PLEASE HELP! THIS PROBLEM HAS BEEN GOING ON FOR A MONTH!

Printable View

Show 40 post(s) from this thread on one page

April 30th, 2009, 07:24 PM
lgbpop

The program folders should be in Program Files. Open each folder, find the appropriate .exe file and right-click on it; then select Rename and type in the new "alias" name. Don't forget - the .exe file extension MUST be part of the new file name for the program to run, and any desktop shortcuts with the original name will no longer work. Don't worry about the shortcuts, at any rate - it's not as if you'll be using these programs forever.
April 30th, 2009, 08:17 PM
ladytinkerbell

ok, for malwarebytes I was able to do it, but for SuperAntiSpyware it won't even let me install it, to change it's .exe file name. so here are the results from malwarebytes:

Malwarebytes' Anti-Malware 1.36
Database version: 1945
Windows 5.1.2600 Service Pack 2

4/30/2009 8:13:05 PM
mbam-log-2009-04-30 (20-13-05).txt

Scan type: Full Scan (C:\|)
Objects scanned: 102531
Time elapsed: 12 minute(s), 58 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 24
Registry Values Infected: 6
Registry Data Items Infected: 7
Folders Infected: 2
Files Infected: 43

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\bajoduza.dll (Trojan.Vundo.H) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7bcf46cb-c28d-4bb4-80c7-fd32e7499ad1} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{7bcf46cb-c28d-4bb4-80c7-fd32e7499ad1} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{a26503fe-b3b8-4910-a9dc-9cbd25c6b8d6} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{a26503fe-b3b8-4910-a9dc-9cbd25c6b8d6} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWay) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\UAC (Rootkit.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\yupofukane (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cpm2f30997f (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ssodl (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{a26503fe-b3b8-4910-a9dc-9cbd25c6b8d6} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\UID (Malware.Trace) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: sckcls.dll -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\bajoduza.dll -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: c:\windows\system32\oembios.exe -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.UserInit) -> Bad: (C:\WINDOWS\SYSTEM32\Userinit.exe,C:\WINDOWS\system32\oembios.exe,) Good: (userinit.exe) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\WINDOWS\system32\sysproc64 (Trojan.Agent) -> Delete on reboot.
C:\Documents and Settings\NetworkService\Application Data\sysproc64 (Trojan.Agent) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\hetuvigu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ugivuteh.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jelayube.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ebuyalej.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mayosare.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\erasoyam.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mohasobi.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ibosahom.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nuvatatu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\utatavun.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pinapuwe.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ewupanip.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wibotelo.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\oletobiw.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fiboduzu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bajoduza.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\sckcls.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\U7IXOTQF\vsm_free_setup[1].exe (Rogue.VirusRemover) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ramirez.BIANCA\Local Settings\Temp\7zS30F.tmp\MSIStart.exe (Trojan.SpywareStop) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ramirez.BIANCA\Local Settings\Temp\7zS30F.tmp\MalwareRemovalBot\SpyCleaner.dll (Rogue.SpyCleaner) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ramirez.BIANCA\Local Settings\Temp\7zS345.tmp\MSIStart.exe (Trojan.SpywareStop) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ramirez.BIANCA\Local Settings\Temp\7zS345.tmp\MalwareRemovalBot\SpyCleaner.dll (Rogue.SpyCleaner) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ramirez.BIANCA\Local Settings\Temp\7zS346.tmp\MSIStart.exe (Trojan.SpywareStop) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ramirez.BIANCA\Local Settings\Temp\7zS346.tmp\MalwareRemovalBot\SpyCleaner.dll (Rogue.SpyCleaner) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ramirez.BIANCA\Local Settings\Temp\~nsu.tmp\Au_.exe (Rogue.VirusRemover) -> Quarantined and deleted successfully.
C:\Program Files\Trend Micro\HijackThis\backups\backup-20090430-181846-580.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Program Files\Windows Live\Messenger\riched20.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jegohami.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yaponema.dll.vir (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\yivivaso.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\zunekehe.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sysproc64\sysproc32.sys (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\sysproc64\sysproc86.sys (Trojan.Agent) -> Delete on reboot.
C:\Documents and Settings\NetworkService\Application Data\sysproc64\sysproc32.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Desktop\VirusRemover2009.lnk (Rogue.VirusRemove) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\VirusRemover2009.lnk (Rogue.VirusRemove) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\MSVolume.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\instsp2.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\uacinit.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\oembios.exe (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\widinole.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\meyufivi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kozotifa.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

I will now re boot my pc, like the instructions say, and well just let me know what else I need to do, Oh by the way again THANK YOU SOOOO MUCH!!! YOU GUYS ROCK!! :)
May 1st, 2009, 11:47 AM
lgbpop

Capital. Now we're getting somewhere. On reboot, run an HJT scan and post the new log.
May 2nd, 2009, 04:39 PM
ladytinkerbell

Ok, here it is:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:40:30 PM, on 5/2/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Safari\Safari.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://safesearch.cyberdefender.com/smallsearch.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
R3 - URLSearchHook: shARES Toolbar - {9c905b42-976e-43c1-bc30-fc5937017909} - C:\Program Files\shARES\tbshAR.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\oembios.exe,
O1 - Hosts: 82.98.231.89 url.adtrgt.com
O1 - Hosts: 82.98.231.89 googleads2.gdoubleclick.net
O1 - Hosts: ypot.org
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7bcf46cb-c28d-4bb4-80c7-fd32e7499ad1} - C:\WINDOWS\system32\zalahobe.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CPM2f30997f] Rundll32.exe "C:\WINDOWS\system32\bajoduza.dll",a
O4 - HKLM\..\Run: [yupofukane] Rundll32.exe "C:\WINDOWS\system32\fiboduzu.dll",s
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\mickeymouse\mickeymouse.exe" /runcleanupscript
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-21-567987002-3058614968-1683713116-1006\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Search - ?p=ZNman000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/Driver...sysreqlab3.cab
O16 - DPF: {4DCA1E08-4147-4A3D-8CA6-E095DF189FAB} (CPlayFirstNightshiftControl Object) - http://games.bigfishgames.com/en_nig...eb.1.0.0.9.cab
O16 - DPF: {775879E2-7309-4619-BB02-AADE41F4B690} (CPlayFirstdreamControl Object) - http://games.bigfishgames.com/en_dre...eb.1.0.0.9.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O16 - DPF: {D40F5876-A494-4124-8161-82625BB28C06} (CPlayFirstChocolatieControl Object) - http://games.bigfishgames.com/en_cho...b.1.0.0.10.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\yaponema.dll c:\windows\system32\bajoduza.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\bajoduza.dll (file missing)
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\bajoduza.dll (file missing)
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: WUSB300NSvc - Unknown owner - C:\Program Files\Linksys\WUSB300N\WLService.exe

--
End of file - 7835 bytes
May 2nd, 2009, 08:39 PM
lgbpop
Still got the Vundo infection. I thought we were getting somewhere, but no big problem. Broni tells me the latest version of Combofix is effective and safe so please follow the following instructions exactly. When you run HJT for the followup scan log, try running in normal mode if possible. PRINT OUT THE FOLLOWING INSTRUCTIONS IF POSSIBLE FOR REFERENCE PURPOSES.

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
1. Please, never rename Combofix unless instructed.
2. Close any open browsers.
3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  - Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  - Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  - Close any open browsers.
  - WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  - Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  - If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
4. Double click on combofix.exe & follow the prompts.
5. When finished, it will produce a report for you.
6. Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**
May 4th, 2009, 07:46 AM
ladytinkerbell

[COLOR="Blue"]Ok, first I had to do this in safe mode, because that's all my computer let's me get into. So, I did what you told me, and I have to let you know, that my computer is now running NORMALLY!!! combofix restarted my pc and when it turned back on it was functioning on normal. so anyway, I let it do everything it needed to do, here is it's report and the HJT report below it.

HJT report:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:42:38 AM, on 5/4/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Linksys\WUSB300N\WLService.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Linksys\WUSB300N\WUSB300N.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Safari\Safari.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
R3 - URLSearchHook: shARES Toolbar - {9c905b42-976e-43c1-bc30-fc5937017909} - C:\Program Files\shARES\tbshAR.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [dale chic] C:\DOCUME~1\RAMIRE~1.BIA\APPLIC~1\TYPEFU~1\Compaim.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Search - ?p=ZNman000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/Driver...sysreqlab3.cab
O16 - DPF: {4DCA1E08-4147-4A3D-8CA6-E095DF189FAB} (CPlayFirstNightshiftControl Object) - http://games.bigfishgames.com/en_nig...eb.1.0.0.9.cab
O16 - DPF: {775879E2-7309-4619-BB02-AADE41F4B690} (CPlayFirstdreamControl Object) - http://games.bigfishgames.com/en_dre...eb.1.0.0.9.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O16 - DPF: {D40F5876-A494-4124-8161-82625BB28C06} (CPlayFirstChocolatieControl Object) - http://games.bigfishgames.com/en_cho...b.1.0.0.10.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: WUSB300NSvc - Unknown owner - C:\Program Files\Linksys\WUSB300N\WLService.exe

--
End of file - 7477 bytes

ok, that's everything, and again OMG!!! YOU ROCK!!! :) thank you sooo much! EVERYONE I KNOW, IS GOING TO KNOW ABOUT U GUYS...I hope that's ok????
May 4th, 2009, 07:52 AM
ladytinkerbell

combofix report:

ComboFix 09-05-03.1 - Ramirez 05/04/2009 3:37.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.382.115 [GMT -4:00]
Running from: c:\docume~1\RAMIRE~1.BIA\LOCALS~1\Temp\Saf1BF.tmp\ComboFix.exe

Other Deletions

C:\test.txt
c:\windows\abeweweciqusolet.dll
c:\windows\abifetel.dll
c:\windows\adojizuq.dll
c:\windows\adovevukoviker.dll
c:\windows\adurifaduf.dll
c:\windows\aduxoxuxuvijuki.dll
c:\windows\afarizazowemulu.dll
c:\windows\afasojoloni.dll
c:\windows\agoxatabiv.dll
c:\windows\agozuqahivafec.dll
c:\windows\ahekeyibewereco.dll
c:\windows\ahexugesavad.dll
c:\windows\ahomifor.dll
c:\windows\ajolamut.dll
c:\windows\akadufodiziresox.dll
c:\windows\akewesif.dll
c:\windows\akotepopeg.dll
c:\windows\alalukigatek.dll
c:\windows\alanakohodop.dll
c:\windows\alatoyaqogunewuc.dll
c:\windows\aleqijiw.dll
c:\windows\alumiyapa.dll
c:\windows\amokidupa.dll
c:\windows\anodurex.dll
c:\windows\apenesumidini.dll
c:\windows\aporifad.dll
c:\windows\apujifoh.dll
c:\windows\aqikovuviyaki.dll
c:\windows\aradawevevukovik.dll
c:\windows\asacilucip.dll
c:\windows\aseqiqurihik.dll
c:\windows\asovilox.dll
c:\windows\asuhobiqobac.dll
c:\windows\asurosul.dll
c:\windows\atufuqosejefi.dll
c:\windows\avakonej.dll
c:\windows\avesefubemob.dll
c:\windows\avusohahoz.dll
c:\windows\ayawisura.dll
c:\windows\ayotidedug.dll
c:\windows\azazayujupiliyo.dll
c:\windows\bdmsr1.dll
c:\windows\ebotoxicedoj.dll
c:\windows\ebucodaqoxoqirac.dll
c:\windows\edalahetilarej.dll
c:\windows\edepixoxiw.dll
c:\windows\edesutiyayiyohu.dll
c:\windows\efademad.dll
c:\windows\efahifur.dll
c:\windows\efinegifopani.dll
c:\windows\egifigor.dll
c:\windows\ehicitaq.dll
c:\windows\ehivazoveraxifok.dll
c:\windows\ehorutew.dll
c:\windows\ejupabus.dll
c:\windows\ejusovun.dll
c:\windows\ekajubet.dll
c:\windows\emirucatofo.dll
c:\windows\enaxumugeya.dll
c:\windows\eniyasezaxi.dll
c:\windows\enuqucadot.dll
c:\windows\epirubohoja.dll
c:\windows\eqihehuc.dll
c:\windows\equxoxux.dll
c:\windows\erozicifaquza.dll
c:\windows\esidacos.dll
c:\windows\etajiwan.dll
c:\windows\etatowuwuq.dll
c:\windows\evabehav.dll
c:\windows\evoxejoweraxiju.dll
c:\windows\ewijobak.dll
c:\windows\exahumevixipa.dll
c:\windows\eyevuladiwoxewof.dll
c:\windows\eyijowera.dll
c:\windows\ezixukow.dll
c:\windows\ezubalep.dll
c:\windows\ezusuramujoyexa.dll
c:\windows\fglbd40.dll
c:\windows\hecoda.dll
c:\windows\ibirivikikikodu.dll
c:\windows\icidejem.dll
c:\windows\ifawuyaz.dll
c:\windows\igajafec.dll
c:\windows\igatumoyes.dll
c:\windows\ihajetec.dll
c:\windows\ihojocet.dll
c:\windows\ikutegef.dll
c:\windows\ilenanojo.dll
c:\windows\ilinixigotane.dll
c:\windows\ilogohew.dll
c:\windows\ilokuhupotovunik.dll
c:\windows\ilowutilesolasiw.dll
c:\windows\inaubdcl.dll
c:\windows\inifafaw.dll
c:\windows\inucewekifenifi.dll
c:\windows\inuxapiv.dll
c:\windows\ipavilox.dll
c:\windows\ipigurinaz.dll
c:\windows\ipofaxac.dll
c:\windows\iqetalajoqibu.dll
c:\windows\iquwanom.dll
c:\windows\iselezibahaqeve.dll
c:\windows\isepiconihu.dll
c:\windows\isumuqobo.dll
c:\windows\itagohewat.dll
c:\windows\ivemutok.dll
c:\windows\iwemiwok.dll
c:\windows\iwutegef.dll
c:\windows\ixagepuwido.dll
c:\windows\ixifonutulivihan.dll
c:\windows\ixozolocemuva.dll
c:\windows\iyenoqiqurih.dll
c:\windows\iyetatuxofu.dll
c:\windows\izakaxodem.dll
c:\windows\izedecod.dll
c:\windows\jerifo.dll
c:\windows\kbjgrofr.dll
c:\windows\kcpsun.dll
c:\windows\lspaunvc.dll
c:\windows\mgcsnibd.dll
c:\windows\mintoct.dll
c:\windows\msbdur.dll
c:\windows\MSenrol.dll
c:\windows\mspapr.dll
c:\windows\msypcden.dll
c:\windows\ngrckb.dll
c:\windows\ocepopepacu.dll
c:\windows\ocikunod.dll
c:\windows\ocuticab.dll
c:\windows\ofadiyubaderoteg.dll
c:\windows\ofocipis.dll
c:\windows\ohalopoci.dll
c:\windows\ohibohoj.dll
c:\windows\ohimuguxav.dll
c:\windows\ohokejubetovapuz.dll
c:\windows\ojeteted.dll
c:\windows\ojumomigo.dll
c:\windows\okayovup.dll
c:\windows\okebabuyu.dll
c:\windows\okisiboqu.dll
c:\windows\okugonaje.dll
c:\windows\olaroyuy.dll
c:\windows\omuquyiwifapoyo.dll
c:\windows\omuwuxiq.dll
c:\windows\onugegopepubit.dll
c:\windows\onusukinasule.dll
c:\windows\oponihuqajacuqe.dll
c:\windows\oqaguxaboko.dll
c:\windows\oqibuxerugug.dll
c:\windows\oqurugugavopiwam.dll
c:\windows\orekosub.dll
c:\windows\orewawan.dll
c:\windows\osezupijaferocoh.dll
c:\windows\osoyesog.dll
c:\windows\otepukalegeteko.dll
c:\windows\otilosup.dll
c:\windows\otoreheg.dll
c:\windows\otuzurowovoxad.dll
c:\windows\ovetoxicedoj.dll
c:\windows\oxonuqavefogutu.dll
c:\windows\oyajacuqepiconi.dll
c:\windows\oyusohomat.dll
c:\windows\ozesavad.dll
c:\windows\plsacf.dll
c:\windows\pndx32.dll
c:\windows\psklt32.dll
c:\windows\scaxfxp.dll
c:\windows\sevip60.dll
c:\windows\swieso.dll
c:\windows\system32\afopunun.ini
c:\windows\system32\agibesiw.ini
c:\windows\system32\anigawob.ini
c:\windows\system32\dabezoda.dll
c:\windows\system32\delekuwu.dll
c:\windows\system32\drivers\UACklyrucfa.sys
c:\windows\system32\ekilosiw.ini
c:\windows\system32\fajitigo.dll
c:\windows\system32\firedobo.dll
c:\windows\system32\inigiyiy.ini
c:\windows\system32\kofusipo.dll
c:\windows\system32\lahesumo.dll
c:\windows\system32\mawihisa.dll
c:\windows\system32\pimehori.dll
c:\windows\system32\sukeweri.dll
c:\windows\system32\UACalneatev.log
c:\windows\system32\UACcqtvfpyk.dat
c:\windows\system32\UACemrdxbxm.dll
c:\windows\system32\UACompemjyi.dll
c:\windows\system32\UACviqbkhic.dll
c:\windows\system32\UACvjrmkrsa.dll
c:\windows\system32\UACwimyjmqs.log
c:\windows\system32\UACxjyslsfl.log
c:\windows\system32\UACxotndlto.dll
c:\windows\tolrapht.dll
c:\windows\ubabiperewe.dll
c:\windows\ubebiquy.dll
c:\windows\udokakej.dll
c:\windows\ufazekudegem.dll
c:\windows\ufiyudikug.dll
c:\windows\ufuwufil.dll
c:\windows\ugebapuyuq.dll
c:\windows\ugivumej.dll
c:\windows\uhukanujuqodih.dll
c:\windows\ujekoposit.dll
c:\windows\ukebekepem.dll
c:\windows\ulenanojo.dll
c:\windows\umadeduvaka.dll
c:\windows\upalalocupuwow.dll
c:\windows\upaludejemila.dll
c:\windows\upefuhel.dll
c:\windows\upeyixus.dll
c:\windows\upovunebur.dll
c:\windows\uqalulineteriw.dll
c:\windows\uqobalep.dll
c:\windows\uqotigih.dll
c:\windows\urahokofa.dll
c:\windows\urikibofaxacu.dll
c:\windows\urohihehatehi.dll
c:\windows\uroyaqogunew.dll
c:\windows\usaboxagijobake.dll
c:\windows\usiqoboxebodamu.dll
c:\windows\usozacanuver.dll
c:\windows\usulojihumevixi.dll
c:\windows\utakelik.dll
c:\windows\utekekib.dll
c:\windows\utoyucegaqab.dll
c:\windows\utukuyep.dll
c:\windows\uwevohera.dll
c:\windows\uwiroziliz.dll
c:\windows\uwutenim.dll
c:\windows\uxaxanetix.dll
c:\windows\uxowokojegig.dll
c:\windows\uyimowem.dll
c:\windows\uzafezipah.dll
c:\windows\uzazorij.dll
c:\windows\uzoxopaken.dll
c:\windows\uzuvikiki.dll
c:\windows\vipitra.dll
c:\windows\wde3DAD.dll
c:\windows\wdptvs.dll
c:\windows\wetiet25.dll
c:\windows\wiasas.dll
c:\windows\Wintmsn.dll
c:\windows\WMSVXY.dll
c:\windows\wudhprs.dll

Drivers/Services
Service_UACd.sys
Legacy_MYWEBSEARCHSERVICE

Files Created from 2009-04-04 to 2009-05-04

2009-05-04 07:44 . 2009-05-04 07:44 -------- d-----w c:\windows\LastGood
2009-04-30 23:43 . 2009-04-30 23:43 -------- d-----w c:\documents and settings\Ramirez.BIANCA\Application Data\Malwarebytes
2009-04-30 22:49 . 2009-04-30 22:53 -------- d-----w c:\program files\mickeymouse
2009-04-27 09:56 . 2009-04-06 19:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-27 09:56 . 2009-04-06 19:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-27 09:56 . 2009-04-27 09:56 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-04-27 09:56 . 2009-04-30 22:30 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-27 09:47 . 2009-04-27 09:47 -------- d-----w c:\program files\Trend Micro
2009-04-27 03:47 . 2009-04-27 03:47 -------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-04-26 21:02 . 2009-04-26 21:02 -------- d-----w c:\program files\bfgclient
2009-04-26 21:02 . 2009-04-26 21:02 -------- d-----w c:\documents and settings\All Users\Application Data\BigFishGamesCache
2009-04-26 02:52 . 2009-04-26 02:52 -------- d-----w c:\documents and settings\Ramirez.BIANCA\Application Data\Yahoo!
2009-04-26 02:52 . 2009-04-26 02:52 -------- d-----w c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-04-26 02:52 . 2009-04-26 02:52 -------- d-----w c:\program files\Yahoo!
2009-04-26 02:52 . 2009-04-26 02:52 -------- d-----w c:\program files\CCleaner
2009-04-26 02:45 . 2009-04-26 02:45 -------- d-----w c:\program files\Marcos Velasco Security
2009-04-26 02:43 . 2005-08-25 23:18 118784 ----a-w c:\windows\system32\MSSTDFMT.DLL
2009-04-26 02:43 . 2009-04-26 02:43 -------- d-----w c:\program files\SpywareBlaster
2009-04-24 03:51 . 2009-04-26 02:19 -------- d-----w c:\program files\Eusing Free Registry Cleaner
2009-04-24 03:21 . 2009-04-26 02:19 -------- d-----w c:\program files\Free Window Registry Repair
2009-04-24 03:16 . 2009-04-26 02:20 -------- d-----w c:\program files\Registry_Cleaner_Pro
2009-04-24 03:03 . 2009-04-24 03:03 -------- d-----w c:\documents and settings\Administrator\Local Settings\Application Data\Apple Computer
2009-04-24 03:03 . 2009-04-24 03:03 -------- d-----w c:\documents and settings\Administrator\Application Data\Apple Computer
2009-04-22 03:31 . 2009-04-22 05:25 -------- dc-h--w C:\$AVG8.VAULT$
2009-04-22 03:27 . 2009-05-04 07:47 11952 ----a-w c:\windows\system32\avgrsstx.dll
2009-04-22 03:27 . 2009-05-04 07:47 108552 ----a-w c:\windows\system32\drivers\avgtdix.sys
2009-04-22 03:27 . 2009-05-04 07:47 325896 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-04-22 03:27 . 2009-05-04 07:50 -------- d-----w c:\windows\system32\drivers\Avg
2009-04-22 03:27 . 2009-04-22 03:43 -------- d-----w c:\documents and settings\Ramirez.BIANCA\Application Data\AVGTOOLBAR
2009-04-22 03:27 . 2009-04-22 03:27 -------- d-----w c:\program files\AVG
2009-04-22 03:27 . 2009-04-22 03:27 -------- d-----w c:\documents and settings\All Users\Application Data\avg8
2009-04-22 02:25 . 2009-04-22 02:25 39424 ----a-w c:\documents and settings\Ramirez.BIANCA\FHexEptvkdJ.exe
2009-04-20 11:20 . 2009-04-20 11:20 48128 ----a-w c:\documents and settings\Ramirez.BIANCA\UAcZsZ.exe
2009-04-12 07:13 . 2009-04-12 07:14 -------- dc----w C:\Arquivos de programas
2009-04-10 18:41 . 2009-04-10 18:41 -------- d-----w c:\documents and settings\All Users\Application Data\Mapi Meta Book Bits
2009-04-10 18:41 . 2009-04-10 18:45 -------- d-----w c:\documents and settings\All Users\Application Data\Messenger Plus!
2009-04-10 18:41 . 2009-04-10 18:41 -------- d-----w c:\program files\type funk camp
2009-04-10 18:41 . 2009-04-10 18:42 -------- d-----w c:\documents and settings\Ramirez.BIANCA\Application Data\type funk camp
2009-04-10 18:40 . 2009-04-22 03:57 -------- d-----w c:\program files\Circle Developemnt
2009-04-10 18:40 . 2009-04-10 18:40 -------- d-----w c:\program files\Messenger Plus! Live
2009-04-08 14:50 . 2009-04-08 14:50 -------- d-----w c:\program files\QuickTime
2009-04-08 14:32 . 2009-04-08 14:32 -------- d-sh--w c:\documents and settings\NetworkService\IETldCache
2009-04-05 18:19 . 2009-02-06 22:08 55152 ----a-w c:\windows\system32\drivers\fssfltr_tdi.sys
2009-04-05 18:13 . 2009-04-05 18:13 -------- d-----w c:\program files\Microsoft Sync Framework
2009-04-05 16:16 . 2009-04-05 16:16 -------- d-sh--w c:\windows\system32\config\systemprofile\IETldCache
2009-04-05 01:41 . 2009-04-05 01:41 -------- d-----w c:\documents and settings\Ramirez.BIANCA\Application Data\CyberLink
2009-04-05 00:19 . 2009-04-05 00:19 -------- d-----w c:\documents and settings\All Users\Application Data\CyberLink
2009-04-05 00:17 . 2009-04-05 00:17 -------- d-----w c:\program files\CyberLink

Find3M Report

2009-05-04 11:00 . 2009-04-10 18:42 282 ---ha-w c:\windows\Tasks\B12423BB9D6BDA47.job
2009-05-04 07:41 . 2004-08-26 18:08 6 ---ha-w c:\windows\Tasks\SA.DAT
2009-04-30 23:00 . 2009-01-30 23:00 51712 --sha-w c:\windows\system32\sofapohe.exe
2009-04-30 11:01 . 2009-01-30 11:01 52224 --sha-w c:\windows\system32\kosuyapu.exe
2009-04-28 23:00 . 2009-01-28 23:00 51200 --sha-w c:\windows\system32\wuwasomo.exe
2009-04-27 04:00 . 2009-01-27 04:00 51200 --sha-w c:\windows\system32\nugevozi.exe
2009-04-27 01:58 . 2009-01-22 01:42 664 ----a-w c:\windows\system32\d3d9caps.dat
2009-04-26 16:00 . 2009-01-26 16:00 51712 --sha-w c:\windows\system32\virodufe.exe
2009-04-26 02:58 . 2009-01-26 02:58 50688 --sha-w c:\windows\system32\runiwapa.exe
2009-04-26 02:21 . 2009-01-26 01:21 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-04-26 02:20 . 2009-03-26 01:10 -------- d-----w c:\program files\Ruckus Buck's Dangerous Mines
2009-04-25 03:03 . 2009-01-25 03:03 52224 --sha-w c:\windows\system32\foleleza.exe
2009-04-24 15:03 . 2009-01-24 15:03 51712 --sha-w c:\windows\system32\fulefoze.exe
2009-04-24 03:03 . 2009-01-24 03:03 51200 --sha-w c:\windows\system32\kamisiho.exe
2009-04-22 14:19 . 2009-01-22 14:19 52224 --sha-w c:\windows\system32\tuluferu.exe
2009-04-20 04:33 . 2009-03-26 01:05 420 ----a-w c:\windows\Tasks\ParetoLogic Update Version2.job
2009-04-19 22:00 . 2009-03-26 01:05 446 ----a-w c:\windows\Tasks\ParetoLogic Registration.job
2009-04-15 14:32 . 2009-01-22 00:27 284 ----a-w c:\windows\Tasks\AppleSoftwareUpdate.job
2009-04-08 14:52 . 2009-01-22 00:28 -------- d-----w c:\program files\Safari
2009-04-05 18:19 . 2009-01-22 10:17 -------- d-----w c:\program files\Windows Live
2009-04-05 00:17 . 2009-01-22 01:25 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-03 19:12 . 2009-04-03 19:12 -------- d-----w c:\program files\Venice Mystery
2009-04-03 01:24 . 2009-01-23 00:26 -------- d-----w c:\program files\Common Files\Blizzard Entertainment
2009-04-03 00:48 . 2009-04-03 00:48 -------- d-----w c:\program files\SilverCreekCommonFiles
2009-04-03 00:32 . 2009-01-23 00:26 -------- d-----w c:\program files\World of Warcraft
2009-04-02 23:24 . 2009-04-02 22:54 -------- d-----w c:\program files\SweetIM
2009-04-02 23:13 . 2009-04-02 23:13 -------- d-----w c:\program files\Microsoft Silverlight
2009-04-02 22:56 . 2009-04-02 22:56 -------- d-----w c:\program files\shARES
2009-04-02 22:56 . 2009-04-02 22:56 -------- d-----w c:\program files\Conduit
2009-04-02 22:55 . 2009-02-28 21:18 -------- d-----w c:\program files\Mozilla Firefox(2)
2009-04-02 22:55 . 2009-03-17 14:39 -------- d-----w c:\program files\Mozilla Firefox(3)
2009-04-02 22:54 . 2009-03-21 02:11 -------- d-----w c:\program files\DivX
2009-04-02 22:54 . 2009-03-30 21:35 -------- d-----w c:\program files\Chocolatier 2 - Secret Ingredients
2009-04-02 22:52 . 2009-04-02 22:15 -------- d-----w c:\program files\PremierOpinion(2)
2009-02-06 23:03 . 2009-02-06 23:03 307576 ----a-w c:\windows\WLXPGSS.SCR
2009-02-06 22:52 . 2009-02-06 22:52 49504 ----a-w c:\windows\system32\sirenacm.dll

Reg Loading Points

*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-10-08 1172792]

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"dale chic"="c:\docume~1\RAMIRE~1.BIA\APPLIC~1\TYPEFU~1\Compaim.exe" [2009-04-10 589824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSConfig"="c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-04 158208]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-04-22 1932568]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-26 13680640]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-05-04 07:47 11952 ----a-w c:\windows\system32\avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Ramirez.BIANCA^Start Menu^Programs^Startup^ChkDisk.dll]

[HKLM\~\startupfolder\C:^Documents and Settings^Ramirez.BIANCA^Start Menu^Programs^Startup^ChkDisk.lnk]
backup=c:\windows\pss\ChkDisk.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\2c03aae3
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 3
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\autochk
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISTray
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\My Web Search Bar
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Plugin
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PremierOpinion
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Logon Applicationedc

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"MyWebSearchService"=2 (0x2)
"WmiApSrv"=3 (0x3)
"winmgmt"=2 (0x2)
"WebClient"=2 (0x2)
"W32Time"=2 (0x2)
"TrkWks"=2 (0x2)
"Themes"=2 (0x2)
"TermService"=3 (0x3)
"TapiSrv"=3 (0x3)
"SwPrv"=3 (0x3)
"stisvc"=2 (0x2)
"SSDPSRV"=3 (0x3)
"spupdsvc"=2 (0x2)
"Spooler"=2 (0x2)
"SNMPTRAP"=3 (0x3)
"SNMP"=2 (0x2)
"ShellHWDetection"=2 (0x2)
"SharedAccess"=2 (0x2)
"seclogon"=2 (0x2)
"SeaPort"=2 (0x2)
"SamSs"=2 (0x2)
"RSVP"=3 (0x3)
"RDSessMgr"=3 (0x3)
"RasMan"=3 (0x3)
"RasAuto"=3 (0x3)
"ProtectedStorage"=2 (0x2)
"PolicyAgent"=2 (0x2)
"NtmsSvc"=3 (0x3)
"NtLmSsp"=3 (0x3)
"Nla"=3 (0x3)
"MSDTC"=3 (0x3)
"mnmsrvc"=3 (0x3)
"LVCOMSer"=2 (0x2)
"fsssvc"=3 (0x3)
"Fax"=2 (0x2)
"FastUserSwitchingCompatibility"=3 (0x3)
"EventSystem"=3 (0x3)
"dmserver"=3 (0x3)
"dmadmin"=3 (0x3)
"cisvc"=2 (0x2)
"aspnet_state"=3 (0x3)
"AppMgmt"=3 (0x3)
"ALG"=3 (0x3)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Ares Ultra\\Ares Ultra.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-2.3.0.7561-to-2.4.0.8089-enUS-downloader.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
May 4th, 2009, 07:53 AM
ladytinkerbell

R0 nfcepcb;nfcepcb; [x]
R4 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360]
R4 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]
R4 spupdsvc;Windows Service Pack Installer update service;c:\windows\system32\spupdsvc.exe [2009-01-07 26144]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-05-04 325896]
S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2009-05-04 108552]
S2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-04-22 908056]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-04-22 298264]
S2 fssfltr;fssfltr;c:\windows\system32\DRIVERS\fssfltr_tdi.sys [2009-02-06 55152]
S2 WUSB300NSvc;WUSB300NSvc; [x]

--- Other Services/Drivers In Memory ---

*Deregistered* - AudioSrv
*Deregistered* - avg8emc
*Deregistered* - avg8wd
*Deregistered* - BITS
*Deregistered* - Bonjour Service
*Deregistered* - Browser
*Deregistered* - CryptSvc
*Deregistered* - DcomLaunch
*Deregistered* - Dhcp
*Deregistered* - Dnscache
*Deregistered* - ERSvc
*Deregistered* - helpsvc
*Deregistered* - ImapiService
*Deregistered* - JavaQuickStarterService
*Deregistered* - lanmanserver
*Deregistered* - lanmanworkstation
*Deregistered* - LmHosts
*Deregistered* - LVPrcSrv
*Deregistered* - LVSrvLauncher
*Deregistered* - Netman
*Deregistered* - NVSvc
*Deregistered* - RpcSs
*Deregistered* - Schedule
*Deregistered* - SharedAccess
*Deregistered* - Spooler
*Deregistered* - srservice
*Deregistered* - winmgmt
*Deregistered* - wscsvc
*Deregistered* - wuauserv
*Deregistered* - WUSB300NSvc
*Deregistered* - WZCSVC
.
Contents of the 'Scheduled Tasks' folder

2009-04-15 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2009-05-04 c:\windows\Tasks\B12423BB9D6BDA47.job
- c:\docume~1\ramire~1.bia\applic~1\typefu~1\Size balm okay.exe [2009-04-10 18:41]
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)

.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.msn.com
mStart Page = hxxp://home.sweetim.com
uInternet Settings,ProxyOverride = *.local
IE: &Search - ?p=ZNman000
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: {4DCA1E08-4147-4A3D-8CA6-E095DF189FAB} - hxxp://games.bigfishgames.com/en_nightshift-legacy-the-jaguars-eye/online/Nightshift2Web.1.0.0.9.cab
DPF: {775879E2-7309-4619-BB02-AADE41F4B690} - hxxp://games.bigfishgames.com/en_dream-chronicles/online/dreamweb.1.0.0.9.cab
DPF: {D40F5876-A494-4124-8161-82625BB28C06} - hxxp://games.bigfishgames.com/en_chocolatier-2-secret-ingredients/online/Chocolatier2Web.1.0.0.10.cab
FF - ProfilePath - c:\documents and settings\Ramirez.BIANCA\Application Data\Mozilla\Firefox\Profiles\nswmlzaa.default\
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-04 07:32
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3812)
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Linksys\WUSB300N\WLService.exe
c:\program files\AVG\AVG8\avgrsx.exe.old
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\Linksys\WUSB300N\WUSB300N.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\program files\Internet Explorer\iexplore.exe
c:\program files\Internet Explorer\iexplore.exe

Completion time: 2009-05-04 7:36 - machine was rebooted
ComboFix-quarantined-files.txt 2009-05-04 11:36

Pre-Run: 129,845,981,184 bytes free
Post-Run: 129,305,616,384 bytes free
May 4th, 2009, 08:48 AM
lgbpop

I don't understand. If your computer was clean, it wouldn't prevent you from running HJT in normal mode instead of safe mode. Also, when saved to your desktop and installed from there, Combofix doesn't run from a temp file. I think you clicked Open instead of Save when given the option. Not good - if your settings are such that temp files are deleted upon reboot, your backup files may be gone.

Please run both programs again. Run Combofix first - AFTER SAVING THE INSTALLER TO YOUR DESKTOP, double-click on it to install it. Do not run HJT until after Combofix has finished. When you run HJT, please be operating in normal mode. Post both logs here when done, the Combofix log first.
May 5th, 2009, 07:02 PM
ladytinkerbell

ok, here is half of the combofix fix report:

ComboFix 09-05-05.03 - Ramirez 05/05/2009 18:47.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.382.80 [GMT -4:00]
Running from: c:\documents and settings\Ramirez.BIANCA\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\test.txt
c:\windows\system32\sofapohe.exe
c:\windows\TEMP\logishrd\LVPrcInj01.dll

.
((((((((((((((((((((((((( Files Created from 2009-04-05 to 2009-05-05 )))))))))))))))))))))))))))))))
.

2009-05-05 07:02 . 2004-08-04 19:00 221184 ----a-w c:\windows\system32\wmpns.dll
2009-04-30 23:43 . 2009-04-30 23:43 -------- d-----w c:\documents and settings\Ramirez.BIANCA\Application Data\Malwarebytes
2009-04-30 22:49 . 2009-04-30 22:53 -------- d-----w c:\program files\mickeymouse
2009-04-27 09:56 . 2009-04-06 19:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-27 09:56 . 2009-04-06 19:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-27 09:56 . 2009-04-27 09:56 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-04-27 09:56 . 2009-04-30 22:30 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-27 09:47 . 2009-04-27 09:47 -------- d-----w c:\program files\Trend Micro
2009-04-27 03:47 . 2009-04-27 03:47 -------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-04-26 21:02 . 2009-04-26 21:02 -------- d-----w c:\program files\bfgclient
2009-04-26 21:02 . 2009-04-26 21:02 -------- d-----w c:\documents and settings\All Users\Application Data\BigFishGamesCache
2009-04-26 02:52 . 2009-04-26 02:52 -------- d-----w c:\documents and settings\Ramirez.BIANCA\Application Data\Yahoo!
2009-04-26 02:52 . 2009-04-26 02:52 -------- d-----w c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-04-26 02:52 . 2009-04-26 02:52 -------- d-----w c:\program files\Yahoo!
2009-04-26 02:52 . 2009-04-26 02:52 -------- d-----w c:\program files\CCleaner
2009-04-26 02:45 . 2009-04-26 02:45 -------- d-----w c:\program files\Marcos Velasco Security
2009-04-26 02:43 . 2005-08-25 23:18 118784 ----a-w c:\windows\system32\MSSTDFMT.DLL
2009-04-26 02:43 . 2009-04-26 02:43 -------- d-----w c:\program files\SpywareBlaster
2009-04-24 03:51 . 2009-04-26 02:19 -------- d-----w c:\program files\Eusing Free Registry Cleaner
2009-04-24 03:21 . 2009-04-26 02:19 -------- d-----w c:\program files\Free Window Registry Repair
2009-04-24 03:16 . 2009-04-26 02:20 -------- d-----w c:\program files\Registry_Cleaner_Pro
2009-04-24 03:03 . 2009-04-24 03:03 -------- d-----w c:\documents and settings\Administrator\Local Settings\Application Data\Apple Computer
2009-04-24 03:03 . 2009-04-24 03:03 -------- d-----w c:\documents and settings\Administrator\Application Data\Apple Computer
2009-04-22 03:31 . 2009-05-05 16:31 -------- dc-h--w C:\$AVG8.VAULT$
2009-04-22 03:27 . 2009-05-04 07:47 11952 ----a-w c:\windows\system32\avgrsstx.dll
2009-04-22 03:27 . 2009-05-04 07:47 108552 ----a-w c:\windows\system32\drivers\avgtdix.sys
2009-04-22 03:27 . 2009-05-04 07:47 325896 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-04-22 03:27 . 2009-05-05 21:48 -------- d-----w c:\windows\system32\drivers\Avg
2009-04-22 03:27 . 2009-04-22 03:43 -------- d-----w c:\documents and settings\Ramirez.BIANCA\Application Data\AVGTOOLBAR
2009-04-22 03:27 . 2009-04-22 03:27 -------- d-----w c:\program files\AVG
2009-04-22 03:27 . 2009-05-05 22:46 -------- d-----w c:\documents and settings\All Users\Application Data\avg8
2009-04-12 07:13 . 2009-04-12 07:14 -------- dc----w C:\Arquivos de programas
2009-04-10 18:41 . 2009-05-05 22:45 -------- d-----w c:\documents and settings\All Users\Application Data\Mapi Meta Book Bits
2009-04-10 18:41 . 2009-04-10 18:45 -------- d-----w c:\documents and settings\All Users\Application Data\Messenger Plus!
2009-04-10 18:41 . 2009-04-10 18:41 -------- d-----w c:\program files\type funk camp
2009-04-10 18:41 . 2009-05-05 16:08 -------- d-----w c:\documents and settings\Ramirez.BIANCA\Application Data\type funk camp
2009-04-10 18:40 . 2009-04-22 03:57 -------- d-----w c:\program files\Circle Developemnt
2009-04-10 18:40 . 2009-04-10 18:40 -------- d-----w c:\program files\Messenger Plus! Live
2009-04-08 14:50 . 2009-04-08 14:50 -------- d-----w c:\program files\QuickTime
2009-04-08 14:32 . 2009-04-08 14:32 -------- d-sh--w c:\documents and settings\NetworkService\IETldCache

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-27 01:58 . 2009-01-22 01:42 664 ----a-w c:\windows\system32\d3d9caps.dat
2009-04-26 02:21 . 2009-01-26 01:21 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-04-26 02:20 . 2009-03-26 01:10 -------- d-----w c:\program files\Ruckus Buck's Dangerous Mines
2009-04-08 14:52 . 2009-01-22 00:28 -------- d-----w c:\program files\Safari
2009-04-05 18:19 . 2009-01-22 10:17 -------- d-----w c:\program files\Windows Live
2009-04-05 18:13 . 2009-04-05 18:13 -------- d-----w c:\program files\Microsoft Sync Framework
2009-04-05 00:17 . 2009-01-22 01:25 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-05 00:17 . 2009-04-05 00:17 -------- d-----w c:\program files\CyberLink
2009-04-03 19:12 . 2009-04-03 19:12 -------- d-----w c:\program files\Venice Mystery
2009-04-03 01:24 . 2009-01-23 00:26 -------- d-----w c:\program files\Common Files\Blizzard Entertainment
2009-04-03 00:48 . 2009-04-03 00:48 -------- d-----w c:\program files\SilverCreekCommonFiles
2009-04-03 00:32 . 2009-01-23 00:26 -------- d-----w c:\program files\World of Warcraft
2009-04-02 23:24 . 2009-04-02 22:54 -------- d-----w c:\program files\SweetIM
2009-04-02 23:13 . 2009-04-02 23:13 -------- d-----w c:\program files\Microsoft Silverlight
2009-04-02 22:56 . 2009-04-02 22:56 -------- d-----w c:\program files\shARES
2009-04-02 22:56 . 2009-04-02 22:56 -------- d-----w c:\program files\Conduit
2009-04-02 22:55 . 2009-02-28 21:18 -------- d-----w c:\program files\Mozilla Firefox(2)
2009-04-02 22:55 . 2009-03-17 14:39 -------- d-----w c:\program files\Mozilla Firefox(3)
2009-04-02 22:54 . 2009-03-21 02:11 -------- d-----w c:\program files\DivX
2009-04-02 22:54 . 2009-03-30 21:35 -------- d-----w c:\program files\Chocolatier 2 - Secret Ingredients
2009-04-02 22:52 . 2009-04-02 22:15 -------- d-----w c:\program files\PremierOpinion(2)
2009-03-06 14:44 . 2009-01-22 01:00 283648 ----a-w c:\windows\system32\pdh.dll
2009-02-20 08:30 . 2009-04-02 23:16 81920 ----a-w c:\windows\system32\ieencode.dll
2009-02-20 08:30 . 2009-01-22 01:01 659456 ----a-w c:\windows\system32\wininet.dll
2009-02-09 10:20 . 2009-01-22 01:01 399360 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 10:20 . 2009-01-22 01:00 723456 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 10:20 . 2009-01-22 01:00 714752 ----a-w c:\windows\system32\ntdll.dll
2009-02-09 10:20 . 2009-01-22 00:57 616960 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 10:19 . 2009-01-22 01:01 1846272 ----a-w c:\windows\system32\win32k.sys
2009-02-06 23:03 . 2009-02-06 23:03 307576 ----a-w c:\windows\WLXPGSS.SCR
2009-02-06 22:52 . 2009-02-06 22:52 49504 ----a-w c:\windows\system32\sirenacm.dll
2009-02-06 22:08 . 2009-04-05 18:19 55152 ----a-w c:\windows\system32\drivers\fssfltr_tdi.sys
2009-02-06 17:24 . 2009-01-22 01:00 2180480 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-06 17:14 . 2009-01-22 01:01 110592 ----a-w c:\windows\system32\services.exe
2009-02-06 16:54 . 2009-01-22 01:01 35328 ----a-w c:\windows\system32\sc.exe
2009-02-06 16:49 . 2009-01-22 01:04 2057728 ----a-w c:\windows\system32\ntkrnlpa.exe
.
May 5th, 2009, 07:04 PM
ladytinkerbell

[COLOR="Blue"]ok, now here is more of the combofix report:/COLOR]

((((((((((((((((((((((((((((( SnapShot@2009-05-04_11.32.29 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-05-05 22:50 . 2009-05-05 22:50 16384 c:\windows\Temp\Perflib_Perfdata_744.dat
+ 2009-05-05 22:46 . 2009-05-05 22:46 16384 c:\windows\Temp\Perflib_Perfdata_348.dat
+ 2009-05-05 22:51 . 2009-05-05 22:51 16384 c:\windows\Temp\Perflib_Perfdata_338.dat
- 2009-01-22 01:01 . 2004-08-04 19:00 55808 c:\windows\system32\secur32.dll
+ 2009-01-22 01:01 . 2009-02-03 20:08 55808 c:\windows\system32\secur32.dll
- 2009-01-22 01:01 . 2008-10-16 10:37 39424 c:\windows\system32\pngfilt.dll
+ 2009-01-22 01:01 . 2009-02-20 08:30 39424 c:\windows\system32\pngfilt.dll
- 2004-08-26 16:12 . 2009-05-04 07:46 61410 c:\windows\system32\perfc009.dat
+ 2004-08-26 16:12 . 2009-05-05 22:46 61410 c:\windows\system32\perfc009.dat
+ 2009-01-22 01:00 . 2008-06-12 14:16 91648 c:\windows\system32\mtxoci.dll
+ 2009-01-22 01:00 . 2008-06-12 14:16 66560 c:\windows\system32\mtxclu.dll
- 2009-01-22 01:00 . 2006-03-01 19:42 66560 c:\windows\system32\mtxclu.dll
- 2009-01-22 01:00 . 2004-08-04 19:00 58880 c:\windows\system32\msdtclog.dll
+ 2009-01-22 01:00 . 2008-06-12 14:16 58880 c:\windows\system32\msdtclog.dll
+ 2009-01-22 00:59 . 2009-02-20 08:30 16384 c:\windows\system32\jsproxy.dll
- 2009-01-22 00:59 . 2008-10-16 10:37 16384 c:\windows\system32\jsproxy.dll
+ 2009-01-22 00:59 . 2009-02-20 08:30 96256 c:\windows\system32\inseng.dll
- 2009-01-22 00:59 . 2008-10-16 10:37 96256 c:\windows\system32\inseng.dll
- 2004-08-26 10:54 . 2009-01-23 09:01 93480 c:\windows\system32\FNTCACHE.DAT
+ 2004-08-26 10:54 . 2009-05-05 07:10 93480 c:\windows\system32\FNTCACHE.DAT
+ 2009-01-22 00:59 . 2009-02-20 08:30 55808 c:\windows\system32\extmgr.dll
- 2009-01-22 00:59 . 2008-10-16 10:37 55808 c:\windows\system32\extmgr.dll
+ 2009-01-22 01:01 . 2009-02-03 20:08 55808 c:\windows\system32\dllcache\secur32.dll
- 2009-01-22 01:01 . 2004-08-04 19:00 55808 c:\windows\system32\dllcache\secur32.dll
+ 2009-01-22 01:01 . 2009-02-06 16:54 35328 c:\windows\system32\dllcache\sc.exe
- 2009-01-22 01:01 . 2008-10-16 10:37 39424 c:\windows\system32\dllcache\pngfilt.dll
+ 2009-01-22 01:01 . 2009-02-20 08:30 39424 c:\windows\system32\dllcache\pngfilt.dll
+ 2009-01-22 01:00 . 2008-06-12 14:16 91648 c:\windows\system32\dllcache\mtxoci.dll
+ 2009-01-22 01:00 . 2008-06-12 14:16 66560 c:\windows\system32\dllcache\mtxclu.dll
- 2009-01-22 01:00 . 2006-03-01 19:42 66560 c:\windows\system32\dllcache\mtxclu.dll
+ 2009-01-22 01:00 . 2008-06-12 14:16 58880 c:\windows\system32\dllcache\msdtclog.dll
- 2009-01-22 01:00 . 2004-08-04 19:00 58880 c:\windows\system32\dllcache\msdtclog.dll
+ 2009-01-22 00:59 . 2009-02-20 08:30 16384 c:\windows\system32\dllcache\jsproxy.dll
- 2009-01-22 00:59 . 2008-10-16 10:37 16384 c:\windows\system32\dllcache\jsproxy.dll
- 2009-01-22 00:59 . 2008-10-16 10:37 96256 c:\windows\system32\dllcache\inseng.dll
+ 2009-01-22 00:59 . 2009-02-20 08:30 96256 c:\windows\system32\dllcache\inseng.dll
- 2009-04-02 23:16 . 2004-08-04 19:00 81920 c:\windows\system32\dllcache\ieencode.dll
+ 2009-04-02 23:16 . 2009-02-20 08:30 81920 c:\windows\system32\dllcache\ieencode.dll
- 2009-01-22 00:59 . 2008-10-15 09:45 18432 c:\windows\system32\dllcache\iedw.exe
+ 2009-01-22 00:59 . 2009-02-19 09:58 18432 c:\windows\system32\dllcache\iedw.exe
- 2009-01-22 00:59 . 2008-10-16 10:37 55808 c:\windows\system32\dllcache\extmgr.dll
+ 2009-01-22 00:59 . 2009-02-20 08:30 55808 c:\windows\system32\dllcache\extmgr.dll
- 2006-10-16 10:21 . 2008-10-15 14:00 351744 c:\windows\system32\xpsp3res.dll
+ 2006-10-16 10:21 . 2009-02-19 09:47 351744 c:\windows\system32\xpsp3res.dll
- 2009-01-22 01:01 . 2004-08-04 19:00 351232 c:\windows\system32\winhttp.dll
+ 2009-01-22 01:01 . 2008-12-16 12:47 351232 c:\windows\system32\winhttp.dll
+ 2009-01-22 01:01 . 2009-02-06 16:39 227840 c:\windows\system32\wbem\wmiprvse.exe
+ 2009-01-22 01:01 . 2009-02-09 10:20 453120 c:\windows\system32\wbem\wmiprvsd.dll
+ 2009-01-22 00:59 . 2009-02-09 10:20 473088 c:\windows\system32\wbem\fastprox.dll
+ 2009-01-22 01:01 . 2009-02-20 08:30 616448 c:\windows\system32\urlmon.dll
- 2009-01-22 01:01 . 2008-10-16 10:37 474112 c:\windows\system32\shlwapi.dll
+ 2009-01-22 01:01 . 2009-02-20 08:30 474112 c:\windows\system32\shlwapi.dll
+ 2009-01-22 01:01 . 2008-12-05 07:12 144896 c:\windows\system32\schannel.dll
- 2009-01-22 01:01 . 2007-04-25 14:21 144896 c:\windows\system32\schannel.dll
+ 2004-08-26 16:12 . 2009-05-05 22:46 397448 c:\windows\system32\perfh009.dat
- 2004-08-26 16:12 . 2009-05-04 07:46 397448 c:\windows\system32\perfh009.dat
- 2009-01-22 01:00 . 2008-10-16 10:37 532480 c:\windows\system32\mstime.dll
+ 2009-01-22 01:00 . 2009-02-20 08:30 532480 c:\windows\system32\mstime.dll
- 2009-01-22 01:00 . 2008-10-16 10:37 146432 c:\windows\system32\msrating.dll
+ 2009-01-22 01:00 . 2009-02-20 08:30 146432 c:\windows\system32\msrating.dll
- 2009-01-22 01:00 . 2008-10-16 10:37 449024 c:\windows\system32\mshtmled.dll
+ 2009-01-22 01:00 . 2009-02-20 08:30 449024 c:\windows\system32\mshtmled.dll
+ 2009-01-22 01:00 . 2008-06-12 14:16 161792 c:\windows\system32\msdtcuiu.dll
+ 2009-01-22 01:00 . 2008-06-12 14:16 956928 c:\windows\system32\msdtctm.dll
+ 2009-01-22 01:00 . 2008-06-12 14:16 428032 c:\windows\system32\msdtcprx.dll
+ 2009-01-22 00:59 . 2009-03-21 14:18 986112 c:\windows\system32\kernel32.dll
- 2009-01-22 00:59 . 2008-10-16 10:37 251392 c:\windows\system32\iepeers.dll
+ 2009-01-22 00:59 . 2009-02-20 08:30 251392 c:\windows\system32\iepeers.dll
+ 2009-01-22 00:59 . 2009-02-20 08:30 205312 c:\windows\system32\dxtrans.dll
- 2009-01-22 00:59 . 2008-10-16 10:37 205312 c:\windows\system32\dxtrans.dll
+ 2009-01-22 00:59 . 2009-02-20 08:30 357888 c:\windows\system32\dxtmsft.dll
- 2009-01-22 00:59 . 2008-10-16 10:37 357888 c:\windows\system32\dxtmsft.dll
+ 2009-01-22 01:01 . 2008-04-21 10:02 215552 c:\windows\system32\dllcache\wordpad.exe
+ 2009-01-22 01:01 . 2009-02-06 16:39 227840 c:\windows\system32\dllcache\wmiprvse.exe
+ 2009-01-22 01:01 . 2009-02-09 10:20 453120 c:\windows\system32\dllcache\wmiprvsd.dll
- 2009-01-22 01:01 . 2008-10-16 10:37 659456 c:\windows\system32\dllcache\wininet.dll
+ 2009-01-22 01:01 . 2009-02-20 08:30 659456 c:\windows\system32\dllcache\wininet.dll
+ 2009-01-22 01:01 . 2008-12-16 12:47 351232 c:\windows\system32\dllcache\winhttp.dll
- 2009-01-22 01:01 . 2004-08-04 19:00 351232 c:\windows\system32\dllcache\winhttp.dll
+ 2009-01-22 01:01 . 2009-02-20 08:30 616448 c:\windows\system32\dllcache\urlmon.dll
+ 2009-01-22 01:01 . 2009-02-20 08:30 474112 c:\windows\system32\dllcache\shlwapi.dll
- 2009-01-22 01:01 . 2008-10-16 10:37 474112 c:\windows\system32\dllcache\shlwapi.dll
+ 2009-01-22 01:01 . 2009-02-06 17:14 110592 c:\windows\system32\dllcache\services.exe
- 2009-01-22 01:01 . 2007-04-25 14:21 144896 c:\windows\system32\dllcache\schannel.dll
+ 2009-01-22 01:01 . 2008-12-05 07:12 144896 c:\windows\system32\dllcache\schannel.dll
+ 2009-01-22 01:01 . 2009-02-09 10:20 399360 c:\windows\system32\dllcache\rpcss.dll
+ 2009-01-22 01:00 . 2009-03-06 14:44 283648 c:\windows\system32\dllcache\pdh.dll
- 2009-01-22 01:00 . 2004-08-04 19:00 283648 c:\windows\system32\dllcache\pdh.dll
+ 2004-08-26 16:12 . 2009-02-09 10:20 714752 c:\windows\system32\dllcache\ntdll.dll
+ 2009-01-22 01:00 . 2009-02-20 08:30 532480 c:\windows\system32\dllcache\mstime.dll
- 2009-01-22 01:00 . 2008-10-16 10:37 532480 c:\windows\system32\dllcache\mstime.dll
- 2009-01-22 01:00 . 2008-10-16 10:37 146432 c:\windows\system32\dllcache\msrating.dll
+ 2009-01-22 01:00 . 2009-02-20 08:30 146432 c:\windows\system32\dllcache\msrating.dll
+ 2009-01-22 01:00 . 2009-02-20 08:30 449024 c:\windows\system32\dllcache\mshtmled.dll
- 2009-01-22 01:00 . 2008-10-16 10:37 449024 c:\windows\system32\dllcache\mshtmled.dll
+ 2009-01-22 01:00 . 2008-06-12 14:16 161792 c:\windows\system32\dllcache\msdtcuiu.dll
+ 2009-01-22 01:00 . 2008-06-12 14:16 956928 c:\windows\system32\dllcache\msdtctm.dll
+ 2009-01-22 01:00 . 2008-06-12 14:16 428032 c:\windows\system32\dllcache\msdtcprx.dll
+ 2009-01-22 01:00 . 2009-02-09 10:20 723456 c:\windows\system32\dllcache\lsasrv.dll
+ 2009-01-22 00:59 . 2009-03-21 14:18 986112 c:\windows\system32\dllcache\kernel32.dll
+ 2009-01-22 00:59 . 2009-02-20 08:30 251392 c:\windows\system32\dllcache\iepeers.dll
- 2009-01-22 00:59 . 2008-10-16 10:37 251392 c:\windows\system32\dllcache\iepeers.dll
+ 2009-01-22 00:59 . 2009-02-09 10:20 473088 c:\windows\system32\dllcache\fastprox.dll
- 2009-01-22 00:59 . 2008-10-16 10:37 205312 c:\windows\system32\dllcache\dxtrans.dll
+ 2009-01-22 00:59 . 2009-02-20 08:30 205312 c:\windows\system32\dllcache\dxtrans.dll
+ 2009-01-22 00:59 . 2009-02-20 08:30 357888 c:\windows\system32\dllcache\dxtmsft.dll
- 2009-01-22 00:59 . 2008-10-16 10:37 357888 c:\windows\system32\dllcache\dxtmsft.dll
- 2009-01-22 00:58 . 2008-10-16 10:37 151040 c:\windows\system32\dllcache\cdfview.dll
+ 2009-01-22 00:58 . 2009-02-20 08:30 151040 c:\windows\system32\dllcache\cdfview.dll
+ 2009-01-22 00:57 . 2009-02-09 10:20 616960 c:\windows\system32\dllcache\advapi32.dll
- 2009-01-22 00:57 . 2004-08-04 19:00 616960 c:\windows\system32\dllcache\advapi32.dll
+ 2009-01-22 00:58 . 2009-02-20 08:30 151040 c:\windows\system32\cdfview.dll
- 2009-01-22 00:58 . 2008-10-16 10:37 151040 c:\windows\system32\cdfview.dll
+ 2009-01-22 01:01 . 2008-07-03 13:16 8454656 c:\windows\system32\shell32.dll
- 2009-01-22 01:01 . 2007-10-26 03:36 8454656 c:\windows\system32\shell32.dll
+ 2009-01-22 01:01 . 2009-03-02 23:52 1495552 c:\windows\system32\shdocvw.dll
+ 2009-01-22 01:01 . 2008-12-20 22:43 1287680 c:\windows\system32\quartz.dll
- 2009-01-22 01:01 . 2008-05-07 05:18 1287680 c:\windows\system32\quartz.dll
+ 2009-01-22 01:00 . 2009-02-20 08:30 3059712 c:\windows\system32\mshtml.dll
+ 2009-01-22 01:01 . 2009-02-09 10:19 1846272 c:\windows\system32\dllcache\win32k.sys
+ 2009-01-22 01:01 . 2008-07-03 13:16 8454656 c:\windows\system32\dllcache\shell32.dll
- 2009-01-22 01:01 . 2007-10-26 03:36 8454656 c:\windows\system32\dllcache\shell32.dll
+ 2009-01-22 01:01 . 2009-03-02 23:52 1495552 c:\windows\system32\dllcache\shdocvw.dll
- 2009-01-22 01:01 . 2008-05-07 05:18 1287680 c:\windows\system32\dllcache\quartz.dll
+ 2009-01-22 01:01 . 2008-12-20 22:43 1287680 c:\windows\system32\dllcache\quartz.dll
+ 2009-01-23 07:00 . 2009-02-06 17:24 2180480 c:\windows\system32\dllcache\ntoskrnl.exe
- 2009-01-23 06:59 . 2008-08-14 09:22 2015744 c:\windows\system32\dllcache\ntkrpamp.exe
+ 2009-01-23 06:59 . 2009-02-06 16:49 2015744 c:\windows\system32\dllcache\ntkrpamp.exe
- 2009-01-23 06:59 . 2008-08-14 09:22 2057728 c:\windows\system32\dllcache\ntkrnlpa.exe
+ 2009-01-23 06:59 . 2009-02-06 16:49 2057728 c:\windows\system32\dllcache\ntkrnlpa.exe
- 2009-01-23 07:00 . 2008-08-14 09:58 2136064 c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2009-01-23 07:00 . 2009-02-06 17:22 2136064 c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2009-01-22 01:00 . 2009-02-20 08:30 3059712 c:\windows\system32\dllcache\mshtml.dll
+ 2009-01-22 00:58 . 2009-02-20 08:30 1054208 c:\windows\system32\dllcache\danim.dll
- 2009-01-22 00:58 . 2008-10-16 10:37 1054208 c:\windows\system32\dllcache\danim.dll
- 2009-01-22 00:58 . 2008-10-16 10:37 1023488 c:\windows\system32\dllcache\browseui.dll
+ 2009-01-22 00:58 . 2009-02-20 08:30 1023488 c:\windows\system32\dllcache\browseui.dll
- 2009-01-22 00:58 . 2008-10-16 10:37 1054208 c:\windows\system32\danim.dll
+ 2009-01-22 00:58 . 2009-02-20 08:30 1054208 c:\windows\system32\danim.dll
- 2009-01-22 00:58 . 2008-10-16 10:37 1023488 c:\windows\system32\browseui.dll
+ 2009-01-22 00:58 . 2009-02-20 08:30 1023488 c:\windows\system32\browseui.dll
+ 2005-03-02 00:59 . 2009-02-06 17:24 2180480 c:\windows\Driver Cache\i386\ntoskrnl.exe
+ 2005-03-02 00:34 . 2009-02-06 16:49 2015744 c:\windows\Driver Cache\i386\ntkrpamp.exe
- 2005-03-02 00:34 . 2008-08-14 09:22 2015744 c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2005-03-02 00:34 . 2009-02-06 16:49 2057728 c:\windows\Driver Cache\i386\ntkrnlpa.exe
- 2005-03-02 00:34 . 2008-08-14 09:22 2057728 c:\windows\Driver Cache\i386\ntkrnlpa.exe
- 2005-03-02 00:57 . 2008-08-14 09:58 2136064 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2005-03-02 00:57 . 2009-02-06 17:22 2136064 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2009-01-22 01:01 . 2008-11-11 22:34 10838016 c:\windows\system32\wmp.dll
+ 2009-01-22 01:01 . 2008-11-11 22:34 10838016 c:\windows\system32\dllcache\wmp.dll.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-10-08 1172792]

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"ares"="c:\program files\Ares\Ares.exe" [2008-12-13 882176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-05-04 1947928]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-26 13680640]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-26 136600]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-03 32768]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-26 86016]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-02-13 2196240]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-02-13 564496]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\soundman.exe [2006-01-11 577536]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-12-26 1657376]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-05-04 07:47 11952 ----a-w c:\windows\system32\avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Ramirez.BIANCA^Start Menu^Programs^Startup^ChkDisk.dll]

[HKLM\~\startupfolder\C:^Documents and Settings^Ramirez.BIANCA^Start Menu^Programs^Startup^ChkDisk.lnk]
backup=c:\windows\pss\ChkDisk.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"MyWebSearchService"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Ares Ultra\\Ares Ultra.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-2.3.0.7561-to-2.4.0.8089-enUS-downloader.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [4/21/2009 11:27 PM 325896]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [4/21/2009 11:27 PM 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [4/21/2009 11:27 PM 908568]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [4/21/2009 11:27 PM 298776]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [4/5/2009 2:19 PM 55152]
R2 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [1/14/2009 5:53 PM 226656]
R2 WUSB300NSvc;WUSB300NSvc;c:\program files\Linksys\WUSB300N\WLService.exe [1/22/2009 2:39 AM 53307]
S0 nfcepcb;nfcepcb;c:\windows\system32\drivers\qpaz.sys --> c:\windows\system32\drivers\qpaz.sys [?]
S3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [2/6/2009 6:08 PM 533360]
.
Contents of the 'Scheduled Tasks' folder

2009-04-15 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
May 5th, 2009, 07:05 PM
ladytinkerbell

ok, and the last of the combofix report:
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-dale chic - c:\docume~1\RAMIRE~1.BIA\APPLIC~1\TYPEFU~1\Compaim.exe
HKLM-Run-yupofukane - c:\windows\system32\fiboduzu.dll
HKLM-Run-CPM2f30997f - c:\windows\system32\meyufivi.dll
HKLM-Run-BOOK BITS GRID FORD - c:\documents and settings\All Users\Application Data\Mapi Meta Book Bits\poll trust.exe

.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.msn.com
mStart Page = hxxp://home.sweetim.com
uInternet Settings,ProxyOverride = *.local
IE: &Search - ?p=ZNman000
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: {4DCA1E08-4147-4A3D-8CA6-E095DF189FAB} - hxxp://games.bigfishgames.com/en_nightshift-legacy-the-jaguars-eye/online/Nightshift2Web.1.0.0.9.cab
DPF: {775879E2-7309-4619-BB02-AADE41F4B690} - hxxp://games.bigfishgames.com/en_dream-chronicles/online/dreamweb.1.0.0.9.cab
DPF: {D40F5876-A494-4124-8161-82625BB28C06} - hxxp://games.bigfishgames.com/en_chocolatier-2-secret-ingredients/online/Chocolatier2Web.1.0.0.10.cab
FF - ProfilePath - c:\documents and settings\Ramirez.BIANCA\Application Data\Mozilla\Firefox\Profiles\nswmlzaa.default\
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-05 18:51
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(7872)
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\snmp.exe
c:\program files\Linksys\WUSB300N\WUSB300N.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\rundll32.exe
c:\program files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
c:\program files\Java\jre6\bin\jucheck.exe
.
**************************************************************************
.
Completion time: 2009-05-05 18:57 - machine was rebooted
ComboFix-quarantined-files.txt 2009-05-05 22:57
ComboFix2.txt 2009-05-04 11:36

Pre-Run: 128,984,944,640 bytes free
Post-Run: 128,983,281,664 bytes free

373 --- E O F --- 2009-05-05 07:03
May 5th, 2009, 07:06 PM
ladytinkerbell

and here is the HJT report:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:06:29 PM, on 5/5/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Linksys\WUSB300N\WLService.exe
C:\Program Files\Linksys\WUSB300N\WUSB300N.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Safari\Safari.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
R3 - URLSearchHook: shARES Toolbar - {9c905b42-976e-43c1-bc30-fc5937017909} - C:\Program Files\shARES\tbshAR.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Search - ?p=ZNman000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/Driver...sysreqlab3.cab
O16 - DPF: {4DCA1E08-4147-4A3D-8CA6-E095DF189FAB} (CPlayFirstNightshiftControl Object) - http://games.bigfishgames.com/en_nig...eb.1.0.0.9.cab
O16 - DPF: {775879E2-7309-4619-BB02-AADE41F4B690} (CPlayFirstdreamControl Object) - http://games.bigfishgames.com/en_dre...eb.1.0.0.9.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O16 - DPF: {D40F5876-A494-4124-8161-82625BB28C06} (CPlayFirstChocolatieControl Object) - http://games.bigfishgames.com/en_cho...b.1.0.0.10.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: WUSB300NSvc - Unknown owner - C:\Program Files\Linksys\WUSB300N\WLService.exe

--
End of file - 8670 bytes
May 6th, 2009, 03:02 PM
lgbpop
Good work - your computer's looking better now. You have a couple of folders I'm curious about, though. To be more precise, I'm curious about what created them. Please go to Control Panel | Folder Options and, under the View tab:
- Check the radio button next to Show hidden files and folders
- Uncheck Hide protected operating system files (recommended)
Click Apply and OK your way out.

Next, go to the two locations below and let me know the properties of these two folders:
1. C:\Program Files\type funk camp
2. C:\Documents and Settings\Ramirez.BIANCA\Application Data\type funk camp
Anything you can find, like the company that created them, when, file size, etc. will help. If there are a lot of files in the folders, let me know that as well. Depending on what you find out, we may remove them as well.

Other thing you can do for now is go to Control Panel | Add/Remove Programs and uninstall all those registry cleaners I saw listed (Eusing Free Registry Cleaner, Free Window Registry Repair, Registry Cleaner Pro, etc.). That will unclutter your machine a bit.
May 7th, 2009, 12:40 AM
ladytinkerbell

Ok, first, the answer to your curiosity.....
In the properties for the first one it says....
GENERAL TAB

TYPE: File Folder
LOCATION: C:\Program Files
SIZE: 0 bytes
SIZE ON DISK: 0 bytes
CONTAINS: 0 Files. 0 Folders
CREATED: Friday, April 10, 2009, 2:41:21 PM

Other than that, couldn't get any other info, but for sure, I didn't create that file (not on purpose) so not sure where it came from. Do you need me to scan it???

OK, on to the second one....
well as it so happens I can't find that one???? I went through my computer, to docs and settings to Ramirez.BIANCA and the only files in here are:
COOKIES
DESKTOP
FAVORITES
MY DOCUMENTS
START MENU
TRACING
USERDATA
WINDOWS
NTUSER

so I went to search and searched first the whole file address you gave me, and came up with nothing, and then did a search with only "type funk camp"and still got nothing...what does that mean?????

ok, and I have uninstalled all of those reg. cleaners. Now all I have left are Mayware bytes and Hijack this and AVG.....are there any others I should have??

I ALSO JUST WANTED TO SAY, THANK YOU SOOOOO MUCH! HEHE, I KNOW I SAY IT LIKE A MILLION TIMES, BUT REALLY I AM BEYOND GRATEFUL!!!

so, now what? lol:D

Show 40 post(s) from this thread on one page