01:37 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-11-26 19:44 . 2009-11-27 22:41 -------- d-----w- c:\documents and settings\Owner\Application Data\ElementalsTheMagicKey
2009-11-23 20:15 . 2009-11-23 20:15 120 ----a-w- c:\windows\Xtecum.dat
2009-11-23 20:15 . 2009-11-23 20:15 0 ----a-w- c:\windows\Ejiheg.bin
2009-11-12 05:11 . 2009-11-12 05:11 -------- d-----w- c:\documents and settings\Owner\Application Data\GTM_Bodie
2009-11-11 11:22 . 2009-11-11 11:22 104512 ----a-w- c:\windows\system32\drivers\AnyDVD.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-12-06 02:44 . 2006-04-29 22:30 -------- d-----w- c:\program files\e-Sword
2009-12-06 01:37 . 2008-04-26 22:14 -------- d-----w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com
2009-12-06 01:37 . 2007-10-30 01:37 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-12-05 03:08 . 2008-06-30 02:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-05 03:08 . 2008-11-03 18:39 4844296 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-12-03 22:14 . 2008-11-03 18:40 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-03 22:13 . 2008-06-30 02:28 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-03 04:37 . 2006-07-29 03:46 -------- d-----w- c:\documents and settings\Owner\Application Data\U3
2009-11-30 01:06 . 2007-08-07 22:08 -------- d-----w- c:\documents and settings\Owner\Application Data\Vso
2009-11-29 23:32 . 2008-07-04 21:35 -------- d-----w- c:\documents and settings\Owner\Application Data\uTorrent
2009-11-24 20:11 . 2006-03-05 14:33 76 ----a-w- c:\windows\popcinfo.dat
2009-11-19 02:09 . 2008-07-08 20:20 -------- d-----w- c:\documents and settings\Owner\Application Data\Playrix Entertainment
2009-11-15 01:22 . 2008-07-06 19:04 -------- d-----w- c:\documents and settings\Owner\Application Data\Games
2009-11-12 01:22 . 2007-05-28 16:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-11-04 03:33 . 2006-03-04 22:40 114912 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-04 01:16 . 2007-05-28 16:13 -------- d-----w- c:\program files\Microsoft Works
2009-10-31 19:34 . 2008-07-09 23:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Gogii
2009-10-31 19:09 . 2009-04-21 01:39 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-10-28 01:57 . 2006-05-19 22:23 -------- d-----w- c:\program files\GameHouse
2009-10-28 01:07 . 2005-10-30 01:48 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-25 17:44 . 2009-10-25 17:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Musicnotes
2009-10-01 00:49 . 2006-12-22 01:37 16 ----a-w- c:\windows\popcinfot.dat
2009-09-28 18:20 . 2009-09-28 18:20 89256 ----a-w- c:\windows\system32\ElbyCDIO.dll
2009-09-26 17:57 . 2009-09-26 17:57 25768 ----a-w- c:\windows\system32\drivers\ElbyCDIO.sys
2009-09-23 21:37 . 2009-10-01 11:14 34112 ----a-w- c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\irap***t.default\ext ensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\chrome\content\getPlusPlus_Adobe_reg _bootstrap.exe
2009-09-23 21:37 . 2009-10-01 11:14 32448 ----a-w- c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\irap***t.default\ext ensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
2009-09-23 21:37 . 2009-10-01 11:14 22352 ----a-w- c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\irap***t.default\ext ensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\chrome\content\getPlusPlus_Adobe_reg .exe
2009-09-11 14:18 . 2004-08-26 16:12 136192 ----a-w- c:\windows\system32\msv1_0.dll
2008-06-28 15:45 . 2008-06-27 15:58 170 ----a-w- c:\program files\1bomb.ini
2008-05-04 21:13 . 2008-05-04 21:13 0 ----a-w- c:\program files\temp01
2006-12-29 04:17 . 2006-12-29 04:20 774144 ----a-w- c:\program files\RngInterstitial.dll
2008-02-16 17:47 . 2008-02-16 17:47 2 --shatr- c:\windows\winstart.bat
2007-08-04 19:25 . 2007-08-04 19:25 23 --sha-w- c:\windows\system32\defbfcfcbee_r.dll
2007-06-16 23:02 . 2007-06-02 19:51 8788000 --sha-w- c:\windows\system32\drivers\fidbox.dat
2007-06-16 23:02 . 2007-06-02 19:51 338464 --sha-w- c:\windows\system32\drivers\fidbox2.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-12-21 1443072]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1 \DW\dwtrig20.exe" [2008-11-04 435096]

[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 20:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
2008-01-20 23:09 210168 ----a-w- c:\program files\Stardock\Object Desktop\WindowBlinds\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\wbsys.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SpyCatcher Protector.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Tutorial_SW.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^IMVU.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Scheduler.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Yahoo! Widget Engine.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\Yahoo! Widget Engine.lnk
backup=c:\windows\pss\Yahoo! Widget Engine.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Anti Trojan Elite

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Desktop Secretary]
c:\program files\Spotmau WinCare 2008\sub\Desktop_Secretary\Desktop_Secretary.exe [X]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DSS
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gtwatch

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hid_start]
c:\windows\system32\gzmrotate.dll DllVerify [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe ASO-616B5711-6DAE-4795-A05F-39A1E5104020 [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lphc3g7j0e54g
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Monitor
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegClean Expert Scheduler
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SBCSTray
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpyCatcher Reminder
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrojanScanner
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue SpeedUpMyPC

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_7 [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]
2009-11-11 11:29 3124160 ----a-w- f:\program files\SlySoft\AnyDVD\AnyDVDtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ------w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DWQueuedReporting]
2008-11-04 07:44 435096 ----a-w- c:\progra~1\COMMON~1\MICROS~1\DW\DWTRIG20.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 17:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
2004-05-28 18:34 172032 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\hpztsb1 0.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-06-05 18:39 292136 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2009-12-03 22:14 1394000 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
2008-06-08 14:31 2221352 ----a-w- c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2008-06-19 14:53 570664 ----a-w- c:\program files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2009-02-18 19:44 13680640 ----a-w- c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2009-02-18 19:44 86016 ----a-w- c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2009-02-18 19:44 1657376 ----a-w- c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PinnacleDriverCheck]
2004-03-10 21:26 406016 ----a-w- c:\windows\system32\PSDrvCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
2006-06-05 14:06 188416 ----a-w- c:\program files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-05-26 22:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
2002-09-14 06:42 212992 ----a-w- c:\windows\SMINST\Recguard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
2005-02-26 01:24 966656 ----a-w- c:\windows\creator\Remind_XP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2005-09-26 22:07 90112 ----a-w- c:\windows\soundman.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2008-09-26 00:28 140696 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunKistEM]
2004-11-15 22:04 135168 ----a-w- c:\program files\Digital Media Reader\shwiconEM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsServicesStartup]
2008-04-14 00:12 14336 ------w- c:\windows\system32\svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
2007-08-30 22:43 4670704 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SBCSSvc"=2 (0x2)
"FolderProtectService"=2 (0x2)
"Bonjour Service"=2 (0x2)
"LightScribeService"=2 (0x2)
"NMIndexingService"=3 (0x3)
"Microsoft Office Groove Audit Service"=3 (0x3)
"PLFlash DeviceIoControl Service"=2 (0x2)
"Nero BackItUp Scheduler 3"=2 (0x2)
"idsvc"=3 (0x3)
"odserv"=3 (0x3)
"PrismXL"=2 (0x2)
"NVSvc"=2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run-]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=
"c:\\Program Files\\Common Files\\AOL\\1130637403\\EE\\AOLServiceHost.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe"=
"c:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe"=
"c:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"f:\\Program Files\\GameHouse\\Space Trader\\SpaceTrader.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Microsoft Games\\Zoo Tycoon 2\\zt.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
"8583:TCP"= 8583:TCP:BitComet 8583 TCP
"8583:UDP"= 8583:UDP:BitComet 8583 UDP

R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfw tdir.sys [12/21/2007 7:21 AM 33800]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [11/23/2009 8:43 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [11/23/2009 8:43 AM 74480]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [12/21/2007 7:21 AM 468224]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [11/23/2009 8:43 AM 7408]
S3 UsbCmxp;Scientific Atlanta DPX2100 USB Cable Modem;c:\windows\system32\drivers\sacmxp.sys [3/4/2006 4:14 PM 14336]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [6/7/2007 9:37 PM 685816]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*Yahoo! SearchBar Home Page
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*Yahoo! UK & Ireland
IE: &Search -
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949}
TCP: {070D2696-1D2C-434E-B385-6B1ECA7243DE} = 24.93.41.127,24.93.41.128
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\irap***t.default\
FF - prefs.js: browser.startup.homepage - Yahoo! UK & Ireland
FF - plugin: c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\irap***t.default\ext ensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npracplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-AppleSyncNotifier - c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
MSConfigStartUp-Dmayufapif - c:\windows\apemejesuxi.dll
MSConfigStartUp-GroupManager - c:\documents and settings\Owner\Desktop\Phone games\groupmanager.exe
MSConfigStartUp-PowerStrip - f:\program files\powerstrip\pstrip.exe
AddRemove-NVIDIA Drivers - c:\windows\system32\nvuninst.exe UninstallGUI
AddRemove-PictureItSuiteTrial_v11 - c:\program files\Common Files\Microsoft Shared\Picture It!\RmvSuite.exe ADDREMOVE=1 SKU=TRIAL VERSION=11

************************************************** ************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2009-12-06 16:22
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-238397636-2059689480-754597021-1003\Software\Microsoft\Windows\CurrentVersion\Exp lorer\CLSID]
@Denied: (Full) (LocalSystem)
@SACL=

[HKEY_USERS\S-1-5-21-238397636-2059689480-754597021-1003\Software\SecuROM\License information*]
"datasecu"=hex:40,4a,a0,85,75,58,12,94,3e,05,35,0f ,35,e3,50,4e,33,d4,67,7b,99,
ac,a0,3f,86,63,c2,5a,d0,9c,e0,04,f5,f9,d5,34,2a,98 ,ac,a8,ca,44,d0,02,86,fd,\
"rkeysecu"=hex:90,93,f4,06,e3,ff,c1,a8,1a,3f,8e,d5 ,17,ff,6c,2b

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\Curr entVersion\System*]
"OOCC06.00.00.01WSSV"="93BDA322C6B3740CA904797B34D 0728B57B7ED0E4CBD1D7D56C67448639D33B181485B9A97C03 35668BD70042D1E83EA7436BAEDF60BB08798AF3B5B4F54C1E D9450C96128951070C67078F41E723AA812748988AA1121F5C 973F57AD96DF4593BAC874C14785712BB577AB07D8A85174E3 3B46ED81F9ADC52F812838BED5CE5C60AB125204319A723036 390E4331741AE881DA2141A92017D7B7DC411EF4D35EDE9682 BAF642CD0385826DE93CFE4E3995EA2FEBC9E127BECC74CFEB C9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9 E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933FEBC9E1 27BECC74C9DB7CE019D40AA5CBA7FD869164D67947B9446969 BE230B493E1745316816D8333FDD4A21B387C133E5AB348F9E 7E4592E821F8F6CF62E9D17F4568013F0F5AE89120B99B2BCD E26BC90F020CB60C1458E8EA17E814E39D44AA64A35C9CBFBA 0C91E2A53F2E382FBDF9B6A0D7BE6015514F633D0337EAEE33 28DA97E2ED1DFD626B2A5228F36ED9E23A5C440976EEF47281 D50388B04BF574664663069A7594CC004FE97EC1EFC9F78793 BADE24B2D5AA78705A84D3C70416E0B81DFDA52F007B269CF8 9A7EE5E90C489990DD5372E54E55FF4DC6C691BB88C8213E69 2BE058A075F44950ED9940BE16B41DA1B4F39FD29F2D450123 2EAD4F3F3C6E3D53B46E43E051B1A217AF62A9BD528571495E A232A35714519A0E03668A75B399FFC3C224D20AB3919CAAE0 D3328D687516F339518B9A6C09324D2FA288FA30D9C993F551 B165B5B5FACBC56DEE1EBB11DA5552815BBE78B468DE84CE1B C88C8AD8DFD160474A7AA93E3F131C527966372E6E835361AB BB3A8141FD1B666049BE9B6F97E58E921170719F5C407C29DE B00C2DA980654BB89E6D248393FE52577195A092DDBCBEA53C 0584445B1A05A60292F6933031317A2624686B4063D1012BA9 F5545C5903FD6FB12A9E24CD1B9970687A96A9E9E8E573053D 47A8A0DFAE5FD115B6CC3D568DCA51B4AD5CE8A3CAE6206822 53E6579C5183EFD433F1D33B0CA1E6D4EF45AC7E3622B1E5B2 7A478863CCEAFD1BD77424E163325CC8B581675B81C3298EC0 25130865FED32369C17C14A66425F698DE696DB3FBCD8494E1 7F8163FA2FE35D48D479E37D71D5013554870B51C440480F98 84CD410AD4930BEC6E4250D3847FE19F56719D1643ECE83C84 C897677C2CDA0CF824BB994CD55272D5A4C127D96CFA24A544 B9FD5BEB509302D94DCF6519717DE485CAA5A8D397FBC6019A 90F04BBEF180C7A5EBD8156DDB5176C2F424CA3A969202729D 1347B8BCB92D11B2E69DAD8F6E8B8FA712BE1104E40899FDE4 7DC3CE9BDAC4CCF605DA2F5C4A205231268C94079F73848562 C403994C9B8D5C54FC29C0AD403AD2547B0197C1A5AB63E454 3148013AE9D0FAFA2F4B3"
"OODEFRAG08.00.00.01WORKSTATION"="55AAEBB39097C4F1 09680F787AF67D2699FEBC9E127BECC74CFEBC9E127BECC74C FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFE BC9E127BECC74CA6A0AC4980AC7933FEBC9E127BECC74C9DB7 CE019D40AA5CC038D530D6EB3452F3CEF3A3BB39F2D6C0A154 F9D50570C6ACEF071B9F25907C053BBEBB86A6AF59445751FC C57C840B057BF137852639A1D0EABED2CBD36B2F332D9A313D 2BEBFDA454DDACAC9650504550D01EFEA05D366158F678D6E1 3668C9E12FF51883E4C582249ACD394BAC4DB1B0DD835E382E 32F29BABBDD236DD02E42C24B2C0D546D21AAAFAA2C7A19F89 CD337961D777AFA8ED98CB7368F903B5EF639532F30DEE29FE D0698FCA676473716E7C57B02B1B108E3A3890531CFC232EE1 14E502D870309881C21D47AA6C5DC7FE30A444E35C42E6ED4A 31614FD2CCB40623DF4EAC9135A1AC5877D6C159FA5007D0B1 00F7147D5CA4CB93F488C41CECB2BAD9D0BECC68A7446E71A6 4383E660A91287657E976525D3FC9A8881425B164EC7AE9789 D1DD0FC23E7F788CF61D9E9199D38BD66E7F4F778F4D24BA72 BA4044295D414E818E0DA174B99F3DF10107E881E61D20D435 3C89AA566AF2AD4C5202B28B820FF356ADE033DC0739685669 E1D7B958413DD69F8F69848B34810806FA2D012492F1754F06 0FCBAB280347E8319E648F63C916830D5CCBCF46B0C968A655 A801657B11249511091FF71CE17E8ECB25A7725408C30B84C1 92B62F515CFDD9130CD5C232349E353E85D6431675B748DD1D 1FE8A991185AA14459A8BF1601DFF3C676AE43D82DED391A3B BB3AEDECF4947C614957F1C6474BE544779E21317EA3CA9E58 96C1D7A06928DA7E875A7221F368EE68543CABABBF9050AFD9 5A16C11DC4E90F5EF135A3E412B2B51B059014C71748EFC69F 60DA28EE9C963F73B92A807338D4B5BF60C6E34D83C1F60716 0783D32CBBB99A821A4DC00B2402F1ABAB912DAAE19755F9CA C361D1B57F51D0A8BD7B9F5C1A03342620D7C1873B31FCAE3A 58AA206332A5E2846EE3D8FEA6189B2E816D163B019A2D311E AA2165DC470E83F1E12C5F290AB9CC23C7A6A321C174356B22 625392DF53B90C7408DF78211B1F0BBF5B33E0D36B64464CCF 7CAA2D3E52548E6DFD87322E93B21284ECD82C99DF4677B16B D4B18A38B007B6818439F62DE94896B705C1493DB4B7143627 8A40BEDD806CF7D2581A59CF4EF20AC04A108EEDA774648345 24DA48E0E7C5E2E13D579C9677ADFC7E147C24BF51D4C6CAEF 6537CA4EC850F530B13B4AE68C5C5E2F696337F644CB60667A 45BBCF02D4A6EF433012A0910B91572EEA78A95B3A2E2AD7A6 A6BF59093E6F5059E42298F8CDDFDD57239CCBAA59F1DD4B2F 7E6BF503362C6EEBDE6CD35A861F9FA3B08118B5010FBE67A5 68F593507463F9E5D6DC135012D65211"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(792)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\program files\Stardock\Object Desktop\WindowBlinds\wbsrv.dll
.
Completion time: 2009-12-06 16:29
ComboFix-quarantined-files.txt 2009-12-06 22:29

Pre-Run: 25,092,534,272 bytes free
Post-Run: 25,312,276,480 bytes free

- - End Of File - - E3D151B1099A38E7AA5F608389F67321

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:33:47 PM, on 12/6/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Yahoo! UK & Ireland
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, News, Sport, Music, Movies, Money, Cars, Shopping, Windows Live from MSN UK
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = Yahoo! SearchBar Home Page
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, News, Sport, Music, Movies, Money, Cars, Shopping, Windows Live from MSN UK
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Yahoo! UK & Ireland
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe " -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe " -t (User 'Default user')
O8 - Extra context menu item: &Search -
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} (TTestGenXInstallObject) - http://asp.mathxl.com/wizmodules/tes...enXInstall.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1149206963028
O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) - http://asp.mathxl.com/books/_Players...stallAsst2.cab
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart.com/photo/uploa...loadClient.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...nt/swflash.cab
O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} (Pearson MathXL Player) - http://asp.mathxl.com/books/_Players/MathPlayer.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{070D2696-1D2C-434E-B385-6B1ECA7243DE}: NameServer = 24.93.41.127,24.93.41.128
O17 - HKLM\System\CS2\Services\Tcpip\..\{070D2696-1D2C-434E-B385-6B1ECA7243DE}: NameServer = 24.93.41.127,24.93.41.128
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\wbsys.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

--
End of file - 6217 bytes

**broni** · 06-12-2009

You're running out of free space on your drive C.
Windows needs at least 15% of a free space to operate correctly.
With your 144GB partition, it's 21GB. You have 23GB free. It's time to start moving some stuff out of drive C.

1. Please open Notepad

Click Start , then Run
Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Code:

File::
c:\windows\Xtecum.dat
c:\windows\Ejiheg.bin
c:\program files\temp01
c:\windows\winstart.bat
c:\windows\system32\defbfcfcbee_r.dll
c:\windows\system32\gzmrotate.dll


Folder::

Driver::

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hid_start]

RegLockDel::

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

Combofix.txt
A new HijackThis log.

**doctorspirit** · 07-12-2009

ComboFix 09-12-06.07 - Owner 12/06/2009 19:48.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.894.565 [GMT -6:00]
Running from: c:\documents and settings\Owner\My Documents\Downloads\ComboFix.exe
Command switches used :: c:\documents and settings\Owner\My Documents\Downloads\CFScript.txt
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
FW: COMODO Firewall Pro *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

FILE ::
"c:\program files\temp01"
"c:\windows\Ejiheg.bin"
"c:\windows\system32\defbfcfcbee_r.dll"
"c:\windows\system32\gzmrotate.dll"
"c:\windows\winstart.bat"
"c:\windows\Xtecum.dat"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\temp01
c:\windows\Ejiheg.bin
c:\windows\system32\defbfcfcbee_r.dll
c:\windows\winstart.bat
c:\windows\Xtecum.dat

.
((((((((((((((((((((((((( Files Created from 2009-11-07 to 2009-12-07 )))))))))))))))))))))))))))))))
.

2009-12-06 01:39 . 2009-12-06 01:39 117760 ----a-w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\ UIREPAIR.DLL
2009-12-06 01:37 . 2009-12-06 01:37 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-11-26 19:44 . 2009-11-27 22:41 -------- d-----w- c:\documents and settings\Owner\Application Data\ElementalsTheMagicKey
2009-11-12 05:11 . 2009-11-12 05:11 -------- d-----w- c:\documents and settings\Owner\Application Data\GTM_Bodie
2009-11-11 11:22 . 2009-11-11 11:22 104512 ----a-w- c:\windows\system32\drivers\AnyDVD.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-12-06 02:44 . 2006-04-29 22:30 -------- d-----w- c:\program files\e-Sword
2009-12-06 01:37 . 2008-04-26 22:14 -------- d-----w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com
2009-12-06 01:37 . 2007-10-30 01:37 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-12-05 03:08 . 2008-06-30 02:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-05 03:08 . 2008-11-03 18:39 4844296 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-12-03 22:14 . 2008-11-03 18:40 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-03 22:13 . 2008-06-30 02:28 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-03 04:37 . 2006-07-29 03:46 -------- d-----w- c:\documents and settings\Owner\Application Data\U3
2009-11-30 01:06 . 2007-08-07 22:08 -------- d-----w- c:\documents and settings\Owner\Application Data\Vso
2009-11-29 23:32 . 2008-07-04 21:35 -------- d-----w- c:\documents and settings\Owner\Application Data\uTorrent
2009-11-24 20:11 . 2006-03-05 14:33 76 ----a-w- c:\windows\popcinfo.dat
2009-11-19 02:09 . 2008-07-08 20:20 -------- d-----w- c:\documents and settings\Owner\Application Data\Playrix Entertainment
2009-11-15 01:22 . 2008-07-06 19:04 -------- d-----w- c:\documents and settings\Owner\Application Data\Games
2009-11-12 01:22 . 2007-05-28 16:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-11-04 03:33 . 2006-03-04 22:40 114912 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-04 01:16 . 2007-05-28 16:13 -------- d-----w- c:\program files\Microsoft Works
2009-10-31 19:34 . 2008-07-09 23:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Gogii
2009-10-31 19:09 . 2009-04-21 01:39 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-10-28 01:57 . 2006-05-19 22:23 -------- d-----w- c:\program files\GameHouse
2009-10-28 01:07 . 2005-10-30 01:48 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-25 17:44 . 2009-10-25 17:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Musicnotes
2009-10-01 00:49 . 2006-12-22 01:37 16 ----a-w- c:\windows\popcinfot.dat
2009-09-28 18:20 . 2009-09-28 18:20 89256 ----a-w- c:\windows\system32\ElbyCDIO.dll
2009-09-26 17:57 . 2009-09-26 17:57 25768 ----a-w- c:\windows\system32\drivers\ElbyCDIO.sys
2009-09-23 21:37 . 2009-10-01 11:14 34112 ----a-w- c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\irap***t.default\ext ensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\chrome\content\getPlusPlus_Adobe_reg _bootstrap.exe
2009-09-23 21:37 . 2009-10-01 11:14 32448 ----a-w- c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\irap***t.default\ext ensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
2009-09-23 21:37 . 2009-10-01 11:14 22352 ----a-w- c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\irap***t.default\ext ensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\chrome\content\getPlusPlus_Adobe_reg .exe
2009-09-11 14:18 . 2004-08-26 16:12 136192 ----a-w- c:\windows\system32\msv1_0.dll
2008-06-28 15:45 . 2008-06-27 15:58 170 ----a-w- c:\program files\1bomb.ini
2006-12-29 04:17 . 2006-12-29 04:20 774144 ----a-w- c:\program files\RngInterstitial.dll
2007-06-16 23:02 . 2007-06-02 19:51 8788000 --sha-w- c:\windows\system32\drivers\fidbox.dat
2007-06-16 23:02 . 2007-06-02 19:51 338464 --sha-w- c:\windows\system32\drivers\fidbox2.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-12-21 1443072]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1 \DW\dwtrig20.exe" [2008-11-04 435096]

[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 20:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
2008-01-20 23:09 210168 ----a-w- c:\program files\Stardock\Object Desktop\WindowBlinds\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\wbsys.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SpyCatcher Protector.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Tutorial_SW.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^IMVU.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Scheduler.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Yahoo! Widget Engine.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\Yahoo! Widget Engine.lnk
backup=c:\windows\pss\Yahoo! Widget Engine.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Desktop Secretary]
c:\program files\Spotmau WinCare 2008\sub\Desktop_Secretary\Desktop_Secretary.exe [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe ASO-616B5711-6DAE-4795-A05F-39A1E5104020 [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_7 [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]
2009-11-11 11:29 3124160 ----a-w- f:\program files\SlySoft\AnyDVD\AnyDVDtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ------w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DWQueuedReporting]
2008-11-04 07:44 435096 ----a-w- c:\progra~1\COMMON~1\MICROS~1\DW\DWTRIG20.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 17:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
2004-05-28 18:34 172032 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\hpztsb1 0.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-06-05 18:39 292136 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2009-12-03 22:14 1394000 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
2008-06-08 14:31 2221352 ----a-w- c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2008-06-19 14:53 570664 ----a-w- c:\program files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2009-02-18 19:44 13680640 ----a-w- c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2009-02-18 19:44 86016 ----a-w- c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2009-02-18 19:44 1657376 ----a-w- c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PinnacleDriverCheck]
2004-03-10 21:26 406016 ----a-w- c:\windows\system32\PSDrvCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
2006-06-05 14:06 188416 ----a-w- c:\program files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-05-26 22:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
2002-09-14 06:42 212992 ----a-w- c:\windows\SMINST\Recguard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
2005-02-26 01:24 966656 ----a-w- c:\windows\creator\Remind_XP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2005-09-26 22:07 90112 ----a-w- c:\windows\soundman.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2008-09-26 00:28 140696 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunKistEM]
2004-11-15 22:04 135168 ----a-w- c:\program files\Digital Media Reader\shwiconEM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsServicesStartup]
2008-04-14 00:12 14336 ------w- c:\windows\system32\svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
2007-08-30 22:43 4670704 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SBCSSvc"=2 (0x2)
"FolderProtectService"=2 (0x2)
"Bonjour Service"=2 (0x2)
"LightScribeService"=2 (0x2)
"NMIndexingService"=3 (0x3)
"Microsoft Office Groove Audit Service"=3 (0x3)
"PLFlash DeviceIoControl Service"=2 (0x2)
"Nero BackItUp Scheduler 3"=2 (0x2)
"idsvc"=3 (0x3)
"odserv"=3 (0x3)
"PrismXL"=2 (0x2)
"NVSvc"=2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run-]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=
"c:\\Program Files\\Common Files\\AOL\\1130637403\\EE\\AOLServiceHost.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe"=
"c:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe"=
"c:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"f:\\Program Files\\GameHouse\\Space Trader\\SpaceTrader.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Microsoft Games\\Zoo Tycoon 2\\zt.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
"8583:TCP"= 8583:TCP:BitComet 8583 TCP
"8583:UDP"= 8583:UDP:BitComet 8583 UDP

R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfw tdir.sys [12/21/2007 7:21 AM 33800]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [11/23/2009 8:43 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [11/23/2009 8:43 AM 74480]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [12/21/2007 7:21 AM 468224]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [11/23/2009 8:43 AM 7408]
S3 UsbCmxp;Scientific Atlanta DPX2100 USB Cable Modem;c:\windows\system32\drivers\sacmxp.sys [3/4/2006 4:14 PM 14336]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [6/7/2007 9:37 PM 685816]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*Yahoo! SearchBar Home Page
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*Yahoo! UK & Ireland
IE: &Search -
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949}
TCP: {070D2696-1D2C-434E-B385-6B1ECA7243DE} = 24.93.41.127,24.93.41.128
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\irap***t.default\
FF - prefs.js: browser.startup.homepage - Yahoo! UK & Ireland
FF - plugin: c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\irap***t.default\ext ensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npracplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.

************************************************** ************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2009-12-06 20:03
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

************************************************** ************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-238397636-2059689480-754597021-1003\Software\Microsoft\Windows\CurrentVersion\Exp lorer\CLSID]
@Denied: (Full) (LocalSystem)
@SACL=

[HKEY_USERS\S-1-5-21-238397636-2059689480-754597021-1003\Software\SecuROM\License information*]
"datasecu"=hex:40,4a,a0,85,75,58,12,94,3e,05,35,0f ,35,e3,50,4e,33,d4,67,7b,99,
ac,a0,3f,86,63,c2,5a,d0,9c,e0,04,f5,f9,d5,34,2a,98 ,ac,a8,ca,44,d0,02,86,fd,\
"rkeysecu"=hex:90,93,f4,06,e3,ff,c1,a8,1a,3f,8e,d5 ,17,ff,6c,2b

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\Curr entVersion\System*]
"OOCC06.00.00.01WSSV"="93BDA322C6B3740CA904797B34D 0728B57B7ED0E4CBD1D7D56C67448639D33B181485B9A97C03 35668BD70042D1E83EA7436BAEDF60BB08798AF3B5B4F54C1E D9450C96128951070C67078F41E723AA812748988AA1121F5C 973F57AD96DF4593BAC874C14785712BB577AB07D8A85174E3 3B46ED81F9ADC52F812838BED5CE5C60AB125204319A723036 390E4331741AE881DA2141A92017D7B7DC411EF4D35EDE9682 BAF642CD0385826DE93CFE4E3995EA2FEBC9E127BECC74CFEB C9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9 E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933FEBC9E1 27BECC74C9DB7CE019D40AA5CBA7FD869164D67947B9446969 BE230B493E1745316816D8333FDD4A21B387C133E5AB348F9E 7E4592E821F8F6CF62E9D17F4568013F0F5AE89120B99B2BCD E26BC90F020CB60C1458E8EA17E814E39D44AA64A35C9CBFBA 0C91E2A53F2E382FBDF9B6A0D7BE6015514F633D0337EAEE33 28DA97E2ED1DFD626B2A5228F36ED9E23A5C440976EEF47281 D50388B04BF574664663069A7594CC004FE97EC1EFC9F78793 BADE24B2D5AA78705A84D3C70416E0B81DFDA52F007B269CF8 9A7EE5E90C489990DD5372E54E55FF4DC6C691BB88C8213E69 2BE058A075F44950ED9940BE16B41DA1B4F39FD29F2D450123 2EAD4F3F3C6E3D53B46E43E051B1A217AF62A9BD528571495E A232A35714519A0E03668A75B399FFC3C224D20AB3919CAAE0 D3328D687516F339518B9A6C09324D2FA288FA30D9C993F551 B165B5B5FACBC56DEE1EBB11DA5552815BBE78B468DE84CE1B C88C8AD8DFD160474A7AA93E3F131C527966372E6E835361AB BB3A8141FD1B666049BE9B6F97E58E921170719F5C407C29DE B00C2DA980654BB89E6D248393FE52577195A092DDBCBEA53C 0584445B1A05A60292F6933031317A2624686B4063D1012BA9 F5545C5903FD6FB12A9E24CD1B9970687A96A9E9E8E573053D 47A8A0DFAE5FD115B6CC3D568DCA51B4AD5CE8A3CAE6206822 53E6579C5183EFD433F1D33B0CA1E6D4EF45AC7E3622B1E5B2 7A478863CCEAFD1BD77424E163325CC8B581675B81C3298EC0 25130865FED32369C17C14A66425F698DE696DB3FBCD8494E1 7F8163FA2FE35D48D479E37D71D5013554870B51C440480F98 84CD410AD4930BEC6E4250D3847FE19F56719D1643ECE83C84 C897677C2CDA0CF824BB994CD55272D5A4C127D96CFA24A544 B9FD5BEB509302D94DCF6519717DE485CAA5A8D397FBC6019A 90F04BBEF180C7A5EBD8156DDB5176C2F424CA3A969202729D 1347B8BCB92D11B2E69DAD8F6E8B8FA712BE1104E40899FDE4 7DC3CE9BDAC4CCF605DA2F5C4A205231268C94079F73848562 C403994C9B8D5C54FC29C0AD403AD2547B0197C1A5AB63E454 3148013AE9D0FAFA2F4B3"
"OODEFRAG08.00.00.01WORKSTATION"="55AAEBB39097C4F1 09680F787AF67D2699FEBC9E127BECC74CFEBC9E127BECC74C FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFE BC9E127BECC74CA6A0AC4980AC7933FEBC9E127BECC74C9DB7 CE019D40AA5CC038D530D6EB3452F3CEF3A3BB39F2D6C0A154 F9D50570C6ACEF071B9F25907C053BBEBB86A6AF59445751FC C57C840B057BF137852639A1D0EABED2CBD36B2F332D9A313D 2BEBFDA454DDACAC9650504550D01EFEA05D366158F678D6E1 3668C9E12FF51883E4C582249ACD394BAC4DB1B0DD835E382E 32F29BABBDD236DD02E42C24B2C0D546D21AAAFAA2C7A19F89 CD337961D777AFA8ED98CB7368F903B5EF639532F30DEE29FE D0698FCA676473716E7C57B02B1B108E3A3890531CFC232EE1 14E502D870309881C21D47AA6C5DC7FE30A444E35C42E6ED4A 31614FD2CCB40623DF4EAC9135A1AC5877D6C159FA5007D0B1 00F7147D5CA4CB93F488C41CECB2BAD9D0BECC68A7446E71A6 4383E660A91287657E976525D3FC9A8881425B164EC7AE9789 D1DD0FC23E7F788CF61D9E9199D38BD66E7F4F778F4D24BA72 BA4044295D414E818E0DA174B99F3DF10107E881E61D20D435 3C89AA566AF2AD4C5202B28B820FF356ADE033DC0739685669 E1D7B958413DD69F8F69848B34810806FA2D012492F1754F06 0FCBAB280347E8319E648F63C916830D5CCBCF46B0C968A655 A801657B11249511091FF71CE17E8ECB25A7725408C30B84C1 92B62F515CFDD9130CD5C232349E353E85D6431675B748DD1D 1FE8A991185AA14459A8BF1601DFF3C676AE43D82DED391A3B BB3AEDECF4947C614957F1C6474BE544779E21317EA3CA9E58 96C1D7A06928DA7E875A7221F368EE68543CABABBF9050AFD9 5A16C11DC4E90F5EF135A3E412B2B51B059014C71748EFC69F 60DA28EE9C963F73B92A807338D4B5BF60C6E34D83C1F60716 0783D32CBBB99A821A4DC00B2402F1ABAB912DAAE19755F9CA C361D1B57F51D0A8BD7B9F5C1A03342620D7C1873B31FCAE3A 58AA206332A5E2846EE3D8FEA6189B2E816D163B019A2D311E AA2165DC470E83F1E12C5F290AB9CC23C7A6A321C174356B22 625392DF53B90C7408DF78211B1F0BBF5B33E0D36B64464CCF 7CAA2D3E52548E6DFD87322E93B21284ECD82C99DF4677B16B D4B18A38B007B6818439F62DE94896B705C1493DB4B7143627 8A40BEDD806CF7D2581A59CF4EF20AC04A108EEDA774648345 24DA48E0E7C5E2E13D579C9677ADFC7E147C24BF51D4C6CAEF 6537CA4EC850F530B13B4AE68C5C5E2F696337F644CB60667A 45BBCF02D4A6EF433012A0910B91572EEA78A95B3A2E2AD7A6 A6BF59093E6F5059E42298F8CDDFDD57239CCBAA59F1DD4B2F 7E6BF503362C6EEBDE6CD35A861F9FA3B08118B5010FBE67A5 68F593507463F9E5D6DC135012D65211"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(792)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\program files\Stardock\Object Desktop\WindowBlinds\wbsrv.dll
.
Completion time: 2009-12-06 20:07
ComboFix-quarantined-files.txt 2009-12-07 02:06
ComboFix2.txt 2009-12-06 22:29

Pre-Run: 25,317,367,808 bytes free
Post-Run: 25,306,206,208 bytes free

- - End Of File - - B8A502F41A694CB053F85475540DC40A

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:22:27 PM, on 12/6/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Yahoo! UK & Ireland
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, News, Sport, Music, Movies, Money, Cars, Shopping, Windows Live from MSN UK
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = Yahoo! SearchBar Home Page
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, News, Sport, Music, Movies, Money, Cars, Shopping, Windows Live from MSN UK
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Yahoo! UK & Ireland
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe " -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe " -t (User 'Default user')
O8 - Extra context menu item: &Search -
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} (TTestGenXInstallObject) - http://asp.mathxl.com/wizmodules/tes...enXInstall.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1149206963028
O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) - http://asp.mathxl.com/books/_Players...stallAsst2.cab
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart.com/photo/uploa...loadClient.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...nt/swflash.cab
O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} (Pearson MathXL Player) - http://asp.mathxl.com/books/_Players/MathPlayer.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{070D2696-1D2C-434E-B385-6B1ECA7243DE}: NameServer = 24.93.41.127,24.93.41.128
O17 - HKLM\System\CS2\Services\Tcpip\..\{070D2696-1D2C-434E-B385-6B1ECA7243DE}: NameServer = 24.93.41.127,24.93.41.128
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\wbsys.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

--
End of file - 6250 bytes

**broni** · 07-12-2009

Print this post out, since you won't have an access to it, at some point.

1. Open HijackThis.

2. Close all windows, except for HijackThis.

3. Put checkmarks next to the following HijackThis entries:

- O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
- O8 - Extra context menu item: &Search -

4. You should also checkmark following entries (these are unnecessary startups; no actual programs will be removed):

- O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

5. Click on Fix checked button.

6. Restart computer.

7. Post new HijackThis log.

**doctorspirit** · 07-12-2009

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:11:36 PM, on 12/6/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Yahoo! UK & Ireland
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, News, Sport, Music, Movies, Money, Cars, Shopping, Windows Live from MSN UK
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = Yahoo! SearchBar Home Page
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, News, Sport, Music, Movies, Money, Cars, Shopping, Windows Live from MSN UK
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Yahoo! UK & Ireland
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe " -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe " -t (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} (TTestGenXInstallObject) - http://asp.mathxl.com/wizmodules/tes...enXInstall.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1149206963028
O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) - http://asp.mathxl.com/books/_Players...stallAsst2.cab
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart.com/photo/uploa...loadClient.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...nt/swflash.cab
O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} (Pearson MathXL Player) - http://asp.mathxl.com/books/_Players/MathPlayer.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{070D2696-1D2C-434E-B385-6B1ECA7243DE}: NameServer = 24.93.41.127,24.93.41.128
O17 - HKLM\System\CS2\Services\Tcpip\..\{070D2696-1D2C-434E-B385-6B1ECA7243DE}: NameServer = 24.93.41.127,24.93.41.128
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\wbsys.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

--
End of file - 6028 bytes

**broni** · 07-12-2009

Your computer is clean

1. Download Temp File Cleaner (TFC)
Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

2. Turn off System Restore:

- Windows XP:
1. Click Start.
2. Right-click the My Computer icon, and then click Properties.
3. Click the System Restore tab.
4. Check "Turn off System Restore".
5. Click Apply.
6. When turning off System Restore, the existing restore points will be deleted. Click Yes to do this.
7. Click OK.
- Windows Vista:
1. Click Start.
2. Right-click the Computer icon, and then click Properties.
3. Click on System Protection under the Tasks column on the left side
4. Click on Continue on the "User Account Control" window that pops up
5. Under the System Protection tab, find Available Disks
6. Uncheck the box for any drive you wish to disable system restore on (in most cases, drive "C:")
7. When turning off System Restore, the existing restore points will be deleted. Click "Turn System Restore Off" on the popup window to do this.
8. Click OK

3. Restart computer.

4. Turn System Restore on.

5. Make sure, Windows Updates are current.

6. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

7. Download, and install WOT (Web OF Trust): Internet Security | WOT Web of Trust. It'll warn you (in most cases) about dangerous web sites.

8. Run defrag at your convenience.

9. Read How did I get infected?, With steps so it does not happen again!: How did I get infected?

10. Please, let me know, how is your computer doing.

[Resolved] Computer running slow (addition)

[Resolved] Computer running slow (addition)

Similar Threads

Computer Running Slow + svchost going crazy

Computer running slow and mouse curser sticking

Computer running slow, hijack log attached

Search engine's links re-directed, computer running slow!

[Resolved] Running Slow Plz check